Presented By:

Amaan Modak 111P005

Mujammil Ansari 111P008
Varun Kalwar 111P009
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Encryption Decryption
Cryptography is an important feature of computer security. It is dependent on
the secrecy of the secret or private key.
The user chooses an easily remembered pass code that is used to encrypt the
cryptographic key and this key is then stored in a database.
Security of the cryptographic key is weak due to practical problems of
remembering pass codes.
Since the pass code is not directly tied to a user, the system is unable to
differentiate between the legitimate user and the attacker.

BIOS life
METRON measurement
Study of automated methods for uniquely recognizing humans based upon
one or more intrinsic physical or behavioral traits for authentication
purposes.
Measurable characteristics of the individual based on their physiological
features / behavioral patterns that can be used to recognize or verify their
identity.
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Everyone in the world is unique, and this uniqueness
can be used for identity verification.

Uniqueness: Distinction between individuals.
Permanence: Resistance to ageing.
Collectability: Ease to obtain a biometric for measurement.
Performance: Accuracy, speed, robustness of the biometric system.
Acceptability: Degree of approval of a technology.
Circumvention: Anomalies in the authentication system.

PHYSIOLOGICAL
ATTRIBUTES

Fingerprints
Eye retinas & irises
Facial patterns
Hand measurement
Ear shape.
BEHAVIORAL
ATTRIBUTES

Voice
Signature
Keystrokes


BIOMETRICS
SUBMISSION
MATCHING
IMAGE
ENHANCEMENT
FEATURE
EXTRACTION
Fingerprints are unique to each individual and no two fingerprints are alike.
Fingerprint recognition is most widely accepted biometrics among the
technology being used today.
Converts the image of a fingerprint into a mathematical template of the
print's minutiae points.
Fingerprints contains pattern of ridges and valleys as well as minutiae
points.
Scanners : Optical scanners, Thermal scanners, Capacitances (solid state
scanner), Minutia based, Correlation based.
Creates a voiceprint based on the inflection points of your speech,
emphasizing the highs and lows specific to your way of talking.
Voice authentication is a type of user authentication that uses voice print
biometrics, voice ID relies on the fact that vocal characteristics are unique
for each individual.
The software remembers the way
you say each word.
Voice recognition possible even
though everyone speaks with
varying accents and inflection.
Telephony : the primary growth area
A complete signal has an overall
pattern, as well as a much finer
structure, called the frame.
This frame is the essence of voice
verification technology.
It is these well-formed, regular patterns
that are unique to every individual.
These patterns are created from the size
and shape of the physical structure of a
person's vocal tract.
Since no two vocal tracts are exactly the
same, no two signal patterns can be the
same.
An authenticam takes the pictures of
persons iris. The image is analyzed and a
512 byte code is generated. The code is then
compared with the iris imprints in the
database and used to determine the
individuals authorization level.
Discriminate between individuals with
identical DNA like monozygotic twins.
Main retina features Actual photo of retina
Face Recognition
A camera captures the image of the face.
Features and discrete areas are analyzed.

Keystroke Dynamics
The system analyses the characteristic rhythm
of a person's typing.

Hand Geometry
A picture of the hand is taken. Features like3D
shape, length, width of fingers and shape of
knuckles are recorded.

Signature
verification
Users signature digital graphic tablet. The
system analyses speed, stroke order, stroke
count and pressure .

Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
First one involves remote template matching and key storage. In this method
biometric image is captured and compared with a corresponding template. If
the user is verified, the key is released.

Drawback :
The main problem here is use of an insecure storage media
Hide the cryptographic key within the enrollment template itself via a secret
bit-replacement algorithm. When the user is successfully authenticated, this
algorithm extracts the key bits from the appropriate locations and releases
the key.

Drawback:
The key will be retrieved from the same location in a template
each time a different user is authenticated
Using data derived directly from a biometric image is another method. In
this manner biometric templates are used as a cryptographic key.

Drawback:
Sensitivities due to environmental and physiological factors, and
compromising of the cryptographic keys stand as a big obstacle
A new and exciting technique is developed by Mytec Technologies Inc.
and named as Biometric Encryption.

