See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327916654

Digital Signature Generation Using Biometrics

Article · January 2002

CITATION READS
1 98

2 authors:

Mohammed Yakoob Siyal Pawan Kumar Janbandhu

Nanyang Technological University Nanyang Technological University
104 PUBLICATIONS   1,040 CITATIONS    8 PUBLICATIONS   66 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Denoising Functional Magnetic Resonance Imaging Time Series View project

Automatic Fruit Sorting View project

All content following this page was uploaded by Pawan Kumar Janbandhu on 27 September 2018.

The user has requested enhancement of the downloaded file.

 DIGITAL SIGNATURE GENERATION USING BIOMETRICS
by M Y Siyal & P K Janbandhu
ABSTRACT
We proposed a new approach to generate digital signatures
using biometrics and denominated it as Biometric Signatures
in [1]. We also discussed two schemes to generate Biometric
Signatures using two digital signature algorithms, RSA and
DSA in [1]. In this paper we discuss Biometric Signatures
using RSA and DSA in brief and propose a new method to
generate private keys in case of RSA. Speeds of Biometric
Signatures for iris recognition using JAVA implementation
for the two schemes are also given.
INTRODUCTION
A stable biometric can be used to generate a unique private
key for digital signatures. This method will correctly identify
an individual and not his belongings (smart cards/disks) or
what he remembers (passwords). We denominated this
system as Biometric Signatures in [1]. We suggested
Deoxyribonucleic Acid, DNA and iris as the most promising
biometrics to be integrated with digital signature algorithms
to generate Biometric Signatures. We also suggested two
schemes to generate Biometric Signatures using two widely
used digital signature algorithms: RSA and DSA in [1]. Here
we suggest a new approach to generate private key for
Biometric Signatures using RSA and give speeds for both
schemes for iris recognition using JAVA implementation.
BIOMETRIC SIGNATURES USING RSA AND
DSA
1. Biometric Signature using the RSA Algorithm
The RSA algorithm described in [2] can be used with a stable
biometric like DNA/iris to generate Biometric Signature in
the following manner. The length of the biometric template
can be brought down to 128 bytes or closer using some
irreversible/ one- way hash function (similar to hash
functions with larger bit output) or a combination of
functions that will generate a unique biometric template
representation of desired length. One such approach
suggested in [1] was to feed the biometric template to the
message digest algorithm, MD5 or SHA1 to generate a key
for Advanced Encryption Standard, AES [5], and then use
that in counter mode to generate as many bits as needed
(approx. 128 bytes). We now propose a new method to
generate key of desired length: use Hashed Message
Authentication Code, HMAC (in combination with
SHA1/MD5) as described in [4] with different keys to
compute different MACs, concatenate them to get the hash of
desired length and then use this hash to generate the private
key. Using HMAC-SHA1 with six different keys one can
generate 120 byte hash. Similarly, with HMAC-MD5, with 8
different keys one can obtain exactly 128 bytes of hash.
Since, decryption exponent, d should roughly be of the same
size as the modulus length for extra security, we choose
length of d to be hash of 120 bytes. Choose prime numbers p
and q to be 64 byte numbers each so that size of modulus n =
p*q = 128 bytes. Compute Euler Totient function, Ø(n) = (p-
1)(q-1) and decryption key, d from 120 bytes hash obtained
from HMAC-SHA1 by incrementing it to get a closest
number that is relatively prime to Ø(n). Private key = (n,d).
Compute encryption exponent, e as the multiplicative inverse
of d modulo Ø(n) using :
e = d-1 mod (Ø(n)). [ Public Key = (n,e) ]
Signature generation and verification is same as digital
signature scheme using RSA as described in [1][2]. Message
digest can be generated using MD5/SHA1.
2. Biometric Signature using Digital Signature Algorithm
(DSA)
Digital Signature Algorithm, DSA was proposed by U.S.
National Institute of Standards and Technology (NIST) in
1991 for use with Digital Signature Standard (DSS).
Biometric Signature using DSA can be obtained by
generating the private key, x by computing a 160 bit hash
value of any size biometric template (512 byte for iris) using
one way hash function SHA1. Generation of prime numbers
(p, q), g, public key y, signature (r,s) and verification are
same as proposed by NIST in reference [3].
3. Modified Private Key Generation for Biometric Signatures
Digital certificates are valid for a given period. One can get a
new certificate by computing a new pair of signature keys. In
case of Biometric Signatures this can be achieved by
modifying the biometric template with another function with
random output like XOR the template with a randomly
generated number, R and then feed the resulting number to a
hash function to generate private keys of desired length (see
Fig. 1 and 2). New key can be generated by simply varying
R. However, one needs to preserve that number for future
signatures. In case of Biometric Signature using DSA, since
output of XOR function is going to the hash function SHA1
with 160 bit output (see Fig. 2), R could be as small as one
byte number. It could be an owner’s favorite number for easy
remembrance. This will also avoid storage of R. R can also
be integrated within the application to regenerate the private
key for subsequent digital signatures. Similar thing can be
done for Biometric Signature using RSA as shown in Fig. 1.
However, in this case when HMAC-SHA1/MD5 is used to
generate the desired size hash from any biometric template,
no R is required, since, a new pair of signature keys can be
generated by changing anyone/all of the keys used to
generate the hash as explained in section 1. R is only required
 Fig.1 Modified Private Key Generation for Biometric Signature using RSA

