May 28, 2013

Bioinformatics

Tittle: Combining Cryptography with Biometrics for Enhanced Security
Authors: SP.Venkatachalam, P.Muthu Kannan y V.Palanisamy

In the past few years of computer security, biometrics has been used for various types of security problems. The uniqueness of biometrics for any human being makes the identification system more secure. Biometrics is widely used in person identification and verification. The combnation of cryptography with biometrics is a new research area. This technique proves to be more secure than conventional cryptography. This article is about biometric encryption or biometric cryptography approaches and algorithms which use various biometric data.

Conventional cryptography uses encryption keys, which are just bit strings usually 128 bit long. These keys, either “symmetric,” “public,” or “private,” are an essential part of any cryptosystem. A person cannot memorize a long random key, so that the key is generated, after several steps, from a password or a PIN that can be memorized and often made by the user. The password management is the weakest point of any cryptosystem, as the password can be guessed, found with a brute force search, or stolen by an attacker. On the other hand, biometrics provides a person with unique characteristics which are always there. biometric images or templates are variable by nature. An obvious role of biometrics in the conventional cryptosystem is just password management.

The key must be stored in a secure location, this scheme is still prone to the security vulnerabilities, becuase the biometric system and the application are connected via one bit only. Biometric templates stored in a database can be encrypted by conventional cryptographic, this would improve the level of system security, if an attacker gain the access to the encryption keys first. However, there still ome issues because the the database is controlled by a custodian.


User-based cryptographic keys

Cryptographic systems require a secret key or a random number which must be tied to an individual through an identifier. This identifier indeed could be a globally unique user id or biometric data. Generating userID-based key or random number is straightforward and the techniques could easily be found in literature. But generating user-based cryptographic keys includes several of approaches.


User-dependent Key Generation

In cryptography, pseudorandom numbers are generated these numbers can be used directly as a key or adjusted with user-dependent data like an user ID or biometric data. In order to make the key depends on a specific user, two ways could be applied:
  • First the key generation algorithm could be modified by using the userdependent data.
  • Second the pseudorandom number could be modified. This modification is accomplished using a front-end or back-end approach, in which the pseudorandom numbers are treated as intermediate values and processed further.
Biometric template of user is denoted by T which is a t-bit value. The aim of the authors is to generate an n-bit-long random number or key K, using T.

To generate pseudo random numbers are neccesary, some of them are:

Method 1

This method is based on pairing the biometric data with random numbers. The seed value of the pseudo random number generator consists of a secret random value R and T. In order to eliminate any structure
of a complex function f is applied, so the seed value is defined by seed=f(R, T) where f is the one-to-one mixing function.

Method 2 

In this method R and T are inputs to a more complex function that generates an n-bit pseudorandom number S which could be used directly as a key or as an input to key generation algorithm. The algorithm is as follows:
  • Generate a secret pseudorandom number R by using a generator.
  • Let Z=H(R,T) || H(R+1,T) || H(R+2,T) || ... || H(R+a,T)
    where a=[n/h]-1. Here H is a strong collision-resistance oneway hash function. H generates an h bit output from any length input. The symbol “||” denotes the concatenation operation. 
  • Let S be n specific bits of Z like the leftmost bit.
In practice this method is designed for the user to store the value of R and generate S from R and T on demand. S might be an encryption key; in this case, R might be encrypted and stored within a cryptographic subsystem.

Method 3 

In this method R and T are combined via a simple XOR function to generate an n-bit secret pseudorandom number S. The algorithm is as follows: 
  • Let Z=H(R,T) || H(R+1,T) || H(R+2,T) || ... || H(R+a,T)
    where a=[n/h]-1. 
  • Xn specific bits of Z. 
  • R = n-bit secret pseudorandom number, where R is either specified by the system or generated in his step using a generator.
  • S = R (XOR) X.


Method 4

Due to the hash function collision probability the previous three methods do not guarantee that a key or random number derived for a user will be unique. The probability of two users ending up with the same pseudorandom number is still present and will be quite small if n and h are chosen to be large. 

