A cancelable biometric based secure session key agreement protocol employing elliptic curve cryptography

  • Arpita SarkarEmail author
  • Binod Singh
Original Article


Cryptography is the common compelling recommendation for reliable communication of data. A cryptographic key is a meaningful thing in this system. Despite, such key demands to be collected in a secured place or carried through a distributed communication line which, in actuality, poses another alert to safety. As a substitute, researchers affirm the creation of cryptographic key utilizing the biometric features of both sender and receiver throughout the sessions of communication, thus bypassing key sharing through the insecure channel and at the very time without imperiling the power in safety. Nonetheless, the biometric-based cryptographic key formation contains few matters so as the secrecy of biometrics, distributing of biometric data among both communicating users, and creating the revocable key of irrevocable biometric. Aforementioned work discusses the above-mentioned concerns. Here a structure for reliable communication among two users using cancelable fingerprint based session key agreement protocol has been suggested. For this, communication a session key is created by both communicating parties at their end using their cancelable fingerprint biometrics. In this aforementioned method, each original biometric data is converted into a cancelable biometric data and the revocable key for session key agreement protocol is created from the cancelable fingerprint of the communicating parties. For better performance and security purposes, all the actions of this protocol are based on elliptic curve cryptography. Proposed protocol precludes undesired third-parties from requiring a key selection on this agreeing parties. Based on the experimental evaluation across four datasets of FVC2002, the proposed structure is privacy-preserving and is excellently fitting for various real-time biometric-based applicability.


Biometrics Cancelable template Key agreement protocol Elliptic curve cryptography Network security 



  1. Abid M, Afifi H (2009) Towards a secure e-passport protocol based on biometrics. J Inf Assur Secur (JIAS) (Spec Issue Access Control Protoc) 4(4):338–345Google Scholar
  2. Barman S, Chattopadhyay S, Samanta D (2014) An approach to cryptographic key distribution through fingerprint based key distribution center. In: Communications and informatics 2014 international conference on advances in computing. IEEE, Delhi, pp 1629–1635.
  3. Barman S, Chattopadhyay S, Samanta D (2015a) Fingerprint-based crypto-biometric system for network security. EURASIP J Inf Secur 1:3CrossRefGoogle Scholar
  4. Barman S, Chattopadhyay S, Samanta D (2015b) A novel secure key-exchange protocol using biometrics of the sender and receiver. Comput Electr Eng 64:65–82CrossRefGoogle Scholar
  5. Barni M, Bianchi T, Catalano D, Di Raimondo M, Labati RD, Failla P, Lazzeretti DFR, Piuri V, Scotti F, Piva A (2010) Privacy-preserving fingercode authentication. In: the 12th ACM workshop on multimedia and security, Rome, Italy.
  6. Boult TE, Scheirer WJ, Woodworth R (2007) Revocable fingerprint biotokens: accuracy and security analysis. In: IEEE conference on computer vision and pattern recognition, pp 1–8.
  7. Boyen X (2004) Reusable cryptographic fuzzy extractors. In: 11th ACM conference on computer and communications security (CCS).
  8. Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Eurocrypt.
  9. Bringer J, Chabanne H, Izabachne M, Pointcheval D, Tang Q, Zimmer S (2007) An application of the Goldwasser–Micali cryptosystem to biometric authentication. In: The 12th Australasian conference on information security and privacy (ACISP ’07). Google Scholar
  10. Buhan I, Doumen J, Hartel P, Veldhuis R (2007) Secure ad-hoc pairing with biometrics: SAfE. Technical Report, University of Twente. CrossRefGoogle Scholar
  11. Chen L, Kudla C (2002) Identity based authenticated key agreement protocols from pairings. IACR Cryptology ePrint Archive 2002, p 184Google Scholar
  12. Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentication scheme for Internet of Things environments. Int J Commun Syst 30:e3323CrossRefGoogle Scholar
  13. Dierks T, Rescorla E (2008) The transport layer security (TLS) protocol version 1.2 request for comments: 5246, Internet Engineering Task Force (IETF)Google Scholar
  14. Elgamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theory 31(4):469–472. MathSciNetCrossRefzbMATHGoogle Scholar
  15. Fan C, Lin Y (2009) Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans Inf Forensic Secur 4(4):933–945. CrossRefGoogle Scholar
  16. Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Trans Comput 55(9):1081–8CrossRefGoogle Scholar
  17. He D, Chen Y, Chen J (2013) An ID-based three party authenticated key exchange protocol using elliptic curve cryptography for mobile commerce environments. Arab J Sci Eng 38(8):2055–2061MathSciNetCrossRefGoogle Scholar
  18. Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel Distrib Syst 22(8):1390–1397CrossRefGoogle Scholar
  19. Islam SKH, Amin R, Biswas GP et al (2017) An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J King Saud Univ Comput Inf Sci 29:311–324CrossRefGoogle Scholar
  20. Jiang Q, Wei F, Fu S, Ma J, Li G, Alelaiwi A (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn 83(4):2085–2101MathSciNetCrossRefGoogle Scholar
  21. Juels A, Sudan M (2002) A fuzzy vault scheme. In: Lapidoth A, Teletar E (eds) Proceedings of IEEE international symposium information theory. IEEE Press, p 408Google Scholar
  22. Kanade S, Camara D, Petrovska-Delacrétaz D, Dorizzi B (2009) Application of biometrics to obtain high entropy cryptographic keys. In: Proceedings of World Academy on Science, Engineering, and Technology, Hong KongGoogle Scholar
  23. Kanade S, Petrovska-Delacrétaz D, Dorizzi B (2010) Generating and sharing biometrics based session keys for secure cryptographic applications. In: BTAS 2010: IEEE international conference on biometrics: theory, applications and systems, pp 1–7Google Scholar
  24. Kanade S, Petrovska-Delacrétaz D, Dorizzi B (2012) A novel crypto-biometric scheme for establishing secure communication sessions between two clients. In: 2012 BIOSIG-proceedings of the international conference of biometrics special interest group (BIOSIG), p 16Google Scholar
  25. McCullagh N, Barreto PSLM (2005) A new two-party identity-based authenticated key agreement. In: Proceedings of CT-RSA 2005, LNCS 3376, pp 262–274Google Scholar
  26. Nandakumar K (2013) BioSAKE: biometrics-based secure authentication and key exchange. In: Proceedings of 2013 international conference on biometrics (ICB). IEEE, Madrid, pp 1–8Google Scholar
  27. Nandakumar K, Jain A, Pankanti S (2007) Fingerprint-based fuzzy vault: implementation and performance. IEEE Trans Inf Forensics Secur 2:744–757CrossRefGoogle Scholar
  28. Nandakumar K, Jain AK (2008) Multibiometric template security using fuzzy vault. In: IEEE second international conference on biometrics: theory, applications and systems, pp 1–6Google Scholar
  29. Panchal G, Samanta D, Barman S (2017) Biometric-based cryptography for digital content protection without any key storage. Multimed Tools Appl. CrossRefGoogle Scholar
  30. Pu Q, Zhao X, Ding J (2009) Cryptanalysis of a three-party authenticated key exchange protocol using elliptic curve cryptography. In: Proceedings of the international conference on research challenges in computer science, pp 7–10Google Scholar
  31. Rukhin A, Soto J, Nechvatal J, Smid M, Barker E, Leigh S, Levenson M, Vangel M, Banks D, Heckert A, Dray J, Vo S (2010) A statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards and Technology Special Publication 800-22 revision 1a, pp 800–131Google Scholar
  32. Sarkar A, Singh BK (2018) Cryptographic key generation from cancelable fingerprint templates. In: 4th IEEE international conference on recent advances in information technology proceedings of RAIT 2018, vol I. ISBN: 978-1-5378-3038-9/18Google Scholar
  33. Scheirer WJ, Boult TE (2008) Bio-cryptographic protocols with bipartite biotokens. In: Biometric symposium.
  34. Scheirer WJ, Boult TE (2009) Bipartite biotokens: definitions, implementation, and analysis. In: International conference on biometrics (ICB).
  35. Siddiqui Z, Abdullah AH, Khan MK, Alghamdi AS (2014) Smart environment as a service: three factor cloud based user authentication for telecare medical information system. J Med Syst 38(1):9997CrossRefGoogle Scholar
  36. Smart N (2002) Identity-based authenticated key agreement protocol based on weil pairing. Electron Lett 38(13):630–632CrossRefGoogle Scholar
  37. Stallings W (2010) Cryptography and network security: principles and practice. Prentice Hall, Upper Saddle River, p 5eGoogle Scholar
  38. Tan Z (2010a) An enhanced three-party authentication key exchange protocol for mobile commerce environments. J Commun 5(5):436–443CrossRefGoogle Scholar
  39. Tan Z (2010b) An Improvement on a three party authentication key exchange protocol using elliptic curve cryptography. J Converg Inf Technol 5(4):120–129Google Scholar
  40. Tang Q, Bringer J, Chabanne H, Pointcheval DA (2008) Formal study of the privacy concerns in biometric-based remote authentication schemes. In: Information security practice and experience conference (ISPEC).
  41. Ueshige Y, Sakurai K (2006) A proposal of one-time biometric authentication. In: Arabnia HR, Aissi S (eds) Security and managementGoogle Scholar
  42. Upmanyu M, Namboodiri AM, Srinathan K, Jawahar CV (2009) Efficient biometric verification in encrypted domain. In: International conference on biometrics (ICB).
  43. Upmanyu M, Namboodiri AM, Srinathan K, Jawahar CV (2010) Blind authentication: a secure crypto-biometric verification protocol. IEEE Trans Inf Forensic Secur 5(2):255–268. CrossRefGoogle Scholar
  44. Usha S, Kuppuswami S, Karthik M (2018) A new enhanced authentication mechanism using session key agreement protocol. Cybern Inf Technol 18(4):61–74. MathSciNetCrossRefGoogle Scholar
  45. Yang JH, Chang CC (2009) An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82:1497–1502CrossRefGoogle Scholar

Copyright information

© The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringNational Institute of Technology, JamshedpurJamshedpurIndia

Personalised recommendations