Conference Paper

Usage of fuzzy extractors in a handwritten-signature based technology of protecting a hybrid document management system

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... T Due to the low number of features with high quality, such approaches give a high percentage of errors FRR and FAR. 3. The most highly accurate methods of pattern recognition ("deep" learning networks, convolutional neural networks, evolutionary neural networks, etc.) require huge amounts of training sample (thousands and tens of thousands of examples) and therefore it is difficult to apply them in biometric authentication. The recognition machine is guaranteed to be trained on a small number of examples of the user's pattern (10)(11)(12)(13)(14)(15)(16)(17)(18)(19)(20). 4. Iterative algorithms for artificial neural networks (ANNs) learning lose their stability when the ANN structure becomes more complicated. ...
... In subject recognition on dynamic biometric features Fuzzy extractors [13], statistical decision-making methods (in particular the Bayesian classifier [14]), Euclid, Pearson [12], Mahalonobis measures [15] and their networks, the knearest neighbors method, a model of Gaussian mixtures, a support vector machine, and other methods are used. There have been attempts to apply "deep learning" networks and convolutional ANNs in this task [16]. ...
Article
The article is devoted to the research of the electrical activity of the human brain in the process of learning activities to improve the efficiency of distance learning systems. An experiment was conducted in which electroencephalograms (EEG) of high school students were analyzed in the process of deciding intellectual tasks. A feature is proposed for determining the functional state of the subject's brain and some features for identifying a person. Several approaches to human recognition by EEG parameters have been tested (Bayesian Classifier, neural network converter "biometrics-code" based on GOST R 52633.5, quadratic networks, multidimensional Bayesian functionals networks).
Article
Full-text available
This article discusses the problem of user identification and psychophysiological state assessment while writing a signature using a graphics tablet. The solution of the problem includes the creation of templates containing handwriting signature features simultaneously with the hidden registration of physiological parameters of a person being tested. Heart rate variability description in the different time points is used as a physiological parameter. As a result, a signature template is automatically generated for psychophysiological states of an identified person. The problem of user identification and psychophysiological state assessment is solved depending on the registered value of a physiological parameter.
Conference Paper
Full-text available
Cryptography plays an important role in computer and communication security. In practical implementations of cryptosystems, the cryptographic keys are usually loaded into the memory as plaintext, and then used in the cryptographic algorithms. Therefore, the private keys are subject to memory disclosure attacks that read unauthorized data from RAM. Such attacks could be performed through software methods (e.g., OpenSSL Heartbleed) even when the integrity of the victim system's executable binaries is maintained. They could also be performed through physical methods (e.g., cold-boot attacks on RAM chips) even when the system is free of software vulnerabilities. In this paper, we propose Mimosa that protects RSA private keys against the above software-based and physical memory attacks. When the Mimosa service is in idle, private keys are encrypted and reside in memory as ciphertext. During the cryptographic computing, Mimosa uses hardware transactional memory (HTM) to ensure that (a) whenever a malicious process other than Mimosa attempts to read the plaintext private key, the transaction aborts and all sensitive data are automatically cleared with hardware mechanisms, due to the strong atomicity guarantee of HTM; and (b) all sensitive data, including private keys and intermediate states, appear as plaintext only within CPU-bound caches, and are never loaded to RAM chips. To the best of our knowledge, Mimosa is the first solution to use transactional memory to protect sensitive data against memory disclosure attacks. We have implemented Mimosa on a commodity machine with Intel Core i7 Haswell CPUs. Through extensive experiments, we show that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.
Conference Paper
Full-text available
Abstract--In today’s world the life is very fast we want to do everything so quickly and easily without putting much physical and mental effort. With the advancement of technology we are provided with higher level of knowledge through the invention of different devices. However each technological innovation has its pros and cons. One of the emerging devise for biometric security system is Smartphone’s we are using today. Today we cannot think of living without smart phones as they have become the part of our life. We depend on our phone for our so man day to day activities like paying bills connecting with friends and office, making money transaction. But using the traditional security features we cannot get appropriate security as anyone who knows the password to unlock my phone can get access to my phone. Using biometrics traits like fingerprint, voice, face, and iris one cannot get access to the device. In this paper we focus on how biometrics help in making the device more secure and fool proof and what were the lacking in the traditional methods of security system which give birth to the implementation of biometric security system.
Article
Full-text available
Abstract We propose the first practical and secure way to integrate the iris biometric into cryptographic applications. A repeatable binary string, which we call a biometric key, is generated reliably from genuine iris codes. A well-known difficulty has been how to cope with the 10 to 20% of error bits within an iris code and derive an errorfree key. To solve this problem, we carefully studied the error patterns within iris codes, and devised a two-layer error correction technique that combines Hadamard and Reed-Solomon codes. The key is generated from a subject’s iris image with the aid of auxiliary error-correction data, which do not reveal the key, and can be saved in a tamper-resistant token such as a smart card. The reproduction of the key depends on two factors: the iris biometric and the token. The attacker has to procure both of them to compromise the key. We evaluated our technique using iris samples from 70 different eyes, with 10 samples from each eye. We found that
Article
Remote authentication of IT users requires keeping authentication data at a server that brings forth an issue of trust. In this paper we present a method of verifying the user's authenticity at a remote server that allows refusing to keep sample biometric attributes and passwords (both at the server and the client computer). The method allows using different biometric attributes and methods of their processing. The reliability of the authentication directly depends on the stability of biometric data. Peculiarities of handwritten passwords may be used as biometric attributes.
