建構在模糊擷取器及列表法編解碼器上的認證系統

全文

(1)國立交通大學資訊工程學系碩士論文. 建構在模糊擷取器及列表法編解碼器上的認證系統 Authentication Using Fuzzy Extractor with List Decodable Codes. 研究生：賴建名指導教授：蔡錫鈞. 教授. 中華民國九十四年八月.

(2) 建構在模糊擷取器及列表法編解碼器的認證系統 Authentication Using Fuzzy Extractor with List Decodable Codes. 研究生：賴建名. Student：Chian-Ming Lai. 指導教授：蔡錫鈞. Advisor：Shi-Chun Tsai. 國立交通大學資訊工程學系碩士論文. A Thesis Submitted to Department of Computer Science and Information Engineering College of Electrical Engineering and Computer Science National Chiao Tung University in partial Fulfillment of the Requirements for the Degree of Master in. Computer Science and Information Engineering August 2005 Hsinchu, Taiwan, Republic of China. 中華民國九十四年八月. ii.

(3) 建構在模糊擷取器及列表法編解碼器上的認證系統. 學生：賴建名. 指導教授：蔡錫鈞. 國立交通大學資訊工程學系﹙研究所﹚碩士班. 摘. 要. 密碼認證系統是最普遍和傳統的認證系統。但是因為人為設定的密碼的亂度不足並且使用者常常使用有意義的字當成密碼，所以密碼認證並不安全。近來有人開始關注生物特徵，例如虹膜、指紋或是手型。Dodis 提出了由模糊擷取器來擷取生物特徵來做密碼學應用的概念。在這一篇論文中，我們以模糊擷取器為基礎建構一個指紋認證系統。除此之外，並在模糊擷取器裡改用列表法編解碼器來加強辨識的能力。. iii.

(4) Authentication Using Fuzzy Extractor with List Decodable Codes. student：Chian-Ming.Lai. Advisors：Dr.Shi-Chun Tsai. Department﹙Institute﹚of Computer Science and Information Engineering National Chiao Tung University. ABSTRACT. Password authentication is a traditional method to verify rights of a user. But it’s not secure, since the password is low-entropy and non-uniform. Recently people are thinking about using the biometric information, such as fingerprint, iris, hand shape…etc. Dodis et al. proposed fuzzy extractor to extract truly random string from biometric data for cryptographic use. In this thesis, based on the fuzzy extractor, we construct a fingerprint authentication system. Furthermore, we use list decodable codes to raise the identification rate of the system.. iv.

(5) 誌. 謝. 論文的完成要感謝蔡錫鈞老師耐心細心的指導與關心，更要感謝信龍學長和佳蓉學姊不厭其煩的解答我的疑惑。也謝謝家人給我精神上和物質上不虞匱乏的支持，讓我一路可以毫無顧忌的完成學業。在論文寫作期間也要謝謝我的同學和朋友對我的開導和關懷，讓我產生無比勇氣。. v.

(6) Authentication Using Fuzzy Extractor with List Decodable Codes Chian-Ming Lai August 30, 2005.

(7) 2.

(8) Contents 1 Introduction. 9. 2 Preliminary. 13. 2.1. Metric Space . . . . . . . . . . . . . . . . . . . . . . . . . . . 13. 2.2. Error Correcting Codes . . . . . . . . . . . . . . . . . . . . . . 14. 2.3. List Decodable Codes . . . . . . . . . . . . . . . . . . . . . . . 14 2.3.1. Unique Decoding . . . . . . . . . . . . . . . . . . . . . 15. 2.3.2. List Decoding . . . . . . . . . . . . . . . . . . . . . . . 16. 2.4. Fuzzy Extractor . . . . . . . . . . . . . . . . . . . . . . . . . . 17. 2.5. Constructions . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.5.1. Construction under Hamming metric space . . . . . . . 21. 2.5.2. Construction under set difference metric space . . . . . 22. 3 Fingerprint authentication system. 25. 3.1. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25. 3.2. System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.2.1. Assumptions . . . . . . . . . . . . . . . . . . . . . . . . 27. 3.2.2. Some implementation issues . . . . . . . . . . . . . . . 27. 3.2.3. System structure . . . . . . . . . . . . . . . . . . . . . 30 Sign up . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31. 4 Experimental results 4.1. 35. The fingerprint authentication system . . . . . . . . . . . . . . 35 3.

(9) 4. CONTENTS 4.2. Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40. 5 Conclusion. 45. Appendices. 48. A. 49 A.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . 49 A.2 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 A.3 File Description . . . . . . . . . . . . . . . . . . . . . . . . . . 50.

(10) List of Figures 2.1. Secure sketch . . . . . . . . . . . . . . . . . . . . . . . . . . . 19. 2.2. Procedure Gen in fuzzy extractor . . . . . . . . . . . . . . . . 20. 2.3. Procedure Rep in fuzzy extractor . . . . . . . . . . . . . . . . 21. 3.1. Extract biometric data from a fingerprint image . . . . . . . . 26. 3.2. Procedure RecList in secure sketch . . . . . . . . . . . . . . . 28. 3.3. Procedure RepList in fuzzy extractor . . . . . . . . . . . . . . 29. 3.4. Sign Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31. 3.5. Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32. 3.6. Login via list decoding . . . . . . . . . . . . . . . . . . . . . . 33. 4.1. Sign up snapshot 1 . . . . . . . . . . . . . . . . . . . . . . . . 36. 4.2. Login snapshot 1 . . . . . . . . . . . . . . . . . . . . . . . . . 37. 4.3. Sign up snapshot 2 . . . . . . . . . . . . . . . . . . . . . . . . 38. 4.4. Login snapshot 2 . . . . . . . . . . . . . . . . . . . . . . . . . 39. 4.5. fingerprint image a to f . . . . . . . . . . . . . . . . . . . . . . 42. 4.6. fingerprint image g to l . . . . . . . . . . . . . . . . . . . . . . 43. A.1 Relation between classes . . . . . . . . . . . . . . . . . . . . . 52. 5.

(11) 6. LIST OF FIGURES.

(12) List of Tables 4.1. Experiments with different fingerprints . . . . . . . . . . . . . 44. A.1 Files used in the servlet . . . . . . . . . . . . . . . . . . . . . 51 A.2 Files used in the applet . . . . . . . . . . . . . . . . . . . . . . 52. 7.

(13) 8. LIST OF TABLES.

