Bio-cryptographic authentication in cloud storagesharing

Marius-Alexandru Velciu1,4, Alecsandru Patrascu2,4 and Victor-Valeriu Patriciu31,2,3Military Technical Academy, Computer Science Department, Bucharest, Romania

4Advanced Technologies Institute, Bucharest, RomaniaEmail : 1alexandruvelciu@gmail.com, 2alecsandru.patrascu@gmail.com, 3victorpatriciu@yahoo.com

Abstract—One of the relative recent approaches for enhancingthe modern cryptosystems security is to add the biometricslayer to the existing cryptographic infrastructures. The BiometricEncryption process proposes to combine the soft biometrics withexisting cryptographic keys, overcoming many of the traditionalbiometric systems vulnerabilities.

In this paper we propose a new and novel implementationfor a bio-cryptographic infrastructure, as a safer authentica-tion mechanism for Cloud storage sharing. We talk about thearchitecture of our approach and we emphasize the benefitsbrought by combining the two fields, such as storage encryptionand access control. Our implementation resides on a voice-basedauthentication mechanism, which confers access to the systemand allows the recovery of the shared access storage encryptionkey.

Keywords - bio-cryptography; biometric encryption; fuzzy-vault algorithm; cepstral analysis; cloud computing; secure datastorage; cloud computing access control.

I. INTRODUCTION

Cloud computing has become in the last years a paradigmthat attracts more and more researchers. One of the mainresearch areas in this field is the way in which common dataand processing power can be shared and distributed acrosssingle or multiple datacenters that are spread across a specificgeographical area or even the entire globe. In this context anew need for IT experts is increasing: the need to know exactlyhow, where and in what condition is the data from the cloudstored, processed and delivered to the clients.

Historically, the main drawback of Cloud technology adop-tion was given by the lack of confidence it gained frompotential beneficiaries, especially casual Internet users. Themain questions that still arise, concerning Cloud, are not aboutthe technology, neither the costs involved, but about the waysof preserving information confidentiality and secure authenti-cation methods. Moreover, considering the exponential growthof modern security threats, and their level of sophistication,the traditional authentication mechanisms are far from secure,nowadays. Password based authentication, which is still usedin over 75% of web applications, has a major drawback,as passwords can be easily lost, stolen or guessed, throughbrute force attacks, social engineering, or even accidentally.As passwords are used, in most cases, to control accessto cryptographic keys, too, even modern cryptosystems arevulnerable to many attacks.

One of the latest approaches proposed to address the userauthentication and key security issues is to generate strong

credentials / keys from biometric data, or to bind the existingones with unique biometric features. The sections concerningbiometrics and bio-cryptography will prove that the secondscenario is far more feasible and reliable, as biometric datatend to have considerable intra-class variations, which makesit very difficult to generate stable cryptographic keys.

In this paper we present a new and novel way in which wecan integrate two different fields: bio-cryptography and cloudcomputing. We talk in detail about biometrics technologiesand their benefit in the field of applied distributed computing.This approach is well suited for field where the online storeddata must be kept safe and be deciphered only by its owner,data such as personal medical records.

Our proposed authentication mechanism uses cepstral analy-sis for implementing a speaker verification system, that allowsto recover the initially random generated PIN, which grantsaccess to the system and to the corresponding area of thecommon encrypted shared storage.

The rest of the paper is organized as follows. In section2 we present some of the related work in this field, that islinked with our topic and in section 3 we present briefly somebiometric notions and the target of our research. The section4 contains the proposed architecture and implementation. Sec-tion 5 contains some experimental results collected from ourtest environment and in section 6 we conclude our document.

II. RELATED WORK

As it can be seen in [1], [2] and [3], there are previousresearch that propose the combination of biometrics andcryptography, with the purpose of developing a verificationsystem. All three above mentioned references suggest thebinding of soft biometric traits and credentials within FuzzyVault scheme, enhancing user security and privacy.

