Iris Biometric Security Challenges and Possible Solutions: For your eyes only?Using the iris as a key

Biometrics were originally developed for identification, such as for criminal investigations. More recently, biometrics have been also utilized for authentication. Most biometric authentication systems today match a user?s biometric reading against a stored reference template generated during enrollment. If the reading and the template are sufficiently close, the authentication is considered successful and the user is authorized to access protected resources. This binary matching approach has major inherent vulnerabilities.

[1]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[2]  Arun Ross,et al.  From the Iriscode to the Iris: A New Vulnerability of Iris Recognition Systems , 2012 .

[3]  Frans M. J. Willems,et al.  Biometric Security from an Information-Theoretical Perspective , 2012, Found. Trends Commun. Inf. Theory.

[4]  Nalini K. Ratha,et al.  Biometrics break-ins and band-aids , 2003, Pattern Recognit. Lett..

[5]  John J. Howard Biometric pattern recognition models for identifying subject specific match probability across datasets with controlled variability , 2014 .

[6]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[7]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[8]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[9]  Omer Paneth,et al.  Key Derivation From Noisy Sources With More Errors Than Entropy , 2014, IACR Cryptol. ePrint Arch..

[10]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[11]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[12]  K. Bowyer,et al.  Predicting ethnicity and gender from iris texture , 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST).

[13]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[14]  Nalini Ratha,et al.  SLIC: Short-length iris codes , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[15]  John J. Howard,et al.  Collecting Large Biometric Datasets A Case Study in Applying Software Best Practices , 2014 .

[16]  K.W. Bowyer,et al.  The Best Bits in an Iris Code , 2009, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[17]  Marina Blanton,et al.  Biometric-Based Non-transferable Anonymous Credentials , 2009, ICICS.

[18]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[19]  Ingrid Daubechies,et al.  The wavelet transform, time-frequency localization and signal analysis , 1990, IEEE Trans. Inf. Theory.

[20]  Leonid A. Levin,et al.  The Tale of One-Way Functions , 2000, Probl. Inf. Transm..

[21]  Julien Bringer,et al.  An Application of the Naccache-Stern Knapsack Cryptosystem to Biometric Authentication , 2007, 2007 IEEE Workshop on Automatic Identification Advanced Technologies.

[22]  Arun Ross,et al.  Iris image reconstruction from binary templates: An efficient probabilistic approach based on genetic algorithms , 2013, Comput. Vis. Image Underst..

[23]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[24]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[25]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[26]  Dimitriadis Evangelos,et al.  The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes , 2016 .

[27]  Margarita Osadchy,et al.  POSTER: Secure authentication from facial attributeswith no privacy loss , 2013, CCS.

[28]  Carlos D. Castillo,et al.  Fuzzy Vault , 2009, Encyclopedia of Biometrics.

[29]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[30]  Matthew N. Dailey,et al.  Iris recognition performance enhancement using weighted majority voting , 2008, 2008 15th IEEE International Conference on Image Processing.

[31]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[32]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[33]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[34]  John J. Howard,et al.  The effect of ethnicity, gender, eye color and wavelength on the biometric menagerie , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[35]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[36]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[37]  Thomas Schürmann Bias analysis in entropy estimation , 2004 .

[38]  L. Györfi,et al.  Nonparametric entropy estimation. An overview , 1997 .

[39]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[40]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[41]  Kevin W. Bowyer,et al.  Experimental evidence of a template aging effect in iris biometrics , 2011, 2011 IEEE Workshop on Applications of Computer Vision (WACV).

[42]  Libor Masek,et al.  Recognition of Human Iris Patterns for Biometric Identification , 2003 .

[43]  John Daugman,et al.  Probing the Uniqueness and Randomness of IrisCodes: Results From 200 Billion Iris Pair Comparisons , 2006, Proceedings of the IEEE.

[44]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[45]  Mayank Upadhyay,et al.  Authentication at Scale , 2013, IEEE Security & Privacy.

[46]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[47]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[48]  Arun Ross,et al.  From Template to Image: Reconstructing Fingerprints from Minutiae Points , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[49]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[50]  Leonid Reyzin,et al.  Computational Fuzzy Extractors , 2013, ASIACRYPT.

[51]  Srinivas Devadas,et al.  Trapdoor Computational Fuzzy Extractors , 2014, IACR Cryptol. ePrint Arch..

[52]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..