the most important aspects of digital security environment, .... Applying. RSA rules of encryption and digital signatures generation within its privileges offer ...
CRYPTO KEY GENERATION USING CONTOUR GRAPH ALGORITHM M.S. ALTARAWNEH, L.C.KHOR, W.L.WOO and S.S DLAY School of Electrical, Electronic and Computer Engineering University of Newcastle Newcastle upon Tyne, NE1 7RU UNITED KINGDOM Email: {mokhled.al-tarawneh, l.c.khor,w.l.woo,s.s.dlay}@ncl.ac.uk ABSTRACT Cryptography and biometrics have been identified as two of the most important aspects of digital security environment, for various types of security problems the merging between cryptography and biometrics has led to the development of Bio-Crypto technology. In this paper we propose a cryptography key generating methodology based on graph construction and adjacency matrix of extracted minutiae. The formation of graph relies on contour division of minutiae points area. Minutiae points area is studied on both scenarios (with singular point, and without singular point detection). Results show that with singular point detection the average of minutiae points area dimension is less than in the other case and at some points of threshold, it show an improvement performance comparing to the other one. 100% uniqueness key was achieved on both cases. Key-Words: - Biometric, Fingerprint, Minutiae, Contouring, Adjacency matrix, String matching, Security.
database, for this purpose biometric based systems are applied [1]. The classical biometric systems have already been used for various tasks and in this paper we extend fingerprint enrolled template to generate combined encapsulated cryptographic key based on reforming graph and adjacency matrix of extracted minutiae data. Our proposed technique uses the information leaked by the fingerprint extractor based on advance image processing e.g. rotation, scaling and enhancement. We assume that matching difficulties, fingerprint variations are solved with a high quality images and noise free template of fingerprint is available at the enrolment time. When a fingerprint image is enrolled, only parts of the information e.g. location, orientation and types are stored. Extracted information could be used to defense itself by extract or extend new information based on the graphical and mathematical reformation. Contour based construction graph algorithm (CBCG) is proposed for generating the encapsulation cryptography key and this is illustrated in Figure 1. Pre-Processing
1. INTRODUCTION With the rapid diffusion of information technology (IT) and its outputs, biometrics-based security systems that use physiological or behavioral traits are used in many applications of IT ranging from financial transactions to computer security. Even though these techniques have much superiority compared to traditional methods (token or knowledge based schemes) such as increased user convenience and robustness against impostor users, they are vulnerable to attacks from a template production to the storage database through a communication channels. Thus possibility of biometric database is compromised is one of the main concerns to protect biometric template during its journey from enrolment to matching. It is difficult to control and to trace hacking and cracking by unauthorized people. E-commerce, computer security and financial transaction applications need secure mechanism for accurate accessing sensitive information e.g. template database, financial
Fingerprint Image
Extraction
Template
Construction Adjacency Matrix
Formatting Graph Check
Fig1. Contour Based Construction Graph algorithm block diagram. The process of generating the key comprises all necessary functions to achieve no-repudiation, encryption, digital signing and strong authentication in an open network [1]. Fingerprint base is seen as the best solution with regards to convenience, cost efficiency and reliability [2]. Among
2. PREVIOUS WORK To overcome the integration of biometric into cryptosystem, a number of approaches were introduced in the literatures. These can be divided into three categories: Key hidden, one way function generator and Fuzzy key generation. Key hidden or release algorithms, bind a cryptographic key with the user’s fingerprint at the time of enrolment. Souter et al. [4] required that the crypto key is stored as the part of the user database, access to biometric templates for matching is required, user authentication and key release are decoupled. A weak nest points in this technique are: there is no way to ensure who produced the key. While the key is stored in a database, the information could be hacked by spoofing the matcher. Enrolment process is required to store the template. Souter et al [4] in their work assume that the input and database templates are completely aligned, it is unrealistic to acquire fingerprint images from fingers without any misalignment, and this problem was solved by [5] which is the base of our input data. The second category would be to generate the key from template using a suitable one way function, [6] Bodo proposed that data derived from the template be used directly as a cryptographic key, Bodo work supported by [7],[8]. They proposed biometric key cryptography; its purpose is to encrypt data so that only the encrypting code can decrypt it again. More information about number of research addressing the issues related to integration of biometric into cryptosystems and so fuzzy vault could be found [9]. 3. PROPOSED METHOD The major novelty of proposed approach consist in keeping minutiae points away from several attacks as a first security
level of crypto-key generation life cycle. A formulation of fingerprint extracted information is used by CBCG, where the graph relation based on vertices and edges are formulated by minutiae points (1), and minutiae point area size for formatting a contour based graph as shown in Figure 2. i | i xi , yi , t i | i 1...n (1)
xi is the x-coordinate position, yi is the ycoordinate position and ti is the type of a particular Where
minutiae.
120 100
8
80 Y- Coordinate
various commercially available biometric techniques, fingerprint based techniques are the most extensively studied and the most frequently deployed [3]. In order to promote the wide spread utilization of bio-crypto techniques, an increased security of the biometric data especially fingerprint is necessary. Encryption and its derived factors are feasible technique to achieve this. While cryptography focuses on methods to make cipher information meaningless to unauthorized persons, our concentration on applying encapsulation method for concealing the template information itself if it need to be transmitted or plain text information if it needed to be spread. It could be used for multimedia data authentication. Another option is to use encapsulation algorithm by hiding fingerprint features in a carrier encrypted key, the security of fingerprint information can be increased. In this paper, a brief description of previous work is introduced in section 2. Section 3 outlines the proposed method. In section 4, we present experimental results on uniqueness of generated key on several host images. Conclusion and future research are presented in last section.
60 6
7
40
4
20
5
1
2
20
40
60
3 80
100 120 140
X- Coordinate Fig 2. Constructed Interconnected Graph
In the graphical phase, we setup the minutiae points in setting area (200x200) in the case of singular point detection which is detected at the maximum of filtered orientation tensor field: x 2 y 2 m (2) S x , y exp . x iy 2 2 where the positive sign between the real and the imaginary parts is associated to the core type, m is the order filtration, and is the standard deviation of the Gaussian envelope [5]. On the other case the image size is the area of tracing minutiae, crossing number (CN) method is used to perform minutiae extraction. CN extracts the ridge points from the skeleton image by examining the local neighborhood of each ridge pixel using a 3x3 window as follows: 8
CN=0.5
| P P i 1
i
i 1
|,
P9 P1
(3)
where Pi is the pixel belonging to the neighborhood of P. Extracted minutiae µ (NxM) pixels are grouped according to their coordinate x, y within contours. QC
A CW
where QC is counters quantity, and CW is contour width.
(4)
A
is minutiae points area,
Function [minutiae points] =grouping (minutiae points); m = minutiae numbers size; For i=1:m Fix the points of X coordinate in width size End End In the mathematical and key generation phase, Adjacency matrix formatted within traced and grouped points (vertices) according to their connection ordering paths (edges) within the following rules: On the same contour, vi vi 1 , visiting all vertices at that
0 1 1 1 1 0 0 0
1 1 1 1 0 0 0 0 1 1 1 0 0 0 1 0 1 1 0 0 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 0 0 1 1 0 1 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0
01111011 11110001
contour, and so upper and lower one. Adjacency matrix of NxN matrix A, in which aij =1 if there exists a path from vi vj aij =0 otherwise. This is illustrated in Figure 3.
0 1 1 1 1 0 0 0
1 0 1 1 1 0 0 0
1 1 0 1 1 0 0 0
1 1 1 0 1 1 1 0
1 1 1 1 0 1 1 0
0 0 0 1 1 0 1 0
0 0 0 1 1 1 0 0
0 0 0 0 0 0 0 0
Fig 3. Adjacency Matrix for given graph in fig 2 The output matrix is taken as an input for crypto generator and some mathematical operations will deal with it. These mathematical operations generate vectors and sub vectors which will be depend on cryptographic module algorithms, exist modules such as symmetric (DES, 3DES) are considered [10]. Another scenario is to partition produced matrix into sub-matrices, those could be used as secure encapsulated headers as shown in Figure 4, without decapsulation previous headers, cipher text cannot be decrypted into plain one. Suggested encapsulation technique working as associated headers, that change the plain text formatting shape in type of encryption style, forwarding can be thought of one or more messages (locked text) inside locking header. This is illustrated in Figure 4. By applying entire summation of previous generated matrices and finding prime numbers vector, the largest primes can be used for crypto-module algorithm such as RSA [8][10]. Applying RSA rules of encryption and digital signatures generation within its privileges offer maximum security due to the huge key size involved.
0 1 1 1
MR
1 0 0 0
1 1 1 0 1 1 1 0 1 1 1 1 1 1 1 0 0 1 0 0 1 0 0 0
VHG
1 0
Lock Header Second lock Plaintext
01111010011100011100011100011100010 Fig 4. Encryption encapsulation technique, where MR is matrices regenerator, VHR is vector header generator 4. EXPERIMENTAL ANALYSES The proposed algorithm is extensively tested on DB1, FVC2002 database, 880 fingerprints images (TIFF, format, 374x388 size, and 500 dpi resolution), 800 images was used in our tests. The algorithm is tested on both scenarios (with singular point, and without singular point detection). Figure 5 show that adjacency matrix size under singular point detection is less than in the other case. With average size for Sp=103, and without SP=148. 300 matrix dim without matrix dim with sp
250 200 150 100 50 0 0
20
40
60
80
100
120
Fig 5. Adjacency matrices dimension Cause of different sizes of generated matrices, the key strength will be higher resistant brute force attack. Uniqueness of the key will be determined by the uniqueness
of the fingerprint minutiae used in the key. Applying string matching algorithm on the generated matrices, it is found that that 100% uniqueness on both cases as input to the crypto module phase. The protocols of FVC2002 is used to evaluate the False accept Rate (FAR) and Genuine Accept Rate (GAR) for overall phases. FAR is ratio of the number of false acceptances divided by the number of identification attempts. While GAR is the ratio number of true positive parameter. Using these parameters, we have plotted the receiver operating characteristic (ROC) curves of both cases when implemented as core point detection as well as without core detection (see Fig. 5).
apply (XO) ing relation on the generated subs. We have shown how to generate keys robustly from fingerprint using associated biometric measurements. Our approach produces long enough keys so that an attack on one does not give an attack on all. We believe, with the development of acquiring devices, and quality check algorithms, our proposed approach could be released for practical uses. Our future work will concentrate on string production matrices for usage with asymmetric cipher systems. 6. REFERENCES [1] P. Reid, Biometrics for Network Security, 1st ed. Upper Saddle River, NJ: Prentice-Hall, 2004.
100
[2] M.Lockie, “The Biometric Industry Report, forecasts and analysis” to 2006, Elsevier advance technology, 2002
90 80
[3] A. K. Jain and U. Uludag, "Hiding Fingerprint Minutiae in Images," roc. AutoID, 2002. pp. 97-102, Tarrytown, NY, March 2002.
GAR
70 60 50
[4] C. Soutar, D. Roberge, S. A. Stojanov, R. Gilroy, and B. Vijaya Kumar, “Biometric encryption using image processing,” in Proc. SPIE, Optical Security and Counterfeit Deterrence Techniques II, vol. 3314, 1998, pp. 178–188.
40 30 20 With SP
10
Without SP
0 1
2
3
4
5
FAR
6
7
8
9
10
[5] M. A. Dabbah, W. L. Woo, and S. S. Dlay, “Computation Efficiency for Core-Based Fingerprint Recognition Algorithm”, WSEAS Trans. on Communications, Issue 12, Volume 4, December 2005
Fig 5. ROC curves estimated for both cases The curves in Figure 5 show that 100% ratio of both scenarios (with and without singular point). At some points of threshold, first case (area surrounding core point) show an improvement performance comparing to the other case (without singular point detection). Results show that key generation depend completely on quality assurance of images and prefect minutiae extractor such as a minutiae detector (MINDTCT) released by NIST fingerprint image software 2 [11]. Standard software automatically locates and record ridge ending and bifurcation in fingerprint images, it includes minutiae quality assessment based on local image condition. 5. CONCLUSION In this paper, we tackled one of the most difficult problems for merging cryptography and bio-metrics: how to generate a repeatable string from a biometric in such a way that it can be revoked. It is found that, repeatable key generation is completely depend on the fingerprint image quality, to avoid this problem a proposed approach can be applied on a cluster of acquiring impressions, and optimal distance must be found between produced matrices, length of matrix could be control, if the matrix is partitioning into sub matrices, and
[6] A Bodo, “Method for producing a digital signature with aid of a biometric feature”, German patent DE 42 43 908 A1, (1994). [7] J. Daugman, “Biometric decision landscapes”, TR482, University of Cambridge, UK, 2000 [8] P. Janbandhu, et al. “novel biometric digital signatures for internet based application”, inf. Manage. Comput. Secur., 2001, pp. 205-212 [9] U. Uludag, S. Pankanti, S. Prabhakar, and A. Jain, “Biometric Cryptosystems: Issues and challenges”, IEEE proceeding, Vol.92, No.6, 2004 [10] B. Scheneier, Applied Cryptography, 2nd ed., John Wiley & Sons, New York, 1996 [11] NIST FINGERPRINT IMAGE SOFTWARE 2 (NFIS2), http://www.nist.gov/
