JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 11

Fingerprint Based Cryptography Technique for Improved Network Security Sandip Dutta, Soubhik Chakraborty and N.C.Mahanti Abstract-We propose an improved technique in which encryption and decryption are done with the help of the combined key generated from extracted features of sender’s and receiver’s fingerprints. The facial images of the sender and the receiver, which hide their respective fingerprints, are used for authentication purpose.

The technique safeguards against the different types of biometric

authentication attacks such as spoof attack, replay attack, template attack etc. in network communication.

Index Terms—Modified DES algorithm, MD5 algorithm, Biometric, Cryptography, Steganography.

1 Introduction With the advancement in networking technology helping us to connect to any part of the globe and the openness and scalability of the internet opening up a number of new on-line applications, the threats from attackers have also grown drastically. In recent years, attackers have shown increasing sophistication in their ability to launch attacks which threaten the security of the devices connected to the internet. Our algorithm maintains confidentiality, integrity, authenticity and key management. Biometric authentications help us to measure human physiological or behavioral characteristics to verify an individual’s identity. The Biometric characteristics should be the unique characteristics of an individual which should not be easily duplicated and should not change overtime.

2 Previous works Very little work has been done in the field of cryptography with the help of biometrics because biometric generates a different key each time, and for the encryption and the decryption process, we require a single key for symmetric algorithm. The incorporation of biometrics into cryptography the algorithm [1] has suggested two approaches: release of the key and generation of the key. The algorithms pertaining to key release ([2]-[4]) require the following: (1) Storing the cryptographic key as a part of the user database.

(2) Availability of the database when matching the cryptographic key. (3) Two different processes for the user’s authentication and key generation. The issue with the algorithm is related to the identification of the person who produces the key. Thus, it can deliberately be done by the user to choose a weak key. This issue is in addition to the issue that the stored keys in the database could be easily hacked. Another issue is that an enrollment process is required to store the template. Some of the problems caused by the key release algorithms are avoided by the use of the key generation algorithms in the following way: (1) Bind the secret key to the biometric information and (2) Eliminate the requirement to access the biometric template. As depicted in the ([2],[5]-[11]), the key generation is more complicated than the key release because it requires pre-aligned sample representations and complicated calculations. The algorithm [12] which we proposed earlier had a feature of transmitting the receiver’s fingerprint over the network so that the sender could generate the master key for the encryption of the message. This directly meant that the users would lose their identities as the sender will be having the entire fingerprints of the receiver and in the transmission process, in case of the man in the middle attack, the attacker could very easily move away with the fingerprint of both the parties. In our proposed system the key generation is done with the combination of

© 2011 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 12

sender’s and receiver’s fingerprints. The receiver generates private key from the feature extraction of his fingerprint and the sender also generates private key from the feature extraction of his fingerprint. The symmetric key is formed with the combination of the sender’s and the receiver’s private keys.

3 Attacks User authentication is fundamental for protecting the information and biometric authentication system easily verifies a user’s identity and has not to remember things like password. Like other authentication system the biometric authentication systems are vulnerable to attack. The algorithm [13] describes different types of biometric attacks which are as follows: a) Spoof Attack: To forge a fake biometric copy of a legitimate user and provide the same to the identification sensor. Spoofing fingerprints is done by getting the fingerprints of legitimate users left over on some hard surfaces such as glass, compact disk etc. b) Replay Attack: To obtain the previously submitted data for a legitimate user either through some sniffer device or some sniffer software during some successful authentication process or obtaining the same through the collection of some residual print left over on the biometric sensor. This illegitimately obtained data is then presented to the sensor. c) Data simulation: To simulate the legitimate user’s physical identity by hit and trial method by initially selecting an image and then progressively matching the scores for each progression. d) Template attack: To add a new template, modify or remove or steal an existing template. Stolen templates can even be used to reverse engineer the biometric system thereby generating synthetic fingerprint images to fool a commercial thumb print.

