Biometric Digital Signature Key Generation and Cryptography ...

Biometric Digital Signature Key Generation and Cryptography Communication Based on Fingerprint Je-Gyeong Jo, Jong-Won Seo, and Hyung-Woo Lee Div. Computer Information of Software, Hanshin University, 411, Yangsan-dong, Osan, Gyunggi, 447-791, Korea [email protected], [email protected], [email protected]

Abstract. A digital signature is a term used to describe a data string which associates a digital message with an assigned person only. Therefore, the main goal (or contribution) of this work is to study a simple method for generating digital signatures and cryptography communication using biometrics. The digital signature should be generated in the way that it can be verified by the existing cryptographic algorithm such as RSA/ElGamal without changing its own security requirement and infrastructure. It is expected that the proposed mechanism will ensure security on the binding of biometric information in the signature scheme on telecommunication environments.1 Keywords: Biometrics Digital Key, Fuzzy Vault, Secure Communication, Digital Signature, Digital Key Generation.

1

Introduction

A digital signature has many applications in information security such as authentication, data integrity, and non-repudiation. One of the most significant advances in digital signature technologies is the development of the first practical cryptographic scheme called RSA[1], while it still remains as one of the most practical and versatile digital signature techniques available today[2]. It is often desirable to generate a digital signature by deriving a signature key (or a semantically equivalent value) from human source(biometrics) in today’s communications environment rather than keeping the key in an external hardware device. Therefore, biometrics is the science of using digital technologies to identify a human being based on the individual’s unique measurable biological characteristics[4,5]. This work proposes a general framework of biometric digital signature key generation from both technical and practical perspectives in order to establish safe environment using telebiometric systems and protect individual privacy. 1

This work was supported by the Korea Research Foundation Grant funded by the Korean Government (MOEHRD, Basic Research Promotion Fund) (KRF-2006-311D00857).

F.P. Preparata and Q. Fang (Eds.): FAW 2007, LNCS 4613, pp. 38–49, 2007. c Springer-Verlag Berlin Heidelberg 2007 

Biometric Digital Signature Key Generation

39

From the technical point of view, this work proposes several biometric digital key and signature generation frameworks to ensure data integrity, mutual authentication, and confidentiality. From the practical perspective, this work describes overall framework that allow protection of biometric data as related to their enrolment, signature generation and verification. This work also outlines measures for protection of the biometric information as related to its generation, storage, and disposal. Actually digital key generation from biometric has many applications such as automatic identification, user authentication with message encryption, etc. Therefore, this work analysis the related schemes and proposes a simplified model where a general signature scheme (including an RSA scheme that requires a large signature key) can be applied without losing its security. This work also can be applicable into authentication frameworks for protection of biometric systems as related to their operational procedures, roles and responsibilities of the personnel involved in system design. It is expected that the proposed countermeasures will ensure security and reliability on the flow of biometric information in the telecommunication environment.

2 2.1

Overview on Existing Scheme Biometric Digital Key

Digital Signature Key Generation for Telebiometrics. Fig. 1 depicts the common component or modules on Telebiometrics system with proposed key generation module, which commonly includes a step to extract features through signal processing after acquiring biometric data from a biometric device such as a sensor. The features are then compared or matched against the biometric data, which were already obtained through the same processes and saved in a database, and the result is decided on decision step. Based on existing Telebiometrics model, this work proposes digital signature keys (both private key and public key pair) generation framework from biometric information. Therefore, it is possible to combine existing public key infrastructure such as RSA[1] or ElGamal[3] to generate digital signature key on biometric data. Therefore, the main goal (or contribution) of this work is to study a simple method for generating digital signatures using biometrics by exploiting the existing Fuzzy Vault[4] scheme. Biometric Template. Biometric templates are processed measurement feature vectors. Biometrics of different individuals is independent realizations of a random process that is equal for all individuals. We assume that the processing of biometrics results in templates that can be described as a sequence of n independent identically distributed random variables. Noisy measurements of biometrics are modeled as observations through a memoryless noisy channel. It is assumed that the enrollment measurements of the biometric templates are noise free.

