Secure key agreement using cancelable and noninvertible biometrics based on periodic transformation

Official URL: http://risc01.sabanciuniv.edu/record=b1659259 (Table of Contents)

Nowadays, many of the security-providing applications use biometric-based authentication, such as electronic banking, health and social services, commercial applications and law enforcement. However, since each person’s biometrics is unique and not replaceable, once it is compromised, it will be compromised forever. Therefore, it is indeed hard for the users to trust biometrics. To overcome this problem, in this thesis, we propose a novel protocol SKA-CaNPT: Secure Key Agreement Protocol using Cancelable and Noninvertible Biometrics based on Periodic Transformation. In this research, we use a periodic transformation function to make our biometrics cancelable and noninvertible. At the very end of our SKA-CaNPT protocol, the user and the server make an agreement on a symmetric shared key that is based on the feature points of the biometrics of the user. As a proof of concept, we apply our SKA-CaNPT protocol on fingerprints. In our protocol, after extracting minutiae from the fingerprints, we first employ a periodic transformation function and then we categorize our minutiae points in a predefined neighborhood by using a threshold-based quantization mechanism. Our SKA-CaNPT protocol runs in a round-manner and in each round, the server decides about the acceptance or rejection of the user according to the similarity score of the common minutiae. In addition, if the transformed data is compromised, it can be renewed just by changing one of the inputs of our transformation function. Besides, we apply different security analyses on our protocol. First of all, we use Shannon’s entropy to analyze the randomness of the agreed keys, and it shows that the generated keys have enough randomness. Secondly, to analyze the distinctiveness of the agreed keys, we use the Hamming distance metric, results of which show that the keys of different people are distinguishable from each other. Moreover, according to the low IKGR (Incorrect Key Generation Rate), high CKGR (Correct Key Generation Rate) and high attack complexity possessed by our SKA-CaNPT protocol, we can conclude that our scheme is secure against brute-force, replay and impersonation attacks.