International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 2, No.

4, August 2011, ISSN: 2079-2557 Science Academy Publisher, United Kingdom www.sciacademypublisher.com

937

Efficient Cryptographic key Generation from Fingerprint using Symmetric Hash Functions
C. Nandini and B. Shylaja
Department of Computer Science and Engineering, Dayananda Sagar College of Engineering, Bangalore, India Email: laasyanandini@yahoo.com, shylaja2007.b@gmail.com

Abstract Biometrics gives a lot of methods in high-secure applications while using natural, user-friendly and fast authentication. Cryptography is intended to ensure the secrecy and authenticity of message. The cryptographic key will be long, so it is difficult to remember, protecting the confidentiality of the cryptographic keys is one of the significant issues to be dealt with. This can be efficiently solved by the integration of biometrics with cryptography. Conventional techniques depend on biometric features like face, fingerprint, hand geometry, iris, signature, keystroke, voice and the like for the extraction of key. Instead of storing key we will generate the key dynamically with the help of biometrics. In this paper we present a novel method for generating Cryptographic key by hashing the fingerprint minutiae and using different set of symmetric hash functions[1] for different users, which is safe and fast. We extract k-plets [2] from each fingerprint image and calculate the hash values based on the nearest neighbors [2] of a minutia point in the k-plet. A combination of these hash values are used to generate a key. This key can be used for any type of cryptography. We tested the generated key using existing AES algorithm with 128 bits key size. We can prove theoretically the increase in the security. Assuming a brute force attack, for a m hash function combination, and assuming average c k-plets a total of mc possible combination need to be tried to actually to break the cipher key. Also, consider a scenario where one or more hash functions are broken, even then the possibility of a match is very less because of different hash functions applied on different k-plets of same fingerprint template, which increases the security of the biometric key by an exponential factor. The proposed approach is tested on standard FVC 2002 dataset and the results are enumerated. It is found that our proposed method achieves the two important properties of Cryptographic keys, reproducibility and unguessable property. We can generate a wide range of cryptographic keys by changing the hash function for different petrinets of the same fingerprint and also using different features for different petrinets. There by enabling the system to be highly secured and not easily hacked by intruders. Keywords Fingerprint, AES, Cryptographic key, Hashing

1.

Introduction

In traditional cryptosystems, user authentication is based on possession of secret keys, which falls apart if the keys are not kept secret (i.e., shared with non-legitimate users). Further, keys can be forgotten, lost, or stolen and, thus, cannot provide non-repudiation [3]. Current authentication systems based on physiological and behavioral characteristics of persons (known as biometrics), such as fingerprints, inherently provide solutions to many of these problems and may replace the authentication component of the traditional cryptosystems. In a generic cryptographic system the user authentication is possession based. That is, possession of the decrypting key is a sufficient evidence to establish user authenticity. Because cryptographic keys are long and random, (e.g., 128 bits for the advanced encryption standard (AES)), they are difficult to memorize. As a result, the cryptographic keys [4] are stored somewhere (for example, on a computer or a smart card) and released based on some alternative authentication (e.g., password) mechanism, that is, upon assuring that they are being released to the authorized users only. Most passwords are so simple that they can be easily guessed (especially based on social engineering methods) or broken by simple dictionary attacks. Biometric authentication is inherently more reliable than password-based authentication, as biometric characteristics cannot be lost or forgotten, they are extremely difficult to copy, share, and distribute and require the person being authenticated

to be present at the time and point of authentication [5]. It is difficult to forge biometrics. Finally, one users biometrics is no easier to break than anothers; that is, all users have a relatively equal security level, hence, there are not many users who have easy to guess biometrics, that can be used to mount an attack against them. Thus, biometrics-based authentication is a potential candidate to replace password-based authentication.

2.

