Professional Documents
Culture Documents
Biometric-Based Security System For Plaintext E-Ma
Biometric-Based Security System For Plaintext E-Ma
net/publication/228803271
CITATIONS READS
9 871
5 authors, including:
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Video-conferencing and video streaming over lossy networks using real-time media flow protocol (RTMFP) View project
All content following this page was uploaded by Dhiya Al-Jumeily Obe on 03 July 2014.
Abstract—Biometric recognition systems offer greater key. Only those entities that know the secret key k may
security and are more convenient than traditional methods calculate the MAC and Decrypt the message. As this key is
of personal recognition. At the same time, the security of the not specialized for distinct user, the risk of using hash
biometric system itself has become more and more algorithm to encrypt plaintext rises due to existence of
important. Of these, the fingerprints are one the most widely software that calculates the MAC and finally finds the key.
used form of biometric identification. In this paper, the Qasrawi etal. [6] have proposed a combination of
commercially-used encryption/decryption algorithm such as hardware and software security. This work involves five
AES with key of 256-bit is adopted and improved by adding programmable levels of encryption. Although the addition
a new security level based on the user’s biometric features.
of hardware level of encryption is quite interesting from
In addition to the AES, the proposed algorithm which
involves XOR, message reverse and the thumbprint features
security point of view. However, the hardware complexity
allows for programmable security levels. The proposed requires extra time to perform the encryption/decryption
system prototype is tested experimentally using the Simple process and the possibility of hardware malfunction can be
Mail Transport Protocol (SMTP) on the Gmail server. Time a problem.
complexity of the proposed encryption/decryption algorithm In this paper, a multilevel security system for plaintext
is also experimentally investigated. The obtained results e-mail messages is proposed and implemented using the
showed that the proposed algorithm gives more efficient Simple Mail Transport Protocol (SMTP) on the Gmail
results when compared with a previously reported server. For encryption/decryption purposes, the proposed
equivalent message security technique/algorithm. system uses a template query to a database instead of an
image query and thus the full fingerprint image cannot be
Keywords-plaintext security; e-mail security; biometric reconstructed from the fingerprint template. Moreover, the
systems; encryption/decryption. biometric features are not sent with the message but only
used for local encryption/decryption purposes. The role of
I. INTRODUCTION biometric features can therefore be considered as an
appropriate robust and a lower-cost replacement to that of
Biometrics is the authentication of users using
the hardware circuitry reported in the original work [6]. In
physiological or behavioral characteristics [1]. Naturally,
other words, the encrypted messages at the destination end
uniqueness and immutability features are strictly required
cannot be decrypted unless a valid user ID and fingerprint
to differentiate between different persons and these
template is applied.
features should not change over the person's lifetime [2].
The rest of the paper is organized as follows. In Section
In personal identification applications, the thumbprint has
2, the hardware/software aspects of the proposed system
been a preferred choice over PIN numbers, key and
are outlined. The adopted minutiae extraction method and
passwords [3]. This is due to the fact that physical
matching operation between the actual thumbprint and
existence of the authorized person is a must for
reference template are described in Section 3. The
identification purpose to ensure security.
proposed encryption/decryption algorithms are detailed in
Plaintext message security using biometric features has
Section 4. Section 5 evaluates time complexity of the
been a topic of research interest by numerous research
encryption/decryption algorithms. Finally, the work
groups and researchers around the world [4][5], and many
reported in this paper is concluded in Section 6.
ideas and techniques have been proposed to solve this
problem. However, these ideas were not as a unified II. SYSTEM OVERVIEW
solution, which can satisfy all users or can be used for
general application. Message Authentication Code (MAC) The system has two main parts: hardware and software.
is a one-way hash function h = H(k,m), which is The hardware is basically a thumbprint reader, a computer
parameterized by a secret key k and a message m. The system and an appropriate connection to the Internet. The
security of the MAC depends on the length of the software captures fingerprint image, extract its features and
generated hash value as well as on the quality of the used uses these features to encrypt/decrypt the e-mail messages
at the sending/receiving ends respectively. The thumbprint
image is captured using existing software (GrFingerX of its good performance and low processing time
library), which is an SDK component supplied by Griaule compared to other algorithms, GrFinger uses a minutiae-
Corp [7]. based matching method. This method compares the created
The proposed system offers three software levels of segments of the query template with a reference template
security; high, medium and low. Performance of this to determine the number of matched segments [11], [13].
system mainly depends upon two factors; fingerprint Figure 2 shows examples for both the reference fingerprint
identification and encryption/decryption algorithms. These (stored as a database template) and the query fingerprint
factors are described briefly in the following subsections. image (acquired via the fingerprint reader).
A. Fingerprint Features
This process depends on sensor speed, feature
extraction algorithm and matching algorithm. A minutia
point is defined as the point where a fingerprint ridge ends
or splits. The location and orientation of these points are
fixed and unique to each finger. For user enrollment and
authentication, the system extracts the location and
orientation of all the minutia points of the registered
fingerprint. A fingerprint template is then constructed from
the minutiae points and stored in a shared system database.
Size of this template is typically less than 400 bytes per Reference template Query template
finger [8]. However, sometimes it extends to around 600
bytes depending on the quality of the acquired fingerprint Figure 2. Template matching [11].
image.