40

J.-G. Jo, J.-W. Seo, and H.-W. Lee Digital Key Generation/Signature Procedure

Input Device Template Generation

Transmission

Capture

Input Device Template Generation

Match Transmission Yes/No

Capture

Key Generation

BC

Transmission Transmission Protected Data Transmission

Match Transmission Yes/No

Personal Secret

Key Extraction CA Public Key Key Generation

Private Key

Transmission

Personal Secret

Application Digital Signature

Key Extraction and Digital Signature

Fig. 1. Biometric Digital Key Generation on Telebiometrics

We examine the existing biometrics-based digital signature scheme and analysis them on the fly. First this document can classify those schemes into key derivation(generation) and signature generation and verification framework. The key derivation schemes imply that the signature key is derived directly from biometrics while the key authentication schemes mean that the signature key is accessed by biometric authentication. Common Digital Signature Scheme. A cryptographic primitive that is fundamental in authentication, authorization, and non-repudiation is the digital signature. The process of signing entails transforming the message and some secret information held by the entity into a tag called a signature[5]. • M is the set of messages which can be signed. • S is a set of elements called signature, possibly binary strings of a fixed length. • SA is a transformation from the message set M to the signature set S, and is called a signing transformation for communication entity A. The transformation SA is kept secret by sender A, and will be used to create signatures for messages from M. • VA is a transformation from the set S × M to the set {true; false}. VA is called a verification transformation for A’s signatures, is publicly known, and is used by other entities to verify signatures created by A. Therefore, the transformations SA and VA provide a digital signature scheme for A. Occasionally the term digital signature mechanism is used. The size of the key space is the number of encryption/decryption key pairs that are available in the cipher system. A key is typically a compact way to specify the encryption transformation (from the set of all encryption transformations) to be used. Each can be simply described by a permutation procedure which is called the key. It is a great temptation to relate the security of the encryption scheme to the size of the key space. RSA is the first practical cryptographic scheme for digital signature and still remains as one of the most practical and versatile techniques available today

Biometric Digital Signature Key Generation

41

[1]. This document supposes to use a simple hash-and-sign RSA primitive in a probabilistic manner (with k -bit random numbers). The public-private keys are respectively e, N  and d, N  where N is the product of two distinct large primes p and q, and ed ≡ 1 mod φ(N ) for the Euler totient function φ(N ) = (p − 1)(q − 1) [1]. The public key is postulated to be certified by the CA. We assume signer S returns signature on a message m; s, r where s ← H(m, r)d mod N and r ← R{0, 1}k . The ElGamal public-key encryption scheme can be viewed as Diffie-Hellman key agreement in key transfer mode[3]. Its security is based on the intractability of the discrete logarithm problem and the Diffie-Hellman problem. The ElGamal signature scheme is a randomized signature mechanism. It generates digital signatures with appendix on binary messages of arbitrary length, and requires a hash function h: {0, 1}∗ → Zp where p is a large prime number. Each entity creates a public key and corresponding private key. Public Key Infrastructure and Biometric Certificate. For an authorized assertion about a public key, we commonly use digital certificates issued by a trusted entity called the certificate authority (CA) in the existing public key infrastructure(PKI). Biometric identification process is combined with digital certificates for electronic authentication as biometric certificates. The biometric certificates are managed through the use of a biometric certificate management system. Biometric certificates may be used in any electronic transaction for requiring authentication of the participants. Biometric data is pre-stored in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device. Subsequent transactions to be conducted over a network have digital signatures generated from the physical characteristics of a current user and from the electronic transaction. The electronic transaction is authenticated by comparison of hash values in the digital signature with re-created hash values. The user is authenticated by comparison against the pre-stored biometric certificates of the physical characteristics of users in the biometric database. 2.2

Existing Biometric Key Mechanisms

Recently several methods have been proposed to use biometrics for generating a digital signature. In 2001, P. Janbandhu and M. Siyal studied a method for generating biometric digital signatures for Internet based applications [12]. Their scheme was actually focused on using a 512-byte iris code invented by J. Daugman [9,10], and deriving a singature key from the iris code. In 2002, R. Nagpal and S. Nagpal proposed a similar method except that they used a multi modal technique combining iris pattern, retina, and fingerprint in order to derive RSA parameters [7]. In 2002, P. Orvos proposed a method for deriving a signature key from a biometric sample and a master secret kept securely in a smart card [14]. In the commercial fields, several products that

42

J.-G. Jo, J.-W. Seo, and H.-W. Lee

generate a digital signature only by accessing the server or smart card through biometric authentication, are being announced [8]. We could observe that the first two schemes are far from practice due to their inadequate assumption on acquiring deterministic biometrics [7,12], while the remaining results eventually use biometrics as only a means to access the signature key stored in some hardware devices [8]. Recently in 2004, Y. Dodis, L. Reyzin, and A. Smith showed a method of using biometric data to securely derive cryptographic keys which could be used for authentication by introducing a secure sketch which allows recovery of a shared secret and a fuzzy extractor which extracts a uniformly distributed string from the shared secret in an error-tolerant way [8]. In 2005, X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith improved this result in a way that resists an active adversary and provides mutual authentication and authenticated key exchange [9]. There is an approach of templateprotecting biometric authentication proposed by P. Tuyls and J. Goseling in 2004 [6], but it does not provide a method for deriving a cryptographic key. 2.3