N. Radha et al. propose a biometric verification system,investigating the combined usage of retina biometric features,hardened by Fuzzy Vault scheme [3]. Experiments showedvery good performances, as retina is considered capable ofproviding best results, when it comes to biometrics.

Nandakumar et al. present also a fully automatic imple-mentation of the Fuzzy Vault scheme, based on fingerprintminutiae [1]. They proposed the extraction of high curvaturepoints derived from the fingerprint orientation and their use ashelper data to align the template and query minutiae. Further,they applied a minutiae matcher for non-linear distortion and

– 165 –

9th IEEE International Symposium on Applied Computational Intelligence and Informatics • May 15-17, 2014 • Timişoara, Romania

978-1-4799-4694-5/14/$31.00 ©2014 IEEE

showed that performance improvement can be achieved byusing multiple fingerprint impressions (multiple biometrics).

The field of cloud secure storage is also starting to emergealong with the ones presented before. In this directions, wefind thesis, such as the one of Zawoad et al [4] which presentan architecture for a secure cloud logging service that can beeasily adapted to regular file storage. The central idea in theirpaper is the interaction between multiple modules across thecloud infrastructure in order to create a secure environmentfor processing and storing data.

Furthemore, Bellare et al talk about the possibility of storingthe data on a remote cloud without having the problems ofinformation leakage between users [5]. They take a next step inthis approach as they propose also a way of data de-duplicationwithout decrypting any bit of information.

III. ABOUT BIOMETRICS

Biometric technologies introduced the third dimension ofuser authentication, based on what each person represents, inaddition to the ones based on what users know (passwords,PINs) or have (tokens, smart-cards or any other special de-vices).

A. Biometric system

Biometric systems identify persons based on the uniquenessof their anatomical or behavioural traits. They possess a highlevel of naturalness and user acceptance, as biometric traitscan’t be lost or forgotten, and they are more difficult tocounterfeit.

On the other hand, the main disadvantage when using bio-metrics is given by the fact that they are subject to variability,as no two samples will be perfectly identical, even when takenfrom the same person and processed in the same conditions.This concludes that biometric systems do not have 100%accuracy, as biometric samples are not identical.

When a biometric system cannot perform a proper match,for a legitimate user, we are dealing with a false rejectcase. Apart from improving the biometric sampling conditions,which are limited too, a biometric system designer can lowerthe threshold for legitimate authentication attempts. But, thisis where the security breaches enlarge, as illegitimate userscan enter the system easier, and false acceptance situationsmultiply. This is well known as the false acceptance - falserejection trade-off, which occurs when designing every bio-metric system, as one error rate cannot be lowered withoutincreasing the other one’s value [6].

B. Why bio-cryptography?

In addition to the unauthorized access issues mentionedabove, another important aspect that needs to be taken intoconsideration is the biometric samples security, especially forthose stored into the system. Biometric systems database secu-rity is a major concern, as they represent important targets forpotential attackers. Due to their unique correlation with theirowners, biometric samples represent Personally IdentifiableInformation (PII), and their collecting, use and disclosure fall

under current legislation involving legal rights of their owners[6].

Moreover, the matcher module of a biometric system out-puts a binary response, of type Yes/No, that rejects or grantsaccess to the system. This type of decision making can leadto important security breaches, as the simply compromisingof the matcher will allow an attacker to have full control overthe entire system.

The aspects described above give rise to a series of vulner-abilities, in front of various types of attacks, like spoofing,replay attack, substitution attack, tampering, Trojan horseattack or overriding the Yes/No response.

Latest decade studies came with a possible solution forimproving the traditional biometric systems security, the Bio-cryptography domain, which proposes to secure an existingpassword, secret PIN or cryptographic key by combining themwith a biometric, such that none of them can be retrieved fromthe resulting bio-cryptogram, without a fresh sample, takenfrom the same user.

Bio-cryptography can implement the following operatingmodes, as stated in [7]:

• Key release: biometric authentication is completely de-coupled from the key release mechanism. The biometrictemplate and the key are stored separated, the key beingreleased only if the matching process result is success-fully;

• Key binding: the key and the template are bound togetherwithin a cryptographic framework, as described in Figure1;

• Key generation: the key is derived directly from thebiometric data, not being stored in the database.

Figure 1. Operation of a bio-cryptographic system in key binding mode

From the bio-cryptosystems operating modes describedabove, the easiest to implement is the key release mode one,but it has the same major drawback as any traditional biometricsystem, as the possibility to override the biometric matcher

M.-A. Velciu et al. • Bio-Cryptographic Authentication in Cloud Storage Sharing

– 166 –

persists, since authentication and key release are separateentities in this model.

The key generation operating mode seems like a verypromising one, as biometric data have a high level of entropy,which could allow the generation of strong cryptographic keys.Unfortunately, this scenario has a major drawback too, givenby the intra-class variation of the biometric samples, whichmakes it impossible to regenerate exactly the same keys, everytime, with a bit-level precision.

The remaining operating mode, key binding, is the most suc-cessfully used in Bio-cryptography and represents the equiva-lent of the Biometric Encryption, the representative process forBio-cryptography domain, described in the following section.

C. Biometric Encryption

Biometric Encryption (BE) represents the process of se-curely binding a secret value (a password, PIN or crypto-graphic key) with the biometric data, using a bio-cryptographicalgorithm. It is recommended that the secret value is randomlygenerated during the enrolment phase, such that not even thelegitimate user knows it. At the end of the BE process, boththe secret value and the biometric sample are being discardedfrom the system. The entire process can be seen in Figure 2.

Because there is no correlation between the biometric sam-ples and the data being secured, the resulting bio-cryptogram,so-called private biometric template, can be discarded andupdated whenever needed, as many times it is necessary, due tocompromising the current one. The same scenario can apply ifthe secured value cannot be recovered anymore (for example,because of some alteration in the biometric traits of the user),re-running the enrolment procedure will allow the same userto recover his access, without opening any security breach, oreven compromise the old credentials.

During the secret value recovery phase, the so-called Bio-metric Decryption process, the user must provide a freshbiometric sample, which resembles the original one with asimilarity score higher than a pre-settled threshold.

Figure 2. Biometric Encryption and Decryption

In this case, the matcher module response is not anymorea binary one, since its output is either the recovered secretvalue, either a rejection message, suggesting the impossibilityof recovering it. Moreover, since the biometric samples arediscarded after both the decryption and encryption processes,BE addresses many of the vulnerabilities encountered withinbiometric systems, being resistant to substitution, tampering,Trojan horse or overriding matcher module attacks.

IV. PROPOSED IMPLEMENTATION

As a possible solution for enhancing Cloud shared storageaccess, we propose a Biometric Encryption based authentica-tion method, which relies on the implementation of the FuzzyVault bio-cryptographic algorithm.

A. Fuzzy-Vault algorithmBiometric Encryption algorithms are designed to take into

account for intra-class variations of the samples. On the otherhand, these accepted variations must be small enough, makingit impossible to run successfully the decryption algorithm,using a different enough sample. Setting this threshold’svalue is the biggest challenge when working with both bio-cryptographic, and biometric systems.

Fuzzy Vault is a bio-cryptographic construction, designedto work with biometric features (input data must always berepresented as unordered data sets). The encrypted secret valuecan be recovered only if the query data for this purposeoverlaps substantially with the data set used for encoding. Thesecurity of the Fuzzy Vault algorithm resides in the difficultyof the polynomial reconstruction problem [1].

During the encryption phase, the secret value S (PIN,password or a cryptographic key) is split into groups of bbits each (the coefficients), in order to form the polynomialconstruction P , of degree k. Using the biometric query Q,and the polynomial construction, the genuine points set G iscalculated as G = (xi, P (xi)), i = 1...t, where xi representseach biometric template data value and t represents the totalnumber of biometric template data set points that are encodedin the construction. The last step needed to complete theencryption process (and probably, the most important one), isthe generation of a large number of random chaff set points,C = (ci, di), i = 1...m, that do not lie on the polynomialP , with the purpose of diffusing (hiding) the genuine points.The Fuzzy Vault bio-cryptogram is obtained as the scrambledreunion of the two data sets, the genuine and the random chaffpoints: V = G ∪ C.