In this method, the user can prove or can't deny that a key is one belonging to his/her designated space of keys or random numbers. It is assume that the value to be generated is n-bit long where (n > t). The algorithm is a two step process:
  • Divide the space (2n) into 2t subspaces.
  • Choose n-bit value at random from the user’s subspace. The first step of the algorithm is realized by taking the first t bits from the biometric data representation and allow the remaining n - t bits to take any value.

Biometric Encryption Algorithm 

For encription in the biometric part it can be use:

Correlation

This algorithm uses the entire image instead of using a feature based approach. In order to present the biometric input a correlation mechanism is applied. The correlation between the input image and the obtained image during the verification phase is formally defined as, where, FT is the Fourier Transform and F denotes the transformed image. is usually represented by a filter function H(u) and is used as a biometric template. This filter function produces a distinctive correlation peak at the output of the system.

The process of correlation is used as a mechanism for linking and retrieving the digital key. The process of the Biometric Encryption does not extract a simple True/False system it produces a more sophisticated output pattern which is linked during enrolment with a digital key and subsequently regenerated during verification to retrieve the same key. The filter function consistently produces the same output pattern for a legitimate user and tolerant to distortions present in the input image. Storing only the phase of the filter function H(u), satisfies the security requirement for biometric encryption. The magnitude of H(u) is necessary for the discrimination and distortion tolerance properties.

Enrollment

Enrollment phase contains three stages.

  • Stage E-1
This stage is responsible for combining a series of input fingerprint images with a random phase array to create two output arrays: Hstored(u) and c0(x).

The objective of this stage is to generate an output pattern to be passed to stage E-2, as well as to generate the stored filter function.

Image Processing at Stage E-1

  • Stage E-2
This second stage links a cryptographic key, k0, to the pattern c0(x), via the link algorithm.

This stage is responsible for linking the output pattern with an n-bit key. In this algorithm a lookup table is created and stored for use in key retrieval during verification. Link algorithm first comprises a selection of a portion, then the real and imaginary components of the cropped portion are concatenated to form an enrollment template according to their position in the portion. All these values are stored in a table after they are binarized by a threshold scheme. Then is selected for example  L bits from the template to represent each of the n key bits.

    Key link algorithm
  • Stage E-3
Finally at this stage the algorithm creates an identification code, id0, derived from the key k0.

The method used for key validation is based on encrypting S bits of data by using the input n-bit key k0, then the encrypted text is hashed by a one-way hash function to create an identification code, which then will be stored.

Overview of the enrollment process

Verification

This session is symmetric to the enrollment session with respect to the linking and retrieving of the digital key. Verification also has three stages:
V-1 - some image processing is applied to combine Hstored(u), from the Bioscrypt, with a new series of input fingerprint images to create an out pattern c1(x).
V-2 - key k1 is retrieved by the retrieval algorithm this key is validated by creating a new identification code, id1 and comparing it with id0. As in enrollment, a set of fingerprints are acquired from the user and Fourier transforms are performed on the images. By using the Hstored(u) retrieved from the Bioscrypt, an output pattern is calculated and passed to the second stage of verification. The key retrieval algorithm takes the output pattern c1(x) and create a binarized verification template.
Overview of the retrieval algorithm

V-3 - The key k1 is released if and only if it precisely matches k0. Although the Biometric Encryption algorithm is first developed for the image type biometric templates it could be easily adapted to the other biometrics as well. Biometric encryption provides convenient and secure widespread use of biometric cryptographic systems.


Using keystroke dynamics for security

In order to generate stronger passwords which can not be easily found, a technique based on keystroke dynamics could be proposed. A stronger password might be generated by using the password’s textual characteristics and the user’s typing patterns. This hardened password then might be used as a cryptographic key.

Keystrokes as a Biometric Cryptographic key 

Legitimate user’s typing patterns consist of durations and latencies between keystrokes. In this scheme these properties are combined to generate a hardened password, but there are several problems in such a system like:
  • Identify typing features that the user reliably repeats 
  • Use these features when the user types her password to generate the correct hardened password.
If an attacker learns the durations and latencies which are reliably repeated by the user, this will be a catastrophic end. 

This technique improves the hardened password over time by adapting itself to the user’s typing patterns.


Keystroke Patterns for Computer Access Security.

