Biometric template transformation: a security analysis

One of the critical steps in designing a secure biometric system is protecting the templates of the users that are stored either in a central database or on smart cards. If a biometric template is compromised, it leads to serious security and privacy threats because unlike passwords, it is not possible for a legitimate user to revoke his biometric identifiers and switch to another set of uncompromised identifiers. One methodology for biometric template protection is the template transformation approach, where the template, consisting of the features extracted from the biometric trait, is transformed using parameters derived from a user specific password or key. Only the transformed template is stored and matching is performed directly in the transformed domain. In this paper, we formally investigate the security strength of template transformation techniques and define six metrics that facilitate a holistic security evaluation. Furthermore, we analyze the security of two wellknown template transformation techniques, namely, Biohashing and cancelable fingerprint templates based on the proposed metrics. Our analysis indicates that both these schemes are vulnerable to intrusion and linkage attacks because it is relatively easy to obtain either a close approximation of the original template (Biohashing) or a pre-image of the transformed template (cancelable fingerprints). We argue that the security strength of template transformation techniques must consider also consider the computational complexity of obtaining a complete pre-image of the transformed template in addition to the complexity of recovering the original biometric template.

[1]  Anil K. Jain,et al.  FM Model Based Fingerprint Reconstruction from Minutiae Template , 2009, ICB.

[2]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[3]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[4]  Chulhan Lee,et al.  Alignment-Free Cancelable Fingerprint Templates Based on Local Minutiae Information , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[5]  Pong C. Yuen,et al.  A Hybrid Approach for Generating Secure and Discriminating Face Template , 2010, IEEE Transactions on Information Forensics and Security.

[6]  Stark C. Draper,et al.  Feature extraction for a Slepian-Wolf biometric system using LDPC codes , 2008, 2008 IEEE International Symposium on Information Theory.

[7]  Nalini K. Ratha,et al.  Anonymous and Revocable Fingerprint Recognition , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[8]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[9]  Daesung Moon,et al.  Dictionary Attack on Functional Transform‐Based Cancelable Fingerprint Templates , 2009 .

[10]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[11]  Pong C. Yuen,et al.  A hybrid approach for face template protection , 2008, SPIE Defense + Commercial Sensing.

[12]  Anil K. Jain,et al.  On the security of non-invertible fingerprint template transforms , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[13]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[14]  Andrew Beng Jin Teoh,et al.  PalmHashing: a novel approach for cancelable biometrics , 2005, Inf. Process. Lett..

[15]  Michael K. Reiter,et al.  The Practical Subtleties of Biometric Key Generation , 2008, USENIX Security Symposium.

[16]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[17]  Andrew Beng Jin Teoh,et al.  2Ns Discretisation of BioPhasor in Cancellable Biometrics , 2007, ICB.

[18]  E. Mordini,et al.  Body, Biometrics and Identity , 2008, Bioethics.

[19]  Julien Bringer,et al.  An Authentication Protocol with Encrypted Biometric Data , 2008, AFRICACRYPT.

[20]  Jovan Dj. Golic,et al.  Entropy Analysis and New Constructions of Biometric Key Generation Systems , 2008, IEEE Transactions on Information Theory.

[21]  Nasir D. Memon,et al.  A secure biometric authentication scheme based on robust hashing , 2005, MM&Sec '05.

[22]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[23]  B. V. K. Vijaya Kumar,et al.  Cancelable biometric filters for face recognition , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[24]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[25]  Venu Govindaraju,et al.  Symmetric hash functions for secure fingerprint biometric systems , 2007, Pattern Recognit. Lett..

[26]  Anil K. Jain,et al.  Hardening Fingerprint Fuzzy Vault Using Password , 2007, ICB.

[27]  Loris Nanni,et al.  Random subspace for an improved BioHashing for face authentication , 2008, Pattern Recognit. Lett..

[28]  Andrew Beng Jin Teoh,et al.  Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[29]  Nalini K. Ratha,et al.  Cancelable iris biometric , 2008, 2008 19th International Conference on Pattern Recognition.

[30]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[31]  H.V. Poor,et al.  Privacy-security tradeoffs in biometric security systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.