A Novel Crypto-Biometric Scheme for Establishing Secure Communication

Sessions Between Two Clients

Sanjay G. Kanade, Dijana Petrovska-Delacrétaz, and Bernadette Dorizzi

Presented by: Sanjay G. KanadeInstitut Mines TELECOM: TELECOM SudParis,

Département Electronique et Physique,Evry, France

April 17, 2023 A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients 2

Outline

• Motivation

• Related Works

• Multi-biometrics Based Crypto-biometric Session KeyGeneration and Sharing Protocol

• Proposed Protocol for Establishing Secure Session Between Two Parties

• Conclusions and Perspectives

April 17, 2023 3

Motivation

• Crypto-biometric systems:– Combine techniques from biometrics and cryptography

– revocability, template diversity, privacy protection

– strong link between a person’s identity and his cryptographic keys

• Need of sharing crypto-biometric keys

• Hypothesis 1: communication between two parties unknown to each other

• Hypothesis 2: the two parties do not wish or are unable to use a common biometric characteristic

A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Related Works – Crypto-Biometric systems

• Cancelable Biometric Systems – Ratha et al. (transformations), Lumini and Nanni (BioHashing), Boult

et al. (Biotokens), Kanade et al. (Shuffling scheme)

• Key Generation Systems– Davida et al., Monrose et al. (password hardening), Argyropoulos et

al. (Channel coding approach)

• Key Regeneration (Key Binding) Systems– Juels and Wattenberg (fuzzy commitment), Juels and Sudan (fuzzy

vault), Dodis et al. (fuzzy extractors), Hao et al. (2006), Kanade et al. (2008)

April 17, 2023 4A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Related Works - Protocols

• Boyen et al., Tang et al. - biometrics based remote authentication based on fuzzy extractors• Need storage of classical biometric templates

• Ueshige and Sakurai (one-time authentication protocol), Bringer et al., Barni et al. (privacy preserving authentication)• Only for authentication, no generation of keys

• Buhan et al. (SAfE protocol) – key sharing • Need exchange of classical biometric data; mutual trust

required

April 17, 2023 5A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Our Previously Proposed BSKGS Protocol – Authentication between Client and Server

6

Party 1 Party 2 (server)

Auth. Req., user ID, security level, modalities

Request accept

Shuffling key (on a smart card or from password)

shiK Shuffling key part and

stored cancelable template

xiK

ci

Capture fresh biometric data, apply shuffling, and create locked code

from a random key lockrK

Locked code and

lock))(( rKHH

Regenerate the key from stored data and

If

rKlock

))(())(( rr KHHKHH )( rKH

)()( If rr KHKH

rr KK Start secure communication using key

rK

Previously published in: S.G. Kanade, D. Petrovska-Delacrétaz, and B. Dorizzi, “Multi-biometrics Based Crypto-biometric Session Key Generation and Sharing Protocol”, In ACM Workshop on Mumtimedia and Security (MM&Sec), 2011

April 17, 2023 7

Assumptions for the BSKGS protocol

• No trust between client and server during authentication

• No sensitive data should be exchanged

• Link between them is unprotected

• Biometric data not stored in classical form; must be revocable

• Protocol should achieve mutual authentication

• Should be able to use single or multiple biometrics

A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Features of the BSKGS Protocol

• Secure offline enrollment

• Data transferred through the channel does not pose privacy threat

• No storage or exchange of classical biometric data

• Mutual authentication between client and server

• Session specific crypto-biometric keys

• Single or multiple biometrics can be used depending on usage scenario

April 17, 2023 8A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Problems with the BSKGS Protocol

April 17, 2023 9A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

• The BSKGS protocol (and others mentioned earlier in related works) cannot work if:

– Two parties interested in secure communication are previously unknown to each other

– The two parties do not possess or do not wish to use a common biometric characteristic

– E.g., one may be unable to speak

Proposed Protocol for Establishing Secure Communication Session between Two Clients

10

Central Authority for Registration and Authentication (CARA)xA

cA K, x

BcB K,

BSKGS protocol

sAK

BSKGS protocolsBK

Client A

xA

shA KK ,

xB

shB KK ,

Secure communication request

Request accept

Client A and Client B authenticate themselves with the CARA and obtain individual session keys: ;

Request templates of the other party to the CARA

sAK

sBK

CARA sends to Client B and

to Client A (optional)

xA

sA

cA

KA KKfsA and),(

xB

sB

cB

KB KKfsB and),(

BSKGS protocol

Shuffling keys

Client B

Shuffling keys

Security of the Protocol

• Enrollment with the Central Authority for Registration and Authentication (CARA) done offline

• Templates stored at CARA are cancelable

• Locked code is generated by the client

• Protocol involves authentication using biometrics and a token (shuffling key) – revocability and diversity easily attainable

• Multiple biometric cues – higher difficulty for attackers

• Can also be integrated with classical cryptographic protocols such as TLS

• Entropy of the crypto-biometric key depends on the algorithm used in BSKGS

April 17, 2023 11A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Conclusions & Perspectives

• Secure session establishment between two clients who are previously unknown to each other

• Can work even when two clients are not using the same biometric characteristic

• Protocol works for single as well as multiple biometric modalities

• No storage and sharing of sensitive biometric data

• Session specific multi-biometrics based cryptographic keys

April 17, 2023 12A Novel Crypto-Biometric Scheme for Establishing Secure Communication Sessions Between Two Clients

Thank you !