Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Voice-based Crypto-biometric OTP Generation

15,235 views

Published on

Latch is an authorization solution that allows users to specify constraints related to access control in the digital services they are users of. It provides a second authentication factor via an OTP. This paper proposes a solution to reinforce authentication control, including a third authentication factor based on biometrics of the user. Besides the designed architecture, this paper shows the viability of impleting the idea in a production environment.

Published in: Technology
  • Be the first to comment

Voice-based Crypto-biometric OTP Generation

  1. 1. Voice-based Crypto-biometric OTP Generation Antonio Guzmán Sacristán Carmen Torrano Giménez CDO, Telefónica Madrid, Spain Almudena Martínez-Cabrera José María Alonso Cebrián {antonio.guzman, carmen.torrano, chema}@11paths.com Abstract— (Abstract) Latch is an authorization solution that allows users to specify constraints related to access control in the digital services they are users of. It provides a second authentication factor via an OTP. This paper proposes a solution to reinforce authentication control, including a third authentication factor based on biometrics of the user. This implies authenticating the user by “something s/he is” besides “something s/he knows”. The solution protects against device theft or credential leakage. The design of the solution is based on a fuzzy extractor and secure sketch. The solution can be used with different biometric techniques. From the biometric features of a user, a crypto key is generated, that is used to cipher and decipher the information exchanged with the server. The solution can be adapted according to the device performance. Although it is work-in-progress, it is useful to demonstrate the viability of incorporating biometrics in the OTP authentication schemas and have a first glimpse of the problems that have to be faced to have it under production requirements. Keywords—Authorization, Authentication, User’s Constraints, OTP, biometrics, crypto-biometrics. I. INTRODUCTION Latch is an authorization solution that allows users to define constraints about how the services they are users of, must be consumed when their credentials are used in the access control schemas [1]. In fact, differently to other authorization schemas, Latch defines a side-channel, that is, an “out of band” channel used to provide security. This side-channel allows to reduce securely the exposure that the 24x7 availability of digital services means, being possible to know when and under what conditions the user expects access to these services. This scheduling and conditions will be different for any customer. Beyond the impact that the existence of the side-channel has over the reduction in the threat area, it makes possible to define an extra-factor authentication mechanism. This is possible because Latch can reach the user with independence of the services that incorporate this extra protection. In order to provide protection and security, the side-channel is used to make an efficient management of one-time-password (OTP). This implies authenticating the user thought “something he/she knows”, that is, in this case, the user’s Latch credentials. In this paper we are going further and we propose to improve the OTP management by developing an authentication schema based on biometrics, what implies authenticating the user by “something that he/she is”. It is important to remark that the work presented here is a work-in-progress research but it has allowed us to demonstrate the viability of the proposal about the incorporation of biometrics in the OTP authentication schemas and have a first glimpse of the problems that have to be faced to have it under production requirements. II. BACKGROUND Many researchers have illustrated the implementation of cryptographic models using keys, generated from biometric traits. In fact, several different biometric techniques have been applied, such as voice, iris, face, fingerprint or online signature recognition. A brief review of few popular papers is presented here. Regarding voice biometrics, Monrose et al. [2] proposed reinforcing passwords by adding entropy corresponding to keystroke biometrics. In particular, they added 15 bits. In order to reinforce the security of this method and generate longer passwords, later on, these authors substituted keystroke biometrics by voice biometrics [3-5], given than that the second technique is more distinctive than the first one. Their goal was to enable a device to generate a key upon its user speaking a chosen password to it, in such a way that even if an attacker would get access to all information in the device the key would not be revealed. The representation of the utterance data is used to extract features identifying the user. With this new method they were able to generate cryptographic keys up to 60 bits. Other systems are based on iris biometric, such the one proposed by Davida et al. [6, 7]. They consider a binary 2048 bits long representation of the iris texture, called IrisCode [8]. For validation they calculated the Hamming distance between the input and the stored template representations, using a certain threshold. In 1999 Juels and Wattenberg [9] presented