Related Work

Many crypto biometric techniques have been proposed. Most of the work that has taken place as on today has not achieved 100% security. Existing techniques generates the key directly from the biometric data. If the biometric template is compromised, the user loses his biometric template permanently. There is a lack of privacy if different applications use the same biometric template of a user. Fingerprints are among the more reliable biometrics and there is a long history of their use in criminal cases [6]. Soutar et al. reported a biometric-key system based on fingerprints in [7] and were the first to commercialize this technology into a productBioscrypt. They extract phase information from the fingerprint image using a Fourier transform and apply majority coding to reduce the feature variation. Instead of generating a key directly from biometrics, they introduce a method of biometric locking: A predefined random key is locked with a biometric sample by

Nandini and Shylaja / IJRRCS, Vol. 2, No. 4, pp. 937-942, August 2011

938

forming a phase-phase product. This product can be unlocked by another genuine biometric sample. Biometric locking appears a promising idea because the biometric key can be randomly defined. However, performance data are not reported. Clancy et al. proposed a similar application based on fingerprints in [8] and used a technique called a fuzzy vault, which had been first introduced by Juels and Sudan [9]. In Clancy et al.s work, the fingerprint minutiae locations are recorded as real points which form a locking set. A secret key can be derived from this through polynomial reconstruction. In addition, chaff points are added to the locking set to obscure the key. If a new biometric sample has a substantial overlap with the locking set, the secret key can be recovered by a Reed-Solomon code. This work is reported to derive a 69bit biometric key, but, unfortunately, with a 30 percent false rejection rate. Goh and Ngo combined some of the above techniques to build a system based on face biometrics [10]. They adopted the biometric locking approach used by Soutar et al. Eigen projections are extracted from the face image as features, each of which is then mixed with a random string and quantized into a single bit. A binary key is formed by concatenating these bits and majority-coding is added as suggested by Davida et al. Error correction involves polynomial thresholding, which further reduces feature variance. Goh and Ngo report extracting 80-bit keys with a 0.93 percent false rejection rate. This is beginning to approach the parameters needed for a practical system. However, the experiments reported are based on images taken from a continuous video source with minor variations, rather than a face database. So, doubts remain about the evaluation of this work. Our scheme is somewhat similar to theirs, but with a number of important differences. We are using hashing methods to generate the key, so that different users and also different applications can use different hash functions preserving privacy of the user, which is safe and fast. We extract 5-plets from each fingerprint image and calculate the hash values based on the nearest neighbors of a minutia point in the 5-plet. A combination of these hash values are used to generate a key. This key can be used for any type of cryptography. The proposed method provides two factor authentication which are fingerprint biometric and cryptographic key. Henceforth, we try to come out with a novel methodology for crypto biometric system so as to achieve high security of our proposed algorithm by using different symmetric hash functions for different users and also for different applications to generate cryptographic key. We design our algorithm to give the best security for the original data.

and Filters are used to enhance [13]-[14] the image. Binarization [10] is applied on fingerprint image. Then Morphological operation is used to extract Region of Interest. 3.1.1. Histogram equalization Histogram equalization increases the contrast of images, especially when usable data of the image represented by close contrast values. Perceptional information of the image is increased through Histogram equalization. It permits pixel value to expand. The used Fingerprint image use bimodal type. Histogram equalization converts range from 0 to 255 which will enhance visualization effect. Sample fingerprint before and after histogram equalization is shown in figure. 3.1.2 Binarization Fingerprint Image Binarization [12] is to transform the 8-bit Gray fingerprint image to a 1-bit image with 0-value for ridges and 1-value for furrows. After the operation, ridges in the fingerprint are highlighted with black color while furrows are white. A locally adaptive binarization method is performed to binarize the fingerprint image. 3.1.3. ROI Extraction by Morphological Operations Two Morphological operations [12] called OPEN and CLOSE are adopted. The OPEN operation can expand images and remove peaks introduced by background noise. The CLOSE operation can shrink images and eliminate small cavities. The bound is the subtraction of the closed area from the opened area. Then the algorithm throws away those leftmost, rightmost, uppermost and bottommost blocks out of the bound so as to get the tightly bounded region just containing the bound and inner area. 3.2. Minutiae Points Extraction Ridge Thinning [12]-[16] is to eliminate the redundant pixels of ridges till the ridges are just one pixel wide, uses an iterative, parallel thinning algorithm. In each scan of the full fingerprint image, the algorithm marks down redundant pixels in each small image window (3x3). And finally removes all those marked pixels after several scans. After the fingerprint ridge thinning, marking [17] minutiae points is relatively easy. For each 3x3 window, if the central pixel is 1 and has exactly 3 one-value neighbors, then the central pixel is a ridge branch. If the central pixel is 1 and has only 1 one-value neighbor, then the central pixel is a ridge ending. Suppose both the uppermost pixel with value 1 and the rightmost pixel with value 1 have another neighbor outside the 3x3 window, so the two pixels will be marked as branches too. But actually only one branch is located in the small region. So a check routine requiring that none of the neighbors of a branch are branches is added. 3.3. False Minutiae Removal The preprocessing stage does not totally heal the fingerprint [18] image. For example, false ridge breaks due to insufficient amount of ink and ridge cross-connections due to over inking are not totally eliminated. Actually all the earlier stages themselves occasionally introduce some artifacts which later lead to spurious minutiae. These false minutiae [12] will significantly affect the accuracy of matching if they are simply regarded as genuine minutiae [19]. So some mechanisms of removing false minutiae [20] are essential to keep the fingerprint verification system effective. 3.4. Fingerprint Matching

