Biometrics based
Cryptosystem Design
Under :
Prof. Santanu Chaudhury
Dr. Lipika Dey
By :
Abhishek Nagar
2001057
Cryptosystem
A mechanism using which one can
encode an information content to an
incomprehensible form and also recover the
original content when desired.
Biometrics
Biometrics is the science and technology
of authentication (i.e. establishing the identity
of an individual) by measuring the subject
person's physiological or behavioral features.
Motivation
Normally used cryptosystems have a number of
associated inconveniences and problems such as
User needs to remember passwords
could be forgotten.
User has to carry smart cards
could be lost or stolen.
Problem of non

repudiation
The user who generated the cryptic message can easily
deny his involvement
Biometrics is a solution to these problems
Difficulties in using Biometrics
Non

repeatability
Every time one obtains a biometric, its value is not
exactly the same as that obtained before.
Limited Number
Easily Accessible to public
Biometric used & Feature Extraction
Fingerprints are used as a key to our
cryptosystem
Features are extracted using a set of gabor
filters applied on all the elements of a
tessellated fingerprint.
Gabor Feature Extraction
Reference Point Location
Divide the fingerprint image, into non

overlapping
blocks
Compute the intensity gradients using sobel
operator
Estimate the local orientation as
Compute E, an image containing only the
sine
component of
O
(,) sin('(,))
E i j O i j
1
1
2
(.)
(,) tan
(,)
y
x
V i j
O i j
V i j
(,)
O i j
Initialize
’A’
, a label image
used to indicate the reference
point
Find the maximum value in
’A’
and assign its
coordinate to the reference point.
Repeat steps by using a window size of
w’
×
w’
,
where
w’<w
to get a fine estimate
The different sizes taken are 5, 10 and 15 pixels
1 2
(,) (,) (,)
R R
A i j E i j E i j
Sector

Wise Normalization
Tessellate fingerprint image into sectors and
normalize pixels in each sector as:
Gabor Filters
where
f
is the frequency, and are the space constants
2 2
2 2
''
1''
(,,,) exp cos(2')
2
'sin( ) cos( )
'cos( ) sin( )
x y
x y
G x y f fx
x x y
y x y
x
y
2
0
0
2
0
0
( (,) )
(,)
(,)
( (,) )
i
i
i
i
i
i
V I x y M
M ifI x y M
V
N x y
V I x y M
M otherwise
V
fig
Each sector is filtered using gabor filters for
four different values of
θ
in {0,45,90,135}
the feature value,
V
iθ
, is the average absolute
deviation from the mean defined as
where
n
i
is the number of pixels in
S
i
and
P
iθ
is the
mean of pixel values of
F
iθ
(x, y)
Finally a feature vector is generated whose
elements have value in the range 0

255
1
(,)
i
i i i
n
i
V F x y P
n
Addressing problems associated with
using biometrics
Limited number & Open to public
Transform the Biometric Features into a new set of
features using a Secure Transformation
No. of bio

keys=No. of Transformations
Added security since transformation function is kept secret
Secure Transformation should have some desirable
qualities
Range of value of elements of feature vector should not
vary non uniformly
Secure Transformation
Transformation matrix is generated using a set of
random numbers.
Feature vector to be transformed is converted to
matrix form and convolved with the Transformation
matrix to get the Secure Features.
Fingerprint Features
in Matrix Form
Random Kernel
Secure Fingerprint
Features
Non

Repeatability
Usual cryptosystems fail with biometrics
since each time one obtains a biometric, its
value is not exactly the same as that obtained
before.
There is a high probability that a person is not
able to decipher the message encrypted using
biometrics
Modified Fuzzy Vault Scheme is used instead
of usual cryptosystem.
Modified Fuzzy Vault Scheme
Fuzzy Vault
A secret message ‘M’ is encrypted into a fuzzy
vault ‘V’ using another data ‘A’
‘M’ can be decrypted using a data ‘B’ sufficiently
close to ‘A’
Creation of Fuzzy Vault
The secret message ‘M’ is the Document of length
k.
Data ‘A’ is the biometric template.
‘M’ is encoded using the Reed

Solomon codes to
‘C’ of length n=2
t

1
RS codes have error correcting capacity of (n

k)/2 where
k is the length of ‘M’
n triplets are formed such that a randomly chosen
position(1,2or3) say Position (i) of the i
th
triplet is
the i
th
number from code ‘C’ and the other two
numbers are randomly chosen.
Call the triplet Locking Set 1
Another n triplets are formed such that
i
th
triplet contains i
th
biometric element at Position(i)
The other two elements are such that they form an
arithmetic progression with distance=FV_tolerance
Call it Locking Set 2
Unlocking the Fuzzy Vault
Using the biometric, find the Position(i)
Position(i) is the position of the element in i
th
triplet in
Locking Set 2 which is closest to i
th
biometric element
Find value at Position(i) in the Locking Set 1, this
should be the i
th
value of the Reed

