Biometric identity-based cryptography for e-Government environment

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

A Review on an Authentication System using Secret Sharing

Security using Authentication system is an important concern in the field of information technology. It is an important thing as per as concern to the ruling of internet over people today. The growth in the usage of internet has increased the demand for fast and accurate user identification and authentication. This New threats, risks and vulnerabilities emphasize the need of a strong authentication system. The cryptography is a secret sharing scheme where a secret data gets divided into number of pieces called shares and not a single share discloses any information about secret data. There are some automated methods to identify and verify the user based on the physiological characteristics. To deal with such methods, there is a technology called biometrics which measures and statistically analyses the biological data. The biometric samples which are stored in the database as a secret are unique for each user so that no one can predict those samples. A biometric authentication system provides automatic authentication of an individual on the basis of unique features or characteristics possessed by an individual. The authentication system can be stronger using multiple factors for authentication process. The application like Aadhar Card uses more than one factor for authentication. There is some difficulty with authentication systems such as user privacy considerations in case of multiple biometric features, huge size databases and centralized database which may create security threats. To address such tribulations, the Authentication System using Secret Sharing is proposed, Secret sharing splits the centralized database across the different locations. This helps in reducing the database size and removal of threats in centralized database. Also user privacy is maintained due to the decentralized database

A fingerprint based crypto-biometric system for secure communication

To ensure the secure transmission of data, cryptography is treated as the most effective solution. Cryptographic key is an important entity in this procedure. In general, randomly generated cryptographic key (of 256 bits) is difficult to remember. However, such a key needs to be stored in a protected place or transported through a shared communication line which, in fact, poses another threat to security. As an alternative, researchers advocate the generation of cryptographic key using the biometric traits of both sender and receiver during the sessions of communication, thus avoiding key storing and at the same time without compromising the strength in security. Nevertheless, the biometric-based cryptographic key generation possesses few concerns such as privacy of biometrics, sharing of biometric data between both communicating users (i.e., sender and receiver), and generating revocable key from irrevocable biometric. This work addresses the above-mentioned concerns. In this work, a framework for secure communication between two users using fingerprint based crypto-biometric system has been proposed. For this, Diffie-Hellman (DH) algorithm is used to generate public keys from private keys of both sender and receiver which are shared and further used to produce a symmetric cryptographic key at both ends. In this approach, revocable key for symmetric cryptography is generated from irrevocable fingerprint. The biometric data is neither stored nor shared which ensures the security of biometric data, and perfect forward secrecy is achieved using session keys. This work also ensures the long-term security of messages communicated between two users. Based on the experimental evaluation over four datasets of FVC2002 and NIST special database, the proposed framework is privacy-preserving and could be utilized onto real access control systems.Comment: 29 single column pages, 8 figure

Biometric iris templates security based on secret image sharing and chaotic maps

Biometric technique includes of uniquely identifying person based on their physical or behavioural characteristics. It is mainly used for authentication. Storing the template in the database is not a safe approach, because it can be stolen or be tampered with. Due to its importance the template needs to be protected. To treat this safety issue, the suggested system employed a method for securely storing the iris template in the database which is a merging approach for secret image sharing and hiding to enhance security and protect the privacy by decomposing the template into two independent host (public) iris images. The original template can be reconstructed only when both host images are available. Either host image does not expose the identity of the original biometric image. The security and privacy in biometrics-based authentication system is augmented by storing the data in the form of shadows at separated places instead of whole data at one. The proposed biometric recognition system includes iris segmentation algorithms, feature extraction algorithms, a (2, 2) secret sharing and hiding. The experimental results are conducted on standard colour UBIRIS v1 data set. The results indicate that the biometric template protection methods are capable of offering a solution for vulnerability that threatens the biometric template

Modelling and simulation of a biometric identity-based cryptography

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation

The use of biometric data for person identification and access control is gaining more and more popularity. Handling biometric data, however, requires particular care, since biometric data is indissolubly tied to the identity of the owner hence raising important security and privacy issues. This chapter focuses on the latter, presenting an innovative approach that, by relying on tools borrowed from Secure Two Party Computation (STPC) theory, permits to process the biometric data in encrypted form, thus eliminating any risk that private biometric information is leaked during an identification process. The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacy-aware processing of biometric data in a STPC context. The two main approaches proposed so far, namely homomorphic encryption and garbled circuits, are discussed and the way such techniques can be used to develop a full biometric matching protocol described. Some general guidelines to be used in the design of a privacy-aware biometric system are given, so as to allow the reader to choose the most appropriate tools depending on the application at hand