4.1 Description The sender first requests the receiver for the key. The receiver, in turn, captures certain unique features of his fingerprint (and not the entire fingerprint) and hides it into his facial image. This

4 Finger Print with cryptography for Network Security (Proposed Scheme) In this paper, we have proposed an algorithm to implement a biometric key by generating it from a combination of some of the unique features of the sender’s and receiver’s fingerprints. The receiver sends his unique features of his fingerprint with the feature extraction algorithm, hides it with the least significant digit algorithm [14] (least significant bit of a binary image is replaced by 1 or 0, which is lossless and the data can be directly manipulated and recovered) in his facial image, so that the information in facial does not get disrupted and sends it to the sender. Sender easily identifies the receiver with help of the facial image and thus identification process can be avoided. The receiver will definitely send his photo because if the sender does not recognize him, sender will not send the confidential message to receiver. Sender also extracts unique features of his fingerprint. The master key is generated from combining (XOR) the unique features of sender’s and receiver’s fingerprints and using MD5 (Message Digest Algorithm 5) [15] hashing algorithm, which converts an arbitrary length byte string into a 128-bit value. From the master key, the random sequence is generated depending on the length of the message and the message is then encrypted with the help of modified DES algorithm. In standard DES algorithm the message encryption and decryption is done with single primary key but in our algorithm each 64 bit message is encrypted and decrypted with the different 64 bit and key is generated from the combination of sender’s and receiver’s fingerprint. The sender’s key and random sequence is sent to receiver hidden into sender’s facial image and sent back to receiver along with the encrypted message. Key generated from biometrics will be used for encryption and decryption purpose, in our algorithm.

stego-image (when a secret message is hidden within a cover image, the resulting product is called a stegoimage)[16] is used to generate the key and is sent to the sender. When the sender receives this image, unhide the image to find out the unique feature of the receiver and thus the key of the receiver. There is no need for authentication because image of the receiver

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 13

itself proves his authenticity. The sender also generates the key from the unique features of his own fingerprint. The master key is generated with the combination (XOR) of the recipient's key (originally sent by the receiver) and the sender's key. A key of 128 bits is generated with the help of a standard hashing algorithm MD5. The message which is intended to be sent to the receiver needs to be encrypted with the modified DES algorithm. In the proposed algorithm, from the 128-bit key a random sequence is generated depending on the length of the message, and for every 64-bit message, a separate 64-bit key is used to encrypt and decrypt the message. In DES algorithm symmetric key of 64-bit is used for encryption and decryption of the message. In our modified DES algorithm each 64 bit of message is encrypted with the different set of 64 bit key, which is generated randomly with the different combination of 128 bit key generated from MD5 algorithm. The length of the above key is formed depending on the length of the message. After interchanging the rows with the columns of random sequence generated from the above mentioned step a new sequence number is generated. This new sequence number and unique features of the sender’s fingerprint is hidden in the sender’s facial image using the least significant algorithm of Steganography. The stego image is sent to the intended receiver along with the encrypted message. Each time the program is

executed, a different random sequence is formed. Sender can send same message to different receiver with different key and different sequence no. At the second stage the recipient on receiving the image follows the extraction steps using the least significant bit based Steganography method thereby extracting the random sequence and the sender’s key generated from his fingerprint. The random sequence is converted from column to row. This is an additional security measure. The receiver’s generated private key is with the receiver. Master key of 128 bits is generated with the help of a standard hashing algorithm MD5 after combining the receiver's key, generated from his fingerprint and the sender's key. The encrypted message will be decrypted with modified DES algorithm using the symmetric key following the same steps as above for encryption, i.e. every 64-bit message with separates 64-bit key using the same random sequence. There might be a scenario in which an intruder gets the image and the extracted features of the receiver. Even then, his motive to obtain the information illegitimately does not succeed because even if the two features are available with the intruder, he doesn’t have the algorithm to recognize the pattern in which the fingerprint features are hidden in the facial image of the receiver. Thus there is another justification for not requiring authentication of the receiver.

