1 / 27

Biometrics based Cryptosystem Design

Biometrics based Cryptosystem Design. Cryptosystem A mechanism using which one can encode an information content to an incomprehensible form and also recover the original content when desired. Biometrics

ita
Download Presentation

Biometrics based Cryptosystem Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Biometrics based Cryptosystem Design

  2. Cryptosystem A mechanism using which one can encode an information content to an incomprehensible form and also recover the original content when desired. Biometrics Biometrics is the science and technology of authentication (i.e. establishing the identity of an individual) by measuring the subject person's physiological or behavioral features.

  3. Motivation Normally used cryptosystems have a number of associated inconveniences and problems such as • User needs to remember passwords • could be forgotten. • User has to carry smart cards • could be lost or stolen. • Problem of non-repudiation • The user who generated the cryptic message can easily deny his involvement Biometrics is a solution to these problems

  4. Difficulties in using Biometrics • Non-repeatability • Every time one obtains a biometric, its value is not exactly the same as that obtained before. • Limited Number • Easily Accessible to public

  5. Biometric used & Feature Extraction • Fingerprints are used as a key to our cryptosystem • Features are extracted using a set of gabor filters applied on all the elements of a tessellated fingerprint.

  6. Gabor Feature Extraction Reference Point Location • Divide the fingerprint image, into non-overlapping blocks • Compute the intensity gradients using sobel operator • Estimate the local orientation as • Compute E, an image containing only the sine component of O

  7. Initialize ’A’ , a label image used to indicate the reference point • Find the maximum value in ’A’ and assign its coordinate to the reference point. • Repeat steps by using a window size of w’×w’ , where w’<wto get a fine estimate • The different sizes taken are 5, 10 and 15 pixels

  8. Sector-Wise Normalization Tessellate fingerprint image into sectors and normalize pixels in each sector as: Gabor Filters where f is the frequency, and are the space constants fig

  9. Each sector is filtered using gabor filters for four different values of θ in {0,45,90,135} • the feature value, Viθ, is the average absolute deviation from the mean defined as where ni is the number of pixels in Si and Piθ is the mean of pixel values of Fiθ(x, y) • Finally a feature vector is generated whose elements have value in the range 0-255

  10. Addressing problems associated with using biometrics

  11. Limited number & Open to public • Transform the Biometric Features into a new set of features using a Secure Transformation • No. of bio-keys=No. of Transformations • Added security since transformation function is kept secret • Secure Transformation should have some desirable qualities • Range of value of elements of feature vector should not vary non uniformly

  12. Secure Transformation • Transformation matrix is generated using a set of random numbers. • Feature vector to be transformed is converted to matrix form and convolved with the Transformation matrix to get the Secure Features. Fingerprint Features in Matrix Form Random Kernel Secure Fingerprint Features

  13. Non-Repeatability • Usual cryptosystems fail with biometrics since each time one obtains a biometric, its value is not exactly the same as that obtained before. • There is a high probability that a person is not able to decipher the message encrypted using biometrics • Modified Fuzzy Vault Scheme is used instead of usual cryptosystem.

  14. Modified Fuzzy Vault Scheme • Fuzzy Vault • A secret message ‘M’ is encrypted into a fuzzy vault ‘V’ using another data ‘A’ • ‘M’ can be decrypted using a data ‘B’ sufficiently close to ‘A’ • Creation of Fuzzy Vault • The secret message ‘M’ is the Document of length k. • Data ‘A’ is the biometric template.

  15. ‘M’ is encoded using the Reed-Solomon codes to ‘C’ of length n=2t-1 • RS codes have error correcting capacity of (n-k)/2 where k is the length of ‘M’ • n triplets are formed such that a randomly chosen position(1,2or3) say Position (i) of the ith triplet is the ith number from code ‘C’ and the other two numbers are randomly chosen. • Call the triplet Locking Set 1 • Another n triplets are formed such that • ith triplet contains ith biometric element at Position(i) • The other two elements are such that they form an arithmetic progression with distance=FV_tolerance • Call it Locking Set 2

  16. Unlocking the Fuzzy Vault • Using the biometric, find the Position(i) • Position(i) is the position of the element in ith triplet in Locking Set 2 which is closest to ith biometric element • Find value at Position(i) in the Locking Set 1, this should be the ith value of the Reed-Solomon code. • Decode the Reed-Solomon code to obtain the message.

  17. Non-Repudiability • Since Fuzzy Vault is Symmetric Cryptosystem, the encryption key is same as decryption key. • Causes a set-back in terms of non-repudiability • Solution • Encryption module has its own set of encryption and decryption keys. • Created Fuzzy Vault is encrypted by the module whose decryption key is made public. • No possibility of creation of fuzzy vault outside Encryption Module using the key.

  18. Invariant Features • Invariant feature I of data d for a transformation T is the feature such that: • Invariant features are used instead of biometrics. • Transformed biometric is sent • Actual biometric is secure • Same key serves for different cryptosystems by changing the set of Invariants. • Key to hierarchical security

  19. Permutation used as Transformation • Values of elements are not changed • Invariant Feature is the increasing order of the feature elements • Hierarchical Security • Message can be encoded with different security levels • Receivers with a key for security level higher than the encryption security are able to decode. • Implemented by doing binary subdivision of the Secure Feature and evaluating Invariant Features for each division. • Increasing order of first 2k permuted elements is same as increasing order of join of first k permuted elements and next k permuted elements.

  20. Complete System Design The complete system is implemented in MATLAB.

  21. System Initialization • Each Module is initialized with its RSA keys and Field and is added to the Server. • Decryption key and Field are registered with server • Each user is added to a module • User’s Secure Transformation and Identity are registered with the module.

  22. Document Sending • Calculate Gabor Features of the fingerprint • Transform the Fingerprint Features to get Secure Fingerprint Features • Generate and RSA cryptosystem(32 bit in our case) randomly having • Field n • Encryption Key e • Decryption Key d • Divide the document into chunks of appropriate length(2 in our case) such that the numeric equivalent of each chunk is less than n for the encryption to work properly. Pad the message if required. • Encrypt the document using e

  23. Each digit of the number d is considered as an 8-bit character to be secured in the fuzzy vault • Append random digits to d such that its length becomes 255-2*Permissible_Error • Find the invariant features corresponding to the desired security level to create Modified Fuzzy Vault • Encrypt Modified Fuzzy Vault using Module Encryption Key • Send the Encrypted Modified Fuzzy Vault, the Encrypted Document, Security Level, Module Id, User identity, the padded values, n and the length of d

  24. Biometric Features Secure Features Invariant Feature Secure Transformation Invariant Extraction Invariant Feature Document Key Fuzzy Vault Modified Fuzzy Vault Encryption Algorithm Fuzzy Vault Encrypted Fuzzy Vault Module Encryption Encryption

  25. Document Receiving • Find the invariant features corresponding to the Security Level • Decrypt the Modified Fuzzy Vault using module Decryption Key • Open the Modified Fuzzy Vault using the invariant features to get d • Obtain the actual d taking only the first desired digits • Decrypt the Document using n and d to get the Document

  26. Decryption KEY Invariant Feature Invariant Extraction Document key Modified Fuzzy Vault Decryption Algorithm Encrypted Fuzzy Vault Fuzzy Vault Module Encryption

  27. Results obtained using this cryptosystem FAR and FRR for Modified Fuzzy Vault

More Related