Secret Hiding Function : Fuzzy Vault Scheme

Fuzzy vault is a simple and novel cryptographic construction. A player Alice may place a secret value k in a fuzzy vault and ’lock’ it using a set A of elements from some public universe U. If Bob tries to ’unlock’ the vault using a set B of similar length, he obtains k only if B is close to A, i.e., only if A and B overlap substantially[4]. Thus, a fuzzy vault may be thought of as a form of error tolerant encryption operation where keys consist of sets. Fuzzy vault like error-tolerant cryptographic algorithms are useful in many circumstances such as privacy protected matching and enhancement, authentication with biometrics and in which security depends on human factors like fingerprint, etc[4]. Follow diagram(Fig. 2) shows the general Fuzzy Vault model for providing biometric digital key generation and protection functions.

Key Generation

Fig. 2. Fuzzy Vault Scheme for Biometric Digital Key Protection

Biometric Digital Signature Key Generation

3

43

Proposed Telebiometrics Digital Key Generation

Biometric data can be input by using diverse application such as fingerprint reader, etc. Therefore, this work can use transformation module on input biometric data. In this section, the proposed key generation framework is described in detail. For example, follow diagram(Fig. 3) shows the abstracted flow on biometric digital key pairs from the fingerprint data. On the Alice’s fingerprint data, key pairs can be generated by using existing common public key cryptosystem such as RSA or ElGamal.

Live Data

Capturing

Biometric Sample

Y

Private Key Message

Biometric Template

Key Extracting

Personal Secret

Digital Sign

BioCert

Matching

Protected Template

BC Biometric Certificate Protected Data

Signed Message

Sent to Receiver

Fig. 3. Biometric Digital Key Generation Framework

In the key generation framework, the identity of the user is verified by comparing the captured biometric data with biometric certificate(BC) that is stored in BCA. Therefore, no one can act for the original user in key generation mechanism. Only the user who has registered hisher own biometric template on BCA can make public and private key pairs. 3.1

Biometric Digital Key Generation

Capturing Function. This function is a sensing and input module with feature enhancement function. In fingerprint, ridge regions in the image are identified and normalized. In detail ridge orientations are determined, local ridge frequencies calculated, and then contextual filters with the appropriate orientation and frequency are applied. This function makes the biometric template from the biometric raw data. The noise on the captured image is reduced through image processing. Then the set of minutiae are extracted from the enhanced image. Finally, the biometric template is made from location and angle values of minutiae set. Matching Function. The role of adjustment function is finding helper data that is used for revising location and angle values of minutiae set. A user’s biometric data is always different whenever the biometric data is captured from the device. Thus the adjustment function is needed to revise newly captured biometric data.

44

J.-G. Jo, J.-W. Seo, and H.-W. Lee

Biometric Digital Key Generation Function. The private key is generated by hashing a user’s personal secret and a biometric template. If we use only the biometric template for private key generation, we always get to generate same key since the biometric data is unique. Moreover, if the private key is disclosed, the user’s biometric data can not be used any more. Therefore, in order to cancel and regenerate the private key, the user’s personal secret is also required in generation of the private key. The private key is generated by hash function such as MD5 or SHA-1 on the biometric template with the personal secret. If we use only the biometric template for private key generation, we always get to generate same key since the biometric data is unique. Moreover, if the private key is disclosed, the user’s biometric data can’t be used any more. Therefore, in order to cancel and regenerate the private key, the user’s personal secret is also required in generation of the private key. 3.2

Biometric Digital Key Protection

Biometric template stores the subject’s biometric feature data, which is vital to the overall system security and individual security. Once the biometric data is leaked out, the individual authentication is confronted with threat, and individual biometric authentication in other applications may be confronted with security vulnerability, too. So, it is most important to protect the biometric template. Private secret data is stored as a protected form on protected storage. The confidentiality of biometric private key can be assured by this mechanism. For biometric private key as well as biometric template is a kind of individual private data, the certificate user have right and must delete their biometric private key from certificate database when the biometric certificate is revoked. For example, we can implement ’Shuffling’ module by using fuzzy-vault scheme as follows. Firstly, we generate fake minutiae set and insert them to the user’s biometric template. Secondly, for hiding private key, polynomial for real minutiae set(original biometric template) and polynomial for fake minutiae set are constructed. Then, the private key is projected to each polynomial. Finally, the protected data(template) is made by combining these results. It consists of minutiae’s (location, angle, result) value set. Key Shuffling Function. A key shuffling(secret locking) function is used to hide the private key to enforce security of it. Therefore, it is a simplified secret shuffling module on biometric data for hiding and securing the private key. • Step 1: Generate fake minutiae set and insert them to the user’s biometric template for protection of the template. • Step 2: For hiding private key, polynomial for real minutiae set and polynomial for fake minutiae set are constructed. Then, we project private key into each polynomial and get results. • Step 3: The protected template is made by combining results from step1 and step 2. It consists of minutiae’s (location, angle, result) value set.

