Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 31100
Application of Biometrics to Obtain High Entropy Cryptographic Keys

Authors: Sanjay Kanade, Danielle Camara, Dijana Petrovska-Delacretaz, Bernadette Dorizzi


In this paper, a two factor scheme is proposed to generate cryptographic keys directly from biometric data, which unlike passwords, are strongly bound to the user. Hash value of the reference iris code is used as a cryptographic key and its length depends only on the hash function, being independent of any other parameter. The entropy of such keys is 94 bits, which is much higher than any other comparable system. The most important and distinct feature of this scheme is that it regenerates the reference iris code by providing a genuine iris sample and the correct user password. Since iris codes obtained from two images of the same eye are not exactly the same, error correcting codes (Hadamard code and Reed-Solomon code) are used to deal with the variability. The scheme proposed here can be used to provide keys for a cryptographic system and/or for user authentication. The performance of this system is evaluated on two publicly available databases for iris biometrics namely CBS and ICE databases. The operating point of the system (values of False Acceptance Rate (FAR) and False Rejection Rate (FRR)) can be set by properly selecting the error correction capacity (ts) of the Reed- Solomon codes, e.g., on the ICE database, at ts = 15, FAR is 0.096% and FRR is 0.76%.


Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1784


[1] S. Kanade, D. Camara, E. Krichen, D. Petrovska-Delacr'etaz, and B. Dorizzi, "Three factor scheme for biometric-based cryptographic key regeneration using iris," in The 6th Biometrics Symposium, 2008.
[2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, 2006.
[3] A. Cavoukian and A. Stoianov, "Biometric encryption: A positive-sum technology that achieves strong authentication, security and privacy," Information and privacy commissioner of Ontario, White Paper, March 2007.
[4] T. E. Boult, W. J. Scheirer, and R. Woodworth, "Revocable fingerprint biotokens: Accuracy and security analysis," in IEEE Conference on Computer Vision and Pattern Recognition, June 2007, pp. 1-8.
[5] A. Lumini and L. Nanni, "An improved biohashing for human authentication," Pattern Recognition, vol. 40, no. 3, pp. 1057-1065, March 2007.
[6] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, "Generating cancelable fingerprint templates," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 561-572, April 2007.
[7] M. Savvides, B. V. Kumar, and P. Khosla, "Cancelable biometric filters for face recognition," in Proceedings of the 17th International Conference on Pattern Recognition (ICPR04), vol. 3, August 2004, pp. 922-925.
[8] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zmor, "Optimal iris fuzzy sketches," in IEEE Conference on Biometrics: Theory, Applications and Systems, 2007.
[9] A. Juels and M. Wattenberg, "A fuzzy commitment scheme," in Proceedings of the Sixth ACM Conference on Computer and communication Security (CCCS), 1999, pp. 28-36.
[10] A. Juels and M. Sudan, "A fuzzy vault scheme," in Proc. IEEE Int. Symp. Information Theory, A. Lapidoth and E. Teletar, Eds. IEEE Press, 2002, p. 408.
[11] F. Monrose, M. Reiter, and R. Wetzel, "Password hardening based on keystroke dynamics," in Proceedings of the Sixth ACM Conference on Computer and communication Security (CCCS), 1999, pp. 73-82.
[12] F. Monrose, M. Reiter, Q. Li, and S. Wetzel, "Cryptographic key generation from voice," in Proceedings of the IEEE Symposium on Security and Privacy, May 2001, pp. 202-213.
[13] Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data," in Proceedings of the Eurocrypt, 2004.
[14] U. Uludag and A. Jain, "Securing fingerprint template: Fuzzy vault with helper data," in Proc. of the 2006 Conference on Computer Vision and Pattern Recognition Workshop, June 2006, pp. 163-170.
[15] E. Krichen, B. Dorizzi, Z. Sun, S. Garcia-Salicetti, and T. Tan, Guide to Biometric Reference Systems and Performance Evaluation. Springer- Verlag, 2008, ch. Iris Recognition, pp. 25-50.
[16] F. J. MacWilliams and N. J. A. Sloane, Theory of Error-Correcting Codes. North Holland, 1991.
[17] National Institute of Science and Technology (NIST), "Iris Challenge Evaluation," 2005,
[18] W. E. Burr, D. F. Dodson, and W. T. Polk, "Electronic authentication guideline: Recommendations of the National Institute of Standards and Technology," April 2006.
[19] J. Daugman, "The importance of being random: Statistical principles of iris recognition," Pattern Recognition, vol. 36, no. 2, pp. 279-291, February 2003.