How to Evaluate Transformation Based Cancelable Biometric Systems

The concept of cancelable biometrics has been defined for the first time in the pioneering article [17]. It is aimed at enhancing privacy protection and template security, as detailed in the recent reference [8]. Two main approaches can be distinguished dealing with cancelable biometrics. On the one hand, biometric cryptosystems or secure sketches, such as those presented in [9], [7], [24], [6], [5], [2], resort to cryptography. On the other hand, we find feature transformations approaches. The BioHashing algorithm is one of the most popular technique and is based on biometric data salting. It has been developed for different biometric modalities such as those presented in [23], [3], [18]. In order to validate their proposition, authors generally provide some experimental results based on performance evaluation (EER value, ROC curves, etc.) and sometimes through a security analysis by considering different scenarios [19]. None standard methodology has been defined in order to qualify these privacy by design biometric systems [21] even if some previous research works have been proposed recently [15]. We intend in this paper to clearly define the properties that are requested for the evaluation of cancelable biometric systems, and we propose different attacks that can be simulated to assess how the targeted system fulfills these properties. The plan of the paper is the following. Section 2 first gives an overview of definitions. We then list security and privacy properties in the state of the art for the evaluation of cancelable biometric systems. We present different attacks from the impostor point of view in order to assess the previous properties. Some measures are also given to complete this security and privacy analysis of a transformation based cancelable biometric system. We conclude and give some perspectives in section 4.

[1]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[2]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[3]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[4]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[5]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[6]  Arjan Kuijper,et al.  Feature Correlation Attack on Biometric Privacy Protection Schemes , 2009, 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[7]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[8]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[10]  Christophe Rosenberger,et al.  Biohashing for Securing Minutiae Template , 2010, 2010 20th International Conference on Pattern Recognition.

[11]  David Zhang,et al.  Finger-Knuckle-Print Verification Based on Band-Limited Phase-Only Correlation , 2009, CAIP.

[12]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[13]  Andrew Beng Jin Teoh,et al.  Cancellable biometrics and annotations on BioHash , 2008, Pattern Recognit..

[14]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[15]  Gérard D. Cohen,et al.  Optimal Iris Fuzzy Sketches , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[16]  Nirmala Saini,et al.  Soft biometrics in conjunction with optics based biohashing , 2011 .

[17]  Andy Adler,et al.  Biometric System Security , 2008 .

[18]  Loris Nanni,et al.  Empirical tests on BioHashing , 2006, Neurocomputing.

[19]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[20]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[21]  David Zhang,et al.  An analysis of BioHashing and its variants , 2006, Pattern Recognit..

[22]  Anil K. Jain,et al.  Securing Fingerprint Template: Fuzzy Vault with Helper Data , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).