Implementation of Elliptic Curve Cryptography using biometric features to enhance security services

Abstract

It is generally accepted that data encryption is the key role in current and future technologies. Many public key cryptography schemes were presented and divided into different classes, depending on a specific mathematical problem. Cryptography plays an important task in accomplishing information security. It is used for encrypting or signing data at the source before transmission, and then decrypting or validating the signature of the received message at the destination. Since the introduction of the public-key cryptography by Diffie and Hellman in 1976, the potential for using the discrete logarithm problem in public-key cryptosystems has been recognized. There are several public key cryptography, such as RSA, El-Gamal and Elliptic curve cryptography. Elliptic Curve Cryptography (ECC) is considered as more suitable for limited resources applications such as RFID than other public key cryptography algorithms because of its small key size. Therefore, ECC was chosen in this work because of its advantages over other public key cryptography. Generally, a random generator is used to produce private keys and elliptic curve cryptography domain parameters. It uses a randomly generated seed to produce the random number where cryptanalysts may exploit it. Meanwhile, the design used in this study uses iris signature for its unique feature, and it is unlikely to find the same iris signature from two different individuals. Using the iris extractor application will produce the iris signature which consists of 2048 bits. This signature will be used as an alternative to the generated random number to add the iris uniqueness to the produced private key and elliptic curve domain parameters which make them harder to be broken by cryptanalysts. The design was implemented using the NetBeans IDE 6.5, and JDK 1.6 was applied for this purpose. The resulted domain parameters and the private keys were tested by using them to issue Elliptic Curve Digital Signature Algorithm (ECDSA). The produced signatures were verified and accepted by the verification function, which could show the possibility of using the iris signature to produce keys and curves.