  2. 2. their fuzzy commitment scheme, a type of cryptographic primitive that combines techniques of error correcting codes and cryptography. It tolerates more variation in the biometric characteristics and provides stronger security, improving results from Davida et al. This scheme was applied to iris recognition by Hao et al. [10]. They work with 2048-bit iris- codes used to retrieve 140-bit cryptographic keys. Hadamard codes are applied to eliminate bit errors originating from the natural biometric variance and Reed-Solomon codes are applied to correct burst. Janbandhu et al. [11] suggested a technique to generate a private key for RSA by using a 512 byte iris template. In their proposal, they generate a large number, based on the iris template, until the number becomes eligible for co-prime with the Euler Totient Function. The generated number is then used as the private key for the client. Rathgeb and Uhl [12] provide a systematic approach to the construction of iris-based fuzzy commitment schemes to test the standard iris recognition algorithm of Daugman, that retrieves 40-bit keys. Several techniques have been applied to improve iris-based fuzzy commitment schemes, like [13-16]. Fingerprint has also been used in cryptobiometric systems. Nandakumar [17] applies the Fourier phase spectrum of a minutia set in a fuzzy commitment scheme. Clancy et al. [18] proposed a “fingerprint vault” based on the scheme of Juels and Sudan [19]. Since several fingerprints are acquire on the enrollment phase, the feature points (minutiae). Extracted features are unified by applying a bounded nearest-neighbor algorithm. In the fingerprint-based fuzzy vault context, Nagar et al. [20, 21] proposed improving these systems by exploiting orientation information of minutiae points. In regard to face biometrics, Van der Veen et al. [22] apply bit selection to detect most discriminative binarized features. Additionally, Lu et al. [23] binarized principal component analysis (PCA) based face features which they apply in a fuzzy commitment scheme. Lifang Wu et.al [24] extracted an encryption 128-dimensional Principal Component Analysis feature vector from the face image. It is binarized by thresholding and distinguishable bits are selected to form the key. The Reed –Solomon algorithm is used for error correcting. Examples of works using online signatures are [25, 26], that are based on fuzzy commitment schemes. About biometric variance, instead of using error correction codes to eliminate this variability, Zheng et al. [27] employ error tolerant lattice functions. In the so-called syndrome construction [28], the error correction code syndrome is stored as part of the template and applied during authentication in order to reconstruct the original biometric input. In further work [29, 30] Ballard et al. analyze and mathematically formalize major requirements of biometric key generators, and a method to generate randomized biometric templates is proposed [31]. Mahto and Yadav worked on reinforcing network security by using eliptic curves and biometrics [32, 33]. For the interested reader, further works can be found here [34, 35]. III. VOICE-BASED CRYPTO-BIOMERIC OTP GENERATION The usage of “out of band” channels allows to provide a secure solution to communicate users and service providers. Latch provides an OTP exchange using this secure channel in order to add another factor of authentication. Its design contains two severs. A first server can determine if a user wants an operation having a particular status (locked or unlocked). It can be checked if the user is in possession of the credentials of her/his account with the second server, that should receive the token used as second authentication factor. This is a particular use of the extra secure channel but others are possible, such as the usage of this channel by service providers to alert users about information of their particular interest (e.g. anomalies detected with their credentials). In this paper, this solution is improved by reinforcing the second authentication factor. This reinforcement relies on biometry information to allow the second server check if the one who is in possession of the credentials needed to interact with the system, is, in fact, the user her/himself. This changes the authentication approach from “something the user knows” to “something the user is”. The final goal is to protect the system against the theft of user’s credentials. It is important to point out that this solution does not mean any protection if the device where the users introduce their credentials is compromised (man in the device). In order to use Latch, the user needs to install a dedicated program in his/her device. This solution considers that the dedicated program is able to capture and process the user’s biometric information. This information is employed to produce a key, that can be used to cipher and decipher the information sent from the second server or, by the first server through the second server. The source of the information does not affect the procedure itself. In this way, the first server has some proofs that the person who receives this information is the one who is expected to be, due that the second server performs a biometric verification. The first server does not need to integrate these procedures, its activity is related with the process of the information (e.g. processing the OTP received). Focusing on the proposal of managing a second factor of authentication, the difference with other solutions in relation with the way of incorporating this OTP, is that, now this token does not only prove that the user who is requesting an operation has the second server legitimate user’s credentials but also demonstrates that this user is the one who claims to be. This is important because it increases the protection to deal against the theft of the device or the user’s second server credentials taking into account this biometric data. A. Solution Description Going deeper in the solution description, the main idea is to be able to generate a crypto key from the biometric features of a particular user. For that, a training phase is necessary, where these biometric features are previously registered. When the user decides to operate with a reinforced extra factor of authentication, or it is the service provider (first server) who configures its operations in this way, the dedicated program installed on the user’s device runs a training procedure. This
