This paper presents proposed authentication method for PKI based on fingerprint transformations discussed in “Secure fingerprint hashes using subsets of local structures”. The authentication method uses Shamir secret sharing and blind signatures techniques. Biometrics data are stored as a one share. The latter approach helps to improve the security of biometric templates and allows to use them within PKI.
Our system was built based on the experience and conclusions from related works. We defined several assumptions, which our system has to meet. It allowed us to provide expected level of security. They are listed below.
- Biometric authentication process has to be directly linked with client’s digital certificate’s public key.
- Client should store only a minimal amount of data, which is required to respond the server requests.
- Compromising processed biometric data stored on the server, should not allow to recover the original biometric template.
- Only the hash value is revocable, not the raw biometric template.
Samples processing was presented in detail. The whole process is composed of minutiae detection, triangles determination (based on minutiae ), triangles translations, triplets of triangles combinations, synthetics fingerprints generation, quantization and finally hash values generation.
DETERMINING A SINGLE FINGERPRINT HASH
Processing model from previous section, generates thousands of hash values. The choice of a single representative value from a huge group in a random way is in practice impossible. Our solution is based on sets intersections.
We capture several fingerprint pictures and we look for intersections as long as we obtain a single value or a group of recurring values. Our tests have shown that this process is
relatively fast. The algorithm is described below.
- Load fingerprint hashes set and make it a base set B.
- Load fingerprint hashes set F(different fingerprint image).
- Build common elements set E, which contains hashes belonging to both sets (∀e∈E, e∈B∧e∈F).
- If the E set is empty (probably fingerprint hashes set was malformed) go to step 2. Otherwise go to step 5.
- Make set E a new base setB.
- If cardinality of the base set is equal to 1, end intersection process and go to step 7. Otherwise go to step 2.
- Determine random number SH, which will be a salt.
- Generate base hash value (formula 1).
where His the chosen hash value, h is SHA-256 (Secure Hash Algorithm) hash function.
COMPUTING SHAMIR SHARES
Single hash value can not be used in an authentication model. It could be captured easily and used by an adversary. Our system transforms data in such a way that only the person who has required hash and knows corresponding secret can successfully complete the server’s challenge.
SECURING SERVER SHARE
Processing raw server share (S2) would be insecure,because some values would be used by several service providers. In consequence data which should be protected could be compromised.
Last step in the first part of preparation is registration of X.509 certificate for the client, with critical extension defined, containing a second Shamir share (S1). It is important because S1 will be required in a local authentication process described further in section Local authentication.
LOCAL DATABASE STORAGE
As was said before, the system should store as little data as possible. We only save a value of big prime number P,a random index value RI and a chosen hash’s salt. Optionally, local database can contain client’s certificate fingerprint or certificate public key.
Local authentication is a process preceding remote authentication to the server. It was introduced because biometric data processing is not as fast as classical challenge response method. Furthermore, timestamps cannot be used (they will expire). At the beginning, we obtain a single hash value as shown in section Determining a single fingerprint hash. System also requires S1 share, the random index RI, the big prime number P and the client secrets.
RECEIVING SERVER’S CHALLENGE
If we are sure that chosen single hash value is correct, two-way authentication process can be initiated. We have not described this part here, because SSL/TLS 4 protocol can be used instead. In a secure communication channel, we begin biometric authentication process.
After message m is received and R∗V value is obtained, client begins releasing procedure. The original value is computed based on the recovered share S2 . The whole process requires determination of a value which is an inverse of the secure server share in group ZN and several RSA encryptions.
We have tested our system using SecuGen Hamster IV device and our own fingerprint set, which contains over 600 images. We did not use FVC set (Fingerprint Verification Competition), due to the fact that it was built for systems matching templates with input data in our solution we cannot obtain a raw template.
System security is based on considerations contained and details described in this section. We have analysed 3 possible attacks — attack on triangles coordinates, attack on quantization process and attack on Shamir schema.
Description of triangles coordinates attack requires some assumptions:
- Each minutiae is described by x,y and θ coordinates
- Maximal euclidean distance between grouped minutiae is less than or equal to 100 units (pixels).
- At least 7 minutiae in triplet have to be unique
- Fingerprint image size is 300×300 pixels.
This paper presents a biometric-based authentication system for public key infrastructure, which works on secured templates. Our solution, as one of just a few, provides security mechanism at biometric feature level. As opposed to other approaches mentioned in the paper, we applied sample processing producing a single secure hash value in a cryptographic sense and Shamir secret sharing with blind digital signatures. Also, the system structure was presented with some protocol details.
Our system obtains average FRR results and low FAR values as expected. Those two indexes are related. In general it is not possible to obtain both at the same low level. The lowest value of FRR obtained in our tests was 15,4%. In our opinion, low FAR is more desired than low FRR, mainly due to security reasons. We also observed correlation between enrolment process and FRR value. Shorter enrolment phase causes higher and unacceptable FRR level.
Furthermore, a good quality algorithm for processing images is required for better minutiae detection. Some of our tests have failed because of that. Future work will mainly include FRR ratio improvements without decreasing FAR values and performance boost while processing samples. We will also add several minutiae detection algorithms, which can increase the number of minutiae found.
Source: Poznan University of Technology
Authors: Anna Grocholewska-Cruryl | Marek Retinger