To ensure the secure transmission of data, cryptography is treated as the
most effective solution. Cryptographic key is an important entity in this
procedure. In general, randomly generated cryptographic key (of 256 bits) is
difficult to remember. However, such a key needs to be stored in a protected
place or transported through a shared communication line which, in fact, poses
another threat to security. As an alternative, researchers advocate the
generation of cryptographic key using the biometric traits of both sender and
receiver during the sessions of communication, thus avoiding key storing and at
the same time without compromising the strength in security. Nevertheless, the
biometric-based cryptographic key generation possesses few concerns such as
privacy of biometrics, sharing of biometric data between both communicating
users (i.e., sender and receiver), and generating revocable key from
irrevocable biometric. This work addresses the above-mentioned concerns.
In this work, a framework for secure communication between two users using
fingerprint based crypto-biometric system has been proposed. For this,
Diffie-Hellman (DH) algorithm is used to generate public keys from private keys
of both sender and receiver which are shared and further used to produce a
symmetric cryptographic key at both ends. In this approach, revocable key for
symmetric cryptography is generated from irrevocable fingerprint. The biometric
data is neither stored nor shared which ensures the security of biometric data,
and perfect forward secrecy is achieved using session keys. This work also
ensures the long-term security of messages communicated between two users.
Based on the experimental evaluation over four datasets of FVC2002 and NIST
special database, the proposed framework is privacy-preserving and could be
utilized onto real access control systems.Comment: 29 single column pages, 8 figure