© 2011 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 14

In the following figure 1, we describe how the message is encrypted and decrypted

SENDER A

Sender request for receiver’s key

RECEIVER B

Receiver generates key from feature of his fingerprint and hides it in his facial image

Sender unhide and extracts B’s key

Sender also generates key from feature of his fingerprint

Unhide

Sender’s key generated from his fingerprint

Random sequence

Keys of both fingerprints of A and B are combined(XOR)

K1

K2

K3

K4

Original message

K5 64 bits each Kn

Encryption

Hide sender’s facial image with random sequence & sender’s key with Steganography

4. 2 Features of the proposed method The important features of the proposed method are as follows: The sender and the receiver send only the unique features of their fingerprints and not the entire fingerprint. Thus, the identity is not lost. The receiver sends the unique features of his fingerprint after hiding it using least significant method into his own facial image. The sender also sends unique features of his fingerprint. This makes it next to impossible for an attacker to generate the master key. The receiver’s image is sent only after receiving the request from the sender, so the receiver knows

128 bits key is generated (Hashing MD5)

Encrypted Message

128 bits key is generated, also a random sequence is generated

Key of both A and B are combined (XOR)

K1

K2

K3

K4

K5

Kn

Decryption

Get back original message

a message has to receive by receiver, thus acknowledge is established between sender and receiver. Using random sequence facilitates generation of a unique 64-bit key each time for the same message. For every 64-bit information, a separate 64 bit key is used for encryption and decryption. Sequence number of row and column are interchanged and sent to receiver and the receiver has to interchange again.

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 15

5 DEFEAT ATTACKS Spoofing Fingerprints: In the proposed system, the sender and receiver send the unique features of their fingerprint, hidden in their facial images thus eliminating the need to save the fingerprint in the database and eliminating the possibility of any kind of spoofing attack. Replay Attack: Replay attacks can be defeated in proposed system because authentication process is done from the facial images of the sender the receiver and there is no scope for the attacker to collect the residual print from the memory of the sensor. Data Simulation: In the proposed system the fingerprint is not captured from any sensor of the public domain. Transmission Attack: Features of receiver’s fingerprint are hidden into his facial image and sent to the sender. Features of the sender’s fingerprint is also hidden into his facial image and sent to receiver. Thus transmission attack is avoided. Template Attack: Template attack is not possible in our proposed system.

6 Evaluation of Proposed Method Network security schemes are evaluated using several criteria as given in [17] and [18]. Evaluations of our scheme on these criteria are given below. Uniqueness: The fingerprint image of the sender and the receiver are combined to form unique characteristics. In the proposed algorithm, we are taking features of fingerprint making intrusion very difficult. Permanence: Only the features of the fingerprint are sent, the characteristics remain the same. Universality: Fingerprints are universal characteristics. Performance: The fingerprint identification accuracy should be achievable with respect to the available resources and the identification should be achievable under all working conditions (e.g. environmental factors).

Collect Ability: The fingerprinting is evenly quantifiable. Circumnavigation: It would be difficult to fool the system with fraudulent and inappropriate private keys. Acceptability: The proposed biometric technique should be acceptable by the masses in this age of technology. Storage Requirements: It basically refers to each party's quantitative information requirement to store subsequent information. Sender and receiver need not have to maintain a huge database. Communication Requirement: Each party needs to provide their feature of their fingerprint to the other to generate the appropriate random key sequence. Computational Requirement: Computations are only needed by the persons involved in communication to generate the master key and random sequence with the features of fingerprints only. Computational time is negligible since no matching is required with public databases and the facial image itself proves their identity. Implementation Costs: With vertical fall of the hardware cost, the acquisition of finger print scanner is very low. Steganography Scheme Support: Steganography involving hiding key generated from fingerprint in the facial images using least significant digit algorithm, so that there is no change in the image of the face. Fingerprint liveness: Due to environmental and physiological factors there is a change in the biometric image and thus the biometric template is not consistent enough to use as a cryptographic key. But in our case the user is creating the key depending on the present biometric template. We next provide an interesting comparison of the six algorithms, given in Table 10.1 on page 184 of the Schenier’s book [15] with our algorithm, in Table 1.

