Biometric Cryptography

Biometric Cryptography

Biometric Cryptography

Abstract — –

The Biometrics, described as the scientific discipline of acknowledging an person based on his or her physical or behavioural traits, is get downing to derive credence as a legitimate method for finding an person ‘s individuality [ 1 ] . The combination of biometries and cryptanalytic keys will assist in supplying strong biometric cryptosystems. The chief characteristic of the biometric cryptosystem is that the cryptanalytic keys will non be revealed until a successful biometric hallmark takes topographic point. The keys will be bound to biometric templet of a user stored in the database. However, fluctuations in physiological and behavioural features pose important challenges in bring forthing the keys. In this paper, we will discourse how the biometric keys are generated and how the hallmark algorithm plants. Besides, a comparing between traditional cryptosystems versus biometric cryptosystems will be made with regard to how hallmark takes topographic point in both the systems. The issues faced by the traditional cryptosystems such as loss of secret keys, hard-to-remember big keys and the fact that they do non vouch any non-repudiation i.e. any impostor deriving entree to the system if the key is compromised will be discussed. Further, we will besides discourse some of the restrictions of biometric systems.


The Biometrics, described as the scientific discipline of acknowledging an person based on his or her physical or behavioural traits, is get downing to derive credence as a legitimate method for finding an person ‘s individuality. Biometric systems provide several advantages because of their dependability over traditional methods such as watchword based hallmark. It provides dependability in the sense the biometric traits are hard to lost or bury, difficult to copy, portion and distribute. Besides, it requires the individual being authenticated to be present at the clip and point of hallmark. Therefore, harmonizing to writers, biometrics-based hallmark strategy is a robust option as compared to traditional hallmark strategies. The full hallmark system or the security of the cryptanalytic keys that protect the content can be served by the biometric systems if they are combined with cryptanalysis methods. [ 1 ]

Biometric systems are based on different sorts of human features. Some of them are listed below with a short description of each:

1. Face: Face acknowledgment method is based on facial features such as eyes, nose, superciliums, lips, and mentum. With the fluctuations in the environment such as camera place, illuming etc, hallmark can be really sensitive to those at the registration stage. [ 2 ]

2. Fingerprint: Fingerprint scanning is based on the form of ridges and vales on the surface of a fingertip. The templets are matched based on these forms. [ 1 ]

3. Hand Geometry: Hand geometry is based on features such as form, size of thenar, and length and breadth of the fingers. [ 4 ]

4. Iris: The flag is the annulate part of the oculus bounded by the student and the sclerotic coat on either side. [ 1 ]

5. Keystroke: Keystroke acknowledgment is based on the typewriting on a keyboard by an person. It have been used to accomplish more robust watchword entry by observing that the watchword was typed by the same user that enrolled it, by comparing the velocity at which the watchword was typed [ 2 ] .

6. Signature: Signature acknowledgment is based on how an single marks his or her name. These are behavioural features which can alter over a period of clip and can be affected by physical and emotional status of the signers. [ 5 ]

7. Voice: Voice acknowledgment consists of both physical every bit good as behavioural features. It is based on the form and size of the extremities like vocal piece of lands, oral cavity, rhinal pits, and lips that are used in decrypting the sound. Equally far as behavioural features are concerned those alteration over a period of clip due to age, medical conditions, emotional province, etc. [ 6 ]

8. Deoxyribonucleic acid Fingerprint: Deoxyribonucleic acid fingerprint acknowledgment is based on comparing the short sections of DNA of an person with the stored DNA sample. [ 2 ]

9. Deep Tissue Light: Deep tissue light acknowledgment is based on light of human tissue by specific illuming conditions and the sensing of deep tissue forms based on light contemplation. [ 2 ]

Operation of Biometric System [ 1 ] :

A biometric system operates either in confirmation manner or designation manner. Basically, it has three manners – Registration manner, Verification manner and Identification manner.

Enrollment manner: In this manner, the user is first clip enrolled in the system. The system measures the biometric characteristic and saves it in the templet database. The following clip user attempts to authenticate itself so the acquired image is compared with the templet stored in the database during the enrollment stage.

Confirmation Mode: In this manner, the person claims an individuality for the intent of acknowledgment. To find whether the claim is true or non the system conducts one-to-one comparing. The intent of this is to avoid multiple people utilizing the same individuality which is typically called “positive recognition” . [ 3 ]

Designation Mode: In this manner, with one-to-many comparing the system tries to place the person by seeking the templets of all the users present in the database. It tries to authenticate the person without the topic holding to claim an individuality. The chief advantage of this manner is that it is used for “negative recognition” where the system establishes the individuality of the person who tries to decline who he/she ought to be. [ 3 ] In other words, the conniving single attempts to disown the system.

A biometric system consists of following four chief constituents ( Refer 1. ) [ 3 ] :

1. Sensor faculty: This faculty captures the biometric information of an person. For e.g. : Face image.

2. Feature extraction faculty: This faculty extracts the needed characteristic from the informations captured from the detector faculty. For e.g. size of the eyes, nose, place of the lips etc.

3. Matcher faculty: In this faculty, the characteristics extracted are compared with the characteristics stored in the database as templets. It besides contains the determination devising faculty in which, based on the matching mark, user individuality is identified or verified.

4. System database faculty: In this faculty, the biometric templets of the enrolled user are stored into the database. During enrollment stage, a quality cheque is performed so that the acquired image is extremely dependable. From the acquired image required characteristics are extracted and is store as an templet in the database.

Biometric Encryption [ 7 ] :

Biometric encoding algorithm proposed by Soutar et Al. fundamentally links the key with the biometric trait. They developed this algorithm for correlation-based fingerprint matching system. The key is linked during the enrollment stage of the system and it is released merely during the confirmation procedure when there is a successful biometric hallmark takes topographic point. A correlativity filter map H ( u ) is generated utilizing many ( developing ) fingerprint images taken during the enrollment stage. In the design of this map two factors were significantly considered, first it created the same end product form for a legitimate user in order to cut down false lucifer rate ( FMR ) and 2nd it is tolerant to deformations present in the images in order to cut down false non-match rate ( FNMR ) . The H ( U ) has both magnitude and stage constituents represented as |H ( u ) | and. The end product form is obtained with the correlativity of the preparation fingerprint images with H ( u ) . The end product form is used for both associating the key every bit good as recovering the key during confirmation. The filter map H ( u ) is farther stored as the Bioscrypt ( coined by the writers ) in order to accomplish maximal security. The H ( u ) is stored as which is a merchandise of and a random stage merely map ( random stage merely map is a indiscriminately generated phase-only array of the same size as of H ( u ) ) .

Execution of Biometric Encryption Algorithm: –

I. Registration:

In Enrollment procedure, following phases are carried out in order to finish registration of a peculiar user:

Stage E-1:

In this phase, it generates the end product form and the filter map utilizing Fourier transform. is a 128×128 phase-only array which is stored as a Bioscrypt and is a complex valued array which is further used in phase E-2.

Stage E-2:

In this phase, the end product form is linked with an N-bit key, . The associating algorithm involves a binarization procedure applied to a little part of along with the choice of L values to stand for each cardinal spot. An enrollment templet of 128×64 is formed so that it can be used to associate with cardinal. This linking of cardinal with the binarized correlativity end product is so stored as a search tabular array. In add-on to this, some mistake rectifying codifications are used while associating the key to the end product because there might be a possibility of some fluctuation in the biometric signal at the clip of hallmark.

Stage E-3:

In this phase, in order to make an invalid key when an aggressor tries to utilize the system utilizing person else ‘s Bioscrypt an encoding algorithm is used with cardinal as an encoding key. S spots of are encrypted utilizing the encoding algorithm and so hashed utilizing hashing algorithms such as SHA1/Triple DES to bring forth an designation codification.

In the terminal, , search tabular array and are stored as a biometric templet called Bioscrypt for a peculiar user.

II. Confirmation:

In Verification procedure, following phases are carried out in order to finish the confirmation of a peculiar user:

Stage V-1:

In this phase, the value is combined with the fingerprint images taken during hallmark procedure to make the end product form. This is passed to the following phase V-2 for farther processing.

Stage V-2:

In this phase, created in phase V-1 is used to pull out the N-bit cryptanalytic key. To pull out this cardinal binarization procedure is used. First, a little part of is extracted which is given to binarization procedure to make a binarized confirmation templet. Lookup tabular array which is generated in E-2 is used to pull out the needed spots. If generated lucifers with so the key is released to the system else different parts of is extracted and the procedure is repeated once more till all spots of is used. If a lucifer is found so the key is released else verification/authentication failed message is displayed.

Stage V-3:

In this phase, cardinal proof is done by making an designation codification. is created utilizing an encoding algorithm in which key is used as an encoding key. The encrypted information is so hashed utilizing hashing algorithm such as SHA1/Triple DES to make designation codification. It is the same procedure as done in registration stage to make. This is so compared with. If is non equal to so is non equal to in that instance verification/authentication failed message is displayed else valid key is retrieved. This is done till all the part of is checked for cardinal duplicate procedure.

The chief drawback of the above attack is that the writers did non explicate about how much information is consumed at each phase of the algorithm. The consequences of FMR, FNMR are non defined every bit good. They assumed that the biometric signals captured are of ideal nature i.e. there are no disagreement in the informations captured [ 13 ] . This was one of the attacks of utilizing fingerprint as the biometric trait. There are several other attacks which have been proposed utilizing different biometric traits to procure the keys. Davida et Al. proposed an algorithm based on iris biometric [ 14 ] .

Professionals of Biometric Systems:

1. Biometric features are lasting and non-transferable [ 8 ] i.e. users will non be able to reassign those features to others as compared to normal watchwords.

2. Biometric objects can non be stolen [ 8 ] , as compared to traditional objects such as watchwords which can be stolen from the user if the user happens to maintain those objects in an insecure topographic point.

3. Biometric characteristics can non be lost or forgotten [ 8 ] as compared to traditional characteristics such as watchwords.

4. In add-on to this, the overall cost of losing, reprinting or giving impermanent entree cards is besides reduced [ 8 ] .

Traditional Authentication Method:

In traditional method, hallmark takes topographic point with aid of a key ( which is by and large a watchword ) . Some of the traditional methods use random and long keys to authenticate the user. For e.g. Advanced Encryption Standard ( AES ) [ 9 ] .

Restrictions of traditional cryptosystems:

1. The keys used in traditional cryptosystems are really long and random due to which it is really hard to memorise the cardinal [ 1 ] .

2. Peoples tend to maintain their watchwords which are easy to retrieve. As a consequence they are easy vulnerable to onslaughts such as dictionary onslaughts, societal technology onslaughts, etc [ 9 ] .

3. If at all the user supports complex watchwords, they store them at such a location which is easy to entree since complex watchwords are hard to retrieve [ 1 ] . The locations could be anything such as composing down on a piece of paper and maintaining it under the computing machine desk, etc.

4. Traditional cryptosystems like password-based hallmark systems fails to supply non-repudiation. If suppose user portions the watchword with person so there is no manner to cognize who really used the system [ 1 ] .

5. Another drawback is that people tend to utilize same watchword across all the applications which they use, as a consequence if one watchword is broken the aggressor gets entree to all the applications in which that same watchword is used. [ 1 ]

6. Keyspace and entropy if taken into consideration can take password-based hallmark system more vulnerable to onslaughts. Lower the keyspace, lower is the information and therefore more vulnerable to onslaughts. For e.g. In a 4-digit pin-based hallmark system, if the user gets the pick of taking the figures they tend to choose easy to retrieve Numberss due to which it is easier for the aggressor to think the pin figure. However, if the pin is indiscriminately generated so it will be hard for the aggressor to think the pin figure easy. [ 10 ]

7. Administrative costs are more due to resetting of watchwords, reprinting of new watchwords, etc. [ 10 ]

Besides biometric cryptosystems being better than traditional cryptosystems they excessively have some restrictions.

Restrictions of Biometric Systems:

1. Noise in sensed informations: The informations collected at the biometric Stationss while authenticating the user may dwell of some deformation or noise. It will make jobs in the matching procedure ensuing into rejection of a legitimate user. For e.g. : A fingerprint image with cuts or abrasions can be an illustration of a noisy information. A individual holding cold can ensue into deformed voice signal in voice acknowledgment systems. [ 3 ]

2. Intra-class fluctuations: The biometric signals which are captured during the hallmark stage can change to a big extent impacting the overall matching procedure. This might go on if the user changes his physiological or behavioural features. For e.g. : Facial make-up on an person ‘s face can bring forth different face images. [ 3 ]

3. Peculiarity: Though physiological or behavioural features among persons vary a batch but there might a big similarity in the characteristics some or the other manner. Hence know aparting the traits is subjected to certain restraints. [ 3 ]

4. Nonuniversality: When a certain biometric system is installed it is assumed that all the users who will utilize the system will posses that biometric trait. However, in world it is non the instance some may non posses those biometric trait. As a consequence the system will be unable to inscribe those users in the system. [ 3 ]

5. Attacks on Biometric Systems:

a. Zero-effort onslaughts: An aggressor might hold the same characteristics as that of a legitimate user [ 1 ] . For e.g. : an aggressor might make some plastic surgery on his face to look same like a legitimate user. Another possibility is that an aggressor might mime the voice of a legitimate user.

b. Adversary onslaughts: An aggressor can obtain in secret the images of a legitimate user say face images. These images are so farther converted into digital format. This information is so is used by the aggressor to authenticate himself on the system [ 1 ] .

c. Circumvention: In this onslaught, an aggressor forges the biometric system and obtains the information stored in the application. As a consequence, the aggressor can alter the information nowadays in the system or inserts some false informations so that the aggressor might acquire an entree into the system lawfully. [ 11 ]

d. Repudiation: A conniving legitimate user can entree the system and so deny that some aggressor has attacked the system [ 11 ] .

e. Collusion: In this, a legitimate user with ace entrees to the system can modify the biometric informations nowadays in the system [ 11 ] .


Biometric cryptanalysis will surely assist increase in security demands as compared to traditional-based hallmark systems. Although there are certain restrictions to biometries such as FMR, FNMR, etc. they can ensue in a better solution every bit far as security is concerned. Features such as permanence, can non be easy forgotten or lost, etc. adds advantage to the overall security of the system. Although there have been many attacks proposed for adhering keys to biometries, there are still many challenges and issues involved in implementing robust, more unafraid biometric cryptosystems. Issues such as non-repudiation, complexness and information of the system, etc demands to be taken attention of in order to implement better biometric cryptosystems. In future, multi-modal biometries can be an effectual theoretical account of implementing security systems in which more than one biometric trait can be used to authenticate the user [ 12 ] . It can get the better of the restrictions faced by the individual biometric system to some extent.