A New Biometrics based Key Exchange and Deniable

Authentication ProtocolK. Saraswathi Asst.Proffessor, Department of Computer ScienceGovt Arts CollegeUdumalpet, Tirupur, Indiadharundharsan@rediffmail.comDr. R. Balasubramanian Dean Academic AffairsPPG Institute of TechnologyCoimbatore, Indiaramamurthybala2@gmail.com  Abstract-Wireless Local Area Networks (WLANs) are gaining recognition as they are fast, cost effective, supple and easy to use. The networks face a serious of issues and challenges in establishing security to the users of the network. With users accessing networks remotely, transmitting data by means of the Internet and carrying around laptops containing sensitive data, ensuring security is an increasingly multifarious challenge. Therefore it is necessary to make sure the security of the network users. In order to provide network security many techniques and systems have been proposed earlier in literature. Most of these traditional methods make use of password, smart cards and so on to provide security to the network users. Though these traditional methods are effective in ensuring security they posses some limitations too. The problem with these traditional approaches is that there is possibility to forget the password. Moreover, compromised password lead to a fact, that unauthorized user can have access to the accounts of the valid user. This paper  proposes an approach for network security using biometrics and deniable authentication protocol. The human biometrics like hand geometry, face, fingerprint, retina, iris, DNA, signature and voice can be effectively used to ensure the network security. The diverse phases included in this proposed approach are user registration, fingerprint enhancement, minutiae point extraction, mapping function and deniable authentication protocol. Furthermore, biometric authentication systems can be more convenient for the users since it involves no password that might be feared to be forgotten by the network users or key to be lost and therefore a single biometric trait (e.g., fingerprint) can be used to access several accounts without the burden of remembering passwords. This proposed paper also explains some of the fingerprint enhancement techniques to make the biometric template noise free. Experiments are conducted to evaluate the performance measure of the proposed approach.Keywords-Biometrics, Cryptography, Data Security, Finger print, Mapping Function, Minutiae Point, Network Security, User Registration.

I.INTRODUCTIONAccurate, automatic identification and authentication of users is an elemental problem in network environments. Shared secrets such as personal identification numbers or  passwords and key devices like smart cards are not just enough in some cases. This authentication method has traditionally been based on passwords. The problem with these traditional approaches is that there is possibility to forget the password. Moreover, compromised password lead to a fact, that unauthorized user can have access to the accounts of the valid user. The Biometric based user authentication systems are highly secured and efficient to use and place total trust

on the authentication server where biometric verification data are stored in a central database [1]. This biometrics based user authentication system improves the network security. Some of most widely used biometric are hand geometry, face, fingerprint, retina, iris, DNA, signature and voice. Biometrics is the science of measuring and statistically analyzing biological data can be used to recognize different body parts like the eyes, fingerprints, facial characteristics, voice etc. Thus, it takes security to the next level by not just confining it to authenticating passwords, fingerprint matching techniques [2]. Based on the individual's biometric characteristics a biometric system recognizes an individual. The process of a biometric system can be described, in a beginner's manner, by a three-step process. The foremost step in this process is collection of the biometric data which is formally known as user registration. This step uses different sensors, to assist the user in the registration process. The second step converts and describes the observed data using a digital representation called a template. This step varies between modalities and also between vendors. In the third step, the newly acquired template is compared with one or more previously generated templates stored in a database. The result of this comparison is a “match” or a “non-match” and is used for actions such as permitting access, sounding an alarm, etc [15].Declaring a match or non-match is based on the obtained template being analogous, but not one and the same, to the stored template. A threshold determines the measure of similarity necessary to result in a match declaration. The acceptance or rejection of biometric data is completely dependent on the match score falling above or below the threshold. The threshold is adjustable so that the biometric system can be more or less stringent, depending on the requirements of any given biometric application [15]. Among all the biometric techniques, today fingerprints are the most widely used biometric features for personal identification because of their high acceptability, Immutability and individuality. This paper proposes a technique to secure the network communication using biometric characteristics obtained from the individuals. The biometric characteristic used in this paper is fingerprint. This proposed paper utilizes image processing technique to extract the biometric measurement called minutiae from the user’s fingerprint. The user’s full finger  print image is converted and stored as encrypted binary template, which is used for authentication by the server of the network. The user’s biometric verification data are first transformed into a strong secret and is then stored in the server’s database during registration. The proposed system is evaluated to determine the performance measures. The remainder of this paper is organized as follows. Section2 discusses some of the related work proposed earlier in association to biometric based network security. Section 3describes the proposed approach of providing network security using the biometric characteristics obtained finger print. Section 4 illustrates the performance measures and Section 5concludes the paper with directions to future work.

