An Approach to Cryptographic Key Exchange Using Fingerprint

Cryptography is the most reliable tool in network and information security. The security of cryptography depends on the cryptographic key management. It consists of key generation, key storing and key sharing. A randomly generated long key (of 128, 190 or 256 bits) is difficult to remember. As a consequence, it is needed to be stored in a secured place. An additional authentication like knowledge or token based authentication is used to control the unauthorized access to the key. It is found that password is easy to break and token can be damaged or stolen. Moreover, knowledge or token based authentication does not assures the non-repudiation of a user. As an alternate, it is advocated to combine biometric with cryptography, known as crypto-biometric system (CBS), to address the above mentioned limitations of traditional cryptography as well as enhance the network security. This paper introduces a CBS to exchange a randomly generated cryptographic key with user's fingerprint data. Cryptographic key is hidden within fingerprint data using fuzzy commitment scheme and it is extracted from the cryptographic construction with the production of genuine fingerprint data of that user. Our work also protects the privacy and security of fingerprint identity of the user using revocable fingerprint template.