Statistical Hiding Fuzzy Commitment Scheme for Securing Biometric Templates

Full Text (PDF, 515KB), PP.8-16

Views: 0 Downloads: 0

Author(s)

Alawi A. Al-Saggaf 1,2,* Haridas Acharya 3

1. King Fahd University of Petroleum and Minerals, Dhahran-31261, Saudi Arabia

2. computer studies at Symbiosis International University

3. Allan Institute of Management Sciences, University of Pune, Pune-411001, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2013.04.02

Received: 14 Jul. 2012 / Revised: 16 Nov. 2012 / Accepted: 6 Jan. 2013 / Published: 8 Apr. 2013

Index Terms

Cryptography, commitment schemes, fuzzy commitment scheme, error correcting codes, biometrics, and template security

Abstract

By considering the security flaws in cryptographic hash functions, any commitment scheme designed straight through hash function usage in general terms is insecure. In this paper, we develop a general fuzzy commitment scheme called an ordinary fuzzy commitment scheme (OFCS), in which many fuzzy commitment schemes with variety complexity assumptions is constructed. The scheme is provably statistical hiding (the advisory gets almost no statistically advantages about the secret message). The efficiency of our scheme offers different security assurance, and the trusted third party is not involved in the exchange of commitment.
The characteristic of our scheme makes it useful for biometrics systems. If the biometrics template is compromised, then there is no way to use it directly again even in secure biometrics systems. This paper combines biometrics and OFCS to achieve biometric protection scheme using smart cards with renewability of protected biometrics template property.

Cite This Paper

Alawi A. Al-Saggaf, Haridas Acharya, "Statistical Hiding Fuzzy Commitment Scheme for Securing Biometric Templates", International Journal of Computer Network and Information Security(IJCNIS), vol.5, no.4, pp.8-16, 2013. DOI:10.5815/ijcnis.2013.04.02