Biometric Digital Signature Key Generation

45

Follow diagram(Fig. 4) shows the abstracted model on the secret locking and private key hiding on the fingerprint data set based on Fuzzy Vault scheme.

Fig. 4. Biometric Digital Key Protection with Fuzzy Vault

3.3

Public Key Generation and Management

This work uses ElGamal signature scheme to simulate the digital signature generation in our framework. The private key is generated and the public key y is computed as follows. Entity A generates a large random prime p and a generator g of the multiplicative group Zp . And then A selects a random secret a, a ≤ a ≤ p − 2. A also computes y ≡ g a mod p. A’s public key is and private key is (p; g; y). It is computationally infeasible to solve discrete logarithms over GF(p). Generated public key (p; g; y) is stored on DB and certified by CA. In order to combine biometric authentication with cryptographic techniques, the proposed framework uses adjustment function during the digital signature phase. The adjustment function guarantees that a unique template can be derived from various biometrics of same person. In key generation framework, the private key is concealed in the protected template in order to prevent disclosure of the private key. In signature generation framework, the private key is derived from the user’s biometric data and the protected template. 3.4

Biometric Digital Signature Generation and Verification

At first, user authentication is performed by comparing the signer’s captured biometric image with his(her) own biometric template in BCA. Due to the property of the proposed key extraction mechanism, the signer can not make other signers do signing a message. The signer gets the private key which is extracted from the key extraction mechanism. Then, the signer generates his(her) own digital signature on the message with the private key and sends it to the verifier. The verifier gets the signer’s public key from CA(Certificate Authority) and verifies the signature on the message with the public key. Signature verification mechanism is as same as that of ordinary digital signature verification scheme. Entity at the receiver(server) can verify the digital signature by using the signer’s public key and biometric certificate.

46

J.-G. Jo, J.-W. Seo, and H.-W. Lee

We can generate the digital signature on the message using the private key obtained from the input device. Entity A signs a binary message m of arbitrary length. Any entity B can verify this signature by using A’s public key. Biometric Digital Key Extraction. Follow diagram(Fig. 5) shows the digital key extraction model. User authentication is performed at first as same as in key generation mechanism. The user cannot disguise himself(herself) as a other for extracting the private key stored by a protected data. This requirement should be considered in key extraction mechanism based on biometric data. The private key is extracted from protected data by using ’Key Extracting’ function with biometric template and personal secret value. Cryptographic function such as fuzzy vault can be applicable into this mechanism.

Live Data

Capturing

Biometric Sample

Y

Private Key Message

Biometric Template

Key Extracting

Personal Secret

Digital Sign

BioCert

Matching

Protected Template

BC Biometric Certificate Protected Data

Signed Message

Sent to Receiver

Fig. 5. Biometric Digital Key Extraction Framework with Fuzzy Vault

Digital Signature Generation and Verification. Digital signatures are fast emerging as a viable information security solution, satisfying the objectives of data integrity, entity authentication, privacy, non-repudiation and certification. In this section, digital signature generation mechanism is described using the proposed key generation/extraction mechanisms in telebiometric environment. The private key extracted from the previous module is used to sign the message. The message and the signature on it are sent to the verifier. For example, we can generate digital signature (r, s) on the message m from the input private key. Entity A generates a large random prime p and a generator g of the multiplicative group Zp . And then A selects a random integer α, 1 ≤ α ≤ p − 2. A also computes y ≡ g α mod p. A’s public key is (p; q; y) and private key is α. And then entity A signs a binary message m of arbitrary length. Any entity B can verify this signature by using A’s public key. In detail entity A selects a random secret integer k , with gcd(k, p − 1) = 1. And then A computes r ≡ g k mod p and K −1 mod (p−1). Finally entity A can generates and computes s ≡ k −1 {h(m) − αr} mod (p − 1) and then A’s signature for m is the pair (r; s). To verify A’s signature (r; s) on m, B should do the following: B obtains A’s authentic public key (p : α; y) and verifies that 1 ≤ r ≤ p − 1; if not, then reject

Biometric Digital Signature Key Generation

47

the signature. If satisfied, B computes v1 ≡ y r rs mod p and v2 ≡ g h(m) mod p. B accepts the signature if and only if v1 = v2.