Article
Protection of private key is the most critical part in public key infrastructure (PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in this PKI system. Recently, studies have been conducted on BioPKI system that uses the biometric information of users in order to replace the password type of private key protection in PKI system. However, BioPKI system also has vulnerability in that biometric information used for protection of private key cannot be reused once it is stolen or lost. So, we propose the method to protect the private key using FIDSEQi which binds sequence to biometric information. The proposed method enhances reusability of biometric information and presents higher attack complexity than the method of authentication by cross matching single biometric information.
Article
ABSTRACT Based on recent works showing the feasibility of key generation using biometrics, we study the application of handwritten signature to cryptography. Our signature-based key generation scheme implements the crypto- graphic construction named,fuzzy vault. The use of distinctive signature features suited for the fuzzy vault is discussed and evaluated. Experimental results are reported, including error rates to unlock the secret data by using both random,and skilled forgeries from the MCYT database. Keywords: Biometrics, on-line signature, cryptography, key generation
Article
The Public Key Infrastructure (PKI) provides excellent security for e-transactions and other applications. However, in traditional PKI system, Private Key is often stored at central databases or inside distributed smart-cards and protected by password or PIN that may be lost, stolen, forgotten or guessed. Current trend for PKI system is to be based on physiological and behavioral characteristics of people, known as biometrics. But this approach still poses a threat which is the secrecy of template. Moreover, biometric based security system also faces some problems such as: noise in sensed data, intra-class variations, inter-class similarities, non-universality, spoofing attack. In this paper, we propose a Multibiometric Encryption Key Algorithm to overcome the aforementioned issues by using Fuzzy Vault Scheme - a cryptosystem - which secures both the Private Key and multi-biometric templates. We also present the BioPKI system in which the algorithm is integrated. The experimental results with the system are encouraging.
Article
The public key infrastructure (PKI) provides an excellent security for e-transactions and other applications all over the world. However, it also encounters some problems as follows: Private key is often stored at central databases or distributed smart-cards and protected by password or PIN that may be guessed or stolen; on the other hand, PKI could not differentiate a legitimate user from an attacker having victim's private key. Therefore, attacker may directly attacks to the storage-device to steal Private Key to use. An approach to the problem is using people's biology characteristics - known as biometric - to authenticate and protect the private key. In this paper, we propose a new algorithm to generate biometric encryption key (BEK) based on the computation of inner-productions and error correction coding to protect both private key and biometric information. We also present the BK-BioPKI system in which the algorithm is integrated and then we present the experiment results.
Article
Fuzzy Commitment Scheme is a popular technique for biometric template protection. The idea is to bind an random bit string with a biometric template in binary format called difference vector. Ideally, a difference vector is infeasible to recover either the biometric template or the random bit string without any knowledge of the user's biometric data. Yet, this is only valid if the biometric template is uniformly random, which is not the case in reality. In this paper, we propose a method known as Randomized Dynamic Quantization transformation to binarize biometric data. The transformed bit strings are highly distinctive among the users and near to uniformly random. We demonstrate the implementation in the context of fingerprint biometrics.
Article
We describe a simple and novel cryptographic construction that we refer to as a fuzzy vault. A player Alice may place a secret value κ in a fuzzy vault and “lock” it using a set A of elements from some public universe U. If Bob tries to “unlock” the vault using a set B of similar length, he obtains κ only if B is close to A, i.e., only if A and B overlap substantially. In constrast to previous constructions of this flavor, ours possesses the useful feature of order invariance, meaning that the ordering of A and B is immaterial to the functioning of the vault. As we show, our scheme enjoys provable security against a computationally unbounded attacker. Fuzzy vaults have potential application to the problem of protecting data in a number of real-world, error-prone environments. These include systems in which personal information serves to authenticate users for, e.g., the purposes of password recovery, and also to biometric authentication systems, in which readings are inherently noisy as a result of the refractory nature of image capture and processing.
