• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.41-46
• /
• 2023

Biometrics is an application of biometric authentication and identification techniques that are used for security. Where people can be identified by physical or behavioral features such as iris, fingerprints, or even voice. Biometrics with cryptography can be used in a variety of applications such as issuing, generating, or associating biometric keys. Biometric identification and cryptography are used in many institutions and high-security systems due to the difficulty of tampering or forgery by hackers. In this paper, literature reviews on biometric identification and cryptography are presented and discussed. In addition to a comparison of techniques in the literature reviews, identifying its strengths and weaknesses, and providing an initial proposal for biometrics and cryptography.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.7
• /
• pp.2919-2937
• /
• 2020

Post-Quantum Cryptography (PQC) is rapidly developing as a stable and reliable quantum-resistant form of cryptography, throughout the industry. Similarly to existing cryptography, however, it does not prevent a third-party from using the secret key when third party obtains the secret key by deception, unauthorized sharing, or unauthorized proxying. The most effective alternative to preventing such illegal use is the utilization of biometrics during the generation of the secret key. In this paper, we propose a biometric-based secret key generation scheme for multivariate quadratic signature schemes, such as Rainbow. This prevents the secret key from being used by an unauthorized third party through biometric recognition. It also generates a shorter secret key by applying Principal Component Analysis (PCA)-based Confidence Interval Analysis (CIA) as a feature extraction method. This scheme's optimized implementation performed well at high speeds.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.8
• /
• pp.2010-2026
• /
• 2013

The combination of biometrics and cryptography gains a lot of attention from both academic and industry community. The noisy biometric measurement makes traditional identity based cryptosystems unusable. Also the extraction of key from biometric information is difficult. In this paper, we propose an efficient biometric identity based signature scheme (Bio-IBS) that makes use of fuzzy extractor to generate the key from a biometric data of user. The component fuzzy extraction is based on error correction code. We also prove that the security of suggested scheme is reduced to computational Diffie-Hellman (CDH) assumption instead of other strong assumptions. Meanwhile, the comparison with existing schemes shows that efficiency of the system is enhanced.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.389-395
• /
• 2013

As fusing IT and medical technique, the number of patients who adhere medical equipment inside of them is increasing. However there is a problem of for the third person to tap or modulate the patient's biometric data viciously. This paper suggests quantum encryption-based key distribution model to share key for the third person not to tap or modulate the patient's biometric data between patient and hospital staff. The proposed model uses one-time pad key that shares key sending random bits not direct sending message of quantum data. Also, it guarantees patient's anonymity because the biometric data of injected-device in the body doesn't be exposed unnecessarily.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.4987-5014
• /
• 2015

The bilinear pairing, also known as Weil pairing or Tate pairing, is widely used in cryptography and its properties help to construct cryptographic schemes for different applications in which the security of the transmitted data is a major concern. In remote login authentication schemes, there are two major requirements: i) proving the identity of a user and the server for legitimacy without exposing their private keys and ii) freedom for a user to choose and change his password (private key) efficiently. Most of the existing methods based on the bilinear property have some security breaches due to the lack of features and the design issues. In this paper, we develop a new scheme using the bilinear property of an elliptic point and the biometric characteristics. Our method provides many features along with three major goals. a) Checking the correctness of the password before sending the authentication message, which prevents the wastage of communication cost; b) Efficient password change phase in which the user is asked to give a new password after checking the correctness of the current password without involving the server; c) User anonymity - enforcing the suitability of our scheme for applications in which a user does not want to disclose his identity. We use BAN logic to ensure the mutual authentication and session key agreement properties. The paper provides informal security analysis to illustrate that our scheme resists all the security attacks. Furthermore, we use the AVISPA tool for formal security verification of our scheme.

• Journal of Korea Multimedia Society
• /
• v.22 no.4
• /
• pp.463-471
• /
• 2019

The growth of mobile technology particularly smartphone applications such as ticketing, access control, and making payments are on the increase. Elliptic Curve Cryptography (ECC)-based systems have also become widely available in the market offering various convenient services by bringing smartphones in proximity to ECC-enabled objects. When a system user attempts to establish a connection, the AIK sends hashes to a server that then verifies the values. ECC can be used with various operating systems in conjunction with other technologies such as biometric verification systems, smart cards, anti-virus programs, and firewalls. The use of Elliptic-curve cryptography ensures efficient verification and signing of security status verification reports which allows the system to take advantage of Trusted Computing Technologies. This paper proposes a device payment method based on ECC and Shuffling based on distributed key exchange. Our study focuses on the secure and efficient implementation of ECC in payment device. This novel approach is well secure against intruders and will prevent the unauthorized extraction of information from communication. It converts plaintext into ASCII value that leads to the point of curve, then after, it performs shuffling to encrypt and decrypt the data to generate secret shared key used by both sender and receiver.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.2
• /
• pp.41-49
• /
• 2016

Lossless encryption methods are more applicable than lossy encryption methods when marginal distortion is not tolerable. In this research, the author propose a novel lossless symmetric key encryption/decryption technique. In the proposed algorithm, the image is transformed into the frequency domain using the lifting wavelet transform, then the image sub-bands are encrypted in a such way that guarantees a secure, reliable, and an unbreakable form. The encryption involves scattering the distinguishable frequency data in the image using a reversible weighting factor amongst the rest of the frequencies. The algorithm is designed to shuffle and reverse the sign of each frequency in the transformed image before the image frequencies are transformed back to the pixel domain. The results show a total deviation in pixel values between the original and encrypted image. The decryption algorithm reverses the encryption process and restores the image to its original form. The proposed algorithm is evaluated using standard security and statistical methods; results show that the proposed work is resistant to most known attacks and more secure than other algorithms in the cryptography domain.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.11-21
• /
• 2008

Biometrics-based user authentication has several advantages over traditional password-based systems for standalone authentication applications. This is also true for new authentication architectures known as crypto-biometric systems, where cryptography and biometrics are merged to achieve high security and user convenience at the same time. Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto-biometric systems. This construct aims to secure critical data(e.g., secret key) with the fingerprint data in a way that only the authorized user can access the secret by providing the valid fingerprint, and some implementations results for fingerprint have been reported. However, the previous results had some limitation of the provided security due to the limited numbers of chaff data fer hiding real fingerprint data. In this paper, we propose an approach to provide both the automatic alignment of fingerprint data and higher security by using a 3D geometric hash table. Based on the experimental results, we confirm that the proposed approach of using the 3D geometric hash table with the idea of the fuzzy vault can perform the fingerprint verification securely even with more chaff data included.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1411-1419
• /
• 2017

The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

• Journal of Korea Multimedia Society
• /
• v.16 no.10
• /
• pp.1156-1162
• /
• 2013

Face verification has been widely studied during the past two decades. One of the challenges is the rising concern about the security and privacy of the template database. In this paper, we propose a secure face verification system which generates a unique secure cryptographic key from a face template. The face images are processed to produce face templates or codes to be utilized for the encryption and decryption tasks. The result identity data is encrypted using Advanced Encryption Standard (AES). Distance metric naming hamming distance and Euclidean distance are used for template matching identification process, where template matching is a process used in pattern recognition. The proposed system is tested on the ORL, YALEs, and PKNU face databases, which contain 360, 135, and 54 training images respectively. We employ Principle Component Analysis (PCA) to determine the most discriminating features among face images. The experimental results showed that the proposed distance measure was one the promising best measures with respect to different characteristics of the biometric systems. Using the proposed method we needed to extract fewer images in order to achieve 100% cumulative recognition than using any other tested distance measure.