3.

Fingerprint Biometrics

A fingerprint is made of a number of ridges and valleys on the surface of the finger. Ridges are the upper skin layer segments of the finger and valleys are the lower segments. The ridges form so-called minutiae points: ridge endings (where a ridge end) and ridge bifurcations [11] (where a ridge splits in two). Many types of minutiae exist, including dots (very small ridges), islands (ridges slightly longer than dots, occupying a middle space between two temporarily divergent ridges), ponds or lakes (empty spaces between two temporarily divergent ridges), spurs (a notch protruding from a ridge), bridges (small ridges joining two longer adjacent ridges), and crossovers (two ridges which cross each other). 3.1. Fingerprint Preprocessing Fingerprint is preprocessed by Histogram Equalization [12]

Nandini and Shylaja / IJRRCS, Vol. 2, No. 4, pp. 937-942, August 2011

939

Fingerprint images often suffer from translation [12], rotation [12] and slightly scaling transformation due to different pressures, applied while taking the fingerprint. Before matching two fingerprint impressions A and B, it is necessary to register these two images to bring the features from A in the spatial proximity of their corresponding counterparts from B. It is often assumed that scaling transformation need not be considered. Denote the geometrical transformation parameters with [tx, ty, ]T for the translation and rotation. The estimated rotation parameter () is the average of the difference in individual rotation values of all corresponding minutiae pairs. The translation parameters (tx, ty) are computed using the spatial coordinates of the minutiae pair that resulted in the best alignment. After alignment the point (x, y) and its orientation (x, y) will be mapped to the point (x, y) and (x, y) as follows, (1) and (2) 3.5. Step for Authenticating the Fingerprint 3.5.1. Training Phase 1. Read each fingerprint of a person from the dataset. 2. Extract the minutiae features namely terminations, bifurcations. 3. Calculate the translation and rotation parameters. The above steps are performed for all the fingerprints of a person. The mean values of translation and rotation is computed for all the people in the dataset and stored in the database. 3.5.2. Testing Phase The process of fingerprint matching involves comparing a query print with a set of one or more template prints. Prior to the matching process, features are extracted from all the template images.

A threshold value is set. If the difference between the mean value of the training and testing template is within the threshold value, we say that the person is authorized else he is not.

4.