Conference Paper
With the emergence and widespread use of digital technology at all levels, from strategic bases and infrastructures down to the soldier on the ground, security of these systems and the networks that they connect to has taken on paramount importance. The past decade has seen widespread development, innovation, and growth within the DoD, Government, and commercial communities of public key infrastructure (PKI) to meet these security needs. PKI is a robust technology, supporting numerous applications, including user and computer authentication, secured communications, data encryption, and digital signature. As PKI technologies have moved from the laboratory and university into the mainstream, numerous operational issues have been realized that hamper their widespread adoption. These issues include: deployment and maintenance of certificate authority (CA) infrastructures; storage of digital certificates on computer servers and workstations; transportation of certificates from computer to computer; replacement of lost credentials; and "PKI-enabling" of applications. A burgeoning industry has arisen to meet these challenges, producing an alphabet soup of products; many of which have competing and mutually exclusive capabilities, limitations, and supporting requirements. This paper examines these problems, and proposes methods and techniques for the successful employment of PKI to support as wide a variety of end-user applications as possible. It discusses the following key engineering decisions that must be made, and best practices for making them: design of the CA infrastructure for maximum flexibility and vendor agnosticism; design of X.509 certificate templates to permit their proper selection and use for a wide variety of applications, including server security, user and computer authentication, digital signature, and data encryption; storage of certificates on hardware security modules (HSMs), smart cards, and removable tokens; and finally, PKI-enabling of networks and applications. Finally, it discusses "gotchas " and issues that must be dealt with in the process of operational deployment of these technologies.
Conference Paper
Public acceptance of biometric technology is hindered by security and privacy concerns regarding leakage of biometric templates. Biometric cryptosystems alleviate this problem by storing a secure sketch that is typically derived by binding the template with a cryptographic key. However, designing fingerprint cryptosystems is difficult because fingerprint matching is usually based on unordered sets of minutia features having large intra-user variations. To overcome this challenge, we propose a novel minutiae representation known as the Binarized Phase Spectrum (BiPS), which is a fixed-length binary string obtained by quantizing the Fourier phase spectrum of a minutia set. We secure the BiPS representation using a fuzzy commitment scheme employing turbo codes. We also propose a technique for aligning fingerprints based on the focal point of high curvature regions. The proposed system achieves a FNMR of 16.2% and 12.6% on FVC2002-DB1 and DB2 databases, respectively, at zero FMR.
Conference Paper
Biometric cryptosystems is a group of emerging technologies that securely bind a digital key to a biometric so that no biometric image or template is stored. Focusing on iris biometrics several approaches have been proposed to bind keys to binary iris-codes where the majority of these approaches are based on the so-called fuzzy commitment scheme. In this work we present a new approach to constructing iris-based fuzzy commitment schemes. Based on intra-class error analysis iris-codes are rearranged in a way that error correction capacities are exploited more effectively. Experimental results demonstrate the worthiness of our approach.
Article
In this paper we propose a biometric cryptosystem able to provide security and renewability to a function based on- line signature representation. A novel reliable signature traits selection procedure, along with a signature binarization algorithm, are introduced. Experimental results, evaluated on the public MCYT signature database, show that the proposed protected on-line signature recognition system guarantees recognition rates comparable with those of unprotected approaches, and outperforms already proposed protection schemes for signature biometrics.
Conference Paper
In this paper, we present a method for generating cryptographic keys that can be replaced if the keys are compromised and without requiring a template signature to be stored. The replaceability of keys is accomplished using iterative inner product of Goh-Ngo [1] Biohash method, which has the effect of re-projecting the biometric into another subspace defined by user token. We also utilized a modified Chang et al [2] Multi-state Discretization (MSD) method to translate the inner products into binary bit-strings. Our experiments indicate encouraging result especially for skilled and random forgery whereby the equal error rates are <6.7% and ~0% respectively, indicating that the keys generated are sufficiently distinguishable from impostor keys.
Conference Paper
In traditional Public Key Infrastructure (PKI) system, Private Key could be stored in central database or store distributed in smart-card and delivered to the users. The Private Key is usually protected by passwords that are easily guessed or stolen and thus lead to the collapse of the whole system. Current trend for PKI system is based on physiological and behavioral characteristics of persons, known as biometrics. This approach can increase the security of Private Key because in theory, the biometric features could not be guessed or forged. However, this approach still reveals a gap that is the vulnerability of storage device of Private Key and biometrics data. Malefactors can attack directly to these storage devices and steal user identification information. In this paper, we propose a solution that uses Biometric Encryption Key (BEK) to encrypt Private Key and protect Private Key in a secure way for both of two these kind of information. We also present the BEK generation algorithm and the BioPKI system to support this solution and then we illustrate the experimental results.
n recent years, public key infrastructure (PKI) has emerged as co-existent with the increasing demand for digital security. A digital signature is created using existing public key cryptography technology. This technology will permit commercial transactions to be carried out across insecure networks without fear of tampering or forgery. The relative strength of digital signatures relies on the access control over the individual’s private key. The private key storage, which is usually password-protected, has long been a weak link in the security chain. In this paper, we describe a novel and feasible system – BioPKI cryptosystem – that dynamically generates private keys from users’ on-line handwritten signatures. The BioPKI cryptosystem eliminates the need of private key storage. The system is secure, reliable, convenient and non-invasive. In addition, it ensures non-repudiation to be addressed on the maker of the transaction instead of the computer where the transaction occurs.
Technology of formation of hybrid instruments // Cybernetics and Systems Analysis
  • A I Ivanov
  • P S Lozhnikov
  • A E Samotuga
Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data// Proceedings from Advances in Cryptology
  • Y Dodis
  • L Reyzin
  • A Smith
  • Fuzzy