Student Name: Yip Wai Kuan

highpitchedteamΑσφάλεια

30 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

72 εμφανίσεις

Student Name:
Yip Wai Kuan

Supervisors
:

Main Supervisor: Assoc Prof David Ngo Chek Ling

Second Supervisor: Dr Andrew Teoh Beng Jin


Title:

Methods for Deriving Cryptographic Bit
-
strings from Biometrics Hand
-
signature


Conventional biometrics hand
-
signatu
re verification typically requires users to store the original
biometrics information in a trusted centralized or password protected smart card. The former
offers low security as the server may be compromised, while the latter requires the user to
remembe
r the password. The objective of this proposal is to present new methods for deriving
on
-
the
-
fly bit
-
strings for cryptographic purposes from dynamic hand
-
signature. The function will
observe similar characteristics with that of a cryptographic hash which

defines a zero
-
knowledge
one
-
way transformation of the biometrics data that will not require a template of the original data
to be stored in a centralized server or smart card and will offer better security and authentication.


We consider utilizing dynam
ic handwritten signature as biometric for key transformation because
it is a physically and universally accepted method of authentication. We propose that a secure
and good cryptographic key extraction technique from dynamic handwritten signature should
h
ave the following requirements:
-


(1) No signature template storage. Most handwritten signature verification schemes require a
template of the signature to be stored for comparison later. This provides no security in the event
the template is stolen as t
he user, inconveniently, must register a new signature.

(2) Refreshable keys. Previous methods of
Vielhauer et al., Feng & Chan,
Monrose
et al.
, Davida
et al.

and Chang et al
.
methods derive keys straight from biometrics to be used in various
cryptosyst
ems. Again, in the event of compromised key, the user has to change his biometrics,
which is not feasible for physiological biometrics like face, iris and fingerprint. Keys that can be
replaced in the event of key compromise will be an important conside
ration for integration into
cryptographic protocols.

(3) Secrecy protection. Throughout the transformation process, no statistical information that can
be used for reconstruction of the biometric data should be revealed.

(4) Unpredictable key space.

It should not be possible for an adversary to perform a statistical
extraction of key space patterns based on intercepting multiple keys. The keys should be
sufficiently different in terms of bits from non
-
genuine keys, and should be uniformly distribute
d.

(5) Secure transformation. The transformation process should follow good security design
principles as described by Shannon, to promote robustness against cryptanalysis. The
transformation from dynamic signature to cryptographic key should not be rev
ersible to thwart
attempts in recovering the biometric.

(6) Error correction. Since every capture of the hand
-
signatures is not exact, a tolerable
application of correction is needed to ensure that the keys are stable enough to be used as
cryptographic
keys.