Template Protection Based On Salting Methods Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In security, we have active attackers who will seek out the most remote corner of the standard. Security also depends on the weakest link where any single mistake can be fatal. Protection is the most important element to make the important data or personal belonging become securely from unauthorized access. Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Renowned media has had several questions about password security, one way encryption, password hashes, salting hashes, the risks of having a database hacked, and the like. Generally, cryptography is the most popular algorithm to protect data securely. Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering [9]. Applications of cryptography include ATM cards, biometric system, computer passwords, and electronic commerce. Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it.

For this research, one element in cryptography field was propose as a protection that was called salting technique. In cryptography, a salt consists of random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a part of a key in a cipher or other cryptographic algorithm [8]. The key derivation function typically uses a cryptographic hash function. Sometimes the initialization vector, a previously-generated value, is used as the salt.

The modern shadow password system, in which password hashes and other security information is stored in a non-public file, somewhat mitigates these concerns. However, they remain relevant in multi-server installations which use centralized password management systems to "push" password or password hashes to multiple systems. In such installations, the root account on each individual system may be treated as less "trusted" than the administrators of the centralized password system, so it remains worthwhile to ensure that the security of the password hashing algorithm, including the generation of unique "salt" values, is adequate. For additional information, this salting method was widely used in biometric system where salting is one of the feature transformation technique for biometric template protection.

Problem Statement

Even a hash-encrypted password database is not entirely secure. A hacker can compile a list of, say, the 100,000 most commonly used passwords and compute a hash function from all of them. He can then gets hold of your user account database and compare the hashed passwords in the database with his own list to see what matches. This is a "Dictionary Attack" and it can be very successful, especially the internet can obtain such a list of passwords. So, to enhance and tighten the security indirectly to make the dictionary attack more difficult, salt is used.

Besides that, although application like biometrics is a powerful tool against authentication and has been widely deployed in various security systems, biometric characteristics are largely immutable, resulting in permanent biometric compromise when a template is stolen. One way to attack the biometric accuracy is by stolen or duplicating the biometric templates stored in the system database. Attacks on the template can lead to the following vulnerabilities:

A template can be replaced by the fraud's template or a physical imitation can be created from the template to gain unauthorized access.

(ii) The stolen template can be reused by the matcher to gain unauthorized access. A potential violence of biometric identifiers is cross-matching or function creep where the biometric identifiers are used for purposes other than the intended purpose. As an example, a fingerprint template stolen from a bank's database may be used to fake a criminal fingerprint database or crosslink to person's health records.


The main objectives of this research are to design security or protection to the templates/images based on salting technique by using Matlab programming. Applying protection to the template is the way to protect the template from being fake, attack or stolen while transmitting or receiving. After designing the protection coding, the following objective is to make sure the template is able to encrypt and during only when it matched correct inserted key and filename.

Literature Review

As the short explanation about salting definition and function, salt is a random string that is concatenated with passwords before being operated on by the hash function. The salt key is then stored in the user database. Salting key makes dictionary attacks practically impossible, as a hacker would have to compute the hashes for all possible salt values. In findings, the template protection methods can be classified into two categories namely, feature transformation approach and cryptosystem (helper data method). Salting falls under the feature transformation approach. To make the salting method more clearly, figure below will demonstrate how the salting apply along the template encryption and decryption. For the template image, fingerprint image was used as example template to protect.

Figure 1: Authentication mechanism when the template is protected using a salting approach.

In the feature transform method, a transformation function (F) is applied to the image template (T) and only the transformed template (F (T; K)) is stored in the database as shown in figure 1 above. The parameters of the salting function are typically derived from a random key (K) or password [4]. The same transformation function is applied to query features (Q) and the transformed query (F (Q; K)) is directly matched against the transformed template (F (T; K)) [4]. In salting, F is invertible, that is, if an adversary gains access to the key and the transformed template, the user can recover the original image template (or a close approximation of it) [4]. Hence, the security of the salting technique is actually on the confidentiality of the key or password.

Salting or hashing is a template protection method in which the image template is process using a function defined by a user-specific key or password. Since the image encryption and decryption is invertible to a large extent, the key needs to be securely stored or remembered by the user and presented during authentication. This key increases the entropy of the image template and hence makes it difficult for the enemy to guess the template.

From the findings and study be made, the advantages of salting approach is the introduction of key results in low false accept rates [4]. Besides that, since the key is user-specific, multiple templates for the same user template can be generated by using different keys (allowing diversity). Also in case a template is cooperated, it is easy to revoke the cooperated template and replace it with a new one generated by using a different user-specific key (allowing revocability) [4] [6].

Salting and stretching

Based on the findings, to squeeze the most security out of a limited-entropy password or passphrase, two techniques can be used that are salting and stretching. The first is to add a salt. This is simply a random number that is stored alongside the data that was encrypted with the password. The recommended number of bit is 256-bit salt. The next step is to stretch the password. Stretching is essentially a very long computation. Let p be the password and s be the salt. Using any cryptographically strong hash function h, we compute

K will be the key to actually encrypt the data. The parameter "r" is the number of iterations in the computation, and should be as large as practical. In normal use, the stretching computation has to be done every time a password used. This is at a point in time where the user has just entered a password. It has probably taken several seconds to enter the password, so using 200ms for password processing is quite acceptable. The rule to choose r such that computing K from (s,p) takes 200-1000ms on the user's equipment. Computers get faster over time, so r should be increasing over time as well [1].

The salt stops the attacker from taking advantage of an economy scale when the user is attacking a large number of passwords simultaneously. Suppose there are million users in the system, and each user stores an encrypted file that contains his/her keys. Each file encrypted with the user's stretched password. If the security creator did not use a salt, then the attacker can attack as follows: guess a password p, compute the stretched key K, and try to decrypt each of the key files using K. The stretch function only needs to be computed once for every password, and the resulting stretched key can be used in an attempt to decrypt each of the files.

This is no longer possible when the security creator add the salt to the stretching function. All the salts are random values, so each user will use a different salt value. The attacker now has to compute the stretching function once for each password/file combination, rather than once for each password. This is a lot more work for the attacker, and it comes at a very small price for the users of the system.

Proposed Methodology

The main target is to implement salting key while matching the still image or template for security purpose. The methodology proposes is by implementing MATLAB programming with Matlab GUI (Graphical User Interface) for both images matching and key matching process. The template plan to be used will be store in the MATLAB workspace folder as a database. The overall and summarize steps for this research to be done is as shown in the flow chart:

Searching and study about salting method for security purpose

Collecting template to be used and store it in the workspace folder as database

Coding development using Matlab programming for both image encryption and decryption including salting

Testing and running Matlab programming. Two elements will be focus, which is template matching ability and key matching (salting)

Produce attacking step to test the accurate and functional salting key and compare with the non-salting/normal image template matching.

Analyzing output produced from the running Matlab program and if the attacking process can break the key security, the program will be modify until the satisfaction result produced.

Expected result: When the input image is the same filename as in the database, the first matching criteria is success, then when user key in the same key as database key that was set, the second matching was success and decrypted image can securely view by authorize user. But it may vary based on the development of programming


If success

If not


Figure 2: Flow chart of methodology

Contribution to the body of knowledge

This research proposes to focus on implementing salting technique or salting hashes to the image template by using Matlab programming. The salts will be created at the database template and user will needs to fill in the key while encrypt and decrypt the template. Only authorized user will be able to fulfill key match correctly. Hence, by adding salting, it will strengthen the password or hashes set by the security programmer, and this indirectly will increase the security/privacy level of the template or data. In addition, by applying this technique, it will increase the difficulty level for hackers or attackers and may lead to lesser or no possible attacks on the template image, biometrics, or any other data.