Using pen strokes with fuzzy tolerance algorithm as encryption key

Question

How can I encrypt/decrypt with fuzzy tolerance?

I want to be able to use a Stroke on an InkCanvas as key for my encryption but when decrypting again the user should not have to draw the exact same symbol, only similar. Can this be done in .NET C#?

--- Update (9 sep) ---

What I ideally want is an encryption algorithm that would accept any key in a certain range of keys based on some base-key and a function defining the allowed differences ..

Im doing all encryption/decryption locally so I wont need to send anything over a wire safely. And I dont want to store the key used for encryption, so I wont have anything to compare with. I could come up with some method to generate the same key for every similar stroke but its not easy if a want to accept any kind of symbol (not only letters). The other option is if the encryption key somehow could accept similar keys by design, which I dont know if its possible...?

Answer 1

Use some form of OCR (optical character recognition) to convert the Stroke into regular text, and then use that text as the key. As long as the user draws anything that gets OCR-ed into the exact same text, they'll be able to decrypt again.

Answer 2

If you encode your strokes as images, there are fuzzy algorithms for detecting similarity between images. Of course, if you were to use such an approach, you should use a 2-way encryption method rather than a 1-way hash so that the original image is retrievable.

Answer 3

There are a number of encryption schemes that allow fuzzy secrets. Frequently, these schemes are developed to protect secrets with biometric information (i.e. fingerprints, retina scans), but the underlying schemes are more generally applicable. One example for such a scheme is a fuzzy vault scheme proposed by Juels and Sudan.

Answer 4

The problem here is that the key that is used for encryption (the Stroke or something derived from the Stroke) must be sent along with the encrypted message. Otherwise, there is no way for the decryption protocol to compare the decryption stroke with the original.

So suppose Alice wants to encrypt some message M. She is the only person who should decrypt the message, so Bob is not in the picture. Alice generates a fuzzy encryption key Ke and encrypts M to become Me: Encrypt(M,Ke) = Me. The message that is sent is (Ke,Me). On the receiving side, Alice produces fuzzy decryption key Kd. Some algorithm checks that Ke ~ Kd and Me is decrypted: Decrypt(Me,Ke) = M. Note that this is symmetric encryption; Kd is only used to check that it is 'sufficiently equal' to Ke.

Of course the problem is that Ke is sent in cleartext along with the message so Eve can simply take the key and decrypt Me. However, Ke is needed on the receiving side to compare it against Kd. So how do we send Ke along with the message without Eve being able to eavesdrop? We could create a hash of Ke and send that over the line: (Hash(Ke),Me). However, on the receiving side there would be no way to verify 'sufficient equality' between Ke and Kd based on Hash(Ke).

We could device some algorithm that generates a value based on Ke such that if Ke ~ Kd -> V(Ke) ~ V(Kd) (if Ke and Kd are similar then the generated values are similar). We send the message (V(Ke),Me) to the receiver. However, it would now be relatively easy for Eve to determine Ke based on V(Ke). She starts with a random candidate key: KeC and using our algorithm, determines a V(KeC). If it doesn't look at all like the V(Ke) in the message, she makes some drastic changes to the candidate KeC and tries again. As she comes closer to the message's V(Ke) she makes smaller changes to KeC, etc.

So it is impossible to create a secure encryption scheme if we allow Ke to be sent along with the message. This means that Ke has to be given to Trent, the trusted third party. In this case, Trent can be the application's database. So now the scheme becomes as follows:

Alice generates Ke, a message M and a unique id Id. Ke is stored with Trent, our database, along with Id. M is encrypted using a regular encryption scheme that uses Ke as key: Me = Encrypt(M,Ke). The message sent to the receiver is (Me,Id).

On the receiving side, Alice receives the message (Me,Id). Alice generates Kd. Based on Id, we get the corresponding Ke from Trent and compare it with Kd. If there is a match, we decrypt Me: M = Decrypt(Me,Ke).