II.RELATED WORK 

 A lot of research has been carried out in the field of establishing network security based on biometric features obtained from individual user [13] [14]. This section of the paper discusses some of the related work proposed earlier in association to biometric based network security. In their work [3] Rahman et al. proposed architecture for secure access of computers inside an organization from a remote location. They used biometrics features and a one-time password mechanism on top

of secure socket layer (SSL) for authentication. Moreover they also provided three layers of security levels for network communication, and also a mechanism for secure file accesses based on the security privileges assigned to various users was proposed. The files to be accessed from the server are categorized depending on their access privileges and encrypted using a key assigned to each category. The test results of their approach evaluated the performance of their proposed approach.Chung et al. in [4] described a method for biometric basedsecret key generation for protection mechanism. The binding of the user's identity and biometric feature data to an entity is provided by an authority through a digitally signed data structure called a biometric certificate. Therefore, the main goal (or contribution) of their work is to propose a simple method for generating biometric digital key with biometric certificate on fuzzy fingerprint vault mechanism. Biometric digital key from biometric data has many applications such as automatic identification, user authentication with message encryption, etc. Therefore, their work analyzed the related existing scheme and proposed a simplified model where general fuzzy fingerprint vault using biometric certificate with security consideration. Dutta et al. in [5] presented a novel method for providing network security using biometric and cryptography. They proposed a biometrics-based (fingerprint)Encryption/Decryption Scheme, in which unique key is generated using partial portion of combined sender's and receiver’s fingerprints. From this unique key a random sequence is generated, which is used as an asymmetric key for  both Encryption and Decryption. Above unique Key is send by the sender after watermarking it in sender's fingerprint along with Encrypted Message. The computational requirement and network security features are addressed. Proposed system has a advantage that for public key, it has not to search from a database and security is maintained. Network security issues are projected by Benavente et al. in[6]. The Internet is increasingly becoming a public vehicle for remote operations. Integrating biometric information in the authentication chain explores new problems. Remote virtual identity is starting to play in the way towards an e-Europe, and applications for e-government integrate biometrics. Remote identity of subjects should be unambiguously stated. Several features drive the spread of biometric authentication in network applications, in order to provide end-to-end security across the authentication chain aliveness detection and fake-resistive methods, network protocols, security infrastructure, integration of biometrics and public key infrastructure (PKI),etc. Their paper proposed a mid-layer interoperable architecture furnished with a set of generic interfaces and protocol definitions. Their scheme enables a future introduction of new modules and applications with a minimal development effort. An intelligent fingerprint based security system was designed and developed by Suriza et al. in [7]. Traditionally, user authentication is meant to provide an identification number or a password that is unique and well protected to assure the overall system security. This type of security system is very fragile in an area where a higher level of security system is required. Biometrics-based system offers anew and better approach to user authentication. Biometrics authentication is an automated method whereby an individual identity is confirmed by examining a unique physiological trait or behavioral characteristic, such as fingerprint, iris, or signature, since physiological traits have stable physical characteristics. The design and development of a fingerprint- based security system, comprising the scanner, interface system, Boltzmann machine neural network and access control system is discussed in this paper. The integration between the hardware and the software is completed by using Visual Basic6

programming language. The results obtained both for the simulation studies and testing of the integrated system with real-life physical system have demonstrated the practicality of such system as well as its potential applications in many fields. Ronald in [8] put forth an alternative approach for password in network security using biometrics. Passwords are the primary means of authenticating network users. However, network administrators are becoming concerned about the limited security provided by password authentication. Many administrators are now concluding that their password-based security systems are not all that secure. User passwords are routinely stolen, forgotten, shared, or intercepted by hackers. Another serious problem is that computer users have become too trusting. They routinely use the same password to enter  both secure and insecure Web sites as well as their networks at work. In response to the proven lack of security provided by password authentication, network administrators are replacing network passwords with smartcards, biometric authentication, or a combination of the three. Smart cards are credit card-size devices that generate random numbers about every minute, in sync with counterparts on each entry point in the network. Smart cards work well as long as the card isn't stolen. A better choice to ensure network security is the use of biometrics. Their paper investigated the different biometric techniques available to determine a person's identity. Also described, were the criteria for selecting a biometric security solution. In conclusion, efforts to establish biometric industry standards(including standard application program interfaces (APIs))were discussed.

