Abstract: A major concern nowadays for any biometric credential management system is its potential vulnerability to protect its information sources; i.e., protecting a genuine user’s template from both internal and external threats. These days’ biometric authentication systems face various risks. One of the most serious threats is the vulnerability of the template's database. An attacker with access to a reference template could try to impersonate a legitimate user by reconstructing the biometric sample and by creating a physical spoof. Susceptibility of the database can have a disastrous impact on the whole authentication system. The potential disclosure of digitally stored biometric data raises serious concerns about privacy and data protection. Therefore, a method which would integrate conventional cryptography techniques with biometrics is proposed. In this research, a biometric crypto system is presented which encrypts the biometric template and the encryption is done by generating pseudo random numbers, based on non-linear dynamics.

INTRODUCTION

Biometric methods are used in many domains and for many purposes. Biometric authentication serves an individual to prove his or her authenticity. Biometric characteristics are uniquely associated with each user and thus represent the strongest form of personally identifiable information. Obviously this strengthens the authentication process on the other hand the possibility that a biometric template could be stolen or exchanged raises concerns on its possible uses and abuses. It may be likely to get information about the enrolled person from their biometric template. It’s also achievable to compromise any traditional biometric systems in order to gain access without presenting a biometric sample. In the same way, the efficacy of access control mechanisms is inherently limited e.g., against internal attacks or in the presence of software vulnerabilities. In conventional cryptography, user authentication is based on possession of secret keys (such as a token or possession of smart card or remembering a password); such keys can be forgotten, lost, stolen or may be illegally shared. So the biometrics and the conventional cryptography have their own potential vulnerabilities but the ability to combine a cryptography and biometrics can enhance the trustworthiness of an authentication system.

Threat vectors: Issues and challenges-threat vector is a path or a tool that an imposter uses to attack the biometric system. An attack is conducted by a threat agent which is defined as person who, intentionally or otherwise, seeks to compromise the biometric system.

Imposter: any person who intentionally or otherwise, poses as an authorized user. The imposter may be an authorized or unauthorized user.

Attacker: Any Person or system attempting to compromise the biometric device. Motivation may include unauthorized entry or denial of service.

Authorized user: any person or system admin to use the biometric system but who may unintentionally compromise the biometric device: meant for unintentional and human error such as an administrator error in configuring a biometric system (Jain et al., 2006).

False enrollment using fake traits: The accuracy of the biometric data if founded on legitimate enrollments. If identity is faked, the enrollment data will be an accurate biometric of the individual but identity will be incorrectly matched. Spoofing or providing a fake physical biometric designed to circumvent the biometric system. This can be relatively easily conducted as little or no technical system knowledge is mandatory. The original biometric can be relatively easily obtained from many sources with or without the permission and co-operation of the genuine user of that biometric sample.

Reuse of residuals: Some biometric devices and systems may retain the last few biometrics extracted and templates used in local memory. If an attacker gain access to this data, they may be able to reuse it to provide a valid biometric. Clearing memory and eliminating identical sample being used consecutively is an effective security mechanism (Jain et al., 2006).

Replay attacks: In replay attacks, the data related to the presentation of a biometric is captured and replayed. Alternatively a false data stream is injected between the sensor and the processing system. A data stream representing a fake biometric is injected into the system. In most cases this will involve some physical tampering with the device. Where templates are stored on an RFID or proximity card, the data is likely to be unencrypted. This can assist the unauthorized collection of the data for later replay (Jain et al., 2006).

BIOMETRIC AUTHENTICATION AND BIOMETRIC RANDOM KEY GENERATION

Biometric cryptosystem is the only solution to defeat all kind of threat vectors. Biometric crypto system combines cryptography and biometrics while cryptography ensures high security and biometrics eliminates the need of carrying the tokens or remembering passwords. Biometric encryption is designed to avoid these problems by embedding the secret code into the template in a way that can be decrypted only with a biometric sample of the enrolled individual. Since the secret code is bound to the biometric template an attacker will not be able to determine either the enrolled biometric sample or secret code, even if they have access to the biometric software and hardware.

Biometric application programming interfaces: The Biometric Application Programming Interface is intended to provide a high-level generic biometric authentication model; one suited for any form of biometric technology. It covers the basic functions of enrollment, verification and identification and includes a database interface to allow a biometric service provider to manage the identification population for optimum performance. It also provides primitives that allow the application to manage the capture of samples on a client and the enrollment, verification and identification on a server. This specification defines the application programming Interface and service provider Interface for a standard biometric technology interface. Application Level API is the high level at which the basic biometric functions are implemented-those which an application would generally use to incorporate biometric capabilities for the purpose of human identification. This standard uses the term template to refer to the biometric enrollment data for a user. The template must be matched within a specified tolerance by sample taken from the user, in order for the user to be authenticated. The term biometric identification record refers to any biometric data that is returned to the application; including raw data, intermediate data and processed samples ready for verification or identification, as well as enrollment data. Typically, the only data stored persistently by the application is the biometric identification record generated for enrollment i.e., the template.

Enrollment and verification using BioAPIs and PHP-AJAX: The purpose of enrollment is to construct a database of genuine users. It has to be somehow determined what makes a subject eligible to be enrolled and all enrollees must be checked against these criteria. Biometric samples and other credentials are stored in the database which in case of verification system might be a distributed/centralized database. Each subject is enrolled with a biometric template. The subject is issued some possession that contains the biometric template. There are three principal high-level abstraction functions in the API.

Enroll: Samples are captured from a device, processed into a usable form from which a template is constructed and returned to the application.

Verify: One or more samples are captured, processed into a usable form and then matched against an input template. The results of the comparison are returned.

Identify: One or more samples are captured, processed into a usable form and matched against a set of templates. bmetric aplication pogramming iterface supports PKI functionality through the cptured bometric application programming interface extension. This is particularly important when considering the use of PKI in the trusted device model. This model allows trusted devices to accept digital certificates from outside sources and encrypt and sign the data with their own certificates, making biometric devices perfect tools for authentication.

Biometric cryptosystem: Identify applicable sponsor/s here. If no sponsors, delete this text box. (sponsors) Biometric cyptosystem is a new and exciting area combining the features from the fields of bometrics and Cryptography. In biometric systems the integrity of data transmission must be secure all the way from the sensor to the application. This is typically achieved by cryptographic methods. In conventional cryptography, encryption is a mathematical process that helps to disguise the information contained in messages that is either transmitted or stored in a database and there are three main factors that determine the security of any cryptosystem; the complexity of the mathematical process or algorithm, the length of the encryption key used to disguise the message and safe storage of the key, known as key management (Uludag et al., 2004; Schneier, 1996).

The enhancement of security level in biometrics-based systems can be done in two ways; use of encryption keys to protect biometric information or use of biometric mechanisms to secure the privacy of encryption keys and access to data. A biometric system always produces a Yes/No response which is essentially one bit of information. Therefore, an obvious role of biometrics in the conventional cryptosystem is just password management as mentioned by Bruce Schneider.

Biometric encryption: The Goal of a bometric encryption is to embed secrecy into a biometric template in a way that can only be decrypted with a biometric sample from the enrolled person. Here Biometric Encryption is done by securely binding the key with the password in a database. When the biometric trait is presented live, the key retrieval algorithm generates the sequence of keys and Verification is done against the key stored in the database. The key is recreated only if the correct biometric live biometric sample is presented on verification. The key is randomly generated on enrollment, so that the user does not even know it (Uludag et al., 2004; Schneier, 1996; Cavoukian and Stoianov, 2007; Bjorn, 1997; Tomko et al., 1997). In Biometric Encryption, you can use the biometric to encrypt a PIN, a password or an alphanumeric string for numerous applications to gain access to computers, bank machines, to enter buildings, etc. The PINs can be 100s of digits in length; the length doesn’t matter because you don’t need to remember it. And most importantly, all one has to store in a database is the biometrically encrypted PIN or password, not the biometric template. As mentioned by Dr. George (Tomko et al., 1997; Tomko and Stoianov, 1998; Tomko, 1997).

Generating pseudo random numbers: Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and therefore, produce a sequence of numbers that are not statistically random. However if the algorithm is good, the resulting sequences will overtake many reasonable tests of randomness. Such numbers are referred to as pseudo random numbers. Here we generate random numbers using the (14) inciple of chaos (Stallings, 2005). The term chaotic is commonly used to describe a system that, although governed by a handful of non-linear equations, behaves in an apparently random manner. The main difference between chaos and randomness lies on the concept of determinism. As random process cannot be predicted by any means, they are not deterministic and hence can’t be used for key generation as we cannot get back the original sequence which would be required at the time of matching.

So the advantageous of chaos is that even very negligible differences in initial conditions would yield widely diverging outcomes for chaotic systems, rendering long term prediction impossible. This happens even though these systems are deterministic, meaning that their future dynamics are fully determined by their initial conditions with no random elements involved. In other words, the deterministic nature of these systems does not make them predictable. In biometrics, the biometric traits are unique to a particular individual and hence, there will be a unique value associated with everyone biometric which will be the input value for generating the pseudo random numbers which would be the key for the biometric template.

If by some hook or crook, someone gets some numbers in the middle of the sequence, the resulting sequence would evolve very differently from the original which invariably would stop anyone from compromising the database. That is, Instead of the same pattern as before, it diverges from the pattern, ending up wildly different from the original. In biometric security, implementation is in hardware, so this chaotic number generator can be implemented in hardware very easily.

In this study pseudo random numbers are generated using the following and non linear equations.

Quadratic recurrence equation: The function we use to create pseudo random numbers that exhibit chaotic characteristics are: the logistic map, the tent map and modified logistic map. The logistic map is defined by a parabola, the tent map by a broken line, both symmetric about X = 1/2. For both, the height of the maximum point is varied to define a family of functions. The height gives the family parameter.

First pseudo random numbers are generated with logistic map. A logistic function is a quadratic function of the form X_n+1 = rX_n (1-X_n) where r is a constant. The most interesting phenomena occurs as r varies in the range 2<r≤4. Here r is the catalyst for chaos.

It is a typical example of how complex, chaotic behaviour can arise from very simple non-linear dynamical equations. For a particular value of r sequences X₀, X₁, X₃, X₄, X₅,...., X_m...... are generated by choosing an initial value x0 and defining subsequent elements of the sequence iteratively by the rule:

(1)

The first few iterations of the logistic map give:

As r varies in the range 2<u≤4, the generic long term behaviour of sequences generated by the iteration changes dramatically. As r increases, convergence to a single limiting value is followed by convergence to a 2-cycle, then 4-cycle,8-cycle and cycles of higher powers of 2 and this behaviour continues until chaotic behaviour arises. Once chaotic behavaiour starts, no pattern is evident in the values produced by iteration.

These facts are well explained by the following bifurcation diagram which is obtained by plotting as a function of r, a series of values for X_n obtained by starting with a random value X₀ iterating many times and discarding the first points corresponding to values before the iterates converge to the attractor. In other words, the set of fixed points of xn corresponding to a given value of r are plotted for values of r increasing to the right.

At r approximately 3.57 is the onset of chaos. We can no longer see any oscillations. Slight variations in the initial population yield dramatically different results over time, a prime characteristic of chaos. Figure 1 shows a bifurcation diagram of the quadratic recurrence equation which is obtained by plotting as a function of r series of values for X_n obtained by starting with random value X₀, iterating many times and discarding the first points corresponding to values before the iterates converge to the attractor. In other words, the set of fixed points of X_n corresponding to a given value of r are plotted for values of r increasing to the right.

The secret key stream values are shown in Fig. 2 and 3 (Key values are 0.23232300000000 and 0.89296), the bifurcation is obtained when we put r = 3.541.

Fig. 1:	Bifurcation of logistic map

Fig. 2:	Logistic key stream

Fig. 3:	Secret key by using quadratic recurrence equation

The probability density function of logistic is not uniform but by introducing a proper threshold level, the output of the bit sequence becomes uniform. The control parameter and initial value of the map is determined. Then, a real value is generated by each iteration which is converted into a bit by a single level threshold function. The threshold value is calculated using a computer simulation.

