Journal of Computer and System Sciences
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Toward Speech-Generated Cryptographic Keys on Resource-Constrained Devices
Proceedings of the 11th USENIX Security Symposium
Misplaced Trust: Kerberos 4 Session Keys
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Biometric Hash based on Statistical Features of Online Signatures
ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 1 - Volume 1
Cryptographic Key Generation from Voice
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Enhancing security and privacy in biometrics-based authentication systems
IBM Systems Journal - End-to-end security
Reusable cryptographic fuzzy extractors
Proceedings of the 11th ACM conference on Computer and communications security
Correcting errors without leaking partial information
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
A secure biometric authentication scheme based on robust hashing
MM&Sec '05 Proceedings of the 7th workshop on Multimedia and security
A..Study on Vulnerability in On-line Writer Verification System
ICDAR '05 Proceedings of the Eighth International Conference on Document Analysis and Recognition
Combining Crypto with Biometrics Effectively
IEEE Transactions on Computers
Cryptographic Key Generation from Biometric Data Using Lattice Mapping
ICPR '06 Proceedings of the 18th International Conference on Pattern Recognition - Volume 04
A Non-Iterative Approach to Reconstruct Face Templates from Match Scores
ICPR '06 Proceedings of the 18th International Conference on Pattern Recognition - Volume 04
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Biometric authentication revisited: understanding the impact of wolves in sheep's clothing
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Handwriting: feature correlation analysis for biometric hashes
EURASIP Journal on Applied Signal Processing
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Secure sketch for biometric templates
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
The effectiveness of generative attacks on an online handwriting biometric
AVBPA'05 Proceedings of the 5th international conference on Audio- and Video-Based Biometric Person Authentication
Forgery Quality and Its Implications for Behavioral Biometric Security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Towards practical biometric key generation with randomized biometric templates
Proceedings of the 15th ACM conference on Computer and communications security
Bipartite Biotokens: Definition, Implementation, and Analysis
ICB '09 Proceedings of the Third International Conference on Advances in Biometrics
Securing medical records on smart phones
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Biometric Identification over Encrypted Data Made Feasible
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Pitfall of the detection rate optimized bit allocation within template protection and a remedy
BTAS'09 Proceedings of the 3rd IEEE international conference on Biometrics: Theory, applications and systems
Fighting coercion attacks in key generation using skin conductance
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Biometric-Based non-transferable anonymous credentials
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
POSTER: Secure authentication from facial attributeswith no privacy loss
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
The inability of humans to generate and remember strong secrets makes it difficult for people to manage cryptographic keys. To address this problem, numerous proposals have been suggested to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population. In this paper we show that, despite the fact that several researchers have examined the security of BKGs, the common techniques used to argue the security of practical systems are lacking. To address this issue we reexamine two well known, yet sometimes misunderstood, security requirements. We also present another that we believe has not received adequate attention in the literature, but is essential for practical biometric key generators. To demonstrate that each requirement has significant importance, we analyze three published schemes, and point out deficiencies in each. For example, in one case we show that failing to meet a requirement results in a construction where an attacker has a 22% chance of finding ostensibly 43-bit keys on her first guess. In another we show how an attacker who compromises a user's cryptographic key can then infer that user's biometric, thus revealing any other key generated using that biometric. We hope that by examining the pitfalls that occur continuously in the literature, we enable researchers and practitioners to more accurately analyze proposed constructions.