Encryption by Heart (EbH)-Using ECG for time-invariant symmetric key generation

Wearable devices are a part of Internet-of-Things (IoT) that may offer valuable data of their porting user. This paper explores the use of ElectroCardioGram (ECG) records to encrypt user data. Previous attempts have shown that ECG can be taken as a basis for key generation. However, these approaches do not consider time-invariant keys. This feature enables using these so-created keys for symmetrically encrypting data (e.g. smartphone pictures), enabling their decryption using the key derived from the current ECG readings. This paper addresses this challenge by proposing EbH, a mechanism for persistent key generation based on ECG. EbH produces seeds from which encryption keys are generated. Experimental results over 24 h for 199 users show that EbH, under certain settings, can produce permanent seeds (thus time-invariant keys) computed on-the-fly and different for each user up to 95.97% of users produce unique keys. In addition, EbH can be tuned to produce seeds of different length (up to 300 bits) and with variable min-entropy (up to 93.51). All this supports the workability of EbH in a real setting. (C) 2017 Elsevier B.V. All rights reserved.Funding: This work was supported by the MINECO grants TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and TIN2016-79095-C2-2-R (SMOG-DEV); by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER); and by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain (J. M. de Fuentes and L. Gonzalez-Manzano grants). Data used for this research was provided by the Telemetric and ECG Warehouse (THEW) of University of Rochester, NY

Biometric encryption based on a fuzzy vault scheme with a fast chaff generation algorithm

Fuzzy vault is a scheme that complements traditional cryptographic security systems by combining it with biometric authentication to overcome the security vulnerability inherent in cryptographic key storage. Biometric encryption systems based on fuzzy vault scheme are suitable for stand-alone security and authentication devices in the form of system-on-chip (SoC). However, the current fuzzy vault scheme has too many compute-intensive processes to make this feasible for SoC implementation. The most critical but compute-intensive function in the fuzzy vault scheme is the chaff generation which produces noise (chaff) points that hide the valid points inside the vault template. In this paper, we propose a new chaff generation algorithm which is computationally fast and viable for hardware acceleration by employing simple arithmetic operations. Complexity study shows that our algorithm has a complexity of O(n2), which is a significant improvement over the existing method that exhibits O(n3) complexity. Our experimental results show that, to generate 500 chaff points, the proposed algorithm gives a performance speed-up of over 140 times over existing Clancy's algorithm. With the new chaff generation algorithm, it becomes much more amenable to implement the fuzzy vault scheme in the resource-constrained environment of system-on-chip

Biometric encryption based on a fuzzy vault scheme with a fast chaff generation algorithm

Fuzzy vault is a scheme that complements traditional cryptographic security systems by combining it with biometric authentication to overcome the security vulnerability inherent in cryptographic key storage. Biometric encryption systems based on fuzzy vault scheme are suitable for stand-alone security and authentication devices in the form of system-on-chip (SoC). However, the current fuzzy vault scheme has too many compute-intensive processes to make this feasible for SoC implementation. The most critical but compute-intensive function in the fuzzy vault scheme is the chaff generation which produces noise (chaff) points that hide the valid points inside the vault template. In this paper, we propose a new chaff generation algorithm which is computationally fast and viable for hardware acceleration by employing simple arithmetic operations. Complexity study shows that our algorithm has a complexity of O(n), which is a significant improvement over the existing method that exhibits O(n) complexity. Our experimental results show that, to generate 500 chaff points, the proposed algorithm gives a performance speed-up of over 140 times over existing Clancy’s algorithm. With the new chaff generation algorithm, it becomes much more amenable to implement the fuzzy vault scheme in the resource-constrained environment of system-on-chip

Securing Cloud Storage by Transparent Biometric Cryptography

With the capability of storing huge volumes of data over the Internet, cloud storage has become a popular and desirable service for individuals and enterprises. The security issues, nevertheless, have been the intense debate within the cloud community. Significant attacks can be taken place, the most common being guessing the (poor) passwords. Given weaknesses with verification credentials, malicious attacks have happened across a variety of well-known storage services (i.e. Dropbox and Google Drive) – resulting in loss the privacy and confidentiality of files. Whilst today's use of third-party cryptographic applications can independently encrypt data, it arguably places a significant burden upon the user in terms of manually ciphering/deciphering each file and administering numerous keys in addition to the login password. The field of biometric cryptography applies biometric modalities within cryptography to produce robust bio-crypto keys without having to remember them. There are, nonetheless, still specific flaws associated with the security of the established bio-crypto key and its usability. Users currently should present their biometric modalities intrusively each time a file needs to be encrypted/decrypted – thus leading to cumbersomeness and inconvenience while throughout usage. Transparent biometrics seeks to eliminate the explicit interaction for verification and thereby remove the user inconvenience. However, the application of transparent biometric within bio-cryptography can increase the variability of the biometric sample leading to further challenges on reproducing the bio-crypto key. An innovative bio-cryptographic approach is developed to non-intrusively encrypt/decrypt data by a bio-crypto key established from transparent biometrics on the fly without storing it somewhere using a backpropagation neural network. This approach seeks to handle the shortcomings of the password login, and concurrently removes the usability issues of the third-party cryptographic applications – thus enabling a more secure and usable user-oriented level of encryption to reinforce the security controls within cloud-based storage. The challenge represents the ability of the innovative bio-cryptographic approach to generate a reproducible bio-crypto key by selective transparent biometric modalities including fingerprint, face and keystrokes which are inherently noisier than their traditional counterparts. Accordingly, sets of experiments using functional and practical datasets reflecting a transparent and unconstrained sample collection are conducted to determine the reliability of creating a non-intrusive and repeatable bio-crypto key of a 256-bit length. With numerous samples being acquired in a non-intrusive fashion, the system would be spontaneously able to capture 6 samples within minute window of time. There is a possibility then to trade-off the false rejection against the false acceptance to tackle the high error, as long as the correct key can be generated via at least one successful sample. As such, the experiments demonstrate that a correct key can be generated to the genuine user once a minute and the average FAR was 0.9%, 0.06%, and 0.06% for fingerprint, face, and keystrokes respectively. For further reinforcing the effectiveness of the key generation approach, other sets of experiments are also implemented to determine what impact the multibiometric approach would have upon the performance at the feature phase versus the matching phase. Holistically, the multibiometric key generation approach demonstrates the superiority in generating the bio-crypto key of a 256-bit in comparison with the single biometric approach. In particular, the feature-level fusion outperforms the matching-level fusion at producing the valid correct key with limited illegitimacy attempts in compromising it – 0.02% FAR rate overall. Accordingly, the thesis proposes an innovative bio-cryptosystem architecture by which cloud-independent encryption is provided to protect the users' personal data in a more reliable and usable fashion using non-intrusive multimodal biometrics.Higher Committee of Education Development in Iraq (HCED