Securing BioEncoded IrisCodes against Correlation Attacks

BioEncoding is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as IrisCodes. Unlike existing techniques, BioEncoding does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating the matching accuracy of the original biometric system. However, although the cancelable transformation employed in BioEncoding is non-invertible for a single protected template, it might be possible to recover the original biometric template by correlating several protected templates created from the same biometric signal. In this paper, the vulnerability of BioEncoding to correlation attacks is investigated. First, we show that cancelable templates obtained using BioEncoding are indeed vulnerable to correlation attacks. Then, we propose three different approaches to improve the security of BioEncoding against this type of attacks. The effectiveness of adopting the suggested approaches is validated and their impact on the matching accuracy is investigated empirically using CASIA-IrisV3-Interval dataset. Experimental results confirm the efficacy of the proposed approaches and show that they do not affect the matching accuracy of the recognition system.

[1]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[2]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[3]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[4]  Ton Kalker,et al.  On the security of biohashing , 2010, Electronic Imaging.

[5]  Libor Masek,et al.  MATLAB Source Code for a Biometric Identification System Based on Iris Patterns , 2003 .

[6]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[7]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[8]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[10]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[11]  Norimichi Tsumura,et al.  BioEncoding: A Reliable Tokenless Cancelable Biometrics Scheme for Protecting IrisCodes , 2010, IEICE Trans. Inf. Syst..

[12]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[13]  Berrin A. Yanikoglu,et al.  Realization of correlation attack against the fuzzy vault scheme , 2008, Electronic Imaging.

[14]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.