Fingerprint template protection with minutiae-based bit-string for security and privacy preserving

Recently, biometric template protection has received great attention from the research community due to the security and privacy concerns for biometric template. Although a number of biometric template protection methods have been reported, it is still a challenging task to devise a scheme which satisfies all of the four template protection criteria namely diversity, revocability, non-invertibility and performance. In this paper, a method is proposed to generate a revocable fingerprint template in terms of bit-string from a set of minutiae points via a polar grid based 3-tuple quantization technique. Two merits of the proposed method are outlined, namely alignment-free and performance. Four publicly available benchmark datasets: FVC2002 DB1, DB2 and FVC2004 DB1, DB2 are used to evaluate the performance of the proposed method. Besides, the diversity, revocability, non-invertibility criteria are also analyzed.     

Noninvertible fingerprint transforms: Categorization of design mechanisms and discussion of evaluation techniques

ABSTRACT

The explosive growth in fingerprint technologies within the past decade has seen the emergence of a dedicated field of research into securing fingerprint templates during storage in a database. While new fingerprint template protection techniques are often broadly classified as belonging to the well-known salting, noninvertible transforms, key binding, or key generation categories, methods within each category are currently lacking a sense of organization. This article aims to fill this gap by proposing a categorization of noninvertible fingerprint transforms based on their design mechanisms. Our survey of the current literature in this field reveals two prominent types of approaches, so we classify existing noninvertible fingerprint transforms into two main categories: perturbation-based and histogram-based. We also discuss the evaluation techniques used to assess the robustness of noninvertible fingerprint transforms in the literature. These contributions will serve to help researchers find their bearing in the growing fingerprint template protection field, thereby encouraging a deeper understanding of the field and faster progress in the development of more effective fingerprint template protection schemes.     

Cancellable biometrics and user-dependent multi-state discretization in BioHash

Although the use of biometrics for security access is convenient and easy to be implemented, it also introduced privacy and other security concerns when the original biometric templates are compromised. BioHash was introduced as a form of cancellable or replaceable biometrics through the integration of a set of user-specific random numbers with biometric features to address these concerns. However, the main drawback of the original form of BioHash is its inferior performance when an imposter obtains a legitimate token and uses it to claim as a genuine user (also known as the stolen-token scenario). In this paper, the problem is circumvented by a user-dependent multi-state discretization method. The experimental results on fingerprint database FVC2002 demonstrated a promising performance improvement on the stolen-token scenario when this discretization method was incorporated in the BioHash scheme. Moreover, the discretization method can render a long bit string, which is a useful feature to resist brute-force attacks. Some desired properties such as one-way transformation and diversity are also analyzed.     

Generating cancelable fingerprint templates

Biometrics-based authentication systems offer obvious usability advantages over traditional password and token-based authentication schemes. However, biometrics raises several privacy concerns. A biometric is permanently associated with a user and cannot be changed. Hence, if a biometric identifier is compromised, it is lost forever and possibly for every application where the biometric is used. Moreover, if the same biometric is used in multiple applications, a user can potentially be tracked from one application to the next by cross-matching biometric databases. In this paper, we demonstrate several methods to generate multiple cancelable identifiers from fingerprint images to overcome these problems. In essence, a user can be given as many biometric identifiers as needed by issuing a new transformation "key". The identifiers can be cancelled and replaced when compromised. We empirically compare the performance of several algorithms such as Cartesian, polar, and surface folding transformations of the minutiae positions. It is demonstrated through multiple experiments that we can achieve revocability and prevent cross-matching of biometric databases. It is also shown that the transforms are noninvertible by demonstrating that it is computationally as hard to recover the original biometric identifier from a transformed version as by randomly guessing. Based on these empirical results and a theoretical analysis we conclude that feature-level cancelable biometric construction is practicable in large biometric deployments     

Design of alignment-free cancelable fingerprint templates via curtailed circular convolution

