Skip to main content
SpringerLink
Log in

Secure Sketches for Protecting Biometric Templates

  • Chapter
Security and Privacy in Biometrics

Abstract

As biometric technologies are becoming pervasive, it is imperative to protect the users of these technologies from misuse of their biometric data. However, unlike user credentials in traditional security systems, such as passwords or tokens, biometric features cannot be consistently sampled, and the matching process can be complex. Furthermore, the consequences of losing biometric data can be far more severe than passwords or tokens. Secure sketches, a recently developed cryptographic primitive, allow noisy data to be restored using some helper-data, while providing bounds on how much sensitive information such helper-data would reveal when obtained by malicious parties. In this chapter, we discuss security threats on the use of biometric templates in security systems, and how secure sketches can be used to address these threats under various circumstances.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It is worth mentioning the fact that the k biometric is based on an experimentally determined value of FAR(Ï„). Therefore, the k password and k biometric will be comparable only if the password character selection is uniformly random [34].

  2. 2.

    Although the term helper-data is used as the name of the techniques proposed in [26, 49], in this chapter we use the term helper-data for categorizing the template protection methods without referring to any specific technique/method.

References

  1. Ang R, Safavi-Naini R, McAven L (2005) Cancelable key-based fingerprint templates. In: ACISP. LNCS, vol 3574, pp 242–252

    Google Scholar 

  2. Boult T, Scheirer W, Woodwork R (2007) Revocable fingerprint biotokens: accuracy and security analysis. In: IEEE Conf Computer Vison and Pattern Recognition (CVPR)

    Google Scholar 

  3. Boyen X (2004) Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, New York, pp 82–91. doi:10.1145/1030083.1030096

    Google Scholar 

  4. Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Eurocrypt

    Google Scholar 

  5. Bringer J, Chabanne H, Kindarji B (2008) The best of both worlds: applying secure sketches to cancelable biometrics. Science of Computer Programming 74(1–2):43–51. Special issue on security and trust

    Article  MathSciNet  MATH  Google Scholar 

  6. Buhan I, Doumen J, Hartel P, Veldhuis R (2007) Fuzzy extractors for continuous distributions. In: 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Singapore, 20–22 March 2007, pp 353–355

    Chapter  Google Scholar 

  7. Bui F, Martin K, Lu H, Plataniotis K, Hatzinakos D, (2010) Fuzzy key binding strategies based on quantization index modulation (qim) for biometric encryption (be) applications. IEEE Transactions on Information Forensics and Security 5(1):118–132

    Article  Google Scholar 

  8. Chang EC, Li Q (2006) Hiding secret points amidst chaff. In: Eurocrypt, pp 59–72

    Google Scholar 

  9. Chang EC, Fedyukovych V, Li Q (2006) Secure sketch for multi-set difference. Cryptology ePrint archive, report 2006/090. http://eprint.iacr.org/

  10. Chen C, Veldhuis R, Kevenaar T, Akkermans A (2008) Biometric binary string generation with detection rate optimized bit allocation. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). IEEE Press, New York, pp 1–7

    Google Scholar 

  11. Clancy T, Kiyavash N, Lin D (2003) Secure smartcard-based fingerprint authentication. In: ACM Workshop on Biometric Methods and Applications, Berkeley, CA, USA, pp 45–52

    Google Scholar 

  12. Cover TM, Thomas JA (1991) Elements of Information Theory. Wiley, New York

    Book  MATH  Google Scholar 

  13. Dass SC, Zhu Y, Jain AK (2005) Statistical models for assessing the individuality of fingerprints. In: AUTOID’05: Proceedings of the Fourth IEEE Workshop on Automatic Identification Advanced Technologies, pp 3–9

    Chapter  Google Scholar 

  14. Daugman J (2003) The importance of being random: statistical principles of iris recognition. Pattern Recognition 36(2)

    Google Scholar 

  15. Davida G, Frankel Y, Matt B (1998) On enabling secure applications through off-line biometric identification. In: Proc IEEE Symp on Security and Privacy, pp 148–157

    Google Scholar 

  16. Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Eurocrypt. LNCS, vol 3027. Springer, Berlin, pp 523–540

