Skip to main content
SpringerLink
Log in
Book cover

Security and Privacy in Biometrics pp 45–68Cite as

Beyond PKI: The Biocryptographic Key Infrastructure

  • Chapter

Abstract

Public Key Infrastructure is a widely deployed security technology for handling key distribution and validation in computer security. Despite PKI’s popularity as a security solution, Phishing and other Man-in-the-Middle related attacks are accomplished with ease throughout our computer networks. The major problems with PKI come down to trust, and largely, how much faith we must place in cryptographic keys alone to establish authenticity and identity. In this chapter, we look at a novel biometric solution that mitigates this problem at both the user and certificate authority levels. More importantly, we analyze the problem of applying unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports transactional key release. A detailed explanation of this new Biocryptographic Key Infrastructure is provided, including composition, enrollment, authentication, and revocation details. The BKI provides a new paradigm for blending elements of physical and virtual security to address network attacks that more conventional approaches have not been able to stop.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The template described in [22] consists of a secret key + error correction θ ps XORed with shuffled biometric data θ canc, yielding θ lock. If an attacker knows θ ps, they can simply XOR it with θ lock, yielding θ canc, which can be used by the attacker to match from that point forward. This is a straightforward application of the SKI attack [32].

References

  1. Adams C, Farrell S (1999) Internet X.509 public key infrastructure certificate management protocols. RFC 2510 (proposed standard). http://www.ietf.org/rfc/rfc2510.txt. Accessed 18 May 2011

  2. Arndt C (2004) Biometric template revocation. In: Jain A, Ratha N (eds) Biometric Technology for Human Identification. Proceedings of the SPIE, vol 5404. SPIE, Bellingham, pp 164–175

    Chapter  Google Scholar 

  3. Benavente O (2005) Authentication services and biometrics: network security issues. In: Proc of the 39th Annual International Carnahan Conference on Security Technology (CCST 2005), pp 333–336

    Chapter  Google Scholar 

  4. BioAPI (2010) Business objectives and values. BioAPI consortium. http://www.bioapi.org/objectives.asp. Accessed 18 May 2011

  5. BioLab (2006) FVC 2006: fingerprint verification competition. University of Bologna. http://bias.csr.unibo.it/fvc2006/databases.asp. Accessed 18 May 2011

  6. Boeyen S, Hallam-Baker P (2006) Internet X.509 public key infrastructure repository locator service. RFC 4386 (proposed standard). http://www.ietf.org/rfc/rfc4386.txt. Accessed 18 May 2011

  7. Boult T, Scheirer W, Woodworth R (2007) Secure revocable finger biotokens. In: Proc of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2007)

    Google Scholar 

  8. Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Proc of EUROCRYPT, pp 147–163

    Google Scholar 

  9. Cappelli R, Lumini A, Maio D, Maltoni D (2007) Fingerprint image reconstruction from standard templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(9):1489–1503

    Article  Google Scholar 

  10. Chokhani S, Ford W, Sabett R, Merrill C, Wu S (2003) Internet X.509 public key infrastructure certificate policy and certification practices framework. RFC 3647 (proposed standard). http://www.ietf.org/rfc/rfc3647.txt. Accessed 18 May 2011

  11. Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk W (2008) Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280 (proposed standard). http://www.ietf.org/rfc/rfc5280.txt. Accessed 18 May 2011

  12. Dawson E, Lopez J, Montenegro J, Okamoto EB (2003) Biometric authentication and authorization infrastructure. In: Proc of the International Conference on Information Technology: Research and Education (ITRE 2003), pp 274–278

    Google Scholar 

  13. Dodis Y, Reyzin L, Smith A (2007) Fuzzy extractors. In: Tuyls P, Skoric B, Kevenaar T (eds) Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-counterfeiting. Springer, Berlin, pp 79–99. Chapter 5

    Chapter  Google Scholar 

  14. East-Shore (2007) Fingerprint image database. East shore technologies. http://www.east-shore.com/data.html. Accessed 18 May 2011

  15. Ellison C, Schneier B (2000) Ten risks of PKI: what you’re not being told about public key infrastructure. Journal of Computer Security 16(1):1–7

    Google Scholar 

  16. Gerck E (2000) Overview of certification systems: X.509, PKIX, CA, PGP and SKIP. Bell 1(3):8

    Google Scholar 

  17. Gutmann PPK (2002) It’s not dead, just resting. IEEE Computer 35(8):41–49

    Article  Google Scholar 

  18. Haller N (1995) The S/KEY one-time password system. RFC 1760 (proposed standard). http://www.ietf.org/rfc/rfc1760.txt. Accessed 18 May 2011

  19. Jain A, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP Journal on Advances in Signal Processing

    Google Scholar 

  20. Juels A, Sudan M (2002) A fuzzy vault scheme. In: Proc of the IEEE International Symposium on Information Theory, p 408

    Chapter  Google Scholar 

  21. Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: Proc of the 6th ACM Conference on Computer and Communications Security, pp 28–36

    Google Scholar 

  22. Kanade S, Petrovska-Delacrétaz D, Dorizzi B (2010) Generating and sharing biometrics based session keys for secure cryptographic applications. In: Proc of the IEEE Fourth International Conference on Biometrics: Theory, Applications, and Systems (BTAS 2010)

