基于比特流的虹膜特征数据的隐藏算法

对生物特征数据的攻击是生物特征识别自身安全的主要威胁。为了提高虹膜特征数据的安全性,根据现有主要的虹膜识别方法中特征模板的数据特性和基于汉明距的比对方法,提出一种基于比特流的将虹膜特征模板数据嵌入人脸图像的数据隐藏算法。实验结果表明,该算法具有较强的隐蔽性,隐藏算法本身误码率为零,计算效率高,不会影响虹膜识别技术本身的性能,能够有效保护特征模板数据,增强虹膜识别系统自身的安全性。     

Face Attribute Convolutional Neural Network System for Data Security with Improved Crypto Biometrics

Due to the enormous usage of the internet for transmission of data over a network, security and authenticity become major risks. Major challenges encountered in biometric system are the misuse of enrolled biometric templates stored in database server. To describe these issues various algorithms are implemented to deliver better protection to biometric traits such as physical (Face, fingerprint, Ear etc.) and behavioural (Gesture, Voice, tying etc.) by means of matching and verification process. In this work, biometric security system with fuzzy extractor and convolutional neural networks using face attribute is proposed which provides different choices for supporting cryptographic processes to the confidential data. The proposed system not only offers security but also enhances the system execution by discrepancy conservation of binary templates. Here Face Attribute Convolutional Neural Network (FACNN) is used to generate binary codes from nodal points which act as a key to encrypt and decrypt the entire data for further processing. Implementing Artificial Intelligence (AI) into the proposed system, automatically upgrades and replaces the previously stored biometric template after certain time period to reduce the risk of ageing difference while processing. Binary codes generated from face templates are used not only for cryptographic approach is also used for biometric process of enrolment and verification. Three main face data sets are taken into the evaluation to attain system performance by improving the efficiency of matching performance to verify authenticity. This system enhances the system performance by 8% matching and verification and minimizes the False Acceptance Rate (FAR), False Rejection Rate (FRR) and Equal Error Rate (EER) by 6 times and increases the data privacy through the biometric cryptosystem by 98.2% while compared to other work.     

Evaluation of a template protection approach to integrate fingerprint biometrics in a PIN-based payment infrastructure

Biometric authentication has a great potential to improve the security, reduce cost, and enhance the customer convenience of payment systems. Despite these benefits, biometric authentication has not yet been adopted by large-scale point-of-sale and automated teller machine systems. This paper aims at providing a better understanding of the benefits and limitations associated with the integration of biometrics in a PIN-based payment authentication system. Based on a review of the market drivers and deployment hurdles, a method is proposed in which biometrics can be seamlessly integrated in a PIN-based authentication infrastructure. By binding a fixed binary, renewable string to a noisy biometric sample, the data privacy and interoperability between issuing and acquiring banks can improve considerably compared to conventional biometric approaches. The biometric system security, cost aspects, and customer convenience are subsequently compared to PIN by means of simulations using fingerprints. The results indicate that the biometric authentication performance is not negatively influenced by the incorporation of key binding and release processes, and that the security expressed as guessing entropy of the biometric key is virtually identical to the current PIN. The data also suggest that for the fingerprint database under test, the claimed benefits for cost reduction, improved security and customer convenience do not convincingly materialize when compared to PIN. This result can in part explain why large-scale biometric payment systems are virtually non-existent in Europe and the United States, and suggests that other biometric modalities than fingerprints may be more appropriate for payment systems.     

模糊逻辑在人脸特征保护算法中的应用

随着人脸识别在门禁、视频监控等公共安全领域中的应用日益广泛,人脸特征数据的安全性和隐私性问题成为备受关注的焦点。近年来出现了许多关于生物特征及人脸特征的安全保护算法,这些算法大都是将生物特征数据转变为二值的串,再进行保护。针对已有的保护算法中将实值的人脸特征转换为二值的串,从而导致信息丢失的不足,应用模糊逻辑对人脸模板数据的类内差异进行建模,从而提高人脸识别系统的性能。给出了算法在CMU PIE的光照子集、CMU PIE带光照和姿势的子集和ORL人脸数据库中的实验结果。实验表明,该算法能够进一步提高已有安全保护算法的识别率。     

生物特征数据安全保护技术的发展

生物特征识别相对于传统的身份识别更安全和便捷.随着生物特征识别系统的广泛应用,生物特征数据的安全性和隐私性日益得到重视.生物特征数据的安全保护技术,主要包括生物特征加密(Biometric Salting)、生物特征密钥生成(Biometric Key Generation)、Fuzzy Schemes等几大类.通过重点分析这几类方法中的具有代表性的算法,来讨论生物特征数据的安全保护技术的研究及其发展,并进一步指出进行生物特征安全保护技术理论与应用研究的发展方向.     

Secure biometric template generation for multi-factor authentication

In the light of recent security incidents, leading to compromise of services using single factor authentication mechanisms, industry and academia researchers are actively investigating novel multi-factor authentication schemes. Moreover, exposure of unprotected authentication data is a high risk threat for organizations with online presence. The challenge is how to ensure security of multi-factor authentication data without deteriorating the performance of an identity verification system? To solve this problem, we present a novel framework that applies random projections to biometric data (inherence factor), using secure keys derived from passwords (knowledge factor), to generate inherently secure, efficient and revocable/renewable biometric templates for users? verification. We evaluate the security strength of the framework against possible attacks by adversaries. We also undertake a case study of deploying the proposed framework in a two-factor authentication setup that uses users? passwords and dynamic handwritten signatures. Our system preserves the important biometric information even when the user specific password is compromised – a highly desirable feature but not existent in the state-of-the-art transformation techniques. We have evaluated the performance of the framework on three publicly available signature datasets. The results prove that the proposed framework does not undermine the discriminating features of genuine and forged signatures and the verification performance is comparable to that of the state-of-the-art benchmark results.     

Theoretical examination of the effects of anxiety and electronic performance monitoring on behavioural biometric security systems

Computerised biometric systems are automated methods of verifying or recognising the identity of a user on the basis of some physiological characteristic, like a fingerprint or some aspects of behaviour such as keystroke patterns. Behaviourally based biometric systems include signature, speaker and keystroke verification. The investigation of psychological factors which might impact on the efficiency of a behavioural biometric computer security monitoring system has to our knowledge not been conducted. Of particular concern in the present paper are the potential effects of state anxiety on individual's physiological and performance responses. It is suggested that in a behaviourally based biometric computer security monitoring system, state anxiety may have sufficient effects to alter typical physiological and performance responses, resulting in an increased risk of security challenges, interruption of work-flow and resultant poor performance. It is also proposed that behaviourally based biometric systems may have the potential to be used as electronic performance monitoring systems, and typical responses to such systems need to be examined when developing and implementing any behaviourally based biometric security system.     

Double watermarking‐based biometric access control for radio frequency identification card

The integration of data privacy and security into radio frequency identification (RFID) technology, particularly into RFID tags, has become one of the most attractive research areas. A crucial challenge in RFID technology research lies in providing an efficient protection for systems against information theft and illegitimate access. This article proposes a secure solution based on an RFID card for physical biometric access‐control applications. This is done by integrating two biometric modalities, namely face and fingerprint which are secured via a double watermarking technique. The suggested approach is ensured by two levels of watermarking. At the first level, the wavelet packet decomposition watermarking algorithm is used to insert features from the fingerprint (minutiae) in the face image of an authorized person. At the second level, the same watermarking algorithm is employed to insert the fingerprint watermark in the face features extracted by Gabor filters from the previously watermarked face image (at the first level). The obtained secured watermarked biometric data are then integrated in a 1‐kB high frequency proximity RFID card. This combination of both RFID technology and the double watermarking technique provides a biometric control access framework. Compared with the state‐of‐the‐art frameworks, the proposed one ensures a good compromise between a reduced computational complexity and a high level of data security while maintaining a small space of storage and a low cost compared to those of the marketed products.     

Secure multimodal biometric authentication with wavelet quantization based fingerprint watermarking

As malicious attacks greatly threaten the security and reliability of biometric systems, ensuring the authenticity of biometric data is becoming increasingly important. In this paper we propose a watermarking-based two-stage authentication framework to address this problem. During data collection, face features are embedded into a fingerprint image of the same individual as data credibility token and secondary authentication source. At the first stage of authentication, the credibility of input data is established by checking the validness of extracted patterns. Due to the specific characteristics of face watermarks, the face detection based classification strategies are introduced for reliable watermark verification instead of conventional correlation based watermark detection. If authentic, the face patterns can further serve as supplemental identity information to facilitate subsequential biometric authentication. In this framework, one critical issue is to guarantee the robustness and capacity of watermark while preserving the discriminating features of host fingerprints. Hence a wavelet quantization based watermarking approach is proposed to adaptively distribute watermark energy on significant DWT coefficients of fingerprint images. Experimental results which evaluate both watermarking and biometric authentication performance demonstrate the effectiveness of this work.     

A hybrid scheme for securing fingerprint templates

In a fingerprint recognition system, templates are stored in the server database. To avoid the privacy concerns in case the database is compromised, many approaches of securing biometrics templates such as biometric encryption, salting, and noninvertible transformation are proposed to enhance privacy and security. However, a single approach may not meet all application requirements including security, diversity, and revocability. In this paper, we present a hybrid scheme for securing fingerprint templates, which integrates our novel algorithms of biometric encryption and noninvertible transformation. During biometric encryption, we perform the implementation of fingerprint fuzzy vault using a linear equation and chaff points. During noninvertible transformation, we perform a regional transformation for every minutia-centered circular region. The hybrid scheme can provide high security, diversity, and revocability. Experimental results show the comparative performance of those approaches. We also present strength analysis and threats on our scheme.     

Dual-key-binding cancelable palmprint cryptosystem for palmprint protection and information security

Biometric cryptosystems and cancelable biometrics are both practical and promising schemes to enhance the security and privacy of biometric systems. Though a number of bio-crypto algorithms have been proposed, they have limited practical applicability because they lack of cancelability. Since biometrics are immutable, the users whose biometrics are stolen cannot use bio-crypto systems anymore. Cancelable biometric schemes are of cancelability; however, they are difficult to compromise the conflicts between the security and performance. By embedded a novel cancelable palmprint template, namely “two dimensional (2D) Palmprint Phasor”, the proposed palmprint cryptosystem overcomes the lack of cancelability in existing biometric cryptosystems. Besides, the authentication performance is enhanced when users have different tokens/keys. Furthermore, we develop a novel dual-key-binding cancelable palmprint cryptosystem to enhance the security and privacy of palmprint biometric. 2D Palmprint Phasor template is scrambled by the scrambling transformation based on the chaotic sequence that is generated by both the user's token/key and strong key extracted from palmprint. Dual-key-binding scrambling not only has more robustness to resist against chosen plain text attack, but also enhances the secure requirement of non-invertibility. 2D Palmprint Phasor algorithm and dual-key-binding scrambling both increase the difficulty of adversary's statistical analysis. The experimental results and security analysis confirm the efficiency of the proposed scheme.     

Multi-instance cancellable biometrics schemes based on generative adversarial network

The main role of cancellable biometric schemes is to protect the privacy of the enrolled users. The protected biometric data are generated by applying a parametrized transformation function to the original biometric data. Although cancellable biometric schemes achieve high security levels, they may degrade the recognition accuracy. One of the mostwidely used approaches to enhance the recognition accuracy in biometric systems is to combine several instances of the same biometric modality. In this paper, two multi-instance cancellable biometric schemes based on iris traits are presented. The iris biometric trait is used in both schemes because of the reliability and stability of iris traits compared to the other biometric traits. A generative adversarial network (GAN) is used as a transformation function for the biometric features. The first scheme is based on a pre-transformation feature-level fusion, where the binary features of multiple instances are concatenated and inputted to the transformation phase. On the other hand, the second scheme is based on a post-transformation feature-level fusion, where each instance is separately inputted to the transformation phase. Experiments conducted on the CASIA Iris-V3-Internal database confirm the high recognition accuracy of the two proposed schemes. Moreover, the security of the proposed schemes is analyzed, and their robustness against two well-known types of attacks is proven.

     

Face Templates Encryption Technique Based on Random Projection and Deep Learning

Cancellable biometrics is the solution for the trade-off between two concepts: Biometrics for Security and Security for Biometrics. The cancelable template is stored in the authentication system’s database rather than the original biometric data. In case of the database is compromised, it is easy for the template to be canceled and regenerated from the same biometric data. Recoverability of the cancelable template comes from the diversity of the cancelable transformation parameters (cancelable key). Therefore, the cancelable key must be secret to be used in the system authentication process as a second authentication factor in conjunction with the biometric data. The main contribution of this paper is to tackle the risks of stolen/lost/shared cancelable keys by using biometric trait (in different feature domains) as the only authentication factor, in addition to achieving good performance with high security. The standard Generative Adversarial Network (GAN) is proposed as an encryption tool that needs the cancelable key during the training phase, and the testing phase depends only on the biometric trait. Additionally, random projection transformation is employed to increase the proposed system’s security and performance. The proposed transformation system is tested using the standard ORL face database, and the experiments are done by applying different features domains. Moreover, a security analysis for the proposed transformation system is presented.     

生物认证系统性能评估研究

评估生物认证系统的性能是个复杂的问题。文章阐述了评估生物认证系统性能的几个重要概念如精确率、速度、鲁棒性和存储需求,及它们对系统实现的影响,并对指纹识别、脸形识别和声音识别系统的性能评估问题进行了详细的分析。最后指出,在安全领域(包括计算机安全),生物认证系统如何被使用和在何处应用取决于它们的性能。     

Improving the accuracy and storage cost in biometric remote authentication schemes

Recently, Bringer et al. proposed a new approach for remote biometric based verification, which consists of a hybrid protocol that distributes the server side functionality in order to detach the biometric data storage from the service provider. Besides, a new security model is defined using the notions of Identity and Transaction Privacy, which guarantee the privacy of the identity-biometrics relationship under the assumption of non-colluding servers. However, due to the high communication and computational costs, the systems following this model cannot be implemented for large scale biometric systems.In this paper, we describe an efficient multi-factor biometric verification system with improved accuracy and lower complexity by considering the range information of every component of the user biometrics separately. Also, the new scheme is provably secure based on the security model of Bringer et al and implements a different database storage that eliminates the disadvantages of encrypted biometric templates in terms of ciphertext expansion. Also, we evaluate different Private Information Retrieval (PIR) schemes applicable for this setting and propose a practical solution for our scheme that reduces the computation costs dramatically. Finally, we compare our results with existing provably secure schemes and achieve reduced computational cost and database storage cost due to the single storage of the common features of the users in the system and amortization of the time complexity of the PIR.     

Hiding biometric data

With the wide spread utilization of biometric identification systems, establishing the authenticity of biometric data itself has emerged as an important research issue. The fact that biometric data is not replaceable and is not secret, combined with the existence of several types of attacks that are possible in a biometric system, make the issue of security/integrity of biometric data extremely critical. We introduce two applications of an amplitude modulation-based watermarking method, in which we hide a user's biometric data in a variety of images. This method has the ability to increase the security of both the hidden biometric data (e.g., eigen-face coefficients) and host images (e.g., fingerprints). Image adaptive data embedding methods used in our scheme lead to low visibility of the embedded signal. Feature analysis of host images guarantees high verification accuracy on watermarked (e.g., fingerprint) images.     

A Proposed Biometric Authentication Model to Improve Cloud Systems Security

Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password. Unfortunately, this approach has many security problems because personal data can be stolen or recognized by hackers. This paper aims to present a cloud-based biometric authentication model (CBioAM) for improving and securing cloud services. The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system (CBioAS), where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’ information. The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy, sensitivity, and specificity. The research study introduces a novel algorithm called “Bio_Authen_as_a_Service” for implementing and evaluating the proposed model. The proposed system performs the biometric authentication process securely and preserves the privacy of user information. The experimental result was highly promising for securing cloud services using the proposed model. The experiments showed encouraging results with a performance average of 93.94%, an accuracy average of 96.15%, a sensitivity average of 87.69%, and a specificity average of 97.99%.     

PalmHashing: a novel approach for dual-factor authentication

Many systems require a reliable personal authentication infrastructure to recognise the identity of a claimant before granting access to him/her. Conventional secure measures include the possession of an identity card or special knowledge like password and personal identification numbers (PINs). These methods are insecure as they can be lost, forgotten and potentially be shared among a group of co-workers for a long time without change. The fact that biometric authentication is convenient and non-refutable makes it a popular approach for a personal identification system. Nevertheless, biometric methods suffer from some inherent limitations and security threats. A more practical approach is to combine two-factor or more authenticators to achieve a higher level of security. This paper proposes a novel dual-factor authenticator based on the iterated inner product between tokenised pseudo-random numbers and user-specific palmprint features. This process generates a set of user-specific compact code called PalmHash, which is highly tolerant of data offset. There is no deterministic way to get the user-specific code without having both PalmHash and the user palmprint feature. This offers strong protection against biometric fabrication. Furthermore, the proposed PalmHashing technique is able to produce zero equal error rate (EER) and yields clean separation of the genuine and imposter populations. Hence, the false acceptance rate (FAR) can be eliminated without suffering from the increased occurrence of the false rejection rate (FRR).This revised version was published online in August 2004 with corrections to the section numbers.     

Fractional biometrics: safeguarding privacy in biometric applications

This paper presents a biometric system solution that “masks” a fraction of a person’s biometric image before submission, to reduce the possibility of forgery and collusion. A prototype system was constructed for the fingerprint biometric and tested in three security scenarios. It is shown that implementing the fractional biometric system does not significantly affect accuracy. We provide theoretical security analysis on the guessing entropy of a Fractional Template and the security against collusion. We demonstrate that by masking above 50% of the biometric features, we achieve a sufficient mix of security, robustness and accuracy to warrant further study. When 75% of the features are masked, we found that the theoretical guessing entropy is 42 bits, and we found that, on average, 5 authenticators had to collude before the system would be compromised.     

一种单因子的可撤销生物特征认证方法

将令牌化随机数作为外部因子的双因子可撤销生物特征认证方法存在令牌泄露、丢失等安全威胁.本文提出了一种生物特征作为唯一输入的解决方法,即单因子的可撤销生物特征认证方法.首先,利用扩展的特征向量,通过预定义的滑动窗口和哈希函数随机化生成二进制种子;然后替换不同的辅助数据来生成可撤销模板;最后,由查询生物特征向量对辅助数据进...