Abstract
Biometric data is user-identifiable and therefore methods to use biometrics for authentication have been widely researched. Biometric cryptosystems allow for a user to derive a cryptographic key from noisy biometric data and perform a cryptographic task for authentication or encryption. The fuzzy extractor is known as a prominent biometric cryptosystem. However, the fuzzy extractor has a drawback in that a user is required to store user-specific helper data or receive it online from the server with additional trusted channel, to derive a correct key. In this paper, we present a new biometric-based key derivation function (BB-KDF) to address the issues. In our BB-KDF, users are able to derive cryptographic keys solely from their own biometric data: users do not need any other user-specific helper information. We introduce a security model for the BB-KDF. We then construct the BB-KDF and prove its security in our security model. We then propose an authentication protocol based on the BB-KDF. Finally, we give experimental results to analyze the performance of the BB-KDF. We show that our proposed BB-KDF is computationally efficient and can be deployed on many different kinds of devices.
Highlights
Biometric data is unique to the individual, and, there has been a lot of research on using biometrics for authentication systems
We analyze the performance of the biometric-based key derivation function (BB-key derivation function (KDF)) constructed in Section 4 under various conditions, that is, considering both device specifications and the length of biometric vector
HMAC-SHA-256 and SHA-256 are used as the underlying pseudorandom function (PRF) FV and hash algorithm H, respectively
Summary
Biometric data is unique to the individual, and, there has been a lot of research on using biometrics for authentication systems. There are two main types of biometrics: physical (e.g., a fingerprint, face, iris, or hand) and behavioral (e.g., a handwritten signature or keyboard dynamics such as rhythm, speed, and use of the left or right shift key). Much research has been conducted to develop models to combine several biometrics for user authentication [1,2,3,4]. The server authenticates the user just by using his/her unique physical or behavioral features (i.e., who you are). Various kinds of devices that collect biometric data can be found in the surrounding environment, making deployment of a biometric-based authentication system practicable
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.