(14) Chapter 1 Introduction Based on the paper [2] proposed by Dodis et al., we construct a fingerprint authentication system with Java Servlet technology and Apace Tomcat web server. Moreover, we enhance the identification rate of the fingerprint authentication by using list decodable code. The password authentication is a traditional method to verify the access rights of a user. User signs up with a name and a password, and the system uses a hash function (one way function) to get a hashed value by hashing the password and stores the user name and hashed value. As a user logins with his/her password which is exactly what he/she set, system compares the hashed value of the password with pre-saved hashed value and checks if they are equal. Such an authentication method is traditional and easy, however it’s not a secure method. It has two shortcomings. 1) Passwords are rarely truly random, since humans can’t remember non-meaningful and long password. 2) Passwords are not reproducible, since user has to type the password exactly what he/she set at the first time. In other words, users always set the meaningful passwords, such as birthday or personal identification number, and usually can’t exactly remember long and complicated passwords. Therefore the password authentication can’t guarantee security. There are researchers have proposed methods with nonuniform and lowentropy passwords. For instance, one method is proposed by Ellison et al.[4], 9.

(15) 10. CHAPTER 1. INTRODUCTION. which asks user several private questions and uses the answers to encrypt the secret. The method is useful and practical, but it’s not convenient. In order to generate truly randomness for cryptographical use, recently people are thinking about using the biometric information. The biometric data includes iris, fingerprint, hand shape, facial shape, signature and voiceprints (for more biometric data see [5]). The biometric data can not be reproduced precisely each time and is not uniformly distributed. We use the fuzzy extractor, which is proposed by Dodis et al.[2], to extract nearly uniform distributed randomness from non-uniform distributed biometric data for cryptographic use. Dodis also proposes the idea of secure sketch, with which a fuzzy extractor can be built. A secure sketch output the sketch s about the input biometric data w. While revealing some information about w, the secure sketch still can reconstruct it from any other input biometric data w0 that is sufficiently close. Moreover, a fuzzy extractor make use of the secure sketch to output a random string R and a public string P . We use the random string R as the strong key used in the fingerprint authentication system of this thesis. The key extracted from the biometric data by the fuzzy extractor is different from the traditional key. We don’t need to store the key, since the key can be recovered from the biometric data. It is uniformly distributed and can be easily reproduced. A fuzzy extractor can generate a strong key as cryptographical use from biometric data in a tolerant way. That is, whatever the biometric data change, if the changes is not much, the fuzzy extractor can correct it. Hence, an error correcting code (see [14] for survey) is needed. In coding theory, given n, k and d, a code is a collection of elements (codewords) in {0, 1}n such that d is the minimum distance of the code and there is a function f : {0, 1}k → {0, 1}n that encodes the message of length k into a codeword of length n. The minimum distance of the code is the minimum hamming distance between any two codewords. Since any codeword is at distance at c least d from each other. We can find a unique codeword within distance b d−1 2.

(16) 11 c, and t is called the error correcting from a message of size n. Let t = b d−1 2 bound. The problem to decode a message to at most one codeword within the error correcting code is called unique decoding. The error locating bound is called the traditionally error correcting bound, since no one can correct more errors beyond this bound until Elias[3] and Wozencraft[16] invented the list decoding in 1950s. If there is a decoder that can list all possible codewords beyond the traditional bound when receiving a message, we call the decoder a list decoder. The code with this property is a list decodable code. The problem to decode all possible codewords beyond the traditional bound is called list decoding. There are several list decodable codes, including Reed-Muller codes[10], Chinese remainder codes[8], algebraic-geometric codes[7], concatenated codes[6] and ReedSolomon codes[12]. The first efficient decoding algorithm of Reed-Solomon code is invented by Sudan[15]. We apply Reed-Solomon codes to our system. Fingerprint is one of the mostly available biometric data. In order to get the fingerprint data, fingerprint readers are needed. It scans the image of the fingerprint and transmits it to the computer for extended visional processes. In order to extract fingerprint data from raw fingerprint image, several graphical processes are applied[11]. In this thesis, we assume there is a method that helps us to extract biometric data from raw fingerprint images. Then we construct a fingerprint authentication system containing a fuzzy extractor to handle the biometric data. Moreover, we use a list decodable code, here is Reed-Solomon Codes, as the error correcting code needed in the fuzzy extractor to raise the recovery capability. The system can be accessed via https://donna.csie.nctu.edu.tw/ FuzzyServlet/. We develop the system with Java Servlet technology and Apache Tomcat web server(http://apache.org/). Java language(http://java.sun.com/) is an object-oriented and cross-platform programming language. The greatest advantages of Java language are reusability and portability, since Java source codes are compiled into Java Bytecodes which can be run under different platforms. Furthermore, Java is simple, since Java has automatic memory management. Programmers don’t need to.

(17) 12. CHAPTER 1. INTRODUCTION. handle the problem about dangling pointers or memory leaks. The Java technology contains Java Servlet and Java Applet technology. The Java Servlets are modules of code that run in a server application to answer client requests, and the Java Applet is written in Java language and is run in a web browser. However, Java has some security restrictions. It is limited to communicate with the host web server only. We use Java Servlet in the web server to respond the requests from the applet in the client side. The rest of this thesis is organized as follows. We introduce the preliminaries in chapter 2, including the secure sketch, fuzzy extractor and the Reed-Solomon code. Chapter 3 shows the architecture of the fingerprint authentication system and related implemental issues. Chapter 4 gives some experiments. Last chapter makes a conclusion..

(18) Chapter 2 Preliminary In this chapter, we review several related definitions and introduce fuzzy extractor.. 2.1. Metric Space. A metric space is a set M and a corresponding distance function dist that satisfies the following conditions. That is for any three elements a, b and c ∈ M , (1) a = b iff dist(a, b) = 0, (2) dist(a, b) = dist(b, a) and (3) dist(a, b) + dist(b, c) ≥ dist(a, c) (triangle inequality). For example, the hamming metric space over a field F, consists of a metric set M ⊆ F, consists of a metric set M ⊆ Fn with a distance function dist : S M ×M → N {0}, which outputs the number of the coordinates in which two metric elements differs. Another example is the set difference metric. A set difference metric space M contains all the subsets of fixed size s contained in the universal set U = {0, 1, ..., n − 1} and for A, B ∈ M , the distance function dist(A, B) outputs the number of elements in A that are not in B. Note that dist(A, B) = 12 |A4B|. Obviously, they all satisfy the above three conditions. We view biometric data as elements in the metric space. In this thesis we define biometric data over Hamming metric space and set difference metric 13.

