Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Cryptographic Key Generation from Voice
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Reusable cryptographic fuzzy extractors
Proceedings of the 11th ACM conference on Computer and communications security
Correcting errors without leaking partial information
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Designs, Codes and Cryptography
Combining Crypto with Biometrics Effectively
IEEE Transactions on Computers
Biometric authentication revisited: understanding the impact of wolves in sheep's clothing
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Handwriting: feature correlation analysis for biometric hashes
EURASIP Journal on Applied Signal Processing
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Robust techniques for evaluating biometric cryptographic key generators
Robust techniques for evaluating biometric cryptographic key generators
The practical subtleties of biometric key generation
SS'08 Proceedings of the 17th conference on Security symposium
Securing medical records on smart phones
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Reusable set constructions using randomized dissolvent templates for biometric security
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Fighting coercion attacks in key generation using skin conductance
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
When kids' toys breach mobile phone security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In this paper, we exploit a novel source of entropy that can be used with any biometric modality but that has yet to be utilized for key generation, namely associating uncertainty with the way in which the biometric input is measured. Our construction poses only a modest requirement on a user: the ability to remember a low-entropy password. We identify the technical challenges of this approach, and develop novel techniques to overcome these difficulties. Our analysis of this approach indicates that it may offer the potential to generate stronger keys: In our experiments, 40% of the users are able to generate keys that are at least 230 times stronger than passwords alone.