During the enrollment phase, the process combines the biometric image
with a digital key to create a secure block of data known as BioScrypt and
then the key is retrieved using the biometric during the verification phase.
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
It provides a mechanism for the linking and retrieval of a digital key using a
biometric. This biometric might be a 2D image such as fingerprint, palm
print, face, iris or retina.
The resulting digital key is then used as a cryptographic key.
Note: The key is completely independent of the biometric data so that the
use of the biometric is not forfeited if the key is ever compromised
and can be easily modified or updated.
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Cryptographic systems require a secret key or a random number which must
be tied to an individual through an identifier. This identifier indeed could be a
globally unique user id or biometric data.
Pseudorandom numbers are generated by a PRNG (pseudo random number
generator). The resulting pseudorandom number can be used directly as a
key or adjusted with user-dependent data (userID or biometric data).
User dependent key generation is done in two ways:
First the key generation algorithm could be modified by using the user-
dependent data.
Second PRNG could be modified which is accomplished using a front-end or
back-end approach. In front-end manner, the definition of the key is extended
to include a user-specific data component. In back-end manner,
pseudorandom numbers are treated as intermediate values and processed
further.
Similar to image-type biometrics, human voice is a good biometric to
generate a cryptographic key.
For the goal of unpredictability, i.e. applying automatic speech recognition to
recognize the password spoken and then simply using the password, as a
cryptographic key is way. But it is not secure.
One solution is a user utters a password to his/her device and that device
would generate a key. Repeated utterance of the same password by the same
user would improve the security of the key after successful matches with
his/her previous recorded utterances.
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Both of them are different for each user.
Both of them are non-secret data. It is clear to see that the userID data is
non-secret. Similarly biometric data is insecure in some sense because
there is no practical way to prevent the capture of user biometric data
outside the biometric system.
Biometric data is obtained or derived from the user whereas userID is
assigned to a user.
Except the accidents biometric data can not be changed. But userID can easily
be changed.
Set of userIDs may be dense and it is easy to enumerate the set. Unlikely, set
of biometric data is not dense and this makes it infeasible to enumerate the
biometric data for each user.
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Biometrics directly authenticates the person, not indirectly through a
password or token.
Biometrics features are difficult to steal; thereby making biometrics
authentication very strong.
The Biometrics feature is eminently portable, and is unlikely to be lost.
Another advantage of biometrics authentication systems is user cannot share
or forget his retina or fingerprint, while a password and username are easily
forgotten.
Biometrics cannot be lost, stolen or forgotten. Barring disease or serious
physical injury, the biometric is consistent and permanent.
It is also secure in that the biometric itself cannot be socially engineered,
shared or used by others.
There is no requirement to remember passwords, or PINs, thus eliminating an
overhead cost. The biometric is always available to the individual.
Organizational
Software
Physical
As with any IT security system, biometric-based security policy must deal
with the threats from the workers of the organization who can damage
any software or hardware component of the system.
Attackers may also change the statistical recognition parameters of the
components and decrease the recognition rates.
Attacks on the biometric sensor/Acquisition device
Example: usage of artificial or disembodied dead features like a cut-off finger
in the fingerprint case.

Communication channel attacks (man-in-the-middle attacks)
The first type is just eavesdropping. If the channel between the sensor and the
feature extraction unit or the one between the reference database and the
matching unit is attacked, the attacker will gain information about the
biometric data. In the second type, purposeful use or change is done to the
intercepted data for subsequent introduction back into the system
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
PC access and internet security (Computer network security, Internet
transaction, Laptop security, Application level security)
Physical area security(military, government, banking, voting, prisons)
Employee record check
Mobile phones: network access & theft protection
Mobile financial transaction: Credit cards & ATM cards.
In automobiles, biometrics can replace keys with keyless entry devices.
Introduction to Cryptography & Biometric Security
Principle & Standards Of Biometrics
Methods to secure a key using Biometrics
Biometric Encryption
User Based Cryptographic Keys & their Generation
Similarities & Differences Between User ID and Biometric-based Keys
Advantages & Threats to Biometric System
Applications of Biometric Systems
Conclusion
Reliable user authentication is highly significant in this web enabled world.
Consequences of an insecure authentication system can be catastrophic and
may include loss of information, denial of service and loss of data integrity.
Biometric Encryption and Bioscrypt are high security means of protecting
the critical data of government, police departments, army and big firms.
The current generation of biometric identification devices offer cost and
performance advantages over manual security procedures.
All these methods have shown that, using biometrics for identification or
verification-based security systems and cryptosystems, is a promising
technology