SECURE KEY AGREEMENT USING PURE BIOMETRICS
Computer Science and Engineering, MSc. Thesis, 2015
Prof. Albert Levi (Thesis Advisor), Assoc. Prof. Berrin Yanıkoğlu,
Asst. Prof. Ahmet Onur Durahim
Date & Time: 29th of December, 2015 & 15:30
Place: FENS G035
Keywords: biometrics, cryptography, bio-cryptography, crypto-biometrics, quantization, key agreement, biometric authentication, information security, security analysis
In this thesis, we propose a novel secure key agreement protocol that uses biometrics with unordered set of features. Our protocol enables the user and the server to agree on a symmetric key, which is generated by utilizing only the feature points of the user's biometrics. It means that our protocol does not generate the key randomly or it does not use any random data in the key itself. As a proof of concept, we instantiate our protocol model using fingerprints. In our protocol, we employ a threshold-based quantization mechanism, in order to group the minutiae in a predefined neighborhood. In this way, we increase the chance of user-server agreement on the same set of minutiae. Our protocol works in rounds. In each round, depending on the calculated similarity score on the common set of minutiae, the acceptance/rejection decision is made. Besides, we employ multi-criteria security analyses for our proposed protocol. These security analyses show that the generated keys possess acceptable randomness according to Shannon's entropy. In addition, the keys, which are generated after each protocol run, are indistinguishable from each other, as measured by the Hamming distance metric. Our protocol is also robust against brute-force, replay and impersonation attacks, proven by high attack complexity and low equal error rates. At the end, the complexity analysis and the memory requirements of the protocol are discussed and it is showed that they are in acceptable limits. As shown by comparative analyses, this work outperforms the existing fuzzy vault method in terms of verification performance and the attack complexity.