B. Encryption/Decryption Algorithms IV. ENCRYPTION/DECRYPTION PROCESS
The process of message encryption/decryption passes As the decryption process is basically a reverse process
through four stages, namely: XOR, reverse, the Advanced to that of the encryption process, this section focuses on
Encryption Standard (AES) [9] and insertion of some the steps of message encryption. Figure 3 shows a
security overhead parameters. These stages involve static simplified block diagram for the encryption process. The
parameters (user ID and fingerprint features) and dynamic corresponding output messages of these steps are
parameters (date/time, random numbers and dummy documented in Figure 4. The message “University of
numbers). Three security levels are also available to the Jordan” is used as a reference in this process.
message’s sender; high, medium and low. The choice
between these security levels is dependent on the 1. The sender login into the system using his/her ID and
sensitivity of the message content and time complexity of thumbprint for authentication. The user then writes the
the encryption/decryption algorithm. desired message (e.g. University of Jordan) in the text
box and selects the destination e-mail address.
III. MINUTIAE EXTRACTION AND MATCHING
2. A mask_value which can be any combination of
In general features of fingerprint, there are special characters from the XML safe characters ("Xml-safe"=
characteristics that can be sorted into the ridges (dark characters :!@#$%^&*()?<>/\:;"') are combined with
lines) and valleys (bright lines). These features are the recipient’s ID to form a non-repeated encryption
considered unique for individuals. In the present work, the
key (K1) for different recipients. The recipients’ IDs are
minutiae extraction method of the GrFinger SDK [10] is
adopted. As shown in the example of Figure 1, this method pre-stored in a shared but secured system database and
involves: Binarization, thinning and minutiae detection retrieved automatically depending on the destination e-
[11]. Features in general are special characteristics that can mail address.
identify the ridges and valleys of the fingerprint. 3. The desired e-mail message is then encrypted by
Matching operation between the actual thumbprint and logically XORing it with K1 (obtained in step 2)
the reference template is being a hot topic of research. It resulting in unreadable garbage text, called XOR-
involves several challenges due to the complexity of ciphertext. This step is considered the first level of
implementation and other sensitive factors such as quality,
strength in the encryption algorithm. The usage of
orientations and rotations of the fingerprint [12]. Because
XOR function in this stage makes it difficult for the
hacker to uncover the original message from ciphertext
since K1 appears to be random in nature for different
recipients.
4. The obtained XOR-ciphertext is now reversed with the
aim of further increasing the difficulty of uncovering
the original e-mail message. This stage consumes only
small amount of time. For example, it consumes
Binarization Thinning Minutiae detection approximately 0.22ms to reverse a message size of
5000 characters.
Figure 1. Minutiae Extraction Process [11].
Figure 3. A simplified block diagram for the encryption process.
TABLE I
INSERTION POSITIONS OF DATE/TIME CHARACTERS
VII. REFERENCES
[1] K. Lee, and H. Park, “A new similarity measure base on
intraclass statistics for biometric systems,” ETRI Journal, Vol.
25, No. 5, pp. 401-406, 2003.
[2] K. DoHyung, L. Jaeyeon, Y. Ho-Sub, and C. Eui-Young, “A
Non-Cooperative User Authentication System in Robot
Environments”, IEEE Transactions on Consumer Electronics,
Vol. 53, No. 2, pp. 804-811, 2007.
[3] C. Y. Hui and C. Omar, “Correlation-based thumbprint
Figure 7. Message size versus system-encryption time. identification”, J. Elektrica (Malaysia), vol . 7, No. 1, pp. 9-
12, 2005.
[4] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K.
Jain, “FVC2002: Fingerprint Verification Competition”, Proc.
Int. Conf. on Pattern Recognition (ICPR), Quebec City,
Canada, pp. 744-747, 2002.
[5] A.K. Jain, A. Ross and S. Prabhakar, “An Introduction to
Biometric Recognition”, IEEE Trans. on Circuits and stems for
Video Technology -Special Issue on Image- and Video-Based
Biometrics, Vol. 14, No. 1, pp. 4-20, 2004.
[6] N. Qasrawi, M. Al-Taee, H. I’emair, and R. Al-Asa’d,
“Multilevel Encryption of Plaintext Messages Using a Smart
Card Connected to PC Parallel Port”, Proc. 3rd Int. Conf. on
Modeling, Simulation and Applied Optimization, Sharjah,
UAE January 20-22, 2009.
[7] http://www.griaulebiometrics.com/page/en-us/index, Accessed
on July 17, 2009
[8] http://www.ms.northropgrumman.com/TRJ/TRJ-1999/SS/ 99
SS Hsu.pdf, Accessed on June 28, 2009.
[9] A. Sterbenz, and P. Lipp, “Performance of the AES Candidate
Figure 8. Message size versus system-decryption time. Algorithms in Java”, Proc. 3rd Advanced Encryption Standard
(AES) Candidate Conference, New York, NY, USA, April 13-
14, 2000.
[10] http//www.grfinger.com/demo, Accessed on July 17, 2009.
[11] http://www.griaulebiometrics.com/page/en-us/book/ export/
html/ 1244, Accessed on July 17, 2009.
[12] S. Pankanti, S. Prabhakar and A. Jain, “On the Individuality of
Fingerprints”, IEEE Trans. on PAMI, Vol. 24, No. 8, pp. 1010-
1025, 2002.
[13] ISO/IEC JTC 1/SC 37 N 464, Biometrics — Biometric Data
Interchange Formats — Part 2: Finger Minutiae Data, 2004.