  3. 3. procedure requires the user to facilitate different biometric measures according to prefixed templates. This is done several times with minor changes in the subsequent patterns. For example, if the biometric technique used is based on the user’s voice this pattern can be a subset of the words used during the training of the system (e.g. in the case of techniques based on prefixed text) or a synthetic filter used in the case of techniques without a prefixed text. Every time the user completes a measurement, the dedicated program processes the biometric data acquired and calculates the biometric signature that identifies the user. Typically, this signature is represented as a sequence of coefficients: C= (C0,C1,C2,…,CN), where N is the maximum number of coefficients that depends on the biometric technique employed. One of the topics unavoidable when any biometric technique is employed is the need to deal with certain level of uncertainty in these biometric signature coefficients calculation. That is, because the source of information to be processed is a human characteristic that must be measured, the intrinsic variable nature of these characteristics or the problems related with the measurement process usually make less probable to obtain exactly the same coefficients for the same person in every measure process. In this solution, the final goal of this phase is to profile every user with two vectors using a prefixed collection of patterns:  one vector whose coefficients are the biometric coefficient returned by the biometric technique(C)  and other vector with the uncertainty associated with every one of these coefficients (). Based on the information given by the vector  it is possible to determine which biometric coefficients define the correspondent user with less uncertainty. However, this is agnostic of the meaning of the coefficients. Depending on the biometric technique applied, the significance in terms of discriminatory power of the coefficients does not need to be homogenous. Some of these coefficients can be more valuable than others in the identity verification of a given speaker. Let W be a vector of weights: , where i and i represent the significance of the coefficient i in a particular speaker verification and the uncertainty of this coefficient measured during training phase respectively. Every component of vector W would determine the effectiveness of the contribution of coefficient i in the overall user recognition process. For this training phase, two operation modes have been designed to gain in flexibility:  The first mode implies to send all data associated with the process performed on every word to the second server once all the repetitions have been completed. Then, in the second server, once all the repetitions have been received, it is possible to select which method to apply in order to determine the level of uncertainty associated with a particular speaker and obtain the level of uncertainty related with every coefficient of his/her biometric signature.  The second mode takes advantage of those mobile devices of high computing capacity that can assume the performance cost of executing all the procedures exposed before. Therefore, this mode achieves one transmission that contains the average coefficients and the calculated tolerance vector related with a particular user and his/her associated level of uncertainty. The procedure executed to obtain a cryptographic key from the biometric proposed in this solution is based on the usage of a fuzzy extractor built from secure sketches [28, 36]. By definition, a fuzzy extractor is a pair of randomized procedures: generation (Gen) and reproduction (Rep). Given the coefficients derived from the biometric technique employed (C), the Gen procedure produces a string K and a helper string P as output. Both depend on the techniques included in the Fuzzy Extractor definition. In this solution, once they are produced, the string K is the crypto key that can be used to cipher the message (i.e. the token used as OTP) and the string P can be used to deal with variability related to the usage of biometric techniques. The Rep procedure takes as inputs the biometric coefficients calculated from an audio signal (C’) and the helper string P. If C’ is close enough to C, Rep outputs the string K, that can be used to decipher the message. From a general point of view, to deal with the uncertainty related with the biometric techniques, it is necessary to bundle the helper string P with the ciphered message (e.g. EK[OTP]). The overall architecture is displayed in Fig. 1. The process begins when a particular pattern is selected for a specific user (UserID). This pattern depends on the biometric technique employed and it is proposed to expand the space defined by the features that this technique is able to extract from a user. As mentioned, if the biometric technique used is based on the user’s voice, this pattern can be a subset of those words used during the training of the system or a synthetic filter used in case of using techniques without a prefixed text. In this figure, two modules are represented –Sender Module and Receiver Module- that model any secure communication scheme based- on public (KP)/Private (KPR) key cryptography (e.g. SSL).
