Biometric Template Protection: Bridging the performance gap between theory and practice

Biometric recognition is an integral component of modern identity management and access control systems. Due to the strong and permanent link between individuals and their biometric traits, exposure of enrolled users' biometric information to adversaries can seriously compromise biometric system security and user privacy. Numerous techniques have been proposed for biometric template protection over the last 20 years. While these techniques are theoretically sound, they seldom guarantee the desired noninvertibility, revocability, and nonlinkability properties without significantly degrading the recognition performance. The objective of this work is to analyze the factors contributing to this performance divide and highlight promising research directions to bridge this gap. The design of invariant biometric representations remains a fundamental problem, despite recent attempts to address this issue through feature adaptation schemes. The difficulty in estimating the statistical distribution of biometric features not only hinders the development of better template protection algorithms but also diminishes the ability to quantify the noninvertibility and nonlinkability of existing algorithms. Finally, achieving nonlinkability without the use of external secrets (e.g., passwords) continues to be a challenging proposition. Further research on the above issues is required to cross the chasm between theory and practice in biometric template protection.

[1]  Terrance E. Boult,et al.  Beyond PKI: The Biocryptographic Key Infrastructure , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[2]  Frans M. J. Willems,et al.  Biometric Systems: Privacy and Secrecy Aspects , 2009, IEEE Transactions on Information Forensics and Security.

[3]  John Daugman,et al.  Probing the Uniqueness and Randomness of IrisCodes: Results From 200 Billion Iris Pair Comparisons , 2006, Proceedings of the IEEE.

[4]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[5]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[6]  Andrew Beng Jin Teoh,et al.  Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  Pong C. Yuen,et al.  A Hybrid Approach for Generating Secure and Discriminating Face Template , 2010, IEEE Transactions on Information Forensics and Security.

[8]  H.V. Poor,et al.  Privacy-security tradeoffs in biometric security systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[9]  Akira Otsuka,et al.  Relations among security metrics for template protection algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[10]  Michael K. Reiter,et al.  The Practical Subtleties of Biometric Key Generation , 2008, USENIX Security Symposium.

[11]  Sargur N. Srihari,et al.  Evaluation of Rarity of Fingerprints in Forensics , 2010, NIPS.

[12]  Frans M. J. Willems,et al.  Information Leakage in Fuzzy Commitment Schemes , 2010, IEEE Transactions on Information Forensics and Security.

[13]  Davide Maltoni,et al.  Minutia Cylinder-Code: A New Representation and Matching Technique for Fingerprint Recognition , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[14]  Anil K. Jain,et al.  Statistical Models for Assessing the Individuality of Fingerprints , 2005, IEEE Transactions on Information Forensics and Security.

[15]  Stark C. Draper,et al.  Secure Biometrics: Concepts, Authentication Architectures, and Challenges , 2013, IEEE Signal Processing Magazine.

[16]  Richard Youmaran,et al.  Towards a measure of biometric feature information , 2009, Pattern Analysis and Applications.

[17]  Raymond N. J. Veldhuis,et al.  Preventing the Decodability Attack Based Cross-Matching in a Fuzzy Commitment Scheme , 2011, IEEE Transactions on Information Forensics and Security.

[18]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[19]  Patrizio Campisi,et al.  Security and Privacy in Biometrics , 2013, Springer London.

[20]  Venu Govindaraju,et al.  Symmetric hash functions for secure fingerprint biometric systems , 2007, Pattern Recognit. Lett..

[21]  Elaine B. Barker,et al.  Recommendation for key management: , 2019 .

[22]  Pieter H. Hartel,et al.  Fuzzy extractors for continuous distributions , 2006, ASIACCS '07.

[23]  Arun Ross,et al.  An introduction to biometrics , 2008, ICPR 2008.

[24]  Gérard D. Cohen,et al.  Theoretical and Practical Boundaries of Binary Secure Sketches , 2008, IEEE Transactions on Information Forensics and Security.

[25]  H. Vincent Poor,et al.  Privacy–Security Trade-Offs in Biometric Security Systems—Part I: Single Use Case , 2011, IEEE Transactions on Information Forensics and Security.

[26]  Marina Blanton,et al.  Analysis of Reusability of Secure Sketches and Fuzzy Extractors , 2013, IEEE Transactions on Information Forensics and Security.

[27]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[28]  Ingrid Verbauwhede,et al.  Secure IRIS Verification , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[29]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[30]  Chun Chen,et al.  Biometric Quantization through Detection Rate Optimized Bit Allocation , 2009, EURASIP J. Adv. Signal Process..

[31]  Shantanu Rane,et al.  Standardization of Biometric Template Protection , 2014, IEEE MultiMedia.

[32]  Christoph Busch,et al.  Independent Performance Evaluation of Pseudonymous Identifier Fingerprint Verification Algorithms , 2013, ICIAR.

[33]  Julien Bringer,et al.  Privacy-Preserving Biometric Identification Using Secure Multiparty Computation: An Overview and Recent Trends , 2013, IEEE Signal Processing Magazine.

[34]  E.J.C. Kelkboom,et al.  Pitfall of the Detection Rate Optimized Bit Allocation within template protection and a remedy , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[35]  Andrew Beng Jin Teoh,et al.  A Novel Encoding Scheme for Effective Biometric Discretization: Linearly Separable Subcode , 2013, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[36]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[37]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[38]  Stark C. Draper,et al.  A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems , 2011, IEEE Transactions on Information Forensics and Security.

[39]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[40]  Kenta Takahashi,et al.  A measure of information gained through biometric systems , 2014, Image Vis. Comput..

[41]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[42]  Bo Fu,et al.  Multibiometric Cryptosystem: Model Structure and Performance Analysis , 2009, IEEE Transactions on Information Forensics and Security.

[43]  Bart Preneel,et al.  Criteria towards metrics for benchmarking template protection algorithms , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[44]  Terrance E. Boult,et al.  Revocable fingerprint biotokens: accuracy and security analysis , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[45]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[46]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[47]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[48]  Karthik Nandakumar,et al.  A fingerprint cryptosystem based on minutiae phase spectrum , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[49]  Anthony Vetro,et al.  Privacy and security of features extracted from minutiae aggregates , 2010, 2010 IEEE International Conference on Acoustics, Speech and Signal Processing.

[50]  Nasir D. Memon,et al.  Protecting Biometric Templates With Sketch: Theory and Practice , 2007, IEEE Transactions on Information Forensics and Security.

[51]  Adams Wai-Kin Kong A Statistical Analysis of IrisCode and Its Security Implications , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[52]  Raymond N. J. Veldhuis,et al.  Fingerprint Verification Using Spectral Minutiae Representations , 2009, IEEE Transactions on Information Forensics and Security.