    Google Scholar 

  17. Draper S, Khisti A, Martinian E, Vetro A, Yedidia J (2007) Secure storage of fingerprint biometrics using Slepian-Wolf codes. In: Information Theory and Applications Workshop, San Diego, CA

    Google Scholar 

  18. Draper S, Khisti A, Martinian E, Vetro A, Yedidia J (2007) Using distributed source coding to secure fingerprint biometrics. In: IEEE Conf on Acoustics, Speech and Signal Processing (ICASSP), pp 129–132

    Google Scholar 

  19. Fang C, Li Q, Chang EC (2010) Secure sketch for multiple secrets. In: International Conference on Applied Cryptography and Network Security. LNCS, vol 6123. Springer, Berlin, pp 367–383

    Chapter  Google Scholar 

  20. Galbally J, Cappelli R, Lumini A, de Rivera GG, Maltoni D, Fiérrez J, Ortega-Garcia J, Maio D (2010) An evaluation of direct attacks using fake fingers generated from ISO templates. Pattern Recognition Letters 31:725–732

    Article  Google Scholar 

  21. Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Transactions on Computers 55(9):1081–1088

    Article  Google Scholar 

  22. Ignatenko T, Willems F (2010) Information leakage in fuzzy commitment schemes. IEEE Transactions on Information Forensics and Security 5(2):337–348

    Article  Google Scholar 

  23. Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP Journal on Advances in Signal Processing. Special issue on pattern recognition methods for biometrics

    Google Scholar 

  24. Juels A, Sudan M (2002) A fuzzy vault scheme. In: IEEE Intl Symp on Information Theory

    Google Scholar 

  25. Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: Proc ACM Conf on Computer and Communications Security, pp 28–36

    Google Scholar 

  26. Kevenaar T, Schrijen G, der Veen MV, Akkermans A, Zuo F (2005) Face recognition with renewable and privacy preserving binary templates. In: Fourth IEEE Workshop on Automatic Identification Advanced Technologies, pp 21–26

    Chapter  Google Scholar 

  27. Li Q, Sutcu Y, Memon N (2006) Secure sketch for biometric templates. In: Asiacrypt. LNCS, Shanghai, China, pp 99–113

    Google Scholar 

  28. Li Q, Guo M, Chang EC (2008) Fuzzy extractors for asymmetric biometric representations. In: IEEE Computer Society Workshop on Biometrics, June 2008

    Google Scholar 

  29. Linnartz JPMG, Tuyls P (2003) New shielding functions to enhance privacy and prevent misuse of biometric templates. In: AVBPA 2003, pp 393–402

    Google Scholar 

  30. Maiorana E, Campisi P, Ortega-Garcia J, Neri A (2008) Cancelable biometrics for hmm based signature recognition. In: Proceedings of the IEEE Second International Conference on Biometrics: Theory, Applications and Systems (BTAS 2008), Crystal City, VA, USA

    Google Scholar 

  31. Martinian E, Yekhanin S, Yedidia JS (2005) Secure biometrics via syndromes. In: 43rd Annual Allerton Conference on Communications, Control, and Computing, Monticello, IL, pp 45–52

    Google Scholar 

  32. Maurer U, Wolf S (2000) Information-theoretic key agreement: from weak to strong secrecy for free. In: Eurocrypt

    Google Scholar 

  33. Nandakumar K, Jain AK, Pankanti S (2007) Fingerprint-based fuzzy vault: implementation and performance. IEEE Transactions on Information Forensics and Security 2(4):744–757

    Article  Google Scholar 

  34. O’Gorman L (2003) Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12):2021–2040

    Article  Google Scholar 

  35. Pankanti S, Prabhakar S, Jain AK (2002) On the individuality of fingerprints. IEEE Transactions on Pattern Analysis and Machine Intelligence 24:1010–1025

    Article  Google Scholar 

  36. Prabhakar S, Pankanti S, Jain AK (2003) Biometric recognition: security and privacy concerns. IEEE Security and Privacy 1(2):33–42. doi:10.1109/MSECP.2003.1193209

    Article  Google Scholar 

  37. Ratha N, Connell J, Bolle R (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3):614–634

    Article  Google Scholar 

  38. Ratha NK, Chikkerur S, Connell JH, Bolle RM (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):561–572

    Article  Google Scholar 

  39. Ross A, Shah J, Jain AK (2007) From template to image: reconstructing fingerprints from minutiae points. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):544–560

    Article  Google Scholar 

  40. Savvides M, Kumar BV, Khosla P (2004) Cancelable biometric filters for face recognition. In: Proceedings of the 17th International Conference on Pattern Recognition, ICPR 2004, vol 3, pp 922–925

    Chapter  Google Scholar 

  41. Schneier B (1996) Applied Cryptography, 2nd edn. Wiley, New York

    Google Scholar 

  42. Soutar C, Roberge D, Stojanov S, Gilroy R, Kumar BV (1998) Biometric encryption using image processing. In: SPIE, Optical Security and Counterfeit Deterrence Techniques II, San Jose, CA, USA, vol 3314

    Google Scholar 

  43. Sutcu Y, Li Q, Memon N (2007) Protecting biometric templates with sketch: theory and practice. IEEE Transactions on Information Forensics and Security 2(3):503–512

    Article  Google Scholar 

  44. Sutcu Y, Rane S, Yedidia J, Draper S, Vetro A (2008) Feature extraction for a Slepian-Wolf biometric system using LDPC codes. In: 2007 IEEE International Symposium on Information Theory, Toronto, Ontario, CA, 6–11 July 2008

    Google Scholar 

  45. Sutcu Y, Rane S, Yedidia J, Draper S, Vetro A (2008) Feature transformation of biometric templates for secure biometric systems based on error correcting codes. In: 2007 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2008), Anchorage, AK, USA, 23–28 June 2008

    Google Scholar 

  46. Sutcu Y, Li Q, Memon N (2009) Design and analysis of fuzzy extractors for faces. In: SPIE International Defense and Security Symposium, Orlando, FL

    Google Scholar 

  47. Teoh A, Gho A, Ngo D (2006) Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs. IEEE Transactions on Pattern Analysis and Machine Intelligence 28(12):1892–1901

    Article  Google Scholar 

  48. Tuyls P, Goseling J (2004) Capacity and examples of template-protecting biometric authentication systems. In: ECCV Workshop BioAW, pp 158–170

    Google Scholar 

  49. Tuyls P, Akkermans A, Kevenaar T, Schrijen G, Bazen A, Veldhuis R (2005) Practical biometric authentication with template protection. In: AVBPA, pp 436–446

    Google Scholar 

  50. Uludag U, Jain A (2004) Fuzzy fingerprint vault. In: Workshop on Biometrics: Challenges Arising from Theory to Practice, pp 13–16

    Google Scholar 

  51. Verbitskiy E, Tuyls P, Obi C, Schoenmakers B, Skoric B (2010) Key extraction from general nondiscrete signals. IEEE Transactions on Information Forensics and Security 5(2):269–279

    Article  Google Scholar 

  52. Vetro A, Memon N (2008) Biometric system security. In: Tutorial Presented at IEEE International Conference on Acoustics, Speech and Signal Processing, Las Vegas, NV, USA, April 2008

    Google Scholar 

  53. Yang S, Verbauwhede I (2005) Automatic secure fingerprint verification system based on fuzzy vault scheme. In: IEEE Intl Conf on Acoustics, Speech, and Signal Processing (ICASSP), pp 609–612

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Polytechnic Institute of New York University, Brooklyn, NY, USA

    Yagiz Sutcu & Nasir Memon

  2. Clault Pte. Ltd., Singapore, Singapore

    Qiming Li

Authors
  1. Yagiz Sutcu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiming Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nasir Memon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yagiz Sutcu .

Editor information

Editors and Affiliations

  1. Department of Applied Electronics, Roma Tre University, via della Vasca Navale 84, Rome, 00146, Italy

    Patrizio Campisi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag London

About this chapter

Cite this chapter

Sutcu, Y., Li, Q., Memon, N. (2013). Secure Sketches for Protecting Biometric Templates. In: Campisi, P. (eds) Security and Privacy in Biometrics. Springer, London. https://doi.org/10.1007/978-1-4471-5230-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-5230-9_4

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-5229-3

  • Online ISBN: 978-1-4471-5230-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation