Cryptographic Key generation using Sclera and Finger Print: Proposed Method

Need for information security and privacy is increasing in recent times. Cryptography is intended to ensure the secrecy and authenticity of the message. The long cryptographic keys are very difficult to remember also protecting its confidentiality is one of the major issues to be deal with. These problems can be solved by integrating Biometrics with cryptography. Since biometric identifiers are unique to individuals, they are more reliable in verifying and identifying than knowledge based methods. Biometrics based authentication systems are progressively acquiring more attention in the field of research. Conventional techniques depend upon biometric features like face, fingerprint, iris, voice etc. In this paper we propose a method for cryptographic key generation fusing Finger print and Sclera

Key Generation from Multibiometric System Using Meerkat Algorithm

Biometrics are short of revocability and privacy while cryptography cannot adjust the user’s identity. By obtaining cryptographic keys using biometrics, one can obtain the features such as revocability, assurance about user’s identity, and privacy. Multi-biometrical based cryptographic key generation approach has been proposed, subsequently, left and right eye and ear of a person are uncorrelated from one to other, and they are treated as two independent biometrics and combine them in our system. None-the-less, the encryption keys are produced with the use of an approach of swarm intelligence. Emergent collective intelligence in groups of simple autonomous agents is collectively termed as a swarm intelligence. The Meerkat Clan Key Generation Algorithm (MCKGA) is a method for the generation of a key stream for the encryption of the plaintext. This method will reduce and distribute the number of keys. Testing of system, it was found that the keys produced by the characteristics of the eye are better than the keys produced by the characteristics of the ear. The advantages of our approach comprise generation of strong and unique keys from users’ biometric data using MCKGA and it is faster and accurate in terms of key generation

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

Cryptographic key generation using handwritten signature

M. Freire-Santos ; J. Fierrez-Aguilar ; J. Ortega-Garcia; "Cryptographic key generation using handwritten signature", Biometric Technology for Human Identification III, Proc. SPIE 6202 (April 17, 2006); doi:10.1117/12.665875. Copyright 2006 Society of Photo‑Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited.Proceedings of the III Biometric Technology for Human Identification (Orlando, Florida, USA)Based on recent works showing the feasibility of key generation using biometrics, we study the application of handwritten signature to cryptography. Our signature-based key generation scheme implements the cryptographic construction named fuzzy vault. The use of distinctive signature features suited for the fuzzy vault is discussed and evaluated. Experimental results are reported, including error rates to unlock the secret data by using both random and skilled forgeries from the MCYT database.This work has been supported by Spanish MCYT TIC2003-08382-C05-01 and by European Commission IST-2002-507634 Biosecure NoE projects

Biometric cryptosystem using online signatures

Biometric cryptosystems combine cryptography and biometrics to benefit from the strengths of both fields. In such systems, while cryptography provides high and adjustable security levels, biometrics brings in non-repudiation and eliminates the need to remember passwords or to carry tokens etc. In this work we present a biometric cryptosystems which uses online signatures, based on the Fuzzy Vault scheme of Jules et al. The Fuzzy Vault scheme releases a previously stored key when the biometric data presented for verification matches the previously stored template hidden in a vault. The online signature of a person is a behavioral biometric which is widely accepted as the formal way of approving documents, bank transactions, etc. As such, biometric-based key release using online signatures may have many application areas. We extract minutiae points (trajectory crossings, endings and points of high curvature) from online signatures and use those during the locking & unlocking phases of the vault. We present our preliminary results and demonstrate that high security level (128 bit encryption key length) can be achieved using online signatures

THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system

In this paper, we propose a new biometric verification and template protection system which we call the THRIVE system. The system includes novel enrollment and authentication protocols based on threshold homomorphic cryptosystem where the private key is shared between a user and the verifier. In the THRIVE system, only encrypted binary biometric templates are stored in the database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during the authentication stage. The THRIVE system is designed for the malicious model where the cheating party may arbitrarily deviate from the protocol specification. Since threshold homomorphic encryption scheme is used, a malicious database owner cannot perform decryption on encrypted templates of the users in the database. Therefore, security of the THRIVE system is enhanced using a two-factor authentication scheme involving the user's private key and the biometric data. We prove security and privacy preservation capability of the proposed system in the simulation-based model with no assumption. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form but she needs to proof her physical presence by using biometrics. The system can be used with any biometric modality and biometric feature extraction scheme whose output templates can be binarized. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biohash vectors on a desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real life applications