(19) 14. CHAPTER 2. PRELIMINARY. space respectively. Besides the metric space issue, a fuzzy extractor needs error correcting codes to provide fault tolerance ability.. 2.2. Error Correcting Codes. Error correcting codes are widely used in communication. When message is transferred from sender to receiver over a noisy channel, data might be changed. To guarantee correctness and integrity, we add some extended information to original message to ensure that receiver would receive the P correct message. Given parameters n, k, d and a symbol set , codewords P P are the image of the function C : k → n such that for any two messages x P and y in k , the (Hamming) distance of the codewords C(x) and C(y) is at least d. If we receive an encoded message y, to correct the message is to find the x with the smallest distance between C(x) and y. Since any codeword is at distance d from any other codewords, for any received encoded message c, where t is y, there is at most one codeword within the distance t = b d−1 2 called error correcting distance of the code. In this thesis, we use Reed solomon code which is also a list decodable code.. 2.3. List Decodable Codes. When we can’t find the closest codeword for a received message within error correcting bound t, we still can find numerous close codewords beyond the bound. We call a code with this property a list decodable code, for example Reed-Solomon code. Reed-Solomon Code: Let Σ = Fq be a finite field and α1 , α2 , ..., αn be distinct elements of Fq . Given n,k and Fq , such that k ≤ n ≤ q, a k−1 mi X i , we message m = hm0 , m1 , ..., mk−1 i and the polynomial p(X) = Σi=0. can encode a message by a mapping C : Σk → Σn , where the codeword C(m) is hp(α1 ), p(α2 ), ..., p(αn )i..

(20) 2.3. LIST DECODABLE CODES. 15. For any two messages M1 and M2 whose corresponding polynomials are p1 (X) and p2 (X) of degree at most k − 1, the distance of the codewords of M1 and M2 is at least n − (k − 1). We know that the minimum distance d ≤ n − k + 1, and by the Singleton bound d ≥ n − k + 1 (see reference [14]), the minimum distance d is n − k + 1, Therefore Reed Solomon code is a [n, k, d = (n − k + 1)] error correcting code and can be used for fuzzy extractor.. 2.3.1. Unique Decoding. The unique decoding algorithm of the Reed-Solomon code was invented by Berlekamp and Welch [1]. Let x1 , x2 , ..., xn be the distinct elements in F, assume we have a received c errors, the original message message y1 , y2 , ..., yn with at most e ≤ b n−k 2 P i m0 , m1 , ..., mk−1 , its corresponding polynomial p(X) = k−1 i=0 mi X , and the encoded codeword p(x1 ), p(x2 ), ..., p(xn ). We can reproduce at most one p(x). In order to reconstruct p(x), we define an error locating polynomial E(x) = Q {i:p(αi )6=yi } (x − xi ). That is, E(xi ) = 0 if p(xi ) 6= yi . For all i, the equation E(xi )(p(xi ) − yi ) = 0 holds, since E(xi ) = 0 if p(xi ) 6= yi and p(xi ) − yi = 0 if p(xi ) = yi . Let N (x) = E(x)p(x) be a polynomial of degree ≤ e + k − 1, then N (xi ) = E(xi )p(xi ) = E(xi )yi for all i. If we can find the N (x) and E(x), we can reconstruct the message. The following is the Berlekamp-Welch unique decoding algorithm. Algorithm 2.3.1. Berlekamp-Welch unique decoding algorithm Input: x1 , x2 , ..., xn ,y1 , y2 , ..., yn ∈ Fq , Message size k and error number c e ≤ b n−k 2 1. Find polynomial N (x) and E(x) such that i. deg(E) ≤ e, and E(x) 6= 0. ii. deg(N ) ≤ e + k − 1, and N (x) 6= 0. iii. N (xi ) = yi E(xi ) for all i..

(21) 16. CHAPTER 2. PRELIMINARY 2. Compute p(x) = N (x)/E(x) and output the coefficients of the p(x). The algorithm works, if the polynomials N (x) and E(x) exists and p(x). is unique[1]. The brief explanation is given below. First, to prove the existence of the polynomials N (x) and E(x), we note that the condition N (xi ) = yi E(xi ) for all i. Thus, a solution can be found by solving a homogenous linear system, since the there are more equations than the unknowns. Second, to prove that the polynomial p(x) is unique, assume that any N and E found in step 1 satisfy N (x) = p(x)E(x). Let R = {i|p(xi ) = yi } and |R| ≥ n−e. That is, there are at most e errors in the received message. Thus, for every i ∈ R, N (xi )−E(xi )p(xi ) = 0, and the polynomial N (x)−E(x)p(x) has at least n − e roots and the degree at most e + k − 1. If the number of roots is more than the degree, the polynomial N (xi ) − E(xi )p(xi ) is zero identically. Hence, p(x) = c b n−k 2. N (x) . E(x). The condition is exactly given, since e ≤. ⇒ e + k ≤ n − e ⇒ e + k − 1 < n − e.. The Berlekamp-Welch algorithm uniquely outputs the closest codeword c. In next section,»the listing when e ≤ b n−k 2 ¼ decoding algorithm can correct q 2(n+1) c ). + b k−1 more errors (at most n − (k − 1) 2 k−1. 2.3.2. List Decoding. In this section, we describe the list decoding algorithm for Reed Solomon code, which was invented by Sudan [15]. Weighted degree: The (a, b)-weighted degree of the monomial qij xi y j is defined as ai + bj. The (a, b)-weighted degree of a polynomial Q(x, y) = P i j ij qij x y is the maximum, over the monomials with non-zero coefficients, of the (a,b)-weighted degree of the monomial. We recall the definition of the Reed-Solomon code. Let x1 , x2 , ..., xn be the distinct elements of F, given a message (m0 , m1 , ..., mk−1 ) and p(X) = Pk−1 i i=0 mi X , the encoded codeword is hp(x1 ), ..., p(xn )i. Let hy1 , ..., yn i be the corrupted codeword. To do the list decoding, we find any close codewords.

