Implementation of AES using biometric

ABSTRACT


INTRODUCTION
MANET is a wireless Adhoc Network which is dynamic in nature. It has the capability to transmit signals in between mobile nodes. Its self-configuration property essentially deals with dynamic property of moving nodes. MANET does not have organized network infrastructure in order to establish communication, because of its agility. This imposes limitations on network infrastructure, data security, processing ability, throughput and performance of the system [1]. Data security for MANET is to be designed keeping processing power and speed into consideration. Hence the deployment environment defines an extensive security at the cost of low processing power and at high data rate. MANET has on-demand need for high level security systems incorporated in network infrastructure. The literature stream lines wide number of security systems applicable to network systems. Most popular Cryptographic system illustrated in literature is advanced encryption system (AES). AES is distinguished encryption and decryption system used widely in vital computer networking applications. Key generation used to encrypt input message is again a very important aspect in data encryption/decryption systems. Use of symmetric key and asymmetric key remarks its own merits and demerits in securing data and data mobility in MANETs.
Main motivation behind data security in context of MANET is not only to secure data at high speed, but also at reduced processing power. Hence the usage of key generation is limited to implementation of symmetric key generation. However symmetric key generation is also made complex by generating the key incorporating biometric input [2][3][4][5]. Substitution-Box (S-Box) is implemented in various methods. The most widely used method is Lookup table method. In lookup table method the hardware design counterpart is expensive in terms of resource utilization and is considered swift with moderate security. Finite field arithmetic is one of the most used approaches and it uses affine transformation. The S-box using Finite field arithmetic has high design complexity. It not only reduces computational speed but also is more expensive, compared to Lookup table method with the same security level. AES implementation is made more vulnerable with the optimization of S-box [6], which extends the security level in multiple orders. S-box design optimization confronts the security threats. However MANET systems can be made even more secure with the incorporation of enhanced features. Biometric processing is one of the most popular and extensively used techniques in the design of authentication systems. Magnitude of research is made in the respective field about the selection of features suitable for processing. Research is also done on the type and method of processing, which can be accomplished in order to define authentication. Iris, fingerprint, face, DNA and palm print recognition are a few of the features available for biometric processing. Fingerprint is considered as the most adorable and convenient approach to the context of MANET. Various techniques have been reported in literature in processing the Biometric feature extraction [7][8][9][10][11][12][13][14][15].
In this paper, a novel method of encryption, using Biometric as key to AES is proposed and evaluated. It is expected to overcome the limitations of existing ciphers. A Biometric based authentication technique for MANETs was described in literature [16]. This paper implements the conventional design of AES, and the key is generated using the biometric feature. Minutiae extraction is incorporated using the Morphological operational method.
In literature a paper implements biometric processing using hybrid encryption techniques [17]. The paper also illustrates its own technique in order to increase the security level in communication networks. It also discusses about symmetric and asymmetric key generation techniques. Linear behavior of Sbox implementation, which is an integral functional module in AES encryption technique, was discussed in literature [6]. This paper defines greater security by incorporating nonlinearity in the implementation of S-Box.
In the paper Mixed Random 128 Bit Key Using Finger Print Features and Binding Key for AES Algorithm [18], Biometric key is used in order to encrypt plain text and decrypt cipher text. Finally the paper explains implementation of AES along with mixed key. The minutiae extraction here is accomplished using cross number approach.
The authors of the paper, Generation of 128-Bit Blended Key for AES Algorithm [19], proposed a new technique in order to generate key for AES encryption and decryption process. This paper takes iris as biometric feature and arbitrary key, to generate a blended key. The paper, Minutiae Extraction from Fingerprint Images-a Review [7], strongly recommends image quality of finger print which would essentially require less processing. Minutiae extraction on images such as binary and grey scale images at very higher glance is discussed.
The work on, Generation of Biometric Key for Use in DES [20], explains development of MANET systems using combination of Cryptographic systems and biometric key generation. Symmetric encryption technique is used, which exclusively works on non block size data. Biometric processing is incorporated in order to generate the key used for data encryption. However the data encryption strategy itself has a lot of issues in terms of key size, which is not sufficient to secure data. The paper, Minutiae extraction scheme for fingerprint recognition systems [11], distinguishes both global and local Binarization techniques. It summarizes that global Binarization is best suited for grey scale images over color images based on intensity illumination.
The neural network approach is used for minutiae extraction which is exclusively on the image without preprocessing. This paper confronts that image preprocessing would result in false minutiae extraction. The proposed technique uses series of convolution operation which results in increased latency [21].