III.PROPOSED APPROACH

 Biometric cryptosystems [9] join together cryptography and biometrics to promote from the strengths of both fields. In such systems, while cryptography provides high and adjustable security levels, biometrics brings in non-repudiation and eliminates the must to remember passwords or to carry tokens etc. In biometric cryptosystems, a cryptographic key is generated from the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication. The overall architecture of the biometric system to improve network security is shown in

figure 1. The Server maintains a database where the encrypted minutia template of the user’s finger print is stored. In this setting, users communicate with the server for the principle of user authentication, by rendering users fingerprint, which is transformed into a long secret detained by the server in its database [1].Figure 1.Biometric System Figure 2 shows a common idea of obtaining the minutiae points from biometric feature obtained from the user. The key vector is formed based on minutiae points (ridge ending and ridge bifurcation) are encountered in the given finger print image [10]. Figure 2 shows various steps involved in the proposed system for network security using biometrics. Figure 2 Steps involved in Extracting Feature Point 

A. User RegistrationThis step is popularly known as Enrolment phase. In all the security system to enroll as a legitimate user in a service, a user must previously register with the service provider by ascertaining his/her identity with the provider. Therefore a scanner is used to scan the fingerprint of the user to reveal his/her identity for the first time. The finger print image thus obtained undergoes a series of enhancement steps. This is described in the following section of this proposed paper.

B. Fingerprint Enhancement  This is very important step in designing a security system for network security using biometrics. This step comprise of the subsequent processing on the obtained fingerprint image. As we all know a fingerprint is made of a series of ridges and furrows on the surface of the finger. This determines the uniqueness of the individuals fingerprint. No two finger print scan have the same pattern of ridges and furrows. Minutiae points are local ridge characteristics that happen at either a ridge bifurcation or a ridge ending. The ridges hold the information of characteristic features obligatory for minutiae extraction therefore the quality of the ridge structures in a fingerprint image turns out to be an important characteristic. The obtained image is then subjected to image enhancement techniques to reduce the noise [11]. The following are the widely used image improvement techniques, normalization, orientation estimation, local frequency estimation, Gabor filtering, and thinning.

1. Normalization

The process of standardizing the intensity values in an image by adjusting the range of gray-level values so that it lies within a desired range of values is termed as “normalization”. Moreover the ridge structures in the fingerprint are not affected as a result of this process. It is carried out to standardize the dynamic levels of variation in gray-level values that facilitates the processing of subsequent image enhancement stages. Figure 3 shows a image of the fingerprint before and after normalization

2.Orientation Estimation

The orientation estimation is an essential step in the enhancement process as the successive Gabor filtering stage relies on the local orientation in order to successfully enhance the fingerprint image. Figure 4 (a) and (b) illustrates the

results of orientation estimation and smoothed orientation estimation of the fingerprint image respectively. In addition to the orientation image, another important parameter that is used in the construction of the Gabor filter is the local ridge frequency.

3.Gabor Filtering

Once the ridge orientation and ridge frequency information has been single-minded, these parameters are used to construct the even-symmetric Gabor filter. Gabor filters are employed because they have frequency-selective and orientation selective properties. These properties allow the filter to be tuned to give maximal response to ridges at a specific orientation and frequency in the fingerprint image. Therefore, a properly tuned Gabor filter can be used to effectively preserve the ridge structures while reducing noise. Figure 5illustrates the results of using Gabor filter to a finger print image

4.Thinning

The concluding image enhancement pace typically performed former to minutiae extraction is thinning. Thinning is a morphological operation that successively erodes away the foreground pixels until they are one pixel wide. The application of the thinning algorithm to a fingerprint image preserves the connectivity of the ridge structures while forming a skeleton version of the binary image. This skeleton image is then used in the subsequent extraction of minutiae. Figure 6 shows the results of thinning to a fingerprint image

C. Minutiae Feature Extraction

The next step is to extract the minutiae from the enhanced image. The most generally engaged technique of minutiae extraction is the Crossing Number (CN) concept [12]. This method engrosses the use of the skeleton image where the ridge flow pattern is eight-connected. The minutiae are extracted by scanning the local neighborhood of each ridge pixel in the image using a 3x3 window. The CN value is then computed, which is defined as half the sum of the differences between pairs of adjacent pixels in the eight-neighborhood. Figure 7 represents the list of minutiae in a fingerprint image.