(22) 2.4. FUZZY EXTRACTOR. 17. hc1 , ..., cn i such that |{i|ci = yi }| ≥ t. In other words, we have to find all those polynomials q’s such that |{i|q(xi ) = yi }| ≥ t. The following algorithm gives a way to find all possible polynomials. Algorithm 2.3.2. List decoding algorithm for Reed Solomon Codes Input: n, k, t and distinct pairs (x1 , y1 ), (x2 , y2 ), ..., (xn , yn ) ∈ F × F. q k j 2n 1 2 t 1 t d 1. Let d = k − 1, m = b 2 − 1c and l = ( d + 2 ) − ( d + 2 ) − d . Find any function Q : F2 → F that satisfies i. (1, d)-weighted degree of Q(x, y) is ≤ m + ld. ii. Q(xi , yi ) = 0, for all i = 0, ..., n − 1. iii. Q 6= 0. 2. Factor Q into irreducible factors. 3. Output all the polynomials p such that (y − p(x)) is a factor of Q and p(xi ) = yi for at least t values of i. The algorithm works if the bivariate polynomial Q(x, y) exists and if the polynomial p can be found[15]. We briefly give the reason why it works. P Pm+(l−j)d qij xi y j . At first, to prove that Q(x, y) exists, let Q(x, y) = lj=0 k=0 Try to find the coefficients of Q such that Q(xi , yi ) = 0 for all i. Consider this homogenous linear system, there are more unknowns than equations. Thus, a nonzero solution exists and Q(x, y) exists. p Second, if t > 2(n + 1)d − d2 − 1 and |{i|p(xi ) = yi }| ≥ t, the list decoding algorithm should output p. To find such polynomial p is equivalent to prove that (y − p(x)) divides Q(x, y). We let f (x) = Q(x, p(x)). It can be proved that the degree of f (x) is less than |{i|f (xi ) = 0}|. Therefore f (x) is identical zero and y − p(x) divides Q(x, y). Hence, the algorithm works.. 2.4. Fuzzy Extractor. We introduce some involved definitions as follows..

(23) 18. CHAPTER 2. PRELIMINARY Min-entropy: For a random variable X, the min-entropy of X is H∞ (X) =. − log(maxx Pr(X = x)). For two random variables X and Y , the average ˜ ∞ (X|Y ) = − log(Ey←Y (2−H∞ (X|Y =y) )). min-entropy of X given Y is defined as H We use the average min-entropy to measure the entropy loss of the data source if we give some extended information. Statistical distance: The statistical distance of two distributions X and Y is defined as SD(X, Y ) = 12 Σw | Pr(X = w) − Pr(Y = w)|. Strong Extractor: An (n, m0 , l, ²)-strong extractor is a function Ext:{0, 1}n × {0, 1}d → {0, 1}l , such that, for any distribution W on {0, 1}n with H∞ (W ) ≥ m0 , SD(hExt(W, Ud ), Ud i, hUl , Ud i) ≤ ². In other words, Ext(W, X) denotes the application of Ext to W using uniformly distributed randomness Ud . A secure sketch has two procedures Sketch and Rec. The procedure Sketch produces the public description (called sketch) about the biometric input w, and the procedure Rec recover w from any biometric input w0 that is close to w and the original description about w. The formal definition of the secure sketch is below. Definition 2.4.1. (Def 2. from [2]) An (M, m, m0 , t)-secure sketch contains two procedures Sketch and Rec. • Sketch is a randomized mapping from metric space M to {0, 1}∗ . • Rec is a recovery function, such that for any w ∈ M with min-entropy m, given Sketch(w), and any w0 ∈ M such that dist(w, w0 ) ≤ t, we can recover w = Rec(Sketch(w), w0 ). ˜ ∞ (W | • For any random variable W over M with min-entropy m, H Sketch(W )) ≥ m0 Note that the random output of Sketch is denoted as Sketch(W ), or Sketch(W, X) when we make the randomness explicit. A fuzzy extractor provides a similar function. It also contains two procedures Gen and Rep. The procedure Gen extracts randomness R and public.

(24) 2.4. FUZZY EXTRACTOR. 19. Secure Sketch - procedure Sketch and Rec. Biometric data w. Biometric data w’ and Sketch(w). Sketch. Rec. Sketch(w). Original biometric data w. Figure 2.1: Secure sketch string P from a biometric input w which is close to w0 , and the procedure Rep extracts R from biometric input w0 and the public string P . The following is the formal definition. Definition 2.4.2. (Def 3. from [2]) An (M, m, l, t, ²)-fuzzy extractor contains two procedures Gen and Rep: • Gen is a probabilistic procedure, such that for any w ∈ M with minentropy m, it outputs a string R ∈ {0, 1}l and a public string P , satisfying SD(hR, P i, hUl , P i) ≤ ². • Rep is a procedure that recovers R from the corresponding public string P and any w0 close to w. That is, for all w, w0 ∈ M , such that dist(w, w0 ) ≤ t, Rep(w0 , P ) = R. A fuzzy extractor addresses the error-tolerance just like a secure sketch. Furthermore, a fuzzy extractor also addresses the nonuniformity. That means that it always extracts a uniformly random string R reliably from its biometric input w in an error-tolerant way. Whatever the w0 change, if w0 is still close to w, the fuzzy extractor always output the same R. The procedure Gen outputs R with the restriction SD(hR, P i, hUl , P i) ≤ ². To achieve it, we use a strong extractor to extract R from w. The procedure.

(25) 20. CHAPTER 2. PRELIMINARY. Rep recovers R from the public string P and w0 which is close to w. Thus, we can use a secure sketch to help a fuzzy extractor to recover w and use one strong extractor to extract R from recovered w. Obviously, a fuzzy extractor can be built by one secure sketch and one strong extractor. Lemma 2.4.3. (Lemma 3.1 from [2]) Given an (M, m, l, t, ²)-secure sketch containing two procedures Sketch and Rec , and an (n, m0 , l, ε)-strong extractor Ext with l = m0 − 2 log( 1² ). Then for W ∈ M and uniformly distributed random strings X1 , X2 , an (M, m, l, t, ²)-fuzzy extractor is defined as two procedures Gen and Rep: • Gen(W ; X1 , X2 ) : Compute P = hSketch(W, X1 ), X2 i, R = Ext(W ; X2 ) and output hR; P i. • Rep(W 0 , P = hV, X2 i) : Recover W = Rec(W 0 , V ) and output R = Ext(W, X2 ). Note that V is the Sketch(W, X1 ) generated by Gen.. Fuzzy Extractor - procedure Gen X1. Secure Sketch Sketch. Biometric data w. X2. Strong Extractor Ext. Public String P = Sketch(w, X1), X2 . Private string R. Figure 2.2: Procedure Gen in fuzzy extractor Note that the random strings X1 and X2 referred in the lemma do not specify the length. It depends on how you make a secure sketch and what strong extractor you choose. There are concrete examples in next section..

(26) 2.5. CONSTRUCTIONS. 21. Fuzzy Extractor - procedure Rep Secure Sketch Rec. Biometric data w’. Sketch(w, X1). Public String P = Sketch(w, X1), X2 . X2. Original biometric data w. Strong Extractor Ext. Private string R. Figure 2.3: Procedure Rep in fuzzy extractor. 2.5. Constructions. This section shows how to make secure sketches under two metric spaces, i.e., Hamming and set difference, and demonstrates how to build fuzzy extractors from those two secure sketches respectively.. 2.5.1. Construction under Hamming metric space. Given an [n, k, d = 2t + 1] code C, the Hamming metric space M = {0, 1}n , a biometric input W ∈ M and a random string X1 ∈ {0, 1}k , the secure sketch is Sketch(W ; X1 ) = W ⊕C(X1 ). Let S = Sketch(W ; X1 ) and dist(W, W 0 ) ≤ c. The recovery function is Rec(S, W 0 ) = S ⊕ C(D(W 0 ⊕ S)) = S ⊕ b d−1 2 C(X1 ) = W ⊕ C(X1 ) ⊕ C(X1 ) = W . Based on the Hamming secure sketch, given a biometric input W ∈ M and random strings X1 ∈ {0, 1}k and X2 ∈ {0, 1}∗ , the procedure Gen of the fuzzy extractor outputs a public string P = hSketch(W, X1 ), X2 i and a random string R = Ext(W, X2 ). The length of X2 depends on the strong extractor. To reproduce R, given a biometric input W 0 ∈ M and P = hSketch(W, X1 ), X2 i, the procedure Rep in the fuzzy extractor first recovers W = Rec(W 0 ,.

(27) 22. CHAPTER 2. PRELIMINARY. Sketch(W, X1 )), where W 0 is close to W (dist(W, W 0 ) ≤ t). Second, the procedure Rep extracts R = Ext(W, X2 ). Then we have a fuzzy extractor from a hamming secure sketch.. 2.5.2. Construction under set difference metric space. Consider a different metric space with the universal set U = {0, 1, ..., n−1} = [n]. The metric space M is a collection of all subsets of size s in U and the distance function distset . Given A and B ∈ M , the distance function is defined as the number of the elements in A but not in B. We denotes the distance as 12 |A4B|. Since A and B is of the same size, |A4B| is even and can be divided by 2. Actually, we can represent a set as a binary string. Assume that A ∈ M , the i-th bit of the binary string represents if the i-th element exists or not. For example, given n = 10, s = 5, to represent a set A = {0, 1, 3, 5, 7} ⊆ [n] in the set difference metric space, the corresponding binary string is 1101010100. To make the secure sketch, given a biometric input W ∈ M , random string X1 ∈ {0, 1}∗ and an [n, k, d = 4t + 1] code C with constant weight s, randomly select a codeword B from C, and generate one permutation π : [n] → [n] such that π(W ) = B. Finally output the permutation π as the secure sketch. The length of X1 depends on how we generate the secure sketch (permutation). Practically we use X1 as a random seed to select B from C and generate the permutation from W and B. We summarize these steps into the following algorithm. Algorithm 2.5.1. Make a sketch under set difference metric space Input: a biometric data W ∈ M . 1. Randomly select a codeword B from C. 2. Choose a random permutation π : [n] → [n] such that π(W ) = B. 3. Output the permutation π by listing π(1), ...π(n)..

(28) 2.5. CONSTRUCTIONS. 23. Given the secure sketch Sketch(W, X1 ) and a biometric input W 0 ∈ M such that distset (W, W 0 ) ≤. d−1 , 4. the recovery function Rec(Sketch(W, X1 ), W 0 ). contains the following steps: Compute B 0 = π(W 0 ). Since the permutation keeps the distance, the intersection of W and W 0 is the same as of B and B 0 = π(W 0 ). B 0 can be corrected to B, and the recovery function finally outputs W = π −1 (B). In the same way, we can build the fuzzy extractor from the set difference secure sketch. Given a biometric input W ∈ M and random strings X1 ∈ {0, 1}∗ and X2 ∈ {0, 1}∗ , the procedure Gen in the fuzzy extractor outputs public string P = hSketch(W, X1 ), X2 i and R = Ext(W, X2 ). There are some differences, i.e., the length of X1 depends on how you do the secure sketch (X1 may be used as a seed to generate a random mapping for the permutation), and the length of X2 depends on the strong extractor. To reproduce the R, given a biometric input W 0 ∈ M and P =hSketch(W, X1 ),X2 i, the procedure Rep of the fuzzy extractor first recover W = Rec(W 0 , Sketch(W, X1 )), where W 0 is close to W (that is distset (W,W 0 ) ≤ t). Second, the procedure Rep outputs R = Ext(W, X2 ). Then we construct a fuzzy extractor from a set difference secure sketch..

(29) 24. CHAPTER 2. PRELIMINARY.

(30) Chapter 3 Fingerprint authentication system In this chapter, we show a system that provides fingerprint authentication by using the fuzzy extractor with two metric space.. 3.1. Background. Fingerprint identification is one of the popular biometrics technologies. When one presses his/her fingerprint on a fingerprint reader, some unique and shorter data are produced to identify the fingerprint owner in a ideal situation. To achieve the goal, several processes are applied to the raw fingerprint image. For example, IBM Exploratory computer vision group gives several comments on the steps to produce data to represent fingerprints[11]. 1. Processing - to adjust the size and contrast. 2. Computation of block directions - Determination of primary ridge direction in each sub-region of an image. 3. Foreground/Background Segmentation - Identification of fingerprint area. 25.

(31) 26. CHAPTER 3. FINGERPRINT AUTHENTICATION SYSTEM 4. Ridge Extraction - Extraction of ridge area within the foreground area. 5. Blob Removal - Elimination of non-elongated small structures. 6. Thinning and Morphology - Ridges are thinned into one pixel wide skeletons. 7. Minutia Extraction - Determine location and orientation of ridge bifurcations and ridge terminations. 8. Post processing - Elimination of extraneous minutia. Usually a fingerprint identification device contains a fingerprint reader. and a identification software that extracts biometric data from image. The following figure shows the idea.. Fingerprint Reader. Fingerprint Image File. Intermediate processing steps Fingerprint Data (Biometric Data). Figure 3.1: Extract biometric data from a fingerprint image The final fingerprint data is not always unique in real world, since it might be mistakenly identified as some other’s fingerprint data. The misidentification rate of the current fingerprint identification systems can be reduced to 1/1000, but the price of the fingerprint identification device with that rate is expensive. Therefore we could consider one device with lower price and high identification rate. We use the fuzzy extractor with list decodable code to raise the identification rate. The method is cheaper and innovative, since the fuzzy extractor can handle the biometric data that is not reproducible and not uniformly distributed..

