Multisketches: Practical Secure Sketches Using Off-the-Shelf Biometric Matching Algorithms

Biometric authentication is increasingly being used for large scale human authentication and identification, creating the risk of leaking the biometric secrets of millions of users in the case of database compromise. Powerful "fuzzy" cryptographic techniques for biometric template protection, such as secure sketches, could help in principle, but go unused in practice. This is because they would require new biometric matching algorithms with potentially much diminished accuracy. We introduce a new primitive called a multisketch that generalizes secure sketches. Multisketches can work with existing biometric matching algorithms to generate strong cryptographic keys from biometric data reliably. A multisketch works on a biometric database containing multiple biometrics --- e.g., multiple fingerprints --- of a moderately large population of users (say, thousands). It conceals the correspondence between users and their biometric templates, preventing an attacker from learning the biometric data of a user in the advent of a breach, but enabling derivation of user-specific secret keys upon successful user authentication. We design a multisketch over tenprints --- fingerprints of ten fingers --- called TenSketch. We report on a prototype implementation of TenSketch, showing its feasibility in practice. We explore several possible attacks against TenSketch database and show, via simulations with real tenprint datasets, that an attacker must perform a large amount of computation to learn any meaningful information from a stolen TenSketch database.

[1]  Jonathan Katz,et al.  Secure Multi-Party Computation of Boolean Circuits with Applications to Privacy in On-Line Marketplaces , 2012, CT-RSA.

[2]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[3]  Sharath Pankanti,et al.  Biometrics: Personal Identification in Networked Society , 2013 .

[4]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[5]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[6]  Shuhong Gao,et al.  A New Algorithm for Decoding Reed-Solomon Codes , 2003 .

[7]  Robert K. Cunningham,et al.  Iris Biometric Security Challenges and Possible Solutions: For your eyes only?Using the iris as a key , 2015, IEEE Signal Processing Magazine.

[8]  Anil K. Jain,et al.  Biometric Template Protection: Bridging the performance gap between theory and practice , 2015, IEEE Signal Processing Magazine.

[9]  Andy Liaw,et al.  Classification and Regression by randomForest , 2007 .

[10]  Kenneth Ko,et al.  User's Guide to NIST Biometric Image Software (NBIS) , 2007 .

[11]  Yevgeniy Dodis On extractors, error-correction and hiding all partial information , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[12]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[13]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[14]  Bojan Cukic,et al.  Exploiting quality and texture features to estimate age and gender from fingerprints , 2014, Defense + Security Symposium.

[15]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[16]  Tieniu Tan,et al.  Robust Biometric Key Extraction Based on Iris Cryptosystem , 2009, ICB.

[17]  Ye Zhang,et al.  Robust privacy-preserving fingerprint authentication , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[18]  Bojan Cukic,et al.  Minimizing the impact of low interoperability between optical fingerprints sensors , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[19]  Anil K. Jain,et al.  Matching of palmprints , 2002, Pattern Recognit. Lett..

[20]  Michael R. W. Dawson,et al.  The Multilayer Perceptron , 2008 .

[21]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[22]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[23]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[24]  Raffaele Cappelli,et al.  SFinGe : an Approach to Synthetic Fingerprint Generation , 2004 .

[25]  Francisco Herrera,et al.  A High Performance Fingerprint Matching System for Large Databases Based on GPU , 2014, IEEE Transactions on Information Forensics and Security.

[26]  Davide Maltoni,et al.  Large-scale fingerprint identification on GPU , 2015, Inf. Sci..

[27]  Sang Uk Lee,et al.  Fingerprint Matching Method Using Minutiae Clustering and Warping , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[28]  Gregory V. Bard,et al.  Spelling-Error Tolerant, Order-Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric , 2007, ACSW.

[29]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[30]  D. Hatzinakos,et al.  ECG Biometric Recognition Without Fiducial Detection , 2006, 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference.

[31]  Christoph Busch,et al.  Independent performance evaluation of fingerprint verification at the minutiae and pseudonymous identifier levels , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[32]  Stephen B. Wicker,et al.  Reed-Solomon Codes and Their Applications , 1999 .

[33]  Arun Ross,et al.  A survey on ear biometrics , 2013, CSUR.

[34]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[35]  Nasir D. Memon,et al.  Protecting Biometric Templates With Sketch: Theory and Practice , 2007, IEEE Transactions on Information Forensics and Security.

[36]  Peter D. Komarinski,et al.  Automated Fingerprint Identification Systems , 2006 .

[37]  Tracey Caldwell Market report: border biometrics , 2015 .

[38]  Zhicheng Wang,et al.  Fingerprint identification based on neural network for large fingerprint database , 2018, International Workshop on Pattern Recognition.

[39]  Ana González-Marcos,et al.  Biometric Identification through Hand Geometry Measurements , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[40]  Swen Kortig,et al.  Automated Fingerprint Identification Systems Afis , 2016 .

[41]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[42]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[43]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[44]  A. Loll,et al.  Automated Fingerprint Identification Systems (AFIS) , 2013 .

[45]  Venu Govindaraju,et al.  K-plet and Coupled BFS: A Graph Based Fingerprint Representation and Matching Algorithm , 2006, ICB.

[46]  A. Zoubir,et al.  EURASIP Journal on Advances in Signal Processing , 2011 .

[47]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[48]  Ming Yang,et al.  DeepFace: Closing the Gap to Human-Level Performance in Face Verification , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[49]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[50]  Emanuela Marasco,et al.  Cross-Sensor Evaluation of Textural Descriptors for Gender Prediction from Fingerprints , 2019, 2019 IEEE Winter Applications of Computer Vision Workshops (WACVW).

[51]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[52]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[53]  Alan C. Bovik,et al.  The Essential Guide to Image Processing , 2009, J. Electronic Imaging.

[54]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.