On the security of non-invertible fingerprint template transforms

Many transformation functions have been proposed for generating revocable or non-invertible biometric templates. However, their security analysis either ignores the distribution of biometric features or uses inefficient feature matching. This usually leads to unrealistic estimates of security. In this paper we introduce a new measure of non-invertibility, called the Coverage-Effort (CE) curve which measures the number of guesses (Effort) required by an adversary to recover a certain fraction (Coverage) of the original biometric data. In addition to utilizing the feature distribution, the CE curve allows estimation of security against partial recovery of biometric features. We analyze the CE curves obtained using different instances of a mixture of Gaussians based feature transform for fingerprint templates. Our analysis shows that knowledge of the fingerprint minutiae distribution reduces the effort required to obtain a specified coverage.

[1]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[2]  Nalini K. Ratha,et al.  Anonymous and Revocable Fingerprint Recognition , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[3]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[4]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[5]  Nasir D. Memon,et al.  A secure biometric authentication scheme based on robust hashing , 2005, MM&Sec '05.

[6]  I. Miller Probability, Random Variables, and Stochastic Processes , 1966 .

[7]  Tyler Moore,et al.  Information security: where computer science, economics and psychology meet , 2009, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[8]  Anil K. Jain,et al.  Hardening Fingerprint Fuzzy Vault Using Password , 2007, ICB.

[9]  Athanasios Papoulis,et al.  Probability, Random Variables and Stochastic Processes , 1965 .

[10]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[11]  Anil K. Jain,et al.  Algorithms for Clustering Data , 1988 .

[12]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[13]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[14]  Chulhan Lee,et al.  Alignment-Free Cancelable Fingerprint Templates Based on Local Minutiae Information , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[15]  Michael K. Reiter,et al.  Towards practical biometric key generation with randomized biometric templates , 2008, CCS.

[16]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[17]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[18]  Jovan Dj. Golic,et al.  Entropy Analysis and New Constructions of Biometric Key Generation Systems , 2008, IEEE Transactions on Information Theory.

[19]  Andrew Beng Jin Teoh,et al.  Cancellable biometrics and annotations on BioHash , 2008, Pattern Recognit..