Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

Software systems and computational methods
Reference:

Savinov A.N., Merkushev O.Yu. Protection of biometric access control subsystems

Abstract: the article discusses the zero-knowledge authentication protocol based on the based biometric fuzzy extractor and Elgamal cryptosystem. The authors review advantages, disadvantages and practical aspects of the application of this protocol. The article describes the types of biometric cryptographic systems (key release cryptosystems, key binding cryptosystems, key generation cryptosystems), provides their brief descriptions and reviews possible attacks. The authors state that there are two ways generating a biometric key from biometric data that will meet the requirements of modern cryptography at the same time having a low probability of type II errors. One of the major factors determining the level of security for a key-based informational infrastructure is the eff ectiveness of its information security access control subsystem functioning. The authors propose a zero-knowledge biometric authentication protocol. The key element of reliability of the protocol is in a single use of a session key “k”. There is no need to store confidential user data on the side of the access control subsystem and it is the main advantage of the presented protocol.


Keywords:

biometric cryptographic system, fuzzy extractor, Elgamal cryptosystem, protection of biometric subsystems, access control, biometric authentication protocol, session key, reliability, authentication, threats


This article can be downloaded freely in PDF format for reading. Download article


References
1. Bardaev S.E., Fin'ko O.A. “Mnogofaktornaya biometricheskaya porogovaya kriptosistema”, Izvestiya YuFU. Tekhnicheskie nauki, 2010, ¹4, S. 148–155.
2. Kulikova O.V. “Biometricheskie kriptograficheskie sistemy i ikh primenenie”, Bezopasnost' informatsionnykh tekhnologiy, 2009, ¹ 2009-3.
3. Juels A., Sudan M. “A Fuzzy Vault Scheme”, in Proc. of IEEE Intl. Symp. on Info. Theory, Lausanne, Switzerland, 2002, p. 408.
4. Nandakumar K., Jain A.K. “Multibiometric Template Security Using Fuzzy Vault”, in Proc. IEEE Int. Conf. Biometrics: Theory, Applications and Systems, Arlington, VA, Sep. 2008, pp. 1-6.
5. Scheirer W. J., Boult T. E. “Cracking Fuzzy Vaults and Biometric Encryption”, in Proc. of Biometrics Symposium, September 2007.
6. Kasperski K. “Sekretnoe oruzhie sotsial'noy inzhenerii” [Elektronnyy resurs] // Rezhim dostupa: http://www.insidepro.com/kk/004r.shtml.
7. GOST R 52633-2006 “Zashchita informatsii. Tekhnika zashchity informatsii. Trebovaniya k sredstvam vysokonadezhnoy biometricheskoy autentifikatsii”.
8. Dodis Y., Reyzin L., Smith A. “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” // April 13, 2004.
9. Boyen X. “Reusable cryptographic fuzzy extractors” // Eleventh ACM Conference on Computer and Communication Security. ACM, October 25–29 2004. R. 82–91.
10. Shnayder B. “Prikladnaya kriptografiya”. M.: Triumf, 2002.
11. Mukhachev V.A., Khoroshko V.A. “Metody prakticheskoy kriptografii“. – Kiev, OOO “Poligraf-Konsalting“, 2005. 215 s.
12. Korobeynikov A.G.,Vorob'ev A.O. ,Sidorkina I.G., PylinV.V. Analiz kriptograficheskoy stoykosti algoritmov asimmetrichnogo shifrovaniya informatsii. Izv.VUZOV. Priborostroenie. 2007. T. 50. ¹ 8., str. 28-32