(32) 3.2. SYSTEM. 3.2. 27. System. In this section, we discuss the system architecture and related issues.. 3.2.1. Assumptions. Since we have fuzzy extractor to extract random string R for cryptographical use, we can build a fingerprint authentication system. However, we have to make some assumptions on fingerprint data. For some reasons, we cannot get a fingerprint identification software that can extract fingerprint data. So we need to generate suitable data in place of those data produced by identification software. Therefore we design an easy method to simulate and generate fingerprint data from fingerprint images. Suppose user A uses some identification device. One can get two fingerprint images of user A. After extracted by this software, the difference of these two fingerprint data is supposed to be slight. Based on the above observation, our method is to add small noise on the original fingerprint data. Therefore, we get another data which is slightly different from the original one. To sum it up, a fingerprint data corresponds to a user’s fingerprint image and such a data with small noise corresponds to the same user’s fingerprint image read again later by the device. In this thesis, we deal with those data generated by the above description. Furthermore, we focus on how to raise the identification rate of the existing methods by fuzzy extractor with list decodable codes.. 3.2.2. Some implementation issues. When we use list decoding, several possible messages are listed. For better practice, slight changes should be made to the secure sketch and fuzzy extractor for the list decodable code. Intuitively, the recovery function in secure sketch should output several possible results as the figure shows. Thus, the secure sketch should provide three procedures: sketch, recovery function and additional recovery function for list decoding. The procedures.

(33) 28. CHAPTER 3. FINGERPRINT AUTHENTICATION SYSTEM. Secure Sketch - procedure Rec with list decoding Biometric data w’ and Sketch(w). RecList. Close biometric data w1,w2,…. Figure 3.2: Procedure RecList in secure sketch can be defined in Java interface like this: interface SecureSketch { Object Sketch(BioData w,BioData X1,Code codec)throws Exception; BioData Rec(BioData w1,Object result of sketch,Code codec); BioData[] RecList(BioData w1,Object resutl of sketch,Code codec); } Procedure RecList is added to the secure sketch, and it outputs a biometric data array that stores all possible w1 , w2 , ...etc. Based on the secure sketch, the fuzzy extractor with list decodable code should output all the possible random strings R1 , R2 , ...etc. In the same way, we add one reproduction function for list decoding method in fuzzy extractor. The following figure shows the changes. The following is the Java interface FuzzyExtractor. interface FuzzyExtractor { Object[] Gen(BioData w,BioData X1,BioData X2,Code codec)throws Exception; BioData Rep(BioData w1,Object[] P,Code codec); BioData[] RepList(BioData w1,Object[] P,Code codec); } Procedure RepList is added to the original fuzzy extractor..

(34) 3.2. SYSTEM. 29. Fuzzy Extractor - procedure Rep with list decoding Secure Sketch RecList. Biometric data w’. Sketch(w, X1). Public String P = Sketch(w, X1), X2 . X2. w1, w2,…. Strong Extractor Ext. Private strings R1, R2,…. Figure 3.3: Procedure RepList in fuzzy extractor Another implementation issue is the secure sketch under the set difference metric space. The restriction on the constructions is that the code must be a constant weight code. We implement the secure sketch in a tricky way to avoid using the constant weight code. As we discuss in the previous chapter, a set can be view as a binary string. Hence we can view the intersection of two sets as the exclusive-or of two binary strings. Based on this observation, we modify the algorithm as follows. Algorithm 3.2.1. Modified Secure sketch under set difference Input: a biometric data W ∈ M . 1. Randomly select a codeword B from an [n, k, d = 4t + 1]-code C. 2. Generate a random permutation π : [n] → [n] 3. Compute E = π(W ). L. B. 4. Output the permutation π by listing π(1), ...π(n) and E. This secure sketch also provides recovery capability. For any input biometric data W , assume that we have sketch hπ, Ei and W 0 where distset (W, W 0 ) ≤.

(35) 30. CHAPTER 3. FINGERPRINT AUTHENTICATION SYSTEM. L t, the recovery function contains the following steps: Compute B 0 = π(W 0 ) E. L B 0 can be decoded to B. Finally recovery function outputs W = π −1 (B E). It works since the modified permutation still keeps the distance. Based on the secure sketch, a fuzzy extractor can be built, but more storage is needed for the sketch.. 3.2.3. System structure. Some free resources are used, such as Java Servlet and Apache Tomcat web server with SSL(Secure Socket Layer) support. Servlets are modules of code that run in a server application to answer client requests. We use an Apache tomcat web server with servlet. This servlet easily answers two kinds of commands from the applet in the client. One is to sign up a new user, the other is to verify the user. Users can type in the user name and the fingerprint in the applet to ask for service from servlet. The servlet contains Fuzzy extractor to extracts data, and the applet gets the fingerprint data from the raw image and communicates with the server. We introduce the details of how to sign up and verify in the following. Sign up The run-down processes can be listed in the following steps, where h is a one way hash function. 1. Key in the user name username and read the fingerprint w from the client side. 2. Send the data from the client side to the server side via secure sockets layer. 3. The server checks if username already exists in the database or not. If exists, outputs the message ”User existed” to the client and terminate. 4. The fuzzy extractor procedure Gen takes the w, and computes the random string R and the public string P ..

(36) 3.2. SYSTEM. 31. Sign up run-down diagram Servlet. Applet SSL connection via Internet. Fuzzy Extractor. 1.User Name 2.Public String P 3.Randomness R. 1.User Name 2.Fingerprint data w 3.Other Information. Response Message. Store hashed R, h(R). Database. h is an one way function.. Figure 3.4: Sign Up 5. The server computes h(R). Stores h(R), P and the unique username in the database. 6. Output the message ”Sign up successfully” to the client. Login Similarly, a user login with a user name and fingerprint. The following is the whole run-down processes. 1. Key in the user name username and read the fingerprint w0 in the client side. 2. Send the data from the client side to the server side via secure sockets layer. 3. The server checks if username exists in the database or not. If not, output the message ”User does not exist, login fail!” to the client and terminate..

