Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
5
International Journal of Computer Applications (0975 – 8887)
Volume 3 – No.6, June 2010
2. EMBEDDED CRYPTO-BIOMETRIC encrypted into cipher image before transmitting through the
secured channel.
AUTHENTICATION PROTOCOL
Generally, there are two basic fingerprint authentication Decryption is the reverse process of encryption. Fingerprint
schemes, namely the local and the centralized matching [11]. In image is recovered (plain image) by using the same key. DES,
the central matching scheme, fingerprint image captured at the Triple DES and AES algorithms are the commonly used
terminal is sent to the central server via the network and then it symmetric key algorithms. Shared key, less time consumption,
is matched against the minutiae template stored in the central easy operation and secret key are the merits of symmetric key
server. algorithms.
There are three stages in the protocol namely registration, login
and authentication. In the registration phase, the fingerprints of 3.1 AES Algorithm [13-14]
ATM users are enrolled and the derived fingerprint templates are
The advanced encryption standard (AES) is a replacement to
stored in the central server. The login phase is performed at an
DES as the federal standard. AES has already received
ATM terminal equipped with a fingerprint sensor. The proposed
widespread use because of its standard definition, high security
block schematic of embedded crypto biometric authentication
and freedom patent entanglements. In cryptography, the
system is shown in Fig (1).
Advanced Encryption Standard (AES) is also known as Rijndael
algorithm [13].
Unlike its predecessor DES, Rijndael is an iterated block cipher
ENCRYPTION
which supports variable block length and key length. Both
KEY
lengths can be independently specified as 128, 192 or 256 bits. It
has a variable number of iterations: 10, 12 and 14 for key lengths
IMAGE IMAGE of 128, 192 or 256 bits respectively. In this paper, a 128 bit block
PRE-PROCESSING ENCRYPTION [14] and key length are assumed, although the design could be
adopted without difficulty to other block and key lengths. AES is
fast in both software and hardware, relatively easy to implement,
and requires little memory. As a new encryption standard, it is
Central Server currently being deployed on a large scale.
Fingerprint templates
Singularity Frequency Minutiae Plain text (128 bits)
YES
Rounkey (0)
IMAGE MINUTIAE ACCESS
MATCHING
DECRYPTION EXTRACTION GRANTED
Subbytes
DECRYPTION NO
ACCESS Shiftrows For i=1 to Nr-1
KEY
DENIED Mix columns
Rounkey (i)
Fig. 1 Schematic of embedded crypto biometric authentication
system.
Subbytes
In the authentication phase, the fingerprint image is then Final round
Shiftrows
encrypted and transmitted to central server via secured channel.
At the banking terminal the image is decrypted using 128 bit
private key algorithm [9]. The encrypted image is transmitted to Rounkey (Nr)
the central server via secured channel. At the banking terminal
the image is decrypted using the same key. Based on the Ciphertext (128 bits)
decrypted image, minutiae extraction and matching are
conducted to verify the presented fingerprint image belongs to (a)
the claimed user. The authentication is signed if the minutiae
matching are successful.
6
International Journal of Computer Applications (0975 – 8887)
Volume 3 – No.6, June 2010
Ciphertext (128 bits) performed. The key consists of the remainders and a
supplementary digit that makes the sum of key equals to N. For
example, in a 256×256 gray level fingerprint image, there are
Rounkey (Nr)
five points picked up, their coordinates and pixels values are:
(32,21,240); (58,115,175); (135,174,189); (216,172,194);
Inv Subbytes
(218,221,236). After conducting mod (40) and mod (10)
Inv Shiftrows For i=1 to Nr-1 operations for the coordinates and the gray level values,
InvMix columns
respectively. The result is: (32,21,0); (18,35,5); (15,14,9);
(16,12,4);(18,21,6). The sum of above five groups numbers is
Sm=226. At last, a supplementary digit N – Sm =256-226=30 is
Rounkey (i)
the last digit of the key, where N and S m denote the size of the
image and the sum of the co-ordinates and pixel vales
Inv Subbytes
Final round
respectively. The encryption key is: {32, 21, 0, 18, 35, 5, 15,
Inv Shiftrows 14, 9, 16, 12, 4, 18, 21, 6, 30}
Rounkey (0)
4.2 From the stable global features of fingerprint image
Plain text (128 bits) Some global features such as core and delta are highly stable
points in a fingerprint, which have the potential to be served as
(b) cryptography key. Some byproduct information in the processing
of fingerprint image can be used as the encryption key. For
example, the Gabor filter bank parameters[7] are: concentric
Fig. 2 AES algorithm (a) Encryption Structure (b) Decryption bands is 7, the number of sectors considered in each band is 16,
Structure each band is 20 pixels wide; there are 12 ridge between core and
delta, the charges of the core and delta point are 4.8138e-001 and
9.3928e-001, and the period at a domain is 16. Then the key
could be: {7, 16, 20, 12, 4, 8, 13, 8, 9, 39, 28, 27, 1, 16, 50, and
42}.
AES [14] consists of following steps 4.3 Pseudo random number generator based on chaotic map
Key Generation [12] one can use the pseudo-random number generator
Initial Round introduced in [5] to produce the key. Chaotic maps provide
excellent security and have many desired cryptographic qualities.
Rounds
They are simple to implement which results in high encryption
(i) Sub Bytes — a non-linear substitution step
rates. In chaos based encryption, the method for developing a
where each byte is replaced with another according to a
cipher consists of four steps.
lookup table.
Designing the basic map
(ii) Shift Rows — a transposition step where each row
Generalized map
of the state is shifted cyclically a certain number of
Discretized version
steps.
Extension to three dimensions
(iii) Mix Columns — a mixing operation which
operates on the columns of the state, combining the
Starting with M N image with L gray levels (for example, with
four bytes in each column.
the image consisting of a black square) after performing k
(iv) AddRoundKey — each byte of the state is iterations, we obtain M N pseudo random integers in the range
combined with the round key; each round key is [0, L-1]. Majority of traditional random number generators
derived from the cipher key using a key schedule. generate the next number in the sequence by following certain
Final Round (no Mix Columns) deterministic rule, i.e., there is a deterministic relationship
between xi and xi 1 . The random number generator based on
three-dimensional maps is nontraditional because it does not
4. KEY GENERATION have this property. If more than M N random numbers are
Encryption keys are vital to the security of the cipher, which can needed, we can perform another k iteration of the chaotic map
be derived in the following three methods: and get another set of M N random numbers. To encrypt a
fingerprint image, three to six iterations can hide the image
perfectly where each iteration is suggested to use different key.
4.1 Randomly chosen values of pixels and their co-ordinates
in raw image The quality of stream ciphering based on mixing the plaintext
with a sequence of pseudo random numbers depends on the
Randomly choose 5-10 points in the raw fingerprint image. The following factors:
vertical and horizontal position of pixels, as well as the gray
level values of each point is served as key. MOD operations are The period of the pseudo random sequence [5].
7
International Journal of Computer Applications (0975 – 8887)
Volume 3 – No.6, June 2010
(a) (b)
8
International Journal of Computer Applications (0975 – 8887)
Volume 3 – No.6, June 2010