Cancellable biometrics and user-dependent multi-state discretization in BioHash

Although the use of biometrics for security access is convenient and easy to be implemented, it also introduced privacy and other security concerns when the original biometric templates are compromised. BioHash was introduced as a form of cancellable or replaceable biometrics through the integration of a set of user-specific random numbers with biometric features to address these concerns. However, the main drawback of the original form of BioHash is its inferior performance when an imposter obtains a legitimate token and uses it to claim as a genuine user (also known as the stolen-token scenario). In this paper, the problem is circumvented by a user-dependent multi-state discretization method. The experimental results on fingerprint database FVC2002 demonstrated a promising performance improvement on the stolen-token scenario when this discretization method was incorporated in the BioHash scheme. Moreover, the discretization method can render a long bit string, which is a useful feature to resist brute-force attacks. Some desired properties such as one-way transformation and diversity are also analyzed.     

Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs

Biometric analysis for identity verification is becoming a widespread reality. Such implementations necessitate large-scale capture and storage of biometric data, which raises serious issues in terms of data privacy and (if such data is compromised) identity theft. These problems stem from the essential permanence of biometric data, which (unlike secret passwords or physical tokens) cannot be refreshed or reissued if compromised. Our previously presented biometric-hash framework prescribes the integration of external (password or token-derived) randomness with user-specific biometrics, resulting in bitstring outputs with security characteristics (i.e., noninvertibility) comparable to cryptographic ciphers or hashes. The resultant BioHashes are hence cancellable, i.e., straightforwardly revoked and reissued (via refreshed password or reissued token) if compromised. BioHashing furthermore enhances recognition effectiveness, which is explained in this paper as arising from the random multispace quantization (RMQ) of biometric and external random inputs     

一种单因子的可撤销生物特征认证方法

将令牌化随机数作为外部因子的双因子可撤销生物特征认证方法存在令牌泄露、丢失等安全威胁.本文提出了一种生物特征作为唯一输入的解决方法,即单因子的可撤销生物特征认证方法.首先,利用扩展的特征向量,通过预定义的滑动窗口和哈希函数随机化生成二进制种子;然后替换不同的辅助数据来生成可撤销模板;最后,由查询生物特征向量对辅助数据进...     

A review on performance,security and various biometric template protection schemes for biometric authentication systems

Identifying a person based on their behavioral and biological qualities in an automated manner is called biometrics. The authentication system substituting traditional password and token for authentication and relies gradually on biometric authentication methods for verification of the identity of an individual. This proves the fact that society has started depending on biometric-based authentication systems. Security of biometric authentication needs to be reviewed and discussed as there are multiple points related to integrity and public reception of biometric-based authentication systems. Security and recognition accuracy are the two most important aspects which must be considered while designing biometric authentication systems. During enrollment phase scanning of biometric data is done to determine a set of distinct biometric feature set known as biometric template. Protection of biometric templates from various hacking efforts is a topic of vital importance as unlike passwords or tokens, compromised biometric templates cannot be reissued. Therefore, giving powerful protection techniques for biometric templates and still at that very moment preparing great identification accuracy is a good research problem nowadays, as well as in the future. Furthermore, efficiency under non-ideal conditions is also supposed to be inadequate and thus needs special attention in the design of a biometric authentication system. Disclosure of various biometric traits in miscellaneous applications creates a severe compromise on the privacy of the user. Biometric authentication can be utilized for remote user authentication. In this case, the biometric data of users typically called templates are stored in a server. The uniqueness and stability of biometrics ended it useful over traditional authentication systems. But, a similar thing made the enduring harm of a user’s identity in biometric systems. The architecture of the biometric system leads to several hazards that lead to numerous security concerns and privacy threats. To address this issue, biometric templates are secured using several schemes that are categorized as biometric cryptosystems, cancelable biometrics, hybrid methods, Homomorphic Encryption, visual cryptography based methods. Biometric cryptosystems and cancelable biometrics techniques provide reliable biometric security at a great level. However, there persist numerous concerns and encounters that are being faced during the deployment of these protection technologies. This paper reviews and analyses various biometric template protection methods. This review paper also reflects the limitations of various biometric template protection methods being used in present times and highlights the scope of future work.

     

Three measures for secure palmprint identification

Most previous research in the area of personal authentication using the palmprint as a biometric trait has concentrated on enhancing accuracy yet resistance to attacks is also a centrally important feature of any biometric security system. In this paper, we address three relevant security issues: template re-issuances, also called cancellable biometrics,¹ replay attacks, and database attacks. We propose to use a random orientation filter bank (ROFB) as a feature extractor to generate noise-like feature codes, called Competitive Codes for templates re-issuances. Secret messages are hidden in templates to prevent replay and database attacks. This technique can be regarded as template watermarking. A series of analyses is provided to evaluate the security levels of the measures.     

Investigating fusion approaches in multi-biometric cancellable recognition

Cancellable biometrics has recently been introduced in order to overcome some privacy issues about the management of biometric data, aiming to transform a biometric trait into a new but revocable representation for enrolment and identification (verification). Therefore, a new representation of original biometric data can be generated in case of being compromised. Additionally, the use multi-biometric systems are increasingly being deployed in various biometric-based applications since the limitations imposed by a single biometric model can be overcome by these multi-biometric recognition systems. In this paper, we specifically investigate the performance of different fusion approaches in the context of multi-biometrics cancellable recognition. In this investigation, we adjust the ensemble structure to be used for a biometric system and we use as examples two different biometric modalities (voice and iris data) in a multi-biometrics context, adapting three cancellable transformations for each biometric modality.     

Cancelable features using log-Gabor filters for biometric authentication

Wide spread use of biometric based authentication requires security of biometric data against identity thefts. Cancelable biometrics is a recent approach to address the concerns regarding privacy of biometric data, public confidence, and acceptance of biometric systems. This work proposes a template protection approach which generates revocable binary features from phase and magnitude patterns of log-Gabor filters. Multi-level transformations are applied at signal and feature level to distort the biometric data using user specific tokenized variables which are observed to provide better performance and security against information leakage under correlation attacks. A thorough analysis is performed to study the performance, non-invertibility, and changeability of the proposed approach under stolen token scenario on multiple biometric modalities. It is revealed that generated templates are non-invertible, easy to revoke, and also deliver good performance.     

模糊逻辑在人脸特征保护算法中的应用

随着人脸识别在门禁、视频监控等公共安全领域中的应用日益广泛,人脸特征数据的安全性和隐私性问题成为备受关注的焦点。近年来出现了许多关于生物特征及人脸特征的安全保护算法,这些算法大都是将生物特征数据转变为二值的串,再进行保护。针对已有的保护算法中将实值的人脸特征转换为二值的串,从而导致信息丢失的不足,应用模糊逻辑对人脸模板数据的类内差异进行建模,从而提高人脸识别系统的性能。给出了算法在CMU PIE的光照子集、CMU PIE带光照和姿势的子集和ORL人脸数据库中的实验结果。实验表明,该算法能够进一步提高已有安全保护算法的识别率。     

Biohashing: two factor authentication featuring fingerprint data and tokenised random number

Human authentication is the security task whose job is to limit access to physical locations or computer network only to those with authorisation. This is done by equipped authorised users with passwords, tokens or using their biometrics. Unfortunately, the first two suffer a lack of security as they are easy being forgotten and stolen; even biometrics also suffers from some inherent limitation and specific security threats. A more practical approach is to combine two or more factor authenticator to reap benefits in security or convenient or both. This paper proposed a novel two factor authenticator based on iterated inner products between tokenised pseudo-random number and the user specific fingerprint feature, which generated from the integrated wavelet and Fourier-Mellin transform, and hence produce a set of user specific compact code that coined as BioHashing. BioHashing highly tolerant of data capture offsets, with same user fingerprint data resulting in highly correlated bitstrings. Moreover, there is no deterministic way to get the user specific code without having both token with random data and user fingerprint feature. This would protect us for instance against biometric fabrication by changing the user specific credential, is as simple as changing the token containing the random data. The BioHashing has significant functional advantages over solely biometrics i.e. zero equal error rate point and clean separation of the genuine and imposter populations, thereby allowing elimination of false accept rates without suffering from increased occurrence of false reject rates.     

Image-based facial recognition in the domain of high-order polynomial one-way mapping

The authors present a secure facial recognition system. The biometric data are transformed to the cancellable domain using high-order polynomial functions and co-occurrence matrices. The proposed method has provided both high-recognition accuracy and biometric data protection. Protection of data relies on the polynomial functions, where the new reissued cancellable biometric can be obtained by changing the polynomial parameters. Besides the protection of data, the reconstructed co-occurrence matrices also contributed to the accuracy enhancement. Hadamard product is used to reconstruct the new measure and has shown high flexibility in proving a new relationship between two independent covariance matrices. The proposed cancellable biometric is treated in the same manner as the original biometric data, which enables replacement of original data by the novel cancellable algorithm with no change to the authentication system. The two-dimensional principal component analysis recognition algorithm is used at the authentication stage. Results have shown high non-reversibility of data with improved accuracy over the original data and raised the performance recognition rate to 97%.     

Two-Factor Cancelable Biometrics Authenticator

Biometrics-based authentication system offers advantages of providing high reliability and accuracy. However the contemporary authentication system is impuissance to compromise. If a biometrics data is compromised, it cannot be replaced and rendered unusable. In this paper, a cancelable biometrics-based authenticator is proposed to solve this irrevocability issue. The proposed approach is a two-factor authentication system, which requires both of the random data and facial feature in order to access the system. In this system, tokenized pseudo-random data is coupled with momentbased facial feature via inner product algorithm. The output of the product is then discretized to generate a set of private binary code, coined as 2factor-Hashing code, which is acted as verification key. If this biometrics-based verification key is compromised, a new one can be issued by replacing a different set of random number via token replacement. Then, the compromised one is rendered completely useless. This feature offers an extra protection layer against biometrics fabrication since the verification code is replaceable. Experimental results demonstrate that the proposed system provides zero Equal Error Rate in which there is a clear separation in between the genuine and the imposter distribution populations.     

生物特征识别综述*

对传统的身份鉴别手段和现代生物特征识别技术产生背景进行了综述,介绍目前典型的生物特征识别技术的原理和发展趋势,分析了实际应用中存在的优缺点,并探讨了基于个人生物特征融合的多生物特征识别技术和生物特征信息保护问题,强调了生物识别技术在身份认证领域的重要性。     

结合时间戳的指纹密钥数据加解密传输方案

目的 对于生物密钥而言，生物特征数据的安全与生物密钥的管理存储都很关键。为了构造能够应用在通信数据传输场景的生物密钥，同时保证生物特征本身的模糊性与密码学的精确性处于一种相对平衡状态，提出一种基于时间戳与指纹密钥的数据加解密传输方案。方法 利用发送方指纹特征点之间的相对信息，与保密随机矩阵生成发送方指纹密钥；借助通信双方的预先设定数与时间戳，生成接收方恢复指纹密钥时所需的辅助信息；利用发送方指纹密钥加密数据，实现密文数据的传输。结果 本文方法在仿真通信双方数据加解密的实现中，测试再生指纹密钥的识别率（GAR）与误识率（FAR）。通过实验数据分析，表明了本文提出的指纹密钥生成方法的可用性，以及指纹密钥作为数字身份所具备的可认证性，其中真实发送方的再生指纹密钥识别率可高达99.8%，并且本方案还可用于即时通信、对称加密等多种场景当中。结论 本文方法利用时间戳确定了通信事件的唯一性与不可否认性，同时实现了指纹密钥恢复时的"一次一密"。此外，方案通过保密随机矩阵实现了发送方指纹密钥的可撤销，极大程度保障了指纹数据的安全性。     

Service-oriented architecture based on biometric using random features and incremental neural networks

We propose a service-oriented architecture based on biometric system where training and classification tasks are used by millions of users via internet connection. Such a large-scale biometric system needs to consider template protection, accuracy and efficiency issues. This is a challenging problem since there are tradeoffs among these three issues. In order to simultaneously handle these issues, we extract both global and local features via controlling the sparsity of random bases without training. Subsequently, the extracted features are fused with a sequential classifier. In the proposed system, the random basis features are not stored for security reason. The non-training based on feature extraction followed by a sequential learning contributes to computational efficiency. The overall accuracy is consequently improved via an ensemble of classifiers. We evaluate the performance of the proposed system using equal error rate under a stolen-token scenario. Our experimental results show that the proposed method is robust over severe local deformation with efficient computation for simultaneous transactions. Although we focus on face biometrics in this paper, the proposed method is generic and can be applied to other biometric traits.     

A novel cancellable Iris template generation based on salting approach

The iris has been vastly recognized as one of the powerful biometrics in terms of recognition performance, both theoretically and empirically. However, traditional unprotected iris biometric recognition schemes are highly vulnerable to numerous privacy and security attacks. Several methods have been proposed to generate cancellable iris templates that can be used for recognition; however, these templates achieve lower accuracy of recognition in comparison to traditional unprotected iris templates. In this paper, a novel cancellable iris recognition scheme based on the salting approach is introduced. It depends on mixing the original binary iris code with a synthetic pattern using XOR operation. This scheme guarantees a high degree of privacy/security preservation without affecting the performance accuracy compared to the unprotected traditional iris recognition schemes. Comprehensive experiments on various iris image databases demonstrate similar accuracy to those of the original counterparts. Hence, robustness to several major privacy/security attacks is guaranteed.

     

Bio-PUF-MAC authenticated encryption for iris biometrics

Biometrics is one of the ways for human authentication. Fabrication of biometrics by intruders, limits the accuracy of authentication. The user-specific keys (ie,) pseudo-random numbers give more security for biometric template protection and increase the accuracy of authentication also. The user-specific token or keys can also be fabricated by intruders by any of the prediction methods. To avoid the creation of fake biometric and fake user-specific keys, a device-specific Physical Unclonable Function (PUF) is proposed. In this article, iris authentication is provided by unclonable PUF-based true random numbers to enhance the unique authentication. Nonreversible Message Authentication Codes (MAC) are developed using PUF and Discrete Wavelet Transform features of iris biometrics. Systematically, MAC codes also created with, encryption algorithm. Encryption is additionally providing confidentiality in the individual iris. Experiments are done with CUHK Iris Image Dataset. Proposed Bio-PUF system has significant functional advantages in point of view of the unclonable pseudo-random number from PUF. Experimentally, Avalanche effect, entropy, NCPR, and UACI parameters are analyzed with PUF-based crypt functions. For 75% of matching with the Bio-PUF-MAC codes with enrolment, the accuracy for correct identification is 77.73%.     

基于生物特征和口令放大的远程认证协议

基于口令的认证协议具有简单、方便、强适应性及移动性等优点,它广泛应用于网上银行、ATM等远程登录环境中。但是一般用户的口令具有低熵、安全性低、口令数据难以保护等缺点,从而使系统存在许多安全隐患。口令放大是这样的一种算法,它输入用户的低熵的口令和一个高熵的随机数,然后输出一个高熵的新口令,从而提高了系统的安全性,也不增加用户的负担。人体生物特征是人体所固有的生理和行为特征,而模糊提取器可以从人体的生物特征中提取出高熵的随机串。生物特征和口令放大的结合,恰好可以克服基于口令的认证协议的缺点,提高其安全性。提出了一种结合人体生物特征和口令放大的单向认证协议,充分发挥了基于口令的认证协议所具有的简单易用和生物特征高熵、安全性高等优点,并且具有一定的容错能力。     

A fast feature selection technique in multi modal biometrics using cloud framework

Biometrics refers to the process that uses biological or physiological traits to identify individuals. The progress seen in technology and security has a vital role to play in Biometric recognition which is a reliable technique to validate individuals and their identity. The biometric identification is generally based on either their physical traits or their behavioural traits. The multimodal biometrics makes use of either two or more of the modalities to improve recognition. There are some popular modalities of biometrics that are palm print, finger vein, iris, face or fingerprint recognition. Another important challenge found with multimodal biometric features is the fusion, which could result in a large set of feature vectors. Most biometric systems currently use a single model for user authentication. In this existing work, a modified method of heuristics that is efficiently used to identify an optimal feature set that is based on a wrapper-based feature selection technique. The proposed method of feature selection uses the Ant Colony Optimization (ACO) and the Particle Swarm Optimization (PSO) are used to feature extraction and classification process utilizes the integration of face, and finger print texture patterns. The set of training images is converted to grayscale. The crossover operator is applied to generate multiple samples for each number of images. The wok proposed here is pre-planned for each weight of each biometric modality, which ensures that even if a biometric modality does not exist at the time of verification, a person can be certified to provide calculated weights the threshold value. The proposed method is demonstrated better result for fast feature selection in bio metric image authentication and also gives high effectiveness security.     

基于模糊循环随机映射的人脸生物特征加密算法

随着生物特征识别技术的广泛应用,其安全性方面的缺陷也逐渐暴露出来。密码技术与生物特征识别技术相结合的生物特征加密技术,就是为了弥补生物特征识别在安全方面的不足而产生的。在研究已有人脸生物特征识别技术的基础上,提出一种兼具安全性及容错能力的人脸生物特征加密算法:模糊循环随机映射(Fuzzy Cyclic Random Mapping,FCRM)。在每次循环中,加密模型使用前一次循环的密钥作为随机种子生成映射矩阵,对用户的人脸特征进行映射,形成一个循环的随机映射过程。加密过程中,还使用了容错技术来减少合法用户人脸图像和特征的随机噪声对识别率的影响,而循环的映射过程能够在不减少认证准确率的前提下,阻止非法用户通过认证。     

Secure-OSCAR中基于PKI的生物身份认证的设计

个体的生物特征的唯一性和“不可伪造性”使得它很适合于身份认证。生物信息本来是不保密的,所以不能象使用口令一样来使用它,否则将不能提高反而会降低系统的安全性。公钥机制(PKI)也被广泛应用于用户身份认证中,但它是基于私钥的安全性的,不可避免地存在冒用私钥的威胁。论文提出一个结合生物技术与PKI技术的认证方式的设计,具体描述了它在Secure-OSCAR中的实现。