Combining Steganography and Biometric Cryptosystems for Secure Mutual Authentication and Key Exchange

Although biometric authentication is perceived to be more reliable than traditional authentication schemes, it becomes vulnerable to several attacks when it comes to remote authentication over open networks. Steganography based techniques have been used in the context of remote authentication to hide biometric feature vectors. Biometric cryptosystems, on the other hand, are proposed to enhance the security of biometric systems and to create revocable representations of individuals. However, neither steganography nor biometric cryptosystems are immune against replay attack and other remote attacks. This paper proposes a novel approach that combines steganography with biometric cryptosystems effectively to establish robust remote mutual authentication between two parties as well as key exchange that facilitates one-time stego-keys. The proposal involves the use of random orthonormal projection and multi-factor biometric key binding techniques, and relies on a mutual challenge/response and one-time stego-keys to prevent replay attacks and provide non-repudiation feature. Implementation details and simulation results based on face biometric show the viability of our proposal. Furthermore, we argue that the proposed scheme enhances security while it can be both user-friendly and cost-effective.