D. Mapping Function

The coordinate system used to articulate the minutiae point locations of a fingerprint is a Cartesian coordinate system. The X and Y coordinate of the minutiae points are in pixel units. Angles are expressed in standard mathematical format, with zero degrees to the right and angles increasing in the counter-clockwise direction. Every minutia can be stored as a binary string. Each minutiae point can be recorded in 27 bits: 1 bit for the minutiae type, 9 bits each for minutiae X coordinate and Y coordinate, and 8 bits for the minutia angle. Thus, the binary representation of minutiae point is obtained. Suppose Mi = (ti,xi, yi,θi) (i = 1 . . . n)

are the all extracted minutiae for a fingerprint image. Then these minutiae points can be arranged in a list from left to right by ascending X-co-ordinate, if equal by ascending Y-co-ordinate (first X, then Y) as follows:Mi1Mi2 · · ·Min The result of the feature extraction stage is what is called a minutia template (FP). An approximate range on the number of minutiae found at this stage is from 10 to 80. These are the different steps involved in designing a fingerprint based biometric authentication system for network security.

E. The Finger Print Hardening Protocol There are two necessities for registration using Finger Print.1. The user should obtain the biometric feature from his finger  print using suitable image processing techniques as one mentioned in the previous section.2. The minutia template should be encrypted with AES 128 bit symmetric cipher and is then transmitted to the server for storage in the database, so that it should not be possible for an outside attacker to determine the biometric feature by an exhaustive search either at the server side or by meet in the middle attack.

 

PERFORMANCE MEASURES This section of the paper explains the performance measures of our approach. The fingerprint processing has been done in MATLAB 7. Some of the minutiae extracted from a sample finger print are shown in table 1. In the context of modern biometrics, these features, called fingerprint minutiae, can be captured, analyzed, and compared electronically, with correlations drawn between a live sample and a reference sample, as with other biometric technologies. There are two requirements for registration using Finger Print. The user should obtain the biometric feature from his finger print using appropriate image processing techniques as one mentioned in the previous section. The second is that the minutia template should be encrypted with AES 128 bit symmetric cipher and is then transmitted to the server for storage in the database, so that it should not be

possible for an outside attacker to determine the biometric feature by an exhaustive search either at the server side or by meet in the middle attack.

where 1 represent ridge ending point and 0 represent isolated point in a fingerprint image. Thus, the minutia can be expressed as a 4-vector with its elements in order, the type t, the X and Y coordinates (x, y), and the direction θ (Angle value is a non-negative value between 0 and 179, in units of degree) as shown in table 1. If each minutia is stored with type(1 bit), location (9 bits each for x and y), and direction (8 bits),then each will require 27 bits and the template will require up to 270 bytes. Then this binary representation is mapped on to a finger print hardening protocol for the generation of strong secret. The performance measures obtained revealed that the proposed method effectively provides network security. Therefore it can be directly applied to fortify existing standard single-server biometric based security applications. The analysis for the security of the protocol is based on the following assumptions(i) For a cyclic group G, generated by g, we are given g and gn, n∈ N, the

challenge is to compute n.(ii) Given g, ga, gb, it is hard to compute gab. Clearly if these assumptions are not satisfied then C, an adversary, can gain access to the key gab. A compromised session secret does not affect the security of the proposed deniable authentication protocol.

The session secret can be derived from k' ≡ YR XsH (M||T)+tr  mod p, where a random t is chosen independently from each session. If an attacker wants to forge the deniable information with the forged message M’ by using the compromised session k , the receiver will derive a different session secret from the forged information. This is because that the message and its corresponding session secret are interdependent. Thereby, a compromised session secret does not affect the security of other sessions.

