Although biometrics have garnered significant interest as a source

of entropy for cryptographic key generation, recent studies indicate

that many biometric modalities may not actually offer enough uncertainty

for this purpose. In this paper, we exploit a novel source

of entropy that can be used with any biometric modality but that

has yet to be utilized for key generation, namely associating uncertainty

with the way in which the biometric input is measured. Our

construction poses only a modest requirement on a user: the ability

to remember a low-entropy password. We identify the technical

challenges of this approach, and develop novel techniques to overcome

these difficulties. Our analysis of this approach indicates that

it may offer the potential to generate stronger keys: In our experiments,

40% of the users are able to generate keys that are at least

230 times stronger than passwords alone.

Categories and Subject Descriptors

In: 15th ACM Conference on Computer and Communications Security (CCS '08)

Publisher: Association for Computing Machinery, Inc.
Copyright © 2007 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org. The definitive version of this paper can be found at ACM’s Digital Library --http://www.acm.org/dl/.

Details