Cryptography With Biometrics For Secure Key Exchange
Biometrics is the application of biometry techniques to the authentication and automatic identification of people in security systems. The traditional concept of biometry addresses the application of mathematical and statistical techniques to biological sciences. Biometrics on the other hand can be said to be the science of recognizing the identity of a person based on the physical or behavioural attributes of the individual such as face, fingerprints, voice and iris (Jain et al).
In Modern society, Biometrics has been important to large scale identity management systems whose functionality relies on the accurate determination of an individual’s identity in several different applications context ().
Traditional methods of establishing a person’s identity includes knowledge based (e.g., passwords) and token based (e.g., ID cards) mechanisms, but these substitute representations of identity can be lost easily, shared, manipulated or stolen thereby compromising the intended security. By using biometrics it is possible to establish an identity based on “who you are”, rather than by “what you possess”, such as an ID card, or “what you remember”, such as a password (Poli et al, 2009).
Biometrics is not recommended for every application and user, and in some cases biometric authentication is simply the wrong solution. Defining those environments in which biometrics offers the strongest benefit to individuals and institutions is one of the major challenges facing the biometric industry
As time goes by, the increasing success and affordability of biometric technologies has continually broadened the range of applications in which biometrics operate effectively ().
Cryptography is the science of writing in secret code and is an ancient art. The goal of cryptography extends beyond merely making data unreadable. In this project it also extends into user authentication.
The security of a cryptographic system is dependent relatively on the secrecy of the cryptographic key and not causing inconvenience when it falls in the hand of the enemy. Therefore, the key issue in cryptography is key management (Dong et al, 2008).
Biometrics can be used to protect the key in cryptography, while cryptography and data hiding can be used to protect biometric templates ().
Combining biometrics and cryptography together will have the potential to offer higher assurance of the legal information holder. Key management is an important issue in cryptographic systems.
There are several ways to combine biometrics with a cryptosystem, namely:
Biometrics key release
Biometrics key generation
Biometrics key binding
In a key release mode, biometrics plays a predetermined role in a cryptosystem. The key would be released to users only if biometric matching is successful. A key generation mode requires the key of a cryptosystem being derived directly from a biometric template, hence the unique biometrics provides a unique key for the security system based on some transform or feature extraction. In the key binding mode, the system binds a cryptographic key with the user’s biometrics at the time of enrolment. The key would be retrieved only upon a successful authentication. The key generation/binding modes seem to be more secure than the key release mode because in key release mode, the user authentication and key release are two separate parts (Dong et al, 2008).
The conventional cryptography systems do not need any complex pattern recognition strategy as in biometric systems. They almost always depend on an accurate key matching process. That is, it requires that keys are exactly correct and does not tolerate a single bit error. However, as biometric characteristics are known to be variable and noisy and each new biometric sample is always different, only an approximate match under a threshold between the input biometric data to a corresponding stored template would lead the authentication successful.
Aim and Objectives
Integrating only biometric authentication on systems exposes new problems. This project investigates how to enhance biometrics security using cryptographic encryption and attempts to present an overview of an up to date research in this increasingly important topic by putting biometrics, cryptography and data hiding in the same context of security enhancement.
The Objectives in this project are to:
Identify the main characteristics of Biometrics.
Identify the main security characteristics of Cryptography and Biometrics.
Identify threats and attacks towards Biometrics.
Propose countermeasures for securing Biometric Templates.
Evaluate attack techniques against Crypto-Systems.
Research Question
The following research questions have been identified after some initial investigation and going through the initial literature review.
Will the combination of biometrics and cryptography secure a system from attacks and produce a secured channel to exchange data.
Hypotheses
The hypotheses below have been created by extensive research into biometric systems, cryptographic encryption and the security. The hypotheses created in this project are the initial reviews and may change throughout the project.
The identification of threats and attacks in biometrics and cryptographic systems security.
The information collected will be used to create attack scenarios to conduct an experiment on the different threats faced by biometric systems and cryptographic encryption then identify any countermeasures that can be used to secure the system.
Rationale
Section 2 – Methods
2.1. Secondary Research Method (Literature Review)
The literature review will give a detailed insight into the combination of biometrics and cryptography for the purpose of securing data exchanges. By looking at the wider topic before the development will allow the study to take a more furnished approach to a useful answer to the research question.
The main objectives of the literature review will be to:
Identify the main characteristics of Biometrics.
Identify the main security characteristics of Cryptography and Biometrics.
Identify threats and attacks towards Biometrics.
Identify threats and attacks towards Cryptographic Encryption.
Countermeasures for securing Biometric Templates.
Evaluate attack techniques against Crypto-Systems.
Identifying suitable data gathering techniques for the project.
Identifying suitable data analyse techniques for the project.
2.1.1 Literature Sources
Books
Journals
Journal of Applied Security Research, 2010
International Journal of Computer Science and Network Security, 2009
Information Forensics and Security, 2010
Conferences
Science and Technology for Humanity (TIC-STH), 2009 IEEE Toronto International Conference, 2009
Computer Security Applications Conference, 2008
Websites
IEEE/IEE Electronic Library (IEL) via IEEE Xplore – http://www.ieee.org/ieeexplore
ProQuest – http://proquest.umi.com
Springerlink – www.springerlink.com
2.2. Primary Research Method (Experiment)
Section 3 – Resources and Risks
3.1. Required Resources
Throughout this project, many resources are required for carrying out the experiment and the initial literature review.
3.1.1. Literature based resources
Access to Glasgow Caledonian University library: To gain access to computers to research literature on the internet, Athens, or access books which have been published by authors that may be relevant to Cryptography and Biometrics.
Internet connectivity for any other research such as Google scholar: Home and university based internet connectivity will be needed to further research any literature that may be needed.
3.1.2. Experiment based resources
3.2. Risks
Section 4 – Project Plan
The main tasks which have to be completed during the project, the estimated time to complete and any deliverables that may be available at that time of the project are shown below. A Gantt chart will be produced to show the tasks to be done in parallel rather than in sequence to manage time effectively and avoid delays.