Cryptographic key generation using handwritten signature

M. Freire-Santos ; J. Fierrez-Aguilar ; J. Ortega-Garcia; "Cryptographic key generation using handwritten signature", Biometric Technology for Human Identification III, Proc. SPIE 6202 (April 17, 2006); doi:10.1117/12.665875. Copyright 2006 Society of Photo‑Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited.Proceedings of the III Biometric Technology for Human Identification (Orlando, Florida, USA)Based on recent works showing the feasibility of key generation using biometrics, we study the application of handwritten signature to cryptography. Our signature-based key generation scheme implements the cryptographic construction named fuzzy vault. The use of distinctive signature features suited for the fuzzy vault is discussed and evaluated. Experimental results are reported, including error rates to unlock the secret data by using both random and skilled forgeries from the MCYT database.This work has been supported by Spanish MCYT TIC2003-08382-C05-01 and by European Commission IST-2002-507634 Biosecure NoE projects

Fuzzy Vault scheme based on fixed-length templates applied to dynamic signature verification

As a consequence of the wide deployment of biometrics-based recognition systems, there are increasing concerns about the security of the sensitive information managed. Various techniques have been proposed in the literature for the biometric templates protection (BTP), having gained great popularity the crypto-biometric systems. In the present paper we propose the implementation of a Fuzzy Vault (FV) scheme based on fixed-length templates with application to dynamic signature verification (DSV), where only 15 global features of the signature are considered to form the templates. The performance of the proposed system is evaluated using three databases: a proprietary collection of signatures, and the publicly available databases MCYT and BioSecure. The experimental results show very similar verification performance compared to an equivalent unprotected system.This work was supported by the Spanish National Cybersecurity Institute (INCIBE) through the Excellence of Advanced Cybersecurity Research Teams Program

A schema for cryptographic keys generation using hybrid biometrics

Biometric identifiers refer to unique physical properties or behavioural attributes of individuals. Some of the well known biometric identifiers are voice, finger prints, retina or iris, facial structure etc. In our daily interaction with others directly or indirectly, we implicitly use biometrics to know, distinguish and trust people. Biometric identifiers represent the concept of "who a person is" by gathering vital characteristics that don't correspond to any other person. The human brain to some extent is able to ascertain disparities or variation in certain physical attributes and yet verify the authenticity of a person. But this is difficult to be implemented in electronic systems due to the intense requirements of artificial decision making and hard-coded logic. This paper examines the possibility of using a combination of biometric attributes to overcome common problems in having a single biometric scheme for authentication. It also investigates possible schemes and features to deal with variations in Biometric attributes. The material presented is related to ongoing research by the Computer Communications Research Group at Leeds Metropolitan University. We use this paper as a starting step and as a plan for advanced research. It offers ideas and proposition for implementing hybrid biometrics in conjunction with cryptography. This is work in progress and is in a very preliminary stage

Privacy-Preserving Population-Enhanced Biometric Key Generation from Free-Text Keystroke Dynamics

Biometric key generation techniques are used to reliably generate cryptographic material from biometric signals. Existing constructions require users to perform a particular activity (e.g., type or say a password, or provide a handwritten signature), and are therefore not suitable for generating keys continuously. In this paper we present a new technique for biometric key generation from free-text keystroke dynamics. This is the first technique suitable for continuous key generation. Our approach is based on a scaled parity code for key generation (and subsequent key reconstruction), and can be augmented with the use of population data to improve security and reduce key reconstruction error. In particular, we rely on linear discriminant analysis (LDA) to obtain a better representation of discriminable biometric signals. To update the LDA matrix without disclosing user's biometric information, we design a provably secure privacy-preserving protocol (PP-LDA) based on homomorphic encryption. Our biometric key generation with PP-LDA was evaluated on a dataset of 486 users. We report equal error rate around 5% when using LDA, and below 7% without LDA

