The practical subtleties of biometric key generation

Proceedings of the 17th USENIX Security Symposium

Volumn , Issue , 2008, Pages 61-74

  Ballard, Lucas ^a   Kamara, Seny ^a   Reiter, Michael K ^b  

^a JOHNS HOPKINS UNIVERSITY   (United States)

^b Brooks Computer Science Building   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

PUBLIC KEY CRYPTOGRAPHY;

CRYPTOGRAPHIC KEY; KEY GENERATION; KEY GENERATOR; PRACTICAL SYSTEMS; SECURITY REQUIREMENTS;

BIOMETRICS;

EID: 84922512713     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (45)

1. ADLER, A. Images can be Regenerated from Quantized Biometric Match Score Data. In Proceedings of the Canadian Conference on Electrical and Computer Engineering (Niagara Falls, Canada, May 2004), pp. 469–472.
2. ALVARE, A. How crackers crack passwords or what passwords to avoid. In Proceedings of the Second USENIX Security Workshop (August 1990), pp. 103–112.
3. th International Workshop on the Foundations of Handwriting Recognition (October 2006), pp. 461–466.
4. BALLARD, L., LOPRESTI, D., AND MONROSE, F. Forgery quality and its implications for behavioral biometric security. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Special Edition) 37, 5 (October 2007), 1107–1118.
5. th Annual Usenix Security Symposium (Vancouver, BC, Canada, August 2006), pp. 29–41.
6. BOYEN, X. Reusable cryptographic fuzzy extractors. In ACM Conference on Computer and Communications Security—CCS 2004 (2004), New-York: ACM Press, pp. 82–91.
7. CHANG, Y.-J., ZHANG, W., AND CHEN, T. Biometrics-Based Cryptographic Key Generation. In Proceedings of IEEE International Conference on Multimedia and Expo (ICME) (2004), vol. 3, pp. 2203–2206.
8. DAUGMAN, J. The importance of being random: Statistical principles of iris recognition. Pattern Recognition 36 (2003), 279–291.
9. DAVIDA, G. I., FRANKEL, Y., AND MATT, B. J. On enabling secure applications through off-line biometric identification. In Proceedings of the 1998 IEEE Symposium on Security and Privacy (May 1998), pp. 148–157.
10. th USENIX Security Symposium (August 2004), pp. 151–164.
11. DODIS, Y., REYZIN, L., AND SMITH, A. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Advances in Cryptology - EUROCRYPT 2004 (2005), vol. 3027 of Lecture Notes in Computer Science, Springer-Verlag, pp. 523–540. Full version appears as Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, IACR ePrint Cryptography Archive 2003/235.
12. DODIS, Y., AND SMITH, A. Correcting errors without leaking partial information. In Proc. 37th ACM Symp. on Theory of Computing (2005), ACM, pp. 654–663.
13. DOLE, B., LODIN, S., AND SPAFFORD, E. Misplaced trust: Kerberos 4 session keys. In Proceedings of the 1997 Symposium on Network and Distributed System Security (Washington, DC, USA, 1997), IEEE Computer Society, p. 60.
14. FELDMEIER, D., AND KARN, P. UNIX password security – ten years later. In Advances in Cryptology – CRYPTO ’89 Proceedings (Berlin, Germany, 1990), vol. 435 of Lecture Notes in Computer Science, Springer-Verlag, pp. 44–63.
15. GOH, A., AND NGO, D. C. L. Computation of cryptographic keys from face biometrics. In Proceedings of Communications and Multimedia Security (2003), pp. 1–13.
16. HAO, F., ANDERSON, R., AND DAUGMAN, J. Combining cryptography with biometrics effectively. IEEE Transactions on Computers (2006).
17. HAO, F., AND WAH, C. Private key generation from on-line handwritten signatures. Information Management and Computer Security 10, 4 (2002), 159–164.
18. HASTAD, J., IMPAGLIAZZO, R., LEVIN, L., AND LUBY, M. A pseudorandom generator from any one-way function. SIAM Journal on Computing 28 (1998).
19. JAIN, A. K., ROSS, A., AND ULUDAG, U. Biometric Template Security: Challenges and Solutions. In Proceedings of European Signal Processing Conference (EUSIPCO) (September 2005).
20. JUELS, A., AND SUDAN, M. A fuzzy vault scheme. In IEEE International Symposium on Information Theory (2002).
21. th ACM Conference on Computer and Communication Security (November 1999), pp. 28–36.
22. LI, Q., SUTCU, Y., AND MEMON, N. Secure sketch for biometric templates. In In Proceedings of Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security (2006), pp. 99–113.