Key Generation using Symmetric Hash functions

A hash function H is a transformation that takes an input m and returns a value h (called the hash value), h= H(m) [1]. Hash function H is said to be a one-way function if it is hard to invert ,that is, given a hash value h, it is computationally infeasible to find some input x such that H(x) = h. In our approach we construct hash functions [1] and generate a key using the hashed values. Additionally, we do not rely on a specific order of minutiae because we want our hash functions to be independent of this order. We consider symmetric complex functions as our hash functions. Specifically, given n minutiae points {c1, c2,. , ck} where ci={xi+yi} [1], we can construct the following m symmetric hash functions (3) (4) (5) ... (6) If we represent a minutiae 5-plet in a parametric space, then the symmetric hash function set can be dependent on a set of parameters determined from this 5-plets [2]. We propose to construct a strategy for combining multiple hash functions based on certain petrinets or k-plets [2] features. In the case of triplets, such features could be angles formed by the petrinets or their sides. We bin the petrinets on basis of one of these features and map specific hash function to each bin. Hence each bin acts as the key for the choice of the hash function. In order to utilize a user specific key, a random seed could be generated for the mapping of a bin to specific hash function. Our system first extracts the secondary features that include the distance, or angle between the minutiae petrinets and bins the petrinets on the basis of one of the features mentioned above. The system is illustrated in Figure 2.

Figure 1. (a) Original input image (b) Histogram equalized image (c) enhancement by Fourier transform (d) Binarized image (e) Region of Interest (f) Thinned image (g) Extracted minutiae (h) Real minutiae after removing spurious minutiae.

The procedure in the training phase steps 1 to 3 are repeated and the extracted feature are tested with the training phase data.

Figure 2. Overall Schematic Diagram of Hashing using K-plets.

The exact locations of the minutiae in the k-plet should not

Nandini and Shylaja / IJRRCS, Vol. 2, No. 4, pp. 937-942, August 2011

940

be recoverable from the stored hashes. If the number of hash functions (m) is less than the number of minutia points (n) participating in the construction of the hash function, then it is not possible to restore the original minutiae positions given the hash values. Let us assume that we compute a hash value for each petrinet of minutiae (c1, c2, c3, c4, c5). For each such petrinet, we can choose from one of several symmetric hash functions such as any linear combination of these functions will also yield a symmetric hash function. Thus for any petrinet, we have several functions h1, h2, , hk from which we can derive the transformation. Instead of choosing the hash function in a deterministic way, the complexity of the transformation and hence the resulting security can be enhanced if we could choose several of these hash functions simultaneously in a random order. Thus, for each petrinet P1, P2, , PN we can associate a corresponding hash function H1,H2, , HN. The association can be based on a secret key K. The key specifies the association between the petrinet P and the corresponding hash H as shown in Fig. 3.

obtained in step5 by AES algorithm. Step 7: Send the cipher text to the destination user. Step 8: At the receiving end step 1 to step 5 are repeated and cipher text is decrypted.

6.

Experimental Results

The proposed approach is tested on the collected fingerprint images from FVC 2002 datasets using five fingerprints per person of ten subjects. Three fingerprints are used in training phase and two fingerprints are used in testing phase. After the user authentication, key is generated for the particular user using symmetric hash functions. The generated key has been tested using AES algorithm with 128 bit key size. In this way we can generate a large number of different keys for different users which is difficult for the intruder to guess the key by brute force attack as we are using different hash functions for different petrinets in the same fingerprint. And we also use different features like distance between the minutiae points of the petrinets, angle or combination of both while generating the hash value. Table 1 shows the Hash value generated for different users using the hash function 1, refer to (1) along with time taken for hash generation for each user. The average time taken to generate the hash value is 0.1438 seconds.
Table 1. Hash value generated for Different Users using Hash function 1. Refer to (1) User Number 1 2 3 4 5 6 7 8 9 10 Hash Value Generated 5.027661e+009 2.547663e+010 6.333454e+009 2.620416e+009 853516225 8.914003e+009 3.321332e+009 486555364 2.820035e+009 1.262859e+010 Time Taken to Generate Key in seconds 0.297 0.219 0.125 0.125 0.062 0.156 0.094 0.063 0.125 0.172

Table 2 shows the cryptographic key generated from the hash value in table1 in binary format. Key size of any length can be generated by using different order of hash function (Refer (1) to (4)).
Figure 3. Associating the minutiae petrinets with hash function. Table 2. Hash value (refer Table 1) in binary format

5.

Proposed Methodology
Step 1: Select a minutia point, find its four nearest neighbors by calculating Euclidean distance between the minutiae co-ordinates Step 2: Group nearest five minutiae as one petrinet Step 3: Apply desired symmetric hash function for the petrinets Step 4: Repeat the above steps for all the minutiae in the fingerprint Step 5: Add all the values returned from the hash function to get the key (We can also get sum of squares of hash values or sum of cubes of hash values to generate different set of keys). Step 6: Encrypt the given plaintext or image using the key

User Number 1 2 3 4 5 6 7 8 9 10

Key Generated 100101011101011000000010011001000 10111101110100001101000010111110000 101111001100000001101011010110000 10011100001100000110000000000000 110010110111111001111111000001 1000010011010100001110010000111000 11000101111101111000000100100000 11101000000000011111011100100 10101000000101100101000110111000 1011110000101110001111110110110000

Table 3 shows the Hash value generated for different users

Nandini and Shylaja / IJRRCS, Vol. 2, No. 4, pp. 937-942, August 2011

941

using the hash function 2, refer to (2) along with time taken for hash generation for each user. The average time taken to generate the hash value is 0.1108 seconds.
Table 3. Hash Value Generated for different users using Hash function 2 Refer to (2)

User Number 1 2 3 4 5 6 7 8 9 10

Hash Value Generated 3.584309e+014 5.438151e+015 1.088019e+015 3.280553e+014 9.587373e+013 1.622023e+015 4.042638e+014 3.509972e+013 2.340754e+014 2.835812e+015

Time Taken to Generate Key in seconds 0.1400 0.2030 0.1090 0.0780 0.0310 0.1560 0.0940 0.0470 0.1100 0.1400

been authenticated by using his fingerprint which is stored in the database by using the key generation algorithm. So that key generated at the receiver for the authenticated user is same as his original key generated during encryption. By this way we are achieving the second property of cryptographic key, ie., reproducibility. Figure 4 and figure 5 shows the hash value for different users.

Table 4 shows the cryptographic key generated from the hash value shown in table 3 in binary format. It can be observed that the average time taken to generate hash value increases as the order of the hash function increases. So the time taken to generate hash value using hash function (refer to (2)) is higher than the time taken to generate hash value using hash function 1 (refer to (1)).
Table 4. Hash value (refer Table 3) in binary format

Figure 4. Hash value for different users using hash function1 Refer to (1).

User Number 1 2 3 4 5 6 7 8 9 10

Key Generated 1010001011111110110110010011110001001010100000 000 1001101010001111110000011001010010111000001100 0000000 1111011101100011000010101000000000111111100000 0000 1001010100101110101010011100111111000100100000 000 10101110011001001010111100111101011010010000000 1011100001100111000101010001011101110000110000 00000 1011011111010110100000000001100011100111000000 000 111111110110001001010010101111010001000000000 1101010011100011111011010001000101010010000000 00 1010000100110010011111101110111010001110100000 000000

We can observe in the graph that hash value generated differs from one user to another user. So that it has been ensured that, using this method we can generate unique keys. Because the number of minutiae points extracted differs from one user to another. So time taken to generate hash value also varies from one user to another.

Figure 5. Hash value for different users using hash function1 Refer to (2).

7.

Conclusion

Assuming a brute force attack, for a m hash function combination, and assuming average c k-plets a total of mc possible combination need to be tried to actually to break the cipher key. Also, consider a scenario where one or more hash functions are broken, even then the possibility of a match is very less because of different hash functions applied on different k-plets of same fingerprint template , which increases the security of the biometric key by an exponential factor. In this way, the first important property for Cryptographic key, ie., key must be unguessable has been achieved. After the user authentication, the key is generated from the user who has

We have described a novel Cryptographic key generation technique that uses the fingerprint features to generate the key. Our proposed method achieves the two important properties of Cryptographic keys, reproducibility and unguessable property. There by we can generate a wide range of cryptographic keys by changing the hash function for different petrinets of the same fingerprint and also using different features for different petrinets. If the hash function itself is compromised, new hash function can be issued, but the biometric signal itself is not lost forever. Different applications can use different hash functions for the same biometric template, thus securing the biometric signal as well as preserving privacy. Hence our proposed approach is found to be highly efficient and secure. Because the biometric

Nandini and Shylaja / IJRRCS, Vol. 2, No. 4, pp. 937-942, August 2011

942

itself is providing as first level of authentication and this approach can be implemented in any applications where security is critical factor. Also it provides as two factor authentication which are fingerprint biometric and cryptographic key.

