research.secret locking

Secret Locking: A novel approach to biometric key encapsulation

When password-derived keys are used to protect information stored in physically vulnerable computer systems, such as laptops, the operating system authentication sequence typically works as follows: First, the authorized user authenticates herself by typing her password; then the operating system uses the password-derived key to decrypt the stronger keys; and finally the operating system uses these stronger keys to decrypt the stored files and restore the file system. This approach is elegant in many ways: it only requires of the user that he or she remember a password, and it provides better security than systems that do not use encryption. If an unauthorized user is able to have physical access to the files, most of these will be encrypted under the strong cryptographic keys. The probability that an intruder can successfully recover these keys is negligible. However, if the intruder has knowledge of the operating system's file system structure, he may guess the file on the hard disk where the key is password-encrypted and perform a so-called dictionary attack. These attacks are often successful as users tend to select easily guessable passwords.

In order to tolerate such attacks, biometric key encapsulation provides techniques for protecting against cryptographic key exposure. Biometric key encapsulation is a software-based technique that uses a large, but imprecisely known master secret---such as a biometric reading, isolated or in combination with a password---to enable probabilistic recovery of a small secret, for instance, a cryptographic key.

The focus of this project is on secret locking, a biometric key encapsulation mechanism that was proposed in combination with an implemented biometric feature extractor. The project's goals are to analyze the security of existing secret locking constructions, to design and analyze new constructions, and to explore connections between secret locking and other aspects of cryptography.



Project Publications

Recent Publications

  • F. Monrose, M. K. Reiter, & S. Wetzel. “Password Hardening based on Keystroke Dynamics.” Proceedings of the 6th ACM Computer and Communications Security Conference (CCS '99), ACM. 1999.
  • F. Monrose, M. K. Reiter, Q. Li, & S. Wetzel. “Cryptographic Key Generation from Voice.” Proceedings of the IEEE Symposium on Security and Privacy 2001.

SAIT Logo FSU Logo