Abstract
Biometric security is a prominent research area with growing privacy and security concerns related to biometric data, generally known as biometric templates. Among the recently proposed biometric template protection schemes, fuzzy commitment is the most popular and reliable. It uses error correcting codes to deal with the significant number of bit errors present in the biometric templates. The high error correcting capability of the underlying error correcting codes is crucial to achieving the desired recognition performance in the biometric system. In general, it is satisfied by padding the input biometric template with some additional bits. The fixed padding approaches proposed in the literature have security vulnerabilities that could disclose the user’s biometric data to the attacker, leading to an impersonation attack. We propose a user-specific, random padding scheme that preserves the recognition performance of the system while it prevents the impersonation attack. The empirical results show that the proposed scheme provides 3 times better recognition performance on the IIT Delhi iris database than the baseline, unprotected systems. Through security analysis, we show that the attack complexity of our proposed work is \(2^{k}\), where k is the length of the secret message used to generate codeword, with \(k \ge 128\) bits.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Al-Assam, H., Jassim, S.: Security evaluation of biometric keys. Cmput. Secur. 31(2), 151–163 (2012)
Berrou, C., Glavieux, A., Thitimajshima, P.: Near shannon limit error-correcting coding and decoding: Turbo-codes. 1. In: Proceedings of ICC’93-IEEE International Conference on Communications, vol. 2, pp. 1064–1070. IEEE (1993)
Bose, R.C., Ray-Chaudhuri, D.K.: On a class of error correcting binary group codes. Inf. Control 3(1), 68–79 (1960)
Chang, D., Garg, S., Ghosh, M., Hasan, M.: Biofuse: a framework for multi-biometric fusion on biocryptosystem level. Inf. Sci. 546, 481–511 (2021)
Chang, D., Garg, S., Hasan, M., Mishra, S.: Cancelable multi-biometric approach using fuzzy extractor and novel bit-wise encryption. IEEE Trans. Inf. Forensics Secur. 15, 3152–3167 (2020)
Chauhan, S., Sharma, A.: Improved fuzzy commitment scheme. Int. J. Inf. Technol. 14, 1321–1331(2019)
Cullen, C.G.: Matrices and Linear Transformations. Courier Corporation (2012)
Daugman, J.: 600 million citizens of India are now enrolled with biometric id. SPIE Newsroom 7 (2014)
Dayal Mohan, D., Sankaran, N., Tulyakov, S., Setlur, S., Govindaraju, V.: Significant feature based representation for template protection. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (2019)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Drozdowski, P., Garg, S., Rathgeb, C., Gomez-Barrcro, M., Chang, D., Busch, C.: Privacy-preserving indexing of iris-codes with cancelable bloom filter-based search structures. In: 2018 26th European Signal Processing Conference (EUSIPCO), pp. 2360–2364. IEEE (2018)
Gao, S.: A new algorithm for decoding reed-solomon codes. In: In: Bhargava, V.K., Poor, H.V., Tarokh, V., Yoon, S. (eds.) Communications, Information and Network Security, pp. 55–68. Springer, Boston (2003). https://doi.org/10.1007/978-1-4757-3789-9_5
Gomez-Barrero, M., Maiorana, E., Galbally, J., Campisi, P., Fierrez, J.: Multi-biometric template protection based on homomorphic encryption. Pattern Recogn. 67, 149–163 (2017)
Gomez-Barrero, M., Rathgeb, C., Galbally, J., Busch, C., Fierrez, J.: Unlinkable and irreversible biometric template protection based on bloom filters. