An effective crypto-biometric system for secure email in wireless environment

Abstract

The popularity of mobile devices such as mobile phones and Personal Digital Assistants (PDAs) are growing at a fast pace. Mobile devices are able to provide email services to support user's mobility. However, as the wireless environment is inherently insecure, a secure system is required for the service. To secure email systems from being attacked, various approaches have been developed. It is reported that existing technologies still cannot overcome various threats and attacks on the use of conventional passphrases. Motivated by this circumstance, the work presented in this research aims to contribute to an enhanced method of securing email services. A bio-passphrase based on a robust biometric key approach is proposed for OpenPGP to protect the private key. It is planned for mobile devices equipped with iris recognition system. The proposed bio-passphrase is extracted from a crypto-biometric system that merges the iris biometric and cryptographic operations. The proposed crypto-biometric system ensures the avoidance of biometric template storage, either in a central database or a smartcard. Moreover, users may have several bio-passphrases or private keys for different applications as the key diversity can be performed easily. We then demonstrate that our approach can improve the security of email system in wireless environment significantly.