  4. 4. K Gen Rep Server  Biometric Module K C Cipher Sender  Module EK[OTP] EKPr[EK[OTP],P,Pattern,timestamp] Receiver  Module Device  Biometric Module C’Decipher EK[OTP] OTP (KPR)Sender (KP)Sender OTP  Generator  Module OTP P P UserID Pattern W EK[OTP] Pattern Pattern Biometric  Data P Figure 1: General structure of the solution proposed to reinforce with biometry the mechanism proposed to add an extra authentication factor to the system. As stated before, this solution offers protection against credentials leakage or device theft. This fact makes necessary to design the solution to be resistant against replay attacks or brute force attacks deployed once the credentials are compromised. Furthermore, the design proposed here takes into consideration that part of the solution will be executed in a low-performance device as a smartphone, etc. To deal with these matters, the alternative employed in this invention proposes a particular design of these Gen and Rep procedures. Some of the modification can be seen in Fig. 1, where the Gen procedure does not only receive the biometric coefficient vector but also information related with the accuracy of any of these coefficients (W). Next, the Gen and Rep procedures are explained. Figure 2 displays the procedure Gen reinforced with the usage of hashes and random values. Figure 2: Generation procedure proposed Once the Gen procedure receives the vector (W), whose coefficients give information about the uncertainty of any biometric estimators, a subset () of these estimators is defined. The selection of estimators of this subset depends on two aspects: performance and security. The number of elements contained in  impacts on the performance of the Rep procedure. Due that Rep must be executed by the dedicated program on a low performance device, the number of elements in  can be parameterized and later adjusted according with the computation power estimated for every user. However, because of security reasons, a low limit in the number of elements have been established. The number of elements in  determines how
  5. 5. many biometric coefficients are used to produce the crypto key. Leaving apart that the complexity of the key is increased by the usage of a hash function, the unique information related with the user is expressed in terms of these coefficient, so it is needed a minimum number of them. With the aim to increase the entropy of this crypto key, a random number (x) is added in the key computation as a cryptographic salt. Then, the subset  is employed to determine what biometric coefficients will be used to generate a crypto key. The random number x is added to avoid that the same subset of biometric coefficients (c) produce the same key anytime they are selected. This x prevents attackers from easily building a list of hash values for common keys and prevents keys cracking efforts from scaling across many communications. Once the vectors  and C are obtained, it is possible to determine the subset (c) of coefficients employed to generate the crypto key. To be able to deal with the variability of biometric techniques, it is proposed to use a secure sketch (SS) to produce the information that guarantees the recuperation of biometric data from a C’ similar enough to C. These secure sketches allow for a straightforward construction of fuzzy extractor having, at the same time, flexibility in terms of error correction. To avoid any information leakage, a random number (x) is again employed to avoid the guessing of s (the output of SS) and produce the helper string P that will be sent to the dedicated program. Figure 3: Reproduction procedure proposed Figure 3 shows the corresponding procedure Rep. Once the dedicated program receives the pattern, it can measure the biometric data from the user and obtain a C’. At same time, the program recovers the P string, where it can find the information s to assure that C can be determined from C’. The data contained in the P string also facilitates the computation of the crypto key K, once C is recovered. B. Implementation Figure 4 shows the operation status of the verification process. This operation is proposed by the first server attached to the account management. The user, using for example a browser, sends a request to execute an operation related with an account (step A in Fig. 4) of a first server. This operation can be to log in a particular service or to execute some other action related with the services provided by first server (e.g. Internet payment with a credit card). Once user existence has been validated (B) by said first server, the latter makes the correspondence of the operation requested with the entry in the hierarchy defined by this user’s account (D) and demands to the second server the entry status (E). Then the second server initializes the credentials exchange before evaluating the scheme entry status from the root to the entry (F). The status of the user’s account is retrieved and if it is unlocked, the same evaluation is performed with every step founded until reaching the scheme entry. The scheme entry status information is sent (G) and, with this information, the first server makes the decision of allowing or blocking the user access to the operation. If the scheme entry status is unlocked and the second factor of authentication is activated, the second server sends an OTP to the first server within the answer of the status request. This first server has to employ it to complete the authentication. The first server request to the user the OTP that is going to be a temporal second factor (S). Next steps of this process are explained later. If the status of the scheme entry is unlocked and the second factor of authentication is reinforced with the biometric identity verification (as a third factor of authentication activated) then the second server has to recover the biometric signature and the vector of weights from storage for the user in particular (H). By using these vectors, it has to select a subset of coefficients to be used as the seed of a robust cryptographic key (I). Then the system implemented in second server can hash these coefficients to produce a valid key (J) and generate a helper string that allows to deal with the inherent variability of biometric approaches (K). With the crypto key it ciphers the token used as OTP (L) and the output of this process is bundled with the helper string and all the information needed to facilitates the task of deciphering this information to the dedicated program handled by the user (pattern, timestamps, etc.). The second server sends all this information to the to the user’s dedicated program (M). The dedicated program receives the information and requests to the user to generate a valid biometric signature based on the pattern received (N). Once a new biometric signature is captured the system uses the helper string to determine the subset of coefficients to be used as the seed of the expected crypto key (O). And then it hashes this subset with other parts of the helper string to produce the crypto key (P) and uses it to decipher the OTP (Q) requested by the first server in step S. The user recovers the OTP from the dedicated program and introduce it in the browser (T) and sends it to the first server (U). In case the third factor is not activated, the second server simply sends the second factor token to the dedicated program (R). The first server can check if the OTP sent through the browser matches with the one received with the account status (V, W). The first server denies operation execution if the OTPs don’t fit (X).