Existing papers in the field recommend a number of dif-fusion points at least ten order of magnitude higher than thegenuine ones [9].

The decryption operation can be attempted only by provid-ing another fresh biometric query, Q. From this new sample,candidate points are identified by comparison with the abscissavalues of the points residing in the Fuzzy Vault construction.If a sufficient number of points that lie on polynomial P canbe identified, then the Lagrange Interpolation can be used toexactly reconstruct P and recover the secret S. The minimumnumber of points necessary to reconstruct a polynomial ofdegree k is k + 1.

– 167 –

9th IEEE International Symposium on Applied Computational Intelligence and Informatics • May 15-17, 2014 • Timişoara, Romania

B. Biometric encryption and cloud storage

As we have stated in the beginning of the paper, one ofthe most interesting usages of biometric encryption techniquesis in the case of encrypted data storage in shared distributedsystems such as cloud computing environments.

We have started from the following scenario. Let’s assumethat a patient must visit a doctor for a treatment in a hospital.The doctor does not know anything about the patient, asit is the first time visiting. Furthermore, the patient doesn’trecall exactly the entire medical history to help him. Instead,the doctor can ask the patient, which holds the data storedencrypted in a public health information cloud, to unlock anddecrypt his data so he can read the entire history and take wellinformed decisions. The data is stored over the remote cloudusing an algorithm that uses a key derived from the patient’svocal commands or a certain spoken passphrase.

The system proposed has a modular architecture. In ourresearch we have started from our previous work[10], on topof which we have included biometric encryption algorithms.We can see clearly represented in Figure 3 four cloud layersand one for biometric data processing: the management layer,the virtualization layer, the processing layer and the encrypteddata layer.

In the Management layer we find the modules responsiblewith enabling all the operations specific to the cloud, aspresented in the previous sections. The Security module isresponsible with all security concerns related to the cloudsystem; for simplicity we can consider it as an intrusiondetection and alarming module. The Virtual jobs modulecreates an abstraction between the data requested by the userand the payload that must be delivered to the cloud system.The Scheduler module has the responsability of efficientlyschedule the jobs to the virtualization layer and the Hypervi-sor and cloud interface modules act like a translation layerthat is specific to a virtualization software vendor; it mustimplement each vendor API specifications. Finally, we cansee the Load distribution module, which is responsible withhorizontal and vertical scaling of the requests received fromthe scheduler.

In the Virtualization layer we find the actual workstationsthat host the virtual machines and prepare the user data forthe actual processing and encryption.

The Processing layer has the purpose of analysing, ordering,processing and aggregating the data stored in the previouslayer. Since all these steps are computing intensive, the entireanalysis process will be made in an offline manner and willbe available to the users as soon as the job is ready. Afterthis entire process, the user will have a full encrypted imageof its personal data. In this process we will make use of theBiometric data processing architecture presented in the nextsection.

Finally, the Encrypted data layer represents the resultsstorage published by the previous layer.

C. Proposed bio-cryptographic infrastructure

Our proposed bio-cryptographic authentication and encryp-tion infrastructure is based on the implementation of the Fuzzy

Figure 3. Architecture for a biometric encryption application in cloud

Vault algorithm for voice biometrics, for the secure bindingof a random Personal Identification Number (PIN), generatedduring the enrolment phase. The PIN is used to grant accessfor the user, as a secret password, and to generate a symmetricencryption cryptographic key, that will serve as an encryptionkey for the entire user data, that will reside on the Cloudshared storage.

