Secure key agreement protocols: Pure biometrics and cancelable biometrics

In this paper, we propose two novel biometrics-based secure key agreement protocols, namely Secure Key Agreement-Pure Biometrics (SKA-PB) and Secure Key Agreement-Cancelable Biometrics (SKA-CB). Each of our protocols uses biometrics with unordered features. SKA-PB protocol provides symmetric cryptographic key agreement between the user and the server. This key is generated by utilizing only the feature points of the user's biometrics. In other words, SKA-PB protocol does not generate the key randomly or it does not use any random data in the key itself. On the other hand, SKA-CB protocol integrates the cancelability property into SKA-PB protocol by the use of a device-specific binary string. In SKA-CB protocol, biometric templates can be canceled at any time as a precaution to template compromise. As a proof of concept, we implement these protocols using fingerprints and employ multi-criteria security and complexity analyses for both of them. These security analyses show that the generated keys possess sufficient randomness according to Shannon's entropy. Additionally, these keys are distinct from each other, as measured by Hamming distance metric. Our protocols are also robust against brute-force, replay and impersonation attacks, proven by high attack complexity and low error rates.