Body language, security and e-commerce

Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations

A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems

Biometric research is directed increasingly towards Wearable Biometric Systems (WBS) for user authentication and identification. However, prior to engaging in WBS research, how their operational dynamics and design considerations differ from those of Traditional Biometric Systems (TBS) must be understood. While the current literature is cognizant of those differences, there is no effective work that summarizes the factors where TBS and WBS differ, namely, their modality characteristics, performance, security and privacy. To bridge the gap, this paper accordingly reviews and compares the key characteristics of modalities, contrasts the metrics used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks and defenses for TBS and WBS. It further discusses how these factors affect the design considerations for WBS, the open challenges and future directions of research in these areas. In doing so, the paper provides a big-picture overview of the important avenues of challenges and potential solutions that researchers entering the field should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the fundamental differences between TBS and WBS before understanding the core challenges associated with WBS and its design

Personal Authentication System Based Iris Recognition with Digital Signature Technology

Authentication based on biometrics is being used to prevent physical access to high-security institutions. Recently, due to the rapid rise of information system technologies, Biometrics are now being used in applications for accessing databases and commercial workflow systems. These applications need to implement measures to counter security threats.  Many developers are exploring and developing novel authentication techniques to prevent these attacks. However, the most difficult problem is how to keep biometric data while maintaining the practical performance of identity verification systems. This paper presents a biometrics-based personal authentication system in which a smart card, a Public Key Infrastructure (PKI), and iris verification technologies are combined. Raspberry Pi 4 Model B+ is used as the core of hardware components with an IR Camera. Following that idea, we designed an optimal image processing algorithm in OpenCV/ Python, Keras, and sci-kit learn libraries for feature extraction and recognition is chosen for application development in this project. The implemented system gives an accuracy of (97% and 100%) for the left and right (NTU) iris datasets respectively after training. Later, the person verification based on the iris feature is performed to verify the claimed identity and examine the system authentication. The time of key generation, Signature, and Verification is 5.17sec,0.288, and 0.056 respectively for the NTU iris dataset. This work offers the realistic architecture to implement identity-based cryptography with biometrics using the RSA algorithm

Electronic Signatures in E-Healthcare: The Need for a Federal Standard

Healthcare, like many industries, is fast embracing the benefits of modern information technology ( IT ). The wide range of available publications on the use of IT in healthcare indicates that IT provides the promise of faster and more comprehensive information about all aspects of the healthcare delivery process, to all classes of its consumers - patients, doctors, nurses, insurance adjudicators, health inspectors, epidemiologists, and biostatisticians. But the drive towards electronic information in health care is not rooted merely in efficiency; more recently, significant emphasis has been placed on patient safety issues raised by the Institute of Medicine\u27s ( IOM ) year 2001 quality report on the subject. It is believed that the deficiencies indicated in that report can be substantially overcome by the use of IT in health care. However, to make this transition successful and complete, all aspects of health care delivery, information management, and business transactions, have to be logically migrated into the electronic world. This includes the function and use of the signature. The use of signatures in business contexts has traditionally provided two functions of legal significance: 1) evidence that can attribute documents to a particular party, and 2) indication of assent and intent that the documents have legal effect. In the recent decades, state and federal statutes have substantiated these functional attributes to digital or electronic signatures. Many of these statutes derive from model codes, such as the Uniform Electronic Transactions Act ( UETA ), that attempt to standardize use and technology surrounding electronic signatures. Subsequent sections will attempt to identify gaps in the standards which prevent true transaction portability. Lack of portability defeats one of the fundamental goals of health care IT solutions - improved efficiency. The discussion will end with a proposal for a uniform federal statutory scheme for standardized electronic signatures for health care

Protection of privacy in biometric data

Biometrics is commonly used in many automated veri cation systems offering several advantages over traditional veri cation methods. Since biometric features are associated with individuals, their leakage will violate individuals\u27 privacy, which can cause serious and continued problems as the biometric data from a person are irreplaceable. To protect the biometric data containing privacy information, a number of privacy-preserving biometric schemes (PPBSs) have been developed over the last decade, but they have various drawbacks. The aim of this paper is to provide a comprehensive overview of the existing PPBSs and give guidance for future privacy-preserving biometric research. In particular, we explain the functional mechanisms of popular PPBSs and present the state-of-the-art privacy-preserving biometric methods based on these mechanisms. Furthermore, we discuss the drawbacks of the existing PPBSs and point out the challenges and future research directions in PPBSs