Fig.2 Modified Private Key Generation for Biometric Signature using DSA

when SHA1-AES is used to generate the hash also explained in 512 bits 768 bits 1024 bits
section 1. Biometric Signatures using RSA requires storage of (secs) (secs) (secs)
Ø(n), R/HMAC keys for signature generation and public key Generation of
(n,e) for verification. DSA requires storage of only R for key p, q, g 17.01 45.01 120.30
generation. Storage of R can be avoided by keeping it as small Generation of
Keys (x, y) 0.24 0.24 0.24
as possible (for easy remembrance).
Signature (r,s) 0.20 0.22 0.27
IMPLEMENTATION RESULTS FOR BIOMETRIC
SIGNATURES Verification 0.06 0.06 0.11

Biometric Signatures using RSA and DSA with modified

Table 2. Biometric Signature using DSA speeds for different
private key generation as shown in Figures 1 and 2 for iris
modulus lengths with a 160 bit exponent.
recognition with a 512 byte template size were implemented in
JAVA. The average time taken by both algorithms during CONCLUSION
various stages is tabulated in Tables 1 and 2. No secret key
encryption was done to transmit message and signature to the Biometric Signatures using RSA and DSA are discussed in
receiver for simplicity. All computations were carried out on brief. We also proposed a new method to generate private keys
Windows 98, Intel PIII 500 MHz, Sun Java SDK 1.3.0 in case of Biometric Signatures using RSA. Speeds of
platform. Message used was a text file of 622 bytes. R was Biometric Signatures for iris recognition using JAVA
chosen to be 25. implementation of the two schemes are also given. Biometric
Signature provides a convenient method to renew the signature
1024 bits 2048 bits keys without forfeiting the use of the biometric forever.
(secs) (secs)
REFERENCES
Key Generation
(n, d, e) in sec 3.65 19.28 1. P. K. Janbandhu, M. Y. Siyal, “Novel Biometric Digital
Signatures for Internet based Applications”, To appear in
Signature S (in sec) 0.27 1.53 Information Management and Computer Security Journal,
MCB University Press, UK, 2001, vol. 9, issue 5.
Verification (in sec) 0.22 1.54
2. R.L. Rivest, A. Shamir and L. Adleman, “A method for
Table 1. Biometric Signature using RSA speeds for different Obtaining Digital Signatures and Public-Key
modulus lengths. HMAC-SHA1 with six different keys was used Cryptosystems,” Commun. ACM, 1978, pp. 120-126.
to generate a 120 byte hash. 3. The Digital Signature Standard- proposed by NIST,”
From the two tables, signature time increased with the increase Commun. ACM, July 1992, vol.35, No. 7, pp.36-40.
in the length of the modulus used as expected. Since, 4. H. Krawczyk, M. Bellare, R. Canetti, “HMAC: Keyed-
verification takes very less time, veracity of the private key Hashing for Message Authentication,” RFC 2104.
generated during future signatures can be checked locally
before actual signature by verifying a small message signed 5. AES Algorithm, http://csrc.nist.gov/encryption/aes/
using the private key generated.

View publication stats