Solomon code.
Decode the Reed

Solomon code to obtain the
message.
Non

Repudiability
Since Fuzzy Vault is Symmetric Cryptosystem, the
encryption key is same as decryption key.
Causes a set

back in terms of non

repudiability
Solution
Encryption module has its own set of encryption and
decryption keys.
Created Fuzzy Vault is encrypted by the module whose
decryption key is made public.
No possibility of creation of fuzzy vault outside Encryption
Module using the key.
Invariant Features
Invariant feature I of data d for a transformation T is
the feature such that:
Invariant features are used instead of biometrics.
Transformed biometric is sent
Actual biometric is secure
Same key serves for different cryptosystems by changing
the set of Invariants.
Key to hierarchical security
( ( )) ( )
I T d I d
Permutation used as Transformation
Values of elements are not changed
Invariant Feature is the increasing order of the
feature elements
Hierarchical Security
Message can be encoded with different security levels
Receivers with a key for security level higher than the
encryption security are able to decode.
Implemented by doing binary subdivision of the Secure
Feature and evaluating Invariant Features for each division.
Increasing order of first 2k permuted elements is same as
increasing order of join of first k permuted elements and next k
permuted elements.
Complete System Design
The complete system is implemented in
MATLAB
.
SERVER

RSA Field
&
Decr. Key for
Each module
MODULE1

Encr. Key

Secure Tr. For
Each user
MODULE2

Encr. Key

Secure Tr. For
Each user
MODULE3

Encr. Key

Secure Tr. For
Each user
USER1
USER2
USER1
USER1
USER2
System Initialization
Each Module is initialized with its RSA keys and
Field and is added to the Server.
Decryption key and Field are registered with server
Each user is added to a module
User’s Secure Transformation and Identity are registered
with the module.
Document Sending
Calculate Gabor Features of the fingerprint
Transform the Fingerprint Features to get Secure
Fingerprint Features
Generate and RSA cryptosystem(32 bit in our case)
randomly having
Field n
Encryption Key e
Decryption Key d
Divide the document into chunks of appropriate length(2 in
our case) such that the numeric equivalent of each chunk is
less than n for the encryption to work properly. Pad the
message if required.
Encrypt the document using e
Each digit of the number d is considered as an 8

bit
character to be secured in the fuzzy vault
Append random digits to d such that its length becomes
255

2*Permissible_Error
Find the invariant features corresponding to the desired
security level to create Modified Fuzzy Vault
Encrypt Modified Fuzzy Vault using Module Encryption Key
Send the Encrypted Modified Fuzzy Vault, the Encrypted
Document, Security Level, Module Id, User identity, the
padded values, n and the length of d
Encryption
Biometric
Features
Secure
Transformation
Secure
Features
Invariant
Extraction
Invariant
Feature
Invariant
Feature
Document
Key
Fuzzy
Vault
Modified Fuzzy Vault
Encryption Algorithm
Fuzzy
Vault
Module Encryption
Encrypted Fuzzy
Vault
Document Receiving
Find the invariant features corresponding to the Security
Level
Decrypt the Modified Fuzzy Vault using module Decryption
Key
Open the Modified Fuzzy Vault using the invariant features
to get d
Obtain the actual d taking only the first desired digits
Decrypt the Document using n and d to get the Document
Decryption
KEY
Document
key
Invariant
Extraction
Invariant
Feature
Modified Fuzzy Vault
Decryption Algorithm
Encrypted
Fuzzy Vault
Module
Encryption
Fuzzy
Vault
Results obtained using this cryptosystem
FAR and FRR for Modified Fuzzy Vault
FV_tol.
FAR
(%)
FRR
(%)
FV_tol.
FAR
(%)
FRR
(%)
2
0
5
12
2.78
0
4
0
0
14
9.72
0
6
0
0
16
11.1
0
8
0
0
18
16.7
0
10
2.78
0
20
19.4
0
Drawback in the proposed system
The implementation of the previous cryptosystem
required a special network of modules for
implementing the final step in the encryption stage,
the Module Encryption step.
The role of module encryption step was to ensure that
the message was sent using a legitimate fingerprint
extracted from a person and not using the
decryption key held with one of the receivers.
Proposal for improvement
Some other validation information can be
attached to the system instead of encryption
of the Fuzzy Vault in the module encryption
step.
The validation information should involve use
of a secret biometric feature to implement
security.
Verification of the validation information
should be asymmetric.
Stable Biometric Features
Description (not definition):
Biometric features whose value change very
infrequently among multiple prints of a finger
Deformation Invariant Features V/S Stable Features:
Since biometrics are prone to burst errors in addition
to noise and other deformations due to unavoidable
conditions so only deformation (linear and non

linear) invariant features won’t suffice to implement
total invariance.
Fingerprints from same
finger
Deformation invariant
features
Stable Features
Stable Feature Extraction
Element by element quantization
Using the error correcting codes to counter
burst errors.
Element by element quantization
n(~10

