An integrated framework combining Bio-Hashed minutiae template and PKCS15 compliant card for a better secure management of fingerprint cancelable templates

We address in this paper the problem of privacy in fingerprint biometric systems. Today, cancelable techniques have been proposed to deal with this issue. Ideally, such transforms are one-way. However, even if they are with provable security, they remain vulnerable when the user-specific key that achieves cancelability property is stolen. The prominence of the cancelable template confidentiality to maintain the irreversibility property was also demonstrated for many proposed constructions. To prevent possible coming attacks, it becomes important to securely manage this key as well as the transformed template in order to avoid them being leaked simultaneously and thus compromised. To better manage the user credentials of cancelable constructs, we propose a new solution combining a trusted architecture and a cancelable fingerprint template. Therefore, a Bio-Hashed minutiae template based on a chip matching algorithm is proposed. A pkcs15 compliant cancelable biometric system for fingerprint privacy preserving is implemented on a smartcard. This closed system satisfies the safe management of the sensitive templates. The proposed solution is proved to be well resistant to different attacks.

[1]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[2]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[3]  Arjan Kuijper,et al.  Feature Correlation Attack on Biometric Privacy Protection Schemes , 2009, 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[4]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[5]  Arjan Kuijper,et al.  Quantifying privacy and security of biometric fuzzy commitment , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[6]  John Daugman,et al.  The importance of being random: statistical principles of iris recognition , 2003, Pattern Recognit..

[7]  Chulhan Lee,et al.  Cancelable fingerprint templates using minutiae-based bit-strings , 2010, J. Netw. Comput. Appl..

[8]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[9]  Sharat S Chikkerur,et al.  Online fingerprint verification system , 2005 .

[10]  Loris Nanni,et al.  Empirical tests on BioHashing , 2006, Neurocomputing.

[11]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[12]  Bart Preneel,et al.  Criteria towards metrics for benchmarking template protection algorithms , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[13]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[14]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[15]  Venu Govindaraju,et al.  Combination of Symmetric Hash Functions for Secure Fingerprint Matching , 2010, 2010 20th International Conference on Pattern Recognition.

[16]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[17]  Stark C. Draper,et al.  Using Distributed Source Coding to Secure Fingerprint Biometrics , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[18]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[19]  Ross J. Anderson,et al.  Combining cryptography with biometrics effectively , 2005 .

[20]  Christophe Rosenberger,et al.  Operational bio-hash to preserve privacy of fingerprint minutiae templates , 2013, IET Biom..

[21]  Anthony Vetro,et al.  Privacy and security of features extracted from minutiae aggregates , 2010, 2010 IEEE International Conference on Acoustics, Speech and Signal Processing.

[22]  Andrew Beng Jin Teoh,et al.  Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[23]  Su Fei,et al.  Cracking Cancelable Fingerprint Template of Ratha , 2008, ISCSCT.

[24]  Zhe Jin,et al.  Fingerprint template protection with minutiae-based bit-string for security and privacy preserving , 2012, Expert Syst. Appl..

[25]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[26]  Sharath Pankanti,et al.  Filterbank-based fingerprint matching , 2000, IEEE Trans. Image Process..

[27]  Alessandra Lumini,et al.  Fake fingertip generation from a minutiae template , 2008, 2008 19th International Conference on Pattern Recognition.

[28]  Jiankun Hu,et al.  Pair-polar coordinate-based cancelable fingerprint templates , 2011, Pattern Recognit..

[29]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[30]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[31]  Terrance E. Boult,et al.  Privacy and Security Enhancements in Biometrics , 2008 .

[32]  Julien Bringer,et al.  An Authentication Protocol with Encrypted Biometric Data , 2008, AFRICACRYPT.

[33]  Jiankun Hu,et al.  Alignment-free cancelable fingerprint template design: A densely infinite-to-one mapping (DITOM) approach , 2012, Pattern Recognit..

[34]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[35]  Zhe Jin,et al.  Secure Minutiae-Based Fingerprint Templates Using Random Triangle Hashing , 2009, IVIC.

[36]  Christophe Rosenberger,et al.  How to Evaluate Transformation Based Cancelable Biometric Systems , 2012 .

[37]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[38]  Bian Yang,et al.  Parameterized geometric alignment for minutiae-based fingerprint template protection , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[39]  Jiankun Hu,et al.  Attacks via record multiplicity on cancelable biometrics templates , 2014, Concurr. Comput. Pract. Exp..

[40]  Anil K. Jain,et al.  FM Model Based Fingerprint Reconstruction from Minutiae Template , 2009, ICB.

[41]  Kenta Takahashi,et al.  Parameter management schemes for cancelable biometrics , 2011, 2011 IEEE Workshop on Computational Intelligence in Biometrics and Identity Management (CIBIM).

[42]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[43]  Andrew Beng Jin Teoh,et al.  Cancellable biometrics and annotations on BioHash , 2008, Pattern Recognit..

[44]  Chulhan Lee,et al.  Alignment-Free Cancelable Fingerprint Templates Based on Local Minutiae Information , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[45]  Alessandra Lumini,et al.  Evaluating Minutiae Template Vulnerability to Masquerade Attack , 2007, 2007 IEEE Workshop on Automatic Identification Advanced Technologies.

[46]  Christoph Busch,et al.  A Reference Architecture for Biometric Template Protection based on Pseudo Identities , 2008, BIOSIG.