Fraudulent use of stolen fingerprint data and privacy invasion by tracking individuals unlawfully with shared or stolen fingerprint data justify the significance of fingerprint template protection. With no a priori fingerprint image registration, alignment-free cancelable fingerprint templates do not suffer from inaccurate singular point detection. In this paper, we propose an effective alignment-free method for constructing cancelable fingerprint templates via curtailed circular convolution. The proposed method features an efficient one-way transform, which protects the input binary string such that it cannot be retrieved from the length-reduced, convolved output vector. The transformed template fulfills the requirements of non-invertibility, revocability and diversity for cancelable fingerprint templates. Evaluation of the proposed scheme over FVC2002 DB1, DB2 and DB3 shows that the new method demonstrates satisfactory performance compared to the existing alignment-free cancelable template schemes.     

Based blockchain-PSO-AES techniques in finger vein biometrics: A novel verification secure framework for patient authentication

The main objective of this study is to propose a novel verification secure framework for patient authentication between an access point (patient enrolment device) and a node database. For this purpose, two stages are used. Firstly, we propose a new hybrid biometric pattern model based on a merge algorithm to combine radio frequency identification and finger vein (FV) biometric features to increase the randomisation and security levels in pattern structure. Secondly, we developed a combination of encryption, blockchain and steganography techniques for the hybrid pattern model. When sending the pattern from an enrolment device (access point) to the node database, this process ensures that the FV biometric verification system remains secure during authentication by meeting the information security standard requirements of confidentiality, integrity and availability. Blockchain is used to achieve data integrity and availability. Particle swarm optimisation steganography and advanced encryption standard techniques are used for confidentiality in a transmission channel. Then, we discussed how the proposed framework can be implemented on a decentralised network architecture, including access point and various databases node without a central point. The proposed framework was evaluated by 106 samples chosen from a dataset that comprises 6000 samples of FV images. Results showed that (1) high-resistance verification framework is protected against spoofing and brute-force attacks; most biometric verification systems are vulnerable to such attacks. (2) The proposed framework had an advantage over the benchmark with a percentage of 55.56% in securing biometric templates during data transmission between the enrolment device and the node database.     

Improving the accuracy and storage cost in biometric remote authentication schemes

Recently, Bringer et al. proposed a new approach for remote biometric based verification, which consists of a hybrid protocol that distributes the server side functionality in order to detach the biometric data storage from the service provider. Besides, a new security model is defined using the notions of Identity and Transaction Privacy, which guarantee the privacy of the identity-biometrics relationship under the assumption of non-colluding servers. However, due to the high communication and computational costs, the systems following this model cannot be implemented for large scale biometric systems.In this paper, we describe an efficient multi-factor biometric verification system with improved accuracy and lower complexity by considering the range information of every component of the user biometrics separately. Also, the new scheme is provably secure based on the security model of Bringer et al and implements a different database storage that eliminates the disadvantages of encrypted biometric templates in terms of ciphertext expansion. Also, we evaluate different Private Information Retrieval (PIR) schemes applicable for this setting and propose a practical solution for our scheme that reduces the computation costs dramatically. Finally, we compare our results with existing provably secure schemes and achieve reduced computational cost and database storage cost due to the single storage of the common features of the users in the system and amortization of the time complexity of the PIR.     

结合时间戳的指纹密钥数据加解密传输方案

目的 对于生物密钥而言，生物特征数据的安全与生物密钥的管理存储都很关键。为了构造能够应用在通信数据传输场景的生物密钥，同时保证生物特征本身的模糊性与密码学的精确性处于一种相对平衡状态，提出一种基于时间戳与指纹密钥的数据加解密传输方案。方法 利用发送方指纹特征点之间的相对信息，与保密随机矩阵生成发送方指纹密钥；借助通信双方的预先设定数与时间戳，生成接收方恢复指纹密钥时所需的辅助信息；利用发送方指纹密钥加密数据，实现密文数据的传输。结果 本文方法在仿真通信双方数据加解密的实现中，测试再生指纹密钥的识别率（GAR）与误识率（FAR）。通过实验数据分析，表明了本文提出的指纹密钥生成方法的可用性，以及指纹密钥作为数字身份所具备的可认证性，其中真实发送方的再生指纹密钥识别率可高达99.8%，并且本方案还可用于即时通信、对称加密等多种场景当中。结论 本文方法利用时间戳确定了通信事件的唯一性与不可否认性，同时实现了指纹密钥恢复时的"一次一密"。此外，方案通过保密随机矩阵实现了发送方指纹密钥的可撤销，极大程度保障了指纹数据的安全性。     

ECB4CI: an enhanced cancelable biometric system for securing critical infrastructures

Physical access control is an indispensable component of a critical infrastructure. Traditional password-based methods for access control used in the critical infrastructure security systems have limitations. With the advance of new biometric recognition technologies, security control for critical infrastructures can be improved by the use of biometrics. In this paper, we propose an enhanced cancelable biometric system, which contains two layers, a core layer and an expendable layer, to provide reliable access control for critical infrastructures. The core layer applies random projection-based non-invertible transformation to the fingerprint feature set, so as to provide template protection and revocability. The expendable layer is used to protect the transformation key, which is the main weakness contributing to attacks via record multiplicity. This improvement enhances the overall system security, and undoubtedly, this extra security is an advantage over the existing cancelable biometric systems.     

基于双哈希索引的高效语音生物哈希安全检索算法

针对语音数据在信道传输与云端存储时的安全性问题,以及由于语音数据数目大、维数高、空间复杂度高带来的检索效率问题,提出了一种基于双哈希索引的高效语音生物哈希安全检索算法。首先,在服务端分别提取语音信号的频谱通量与峭度因子特征并将两种特征融合,利用Bagging分类对语音信号的差分哈希分类,并基于分类结果构建密钥分配索引表;然后,根据密钥分配索引表建立具有单一映射密钥的生物特征模板,并将其量化构造生物哈希,得到哈希索引;同时,采用混合域置乱加密算法对原始语音加密,构建密文语音库;最后,将哈希索引与密文语音库上传至云端并构建云端生物哈希索引表。在移动端,采用归一化汉明距离进行匹配检索。实验结果表明:本文算法的匹配阈值区间为(0.2694,0.4173),说明该检索算法能够灵活选取匹配阈值,具有较好的鲁棒性和区分性;检索过程中单条语音平均检索时间仅为9.4957×10^-4s,并且经过15种内容保持操作后的查全率与查准率均为100%,说明该算法具有较好的检索性能,可以满足各种环境下的语音检索需求;同时提出的加密算法密钥空间大小为10⁶⁰,说明能够抵御穷举密钥攻击、保证语音数据的安全;此外,构建的生物特征模板具有良好的多样性、安全性和可撤销性。     

A practical implementation of fuzzy fingerprint vault for smart cards

Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. To protect the biometric data, we need to store it in a non-invertible transformed version. Thus, even if the transformed version is compromised, the actual biometric data remain safe. Fuzzy vault is a cryptographic construct to secure critical data with the fingerprint data. In this paper, we implement the fuzzy fingerprint vault, combining fingerprint verification and fuzzy vault scheme to protect fingerprint templates, for the smart card environment. To implement the fuzzy fingerprint vault as a complete system, we have to consider several practical issues such as automatic fingerprint alignment, verification accuracy, template size for storing in the smart card, execution time, error correcting code, etc. Especially, we handled the fingerprints having a few minutiae by applying an adaptive degree of the polynomial, and thus our implementation result can be used for real, large-scale applications.     

基于生物加密的认证机制

为克服传统认证技术在保护安全和隐私方面的不足,提出了一种基于生物加密的身份认证模型。运用生物加密技术对用户脸部特征和密钥进行保护,防止非授权用户的访问和非授权资源的使用。实验结果表明,尽管人的面部表情变化多端,基于生物加密技术的认证系统仍能正确区分真正的用户与仿冒用户,起到很好的认证效果,保证了安全通信。     

Multi-instance cancellable biometrics schemes based on generative adversarial network

The main role of cancellable biometric schemes is to protect the privacy of the enrolled users. The protected biometric data are generated by applying a parametrized transformation function to the original biometric data. Although cancellable biometric schemes achieve high security levels, they may degrade the recognition accuracy. One of the mostwidely used approaches to enhance the recognition accuracy in biometric systems is to combine several instances of the same biometric modality. In this paper, two multi-instance cancellable biometric schemes based on iris traits are presented. The iris biometric trait is used in both schemes because of the reliability and stability of iris traits compared to the other biometric traits. A generative adversarial network (GAN) is used as a transformation function for the biometric features. The first scheme is based on a pre-transformation feature-level fusion, where the binary features of multiple instances are concatenated and inputted to the transformation phase. On the other hand, the second scheme is based on a post-transformation feature-level fusion, where each instance is separately inputted to the transformation phase. Experiments conducted on the CASIA Iris-V3-Internal database confirm the high recognition accuracy of the two proposed schemes. Moreover, the security of the proposed schemes is analyzed, and their robustness against two well-known types of attacks is proven.

     

基于细节点邻域信息的可撤销指纹模板生成算法

为了提高指纹模板算法的安全性等性能,设计了一种基于细节点邻域信息的可撤销指纹模板生成算法.首先对指纹图像进行预处理,提取指纹的细节点特征,然后采用改进的细节点描述子采样结构提取细节点邻域的纹线特征,最后结合用户PIN码生成指纹模板,同时结合贪婪算法设计了相应的指纹匹配算法.在指纹数据库FVC2002-DB1和DB2上的实验表明,该算法具有良好的认证性能,能较好地满足可撤销性、多样性和不可逆性,而且改进的采样结构在没有降低系统识别性能的情况下,进一步拓展了细节点描述子的采样结构方式.     

A hybrid encryption/hiding method for secure transmission of biometric data in multimodal authentication system

Biometric security is a fast growing area that gains an increasing interest in the last decades. Digital encryption and hiding techniques provide an efficient solution to protect biometric data from accidental or intentional attacks. In this paper, a highly secure encryption/hiding scheme is proposed to ensure secure transmission of biometric data in multimodal biometric identification/authentication system. The secret fingerprint and iris vectors are sparsely approximated using accelerated iterative hard thresholding technique and then embedded in the host Slantlet-SVD domain of face image. Experiments demonstrate the efficiency of our technique for both encryption and hiding purpose, where the secret biometric information is well encrypted and still extractable with high fidelity even though the carrier image is seriously corrupted. Our experimental results show the efficiency of the proposed technique in term of robustness to attacks, Invisibility, and security.

     

Alignment-free cancelable fingerprint template design: A densely infinite-to-one mapping (DITOM) approach

Registration-based cancelable template schemes rely on accurate fingerprint image alignment, which is very difficult to achieve. In this paper, by exploiting pair-minutiae vectors, we develop a lightweight, alignment-free scheme for generating cancelable fingerprint templates. The proposed mathematical model is based on a densely infinite-to-one mapping (DITOM) aiming to achieve the non-invertible property. The transformation designed describes the intersection of a collection of hyperplanes and effectively realizes infinite-to-one mapping. The proposed scheme has the properties of non-invertibility, revocability and multiple template independence. Evaluation of the proposed scheme over FVC2002 DB1, DB2 and DB3 shows that the new method exhibits satisfactory performance compared to existing methods.     