RESEARCH METHOD
AES is implemented using Biometric feature for various applications. AES and Biometric processing combination ensures data security. Normally existing architectures [2][3][4]8] worked on various AES and Biometric combination implementations, with respect to various applications including MANETs. Conventional AES approach is used along with morphological minutiae extraction scheme which is based on fuzzy logic. Morphological technique is used to remove spurs and noise on thinned images using HIT and Miss transforms, as these transforms require complex functions to be implemented. This morphological operation has to be performed before preprocessing and post preprocessing. It is required to be repeated twice in a row, thereby increasing total computational time. Implementation of AES using multimodal biometric 4268 key generation is one of the known existing techniques. This implementation focuses much on multiple biometric feature extraction. Although multimodal biometric feature extraction extends security level, complexity of the design increases rapidly and will not fit into decentralized wireless architecture. AES key is also generated using mixed key input, which finds it suitable and reliable with increased security level. The mixed key is generated using fuzzy based logic which requires biometric input and random key. This again increases number of operations which consume processing power and is not suitable for battery dependent devices. MANET applications demand the architecture to be simple and secured. Hence additional computations used for extended security directly contribute to processing power complexity. Security is to be defined at the cost of fewer operations. Several encryption techniques are reported in literature which would suit MANET environment in terms of data secure mechanism. AES is considered as best approach in context with MANET. AES is recommended based on encryption time, decryption time and throughput of security system which is exceptionally remarkable over DES, Triple DES and Blowfish [22]. AES and Biometric combination is used in wide spectrum of network security applications. It is also extended to ATM machine which is designed to be high speed and also at very high security. The approach uses Biometric authentication instead of ATM card and process the information using AES and steganography technique, in order to lend cash amount. The proposed design uses AES and Biometric combination and obtains substantial results in terms of key size, time and resource consumption over DES algorithm and recommends the AES approach to applications ensuring high data security [23].
The primary objective is, to design a security technique which is best suited for MANET environment. MANET technology demands high data security in order to mitigate malicious attacks. Hence incorporating the security level is a major challenge. Security for MANET is required to be defined at the cost of high speed and less processing power. Although each of these parameters set a trade off in controlling each other, optimum solution is to be designed without compromising the performance of MANET systems. Optimum Encryption standard is to be used which defines a substantial security, retaining an optimum design complexity.
The Proposed system uses AES cryptographic system in order to secure data communication over wireless dynamic network. Symmetric key is generated using Biometric feature extraction in order to both encrypt and decrypt the data. 128 bit key is generated through Biometric feature extraction. Main focus of proposed design is in optimizing the S-box implementation, in order to increase security standard. It is followed by biometric based key generation. This combination is very popular and is considered as the best suit for MANET environment and the same is reported in literature. Figure 1 shows the proposed encryption architecture Key for S-box is generated based on biometric features. Simple biometric feature applicable for this MANET is fingerprint. Fingerprint introduces an additional level of data security and AES key is extracted from fingerprint input. Hence it is required to use a simple and suitable biometric processing without compromising preciseness of feature extraction.
The encrypted message is cipher text and decrypted message is decipher or plain text or original message. This process is shown in Figure 2. AES is implemented and used in various data communication networks. It works with block size data which is often called as cipher text and is implemented using modified S-box which is an integral part of the encryption systems and biometric based key.

Dynamic S-box
S-box is usually implemented using affine transformation and inverse functions in the Galio's Field GF(2 n ), where n=3. This method is optimally used in various applications. Since S-box architecture is standard and would be predictable by malicious attacks. In order to add quality security to existing designs, S-box is modified by incorporating nonlinear behavior. And it would be highly difficult to predict the encryption. S-box generates a matrix of hexadecimal number and is XORed by 1's complement of the original matrix which is the base for encryption. This process is as shown in Figure 3. The same matrix is inversed at decryption end in order to retrieve the original message.
In the presented technique, input is mapped to default S-box inherently generated. Later, S-box is XORed by 1's complement of the same. It generates an intermediate S-box which is extensively nonlinear in behavior. This is responsible for generating cipher text. The intermediate S-box is inversed and is given to decryptor which generates deciphered text. Figure 4 shows Dynamic S-box used for generating cipher text. In the processes of encryption, input value at the point (X, Y) is mapped to default S-box and again mapped to intermediate S-box which is responsible for generating the cipher text. As shown in Figure.