    Google Scholar 

  23. Krause M (2001) The expanding surveillance state: why Colorado should scrap the plan to map every driver’s face and should ban facial recognition in public. The Independence Institute. http://www.i2i.org/articles/8-2001.PDF. Accessed 18 May 2011

  24. Kuhn D, Hu V, Polk W, Chang S (2001) Introduction to public key technology and the federal PKI infrastructure. National Institute of Standards and Technology, SP 800-32

    Google Scholar 

  25. Kwon T, Moon H (2005) Multi-modal biometrics with PKI technologies for border control applications. In: Intelligence and Security Informations. Lecture Notes in Computer Science, vol 3495, pp 99–114. Springer, Berlin

    Chapter  Google Scholar 

  26. Martinez-Silva G, Henriquez F, Cortes N, Ertaul L (2007) On the generation of X.509v3 certificates with biometric information. In: Proc of the 2007 International Conference on Security and Management (SAM’07)

    Google Scholar 

  27. Neuman C, Yu T, Hartman S, Raeburn K (2005) The kerberos network authentication service (V5). RFC 4120 (proposed standard). http://www.ietf.org/rfc/rfc4120.txt. Accessed 18 May 2011

  28. NIST (2011) National Institute of Standards and Technology NIST special database 29. Standard reference data. http://www.nist.gov/srd/nistsd29.cfm. Accessed 18 May 2011

  29. Ratha N, Chikkerur S, Connell J, Bolle R (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):561–572

    Article  Google Scholar 

  30. Reinert L, Luther S (1997) User authentication techniques using using public key certificates, National Security Agency, Central Security Service

    Google Scholar 

  31. Schaad J (2005) Internet X.509 public key infrastructure certificate request message format (CRMF). RFC 4211 (proposed standard). http://www.ietf.org/rfc/rfc4211.txt. Accessed 18 May 2011

  32. Scheirer W, Boult T (2007) Cracking fuzzy vaults and biometric encryption. In: Proc of the 2007 Biometrics Symposium, Held in Conjunction with the Biometrics Consortium Conference (BCC 2007), Baltimore, MD

    Google Scholar 

  33. Scheirer W, Boult T (2008) Bio-cryptographic protocols with bipartite biotokens. In: Proc of the IEEE 2008 Biometrics Symposium, Held in Conjunction with the Biometrics Consortium Conference

    Google Scholar 

  34. Scheirer W, Boult T (2009) Bipartite biotokens: definition, implementation, and analysis. In: Proc of the IEEE/IAPR International Conference on Biometrics, pp 775–785

    Google Scholar 

  35. Schneier B (1996) Applied Cryptography, 2nd edn. Wiley, New York

    Google Scholar 

  36. Sotirov A, Stevens M, Appelbaum J, Lenstra A, Molnar D, Osvik DA, de Weger B (2008) MD5 considered harmful today. HashClash project. http://www.win.tue.nl/hashclash/rogue-ca/. Accessed 18 May 2011

  37. Stevens M, Sotirov A, Appelbaum J, Lenstra A, Molnar D, Osvik DA, de Weger B (2009) Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Proc of the International Cryptology Conference on Advances in Cryptology

    Google Scholar 

  38. Sutcu Y, Sencar T, Memon N (2005) A secure biometric authentication scheme based on robust hashing. In: Proc of the 7th ACM Workshop on Multimedia and Security (MM-Sect 2005)

    Google Scholar 

  39. Tang Q, Bringer J, Chabanne H, Pointcheval D (2008) A formal study of the privacy concerns in biometric-based remote authentication schemes. In: Proc of the Information Security Practice and Experience Conference

    Google Scholar 

  40. The Open Group (1999) Architecture for public-key infrastructure (APKI)

    Google Scholar 

  41. Ueshige Y, Sakurai K (2006) A proposal of one-time biometric authentication. In: Arabnia H, Aissi S (eds) Proc of the International Conference on Security and Management (SAM 2006)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by NSF STTR Award Number 0750485 and NSF PFI Award Number 065025.

Author information

Authors and Affiliations

  1. Vision and Security Technology Lab, Department of Computer Science, University of Colorado, Colorado Springs, CO, 80918-7150, USA

    Walter J. Scheirer & Terrance E. Boult

  2. Securics, Inc., Colorado Springs, CO, 80918-7150, USA

    William Bishop

Authors
  1. Walter J. Scheirer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William Bishop
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Terrance E. Boult
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Walter J. Scheirer .

Editor information

Editors and Affiliations

  1. Department of Applied Electronics, Roma Tre University, via della Vasca Navale 84, Rome, 00146, Italy

    Patrizio Campisi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag London

About this chapter

Cite this chapter

Scheirer, W.J., Bishop, W., Boult, T.E. (2013). Beyond PKI: The Biocryptographic Key Infrastructure. In: Campisi, P. (eds) Security and Privacy in Biometrics. Springer, London. https://doi.org/10.1007/978-1-4471-5230-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-5230-9_3

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-5229-3

  • Online ISBN: 978-1-4471-5230-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation