A novel crypto-biometric scheme for establishing secure communication sessions between two clients
Biometrics and cryptography are two tools which have high potential for providing information security and privacy. A combination of these two can eliminate their individual shortcomings, such as non-revocability, non-diversity, and privacy issues in biometrics and need of strong authentication in cryptography. Cryptobiometric systems combine techniques from biometrics and cryptography for these purposes, and more interestingly, to obtain biometrics based cryptographic keys. In this paper, we address the problem of sharing these keys. We propose a cryptobiometric scheme in which two clients can share a session key securely and establish a secure communication session. The scheme involves a Central Authority for Registration and Authentication (CARA) with which the clients are registered. The CARA stores biometric data only in transformed, cancelable form, allowing for easy revocation of the templates and protecting privacy. There are two distinctive features of this protocol (1) it achieves mutual authentication and starts secure communication between two clients which may be previously unknown to each other, and (2) this protocol works even if the two clients use different biometric modalities in the same (as well as in different) session.
Full Text: PDF