Biometrics based Cryptosystem Design
Cryptosystem A mechanism using which one can encode an information content to an incomprehensible form and also recover the original content when desired. Biometrics Biometrics is the science and technology of authentication (i.e. establishing the identity of an individual) by measuring the subject person's physiological or behavioral features.
Motivation Normally used cryptosystems have a number of associated inconveniences and problems such as User needs to remember passwords could be forgotten. User has to carry smart cards could be lost or stolen. Problem of non-repudiation The user who generated the cryptic message can easily deny his involvement Biometrics is a solution to these problems
Difficulties in using Biometrics Non-repeatability Every time one obtains a biometric, its value is not exactly the same as that obtained before. Limited Number Easily Accessible to public
Biometric used & Feature Extraction Fingerprints are used as a key to our cryptosystem Features are extracted using a set of gabor filters applied on all the elements of a tessellated fingerprint.
Gabor Feature Extraction Reference Point Location Divide the fingerprint image, into non-overlapping blocks Compute the intensity gradients using sobel operator Estimate the local orientation as Compute E, an image containing only the sine component of O
Initialize ’A’, a label image used to indicate the reference point Find the maximum value in ’A’ and assign its coordinate to the reference point. Repeat steps by using a window size of w’×w’, where w’<w to get a fine estimate The different sizes taken are 5, 10 and 15 pixels
Sector-Wise Normalization Tessellate fingerprint image into sectors and normalize pixels in each sector as: Gabor Filters where f is the frequency, and are the space constants fig
Each sector is filtered using gabor filters for four different values of θ in {0,45,90,135} the feature value, V iθ, is the average absolute deviation from the mean defined as where n i is the number of pixels in S i and P iθ is the mean of pixel values of F iθ (x, y) Finally a feature vector is generated whose elements have value in the range 0-255
Addressing problems associated with using biometrics
Limited number & Open to public Transform the Biometric Features into a new set of features using a Secure Transformation No. of bio-keys=No. of Transformations Added security since transformation function is kept secret Secure Transformation should have some desirable qualities Range of value of elements of feature vector should not vary non uniformly
Secure Transformation Transformation matrix is generated using a set of random numbers. Feature vector to be transformed is converted to matrix form and convolved with the Transformation matrix to get the Secure Features. Fingerprint Features in Matrix Form Random Kernel Secure Fingerprint Features
Non-Repeatability Usual cryptosystems fail with biometrics since each time one obtains a biometric, its value is not exactly the same as that obtained before. There is a high probability that a person is not able to decipher the message encrypted using biometrics Modified Fuzzy Vault Scheme is used instead of usual cryptosystem.
Modified Fuzzy Vault Scheme Fuzzy Vault A secret message ‘M’ is encrypted into a fuzzy vault ‘V’ using another data ‘A’ ‘M’ can be decrypted using a data ‘B’ sufficiently close to ‘A’ Creation of Fuzzy Vault The secret message ‘M’ is the Document of length k. Data ‘A’ is the biometric template.
‘M’ is encoded using the Reed-Solomon codes to ‘C’ of length n=2 t -1 RS codes have error correcting capacity of (n-k)/2 where k is the length of ‘M’ n triplets are formed such that a randomly chosen position(1,2or3) say Position (i) of the i th triplet is the i th number from code ‘C’ and the other two numbers are randomly chosen. Call the triplet Locking Set 1 Another n triplets are formed such that i th triplet contains i th biometric element at Position(i) The other two elements are such that they form an arithmetic progression with distance=FV_tolerance Call it Locking Set 2
Unlocking the Fuzzy Vault Using the biometric, find the Position(i) Position(i) is the position of the element in i th triplet in Locking Set 2 which is closest to i th biometric element Find value at Position(i) in the Locking Set 1, this should be the i th value of the Reed-Solomon code. Decode the Reed-Solomon code to obtain the message.
Non-Repudiability Since Fuzzy Vault is Symmetric Cryptosystem, the encryption key is same as decryption key. Causes a set-back in terms of non-repudiability Solution Encryption module has its own set of encryption and decryption keys. Created Fuzzy Vault is encrypted by the module whose decryption key is made public. No possibility of creation of fuzzy vault outside Encryption Module using the key.
Invariant Features Invariant feature I of data d for a transformation T is the feature such that: Invariant features are used instead of biometrics. Transformed biometric is sent Actual biometric is secure Same key serves for different cryptosystems by changing the set of Invariants. Key to hierarchical security
Permutation used as Transformation Values of elements are not changed Invariant Feature is the increasing order of the feature elements Hierarchical Security Message can be encoded with different security levels Receivers with a key for security level higher than the encryption security are able to decode. Implemented by doing binary subdivision of the Secure Feature and evaluating Invariant Features for each division. Increasing order of first 2k permuted elements is same as increasing order of join of first k permuted elements and next k permuted elements.
Complete System Design The complete system is implemented in MATLAB. SERVER -RSA Field & Decr. Key for Each module MODULE1 -Encr. Key -Secure Tr. For Each user USER1USER2 MODULE2 -Encr. Key -Secure Tr. For Each user USER1 MODULE3 -Encr. Key -Secure Tr. For Each user USER1USER2
System Initialization Each Module is initialized with its RSA keys and Field and is added to the Server. Decryption key and Field are registered with server Each user is added to a module User’s Secure Transformation and Identity are registered with the module.
Document Sending Calculate Gabor Features of the fingerprint Transform the Fingerprint Features to get Secure Fingerprint Features Generate and RSA cryptosystem(32 bit in our case) randomly having Field n Encryption Key e Decryption Key d Divide the document into chunks of appropriate length(2 in our case) such that the numeric equivalent of each chunk is less than n for the encryption to work properly. Pad the message if required. Encrypt the document using e
Each digit of the number d is considered as an 8-bit character to be secured in the fuzzy vault Append random digits to d such that its length becomes 255-2*Permissible_Error Find the invariant features corresponding to the desired security level to create Modified Fuzzy Vault Encrypt Modified Fuzzy Vault using Module Encryption Key Send the Encrypted Modified Fuzzy Vault, the Encrypted Document, Security Level, Module Id, User identity, the padded values, n and the length of d
Encryption Biometric Features Secure Transformation Secure Features Invariant Extraction Invariant Feature Invariant Feature Document Key Fuzzy Vault Modified Fuzzy Vault Encryption Algorithm Fuzzy Vault Module Encryption Encrypted Fuzzy Vault
Document Receiving Find the invariant features corresponding to the Security Level Decrypt the Modified Fuzzy Vault using module Decryption Key Open the Modified Fuzzy Vault using the invariant features to get d Obtain the actual d taking only the first desired digits Decrypt the Document using n and d to get the Document
Decryption KEY Document key Invariant Extraction Invariant Feature Modified Fuzzy Vault Decryption Algorithm Encrypted Fuzzy Vault Module Encryption Fuzzy Vault
Results obtained using this cryptosystem FAR and FRR for Modified Fuzzy Vault FV_tol. FAR (%) FRR (%) FV_tol. FAR (%) FRR (%)