Featured Research

from universities, journals, and other organizations

BioVault Locks Up Biometrics

Date:
August 4, 2009
Source:
Inderscience Publishers
Summary:
A system that allows biometric data to be used to create a secret key for data encryption has been developed by researchers in South Africa.

A system that allows biometric data to be used to create a secret key for data encryption has been developed by researchers in South Africa. They describe details of the new technology in the International Journal of Electronic Security and Digital Forensics this month.

If a user, a web customer say, wishes to send a message or other data to another user, an online shop, over an unsecured network, the message must be encrypted to avoid interception of sensitive information such as passwords and credit card information.

Encryption relies on authentication being symmetric to work. In other words, the user's password or PIN must match the password or PIN stored by the online shop to lock and unlock the data. This is because encryption systems use the password or PIN to produce, or seed, a random number that is used as the cipher for encrypting the data. If the passwords do not match exactly then the seed will be incorrect, the random number different and the decryption will fail.

One way to avoid users having to remember endless, complicated passwords is to use biometrics, including fingerprints, iris pattern, face recognition. However, biometrics is not a symmetric process. The initial recording of biometric data samples only a limited amount of the information, the pigment patter in one's iris, for instance. The unlocking process then compares the iris pattern, or other biometric "token", being presented for access with the sample stored in the database. If the match is close enough, the user can gain entry.

The reason for this asymmetry is that any biometric system takes only a digital sample of data from the fingerprint or iris, for instance. Moreover, even the legitimate user will not be able to present exactly the same biometric data repeatedly. The close enough aspect of biometrics does not make biometrics insecure, provided that the closeness is very precise, but it does mean that biometric tokens cannot be used to create a secret key for an encryption algorithm.

Bobby Tait and Basie von Solms of the University of Johannesburg, Gauteng, South Africa, explain how biometrics can nevertheless be used to make a consistent secret key for encryption.

In conventional encryption, if Alice wishes to send a secret message to Bill, then she must encrypt the message, whether it is an email or credit card details transmitted from her computer to the online shop. In order for the encryption algorithm to provide cipher text that is random, a secret key must be provided. Alice and Bill must share exact copies of their secret key for this to work.

Aside from the asymmetry in biometrics, this approach will not work because Alice and Bill cannot provide the same biometric token to encrypt and decrypt the message. Now, Tait and von Solms have used the so-called BioVault infrastructure to provide a safe and secure way for Alice and Bill to share biometric tokens and so use their fingerprints, iris pattern, or other biometric to encrypt and decrypt their data without their biometrics being intercepted.

The BioVault encryption system works as follows:

  • In phase 1, Alice identifies herself to the authentication server, and indicates that she wants to send an encrypted message to Bill and requests Bill's biometric key from the server.
  • In phase 2, the server retrieves a random biometric key from Bill's stored biometric keys.
  • In phase 3, Alice uses the biometric key to encrypt her message and sends it to Bill.
  • In phase 4, Bill receives the message sent by Alice, and decrypts the message by testing the biometric keys in his database against the received cipher text.

The fact that each biometric key (data) is unique means that the BioVault system can irrevocably identify and authenticate users through their biometric keys (data) and detect fraudulent use of biometric keys.

Tait adds that the same approach could also be used to digitally sign electronic documents, files, or software executables using biometrics. He will be presenting the team's results on this aspect of their work in the UK at the beginning of September. "If passwords or tokens are used for authentication, only the password or token is proven as authentic - not the user that supplied the token or password," he explains, "Biometrics authenticates the user directly - this was one of the drivers behind the BioVault development."


Story Source:

The above story is based on materials provided by Inderscience Publishers. Note: Materials may be edited for content and length.


Journal Reference:

  1. BioVault: biometrically based encryption. Int. J. Electronic Security and Digital Forensics, 2009, 2, 269-279

Cite This Page:

Inderscience Publishers. "BioVault Locks Up Biometrics." ScienceDaily. ScienceDaily, 4 August 2009. <www.sciencedaily.com/releases/2009/07/090731085817.htm>.
Inderscience Publishers. (2009, August 4). BioVault Locks Up Biometrics. ScienceDaily. Retrieved July 23, 2014 from www.sciencedaily.com/releases/2009/07/090731085817.htm
Inderscience Publishers. "BioVault Locks Up Biometrics." ScienceDaily. www.sciencedaily.com/releases/2009/07/090731085817.htm (accessed July 23, 2014).

Share This




More Matter & Energy News

Wednesday, July 23, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Government Approves East Coast Oil Exploration

Government Approves East Coast Oil Exploration

AP (July 18, 2014) The Obama administration approved the use of sonic cannons to discover deposits under the ocean floor by shooting sound waves 100 times louder than a jet engine through waters shared by endangered whales and turtles. (July 18) Video provided by AP
Powered by NewsLook.com
Sunken German U-Boat Clearly Visible For First Time

Sunken German U-Boat Clearly Visible For First Time

Newsy (July 18, 2014) The wreckage of the German submarine U-166 has become clearly visible for the first time since it was discovered in 2001. Video provided by Newsy
Powered by NewsLook.com
Obama: U.S. Must Have "smartest Airports, Best Power Grid"

Obama: U.S. Must Have "smartest Airports, Best Power Grid"

Reuters - US Online Video (July 17, 2014) President Barak Obama stopped by at a lunch counter in Delaware before making remarks about boosting the nation's infrastructure. Mana Rabiee reports. Video provided by Reuters
Powered by NewsLook.com
Crude Oil Prices Bounce Back After Falling Below $100 a Barrel

Crude Oil Prices Bounce Back After Falling Below $100 a Barrel

TheStreet (July 16, 2014) Oil Futures are bouncing back after tumbling below $100 a barrel for the first time since May yesterday. Jeff Grossman is the president of BRG Brokerage and trades at the NYMEX. Grossman tells TheStreet the Middle East is always a concern for oil traders. Oil prices were pushed down in recent weeks on Libya increasing its production. Supply disruptions in Iraq fading also contributed to prices falling. News from China's economic front showing a growth for the second quarter also calmed fears on its slowdown. Jeff Grossman talks to TheStreet's Susannah Lee on this and more on the Energy Department's Energy Information Administration (EIA) report. Video provided by TheStreet
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins