of 5

ECC Based Biometric Encryption for Network Security

Published on January 2017 | Categories: Documents | Downloads: 32 | Comments: 0





ECC Based Biometric Encryption for Network Security
Avanindra Kumar Lal and Sandip Dutta
Abstract— This paper provides the network security with the help of elliptic curve cryptosystem and biometric. Most of the RSA –based hardware and software products and standards require big key length for higher security level. We propose a method which provides more security with less key length and also there is no need to store any private key anywhere. This paper focuses to create and share secret key without transmitting any private key so that no one could access the secret key except themselves. In this proposed method fingerprint is taken as a private key and for key management elliptic curve Diffie-Helman algorithm is used and as a result high level security is achieved. Index Terms— Cryptography, ECC, Biometric, Fingerprint, MD5.

——————————  ——————————

he widespread use of computers, and the attack to which they are vulnerable, has expanded the need for secure communication. While more than two parties communicate to each other then they worried about confidentiality, data authentication non repudiation and privacy etc [1]. To secure the communication currently there are two popular kinds of cryptographic protocol namely public key and symmetric key protocol. In symmetric key protocol such as DES, IDEA and AES [2], a common key is used by both sender and receiver for encryption and decryption. This system provides high speed but have the drawback that a common key must be established for each pair of participants. In public key protocol there are two keys, public key and private key by which message can be encrypted and decrypted. One is kept private by owner and used for decryption. The other key is published to be used for encryption. Some of the most useful example of the public key cryptography is RSA, ElGamal and DSA [3]. Although these systems are slower but they provide arbitrary high level security. Due to comparative slowness of the public key cryptography algorithms, dedicated hardware support is desirable. Most of the network and standards that uses public key cryptography for encryption and digital signature uses RSA. The key length for secure RSA has increased over recent years, and this is putting a heavier load on application of RSA. Thus it creates extra computation cost and processing overhead. Thus in this paper we have used ECC (Elliptic Curve Cryptography). The principal attraction of ECC compared to RSA is that it offers higher security per bit with smaller key size. It provides higher security per bit. Since elliptic curve cryptography has smaller key size, hence it also reduced the computation power, memory and band-


width. This paper is organized as follows. In section 2, we provide the review of the elliptic curve cryptography, why we use elliptic curve cryptography instead of RSA or other cryptography system, the implementation method of ECC and its mathematical operation and method for finding all points on the elliptic curve on which we have to encrypt the message. We describe the Elliptic Curve Diffie-Hellman Algorithm (ECDH) in this section for generating key. In section 3 we describe about the biometric and importance of fingerprint over the biometric, why we use fingerprint instead of iris, face, retina or other biometric. In section 5 we describe how can we encrypt and decrypt the message by the help of fingerprint as a private key. In section 6 we describe the merits of the suggested approach. We conclude the paper in section 7.


In 1985, Neil Koblitz [4] and Victor Miller[5] independently proposed the use of elliptic curve cryptography. Since 1985, there have been a lot of studies concerning elliptic curve cryptography. The use of ECC is very inviting for various reasons [1, 3, 6, 7]. The first and probably most important reason is that ECC offers better security with a shorter key length than any other public-key cryptography. For example, the level of security achieved with ECC using a 160-bit key is equivalent to conventional publickey cryptography (e.g. RSA) using a 1024-bit key [3]. There are huge importances of shorter key lengths especially in applications having limited memory resources because shorter key length requires less memory for key storage purpose. Elliptic curve cryptosystems also require ———————————————— less hardware resources than conventional public-key  Avanindra Kumar Lal is the student of Department of Computer Science and Engineering, Birla Institute of Technology, Mesra, Ranchi, Jharkhand, cryptography. Now at the security level ECC is more secure than RSA. RSA can be cracked successfully, uses 512 INDIA 835215  Sandip Dutta is with the Department of Information Technology, Birla bits and for ECC the number of bits is 97, respectively. It Institute of Technology, Mesra, Ranchi, Jharkhand, INDIA 835215 has been analysed that the computation power required for cracking ECC is approximately twice the power re-



quired for cracking RSA. ECC provides higher level of security due to its complex mathematical operation. Mathematics used for ECC is considerably more difficult and deeper than mathematics used for conventional cryptography. In fact this is the main reason, why elliptic curves are so good for cryptographic purposes, but it also means that in order to implement ECC more understanding of mathematics is required. A short introduction to mathematics behind elliptic curve cryptosystems is given in this paper; however, this paper should give a good overall picture of ECC and its implementation issues.

And λ = ((y2-y1)/(x2-x1)) mod p Rule 5. (Doubling): If y1≠ 0,then (x1,y1) +(x1,y1)=2(x1,y1)=(x3,y3). Where x3=(λ2-2x1)mod p y3=(λ(x1-x3)-y1)mod p And λ=((3x12+a)/2y1) mod p. Rule of Subtraction: (x1,y1)-(x2,y2)=(x1,y1)+(x2,-y2) Rule of Multiplication: Suppose P is a point on elliptic curve P=(x, y) Thus 8*P =P+P+P+P+P+P+P+P =2P+2P+2P+2P =4P+4P

2.1 Mathematics behind Elliptic Curve Cryptosystem
Cryptographer noticed that elliptic curves behaved conveniently when operations were performed with prime modulus. That means cryptographer elliptic curve is in the form y2 mod p=(x3+ax+b) mod p 3+27b2≠0 and p is a prime number and a, b is Where 4a the parameter of the curve, here variables and coefficient are all restricted to elements of a finite field. There are two families of elliptic curve are used in cryptography application [8, 9, 10]. 1. Prime Curves over Zp . 2. Binary Curves over GF (2m). In Binary curve defined over GF (2m), the variables and co-efficient all take on values in GF(2m) and in calculation performed over GF(2m). In Prime Curve over Zp we use a cubic equation in which the variables and co-efficient all take on values in the set of integers from 0 through (p-1) and in which calculations are performed modulo p. This paper is based on the prime curves over Zp. For example, lets take our elliptic curve is y2mod 11=(x3+ax+2) mod 11

2.3 Point on ECC
For any operation on elliptic curve, first of all we have to find the all point of that curve [10]. Thus for finding the point on the curve firstly we have to chose any elliptic curve. Suppose y2 mod p=(x3+ax+b) mod p is an elliptic curve Where 4a3+27b2≠0 Then points on this curve are the set Ep (a, b) consisting of all pairs of integers (x, y), which satisfy the above equation together with the point Zero. Method for finding the points on the curve is as follows Step 1.Determine the L.H.S of elliptic curve For all (x,y) € Zp. Step 2.Determine the R.H.S of elliptic curve For all x,y € Zp. Step 3.Choose the Pair of corresponding value of x and y as a pair for all x, y € Zp for which L.H.S.=R.H.S. Step 4.All pairs of such (x, y) are the point on the curve. Example If in above curve, value of p=11, a=1, b=1, then points on the elliptic curve are (0,1),(2,0),(3,3),(3,8),(4,5) etc.

2.2 Arithmetic Operation in Elliptic Curve Cryptosystem
The rule of mathematical operation on elliptic curve is different form the rule conventional mathematical operations. If we want to add two points of elliptic curve operation there are some rules which are as follows [8, 9, 10]. Rules of Addition: Rule 1. Infinity + Infinity= infinity. Rule 2. (x1,y1) + Infinity=(x1 ,y1). Rule 3. (x1 ,y1) +(x1, -y1)=Infinity. Rule 4. If x1≠ x2 then (x1 , y1) +(x2, y2) =(x3, y3). Where x3 =(λ2-x1-x2) mod p, y3 = (λ(x1-x3)-y1) mod p

then what we have to do. For this and all arithmetic

2.4 ECDH (Elliptic Curve Diffie-Hellman Algorithm)
Elliptic curve Diffie-Hellman algorithm is the DiffieHellman algorithm for the elliptic curve [3, 8]. The original Diffie-Hellman algorithm is based on the multiplicative group modulo p, while the elliptic curve DiffieHellman (ECDH) protocol is based on the additive elliptic curve group. We assume that the underlying field GF (p) is selected and the curve E with parameters a, b, and the base point P is set up. The order of the base point P is



equal to n. The standards often suggest that we select an elliptic curve with prime order, and therefore, any element of the group would be selected and their order will be the prime number n. At the end of the protocol the communicating parties end up with the same value K which is a point on the curve. A part of this value can be used as a secret key to a secret-key encryption algorithm. Suppose there are two users Alice and Bob. According to the Diffie-Hellman the key generation and exchange is as follows. Steps1. Alice chooses her elliptic curve and two points. Step 2. Alice also chooses his secret value dA which is a random number. Step 3. Now suppose Alice curve parameter is (a, b), prime number is P Step 4. Now Alice compute the Pa=dA*G. Step 5. Now Pa is the public key of the Alice. Step 6. Bob gets the Alice’s public key and computes his own dA which is also a random number. Step 7. Now Bob multiply db with G and compute Pb= db* G Step 8. This Pb is the bob public key. Step 9. Now Bob then multiply db*Pa and gets the secret key, i.e. K=db*Pa Step 10. Similarly Alice multiply his own private key with Bob’s public value and gets the secret key. i.e. K=da*Pb. Step 11. Thus secret key is K=da*Pb=db*Pa=da*db*G; Step 12. By exchanging the key through this method both Bob and Alice can communicate safely. Bob can use the secret value he computed to build an encrypting key. When Alice gets the message from Bob, she use the secret value she computed to build the decrypting key. Its the same secret value, so they use the same key. Thus what Bob encrypts Alice can decrypt.

In general, a fingerprint examiner relies on details of ridge structures of the fingerprint in order to make fingerprint identifications. And the structural features are composed of the points where ridges end or bifurcate, that are called minutiae. At first, the fingerprint image of an enrolee is acquired and pre-processed. Then, the minutiae are extracted from the raw image and stored as enrolled template. And in the verification phase, it reads the fingerprint from a claimer, and detects the minutiae information through the same procedure as in the enrolment phase. Then, it estimates the similarity between the enrolled minutiae and the input minutiae. When we get the template of fingerprint then use this template as a private key for that individual for message encryption and decryption. Since fingerprint sample is unique so no one can access it [11, 12, 13, 16].


Fingerprint authentication is possibly the most sophisticated method of all biometric technologies and has been thoroughly verified through various applications. Fingerprint authentication has particularly proved its high efficiency. Even features such as a person’s gait, face may change with passage of time and may be fabricated or imitated. However, a fingerprint is completely unique to an individual and stayed unchanged for lifetime. This exclusivity demonstrates that fingerprint authentication is far more accurate and efficient than any other methods of authentication. Also, a fingerprint may be taken and digitalized by relatively compact and cheaper devices and takes only a small capacity to store a large database of information. With these strengths, fingerprint authentication has long been a major part of the security market and continues to be more competitive than others in today’s world. Fingerprint identification process consists of two essential procedures: enrolment and authentication. Taking the following steps completes each procedure:

The main problem of asymmetric cryptography is the management of private key. No one should be able to access someone else’s private key. They need to store in such a place which is protected from unauthorized ac-



cessing. This is vulnerable to attack of hackers. This creates big problem in asymmetric cryptography. Thus it can be solved by the use of biometric template. Private Key can be generated directly by the biometric template. Since private key can be generated dynamically from one’s biometric template, so there is no need to store private key any more and network becomes more secure and safe. But there are very little work has been done in the field of elliptic curve cryptosystem with the help of biometric. One of the suggested approach is given [1]. However these biometric has lots of issue regarding training, capturing image, obscuredity by eyelash, eyelids etc from the camera,lack of existing data deters ability, cost etc. For some individuals ,the iris image capturing is very difficult. Iris recognition system requires lots of memory to be stored. It is easily absured by eyelash, eyelids, lens and reflectness from the cornea. People are not much familiar with iris recognition system yet, so there are lots of myths and fears related to scanning the eye with light source. Iris recognition system works on the basis of acquisition of iris image, but acquisition of an iris image needs more training and attractiveness than most biometrics. It also cannot verify by human. The most problem with iris recognition system is its expensiveness. When we compare all biometric then we show that fingerprint is the most adequate methodology for authentication [14, 15, 16]. Hence in proposed method we have used fingerprint as a private key instead of other biometric.

Suppose user ‘A’ wants to send a message to user ‘B’ .Then first task in this system to encode the plaintext message to be sent as a point Pm (x, y). It is the point Pm that will be encrypted as a cipher text and subsequently decrypted. After mapping of points [17] with user message characters on elliptic curve, they can encrypt the message by following steps. Step 1. Suppose User A encodes the message m as Pm=(x,y) Step 2. User A take his private key from his fingerprint suppose it is k Step 3. User A compute the k*G Step 4. User A compute the Pm+k*Pb here Pb is the public key of user B and Pm is the message Step 5. User A take the Cm=(k*G, Pm+k*Pb) as a cipher text Step 6. User A can send this cipher text to User B

5.3 Message Decryption
For Message decryption we have to do following procedures. Step1. User B takes the first point of the encrypted message. Step 2.User B now compute db*k*G. Step 3.User B Then subtracts it with his second point.

In this paper we use fingerprint and cryptographic hash function to generate private key.

5.1 Method for generating public key and private key
To generate private key, we take the fingerprint of the user and generate its hash value by the help of MD5 cryptographic hash function [9]. This resultant hash value is the private key of the user. Suppose this value is da for use A and db for user B. Now to generate public key in elliptic curve cryptosystem by the help with this private key is as follows:Step1.-Both user choose the same large prime ‘p’ and the elliptic curve parameter ‘a’ and ‘b’ such that y2 mod p=(x3+ax+b)mod p Where 4a3+27b2≠0 Step 2-Now choose any one point G(x,y) from this elliptic curve. This point is called the base point of the curve. Step3:-Compute Pa=da *G(x,y) This Pa is called the public key of user A. To generate public key of user B same operation can be performed by the help with private key of user B.

Step 4.Thus user B compute Pm+k*Pb-db*k*G =Pm-k(db*G)+kPb =Pm-kPb+kPb =Pm Step 5.The message Pm is the required message of User B which is sent by User A.

Traditional methods for implementing public key infrastructure and encryption and decryption techniques faces lots of problem such as key management, key storing, key privacy etc. Our proposed approach can handle such problems. Here we are using fingerprint as a private key so that there is no need to store any private key and also fingerprint has lots of merits over other biometrics like it is most user friendly and cheaper. Fingerprint recognition also has some outstanding features like universality, permanence, uniqueness and accuracy. Comparing to other biometrics we can see that it is the most adequate biometric as shown in table 1[15]. As we are using elliptic curve cryptosystem, so we can achieve high level security with very shorter key size [1, 2, 6]. Thus it also solves the

5.2 Message Encryption



key size problem. As we know that ECC requires very complex mathematical operation (because of elliptic curve Diffie-Hellman problem, which is harder than discrete logarithmic problem) therefore security strength per bit is also very high.

In this paper, communication between more than one networks becomes very secure with the help of elliptic curve and fingerprint. The main advantage is that it requires very less key size and gives high level of security with cheapest biometric recognition system and there is no need to store any private key anywhere.Cost of fingerprint scanner is also lower than any other biometric scanner.Thus it is more efficient and highly secure using highly accurate biometric. System is also very easy to use because here fingerprint is used.

2003. [14] NSTC on Biometrics Available :www.questBiometrics.com. [15] Biometric-Comparison http://biometric.pbworks.com/w/page14811349/advantagedisadvantage. [16] S. nanawati, M. Thieme, R. Nanavati, Biometrcs Identity Verification in a networked world, Willey Computer Publishing, First edition, 2002. [17] O. S. a Rao.”Efficient mapping method for elliptic curve cryptosystems”. International Journal of Engineering Science and Technology, Vol. 2, no. 8, pp. 3651-3656, 2010. Avanindra Kumar Lal received his B.E. degree in Information Technology from Dr. B. R. Ambedkar University, Agra, India. He is persuing M.Tech degree in Computer Science at Birla Institute of Technology, Mesra, Ranchi, Jharkhand, India. Sandip Dutta is working as an Associte Professor in the Department of Information Technology, Mesra, Ranchi, Jharkhand, India. He has fourteen years of experience in industries and nine years of teaching experiences. He has published three papers in international journals. His rearch interests are in the areas of Network Security, Biometric and Cryptography.

[1] S. Mohammadi, S. Abedi, “ECC based biometric swignature : A new approach in electronic banking security”,in International Symposium on Electronic Commerce and Security (ISECS ’07), pp. 763-766, 2008.,doi:10.1109/ISECS.2008.98. William Stallings ,Cryptography and Network Security Principles and Practices ,PEARSON Prentice Hall,Edition Fourth,2007. H.X.Mel,Doris Baker,Cryptography Decrypted,AddisionWesley,Edition 2011. N. Koblitz,”Elliptic Curve Cryptosystem”,Mathematics of Computation, no. 48,pp. 203-209,1987. V. Miller,”Uses of Elliptic Curve in Cryptography”,Advances in Cryptology-Crypto ’85,Lecture Notes in Computer Science,218(1986), Springer-Verlag, pp. 417-426. Mrs. S. Prasanna Ganesan,”An Asymmetric Authentication Protocol for Mobile Devices Using Elliptic Curve Cryptogphy”,ICACC, pp. 107-109. X. Zhou,”Elliptic Curves Cryptosystem Based Electronic Cash Scheme with Parameter Optimization,Pacific-AsianConference on Knowledge Engineering and Software engineering(KESE ’09),pp182-185, 2009,doi: 10.1109/KESE.2009.55. Manoj Kumar,Cruptography and Network Security ,Krishna Prakashan Media(P) Ltd. Socond Edition 2007. Anoop MS,Elliptic Curve Cryptography, An implementation tutorial,Tata Elexsi Ltd,Thiruvananthapuram,India. Christophe Doshe and Tanja Lange, “Arithmetic of Elliptic Curves- chapter 13” from “Handbook of Elliptic and hyper elliptic Curve cryptography” by Henri Cohen, Gerhard Frey, Chapman and Hall/CRC, Taylor and Francis Group, 2006. Z. Ahmad Jhat, A. Hussain Mir,S. Rubab,“Fingerprint Texture Feature for Discrimination and Personal Verification “ Third international conf. On Emerging Security,System and Technologies(SECURWARE ’09), doi: 10.1109/SECURWARE.2009.42, pp. 230-235, 2009. H. Udb –Din, A. Al-Jaber,”Securing online shoping using biometric personal authentication and stagenography”,ICTTA’06, 2006, pp. 233-238. John D. Woodward,Jr. Nicholas M. Orlans,Peter T Higgins,Biometrics The ultimate reference,Dreamtech Press,Edition


[3] [4] [5]



[8] [9] [10]




Sponsor Documents

Or use your account on DocShare.tips


Forgot your password?

Or register your new account on DocShare.tips


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in