BIOMETRIC-BASED CRYPTOGRAPHY SYSTEMS

In crypto-biometric system (CBS), biometric is combined with cryptography. In CBS, either accessing a cryptographic key is controlled with biometric or the key is generated from biometric features. This work is related to the latter approach in CBS. In such a system, protecting the privacy of the biometric data is an important concern. Further, there is a need to generate different cryptographic keys from the same biometric template of a user. Cancellable transformation of biometric data prior to the key generation is known as a solution. In this paper, we propose an approach to generate cryptographic key from cancellable fingerprint templates (CT) of sender and receiver to ensure the privacy of the fingerprints and at the same time, it produces revocable key for the application of symmetric cryptography. The between-person variability of CTs guarantees the randomness which ensures that impostor users are not able to generate a genuine CT to break the cryptographic key.

Recently, biometric data have been integrated with cryptography to make stronger crypto- graphic systems called crypto-biometric systems (CBSs). In a CBS, cryptographic keys are linked with users' biometric data so that a large cryptographic key need not be memorized. In this paper, we introduce a key-exchange protocol using the biometric data of the sender and receiver. Users enrol their biometric data in a central server, and a communication session between enrolled users is established through the central server. A user generates a cryptographic key randomly and shares it with another user using a biometrics-based cryptographic construction. The cryptographic framework is constructed using the biometric data of two communicating users so that they may share a session key. In our protocol, the privacy of the biometric data is preserved for both the sender and the receiver.

With the advancement of Cloud computing technology, the demand for remote service access is increasing exponentially. To ensure a secure access, a number of authentication protocols such as Kerberos, OAuth, OpenID etc. have been evolved in recent times. However, these protocols have their own limitations. The major drawback with these protocols is that they are password based (i.e. follow token, ticket or private key) and users' credentials need to be stored in a database server located remotely. Further, these protocol require a number of keys to be shared among different entities in the authentication system, which either need to be stored or generate from one session to another. In this paper, we have addressed the above-mentioned concerns and proposed a biometric-based authentication protocol to provide a secure access to a remote server. In our proposed approach, we consider biometric data of a user as a credential. We derive a unique identity from the user’s biometric data, which is used to generate the user’s private key. In addition to this, we propose an elegant approach to generate a session key using two biometric templates for a secure message transmission between two communicating parties. Further, with the proposed session key, we lay down an approach to mutually authenticate two communication parties for a secure communication. The advantages of our approach are that we do not store the user's private key anywhere and a session key is generated without sharing any prior information. We have conducted a number of experiments to substantiate the efficacy of our proposed approach.

The traditional digital data security mechanisms follow either cryptography or authentication. The primary point of contention with these mechanisms remains either memorizing or securely storing the user's credentials. The proposed work addresses this critical issue by presenting a fingerprint biometric-based mechanism to protect users' digitized documents. In our approach, biometric features are extracted from the user's fingerprint captured with a fingerprint biometric sensor. The extracted features are then used to generate a unique code utilizing the convolution coding principle. This unique code is further used to generate a cryptographic key for encryption and decryption of the user's document. A sedulous investigation to our approach which includes experimentation with a variety of standard fingerprint images as the database starkly reveals a staggering 95.12% true positive and 0% as false negative. Further, the advantages of our approach are that it generates a unique key for each user and eliminates the storage of any biometric template or key. In addition, it is faster and accurate enough to develop any robust data storage security system.

In data storage security, it is essential that no one can access data other than the owner. Several mechanisms have been proposed to ensure this. In general, mechanisms use private key as a password to authenticate a user or cryptographic key to encrypt data. The problem with these techniques is that owner should remember the private key or maintain cryptographic key in a database. It may be noted that key storage poses another security threat. In this paper, we have addressed this concern and propose biometric-based data encryption strategy. In our proposed approach, we consider a biometric data for a user from which we extract statistical features. These feature vectors are then used to generate a cryptographic key. We encrypt user's data with this cryptographic key. Ciphertexts are stored as a combination of encrypted text and codeword which is user's biometric features encoded with Reed Solomon encoding. Prior to decryption, user is validated with newly captured feature and the codeword. Decryption follows the generation of key from the features stored in codeword. We have experimented our approach with a number of standard fingerprint image databases. The experimental results substantiate that on the average 99.27% users have successfully done encryption and decryption using biocrypto key. The advantages of our approach are that it generates unique biometric based cryptographic key, the storage of neither templates nor keys are required, it is faster and accurate in terms of key generation. In the context of emerging Cloud computing, our proposed approach can be effectively applied to secure data storage in Cloud.

With the diminutive maintenance cost, Cloud computing provides an economical and ingenious solution for disseminating and sharing group resource(s) (e.g. data) among collaborative users. However, sharing data in a multi-owner manner and rapid alteration in group membership, privacy and preservation of data in an untrusted Cloud, has turned out to be a challenging task. Of late, a couple of mechanisms have been anticipated to address this. In general, mechanisms use pre-computed group member id or group private key to access shared data in Cloud. The problem with these techniques is that a group member should remember the group-oriented credentials (e.g. group key) or maintain it in his database. Further, the manipulation of membership (i.e., inclusion, revocation or migration), in fact, rely on many subsequent and dependent steps, which are computationally inflated. In this exertion, we have addressed these concerns and proposed a multi-party authentication mechanism for Cloud data access. In our approach, we deliberate a biometric data for a user as an access permit. We investigate the generation of group permits for each user belongs to a group using their biometric data. During an authentication phase, a newly captured biometric data is used to corroborate the group membership in the Cloud. The major challenges namely the generation of group key for each member in the group and manipulation of group members without changing the other group credentials in real time have been addressed in this work.