© 2011 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 16

Table 1. Classes of Algorithms with Performance Algorithm Symmetric encryption algorithms Public-key encryption algorithms Digital signature algorithms Key-agreement algorithms One-way hash functions Message authentication codes Our algorithm

Confidentiality

Authentication

Integrity

Key Management

Yes

No

No

Yes

Yes

No

No

Yes

No Yes No No Yes

Yes Optional No Yes Yes

Yes No Yes Yes Yes

No Yes No No Yes

In Table 2, we have summarized the timing on message length, random sequence generation, encryption, watermarking, de-watermarking followed

by decryption of the message. Every time the program is executed a different random sequence is formed.

Table 2. No. of Characters vs. Time No of Characters in a message 16 32 64 112

Hashing (Sec.) 1.2168 1.2636 1.2168 1.2324

Encryption (Sec.) 0.24648 0.2496 0.3588 0.5928

7 Conclusion

Hiding (Sec.) 1.3542 1.3570 1.4570 1.5130

Unhiding (Sec.) 0.9108 1.0140 1.0997 1.2320

Decryption (Sec.) 0.1560 0.2028 0.2808 0.4836

print, each time a separate key can be generated. To tackle this problem can be a future work in this area.

The scheme of using feature extraction from the sender and the receiver’s fingerprints has a number of advantages. Since the scheme uses only certain features of the fingerprint, neither the sender nor the receiver will lose their fingerprint identity. The hiding extracted features in the facial image of the sender and receiver can be used to validate the two communicating parties. This maintains the main motive of the network security, i.e. to maintain the integrity and the security of the data to be transferred over the network. The sender and the receiver can change the key depending on parameter of the extraction of the fingerprint image. In the proposed scheme, we are using the sender’s and receivers extracted features of their fingerprints. Depending upon the manner of scanning the finger

References [1] Uludag, U., Sharath Pankanti, Salil Prabhakar, Anil Jain (2004). "Biometric Cryptosystems: Issues and Challenges." Proceedings of the IEEE 92(6): 948-960. [2] Clancy, T. C., N. Kiyavash and D.J. Lin (2003), "Secure smartcard-based fingerprint authentication", Proceedings ACM SIGMM 2003 Multimedia, Biometrics Methods and Workshop: 45-52. [3] Soutar C., D. Roberge, S.A. Stojanov, R. Gilroy, and B.V.K. Vijaya Kumar (1998), "Biometric encryption using image processing", Proceedings

© 2011 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 17

of the SPIE - Optical Security and Counterfeit [4] Roginsky, A. (2004), "A New Method for Generating RSA Keys", International Business Machines Consulting Group. [5] Davida G. I., Y. F., and B.J. Matt (1998), "On enabling secure applications through offline biometric identification", Proceedings of the IEEE Privacy and Security: 148-157. [6] Davida G. I., Y. F., B.J. Matt and R. Peralta (1999), "On the relation of error correction and cryptography to an offline biometric based identification scheme", Proceedings Workshop Coding and Cryptography: 129138. [7] Monrose, F., Michael K. Reiter, Qi Li, Susanne Wetzel (2001), "Cryptographic Key Generation from Voice", Proceedings IEEE Symposium on Security and Privacy. [8] Monrose, F., Michael K. Reiter, Susanne Wetzel (1999), "Password hardening based on keystroke dynamics", Proceedings of the 6th ACM Conference of Computer and Communications Security: 73-82. [9] Juels, A., M. Wattenberg (1999), "A fuzzy commitment scheme", Proceedings of the 6th ACM Conference of Computer and Communications Security. [10] Juels, A. a. M. S. (2002), "A fuzzy vault scheme", Proceedings IEEE International Symposium on Information Theory. [11] Linnartz, J. a. P. T. (2003), "New shielding functions to enhance privacy and prevent misuse of biometric templates", Proceedings of the 4th International Conference on Audio and Video Based Person Authentication: 393402. [12] S. Dutta, A. Kar, B. N. Chatterji and N.C.Mahanti (2008), “Network Security Using Biometric And Cryptography ” , Lecture Notes in Computer, Springer, ISBN-978-3-54088457-6: 38-44. [13] Q. Xiao, "Security issues in biometric authentication”, Proceedings of the 2005 IEEE, Workshop on Information Assurance and Security,United States Military Academy, West Point, NY [14] S. Katzenbeisser and F.A.P. Petitcolas, “Information hiding techniques for steganography and digital watermarking”,

Deterrence Techniques II 3314: 178-188.

