See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/228803271

Biometric-Based Security System for Plaintext e-Mail Messages

Conference Paper · December 2009

DOI: 10.1109/DeSE.2009.46

CITATIONS READS
9 871

5 authors, including:

Majid Al-Taee Hassan N. Al-Hassani

University of Liverpool 1 PUBLICATION   9 CITATIONS   
127 PUBLICATIONS   934 CITATIONS   
SEE PROFILE
SEE PROFILE

Dhiya Al-Jumeily Obe

Liverpool John Moores University
284 PUBLICATIONS   2,217 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Video-conferencing and video streaming over lossy networks using real-time media flow protocol (RTMFP) View project

Electronic and mobile health systems View project

All content following this page was uploaded by Dhiya Al-Jumeily Obe on 03 July 2014.

The user has requested enhancement of the downloaded file.

 Biometric-Based Security System for Plaintext e-Mail Messages
Majid A. Al-Taee, SMIEEE
Computer Engineering Department
The University of Jordan
Amman 11942, Jordan
e-mail: altaeem@ju.edu.jo
Bader S. Bamajbour
Computer Engineering Department
The University of Jordan
Amman 11942, Jordan
e-mail: bader_9@hotmail.com
Abstract—Biometric recognition systems offer greater
security and are more convenient than traditional methods
of personal recognition. At the same time, the security of the
biometric system itself has become more and more
important. Of these, the fingerprints are one the most widely
used form of biometric identification. In this paper, the
commercially-used encryption/decryption algorithm such as
AES with key of 256-bit is adopted and improved by adding
a new security level based on the user’s biometric features.
In addition to the AES, the proposed algorithm which
involves XOR, message reverse and the thumbprint features
allows for programmable security levels. The proposed
system prototype is tested experimentally using the Simple
Mail Transport Protocol (SMTP) on the Gmail server. Time
complexity of the proposed encryption/decryption algorithm
is also experimentally investigated. The obtained results
showed that the proposed algorithm gives more efficient
results when compared with a previously reported
equivalent message security technique/algorithm.
Keywords-plaintext security; e-mail security; biometric
systems; encryption/decryption.
I. INTRODUCTION
Biometrics is the authentication of users using
physiological or behavioral characteristics [1]. Naturally,
uniqueness and immutability features are strictly required
to differentiate between different persons and these
features should not change over the person's lifetime [2].
In personal identification applications, the thumbprint has
been a preferred choice over PIN numbers, key and
passwords [3]. This is due to the fact that physical
existence of the authorized person is a must for
identification purpose to ensure security.
Plaintext message security using biometric features has
been a topic of research interest by numerous research
groups and researchers around the world [4][5], and many
ideas and techniques have been proposed to solve this
problem. However, these ideas were not as a unified
solution, which can satisfy all users or can be used for
general application. Message Authentication Code (MAC)
is a one-way hash function h = H(k,m), which is
parameterized by a secret key k and a message m. The
security of the MAC depends on the length of the
generated hash value as well as on the quality of the used
Hassan N. Al-Hassani
Computer Engineering Department
The University of Jordan
Amman 11942, Jordan
e-mail: hhmalhassani@yahoo.com
Dhiya Al-Jumeily
School of Computing & Mathematical Sciences
Liverpool John Moores University
Liverpool , UK
e-mail: d.aljumeily@ljmu.ac.uk
key. Only those entities that know the secret key k may
calculate the MAC and Decrypt the message. As this key is
not specialized for distinct user, the risk of using hash
algorithm to encrypt plaintext rises due to existence of
software that calculates the MAC and finally finds the key.
Qasrawi etal. [6] have proposed a combination of
hardware and software security. This work involves five
programmable levels of encryption. Although the addition
of hardware level of encryption is quite interesting from
security point of view. However, the hardware complexity
requires extra time to perform the encryption/decryption
process and the possibility of hardware malfunction can be
a problem.
In this paper, a multilevel security system for plaintext
e-mail messages is proposed and implemented using the
Simple Mail Transport Protocol (SMTP) on the Gmail
server. For encryption/decryption purposes, the proposed
system uses a template query to a database instead of an
image query and thus the full fingerprint image cannot be
reconstructed from the fingerprint template. Moreover, the
biometric features are not sent with the message but only
used for local encryption/decryption purposes. The role of
biometric features can therefore be considered as an
appropriate robust and a lower-cost replacement to that of
the hardware circuitry reported in the original work [6]. In
other words, the encrypted messages at the destination end
cannot be decrypted unless a valid user ID and fingerprint
template is applied.
The rest of the paper is organized as follows. In Section
2, the hardware/software aspects of the proposed system
are outlined. The adopted minutiae extraction method and
matching operation between the actual thumbprint and
reference template are described in Section 3. The