References
[1] Sergey Tulyakov, Faisal Farooq, Praveer Mansukhani, Venu Govindaraju, Symmetric hash functions for secure fingerprint biometric systems, Pattern Recognition Letters 28 (2007) 24272436 [2] Gaurav Kumar, Sergey Tulyakov, Venu Govindaraju, Combination of Symmetric Hash Functions for Secure Fingerprint Matching, IEEE, 2010. [3] Umut Uludag, Sharath Pankanti, Salil Prabhakar, Anil K. Jain, Biometric Cryptosystems: Issues and Challenges, IEEE, 2004. [4] Gang Zheng, Wanqing Li and Ce Zhan, Cryptographic Key Generation from Biometric Data Using Lattice Mapping, IEEE The 18th International Conference on Pattern Recognition (ICPR06), 2006. [5] Faisal Farooq, Nalini Ratha, Tsai-Yang Jea and Ruud Bolle, Security and Accuracy Trade-off in Anonymous Fingerprint Recognition, IEEE, 2007. [6] R.J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. New York: Wiley, 2001. [7] http://www.bioscrypt.com/assets/Biometric_Encryption.pdf. [8] T.C. Clancy, N. Kiyavash, and D.J. Lin, Secure Smart Card-Based Fingerprint Authentication, Proc. 2003 ACM SIGMM Workshop Biometrics Methods and Application (WBMA), 2003. [9] A. Juels and M. Sudan, A Fuzzy Vault Scheme, Proc. IEEE Intl Symp. Information Theory, 2002. [10] A. Goh and D.C. L. Ngo, Computation of Cryptographic Keys from Face Biometrics, Proc. Intl Federation for Information Processing 2003, pp. 1-13, 2003. [11] Yusra AI-Najjar, Alaa Sheta, Minutiae Extraction For Fingerprint Recognition, 5th International Multi-Conference on Systems, Signals and Devices, 2008. [12] Ashwini R. Patil, Mukesh A. Zaveri, A Novel Approach for Fingerprint Matching using Minutiae, IEEE Fourth Asia International Conference on Mathematical/Analytical Modelling and Computer Simulation, 2010. [13] Raymond Thai, Fingerprint image enhancement and minutia extraction, Tech Rep., University of Western Australia, 2003. [14] L. Hong, Y. Wan, and A.K. Jain, Fingerprint image enhancement algorithms and performance evaluation, IEEE Trans. Pattern Anal. Mach. Intelligence, pp. 777789, 1998. [15] Chin Kim On, Paulraj M. Pandiyan, Sazali Yaacob and Azali Saudi, Fingerprint Feature Extraction Based Discrete Cosine Transformation (DCT), ICOCI, 2006. [16] Ramandeep Kaur, Parvinder S. Sandhu, AmitKamra, A Novel Method For Fingerprint Feature Extraction, International Conference on Networking and Information Technology, 2010. [17] Chandan Sharma, DSP implementation of fingerprintbased biometric system, Tech, Rep., University of Auckland, 2005. [18] D. Maio, D. Maltoni, A.K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition, Springer Verlag, 2003. [19] S. Prabhakar, Anil Jain, and Sharath Pankanti, Learning fingerprint minutiae location and type, in 15th International Conference on Pattern Recognition (ICPR), Barcelona, September 2000. [20] Tsai-Yang Jea, Minutiae-Based Partial Fingerprint Recognition,Ph.D. thesis, State University of New York, 2005.