Multi-Biometric Template Protection: Issues and Challenges

The term biometrics refers to “automated recognition of individuals based on their behavioral and biological characteristics” (ISO/IEC JTC1 SC37). Several physiological (static) as well as behavioral (non-static) biometric characteristics have been exploited (Jain, Flynn & Ross, 2008) such as fingerprints, iris, face, hand, voice, gait, keystroke dynamics, etc., depending on distinct types of applications (see Figure 1). Biometric traits are acquired applying adequate sensors and distinctive feature extractors are utilized in order to generate a biometric template (reference data) in the enrollment process. During verification (authentication process) or identification (identification can be handled as a sequence of biometric comparisons against the enrollment records in a reference databse) the system processes another biometric measurement from which an according template is extracted and compared against the stored template(s) yielding acceptance/ rejection or hit/ no-hit, respectively. The presented work is motivated by very recent advances in the fields of multi-biometric recognition (Ross et al., 2006) and biometric template protection (Rathgeb & Uhl, 2011). Automatic recognition systems based on a single biometric indicator often have to contend with unacceptable error rates (Ross & Jain, 2003). Multi-biometric systems have improved the accuracy and reliability of biometric systems (Ross et al., 2006). Biometric vendors are already deploying multi-biometric systems (e.g. fingerprint and finger vein by SAFRAN Morpho1) and multi-biometric recognition is performed on large-scale datasets (e.g. within the Aadhaar project (Unique Identification Authority of India, 2012) by the Unique Identification Authority of India (UIDAI)). However, security of multi-biometric templates is especially crucial as they contain information regarding multiple traits of the same subject (Nagar et al., 2012). The leakage of any kind of template information to unauthorized individuals constitutes serious security and privacy risks, e.g. permanent tracking of subjects without consent (Ratha et al., 2001) or reconstruction of original biometric traits (e.g. fingerprints (Cappelli et al., 2007) or iris textures (Venugopalan & Savvides, 2011)) might become a realistic threat. Therefore, biometric template protection technologies have been developed in order to protect privacy and integrity of stored biometric data. However, so far, template protection schemes which provide provable security/ privacy, and achieve practical recognition rates have remained elusive, even on small datasets. This bookchapter provides a comprehensive overview of

[1]  Mingwu Zhang,et al.  Multibiometric Based Secure Encryption, Authentication Scheme with Fuzzy Extractor , 2011, Int. J. Netw. Secur..

[2]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[3]  Ross J. Anderson,et al.  Combining cryptography with biometrics effectively , 2005 .

[4]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[5]  S. Kanade,et al.  Multi-biometrics based cryptographic key regeneration scheme , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[6]  Nasir D. Memon,et al.  A secure biometric authentication scheme based on robust hashing , 2005, MM&Sec '05.

[7]  Hao Feng,et al.  Private key generation from on-line handwritten signatures , 2002, Inf. Manag. Comput. Secur..

[8]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[9]  David Chek Ling Ngo,et al.  Computation of Cryptographic Keys from Face Biometrics , 2003, Communications and Multimedia Security.

[10]  Arun Ross,et al.  Handbook of Biometrics , 2007 .

[11]  David Zhang,et al.  A Novel Cryptosystem Based on Iris Key Generation , 2008, 2008 Fourth International Conference on Natural Computation.

[12]  B. V. K. Vijaya Kumar,et al.  Cancelable biometric filters for face recognition , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[13]  Andreas Uhl,et al.  Reliability-balanced feature level fusion for fuzzy commitment scheme , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[14]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[15]  Arjan Kuijper,et al.  Quantifying privacy and security of biometric fuzzy commitment , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[16]  Arun Ross,et al.  Biometric template security: Challenges and solutions , 2005, 2005 13th European Signal Processing Conference.

[17]  Anil K. Jain,et al.  Multibiometric Cryptosystems Based on Feature-Level Fusion , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Julien Bringer,et al.  Binary feature vector fingerprint representation from minutiae vicinities , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[19]  Yongjin Wang,et al.  Face Based Biometric Authentication with Changeable and Privacy Preservable Templates , 2007, 2007 Biometrics Symposium.

[20]  Raymond N. J. Veldhuis,et al.  Binary Biometrics: An Analytic Framework to Estimate the Performance Curves Under Gaussian Assumption , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[21]  Frans M. J. Willems,et al.  Information Leakage in Fuzzy Commitment Schemes , 2010, IEEE Transactions on Information Forensics and Security.

[22]  Alex Stoianov,et al.  Chapter 26. Biometric Encryption: The New Breed of Untraceable Biometrics , 2009 .

[23]  Nalini K. Ratha,et al.  Cancelable iris biometric , 2008, 2008 19th International Conference on Pattern Recognition.

[24]  David Zhang,et al.  An analysis of BioHashing and its variants , 2006, Pattern Recognit..

[25]  Raymond N. J. Veldhuis,et al.  Binary Representations of Fingerprint Spectral Minutiae Features , 2010, 2010 20th International Conference on Pattern Recognition.

[26]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[27]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[28]  Andrew Beng Jin Teoh,et al.  Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[29]  Andrew Beng Jin Teoh,et al.  Personalised cryptographic key generation based on FaceHashing , 2004, Comput. Secur..

[30]  Raymond N. J. Veldhuis,et al.  Analytical template protection performance and maximum key size given a Gaussian-modeled biometric source , 2010, Defense + Commercial Sensing.

[31]  Ralf Steinmetz,et al.  Biometric hash based on statistical features of online signatures , 2002, Object recognition supported by user interaction for service robots.

[32]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[33]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[34]  Anil K. Jain,et al.  Multibiometric Template Security Using Fuzzy Vault , 2008, 2008 IEEE Second International Conference on Biometrics: Theory, Applications and Systems.

[35]  C. Busch,et al.  Multi-algorithm fusion with template protection , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[36]  Arun Ross,et al.  Multimodal biometrics: An overview , 2004, 2004 12th European Signal Processing Conference.

[37]  Raymond N. J. Veldhuis,et al.  Performance Evaluation of Fusing Protected Fingerprint Minutiae Templates on the Decision Level , 2012, Sensors.

[38]  Chulhan Lee,et al.  Changeable Biometrics for Appearance Based Face Recognition , 2006, 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference.

[39]  Frans M. J. Willems,et al.  Identification and secret-key binding in binary-symmetric template-protected biometric systems , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[40]  Stelvio Cimato,et al.  A Multi-biometric Verification System for the Privacy Protection of Iris Templates , 2008, CISIS.

[41]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[42]  Julian Fiérrez,et al.  Cancelable Templates for Sequence-Based Biometrics with Application to On-line Signature Recognition , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[43]  Qi Li,et al.  Using voice to generate cryptographic keys , 2001, Odyssey.

[44]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[45]  Arun Ross,et al.  From Template to Image: Reconstructing Fingerprints from Minutiae Points , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[46]  A. Stoianov,et al.  Security issues of Biometric Encryption , 2009, 2009 IEEE Toronto International Conference Science and Technology for Humanity (TIC-STH).

[47]  Gérard D. Cohen,et al.  Optimal Iris Fuzzy Sketches , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[48]  Andreas Uhl,et al.  Cancelable Iris Biometrics Using Block Re-mapping and Image Warping , 2009, ISC.

[49]  Nasir D. Memon,et al.  Secure Biometric Templates from Fingerprint-Face Features , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[50]  Dr.K. Duraiswamy,et al.  Cryptographic Key Generation from Multiple Biometric Modalities: Fusing Minutiae with Iris Feature , 2010 .

[51]  Marios Savvides,et al.  How to Generate Spoofed Irises From an Iris Code Template , 2011, IEEE Transactions on Information Forensics and Security.

[52]  G. Padmavathi,et al.  Security Analysis of Password Hardened Multimodal Biometric Fuzzy Vault , 2009 .

[53]  Christoph Busch,et al.  A Reference Architecture for Biometric Template Protection based on Pseudo Identities , 2008, BIOSIG.

[54]  Pieter H. Hartel,et al.  Fuzzy extractors for continuous distributions , 2006, ASIACCS '07.

[55]  Arun Ross,et al.  Handbook of Multibiometrics , 2006, The Kluwer international series on biometrics.