proposed encryption/decryption algorithms are detailed in
Section 4. Section 5 evaluates time complexity of the
encryption/decryption algorithms. Finally, the work
reported in this paper is concluded in Section 6.
II. SYSTEM OVERVIEW
The system has two main parts: hardware and software.
The hardware is basically a thumbprint reader, a computer
system and an appropriate connection to the Internet. The
software captures fingerprint image, extract its features and
uses these features to encrypt/decrypt the e-mail messages
at the sending/receiving ends respectively. The thumbprint
image is captured using existing software (GrFingerX
library), which is an SDK component supplied by Griaule
Corp [7].
The proposed system offers three software levels of
security; high, medium and low. Performance of this
system mainly depends upon two factors; fingerprint
identification and encryption/decryption algorithms. These
factors are described briefly in the following subsections.
A. Fingerprint Features
This process depends on sensor speed, feature
extraction algorithm and matching algorithm. A minutia
point is defined as the point where a fingerprint ridge ends
or splits. The location and orientation of these points are
fixed and unique to each finger. For user enrollment and
authentication, the system extracts the location and
orientation of all the minutia points of the registered
fingerprint. A fingerprint template is then constructed from
the minutiae points and stored in a shared system database.
Size of this template is typically less than 400 bytes per
finger [8]. However, sometimes it extends to around 600
bytes depending on the quality of the acquired fingerprint
image.
B. Encryption/Decryption Algorithms
The process of message encryption/decryption passes
through four stages, namely: XOR, reverse, the Advanced
Encryption Standard (AES) [9] and insertion of some
security overhead parameters. These stages involve static
parameters (user ID and fingerprint features) and dynamic
parameters (date/time, random numbers and dummy
numbers). Three security levels are also available to the
message’s sender; high, medium and low. The choice
between these security levels is dependent on the
sensitivity of the message content and time complexity of
the encryption/decryption algorithm.
III. MINUTIAE EXTRACTION AND MATCHING
In general features of fingerprint, there are special
characteristics that can be sorted into the ridges (dark
lines) and valleys (bright lines). These features are
considered unique for individuals. In the present work, the
minutiae extraction method of the GrFinger SDK [10] is
adopted. As shown in the example of Figure 1, this method
involves: Binarization, thinning and minutiae detection
[11]. Features in general are special characteristics that can
identify the ridges and valleys of the fingerprint.
Matching operation between the actual thumbprint and
the reference template is being a hot topic of research. It
involves several challenges due to the complexity of
implementation and other sensitive factors such as quality,
orientations and rotations of the fingerprint [12]. Because
Binarization Thinning Minutiae detection
Figure 1. Minutiae Extraction Process [11].
of its good performance and low processing time
compared to other algorithms, GrFinger uses a minutiae-
based matching method. This method compares the created
segments of the query template with a reference template
to determine the number of matched segments [11], [13].
Figure 2 shows examples for both the reference fingerprint
(stored as a database template) and the query fingerprint
image (acquired via the fingerprint reader).
Reference template Query template
Figure 2. Template matching [11].
IV. ENCRYPTION/DECRYPTION PROCESS
As the decryption process is basically a reverse process
to that of the encryption process, this section focuses on
the steps of message encryption. Figure 3 shows a
simplified block diagram for the encryption process. The
corresponding output messages of these steps are
documented in Figure 4. The message “University of
Jordan” is used as a reference in this process.
1. The sender login into the system using his/her ID and
thumbprint for authentication. The user then writes the
desired message (e.g. University of Jordan) in the text
box and selects the destination e-mail address.
2. A mask_value which can be any combination of
characters from the XML safe characters ("Xml-safe"=
characters :!@#$%^&*()?<>/\:;"') are combined with
the recipient’s ID to form a non-repeated encryption
key (K1) for different recipients. The recipients’ IDs are
pre-stored in a shared but secured system database and
retrieved automatically depending on the destination e-
mail address.
3. The desired e-mail message is then encrypted by
logically XORing it with K1 (obtained in step 2)
resulting in unreadable garbage text, called XOR-
ciphertext. This step is considered the first level of
strength in the encryption algorithm. The usage of
XOR function in this stage makes it difficult for the
hacker to uncover the original message from ciphertext
since K1 appears to be random in nature for different
recipients.
4. The obtained XOR-ciphertext is now reversed with the
aim of further increasing the difficulty of uncovering
the original e-mail message. This stage consumes only
small amount of time. For example, it consumes
approximately 0.22ms to reverse a message size of
5000 characters.
 Figure 3. A simplified block diagram for the encryption process.

