International Journal of Network Security, Vol.11, No.2, PP.61–69, Sept. 2010 61 Efficient Cancellable Biometric Key Generation Scheme for Cryptography Sunil V. K. Gaddam 1 and Manohar Lal 2 (Corresponding author: Sunil V. K. Gaddam) Department of CSE, Meerut Institute of Engineering & Technology, Meerut, U. P., India 1 School of Computer and Information Sciences, IGNOU, New Delhi, India 2 (Email: sunilvkg@yahoo.com) (Received June 24, 2008; revised and accepted Feb. 12, 2009) Abstract This paper puts forth a fresh methodology for the se- cure storage of fingerprint template by generating Secured Feature Matrix and keys for cryptographic techniques ap- plied for data Encryption or Decryption with the aid of cancellable biometric features. Conventional techniques depend on biometric features like face, fingerprint, hand geometry, iris, signature, keystroke, voice and the like for the extraction of key information. If a Biometric Key is missing or stolen, it is lost perpetually and possibly for every application where the biometric is utilized, since a biometric is permanently linked with a user and cannot be altered. In this paper we propose a technique to produce cancellable key from fingerprint so as to surmount these problems. The flexibility and dependability of cryptog- raphy is enhanced with the utilization of cancellable bio- metric features. There are several biometric systems in existence that deal with cryptography, but the proposed cancellable biometric system introduces a novel method to generate Cryptographic Key. We have as well discussed about the Security analysis of the projected Cancellable Biometric System. Keywords: Biometrics, cancellable biometrics, cryptogra- phy, fingerprint, key generation, minutiae points, security analysis 1 Introduction Progress of communication technologies in contemporary times has resulted in huge quantities of digital data in the publicly shared media. This has necessitated the drastic development of cryptographic techniques. Cryptography is considered to be one of the fundamental building blocks of computer security. Data can be encoded with the aid of cryptographic techniques in order to ensure that it ap- pears unintelligible to the public or third party and coher- ent only to the intended receivers of it (Data Confiden- tiality). DES, AES [1, 2, 4] and public key architectures such as RSA [17] is a notable few among the widely uti- lized cryptographic techniques. Regrettably cryptographic security is conditioned by an authentication step that characteristically depends on long pseudo-random keys (of at least 128 bits in symmet- ric encryption), which are nearly impossible to keep in mind. The inability of human users to remember pow- erful cryptographic keys has been a feature restraining the security of systems for decades. Numerous historical instances illustrate that a person is capable of remember- ing only tiny passwords or keys, and even then have a tendency to aspire for passwords or keys that are easily deduced by dictionary attacks (e.g., see [8, 15, 18, 19, 23]) or obtained using social engineering methods. Typically we write down and store keys in an insecure place that can possibly be communal among users, and thus is not capable of ensuring non-repudiation. More- over many people are intended towards using identical keys or password for a variety of applications and as a re- sult breaching one system lead to the breaching of many others. This makes the work of an attacker simple by shockingly reducing the general security of the data being protected. It is possible to solve this in a variety of ap- plications by producing powerful cryptographic keys from biometric data, possibly in combination with the entry of a password [10, 12, 24]. Biometrics provides a person with a distinct charac- teristic that is always prevalent. It is the technique of authenticating a person’s individuality from one or more behavioral or physiological features. Diverse biometric techniques that are under research include fingerprints, facial, palm prints, retinal and iris scans, and hand geom- etry, signature capture and vocal features. Cryptography is merged with biometrics in Biometric cryptosystems, otherwise known as crypto-biometric sys- tems [25]. It is possible to carry out the integration of bio- metrics and cryptography broadly in two distinct steps. In case of biometrics-based key generation, a biometric matching amid an input biometric signal and a registered template is utilized in the release of the secret key. The