[15]

[16]

[17]

[18]

Artech House Publishers, ISBN 1-58053-0354, Page 45. B. Schenier, "Applied Cryptography Protocol, Algorithms, and Source Code in C", Second Edition Wiley Computer Publishing, John Wiley and Sons, Inc. ISBN: 0471128457 Pub Date: 01/01/96, Page 436,184 B.B Zaidan, A.A Zaidan, A.Taqa, F. Othman, “Stego-Image Vs Stego-Analysis System”, International Journal of Computer and Electrical Engineering”, Vol. 1, No. 5 December, 2009, 1793-816. Christopher Ralph Costanzo (2007), " Biometric Cryptography: Key Generation Using Feature and Parametric Aggregation", Internet Monitoring and Protection, ICIMP 2007, Second International Conference on Volume , Issue , 1-5 July 2007 Page:28. Geong Sen Poh and Keith M.Martin(2007), "A Framework for Design and Analysis of Asymmetric Fingerprint Protocols", Information Assurance and Security, IAS 2007, Third International Symposium on Volume , Issue , 29-31 Aug. 2007 Page(s):457 – 461

Sandip Dutta is working as an Associate Professor in the Department of Information Technology in Birla Institute of Technology, Mesra, Ranchi, India. He has fourteen years of experience in industries and nine years of teaching experiences. He has published two papers in international journals. His research interests are in the areas of Network security, Biometric & Cryptography. Soubhik Chakraborty is working as a Reader in the Department of Applied Mathematics in Birla Institute of Technology, Mesra, Ranchi, India. He has published 50 research papers in the areas algorithmic complexity, statistical computing and music analysis in international journals and one book. An acknowledged reviewer of several leading international journals [e.g. Computing Reviews (ACM) and Transactions on Computers(IEEE)], he is the associate editor of Ninad, journal of ITC Sangeet Research Academy. He has guided one Ph.D. scholar. He has 14 years of teaching and research experience. N.C.Mahanti is working as a Professor and Head in the Department of Applied Mathematics in Birla Institute of Technology, Mesra, Ranchi, India. He received Ph.D. in the field of Fluid Dynamic in the

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 5, ISSUE 2, FEBRUARY 2011 18

year 1977. He has forty years of teaching and research experiences. He has chaired many symposium and conferences. He has published 30 international journals. He has guided 05 Ph.D. scholars.

Fingerprint Based Cryptography Technique for ...

The facial images of the sender and the receiver, which hide their respective fingerprints, are used for authentication purpose. The technique safeguards against ...

634KB Sizes 0 Downloads 304 Views

Recommend Documents

Fingerprint Based Cryptography Technique for Improved Network ...
With the advancement in networking technology ... the network so that the sender could generate the ... fingerprint and the sender also generates private key.

A Novel Technique of Fingerprint Identification Based ...
Dr. H. B. Kekre is with Department of Computer Science, MPSTME,. NMIMS University ..... Int. Journal of Computer Science and Information Technology (IJC-. SIT) Vol. 01, No. ... M.E.(Computer Engineering) degree from. Mumbai University in ...

A Novel Technique of Fingerprint Identification Based ...
Department, MPSTME, NMIMS University, Mumbai India. I. Fig. 1. Different .... ternational Conference on Computer Networks and Security. (ICCNS08) held at ...

An Approach For Minutiae-based Fingerprint Feature ...
incorporating the weight factor and encoding the degree of irregularity ... System architecture ..... [Online]. Available: http://bias.csr.unibo.it/fvc2004/databases.asp.