(37) 32. CHAPTER 3. FINGERPRINT AUTHENTICATION SYSTEM. Login run-down diagram Servlet. Applet SSL connection via Internet. Fuzzy Extractor. 1.User Name 2.Fingerprint data w’. R’ Compute h(R’) check if they equal or not?. Response Message. Load value h(R) by user name.. Database. h is an one way function.. Figure 3.5: Login 4. The server load the stored h(R) and P by the username. 5. The fuzzy extractor procedure Rep takes the w0 and P . computes the random string R0 . 6. The server checks if h(R0 ) is equal to h(R) or not. If yes, output message ”Login successfully!” ; no, output message ”Login fail!” to the client. If the list decoding is used. The login step 5 and 6 are modified as follows. 5. The fuzzy extractor procedure RepList takes the w0 and P , and computes the random strings R1 , R2 , ...etc. 6. The server checks if h(R) is equal to some h(Ri ) or not. If yes, output message ”Login successfully” ; no, output message ”Login fail” to the client..

(38) 3.2. SYSTEM. 33. Login run-down diagram with list decoding Servlet. Applet SSL connection via Internet. Fuzzy Extractor R1, R2, …. Can we find one Ri such that h(Ri) equal to h(R) ?. 1.User Name 2.Fingerprint data w’. Response Message. Load value h(R) by user name.. Database. h is an one way function.. Figure 3.6: Login via list decoding Because the list decoding take much more time than unique decoding. For better practice, we still try to do unique decoding first. If fails, then it switches to the list decoding..

(39) 34. CHAPTER 3. FINGERPRINT AUTHENTICATION SYSTEM.

(40) Chapter 4 Experimental results We use fuzzy extractor to improve the identification rate of existing fingerprint identification methods. This chapter gives some experimental results.. 4.1. The fingerprint authentication system. At first we take snapshots on the system. The system can be accessed via https://donna.csie.nctu.edu.tw/FuzzyServlet/. There is one tabbed panel including two parts. One is for new user registration, the other for login panel. New User Sign up: In the new user registration panel, a user can choose a random string or a sample fingerprint as the fingerprint data. When a user chooses ”random string”, there is one button ”create” and an uneditable text field. The uneditable text field shows the fingerprint in the Base64 format (the characters a-z, A-Z, the numbers 0-9 and the ”+”, ”-” symbols, with ”=” symbol as special suffix code). When users key in the user name and click the ”create” button, a random string is produced as a biometric data and placed in the uneditable text field. If one uses the sample fingerprint, there shows a list in the left side and a gray block in the right side. The list has several samples, choose one fingerprint and the image will show in the gray block. Finally you can construct 35.

(41) 36. CHAPTER 4. EXPERIMENTAL RESULTS. Figure 4.1: Sign up snapshot 1.

(42) 4.1. THE FINGERPRINT AUTHENTICATION SYSTEM. Figure 4.2: Login snapshot 1. 37.

(43) 38. CHAPTER 4. EXPERIMENTAL RESULTS. Figure 4.3: Sign up snapshot 2.

(44) 4.1. THE FINGERPRINT AUTHENTICATION SYSTEM. Figure 4.4: Login snapshot 2. 39.

(45) 40. CHAPTER 4. EXPERIMENTAL RESULTS. your fingerprint data under the different metric spaces by setting the lower radio buttons. As you sign up, some information is shown in the message area, including the user name you signed up and the fingerprint data in the Base64 format. These data will be directly copied to the ”login” panel for your own use. Login: The login panel also provides similar look. Users type in the user name with noisy fingerprint. If choose ”paste my fingerprint string”, it shows an editable text field, a button ”Add noises”, a slide bar and an uneditable text field ”Noisy fingerprint” in the middle of the panel. If one just generates a random string as the fingerprint data in the sign up panel, the editable text field will be filled automatically. Otherwise, one can copy the fingerprint data and paste it. Then one can adjust the slide bar to decide the noise rate for the fingerprint data in the upper editable text field and click the button ”Add Noises” to display the result in the following text field ”Noisy fingerprint”. When select a sample fingerprint, there shows a list on the left side and a gray block will be on the right side. One can choose a sample from the list and selected image will be displayed in the gray block. Then one can press the mouse and drag on the image to make some black sketches on it. In the lower part of the panel, there is a bound setting. If the verification fails, then one can choose ”List decoding” for better identification rate.. 4.2. Tests. Based on the assumption we made earlier. When a user’s fingerprint is read, the fingerprint reader always gives the same fingerprint image with some errors. We design an easy method to simulate and generate fingerprint data from fingerprint images. Since the size of a fingerprint image is larger than fingerprint data, the tradeoff between the efficiency and the size of the fingerprint data should be.

(46) 4.2. TESTS. 41. considered. In our system, the fingerprint image size is 160*160 pixels and we cut the image into 64 blocks, that is, 8x8 blocks on the image. Each block (20*20 pixels) can be represented as a integer between 0 and 63. We use (64, 8)26 Reed Solomon Code for implementation. Once you login or sign up with fingerprint image, a message is produced as a fingerprint data. We design the method to extract biometric data from processed fingerprint image, since we assumed that we do not focus on how to extract fingerprint data from raw fingerprint image. If there are better intermediate processing steps to process the fingerprint image into the fingerprint data, we can apply our method to these steps to gain some advantages from the fuzzy extractor. We sign up with the first sample fingerprint image and verify with following the noisy fingerprint images. There are twelve fingerprint images a to l. Images a to e can be verified successfully via unique decoding. Images f to h fail with unique decoding but pass with list decoding. Images i to l fail in both decoding methods. These error pattern are reasonable, since there might be object, such as hair, on the scanning device. If the error is minor, then it can be handled via unique decoding. Besides, users may wound their fingers, which we simulate with images f , g and h. For these cases we can choose list decoding for larger recovery capability..

(47) 42. CHAPTER 4. EXPERIMENTAL RESULTS. Figure 4.5: fingerprint image a to f.

(48) 4.2. TESTS. 43. Figure 4.6: fingerprint image g to l.

(49) 44. CHAPTER 4. EXPERIMENTAL RESULTS. Image. Results with unique decoding. Results with list decoding. a. pass. pass. b. pass. pass. c. pass. pass. d. pass. pass. e. pass. pass. f. fail. pass. g. fail. pass. h. fail. pass. i. fail. fail. j. fail. fail. k. fail. fail. l. fail. fail. Table 4.1: Experiments with different fingerprints.

(50) Chapter 5 Conclusion In this thesis, we construct a fingerprint authentication system by using fuzzy extractor with unique decoding and list decoding. We not only implement the fuzzy extractor under two different metric space, but also provide list decoding for more powerful recovery capability. Although some assumptions are made for the some restriction, our system provides the evidence of usability. We assume there is a method that helps us to extract fingerprints data. Actually the method plays an important part of the identification system. The future work is to design steps that extract fingerprint data that actually reflects important features on fingerprint image.. 45.