  6. 6. Figure 4: Flow diagram for the verification process. Figure 5 represents the training process. This process is used to obtain user’s biometric information to perform the later user recognition. Once the user tries to initiate a session with the said second server using the dedicated program installed in her/his mobile device, s/he must provide valid credential (A) that the second server will check (B) before confirm the login (D). When the second server verifies the correctness of the credentials it also retrieves the profile information in order to know if there is biometric information attached in it and if this information must exist (C). If the user had to provide biometric information to interact with the first server, there must be stored a valid biometric signature and a vector with the information of the tolerance of any of the coefficients included in that signature (E). In the case that this signature would be required but it does not exist in the system, it is necessary to request the user to participate in a training process. Before the training process, a set of patterns is generated by the second server (F) and it is sent to the dedicated program (G). Once this set is received in the dedicated program, the patterns are used one by one to be presented to the user in order to calculate the correspondent biometric signature (H). In the case showed in Fig. 5, the dedicated program is in charge of calculating the average biometric signature from all the pre-calculated samples. During this calculation, it is possible to determine the tolerance associated to every coefficient (I). As it was explained before, this tolerance factor gives information about how discriminatory is a coefficient in the duty of recognizing a particular user. However, in some circumstances, it can be needed to configure the dedicated program to send the data obtained from the user to the second server without processing it. In this case, the biometric procedures will be computed in the second server. Once the average signature and the tolerance vector are determined, they are sent to the second server (J), that stores them within the profile of the user (K). Then they are ready to be used when an operation status request is received and it is configured with this reinforced extra authentication factor mechanism. If credentials are not correct, the second server sends a deny login message to the browser (L).
  7. 7. Figure 5: Flow diagram for the training process. IV. EXPERIMENTAL STAGE In this section we show the experimental efforts that were made to test the viability of the proposed solution in a production environment. In particular, the user’s voice was chosen as biometric technique. Therefore, we studied how well the system is able to generate keys from the biometric features of the user’s voice. This key is used to cipher/decipher information exchanged with the server, that is, the token used as OTP. As explained, it is necessary to first train the system and then test its behavior in authenticating users through their voice. During the training, a subset of prefixed words are used. In particular, numbers from 0 to 9 are presented five times to each user willing to use the system. During this process is when the coefficients characterizing the profile that will define the particular user are generated. The steps followed to process the signal are explained hereafter:  Recording: it includes the signal recording step.  Activity snipping: firstly, an activity detector is used and afterwards the signal is snipped.  Biometric module: it includes autocorrelation calculation as a first step and then the coefficients of linear predictive coding (LPC) are generated.  Calculation of LPC envelop: a Fast Fourier Transform (FFT) is applied and later the LPC envelop is calculated.  Final coefficients calculation: it consists of a sampling and quantification steps. The steps included in this process are represented in Fig. 6. Details about input and outputs are shown in Table 1. Table 2 presents details about input and outputs for the sender and receiver modules. In the test phase, one digit is presented to the user, who should pronounce it. If the system checks the user is the correct one, the OTP is decrypted and presented to the user in the device. Two types of tests have been conducted. On the one hand, tests regarding the capacities of the system in authenticating correct users (the one registered in the training phase should be authenticated) and on the other hand, tests for impersonation attempts, that is, the ability of the system to reject incorrect users (not giving access to anyone different from the user whose voice was recorded in the training phase). Results regarding authentication tests are shown in Tables 3 and 4. To reduce the variability associated to the biometric technique, the syndrome mathematic mechanism has been applied. From the several available implementations, the one that makes use of modular algebra was chosen in this paper to reduce the solutions space. Table 3 presents results related to the application of algebraic operations module 3 and Table 4 those regarding module 5. All results presented in tables correspond to the mean of five trials for every digit. The last column of Tables 3 and 4 shows the detection results when testing original samples, that are 4 seconds long, with themselves. In order to improve the quality of the audio, the signal was treated to reduce the noise level. Additionally, the initial part