Biometric based key generation
Fingerprint is a physical trait of human beings. It is used as a biometric feature and is extracted through biometric processing. Biometric is used here to generate the key, used for data encryption and decryption. Biometric processing includes various operations such as capturing analog data, preprocessing, minutiae extraction and key generation.
Input fingerprint image is initially segmented with an intention of noise removal. The entire image is divided into matrix of size 16x16. Variance is then calculated and is compared with defined global threshold value (0.10). This is accomplished for the entire image. If the value of variance is less than threshold value, where I(i,j) denotes the gray-level value at pixel (i, j). M and VAR denote the estimated mean and variance of J respectively. G(i, j) denotes the normalized gray-level value at pixel (i, j). M 0 and VAR 0 are the desired mean and variance values respectively. Image is divided into 16x16 block size. Block estimation orientation is done on the normalized image and is computed using below equations: ( , ) = ∑ ∑ 2 ( , ) Where θ(i,j) is the least square estimate of local ridge orientation at, the block centered at pixel (i, j). The image is binarized using Fixed Thresholding Binarization method which takes an image and returns a binary value. In this method fixed threshold value is used to assign 0's and 1's for all pixel positions. It does so by using two thresholds, one for background and one for fingerprint. The image will undergo padding with padding number of pixels from every side. Each of these padded pixels will be "painted" in black. The basic idea for fixed Binarization method is described in (5).
T shows global threshold value. Crossing Number (CN) concept is used for minutiae extraction. By examining neighborhood of each ridge pixel using a 3x3 window. This method extracts ridge endings and bifurcations from the skeleton image. Crossing number for a pixel 'P' can be represented as in Figure 5. Ridge ending pixel corresponds to a Crossing Number of one and bifurcation pixel corresponds to a Crossing Number of three. Neighborhood of P, of pixel p, as shown in Figure 5 Each minutiae points extracted from a fingerprint image is denoted as (x, y) coordinates. In this, we store those extracted minutiae points in two different vectors, Vector M1 comprises every x co-ordinate values and vector M2 comprises every y co-ordinate values. By using M1 and M2 128-bit biometric key is generated. The Algorithm for generating biometric key for BAES is stated Algorithm 1: In the above BAES algorithm SM indicates State Matrix and SMs indicates state matrix obtained after byte substitution, SMr indicates the state matrix obtained after shifting rows, SMc indicates state matrix obtained after mixing columns.

RESULTS AND DISCUSSIONS
AES implementation along with Biometric key generation is done on MATLAB platform. AES Sbox creation logic is modified by using 1's complement method, which results in nonlinear generation of S-box and inverse S-box matrix. Hence it is highly difficult to predict the input data. This modified S-box defines an additional security thread in order to safe guard the data. The input given is a plain text which in hexadecimal format is converted to decimal data.
The decimal data, the key, modified S-box and reconfiguration matrix altogether generates a cipher text. 128 bit key is used to generate cipher text, using key expansion function. The new key matrix generated works in conjunction with S-box and reconfiguration matrix to generate the cipher text. The key used to generate cipher text is modeled by using finger print image. A Finger print image of size 256x500 is taken and is converted to grey scale as shown in Figure 6. Figure 7 shows an image which is converted to binary format using threshold comparison method. It shows an image being processed using Minutiae extraction which uses Cross number method. Extracted minutiae are converted to vectors and the vectors are again converted to 128 bit key.  Total time taken to execute the program on MATLAB software is shown using Figure 11. Total time taken is given by 1.27097 seconds, in order to encrypt 128 bit input data with 128 bit Biometric based key and decrypt the same.

Comparative study of AES and BAES
This section gives an analysis of the proposed BAES cipher with existing AES cipher. The performance metric considered for comparison are processing time and memory utilized. Table 1 gives comparison of execution time for AES and BAES ciphers using text data input. From the table it is evident that memory utilization of BAES and AES do not vary. And BAES is equivalently efficient at the cost of minimal processing overhead.
The results are generated using MATLAB tool. Time taken could be even lesser if it is executed in fast processing systems and advanced compilers. A possible issue would be only with respect to acquiring the biometric image with high resolution and quality, and this could be addressed by using latest sensors with quality image preprocessing capability. This is a minor issue and does not majorly affect the key generation or usage.

CONCLUSION
In this paper, data security technique is implemented for MANET application. The data security system is designed using amalgamation of AES and Biometric. AES is designed using unique S-box generation technique which defines multiple security levels. Key generation for encryption and decryption is incorporated using biometric input. Biometric input is a finger print image, which is easy and feasible for this context, compared to rest of the biometric profiles. Simple biometric processing technique is incorporated at the cost of optimum processing complexity.
Biometric key is preferred here since in symmetric ciphers like AES key plays a vital role and it is easy to replace the biometric key, in worst possible case if any cryptanalyst analyses the current key. The computational time is 1.270971 seconds for processing on Intel Xeon Processor with 16 GB RAM. This technique can be enhanced by properly routing the symmetric key from source node to destination node, so that additional security is accomplished. The target application of BAES could be m-governance, e-commerce, banking systems, military systems and in any genre of MANETs for secure data exchange.