23. LOPRESTI, D. P., AND RAIM, J. D. The effectiveness of generative attacks on an online handwriting biometric. In Proceedings of the International Conference on Audio- and Video-based Biometric Person Authentication. Hilton Rye Town, NY, USA, 2005, pp. 1090–1099.
24. MANSFIELD, A. J., AND WAYMAN, J. L. Best practices in testing and reporting performance of biometric devices. Tech. Rep. NPL Report CMSC 14/02, Centre for Mathematics and Scientific Computing, National Physical Laboratory, August 2002.
25. MASSEY, J. L. Guessing and entropy. In Proceedings of the 1994 IEEE International Symposium on Information Theory (1994), p. 204.
26. MOHANTY, P., SARKAR, S., AND KASTURI, R. A non-iterative approach to reconstruct face templates from match scores. In 18th International Conference on Pattern Recognition (ICPR 2006) (August 2006), pp. 598–601.
27. MONROSE, F., REITER, M., LI, Q., LOPRESTI, D., AND SHIH, C. Towards speech-generated cryptographic keys on resource-constrained devices. In Proceedings of the Eleventh USENIX Security Symposium (2002), pp. 283–296.
28. MONROSE, F., REITER, M. K., LI, Q., AND WETZEL, S. Cryptographic key generation from voice (extended abstract). In Proceeedings of the 2001 IEEE Symposium on Security and Privacy (May 2001), pp. 12–25.
29. MONROSE, F., REITER, M. K., AND WETZEL, S. Password hardening based on keystroke dynamics. International Journal of Information Security 1, 2 (February 2002), 69–83.
30. NISAN, N., AND ZUCKERMAN, D. Randomness is linear in space. Journal of Computer and Systems Science 52, 1 (1996), 43–52.
31. RATHA, N. K., CONNELL, J. H., AND BOLLE, R. M. Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40, 3 (2001), 614–634.
32. SANKOFF, D., AND KRUSKAL, J. Time Warps, String Edits and Macromolecules: The Theory and Practice of Sequence Comparison, second ed. Addison-Wesley Publishing, Reading, MA, 1999.
33. tm using image processing. In Optical Security and Counterfeit Deterrence Techniques II (1998), vol. 3314, IS&T/SPIE, pp. 178–188.
34. SOUTAR, C., AND TOMKO, G. J. Secure private key generation using a fingerprint. In Cardtech/Securetech Conference Proceedings (May 1996), pp. 245–252.
35. SUTCU, Y., SENCAR, H. T., AND MEMON, N. A Secure Biometric Authentication Scheme based on Robust Hashing. In Proceedings of the 7th Workshop on Multimedia and Security (New York, NY, USA, 2005), pp. 111–116.
36. th Annual Usenix Security Symposium (Boston, MA, August 2007).
37. ULUDAG, U., AND JAIN, A. Attacks on biometric systems: A case study in fingerprints. In Proceedings of SPIE-EI 2004, Security, Steganography and Watermarking of Multimedia Contents VI, vol. 5306, pp. 622–633.
38. ULUDAG, U., AND JAIN, A. Securing fingerprint template: Fuzzy vault with helper data. In Proceedings of the IEEE Workshop on Privacy Research In Vision (PRIV) (New York, NY, June 2006).
39. ULUDAG, U., PANKANTI, S., PRABHAKAR, S., AND JAIN, A. K. Biometric cryptosystems: Issues and challenges. Proceedings of the IEEE: Special Issue on Multimedia Security of Digital Rights Management 92, 6 (2004), 948–960.
40. VIELHAUER, C., AND STEINMETZ, R. Handwriting: Feature correlation analysis for biometric hashes. EURASIP Journal on Applied Signal Processing 4 (2004), 542–558.
41. VIELHAUER, C., STEINMETZ, R., AND MAYERHOFER, A. Biometric hash based on statistical features of online signatures. In Proceedings of the Sixteenth International Conference on Pattern Recognition (2002), vol. 1, pp. 123–126.
42. WAYMAN, J. Fundamentals of biometric authentication technologies. International Journal of Image & Graphics 1, 1 (January 2001), 93–114.
43. YAMAZAKI, Y., NAKASHIMA, A., TASAKA, K., AND KOMATSU, N. A study on vulnerability in on-line writer verification system. In Proceedings of the Eighth International Conference on Document Analysis and Recognition (Seoul, South Korea, August-September 2005), pp. 640–644.
44. ZHANG, W., CHANG, Y.-J., AND CHEN, T. Optimal thresholding for key generation based on biometrics. In Proceedings of the International Conference on Image Processing (ICIP04) (2004), vol. 5, pp. 3451–3454.
45. ZHENG, G., LI, W., AND ZHAN, C. Cryptographic key generation from biometric data using lattice mapping. In ICPR’06: Proceedings of the 18th International Conference on Pattern Recognition (Washington, DC, USA, 2006), IEEE Computer Society, pp. 513–516.