V.CONCLUSION

 This paper proposes an approach for network security using biometrics. Biometric systems are commonly used to control access to physical assets (laboratories, buildings, cash from ATMs, etc.) or logical information (personal computer accounts, secure electronic documents, etc). The human biometrics like hand geometry, face, fingerprint, retina, iris, DNA, signature and voice can be effectively used to ensure

the network security. In biometric cryptosystems, a cryptographic key is generated from the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication. In this system, the ideas in the areas of image processing technique are reused to extract the minutiae from biometric image. The preprocessing techniques mentioned in this paper  play an important role in improving the performance of the proposed biometric based network security system. The performance measures obtained revealed that the proposed method effectively provides network security. Therefore it can be directly applied to fortify existing standard single-server  biometric based security applications. The future works rely on improving the network security by making use of cancelable biometrics and multimodal biometrics in the proposed authentication system.

REFERENCES [1] Rajeswari Mukesh, A. Damodaram, and V. Subbiah Bharathi, “Finger Print Based Authentication and Key Exchange System Secure AgainstDictionary Attack,” IJCSNS International Journal of Computer Scienceand Network Security, Vol. 8, no. 10, pp. 14-20, 2008.

[2] T. Gunasekaran, and C. Parthasarathy, “Biometrics in Network Security,” International Journal of Computer Network and Security(IJCNS), vol. 1, no. 1, pp. 36-42, 2006.

[3] Mahfuzur Rahman, and Prabir Bhattacharya, “Secure Network Communication Using Biometrics,” IEEE International Conference onMultimedia and Expo (ICME'01), p. 52, 2001.

[4] Yunsu Chung, Kiyoung Moon, and Hyung-Woo Lee, “BiometricCertificate Based Biometric Digital Key Generation with ProtectionMechanism,” Frontiers in the Convergence of Bioscience andInformation Technologies, pp. 709-714, 2007.

[5] Sandip Dutta, Avijit Kar, N. C. Mahanti, and B. N. Chatterji, “Network Security Using Biometric and Cryptography,” Proceedings of the 10thInternational Conference on Advanced Concepts for Intelligent VisionSystems, pp. 38-44, 2008.

[6] O. S. Benavente, and R. Piccio-Marchetti, “Authentication services and biometrics: network security issues,” 39th Annual 2005 InternationalCarnahan Conference on Security Technology, 2005. CCST '05, pp.333-3336, 2005.

[7] Suriza Ahmad Zabidi, and Momoh-Jimoh E. Salami, “Design andDevelopment of Intelligent Fingerprint-Based Security System,”Knowledge-Based Intelligent Information and Engineering Systems,Book Chapter on Springer link, vol. 3214, pp. 312-318, 2004.

[8] Ronald G. Wolak, “Network Security: Biometrics - The PasswordAlternative,” School of Computer and Information Sciences, 1998.

[9] Umut Uludag, Sharath Pankanti, Salil Prabhakar, and Anil K. Jain“Biometric Cryptosystems Issues and Challenges” Proceedings of theIEEE 2004.

[10]. Arul, and Dr. A. Shanmugam, “Generate A Key for AES UsingBiometric for VOIP Network Security,” Journal of Theoretical andApplied Information Technology, pp. 107-112, 2009.

[11] L. Hong, Y. Wan, and A. Jain, “Fingerprint Image Enhancement:Algorithm and Performance Evaluation,” IEEE Trans. Pattern Analysisand Machine Intelligence, vol. 20, no.8, pp.777-789, 1998.

[12] S. Kasaei, and B. Boashash, “Fingerprint feature extraction using block-direction on reconstructed images,” In IEEE region TEN Conference ondigital signal Processing applications, TENCON, pp. 303– 306, 1997.

[13]  N. K. Ratha, J. H. Connell, and R. M. Bolle “Enhancing security and privacy in biometrics based authentication systems”, IBM SystemsJournal, vol. 40, pp. 614-634, 2001.

[14] Alexander P. Pons , and Peter Polak, “Understanding user perspectiveson biometric technology,” Communications of the ACM, vol. 51, no. 9, pp. 115-118, September 2008.

[15] “Biometrics Security Considerations,” Systems and Network AnalysisCenter Information Assurance Directorate, www.nsa.gov/snac.

[16] W. B. Lee, C. C. Wu, and W. J. Tsaur, “A Novel AuthenticationProtocol Using Generalized ElGamal Signature Scheme”, InformationSciences, 177, 2007, pp.1376-1381.

[17] Li Gang1, Xin Xiangjun, Li Wei, "An Enhanced DeniableAuthentication Pr otocol," International Conference on ComputationalIntelligence and Security, Jan 2008