(51) 46. CHAPTER 5. CONCLUSION.

(52) Bibliography [1] E.R. Berlekamp and L.R. Welch, Error correction for algebraic block codes, US Patent 4 633 470, 1986. [2] Y. Dodis, L. Reyzin, and A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, In Advances in Cryptology - EUROCRYPT, May 2004. [3] P.Elias, List decoding for noisy channels, Institute of Radio Engineers, 94-104, 1957. [4] C.Ellison, C.Hall, R.Milbert, B.Schneier, Protecting keys with personal entropy. Future Generation Computer Systems, 16, pp. 311-318, 2000. [5] N.Frykholm, Passwords: Beyond the Terminal Interaction Model, Master’s Thesis, UMEA University. [6] V.Guruswami and M.Sudan, List decoding algorithm for certain concatenated codes, Proceedings of the 32nd annual ACM symposium on Theory of computing, 181-190, May 2000. [7] V.Guruswami and M.Sudan, Improved Decoding of Reed-Solomon Codes and Algebraic Geometric Codes, IEEE Transactions on Information Theory, vol. 45, no 6, pp. 1757-1767, September 1999. [8] V.Guruswami, A.Sahai and M.Sudan, Soft-Decision Decoding of Chinese remainer Codes, Proceedings of the 41st Annual Symposium on Foundations of Computer Science, 2000. 47.

(53) 48. BIBLIOGRAPHY. [9] N.Nisan, D.Zuckerman, Randomness is Linear in Space, In JCSS,52(1), pp.43-52,1996. [10] R.Pellikaan and Xin-Wen Wu, List decoding of q-ary Reed-Muller codes, IEEE Transactions on Information Theory, April 2004. [11] IBM Exploratory Computer Vision Group,. Fingerprint Steps,. http://www.research.ibm.com/ecvg/biom/fp-steps.html [12] I.S.Reed and G.Solomon, Polynomial codes over certain finite field, J.SIAM, 8:300-304, 1960. [13] D.R. Stinson, Universal hash families and the leftover hash lemma, and application to cryptography and computing, J. Combin. Math. Combin. Comput. 42 (2002), 3-31. [14] M. Sudan, Coding Theory: Tutorial and Survey. Online talks from http://theory.csail.mit.edu/ madhu/, April 2001. [15] M. Sudan, Decoding of Reed Solomon codes beyond the error-correction bound, Journal of Complexity,13(1):180-193, 1997. [16] J.M. Wozencraft, List decoding, Quarterly Progress Report, Research Laboratory of Electronics, MIT, 48:90-95, 470, 1958..

(54) Appendix A. A.1. System Requirements. Our system are constructed by some free resources as follows. • Apache Tomcat web server 5.5.9(http://jakarta.apache.org/tomcat/) • Java 2 Platform, Standard Edition 1.5 (J2SE 1.5 http://java.sun.com/j2se/index.jsp) Java 2 Platform, Enterprise Edition 1.4 (J2EE 1.4 http://java.sun.com/j2ee/index.jsp) Note that J2EE 1.4 is necessary for developing a servlet.. A.2. Setup. In this section, We setup Apache Tomcat web server and add our servlet on it. Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. In order to setup the web server with SSL (Secure Socket Layer) supported, install the Apache Tomcat web server and do the steps provided in http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html. We summarize it into the following steps. 1. Create a certificate keystore by executing the following command: Windows: 49.

(55) 50. APPENDIX A. %JAVA HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA Unix: $JAVA HOME/bin/keytool -genkey -alias tomcat -keyalg RSA and specify a password value of ”changeit”. 2. Uncomment the ”SSL HTTP/1.1 Connector” entry in $CATALINA HOME$/conf/server.xml and tweak as necessary.. Note that the variable name $CATALINA HOME is the directory into which you have installed Tomcat 5. In step 1, we create a certificate keystore in default file name ”.keystore”. We can create one keystore with specific name by the option ”-keystore [FileName]”. To use this ketstore file in the web server, move the file to the directory $CATALINA HOME. In step 2, we enable the web server to accept SSL connection. If we want to use specific keystore file, we should setup the attributes ”keystoreFile” and ”keystorePass” in the ”SSL HTTP/1.1” entry. Finally, copy the folder ”FuzzyServlet” to the directory $CATALINA HOME$/webapps/ to complete the setup. The system will create a file ”bData.txt”, which stores user information, in the directory user.home. The variable name user.home is the user’s ”home” directory. If we install Tomcat as system service, the variable user.home denotes the local service directory. For example, it denotes the directory ”\Documents and Settings\LocalService” in the Microsoft Windows XP Operating system.. A.3. File Description.

(56) A.3. FILE DESCRIPTION. 51. File name. Description. Account. Object that stores the user information. BdataAccess. Object that maintains user information database. BioData. Basic object that stores the fingerprint data. Code. Java interface for a code. Command. The object that received by the servlet. ExtGF. Extended Field object. FiniteField. Java interface for finite field. FuzzyExtractor. Java interface for fuzzy extractor. FuzzyServlet. Our servlet. GF. Galois Field. HammingFE. Hamming Fuzzy extractor. HammingSS. Hamming Secure sketch. HashF1. Hashing function used in strong extractor. Permutation. Object in the set difference secure sketch. Poly. Polynomial object.. ResponseMsg. Object that sent by the servlet. RS. Reed-Solomon code. SecureSketch. Java interface for secure sketch. SetFE. Set difference fuzzy extractor. SetSS. Set difference secure sketch. StrongExtractor.java. Strong extractor used in a fuzzy extractor.. Table A.1: Files used in the servlet.

(57) 52. APPENDIX A.. Class name. Description. Account. Object that stores user information. BioData. Basic object that stores the fingerprint data. Command. Object that sent by the applet to the servlet. FingerImage. Graphic panel that handles fingerprint images. JM. Our applet.. index.html. Web page that contains the applet ”JM”. ResponseMsg. Object that received by the applet. waitProcess. System uses this thread to wait for response Table A.2: Files used in the applet. RS. ExtGF GF Poly. HammingFE. HammingSS. Command (Account) FingerImage waitProcess. JM. FuzzyServlet RespondMsg. SetFE. SetSS. StrongExtractor. BdataAccess. Figure A.1: Relation between classes. Permutation. HashF1.

(58)