Figure 4. A simplified block diagram for the encryption/decryption process.

5. In this step, the system generates a second encryption
key (K2) for the AES algorithm. K2 is composed of
both dynamic and static parts. The dynamic part of K2
which is represented by a string of 44 characters is the
AES-encryption of the current date/time, as illustrated
in Figure 4. The encryption key (K1) obtained in Step 2
is reused here for the date/time encryption. Example
encryption for the date/time: 3/25/2009 6:43:24 AM is
shown in Step 5 of the Appendix as an underlined
string. The static part of K2 which is represented by a
10 decimal numbers is based on the extracted template
features of the recipient’s fingerprint. Similar to the
recipient’s ID, these features were also pre-stored in the
system database.
6. The reverse-ciphertext of the original message obtained
in Step 4 is now AES-encrypted using the AES
algorithm with Cipher Block Chaining (CBC) mode.
The AES algorithm uses K2 as a passphrase to generate
an encryption key of 256 bits. The obtained AES-
encryption for the sample message, University of
Jordan, is illustrated in Step 6 of Figure 4.
7. In this step, security of the e-mail message is further
improved to minimize the possibility of hacking risk
when the message is transmitted via the Internet. This is
achieved by insertion of randomly changed overhead
parameters of 50 digits/characters to the ciphered text
of the original message. The overhead parameters
involve encrypted date/time, random numbers, dummy
numbers and security level, as shown in Figure 5. The
date/time insertion positions are dependent on the
chosen security level. Unlike medium and low levels
where the date/time characters are processed as one
group; the date/time characters in the high security level
are virtually divided into three groups: g1 (5
characters), g2 (22 characters) and g3 (17 characters).
However, in all security levels, the date/time characters
are embedded in dynamically changed positions within
the transmitted version of the e-mail message. These
positions depend on the inserted random number and/or
four numbers selected from the recipient’s fingerprint
template, other than those used to generate K2. The
insertion positions of date/time groups of characters are
summarized in Table 1.
Figure 5. Overhead parameters of the e-mail message.
TABLE I
INSERTION POSITIONS OF DATE/TIME CHARACTERS
Security level Position Dependency
High Pg1: Fingerprint Template Numbers + Random Numbers
Pg2: Random Numbers
Pg3: Fingerprint Template Numbers
Medium Pg: Fingerprint Template Numbers + Random Numbers
Low Pg: Random Numbers
8. The resultant combination of the message content and
its overhead is then sent to the recipient’s side using the
SMTP protocol on the on the Gmail server. It should be
mentioned here that the recipient’s ID and his/her
biometric features are not part of the sent message.
Finally, on the recipient side, the encrypted version of
the e-mail message should be decrypted. The decryption
process cannot be started unless a valid fingerprint and
user ID is provided to the system. Upon authentication
approval, the steps of decryption process starts in a
reverse order to that of encryption process.
V. RESULTS AND DISCUSSIONS
In reference to the encryption/decryption steps reported
earlier in Section 4 for the sample message, “University of
Jordan”, it can be noticed that encrypted version of this
message is represented by 94 characters (50 characters
for overhead and 44 characters for the encrypted version
of the original message). Of course, the extra characters
will cost more transmission time and this is the price that
must be paid to guarantee message security. The
relationship between the plaintext message size and the
encrypted message size is found to be approximately
linear, as shown in Figure 6.
The computation time of the encryption/decryption
algorithms is dependent on the CPU speed of the user’s
computer as well as on the selected security level. All
tests reported in this paper were performed using real-time
mode on a PC with Intel Quad Core 2.4 GHz processor
and 2 GB RAM under Windows XP SP 2 in 32-bit mode.
