Initial System Design using Modified Fuzzy Vault

Download Report

Transcript Initial System Design using Modified Fuzzy Vault

Biometrics based
Cryptosystem Design
Cryptosystem
A mechanism using which one can
encode an information content to an
incomprehensible form and also recover the
original content when desired.
Biometrics
Biometrics is the science and technology
of authentication (i.e. establishing the identity
of an individual) by measuring the subject
person's physiological or behavioral features.
Motivation
Normally used cryptosystems have a number of
associated inconveniences and problems such as



User needs to remember passwords
 could be forgotten.
User has to carry smart cards
 could be lost or stolen.
Problem of non-repudiation
 The user who generated the cryptic message can easily
deny his involvement
Biometrics is a solution to these problems
Difficulties in using Biometrics

Non-repeatability



Every time one obtains a biometric, its value is not
exactly the same as that obtained before.
Limited Number
Easily Accessible to public
Biometric used & Feature Extraction


Fingerprints are used as a key to our
cryptosystem
Features are extracted using a set of gabor
filters applied on all the elements of a
tessellated fingerprint.
Gabor Feature Extraction
Reference Point Location




Divide the fingerprint image, into non-overlapping
blocks
Compute the intensity gradients using sobel
operator
V (i. j ) 
1  y
1
O
(
i
,
j
)
Estimate the local orientation
asO(i, j)  2 tan 

V
(
i
,
j
)
 x

Compute E, an image containing only the sine
component of O
E (i, j )  sin(O '(i, j ))

Initialize ’A’ , a label image
used to indicate the reference
point
A(i, j )   E (i, j )   E (i, j )


R1
R2
Find the maximum value in ’A’ and assign its
coordinate to the reference point.
Repeat steps by using a window size of w’×w’ ,
where w’<w to get a fine estimate

The different sizes taken are 5, 10 and 15 pixels
Sector-Wise Normalization
Tessellate fingerprint image into sectors and
normalize pixels in each sector as:

V0 ( I ( x, y )  M i ) 2
ifI ( x, y )  M i
M 0 
V

i
N i ( x, y )  
V0 ( I ( x, y )  M i ) 2

otherwise
 M0 
V
i

Gabor Filters
 1  x '2 y '2  
G ( x, y, f , )  exp   2  2   cos(2 fx ')
 2   x '  y '  
x '  x sin( )  y cos( )
y '  x cos( )  y sin( )
where f is the frequency,  x and  y are the space constants
fig


Each sector is filtered using gabor filters for
four different values of θ in {0,45,90,135}
the feature value, Viθ, is the average absolute
deviation from the mean defined as

1
Vi    Fi ( x, y )  Pi 
ni  ni

where ni is the number of pixels in Si and Piθ is the
mean of pixel values of Fiθ(x, y)

Finally a feature vector is generated whose
elements have value in the range 0-255
Addressing problems associated with
using biometrics
Limited number & Open to public

Transform the Biometric Features into a new set of
features using a Secure Transformation



No. of bio-keys=No. of Transformations
Added security since transformation function is kept secret
Secure Transformation should have some desirable
qualities

Range of value of elements of feature vector should not
vary non uniformly
Secure Transformation


Transformation matrix is generated using a set of
random numbers.
Feature vector to be transformed is converted to
matrix form and convolved with the Transformation
matrix to get the Secure Features.
Fingerprint Features
in Matrix Form
Random Kernel
Secure Fingerprint
Features
Non-Repeatability

Usual cryptosystems fail with biometrics
since each time one obtains a biometric, its
value is not exactly the same as that obtained
before.


There is a high probability that a person is not
able to decipher the message encrypted using
biometrics
Modified Fuzzy Vault Scheme is used instead
of usual cryptosystem.
Modified Fuzzy Vault Scheme

Fuzzy Vault



A secret message ‘M’ is encrypted into a fuzzy
vault ‘V’ using another data ‘A’
‘M’ can be decrypted using a data ‘B’ sufficiently
close to ‘A’
Creation of Fuzzy Vault


The secret message ‘M’ is the Document of length
k.
Data ‘A’ is the biometric template.

‘M’ is encoded using the Reed-Solomon codes to
‘C’ of length n=2t-1


n triplets are formed such that a randomly chosen
position(1,2or3) say Position (i) of the ith triplet is
the ith number from code ‘C’ and the other two
numbers are randomly chosen.


RS codes have error correcting capacity of (n-k)/2 where
k is the length of ‘M’
Call the triplet Locking Set 1
Another n triplets are formed such that



ith triplet contains ith biometric element at Position(i)
The other two elements are such that they form an
arithmetic progression with distance=FV_tolerance
Call it Locking Set 2

Unlocking the Fuzzy Vault

Using the biometric, find the Position(i)



Position(i) is the position of the element in ith triplet in
Locking Set 2 which is closest to ith biometric element
Find value at Position(i) in the Locking Set 1, this
should be the ith value of the Reed-Solomon code.
Decode the Reed-Solomon code to obtain the
message.
Non-Repudiability

Since Fuzzy Vault is Symmetric Cryptosystem, the
encryption key is same as decryption key.


Causes a set-back in terms of non-repudiability
Solution


Encryption module has its own set of encryption and
decryption keys.
Created Fuzzy Vault is encrypted by the module whose
decryption key is made public.

No possibility of creation of fuzzy vault outside Encryption
Module using the key.
Invariant Features

Invariant feature I of data d for a transformation T is
the feature such that:
I (T (d ))  I (d )

Invariant features are used instead of biometrics.

Transformed biometric is sent



Actual biometric is secure
Same key serves for different cryptosystems by changing
the set of Invariants.
Key to hierarchical security

Permutation used as Transformation



Values of elements are not changed
Invariant Feature is the increasing order of the
feature elements
Hierarchical Security



Message can be encoded with different security levels
Receivers with a key for security level higher than the
encryption security are able to decode.
Implemented by doing binary subdivision of the Secure
Feature and evaluating Invariant Features for each division.

Increasing order of first 2k permuted elements is same as
increasing order of join of first k permuted elements and next k
permuted elements.
Complete System Design
The complete system is implemented in MATLAB.
SERVER
-RSA Field
&
Decr. Key for
Each module
USER1
MODULE1
MODULE2
MODULE3
-Encr. Key
-Secure Tr. For
Each user
-Encr. Key
-Secure Tr. For
Each user
-Encr. Key
-Secure Tr. For
Each user
USER2
USER1
USER1
USER2

System Initialization
Each Module is initialized with its RSA keys and
Field and is added to the Server.


Decryption key and Field are registered with server
Each user is added to a module

User’s Secure Transformation and Identity are registered
with the module.
Document Sending



Calculate Gabor Features of the fingerprint
Transform the Fingerprint Features to get Secure
Fingerprint Features
Generate and RSA cryptosystem(32 bit in our case)
randomly having





Field n
Encryption Key e
Decryption Key d
Divide the document into chunks of appropriate length(2 in
our case) such that the numeric equivalent of each chunk is
less than n for the encryption to work properly. Pad the
message if required.
Encrypt the document using e





Each digit of the number d is considered as an 8-bit
character to be secured in the fuzzy vault
Append random digits to d such that its length becomes
255-2*Permissible_Error
Find the invariant features corresponding to the desired
security level to create Modified Fuzzy Vault
Encrypt Modified Fuzzy Vault using Module Encryption Key
Send the Encrypted Modified Fuzzy Vault, the Encrypted
Document, Security Level, Module Id, User identity, the
padded values, n and the length of d
Encryption
Biometric
Features
Invariant
Feature
Fuzzy
Vault
Secure
Transformation
Secure
Features
Document
Key
Module Encryption
Invariant
Extraction
Modified Fuzzy Vault
Encryption Algorithm
Encrypted Fuzzy
Vault
Invariant
Feature
Fuzzy
Vault
Document Receiving





Find the invariant features corresponding to the Security
Level
Decrypt the Modified Fuzzy Vault using module Decryption
Key
Open the Modified Fuzzy Vault using the invariant features
to get d
Obtain the actual d taking only the first desired digits
Decrypt the Document using n and d to get the Document
Decryption
KEY
Invariant
Extraction
Invariant
Feature
Modified Fuzzy Vault Document
Decryption Algorithm
key
Encrypted
Fuzzy Vault
Module
Encryption
Fuzzy
Vault
Results obtained using this cryptosystem
FAR and FRR for Modified Fuzzy Vault
FV_tol.
FAR
(%)
FRR
(%)
FV_tol.
FAR
(%)
FRR
(%)
2
0
5
12
2.78
0
4
0
0
14
9.72
0
6
0
0
16
11.1
0
8
0
0
18
16.7
0
10
2.78
0
20
19.4
0