  8. 8. of the audio, corresponding to the user interacting with the device (touching the button for recoding for example) was filtered. As result, samples of 2 and 4 seconds long were used for the test phase. The first column of Tables 3 and 4 presents results of detecting test samples of 2 seconds long with themselves (column called “2 seconds”) and against test samples of 4 seconds long (column called “4 seconds”). The column in the middle shows results related to testing test samples of 4 seconds long against test samples of 2 seconds in the first place and against themselves (4 seconds) secondly. Results show that the system is able to recognize the voice of the user that trained the system when analyzing samples of the same length better than when the length is different. Comparing results using mod 3 and mod 5, although results are quite similar, the last option turns out to behave lightly better than the first one. Tables 5 and 6 show experimental results for impersonation attempts, for operations module 3 and 5 respectively. The interpretation of columns is the same explained for Tables 3 and 4. Results show that an attacker trying to impersonate a user registered in the system has a low probability of success since the attacker has very low chances to get authenticated into the system. When testing the resilience of the system against impersonation attacks, module 3 results are slightly better than module 5. In conclusion, results for this POC show that the architecture proposed makes possible to recognize a user thought his/her voice and that the system is resilient to impersonation attempts. Figure 6: Flow diagram for the training process. BLOCKS INPUT OUTPUT RECORDING Signal recording Audio signal corresponding to the current digit s[n]: recorded signal of 4 seconds length ACTIVITY DETECTOR Activity detector s[n]: recorded signal of 4 seconds length. The beginning of the recording is deleted because it corresponds to clicking the button d[n]: clean signal, detecting the beginning of the valid audio signal Signal snipping d[n]: clean signal of the activity detector r[n]: valid signal of maximum duration 0.75 seconds BIOMETRIC MODULE Autocorrelation calculation r[n]: valid signal of maximum duration 0.75 seconds x[n]: normalized autocorrelation of the signal LPC coefficients x[n]: normalized autocorrelation of the signal a[n]: vector of coefficients of the LPC analysis LPC ENVELOP FFT a[n]: vector of coefficients of the LPC analysis f[n]: FFT of the coefficients vector
  9. 9. CALCULATION LPC envelop f[n]: FFT of the coefficients vector to adjust gain the with autocorrelation of the signal e[n]: LPC envelop with adjustment of the corresponding gain FINAL COEFFICIENTS Sampling e[n]: LPC envelop of the signal m[n]: vector corresponding to sampled LPC envelop Quantification m[n]: sampled LPC envelop c[n]: sampled and quantified LPC envelop Table 1: Details about inputs and outputs corresponding to the processing of user’s voice BLOCKS INPUT OUTPUT SENDER MODULE VECTORS Average c[n]: sampled LPC envelop from training C[n]: average vector from training GENERATOR Standard deviation c[n]: sampled LPC envelop from training W[n]: tolerance vector from training Signature generator W[n]: tolerance vector from training w[n]: modified tolerance vector Random Number Generator x[n]: random vector Secure Sketch x[n]: random vector C[n]: average vector W[n]: tolerance vector s[n]: Secure Sketch Helper String x[n]: random vector s[n]: Secure Sketch W[n]: tolerance vector P[n]: Helper String Extracted String x[n]: random vector C[n]: average vector W[n]: tolerance vector K[n]: Extracted String Ciphered OTP OTP[n]:OTP K[n]: Extracted String m[n]: vector corresponding to sampled LPC envelop RECEIVER MODULE REPRODUCTOR Signal recording C´[n]: vector from recording Recuperator C´[n]: vector from recording P[n]: Helper String C[n]: vector with possible combinations Key generator C[n]: vector with possible combinations P[n]: Helper String K[n]: Extracted String OTP Deciphering K[n]: Extracted String OTP[n]: OTP Table 2: Details about inputs and outputs for the sender and receiver module
  10. 10. Test samples of 2 seconds long Test samples of 4 seconds long Original samples of 4 seconds long 2 seconds 4 seconds 2 seconds 4 seconds 4 seconds HIT RATE User A 96% 54% 70% 98% 86% User B 100% -- -- -- 73% FALSE POSITIVES User A 5% 3% 4% 5% 5% User B 10% -- -- -- 2% FALSE NEGATIVES User A 4% 46% 30% 2% 14% User B 0% -- -- -- 27% Table 3: Results obtained by the system for authenticating users with a configuration based on MOD 3 Test samples of 2 seconds long Test samples of 4 seconds long Original samples of 4 seconds long 2 seconds 4 seconds 2 seconds 4 seconds 4 seconds HIT RATE User A 98% 76% 68% 100% 96% User B 100% -- -- -- 69% FALSE POSITIVES User A 11% 6% 9% 10% 9% User B 11% -- -- -- 7% FALSE NEGATIVES User A 2% 24% 32% 0% 4% User B 0% -- -- -- 31% Table 4: Results obtained by the system for authenticating users with a configuration based on MOD 5 Test samples of 2 seconds long Test samples of 4 seconds long Original samples of 4 seconds long 2 seconds 4 seconds 2 seconds 4 seconds 4 seconds HIT RATE User A impersonating user B 0% -- 0% -- -- User B impersonating user A 0% 0% -- -- -- FALSE POSITIVES User A impersonating user B 0% -- 4% -- -- User B impersonating user A 0% 0% -- -- -- FALSE NEGATIVES User A impersonating user B 100% -- 100% -- -- User B impersonating user A 100% 100% -- -- -- Table 5: Results obtained by the system for impersonation attempts with a configuration based on MOD 3
  11. 11. Test samples of 2 seconds long Test samples of 4 seconds long Original samples of 4 seconds long 2 seconds 4 seconds 2 seconds 4 seconds 4 seconds HIT RATE User A impersonating user B 4% -- 0% -- -- User B impersonating user A 0% 0% -- -- -- FALSE POSITIVES User A impersonating user B 0% -- 9% -- -- User B impersonating user A 2% 0% -- -- -- FALSE NEGATIVES User A impersonating user B 96% -- 96% -- -- User B impersonating user A 100% 100% -- -- -- Table 6: Results obtained by the system for impersonation attempts with a configuration based on MOD 5 V. CONCLUSIONS A solution to enhance the security of authentication mechanisms is proposed in this paper. The proposal is including a third authentication factor based on the user’s biometry. It is important to emphasize the capacity of the presented solution to protect against the leakage of the user’s second server credentials or device theft. This is one of the advantages provided by the use of biometry. Additionally, this solution is resistant to replay attacks, with the aim to avoid user’s credentials being at risk. The design of the proposed solution to obtain the cryptographic key from the user’s biometrics is based on a fuzzy extractor. The solution is general enough to be used regardless the biometric technique used. The design of the system takes into consideration that part of the solution is executed in a low-performance device, such as a smartphone, etc. Moreover, the design of the fuzzy extractor provides flexibility and can be adapted according to the capabilities and performance of the device. The performance and precision of the solution is highly related to the usage of vectors C and  (vector with biometric coefficients and vector with the uncertainty associated with those coefficients), that can be parametrized according to the device performance. Other remarkable aspect of the presented solution is that, with the aim to increase entropy in the crypto key, a random number is used as a salt in the key generation process. In this paper a viability study of the solution was presented by using the user’s voice as biometric factor. It shows that the system is able to recognize users with acceptable rates while it remains resilient against impersonation attacks. As points of the solution that could be improved in relation to the biometric module, the difficulties related to cleaning the signal can be mentioned. It is also not simple to determine the precise moment when the signal starts, or the generation of coefficients that characterize the biometric profile of a user. Regarding the fuzzy extractor, the characteristic vectors are dependent on the biometric module. The performance of the process for generating the crypto key to obtain the OTP could also be optimized. Aspects such as the improvement of the biometric module (audio capture, sound detection, improvement of the biometric technique) are left for future work. Experiments with more algorithms or a higher number of users falls out of the scope of this paper. Optimizing the architecture could also be addressed in the future, including improvements such as making it more parametrizable, providing higher resistant to brute force attacks or scalability in the generation of the crypto key. ACKNOWLEDGMENT This is a work developed by ElevenPaths, a trademark from the Telefonica Group. REFERENCES [1] Latch. Eleven Paths. https://latch.elevenpaths.com [2] Monrose, F., Reiter, M. K., & Wetzel, S. (2002). Password hardening based on keystroke dynamics. International Journal of Information Security, 1(2), 69- 83. [3] Monrose, F., Reiter, M. K., Li, Q., & Wetzel, S. (2001). Using voice to generate cryptographic keys. In 2001: A Speaker Odyssey-The Speaker Recognition Workshop. [4] Monrose, F., Reiter, M. K., Li, Q., & Wetzel, S. (2001). Cryptographic key generation from voice. In Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on (pp. 202-213). IEEE.
