Sage Journals: Discover world-class research

Abstract

Ensuring protection of sensitive data in embedded devices widespread and operanting in adversary environment is a major issue. Among lot of instance of this problem, IoT is the well-know case study. In addition, very often for cost reason, the devices used in Internet of Things (IoT) do not integrate secure components (cryptoprocessor, encrypted memory, etc) like smart card. To solve this issue, this paper presents two contributions to fuzzy vault-biometric cryptosystems which can enable IoT devices supporting biometry to secure sensitive data they embed in their memory when they operate in an adverse environment. If an adversary captures a device and read content of this regular memory, it will be very difficult for him to recover the protected data using brute-force. The first advantage of the proposals is thus to enable IoT devices to still embed regular memory, to protect sensitive data, instead of an expensive native encrypted memory or to add a cryptoprocessor. The second advantage of the proposals is to enable to not require storing of helper data and thus improve security and also save memory. Obviously our proposals can also be used in already secure devices to enhance the security level. Experimental results performed using fingerprint modality show that the proposals have the potential to efficiently protect sensitive data despite the strong constrained of IoT devices.

Keywords

Biometric cryptosystem fuzzy vault internet of things sensitive data encrypted memory

Get full access to this article

View all access options for this article.

References

Biometrics market report 2009-2014, Technical report, International Biometric Group, New York: International Biometric Group, 2009.

Chen

Chang

Jin

Ren

and Li

, A novel secure architecture for the internet of things, in: Proc IEEE Int Conf Genetic and Evolutionary Computing, Kitakyushu, Japan Aug 29–Sep 1, 2011, pp. 311–314.

Clancy

T.C.

Kiyavash

and Lin

D.J.

, Secure smartcardbased fingerprint authentication, in: Proc ACM Workshop Biometrics methods and applications, Berkeley, California, Nov 2–8, 2003, pp. 45–52.

Davida

G.I.

Frankel

and Matt

B.J.

, On enabling secure applications through off-line biometric identification, in: Proc IEEE Symp Security and Privacy, Oakland, CA, USA, May 3–6, 1998, pp. 648–651.

Dodis

Ostrovsky

Reyzin

and Smith

, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, SIAM Journal on Computing 38(1) (2008), 97–139.

Gubbi

Buyya

Marusic

and Palaniswami

, Internet of things (IoT): A vision, architectural elements, and future directions, Future Generation Computer Systems 29(7) (2013), 1645–1660.

Juels

and Sudan

, A fuzzy vault scheme, Designs, Codes and Cryptography 38(2) (2006), 237–257.

Juels

and Wattenberg

, A fuzzy commitment scheme, in: Proc ACM Conf Computer and communication Security, Singapore, Nov 1–4, 1999, pp. 28–36.

Keoh

S.L.

Kumar

S.S.

and Tschofenig

, Securing the internet of things: A standardization perspective, IEEE Internet of Things Journal 1(3) (2014), 265–275.

10.

Kløve

and Korzhik

, Error Detecting Codes: General Theory and Their Application in Feedback Communication Systems, Volume 335, Springer Science and Business Media, 2012.

11.

Maio

Maltoni

Cappelli

Wayman

J.L.

and Jain

A.K.

, Fvc2002: Second fingerprint verification competition, in: Proc IEEE Int Conf Pattern Recognition, Quebec City, QC, Canada, Aug 11–15, Volume 3, 2002, pp. 811–814.

12.

Maltoni

Maio

Jain

and Prabhakar

, Handbook of Fingerprint Recognition, Springer Science and Business Media, 2009.

13.

Miller

F.P.

Vandome

A.F.

and McBrewster

, Advanced Encryption Standard, Alpha Press, 2009.

14.

Morelos-Zaragoza

R.H.

, The Art of Error Correcting Coding, John Wiley and Sons, 2006.

15.

Nagar

Nandakumar

and Jain

A.K.

, Securing fingerprint template: Fuzzy vault with minutiae descriptors, in: Proc IEEE Int Conf Pattern Recognition, Tampa, FL, USA, Dec 8–11, 2008, pp. 1–4.

16.

Nandakumar

Jain

A.K.

and Pankanti

, Fingerprint-based fuzzy vault: Implementation and performance, IEEE Transactions on Information Forensics and Security 2(4) (2007), 744–757.

17.

Soutar

Roberge

Stoianov

Gilroy

and Kumar

B.V.

, Biometric encryption using image processing, in: Optical Security and Counterfeit Deterrence Techniques II, Proc SPIE, San Jose, CA, USA, Jan 24–30, Volume 3314, 1998, pp. 178–189.

18.

Suo

Wan

Zou

and Liu

, Security in the internet of things: A review, in: Proc IEEE Int Conf Computer Science and Electronics Engineering, Hangzhou, China, March 23–25, Volume 3, 2012, pp. 648–651.

19.

Tankard

, The security issues of the internet of things, Computer Fraud and Security 2015(9) (2015), 11–14.

20.

Turcu

and Gaitan

, Integrating robots into the internet of things, International Journal of Circuits, Systems and Signal Processing 6(6) (2012), 430–437.

21.

Uludag

Pankanti

and Jain

A.K.

, Fuzzy vault for fingerprints, in: Proc Springer Int Conf Audio-and Video-Based Biometric Person Authentication, Hilton Rye Town, NY, USA, July 20–22, 2005, pp. 310–319.

22.

Uludag

Pankanti

Prabhakar

and Jain

A.K.

, Biometric cryptosystems: Issues and challenges, Proceedings of the IEEE 92(6) (2004), 948–960.

23.

Weber

R.H.

, Internet of things – new security and privacy challenges, Computer Law and Security Review 26(1) 2010, 23–30.

24.

Yang

and Verbauwhede

, Automatic secure fingerprint verification system based on fuzzy vault scheme, in: Proc IEEE Int Conf Acoustics, Speech and Signal, Philadelphia, Pennsylvania, USA, March 18–23, Volume 5, 2005, pp. 609–612.

New biometric cryptosystem to protect sensitive data in Internet of objects

Abstract

Keywords

Get full access to this article

References