With an increasing of data theft, computer hacking and other forms of cybercrime, cryptographic techniques are widely used in many sectors of our lives in order to secure information during its storage and transmission. The most common digital keys on the internet are in Asymmetrical Public Key Encryption. This involves the use of two randomly generated keys. The first key is the public key which can be seen or known by anyone. It encrypts data for protection and verifies an electronic signature generated by its owner. The second one is the private key used to decrypt data that has been encrypted with the matching public key. It is also used to generate an electronic signature that can later be verified by the matching public key.
The security of a cryptographic system is dependent on the secrecy of the private key which needs to be kept confidential and authentic. If the private key falls into another hand, sensitive data can be compromised. Currently the private keys are stored on smart cards or directly on hard drive which is very vulnerable to attackers. The PCs can be easily hacked while the password protection on smartcard is easily guessed or stolen. Moreover, the smart card can be lost and it cannot verify if the person using the smart card is the true and rightful person itself. Thus, there is a need of having an identification scheme that can be reliable and more secure.
The current trend of cryptography is to combine with biometrics to enhance the security as well as create a strong link between the key and the user identity. Biometric authentication has a long history of reputation in terms of providing strong authentication system which uses unique physiological and behavioral characteristics of persons such as fingerprint, palm vein, face or iris. The general idea is that the secret key will be generated based on an individual’s biometrics. When receiving an email or message, receivers will need to scan their biometric. They can only view the information if their biometrics matches with the stored ones. According to InfoWorld, in 2015 Fujitsu developed software that used biometric data directly as the basis for encryption and decryption of data. Fujitsu’s system uses elements extracted from the biometric scan itself as a part of a procedure to encrypt the data, making the biometric scan an integral part of the encryption system and removing the need for encryption keys.
In e-banking system, biometric authentication and cryptography play a vital role in achieving confidentiality, integrity and authentication. Not only improve the system security as a whole, they also complement each other. While biometric scanner will make sure the service user is the authentic owner in each transaction, the encryption of important information will keep customer’s credit card number, transaction amounts and biometric data secured. Earlier this year in March, Union Bank of the Philippines has launched the New EON, a digital banking platform which employed a layered approach to security, including device cryptography and biometric verification to lock down their mobile channel and secure high-risk transactions.
Biometrics and cryptography play an important role in security systems and they have proved to be indispensable elements in order to improve the security and secure sensitive information. Moving to a connected world with the fast growth of biometric-enable mobile device such as fingerprint and iris smartphone, it’s expected that the application of biometric and cryptography will become mainstream and widely deployed in different sectors.