隐私数据验证场景下的隐私保护研究

隐私数据验证场景是信息验证服务下的一类特殊场景,其实用性要求数据在第三方数据库进行存储、发布且有能力处理任意形式声明的验证,其安全性要求数据在存储、更新与证明期间提供有效的隐私保护手段。目前该场景下的隐私保护研究尚且处于空白阶段,因此本文引入可证明数据加密策略的概念,以满足隐私数据验证场景下的实用性与安全性需求。本文主要有三个贡献：（1）对可证明数据加密策略进行讨论并给出形式化定义;（2）基于非交互零知识证明构造出首个可证明数据加密方案,并同时支持高效的数据更新操作;（3）基于承诺方案、非交互零知识证明与全同态加密,提出可证明数据加密策略的两种通用构造框架并给予相关性质证明。     

面向混合云的可并行多关键词Top-k密文检索技术

随着云计算技术的迅猛发展,越来越多的企业和个人青睐使用私有云和公有云相结合的混合云环境,用于外包存储和管理其私有数据。为了保护外包数据的私密性,数据加密是一种常用的隐私保护手段,但这同时也使得针对加密数据的搜索成为一个具有挑战性的问题。文中提出了面向混合云的可并行的多关键词Top-k密文检索方案。该方案通过对文档、关键词分组进行向量化处理,并引入对称加密和同态矩阵加密机制,保护外包数据的私密性,同时支持多关键词密文检索;通过引入MapReduce计算模式,使得公有云和私有云合作完成的密文检索过程能够按照并行化方式执行,从而能够支持针对大规模加密数据的并行化检索。安全分析和实验结果表明,提出的检索方案能够保护外包数据的隐私,且其检索效率优于现有的同类方案。     

Biometric template selection and update: a case study in fingerprints

A biometric authentication system operates by acquiring biometric data from a user and comparing it against the template data stored in a database in order to identify a person or to verify a claimed identity. Most systems store multiple templates per user in order to account for variations observed in a person's biometric data. In this paper we propose two methods to perform automatic template selection where the goal is to select prototype fingerprint templates for a finger from a given set of fingerprint impressions. The first method, called DEND, employs a clustering strategy to choose a template set that best represents the intra-class variations, while the second method, called MDIST, selects templates that exhibit maximum similarity with the rest of the impressions. Matching results on a database of 50 different fingers, with 200 impressions per finger, indicate that a systematic template selection procedure as presented here results in better performance than random template selection. The proposed methods have also been utilized to perform automatic template update. Experimental results underscore the importance of these techniques.     

Face Attribute Convolutional Neural Network System for Data Security with Improved Crypto Biometrics

Due to the enormous usage of the internet for transmission of data over a network, security and authenticity become major risks. Major challenges encountered in biometric system are the misuse of enrolled biometric templates stored in database server. To describe these issues various algorithms are implemented to deliver better protection to biometric traits such as physical (Face, fingerprint, Ear etc.) and behavioural (Gesture, Voice, tying etc.) by means of matching and verification process. In this work, biometric security system with fuzzy extractor and convolutional neural networks using face attribute is proposed which provides different choices for supporting cryptographic processes to the confidential data. The proposed system not only offers security but also enhances the system execution by discrepancy conservation of binary templates. Here Face Attribute Convolutional Neural Network (FACNN) is used to generate binary codes from nodal points which act as a key to encrypt and decrypt the entire data for further processing. Implementing Artificial Intelligence (AI) into the proposed system, automatically upgrades and replaces the previously stored biometric template after certain time period to reduce the risk of ageing difference while processing. Binary codes generated from face templates are used not only for cryptographic approach is also used for biometric process of enrolment and verification. Three main face data sets are taken into the evaluation to attain system performance by improving the efficiency of matching performance to verify authenticity. This system enhances the system performance by 8% matching and verification and minimizes the False Acceptance Rate (FAR), False Rejection Rate (FRR) and Equal Error Rate (EER) by 6 times and increases the data privacy through the biometric cryptosystem by 98.2% while compared to other work.