Keystroke patterns are used for authenticating a user. Keystroke rhythms are a method that tries to understand individual’s behaviour. In this method biometric data is assigned to a vector which carries all well-known values of the property. By using a minimum-distance classifier, it will be easy to make a decision by finding the distance between the test pattern and the templates of each individual which are previously determined after a training phase. The main steps are:

  • First, parameters of users’ keystroke are collected using a login form and stored in a database. 
  • Next, is the validation step where the users’ parameters are processed by an efficient validation algorithm. Also new parameters are generated. 
  • Then, is the decision making step, new values calculated during the validation phase are transferred to a decision function. In this step user is accepted or rejected. 
  • Finally, the parameters belong to the successful login are updated in the database. 
The system learns user’s keystroke dynamics. Keystroke patterns are low-cost user-specific data especially for biometric authentication and cryptography and it should be noted that they are usually difficult to detect and analyze.

Cryptographic keys generater from voice

Human voice is a good biometric to generate a cryptographic key. The authors focus on focus on a way of generating a key upon its user speaking a chosen password to it.

The keys must be unguessable by attackers and reproducible by intended parties when needed to perform cryptographic operations. For the goal of unguessability, one solution is in which a user utters a password to his/her device and that device would generate a key. Repeated utterance of the same password by the same
user would improve the security of the key after successful matches with his/her previous recorded utterances.


Generating Feature Descriptors from Voice

The algorithm in "Using voice to generate cryptographic keys: A position paper" by F. Monrose, M. K. Reiter, Q. Li and S. Wetzel; represents a user utterance as a sequence of frames, each of which is a 12-dimensional vector of cepstral coefficients characterizing a 30 milliseconds window of the utterance. After the voice is captured, some endpoint detection, silence removal and cepstrum mean subtraction are applied and then speaker and text independent acoustic model is used to segment the sequence of frames into m portions.

The previuos algorithm is as follows:

  • For each segment find the centroid in the acoustic model that yields the highest likelihood score for the model. 
  • Use the Viterbi algorithm to compute a new segmentation with ‘m’ segments that maximizes the product of segment likelihoods relative to the centroids chosen in the previous step.

Segmentation

Conclusion

In this article are presented a general overview of using biometrics for security purposes and several algorithms that allow users to generate cryptographic keys and random numbers based on their unique biometric information.

Biometrics offer many advantages over current authentication methods, because they are convenient for users and cannot be forgotten or shared between users. They are particularly attractive for use with single sign-on systems, as both the benefits and the costs of the biometric system can be shared across multiple domains. Furthermore, developers of single sign-on systems are realizing that in order to be successful, they must be able to prove that an account belongs to a live person. On the other hand, the need for cryptographic keys and random numbers highly increases by the growing concern over the possible attacks based on the generation of values that lie within a certain undesirable interval or satisfy some other properties that favour the attacker. This article is focused on the trademark encryption algorithm proposed by Mytec Technologies named as Biometric Encryption and Bioscrypt. This method does not propose a two-stage scheme, which first authenticates the user and releases the key. Instead the key is linked with the biometric data during the enrollment phase and later is retrieved at the verification phase. This scheme also uses the image-type patterns and does not present a feature-based representation method because of the prevention of data loss during the extraction. Biometric Encryption could be applied to any biometric image or an array consisting of biometric features.

Using voice instead of keystroke dynamics is another biometric-based cryptography method. This biometric security system uses a similar approach as presented previously in keystroke-based biometric cryptosystem, except for the feature extraction and key generation phases. This algorithm uses cepstral coefficients as voice features and uses Viterbi algorithm to strengthen the key.

Personal Conclusions

Separately the biometrics and cryptography have many vulnerabilities, such keys can be guessed by brute force mechanisms and man in the middle.

Another problem occurs when users choose passwords that are easy or simple when encrypt remain vulnerable.

By combining these two technologies yields a more secure system because even if one of the keys to decrypt would yet another to decipher. Also if you use the encryption using keystrokes or voice encryption this adds more complexity to break the system.

The use of biometrics along with other areas makes you get more robust and complete systems, even if biometrics is still an area that has several faults or is still under investigation.

References

No comments:

Post a Comment