Figure 7 shows the relationship between length of input
text and the encryption time for each security level. It can
be noticed that the required encryption time increases as
the security level increases from low to high level. This is
mainly due to the difference in computing of the insertion
positions of date/time inside the message. Similar time
complexity analysis for the decryption process shows that
the decryption time is less than 30% of that required for
the encryption time, as shown in Figure 8. This is justified
by the relatively small amount of time required to extract
the message overhead as compared to insertion process of
this overhead during encryption.
Figure 6. Plaintext message size versus encrypted
message size.
 Figure 9 shows the time analysis for encryption/
decryption using the standard AES without the addition of
other steps. The results clearly indicate that only a small
portion of time is required for this encryption/decryption
when compared to that of the whole system. Unlike the
results presented in Figures 7 and 8, the AES encryption
time is less than the decryption time. The extra time
required to execute the proposed algorithm is the price to
be paid for improved security system.
Figure 7. Message size versus system-encryption time.
Figure 8. Message size versus system-decryption time.
Figure 9. Message size versus AES-encryption/
decryption time.
View publication stats
VI. CONCLUSIONS
A complete biometric-based end-to-end security system
prototype for plaintext e-mail messages has been
developed and implemented. According to statistical
analysis of time complexity from experimental results, the
encryption/ decryption algorithm presents quite efficient
when compared to a previously-reported equivalent
algorithm. The relationship between the encryption/
decryption time and the size of the plaintext message is
found to be of exponential form, as expected. The time
difference between the various settings of security levels
is due to the difference in the date/time insertion method
inside the message. The proposed security system can be
easily adapted to work with other biometric recognition
systems such as iris, hand geometry, etc.
VII. REFERENCES
[1] K. Lee, and H. Park, “A new similarity measure base on
intraclass statistics for biometric systems,” ETRI Journal, Vol.
25, No. 5, pp. 401-406, 2003.
[2] K. DoHyung, L. Jaeyeon, Y. Ho-Sub, and C. Eui-Young, “A
Non-Cooperative User Authentication System in Robot
Environments”, IEEE Transactions on Consumer Electronics,
Vol. 53, No. 2, pp. 804-811, 2007.
[3] C. Y. Hui and C. Omar, “Correlation-based thumbprint
identification”, J. Elektrica (Malaysia), vol . 7, No. 1, pp. 9-
12, 2005.
[4] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K.
Jain, “FVC2002: Fingerprint Verification Competition”, Proc.
Int. Conf. on Pattern Recognition (ICPR), Quebec City,
Canada, pp. 744-747, 2002.
[5] A.K. Jain, A. Ross and S. Prabhakar, “An Introduction to
Biometric Recognition”, IEEE Trans. on Circuits and stems for
Video Technology -Special Issue on Image- and Video-Based
Biometrics, Vol. 14, No. 1, pp. 4-20, 2004.
[6] N. Qasrawi, M. Al-Taee, H. I’emair, and R. Al-Asa’d,
“Multilevel Encryption of Plaintext Messages Using a Smart
Card Connected to PC Parallel Port”, Proc. 3rd Int. Conf. on
Modeling, Simulation and Applied Optimization, Sharjah,
UAE January 20-22, 2009.
[7] http://www.griaulebiometrics.com/page/en-us/index, Accessed
on July 17, 2009
[8] http://www.ms.northropgrumman.com/TRJ/TRJ-1999/SS/ 99
SS Hsu.pdf, Accessed on June 28, 2009.
[9] A. Sterbenz, and P. Lipp, “Performance of the AES Candidate
Algorithms in Java”, Proc. 3rd Advanced Encryption Standard
(AES) Candidate Conference, New York, NY, USA, April 13-
14, 2000.
[10] http//www.grfinger.com/demo, Accessed on July 17, 2009.
[11] http://www.griaulebiometrics.com/page/en-us/book/ export/
html/ 1244, Accessed on July 17, 2009.
[12] S. Pankanti, S. Prabhakar and A. Jain, “On the Individuality of
Fingerprints”, IEEE Trans. on PAMI, Vol. 24, No. 8, pp. 1010-
1025, 2002.
[13] ISO/IEC JTC 1/SC 37 N 464, Biometrics — Biometric Data
Interchange Formats — Part 2: Finger Minutiae Data, 2004.