Reference

[1]C. Crépeau, "Efficient cryptographic protocols based on noisy channels," In Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques, LNCS , Springer-Verlag Berlin, Heidelberg 1997; 1233, pp. 306-317.
[2]G. Davida, Y. Frankel, B. Matt, "On enabling secure applications through off-line biometric identification," In Proc. IEEE Security and Privacy, Oakland, CA , USA, pp. 148 – 157, 1998. DOI: 10.1109/SECPRI.1998.674831.
[3]G. Davida, Y. Frankel, B. Matt, R. Peralta, "On the relation of error correction and cryptography to an offline biometric based identification scheme," In Proc. Workshop Coding and Cryptography, pp. 129–138, 1999.
[4]U. Uludag, S. Pankanti, S. Prabhakar, "Jain A. Biometric Cryptosystems: Issues and Challenges," In Proceedings of the IEEE, 92(6), 948 – 960, 2004. DOI: 10.1109/JPROC.2004.827372.
[5]J. Daugman, "High confidence visual recognition of persons by a test of statistical independence," IEEE Trans. Pattern Anal. Machine Intell., 15, 1148–1161, 1993.
[6]A. Juels, M. Wattenberg, "A fuzzy commitment scheme," In Proc. 6th ACM Conf. Computer and Communications Security, G. Tsudik, Ed., pp. 28–36, 1999.
[7]T. Ignatenko, "Information Leakage in Fuzzy Commitment Scheme," IEEE Transaction on Info. Forensics and Security 5(2), 337-348, 2010.
[8]A. Juels, M. Sudan, "A fuzzy vault scheme," In Proc. IEEE Int. Symp. Information Theory, A. Lapidoth and E. Teletar (Eds), p. 408, 2002.
[9]Y. Dodis, R. Ostrovsky, L. Reyzin, A. Smith, "Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data," In Proc EUROCRYPTO'04, LNCS, 3027, 523-540, 2004.
[10]E. Verbitskiy, P. Tuyls, C. Obi, B. Schoenmakers, B. Ŝkorić, "Key extraction from general non-discrete signals," IEEE Trans Info. Forensic and Security, 5(2), 269-279, 2010.
[11]F. Monrose, M. Reiter, Q. Li, S. Wetzel, "Cryptographic key generation from voice. In SP '01 Proc. of the 2001 IEEE Symp. on Security and Privacy, Washington USA, pp. 202, 2001.
[12]F. Monrose, M. Reiter, Q. Li, S. Wetzel, "Using Voice to Generate Cryptographic Keys," In Proc. of the Speech Recognition Workshop, pp. 237-242, 1998.
[13]F. Monrose, M. Reiter, S. Wetzel, "Password hardening based on keystroke dynamics," In Proc. of 6th ACM Conf on Computer and Communications Security (CCCS), Washington USA, 73-82, 1999.
[14]L. Ballard, S. Kamara, F. Monrose, M. Reiter, "On the requirements of biometric key generators," Technical Report TR-JHU-SPARBKMR- 090707. Submitted and available as JHU Department of Computer Science Technical Report, 2007.
[15]H. Feng, C. Wah, "Private key generation from on-line handwritten signatures," Information Management Computer Security, 10(18), 159-164, 2002.
[16]S. Halevi, S. Micali, "Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing," Advances in Cryptology – CRYPTO '96, Proc. of 16th Annual International Cryptology Conference, USA, pp. 201–215, 1996.
[17]A. Jain, P. Flynn, A. Ross, "Handbook of Biometrics," Springer, 2008.
[18]A. Jain, K. Nandakumar A. Nagar, "Biometric template security," EURASIP J Adv Signal Process, pp. 1-17 2008.
[19]B. Preneel, "The stat of cryptographic hash functions," In Lectures on Data Security: Modern Cryptology in Theory and Practice, LNCS, Berlin: Springer, 1561, 158-192, 1999.
[20]B. Preneel, "The State of Hash Functions and the NIST SHA-3 Competition (Extend abstract)," Information Security and Cryptography, LNCS, 5487, 1-11, 2009.
[21]D. Boer, A. Bosselaers, "Collision for the Comparison function of MD-5," In Helleseth, T.(ed), EUROCRYPT'93, LNCS, 765, 293-304, 1994.
[22]H. Dobbertin, "The Status of MD5 after recent attack," CryptoBytes, 2(2),1-6, 1994.
[23]V. Klima, "Tunnels in Hash Functions: MD5 collisions within a minute," IACR ePrint archive, 2006, http://eprint.iacr.org/2006/105.pdf.
[24]X. Wang, A. Yao, F. Yao, "Cryptanalysis of SHA-1 Hash Function," Technical Report, National Institute of Standard and Technology (NIST), 2005, Available at http://csrc.nist.gov/groups/ST/hash/documents/Wang_SHA1-New-Result.pdf .
[25]X. Wang, L. Yin, H. Yu, "Finding Collisions in the full SHA-1," In V. Shoup (ed) CRYPTO'05, LNCS, Springer, 3621, 17-36, 2005.
[26]X. Wang, H. Yu, "How to Break MD5 and other Hash Functions," In Carmer, R. (ed) EUROCRYPT'05, LNCS, Springer, 3494, 19-35, 2005.
[27]E. Biham, R. Chen, A. Joux, P. Carribault, C. Lemuet, W. Jalby, "Collision of SHA-0 and reduced SHA-1," In R. Cramer (ed), EUROCRYPTO'05, LNCS, Springer, 3494, 36-57, 2005.
[28]NIST (National Institute of Standards and Technology). (2007). SHA-3 Competition. http://csrc.nist.gov/groups/ST/hash/timeline.html.
[29]S. Halevi, "Efficient commitment with bounded sender and unbounded receiver," In D. Coppersmith, editor, Proc. Crypto `95. Lecture Notes in Computer Science, volume 963, Pages 84-96, Springer-Verlag, 1995.
[30]M. Naor, "Bit Commitment Using Pseudo-Randomness," In Gilles Brassard, editor, Advances in Cryptology - CRYPTO '89, 9th Annual International Cryptology Conference, LNCS, Santa Barbara, California, USA, 435, 128–136, 1989.
[31]U. Uludag, "Secure Biometric Systems," Ph.D. Thesis, Michigan State University, 2006.
[32]E. Fujisaki, T. Okamoto, "Statistical Zero-Knowledge Protocols to prove Modular Polynomial Relations, In Crypto'97, LNCS, Springer, 1294, pp. 16-30, 1997.
[33]E. Fujisaki, T. Okamoto, "Statistical Zero-Knowledge Protocols to Prove Modular Polynomial Relations," IEICE Trans. Fund., E82-A, 1, 81–92, 1999.
[34]S. Halevi, "Efficient commitment with bounded sender and unbounded receiver," In D. Coppersmith, editor, Proc. Crypto `95, Lecture Notes in Computer Science, Springer-Verlag, 963, pp. 84-96, 1995.
[35]A. Alsaggaf, H. Acharya, "A Fuzzy Commitment Scheme," Advances in Computer Vision and Information Technology, Part_7, ch_13, pp. 1164-1169, Nov. 2007, I. K. International Pvt Ltd.
[36]A. Alsaggaf, "Crisp Commitment Scheme based on Noisy Channels," In Proc. of IEEE 1st Saudi International Conference on Phonics, Electronic and Communication, pp. 1-4, April 2011, Riyadh, Saudi Arabia. DIO: 10.1109/SIECPC.2011.5876892.