Abstract
As biometric technologies are becoming pervasive, it is imperative to protect the users of these technologies from misuse of their biometric data. However, unlike user credentials in traditional security systems, such as passwords or tokens, biometric features cannot be consistently sampled, and the matching process can be complex. Furthermore, the consequences of losing biometric data can be far more severe than passwords or tokens. Secure sketches, a recently developed cryptographic primitive, allow noisy data to be restored using some helper-data, while providing bounds on how much sensitive information such helper-data would reveal when obtained by malicious parties. In this chapter, we discuss security threats on the use of biometric templates in security systems, and how secure sketches can be used to address these threats under various circumstances.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It is worth mentioning the fact that the k biometric is based on an experimentally determined value of FAR(Ï„). Therefore, the k password and k biometric will be comparable only if the password character selection is uniformly random [34].
- 2.
References
Ang R, Safavi-Naini R, McAven L (2005) Cancelable key-based fingerprint templates. In: ACISP. LNCS, vol 3574, pp 242–252
Boult T, Scheirer W, Woodwork R (2007) Revocable fingerprint biotokens: accuracy and security analysis. In: IEEE Conf Computer Vison and Pattern Recognition (CVPR)
Boyen X (2004) Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, New York, pp 82–91. doi:10.1145/1030083.1030096
Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Eurocrypt
Bringer J, Chabanne H, Kindarji B (2008) The best of both worlds: applying secure sketches to cancelable biometrics. Science of Computer Programming 74(1–2):43–51. Special issue on security and trust
Buhan I, Doumen J, Hartel P, Veldhuis R (2007) Fuzzy extractors for continuous distributions. In: 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Singapore, 20–22 March 2007, pp 353–355
Bui F, Martin K, Lu H, Plataniotis K, Hatzinakos D, (2010) Fuzzy key binding strategies based on quantization index modulation (qim) for biometric encryption (be) applications. IEEE Transactions on Information Forensics and Security 5(1):118–132
Chang EC, Li Q (2006) Hiding secret points amidst chaff. In: Eurocrypt, pp 59–72
Chang EC, Fedyukovych V, Li Q (2006) Secure sketch for multi-set difference. Cryptology ePrint archive, report 2006/090. http://eprint.iacr.org/
Chen C, Veldhuis R, Kevenaar T, Akkermans A (2008) Biometric binary string generation with detection rate optimized bit allocation. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). IEEE Press, New York, pp 1–7
Clancy T, Kiyavash N, Lin D (2003) Secure smartcard-based fingerprint authentication. In: ACM Workshop on Biometric Methods and Applications, Berkeley, CA, USA, pp 45–52
Cover TM, Thomas JA (1991) Elements of Information Theory. Wiley, New York
Dass SC, Zhu Y, Jain AK (2005) Statistical models for assessing the individuality of fingerprints. In: AUTOID’05: Proceedings of the Fourth IEEE Workshop on Automatic Identification Advanced Technologies, pp 3–9
Daugman J (2003) The importance of being random: statistical principles of iris recognition. Pattern Recognition 36(2)
Davida G, Frankel Y, Matt B (1998) On enabling secure applications through off-line biometric identification. In: Proc IEEE Symp on Security and Privacy, pp 148–157
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Eurocrypt. LNCS, vol 3027. Springer, Berlin, pp 523–540
Draper S, Khisti A, Martinian E, Vetro A, Yedidia J (2007) Secure storage of fingerprint biometrics using Slepian-Wolf codes. In: Information Theory and Applications Workshop, San Diego, CA
Draper S, Khisti A, Martinian E, Vetro A, Yedidia J (2007) Using distributed source coding to secure fingerprint biometrics. In: IEEE Conf on Acoustics, Speech and Signal Processing (ICASSP), pp 129–132
Fang C, Li Q, Chang EC (2010) Secure sketch for multiple secrets. In: International Conference on Applied Cryptography and Network Security. LNCS, vol 6123. Springer, Berlin, pp 367–383
Galbally J, Cappelli R, Lumini A, de Rivera GG, Maltoni D, Fiérrez J, Ortega-Garcia J, Maio D (2010) An evaluation of direct attacks using fake fingers generated from ISO templates. Pattern Recognition Letters 31:725–732
Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Transactions on Computers 55(9):1081–1088
Ignatenko T, Willems F (2010) Information leakage in fuzzy commitment schemes. IEEE Transactions on Information Forensics and Security 5(2):337–348
Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP Journal on Advances in Signal Processing. Special issue on pattern recognition methods for biometrics
Juels A, Sudan M (2002) A fuzzy vault scheme. In: IEEE Intl Symp on Information Theory
Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: Proc ACM Conf on Computer and Communications Security, pp 28–36
Kevenaar T, Schrijen G, der Veen MV, Akkermans A, Zuo F (2005) Face recognition with renewable and privacy preserving binary templates. In: Fourth IEEE Workshop on Automatic Identification Advanced Technologies, pp 21–26
Li Q, Sutcu Y, Memon N (2006) Secure sketch for biometric templates. In: Asiacrypt. LNCS, Shanghai, China, pp 99–113
Li Q, Guo M, Chang EC (2008) Fuzzy extractors for asymmetric biometric representations. In: IEEE Computer Society Workshop on Biometrics, June 2008
Linnartz JPMG, Tuyls P (2003) New shielding functions to enhance privacy and prevent misuse of biometric templates. In: AVBPA 2003, pp 393–402
Maiorana E, Campisi P, Ortega-Garcia J, Neri A (2008) Cancelable biometrics for hmm based signature recognition. In: Proceedings of the IEEE Second International Conference on Biometrics: Theory, Applications and Systems (BTAS 2008), Crystal City, VA, USA
Martinian E, Yekhanin S, Yedidia JS (2005) Secure biometrics via syndromes. In: 43rd Annual Allerton Conference on Communications, Control, and Computing, Monticello, IL, pp 45–52
Maurer U, Wolf S (2000) Information-theoretic key agreement: from weak to strong secrecy for free. In: Eurocrypt
Nandakumar K, Jain AK, Pankanti S (2007) Fingerprint-based fuzzy vault: implementation and performance. IEEE Transactions on Information Forensics and Security 2(4):744–757
O’Gorman L (2003) Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12):2021–2040
Pankanti S, Prabhakar S, Jain AK (2002) On the individuality of fingerprints. IEEE Transactions on Pattern Analysis and Machine Intelligence 24:1010–1025
Prabhakar S, Pankanti S, Jain AK (2003) Biometric recognition: security and privacy concerns. IEEE Security and Privacy 1(2):33–42. doi:10.1109/MSECP.2003.1193209
Ratha N, Connell J, Bolle R (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3):614–634
Ratha NK, Chikkerur S, Connell JH, Bolle RM (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):561–572
Ross A, Shah J, Jain AK (2007) From template to image: reconstructing fingerprints from minutiae points. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):544–560
Savvides M, Kumar BV, Khosla P (2004) Cancelable biometric filters for face recognition. In: Proceedings of the 17th International Conference on Pattern Recognition, ICPR 2004, vol 3, pp 922–925
Schneier B (1996) Applied Cryptography, 2nd edn. Wiley, New York
Soutar C, Roberge D, Stojanov S, Gilroy R, Kumar BV (1998) Biometric encryption using image processing. In: SPIE, Optical Security and Counterfeit Deterrence Techniques II, San Jose, CA, USA, vol 3314
Sutcu Y, Li Q, Memon N (2007) Protecting biometric templates with sketch: theory and practice. IEEE Transactions on Information Forensics and Security 2(3):503–512
Sutcu Y, Rane S, Yedidia J, Draper S, Vetro A (2008) Feature extraction for a Slepian-Wolf biometric system using LDPC codes. In: 2007 IEEE International Symposium on Information Theory, Toronto, Ontario, CA, 6–11 July 2008
Sutcu Y, Rane S, Yedidia J, Draper S, Vetro A (2008) Feature transformation of biometric templates for secure biometric systems based on error correcting codes. In: 2007 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2008), Anchorage, AK, USA, 23–28 June 2008
Sutcu Y, Li Q, Memon N (2009) Design and analysis of fuzzy extractors for faces. In: SPIE International Defense and Security Symposium, Orlando, FL
Teoh A, Gho A, Ngo D (2006) Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs. IEEE Transactions on Pattern Analysis and Machine Intelligence 28(12):1892–1901
Tuyls P, Goseling J (2004) Capacity and examples of template-protecting biometric authentication systems. In: ECCV Workshop BioAW, pp 158–170
Tuyls P, Akkermans A, Kevenaar T, Schrijen G, Bazen A, Veldhuis R (2005) Practical biometric authentication with template protection. In: AVBPA, pp 436–446
Uludag U, Jain A (2004) Fuzzy fingerprint vault. In: Workshop on Biometrics: Challenges Arising from Theory to Practice, pp 13–16
Verbitskiy E, Tuyls P, Obi C, Schoenmakers B, Skoric B (2010) Key extraction from general nondiscrete signals. IEEE Transactions on Information Forensics and Security 5(2):269–279
Vetro A, Memon N (2008) Biometric system security. In: Tutorial Presented at IEEE International Conference on Acoustics, Speech and Signal Processing, Las Vegas, NV, USA, April 2008
Yang S, Verbauwhede I (2005) Automatic secure fingerprint verification system based on fuzzy vault scheme. In: IEEE Intl Conf on Acoustics, Speech, and Signal Processing (ICASSP), pp 609–612
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this chapter
Cite this chapter
Sutcu, Y., Li, Q., Memon, N. (2013). Secure Sketches for Protecting Biometric Templates. In: Campisi, P. (eds) Security and Privacy in Biometrics. Springer, London. https://doi.org/10.1007/978-1-4471-5230-9_4
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5230-9_4
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5229-3
Online ISBN: 978-1-4471-5230-9
eBook Packages: Computer ScienceComputer Science (R0)