  12. 12. [5] Davida, G. I., Frankel, Y., & Matt, B. J. (1998, May). On enabling secure applications through off-line biometric identification. In Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on (pp. 148-157). IEEE. [6] Davida, G. I., Frankel, Y., & Matt, B. J. (1998, May). On enabling secure applications through off-line biometric identification. In Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on (pp. 148-157). IEEE. [7] Davida, G. I., Frankel, Y., Matt, B., & Peralta, R. (1999). On the relation of error correction and cryptography to an online biometric based identification scheme. In Workshop on coding and cryptography. [8] Ang R., Safavi-Naini R. & McAven L. (2005). Cancellable key based fringerprint templates. In Australasian Conference on Information Security and Privacy (pp 242-252). [9] Juels, A., & Wattenberg, M. (1999, November). A fuzzy commitment scheme. In Proceedings of the 6th ACM conference on Computer and communications security (pp. 28-36). ACM. [10] Hao, F., Anderson, R., & Daugman, J. (2005). Combining cryptography with biometrics effectively (No. UCAM- CL-TR-640). University of Cambridge, Computer Laboratory. [11] Janbandhu, P. K., & Siyal, M. Y. (2001). Novel biometric digital signatures for Internet-based applications. Information Management & Computer Security, 9(5), 205-212. https://doi.org/10.1108/09685220110408022 [12] Rathgeb, C., & Uhl, A. (2009). Systematic construction of iris-based fuzzy commitment schemes. Advances in Biometrics, 940-949. [13] Rathgeb, C., & Uhl, A. (2009). Context-based texture analysis for secure revocable iris-biometric key generation. [14] Zhang, L., Sun, Z., Tan, T., & Hu, S. (2009). Robust biometric key extraction based on iris cryptosystem. Advances in Biometrics, 1060-1069. [15] Ignatenko, T., & Willems, F. (2009, September). Achieving secure fuzzy commitment scheme for optical pufs. In Intelligent Information Hiding and Multimedia Signal Processing, 2009. IIH-MSP'09. Fifth International Conference on (pp. 1185-1188). IEEE. [16] Rathgeb, C., & Uhl, A. (2010, July). Adaptive fuzzy commitment scheme based on iris-code error analysis. In Visual Information Processing (EUVIP), 2010 2nd European Workshop on (pp. 41-44). IEEE. [17] Nandakumar, K. (2010, December). A fingerprint cryptosystem based on minutiae phase spectrum. In Information Forensics and Security (WIFS), 2010 IEEE International Workshop on (pp. 1-6). IEEE. [18] Clancy, T. C., Kiyavash, N., & Lin, D. J. (2003, November). Secure smartcardbased fingerprint authentication. In Proceedings of the 2003 ACM SIGMM workshop on Biometrics methods and applications (pp. 45-52). ACM. [19] Juels, A., & Sudan, M. (2006). A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2), 237-257. [20] Nagar, A., Nandakumar, K., & Jain, A. K. (2010). A hybrid biometric cryptosystem for securing fingerprint minutiae templates. Pattern Recognition Letters, 31(8), 733-741. [21] Nagar, A., Nandakumar, K., & Jain, A. K. (2008, December). Securing fingerprint template: Fuzzy vault with minutiae descriptors. In Pattern Recognition, 2008. ICPR 2008. 19th International Conference on (pp. 1-4). IEEE. [22] Van Der Veen, M., Kevenaar, T., Schrijen, G. J., Akkermans, T. H., & Zuo, F. (2006, January). Face biometrics with renewable templates. In Proceedings of SPIE (Vol. 6072, No. 1, p. 60720J). [23] Lu, H., Martin, K., Bui, F., Plataniotis, K. N., & Hatzinakos, D. (2009, July). Face recognition with biometric encryption for privacy-enhancing self- exclusion. In Digital Signal Processing, 2009 16th International Conference on (pp. 1-8). IEEE. [24] Wu, L., Liu, X., Yuan, S., & Xiao, P. (2010, October). A novel key generation cryptosystem based on face features. In Signal Processing (ICSP), 2010 IEEE 10th International Conference on (pp. 1675-1678). IEEE. [27] Zheng, G., Li, W., & Zhan, C. (2006, August). Cryptographic key generation from biometric data using lattice mapping. In Pattern Recognition, 2006. ICPR 2006. 18th International Conference on (Vol. 4, pp. 513- 516). IEEE. [28] Dodis, Y., Ostrovsky, R., Reyzin, L., & Smith, A. (2008). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM journal on computing, 38(1), 97-139. [29] Ballard, L., Kamara, S., Monrose, F., & Reiter, M. (2007). On the requirements of biometric key generators. Tr-jhu-spar-bkmr-090707, JHU Department of Computer Science. [30] Ballard, L., Kamara, S., & Reiter, M. K. (2008, August). The Practical Subtleties of Biometric Key Generation. In USENIX Security Symposium (pp. 61-74). [31] Ballard, L., Kamara, S., Monrose, F., & Reiter, M. K. (2008, October). Towards practical biometric key generation with randomized biometric templates. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 235-244). ACM. [32] Mahto, D., & Yadav, D. K. (2013, January). Network security using ECC with Biometric. In International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness (pp. 842-853). Springer, Berlin, Heidelberg.
  13. 13. [33] Mahto, D., & Yadav, D. K. (2015, February). Enhancing security of one-time password using Elliptic Curve Cryptography with biometrics for e-commerce applications. In Computer, Communication, Control and Information Technology (C3IT), 2015 Third International Conference on (pp. 1-6). IEEE. [34] Rathgeb, C., & Uhl, A. (2011). A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security, 2011(1), 3. [35] Jisha Nair.B.J., Ranjitha Kumari.S (2015). A Review on Biometric Cryptosystems. International Journal of Latest Trends in Engineering and Technology (IJLTET), 6(1). September 2015. ISSN: 2278-621X. [36] Dailey, M. D. (2009). Authentication schemes based on physically unclonable functions (Doctoral dissertation, WORCESTER POLYTECHNIC INSTITUTE).

×