WebIBC: Identity Based Cryptography for Client Side ...
can be classified into desktop software and browser plug- ins. ... ject as the interface to access a local file or cryptogra- ...... [20] W. Tang, X. Nan, and Z. Chen.

A corpus-based technique for grammar development
developing a broad-coverage grammar by means of corpus-based ... compare automatically the efficiency of the grammar, even without any treebank. 1 ...

A Design-of-Experiment Based Statistical Technique for ...
areas of computer vision and related fields like content-based video retrieval, ..... ϱth group, (mϱ-1) is the degrees of freedom of the ϱth individual group and ...

FM Model Based Fingerprint Reconstruction from Minutiae Template
Michigan State University. {jfeng ... been evaluated with respect to the success rates of type-I attack (match the recon- structed fingerprint .... cal goal is to estimate the FM representation of the original fingerprint, cos(Ψ(x, y)). To obtain th

BINARY TREE BASED LINEAR TIME FINGERPRINT ...
... Bangalore, India,. 3. Indian Institute of Technology, Dept of Mathematics, Roorkee, India, ..... less matching time of 34.8 ms on PIII 450M Hz. 5. CONCLUSION.

Fingerprint: DWT, SVD Based Enhancement and ...
Computer Science, S.T. Hindu College, Nagercoil-2., India. To improve the ... element in the set, a membership degree between 0 and 1. A fuzzy set in is defined ...

Fingerprint Instructions for Taxicab Drivers.pdf
Payment should be made payable to the Colorado Public Utilities Commission, or PUC. Personal checks are not accepted. Remit only business checks, money ...

Fingerprint Instructions for Taxicab Drivers.pdf
Fingerprint Instructions for Taxicab Drivers.pdf. Fingerprint Instructions for Taxicab Drivers.pdf. Open. Extract. Open with. Sign In. Main menu.

Elliptic curve cryptography-based access control in ...
E-mail: [email protected]. E-mail: .... security solutions for wireless networks due to the small key size and low ..... temporary storage and loop control.

A Novel Technique A Novel Technique for High ...
data or information within the cover media such that it does not draw the diligence of an unsanctioned persons. Before the wireless communication data security was found. Processing and transmission of multimedia content over insecure network gives s

Elliptic Curve Cryptography Based Mining of Privacy ...
Abstract—Distributed data mining techniques are often used for various applications. In terms of privacy and security issues, these techniques are recently investigated with a conclusion that they reveal data or information to each other parties in

Authorization of Face Recognition Technique Based On Eigen ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, ..... computationally expensive but require a high degree of correlation between the ...

Acoustic-similarity based technique to improve concept ...
pairs of phone level baseforms and returns a similarity value as long as it ... of the top N(= 2) values is the average acoustic similarity of. W (called λw) with the ...

Authorization of Face Recognition Technique Based On Eigen ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, ..... computationally expensive but require a high degree of correlation between the ...

A Spline Based Regression Technique on Interval ...
preparing for validation of the model. This process also aids in establishing confidence on forecasting of future results. For predicting the values of [Yl,Yu] given ...

A Secondary Fingerprint Enhancement for Identification ...
Competition(FVC) 2004 database [20] which contains hundreds of fingerprint images. This enhancement algorithm is executed in MATLAB 7.3.0. Table 1 shows the execution times on different fingerprint images in the database(DB). The first three column a

A Novel approach for Fingerprint Minutiae Extraction by ...
analysis digital security and many other applications. Fingerprints are fully formed at about seven months of fetus development and finger ridge configurations do not ... point or island, spur and crossover. A good quality fingerprint typically conta

Filtering Large Fingerprint Database for Latent Matching
Filtering Large Fingerprint Database for Latent Matching. Jianjiang Feng and Anil K. Jain. Department of Computer Science and Engineering. Michigan State ...

Fingerprint Authentication in Action - GitHub
My name is Ben Oberkfell, I'm an Android developer at American Express on the US ... developer.android.com/resources/dashboard/screens.html ... Page 10 ...