1. Field
The present aspects relate to cryptographic systems, and more particularly, to systems, apparatus and methods for an identity based symmetric cryptosystem using biometric data that provides for both secure data transmission and secure access to transmit.
2. Background
Conventional password based security systems generally include two phases. First, an initial enrollment phase during which users select passwords, which are subsequently stored on an authentication device, such as an authentication server. Secondly, an authentication phase allows the user to gain access to resources or data by entering their passwords, which are then verified against the stored version of the password. However, such a password-based security mechanism is highly vulnerable. For example, if the passwords are stored as unencrypted, plain text, then an adversary who gains access to the system can obtain every password in the system. In this instance, even a single successful attack by the adversary can compromise the entire system. Additionally, password-based computer security systems are susceptible to brute force attacks, in which all possibilities are searched to decipher the passwords, or a dictionary attack, in which only possibilities most likely to succeed (e.g., a list derived from words in a dictionary) are searched.
An additional problem related to password-based security systems is that passwords are not required to be user-specific, in that passwords can be shared amongst more than one individual/user, making it difficult for the system to know who has the password at any given point in time. Thus, authentication in such security systems is possession based and thus, possession of the password is sufficient to establish user authenticity. This means that passwords are unable to provide requisite non-repudiation.
To address some of these problems conventional password systems have evolved to implement encryption. For example, the passwords are encrypted during the enrollment phase using an encryption or hash function and during the authentication phase, when a user enters a candidate password, the function is applied to the candidate password and access is granted if the encrypted candidate password matches the encrypted password stored during the enrollment phase. Such encrypted passwords provide no benefit to an adversary unless the adversary possesses or has knowledge of the encryption or hash function. However, unless the encryption function is deemed to be strong, adversaries have shown a propensity to be able to hack or otherwise decipher encryption codes. So-called “strong” encryption codes, while they may prevent hacking, may be too expensive, complex and/or inefficient to implement in certain instances.
Recently, biometric data has been used as a means of providing user authentication. In a biometric security system physical biometric features of a user are measured to obtain biometric parameters, commonly referred to as observations. The biometric features may include, but are not limited to, fingerprints, eye-related features, such as iris recognition, other face recognition features, voice recognition features and the like. However, a conventional biometric security system, in which the biometric data is unencrypted, has the same vulnerability as a conventional password based system. Specifically, if the database stores unencrypted biometric templates in a central database or in the user device, then the parameters are subject to attack and misuse. Once the biometric parameters are illicitly located, the adversary may be able to modify the parameters to match the appearance or characteristic of the adversary to gain unauthorized access. In addition, the threat exists of having “fake” biometric data inputted in an artificial manner. Also, unlike password security, biometric data is not a secret and, as such, some biometric data, such as fingerprints, can be easily forged if the data is obtained.
Additionally, encryption of biometric data has proven to be a challenging task. Among other reasons, the manner by which the biometric features are measured and the variance in the biometric features from one measurement to another, termed “noise” provide obstacles to a cryptographic system implementing biometric data. For example, biometric parameters may be captured and entered during an enrollment phase, such that enrollment biometric parameters are encrypted using an appropriate encryption function. However, during the authentication phase, the biometric parameters obtained from the same user may differ from those taken at enrollment. For example, if the biometric data is related to facial feature recognition, the capturing equipment and lighting may differ and the features themselves may change over time. Thus, if the biometric data captured during authentication are passed through the same encryption function, the result may not match the enrollment data. In this regard, no acceptable methods for performing error correction or syndrome code decoding for the noise structure particular to biometrics exists. Most previous secure biometric systems use a memory-less noise model or other models that oversimplify the nature of the noise and do not reflect actual operational conditions. As such, the previous attempts at secure biometrics do not adequately represent the time varying dynamics of biometric features and the acquisition and measurement processes.
Recently, multimodal biometric fusion has been introduced which uses in combination more than one source of biometric data with error correction and some secret information, such as a password or PIN to generate a secret key. However, this type of security technique requires storage of a large quantity of data and it tends to be resource intensive to implement and, thus costlier to implement than other biometric techniques. Additionally, liveliness detection testing of biometric data has been implemented, in which a “live” human characteristic is captured, such as temperature, blood flow, heartbeat or the like. However, implementation of liveliness detection testing may not be feasible on resource constrained devices, such as handheld wireless devices or the like, which would require different types of sensors than are currently available on such devices.
Therefore, a need exists to develop a highly secure biometric model through which both access and transmission can effectively be made very secure. The desired model should address and overcome the inherent variability of biometric data, while providing for a model that prevents duplication of biometric data.