Biometrics-Based Secret Key Agreement by Public Discussion with RFID System

Cryptographic keys based on biometrics, besides offering information security and privacy, have the advantage of being strongly linked to the user. Three main techniques use biometric data to obtain cryptographic keys: cryptographic key release, cryptographic key generation and cryptographic key regeneration. The main objectives of these schemes are to ensure revocability and produce keys with high entropy. In this work, we propose a new technique for secret key agreement based on biometrics. Three security factors are used, represented by an iris code, an RFID tag and a password. The use of the protocol for reconciliation between the RFID reader and tag enables the agreement of a symmetric key with high entropy by discarding all the mismatching bits present in genuine samples, while it fails to do so for impostors that are therefore rejected. A new secret key is agreed after every positive authentication, increasing the security of the system. The system was evaluated on the public database ICE2005 and obtained a 270 binary digit cryptographic key with estimated entropy of about 156 bits at 0% False Acceptance Rate (FAR) and 3.68% False Rejection Rate (FRR).