In Figure 4 we can see that we have chosen a 9-digitPIN, which can be represented within 32 bits of data. Apadding consisting of 80 random bits is added to the PIN,such as the partial payload reaches 112 bits of data. Thispadding is needed for obtaining a higher degree for thepolynomial construction, which will be derived from the finalsecret payload (more secure against polynomial reconstructionattacks). An appendix of 16 bits of data must be used as averification checksum [2], to allow the correct recovery of theoriginal PIN, as the decryption process might produce multiplecandidate secret values, if the number of points is larger than8 (the degree of the polynomial + 1). Each 16 bits of the final128 bits resulting payload will be mapped into a polynomialcoefficient.PAY LOAD = PIN |PADDING|CHECKSUM ,

wheresizeof(PAY LOAD) = 32 + 80 + 16 = 128bits,and the polynomial is:P (u) = c7x

7+c6x6+c5x

5+c4x4+c3x

3+c2x2+c1x+c0

Basically, an audio sample containing the utterance of achosen passphrase will serve as a biometric encryption key foreach user’s PIN. The method used for speech parametrizationis cepstral analysis, which will serve as a reliable methodfor extracting the feature descriptors, represented by cepstralcoefficients, in this case. These coefficients will serve as thegenuine points set, that will be evaluated on the polynomialcurve of the construction, derived from the PIN, as describedabove. The resulted points will be mixed with ten times morediffusion points, resulting in the final bio-cryptogram.

Both the PIN and the audio sample will be discarded fromthe system, at the completion of the biometric encryptionprocess, only the resulted bio-cryptogram and an uniqueidentifier, associated with it, will be stored in the system.

During subsequent authentication attempts, the user mustsubmit, each time, a different audio sample, containing the

M.-A. Velciu et al. • Bio-Cryptographic Authentication in Cloud Storage Sharing

– 168 –

Figure 4. Biometric Encryption (enrolment stage)

utterance of the same passphrase used during the enrolmentprocess, as can be seen in Figure 5. The same speechparametrization method is used to extract the feature descrip-tors, and the matcher module will start identifying points thatreside on the bio-cryptogram stored for the current user, withina pre-settled threshold value, which represents the maximumtolerance for a genuine point variation. If a sufficient numberof points is recovered, at least eight, the decryption algorithmwill start reconstructing all the candidate polynomials, withLagrange Interpolation, and will choose the genuine one usingthe checksum appendix. The secret PIN is recovered byconcatenating the two highest degree coefficients, more exactlythe first two coefficients.

V. EXPERIMENTAL RESULTS

The proposed biometric encryption system in Section IIIwas implemented using MATLAB. Voice biometrics perfor-mances were evaluated using a database consisting of 100fixed phrase utterances, from 50 speakers (two for each user,one phrase for enrollment, one for subsequent authentication).

For the cloud architecture, the experiments were made usingKVM as a hypervisor and QEMU and libvirt as drivers for thehypervisor. As the implementation focused more on the bio-encryption encryption, we have implemented it based on ourmaster-slave scalable architecture as a new processing job. Wepreferred this approach because it is natively scalable on top ofexisting datacenters or computer networks and can deal withlarge amount of data and connected clients.

The link between the biometric encryption system and ourcloud infrastructure was made using an additional softwaremodule that acts like a separation interface and a driver forour system. This module simply translated commands from our

Figure 5. Authentication mechanism using Biometric Decryption

cloud environment into command for MATLAB. We preferredthis due to the fact that currently MATLAB does not integratenatively to 3rd party cloud infrastructures, such as ours, anddoes not provide an open API for such integrations.

The main parameters that were altered in the biometric dataprocessing layer, for evaluating the system performance, are:the number of cepstral coefficients used, the number of filtersused, the threshold for accepting genuine points and the lengthof frame in samples.

Different False Acceptance Rates (FAR) and False RejectionRates (FRR) were obtained for variations of these parameters.The FAR was calculated for a number of fifty attempts, twolegitimate samples for each user, and the FRR was calculatedfor a number of C(50,2) = 1225 total attempts, both legitimateand impostor, of unlocking the vault. The results of theexperiments are synthetically represented in Table I.

