'Institute of Electrical and Electronics Engineers (IEEE)'
Doi
Abstract
In this paper, we propose a novel secure key agreement protocol that uses biometrics with unordered set of features. Our protocol enables the user and the server to agree on a symmetric key, which is generated by utilizing only the feature points of the user's biometrics. It means that our protocol does not generate the key randomly or it does not use any random data in the key itself. As a proof of concept, we instantiate our protocol model using fingerprints. In our protocol, we employ a threshold-based quantization mechanism, in order to group the minutiae in a predefined neighborhood. In this way, we increase the chance of user-server agreement on the same set of minutiae. Our protocol works in rounds. In each round, depending on the calculated similarity score on the common set of minutiae, the acceptance/rejection decision is made. Besides, we employ multi-criteria security analyses for our proposed protocol. These security analyses show that the generated keys possess acceptable randomness according to Shannon's entropy. In addition, the keys, which are generated after each protocol run, are indistinguishable from each other, as measured by the Hamming distance metric. Our protocol is also robust against brute-force, replay and impersonation attacks, proven by high attack complexity and low equal error rates