The only problem now is when you have an intruder Mallory with access to Trent. He can ask Trent for Ke values based on random id's. To prevent this, you shouldn't include Id into the message so that the message simply becomes (Me). Now you would have to come up with a strategy to get candidate Ke's from Trent only by using Kd. This is of course possible because you can compare Kd with all Ke's in the database, return the most 'similar' Ke and try that as the decryption key. This strategy assumes that each person's Stroke (or Ke) is sufficiently different.

The strategy above is borrowed from biometric encryption where you store biometric data in a database and use that to either identify or authenticate individuals. Try searching Google for biometric encryption to get some additional info.

Answer 5

As I pointed out in a comment, I don't know that fuzzy encryption is a mature topic, so let's think laterally. Since you are doing the encrypt/decrypt locally, how about a hardware implementation? Ie you buy a tablet computer to do the biometrics, and stronghold a conventional encryption key inside it. It would go like this:

1. Tablet computer is set in kiosk mode, that is, it has basic hardening to prevent the UI from switching applications. It is also protected from physical theft and tampering (eg it is stored in a vault)
2. User plugs in a USB key containing the encrypted file.
3. Tablet computer detects which drawing to expect from a metadata field (for instance from the X509 certificate used for encryption, if you don't mind about the overengineering).
4. Tablet computer authenticates user through appropriate biometric magic.
5. Tablet computer decrypts file and offers to store it or browse it on-screen.

Note that step 5 is the weak point of the security chain, as attacks against document viewers (eg Acrobat Reader) are becoming more prevalent. Better use some kind of sandboxing scheme such as a VMWare instance.

Answer 6

OK. Let's break your problem into two.

1) Fuzzy 2) Encryption

Reality is both these concepts are relatively old and their implementation have been out there for years. Each deals with the problem at hand very well but this does not mean that combining these two is a good idea. I believe you have to have your solution as a two-stage approach.

First of all encryption standards out there are great in securing the data using a SINGLE EXACT key. In your case you need symmetric encryption algos such as AES or Rijndael.

Fuzzy part of the solution is also not that hard. Like any other fuzzy recognition technique, you need to do a feature extraction and create a vector to be passed to the encryption algo. You need to build fuzziness into your features. For example, number of strokes, quadrant of the start point for each stroke, a factor of curviness for each stroke and the like. This will be enough to build a 32 bit vector to pass to the encryption algorithm.

UPDATE

I will try to make it more illustrative:

2 bits for number of strokes: 1, 2, 3, +3 which translates to 00, 01, 10 and 11

2 bits for quadrant of the start of the first stroke: TopLeft, TopRight, BottomLeft, BottomRightt encodes to 00, 01, 10 and 11

2 bits for quadrant of the end of the first stroke: ditto

2 bits for quadrant of the start of the second stroke: ditto. If no second stroke then 00.

2 bits for quadrant of the end of the second stroke: ditto. If no second stroke then 00.

2 bits for quadrant of the start of the third stroke: ditto. If no third stroke then 00.

2 bits for quadrant of the end of the second stroke: ditto. If no third stroke then 00.

2 bits for curviness of the first stroke: straight->00 ... Nice round->11. This is not going to be very easy and you might reduce the degrees of curviness to 2 and use just one bit but it is a "suck it and see".

So this is 16 bits. You can leave the rest as zero for now and try and see how it works.

Hope this helps.

Answer 7

One simple way to do it is to instead encode lots of information about the key, and then figure out how accurately it matches. Example information, assuming you can convert the user's input to some approximation of lines/arcs/points:

Number of straight lines
Number of enclosed regions
Amount of drawing used.

Standard deviation of points on the x axis.
Standard deviation of points on the y axis.
Standard deviation of size of shapes drawn.

Sorted list of areas of the enclosed regions.

Etc.

Thus, instead of representing the image you are representing properties of the image. The fuzziness will be that you give each of these properties an accuracy score, add or multiply or otherwise combine the total accuracy level, and accept the password if it passes some threshold.