4

Cryptography Communication with Fingerprint

4.1

Message Encrypt with Digital Key

The main objective of biometric encryption is to provide privacy and confidentiality using biometric digital key(a private and a public key pairs). In biometric encryption systems each client receives public key from DB. Any entity wishing to securely send a message to the receiver obtains an authentic copy of public key and then uses the encryption transformation. To decrypt, the receiver applies decryption transformation to obtain the original message after biometric authentication process. Common biometric encryption mechanism with digital key is also possible as follow Fig. 6. Receiver : Server

Sender : Client Biometric Cert.

Capturing BC

Public key Message

Signal Processing Biometric Template

Key Mgmt.

DB

Encryption

Live Data

Matching Key Extracting Private key Decryption

Secret

Message

Encrypted Message

Fig. 6. Biometric Encryption for Cryptography Communication with Fingerprint

For message encryption, private key is extracted from the protected data stored by fuzzy vault scheme. And then we can generate encrypted ciphertext by using public key. 4.2

Implementation Results

We implemented a biometric encryption system with fingerprint in MATLAB. First step is a fingerprint enhancement proceedure for extracting a feature set of fingerprint minutiae. After this fingerprint enhancement function, a digitized feature set of minutiae is generated and it is used for generating private key with personal secret from template registration and key generation step. Follow Fig. 7 show the fuzzy vault set after locking someone’s secret(private key) within his/her own biometric template. Developed module provides and generates protected template from input fingerprint template. Fig. 8 shows the implementation and experimental results on the encryption/decryption mechanism based on ElGamal type of biometric digital key. Using biometric key pairs, we can encrypt and decrypt plaintext message.

48

J.-G. Jo, J.-W. Seo, and H.-W. Lee

Fig. 7. Fuzzy Vault Result After Locking Private Key within Fingerprint Feature Set

Fig. 8. Fuzzy Vault based Biometric Encryption and Decryption in MATLAB

5

Conclusions

We propose biometric digital key generation/extraction mechanisms for cryptographic secure communication, which are essential both for authentication and digital signature protocols on open network environments. The proposed system uses biometric template in Biometric Certificate for user authentication in key generation/extraction mechanisms. This work shows how to generation key from biometrics and message encryption. We can use user authentication and cryptography communication. So we can protect biometrics and communications that using Fuzzy Vault and ElGamal encryption scheme. Someday this work will be used Internet banking system or society that use biometrics mainly. Acknowledgments. This work was also supported by the University IT Research Center(ITRC) Project(IITA-2006-(C1090-0603-0016)).

Biometric Digital Signature Key Generation

49

References 1. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978) 2. Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices of the American Mathematical Society (AMS) 46(2), 203–213 (1999) 3. ElGamal, T., Public, A.: Key Cryptosystem and a Signature Scheme based on Discrete Logarithms. IEEE Transactions on Information Theory IT-30(4), 469– 472 (1985) 4. Juels, A., Sudan, M.: A Fuzzy Vault Scheme, also available at http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/ fuzzy-vault/fuzzy vault.pdf 5. Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, pp.287-291, pp.312-315. CRC Press, Boca Raton, USA (1997) 6. Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004) 7. Nagpal, R., Nagpal, S.: Biometric based digital signature scheme. Internet-Draft, draft-nagpal-biometric-digital-signature-00.txt (May 2002) 8. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to generate strong keys from biometric identification. In: Proceedings of the Security and Privacy, IEEE Computer Society Press, Los Alamitos (1998) 9. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometrics. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005) 10. Soutar, C.: Biometric system performance and security (2002), Manuscript available at http://www.bioscrypt.com/assets/biopaper.pdf 11. Jain, A., Hong, L., Pankanti, S.: Biometric identification. Communications of the ACM (February 2000) 12. Janbandhu, P., Siyal, M.: Novel biometric digital signatures for Internet-based applications. Information Man-agement & Computer Security 9(5), 205–212 (2001) 13. Kwon, T., Lee, J.: Practical digital signature generation using biometrics. In: Lagan` a, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, Springer, Heidelberg (2004) 14. Orvos, P.: Towards biometric digital signatures. Networkshop, pp. 26–28. Eszterhazy College, Eger (March 2002) 15. Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)