ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Towards practical biometric key generation with randomized biometric templates
Full text PdfPdf (255 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 15th ACM conference on Computer and communications security table of contents
Alexandria, Virginia, USA
SESSION: System security 1 table of contents
Pages 235-244  
Year of Publication: 2008
ISBN:978-1-59593-810-7
Authors
Lucas Ballard  Google, Inc., Mountain View, CA, USA
Seny Kamara  Microsoft Research, Redmond, WA, USA
Fabian Monrose  University of North Carolina at Chapel Hill, Chapel Hill, NC, USA
Michael K. Reiter  University of North Carolina at Chapel Hill, Chapel Hill, NC, USA
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 50,   Downloads (12 Months): 394,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1455770.1455801
What is a DOI?

ABSTRACT

Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In this paper, we exploit a novel source of entropy that can be used with any biometric modality but that has yet to be utilized for key generation, namely associating uncertainty with the way in which the biometric input is measured. Our construction poses only a modest requirement on a user: the ability to remember a low-entropy password. We identify the technical challenges of this approach, and develop novel techniques to overcome these difficulties. Our analysis of this approach indicates that it may offer the potential to generate stronger keys: In our experiments, 40% of the users are able to generate keys that are at least 230 times stronger than passwords alone.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
A. Alvare. How Crackers Crack Passwords or what Passwords to Avoid. In Proceedings of the Second USENIX Security Workshop, pages 103--112, August 1990.
 
2
L. Ballard. Robust Techniques for Evaluating Biometric Cryptographic Key Generators. PhD thesis, The Johns Hopkins University, 2008. Available at http://www.cs.jhu.edu/ lucas/papers/thesis.html.
 
3
L. Ballard, S. Kamara, and M. K. Reiter. The Practical Subtleties of Biometric Key Generation. In Proceedings of the 17th Annual USENIX Security Symposium, pages 61--74, San Jose, CA, August 2008.
 
4
Lucas Ballard , Fabian Monrose , Daniel Lopresti, Biometric authentication revisited: understanding the impact of wolves in sheep's clothing, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
 
5
Steven M. Bellovin , Michael Merritt, Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.72, May 04-06, 1992
6
Xavier Boyen, Reusable cryptographic fuzzy extractors, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030096]
 
7
Y.-J. Chang, W. Zhang, and T. Chen. Biometrics-Based Cryptographic Key Generation. In Proceedings of IEEE International Conference on Multimedia and Expo (ICME), volume 3, pages 2203--2206, 2004.
 
8
Y. Dodis, L. Reyzin, and A. Smith. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In Proceedings of Advances in Cryptology -- EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science, pages 523--540. Springer-Verlag, 2004.
9
Yevgeniy Dodis , Adam Smith, Correcting errors without leaking partial information, Proceedings of the thirty-seventh annual ACM symposium on Theory of computing, May 22-24, 2005, Baltimore, MD, USA  [doi>10.1145/1060590.1060688]
 
10
David C. Feldmeier , Philip R. Karn, UNIX Password Security - Ten Years Later, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.44-63, August 20-24, 1989
 
11
Feng Hao , Ross Anderson , John Daugman, Combining Crypto with Biometrics Effectively, IEEE Transactions on Computers, v.55 n.9, p.1081-1088, September 2006  [doi>10.1109/TC.2006.138]
 
12
Ari Juels , Madhu Sudan, A Fuzzy Vault Scheme, Designs, Codes and Cryptography, v.38 n.2, p.237-257, February 2006  [doi>10.1007/s10623-005-6343-z]
13
Ari Juels , Martin Wattenberg, A fuzzy commitment scheme, Proceedings of the 6th ACM conference on Computer and communications security, p.28-36, November 01-04, 1999, Kent Ridge Digital Labs, Singapore  [doi>10.1145/319709.319714]
14
T. Lomas , L. Gong , J. Saltzer , R. Needhamn, Reducing risks from poorly chosen keys, Proceedings of the twelfth ACM symposium on Operating systems principles, p.14-18, November 1989
 
15
Fabian Monrose , Michael K. Reiter , Qi Li , Susanne Wetzel, Cryptographic Key Generation from Voice, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.202, May 14-16, 2001
 
16
F. Monrose, M. K. Reiter, and S. Wetzel. Password Hardening based on Keystroke Dynamics. International Journal of Information Security, 1(2):69--83, February 2002.
 
17
J. A. Rice. Mathematical Statistics and Data Analysis. Duxbury Press, Belmont, CA, 2nd edition, 1995.
 
18
C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. Kumar. Biometric Encryption ™ using Image Processing. In Optical Security and Counterfeit Deterrence Techniques II, volume 3314, pages 178--188. IS&T/SPIE, 1998.
 
19
Julie Thorpe , P. C. van Oorschot, Human-seeded attacks and exploiting hot-spots in graphical passwords, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
 
20
U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain. Biometric Cryptosystems: Issues and Challenges. Proceedings of the IEEE Special Issue on Multimedia Security of Digital Rights Management, 92(6):948--960, 2004.
21
P. C. van Oorschot , Julie Thorpe, On predictive models and user-drawn graphical passwords, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-33, January 2008  [doi>10.1145/1284680.1284685]
 
22
Claus Vielhauer , Ralf Steinmetz, Handwriting: feature correlation analysis for biometric hashes, EURASIP Journal on Applied Signal Processing, v.2004 n.1, p.542-558, 1 January 2004  [doi>10.1155/S1110865704309248]

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION

Additional Classification:
  H. Information Systems
  H.1 MODELS AND PRINCIPLES
      H.1.2 User/Machine Systems


General Terms:
Design, Security


Keywords:
biometrics, cryptographic keys

Collaborative Colleagues:
Lucas Ballard: colleagues
Seny Kamara: colleagues
Fabian Monrose: colleagues
Michael K. Reiter: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player