Table ISystem experimental results

No. of coef-ficients

No. of filters Threshold Framelength

FAR FRR

12 2 0.005 300 11.3% 0%24 5 0.003 200 9.6% 4%12 2 0.003 200 7.8% 8%24 2 0.002 100 4.9% 16%12 5 0.005 200 3.6% 25%24 2 0.003 100 2.5% 32%

– 169 –

9th IEEE International Symposium on Applied Computational Intelligence and Informatics • May 15-17, 2014 • Timişoara, Romania

The experimental results highlight quite well the FAR/FRRcompromise. We see that in the first scenario, each one of thefifty users were able to recover the PIN, but with the cost ofallowing an impostor rate of 11.3%. On the other hand, thelowest FAR, around 2%, was obtained with the compromise ofrejecting one out of three legitimate users, or, said otherwise,with the risk of rejecting a legitimate user on one out ofthree attempts. The best compromise settled the two error ratessomewhere around 8%.

VI. CONCLUSION

Considering the exponential evolution of security threatsin the past decades, the development of more reliable au-thentication mechanisms has become an imperative demand,especially when dealing with Cloud technology. One of thelatest approaches for overcoming the more and more out-dated password-based approach is the combination of humanbiometrics with credentials, or cryptographic keys, withinthe Biometric Encryption process. One of the most reliablebio-cryptographic schemas is the Fuzzy Vault construction,designed to take into account the intra-class variations of thebiometric samples. Its strength relies on the infeasibility of thepolynomial reconstruction.

This paper proposes the implementation of a voice-basedFuzzy Vault authentication mechanism, for secure access andencryption support within Cloud platforms and Cloud sharedstorage. The experimental results, focused on evaluating theperformances of the biometric matcher, have shown FRR ratesvarying from 0% to 32% and FAR rates varying from 2.5%and 11.3%.

Future work will focus on enhancing the security of theproposed system, by using a random challenge based audiomodel. Also, we take into consideration the use of anotherbiometric characteristic, for improving system’s performances,somehow, without lowering too much its acceptance and easeof use.

REFERENCES

[1] K. Nandakumar and A. K. Jain, “Fingerprint-Based Fuzzy Vault: Im-plementation and Performance”, in IEEE Transactions on InformationForensics and Security, ISSN 1556-6013, pp. 744-757, 2007

[2] U. Uludag and A. K. Jain, “Fingerprint-based Fuzzy Vault”, in Depart-ment of Computer Science and Engineering Michigan State University,2007

[3] N. Radha, S. Karthikeyan and P. Anupriya, “Securing Retina Fuzzy VaultSystem using Soft Biometrics”, in Global Journal of Computer Scienceand Technology, Vol 10, No 7, pp. 13-18, 2010

[4] S. Zawoad, A.K. Dutta and R. Hasan, “SecLaaS: Secure Logging-as-a-Service for Cloud Forensics”, in ACM Symposium on Information,Computer and Communications Security, 2013

[5] M. Bellare, S. Keelveedhi and T. Ristenpart, “Message-Locked Encryp-tion and Secure Deduplication”, in International Conference on theTheory and Applications of Cryptographic Techniques, EUROCRYPT,2013

[6] A. Stoianov and A. Cavoukian, “A Positive-Sum Technology thatAchieves Strong Authentication, Security and Privacy”, in InternationalFederation for Information Processing, Volume 261, pp 57-77, 2008

[7] K. Xi and J. Hu. “Bio-Cryptography. Handbook of Information andCommunication Security”, 2010, p. 129-157

[8] A. K. Jain, P. Flynn and A. A. Ross. “Handbook of Biometrics”, Springer,2008, pp.151-170

[9] A.K. Jain, “Biometric Template Security”, in EURASIP Journal onAdvances in Signal Processing, 2008

[10] A. Patrascu and V. Patriciu, “Beyond Digital Forensics. A CloudComputing Perspective Over Incident Response and Reporting”, in IEEEInternational Symposium on Applied Computational Intelligence andInformatics, 2013

M.-A. Velciu et al. • Bio-Cryptographic Authentication in Cloud Storage Sharing

– 170 –