Algorithm: Let b_i (i = 0, 1, 2,....) be the ith output bit of the logistic equation which is generated according to the initial key, key -P. L-1 integer pseudo random numbers. g_i ’s (i = 0, 1, 2, …. L-1) are calculated using these b_i’s as shown in the following equation:

(2)

Where:

Denotes the floor of x. since the number of permuted pixels is equal to the image size.. Get the key values from biometric trait and then assign the values to variable A and B Respectively). Get the biometric trait size using the function of size (). Construct the loop using initialization parameter = 0 followed by image size and then increment operator. Apply the quadratic recurrence equation and store the results into new array. Assign the new Array value to variable A (A = X). Resultant new array is sorted in ascending order key distribution plot in IDL (I plot) is shown in Fig. 4.

Fig. 4:	Logistic map key distribution

Fig. 5:	Key’s generated by IDL (Logistic map)

Tent map: The tent map (also called triangular map) function uses its previous output as present input. In this study uses the following keys a = 0.7278346278462847, b = 0.3346462874623842 (Fig. 5).

The tent map is an iterated function, in the shape of a tent, forming a discrete dynamical system. It takes a point X_n on the real line and maps it to another point. In nonlinear discrete dynamical systems the tent map, T: [0,1]→[0,1] defined by:

(3)

where, 0≤μ≤2. The tent map is constructed by two string lines which makes the analysis simpler than for truly nonlinear systems. The graph of the T function may be plotted by hand and is shown by Fig. 6.

The iterative map is x_n+1 = T(x_n) where x_n ε[0,1]. The Iteration of the tent map is will be:

(4)

Fig. 6:	Tent map

Fig. 7:	Tent map (Implemented by IDL)

Where denotes the left bit-shifting operation. Note, that b₁ = 0 when 0≤x(0)<0.5. Apparently, after L-1 iterations x(L-1) ≡ (0.b_L)₂ (0.1)₂. Then x(L) ≡ 1 and x (L-1) ≡ 0. That is the number of required iterations to converge to zero is N_r = L + 1. Note that N_r = 0 when x(0) = 0.

Algorithm: Tent map is chosen as a chaotic system instead of a logistic map, since its probability density function, PDF is uniform and implementation is almost simple.

Control parameter and initial condition of the map is determined by key-S. Each of them is defined with 64 bits and a simple linear transformation.

Real values of chaotic sequences are generated by iterations of the map: x₀,x₁,x₂,......x_(nxn) where n is the image size. About 255 threshold levels in the range are defined and grey scales of pixels from 0 through 255 are attributed to them respectively.

Fig. 8:	Tent map keys

The Picture shows that the signals is random and non-periodic (Fig. 7).

Theoretical analysis of tent map: It is consider the theoretical analysis of the runs in the pseudo-random numbers generated by the chaotic maps. In this analysis, it can understand that the distributions of runs generated by chaotic maps depend on the characteristics of the maps. The tent map is not symmetric with respect to the center α as shown in Fig. 8.

Namely, the length of all run down is equal to be 1 and they are generated from an interval [r1', 1]. Moreover, after every run up ends, the rundown is generated without fail. Considering this feature, the probability of runs generated by the tent map with α = 0.5 can be expressed as:

(5)

Figure 9 shows the theoretical probability function of runs generated by the tent map which is calculated by the equation of:

(6)

Linear congruential generators: This algorithm is proposed by Lehmer which is known as the linear congruential method (Table 1). The algorithm is parameterized with four numbers, as follows: The sequence of random numbers X_n is obtained via the following iterative equation.

Fig. 9:	Run test in tent map

Table 1:	Algorithm with four numbers

If m, a, c and X₀ are integers, then this technique will produce sequence of integers with the integer in the range 0<X_n<m. The Strength of the linear congruential algorithm is that if the multiplier and modulus are properly chosen, the resulting sequence of numbers will be statistically indistinguishable from a sequence drawn at random (but without replacement) from the set 1, 2, ……m 1. But there is nothing random at all about the algorithm, apart from the choice of the initial value X₀. Once that value is chosen, the remaining numbers in the sequence follow deterministically. Figure 10 contains pseudo random keys in IDL and Fig. 11 is key distribution plot.