15) sample features from prints of
same finger are taken at the registration step
Mean and variance of each feature element
is calculated over the samples
Lower and upper bounds on the variance is
set to take care of extreme situations
Clustering of the samples could also be done to
handle the burst errors as error

free samples
would cluster out
The possible range of feature values i.e.0

255 is divided into blocks of width 6
σ
such
that the mean is at the center of the block.
Any value of a particular feature element is
quantized to the center of the block in which it
lies.
The block

length of each division of the
range(0

255) for each element and the offset
of the first block from 0 is made public for
quantization.
Feature Elements
n samples
Mean (
μ
)
SD (
σ
)
For each element
0
255
μ
6
σ
Using Error

correcting codes for stability
A new scheme has been designed to utilize the
error correcting codes for stability
The mean vector of the sample features is taken as
the quantized feature vector.
This vector is assumed to be a RS error correcting
code of certain desired error correcting capability.
The vector is decoded to get the message
The message is again coded to get the error free
message.
Since the range of values is fixed(0

255) a
cyclic shift map is found from the quantized
feature vector (mean) to the error free code.
Mean (
μ
)
Decoded
message
RS decode
RS encode
Error free
code
Error free
code
Mean (
μ
)
Cyclic shift map
The cyclic shift map is made public
Extracting the stable feature
First the feature vector is quantized using the block

length and the offset
The quantized feature vector is transformed using
the cyclic shift map and decoded to get the stable
feature.
Feature
Vector
Quantized
Feature Vector
Shifted Vector
Quantization
Cyclic shift map
Stable Feature
RS decode
The Validation Information
The idea is to use the stable biometric as an
encryption key to an RSA cryptosystem to
encode the message digest of the document
to be sent.
The decryption key would be made public so
that anybody is able to get message digest
and the receiver can match it with that of the
document in the fuzzy vault to establish its
validity.
Issue related to Validation Information
Any key of an RSA cryptosystem generated out of
primes p and q should be coprime to the euler’s
function of pq i.e. (p

1)(q

1)
So, the stable biometric can’t be directly used as a
key.
Proposed solution: map the set of stable biometrics
to the set of possible keys.
The numeric representation of the stable biometric feature
(say
α
) is mapped to
( 1)( 1)
2
( )
p q
nextprime
Overall System Working
Document Sending
The sender creates the previously mentioned Modified
Fuzzy Vault using cancelable biometric to lock the
document.
Stable features are extracted from a secret biometric
template and an RSA cryptosystem is generated using it as
described before.
The decryption key is made public and encryption key is
used to encrypt the message digest of document.
The Fuzzy Vault and the Validation Information is sent
along with other necessary identification information to the
receiver.
Document Receiving
The receiver opens the Fuzzy Vault using the key
corresponding to the desired security level to get the
document.
Receiver extracts the message digest from the Validation
Information using the publicly available decryption key.
He extracts the message digest from the document and
matches it with that in the Validation Information to verify
the document.
The Validation Information part has been
implemented in matlab and has been tested on data
from a single fingerprint to give accurate results with
certain values of constants used.
Currently working on…
Designing a better method for clustering at
the element

by

element quantization step.
Introducing suitable rotation invariance in the
fingerprint features.
Better core

point estimation in a fingerprint
for better features.
Future Work
The only thing the user need to keep on a
secure system or a smart

card is the
convolution kernel (Secure Transformation)
for generating the cancelable biometric. We
will try to eliminate that as well.
More exhaustive analysis of the system and
its improvement.
References
A.K. Jain, S. Prabhakar, L. Hong, and S. Pankanti, “Filterbank

basedFingerprint Matching”,
IEEE Trans. Image Process.
, 2000,
846
–
859.
U. Uludag, S. Pankanti, S. Prabhakar, and A.K Jain, “Biometric
cryptosystems: issues and challenges”,
Proceedings of the
IEEE
,
Volume 92,
Issue 6,
June 2004, pp. 948
–
960.
M. Savvides, B.V.K. Vijaya Kumar, and P.K. Khosla, “Cancelable
biometric filters for face recognition”,
ICPR
, 23

26 Aug. 2004, pp.
922

925 Vol.3.
A. Juels, and M. Sudan, “A Fuzzy Vault Scheme”,
Proc. IEEE
Int’l. Symp. Information Theory
, 2002, pp. 408.
C.

H. Lin, and Y.

Y. Lai, “A flexible biometrics remote user
authentication scheme”,
Computer Standards & Interfaces
,
Volume 27, no. 1, Nov. 2004, pp. 19

23.
Thank You
Commentaires 0
Connectezvous pour poster un commentaire