Modified logistic equation: Pseudo random numbers are generated by use a modified logistic map. The modified logistic map is one of the simplest chaotic maps. The map is expressed as the following equation:

(7)

where, α is the parameter changing the top of the map. Random sequences are like uniform random number. This modified logistic map enhances the security and extra bifurcation parameter. The result of the M Logistic Equation (Fig. 12). The Secret key stream values in Modified Map and Key Distribution plot in IDL is shown in Fig. 13 and 14.

Fig. 10:	LCM keys (IDL output)

Fig. 11:	Key sequence of LCM

Fig. 12:	Bifurcation diagram of modified logistic map for 0.01≤r≤4

Fig. 13:	M-logistic keys (IDL output)

Fig. 14:	Key sequence (IDL output)

Fig. 15:	Data flow diagram of key based BE

Encrypted templates based enrollment and verification integrated model: Any biometric authentication system can be viewed as a pattern recognition system. Such a system consists of biometric readers or sensors; feature extractors to compute salient attributes from the input signals and feature matchers for comparing two sets of biometric features. An authentication system consists of two subsystems: one for enrollment and one for verification.

During enrollment, biometric measurements are captured from a subject, relevant information from the raw measurements is gleaned by the feature extractor and this information is stored in the database. During verification, that a person’s biometric matches a claimed identity. The system acquires the biometric sample from the subject, extracts features from the raw measurements and searches the entire database for user acceptance. In this case, an enrollment process consists of four major components like a biometric sensor, a key generator that normally outputs a random key, a binding algorithm that creates an encrypted template and database.

A verification process consists of biometric sensor to capture a biometric sample, a key retrieval algorithm which applies the live biometric sample to the stored encrypted template in the database; after that retrieval algorithm brings the key if the biometric sample is genuine else user acceptance is denied (Soutar et al., 1999, 2001) (Fig. 15).

EXPERIMENTAL RESULTS

The proposed scheme is implemented in two different platforms; IDL and PHP-AJAX.A sequence of experiments was conducted to validate the effectiveness of the proposed scheme.

Key generated in this process is completely non-linear and there is no relationship between any two keys produced and as such hill climbing or prediction of data is no way possible.

In Fig. 16-20 live bio-trait is received by sensor and then the key generator generates keys. Generated keys are validated against the stored biometric trait key. This works are done in both IDL and PHP-Ajax platforms. This concept is implemented successfully in Biometric-based web access domain and will test the performance of the overall web access system.

Ten files were created in a www root directory and Basic Authentication was used to restrict access to this directory. Ten users were asked to evaluate the system. Seven out of the ten users were enrolled into the system. Each of the seven enrolled users was allowed to access a subset of the ten files.

Over a period of 3 weeks, enrolled users accessed their files by providing their fingerprint image each time. A user was accessing a set of files was not aware of the existence of the other files. The users were challenged to access other files or access the files without providing their fingerprint but none of these attempts were successful.

Access to the files could not be gained in any way other than providing genuine fingerprint images. Each of the enrolled user also tried to enter the system by impersonating the other six users while the three users who were not enrolled tried to enter the system as one of the seven enrolled users.

Fig. 16:	AJAX technology in biometric security

Fig. 17:	IDL verification

Fig. 18:	Enrollment form

Fig. 19:	Verification form (From server response)

Fig. 20:	Unauthorized access output

The Architecture of biometric based web access is shown in Fig. 16. Figure 12 shows the Ajax Technology is to reduce the post back operation in web domain and will increase the request and response process.

CONCLUSION

Here in this study one authentication scheme is proposed to protect the biometric templates and to improve the security and privacy level of biometric authentication system. The main concept of the proposed authentication scheme is that any biometric trait in the database is not stored and verification process is done using the keys generated. The algorithm to generate the keys uses only the biometric traits that would be obtained from the user and the experimental results shows that the generated pseudo random numbers are so good that the numbers look exactly like there were really random i.e., numbers are non-periodic, non-repeating which eventually ensures very high security and privacy of the biometric authentication system.

Finally, the view of the security of the proposed authentication scheme against the attacksis. The performance of the authentication scheme is presented by the experiments and results.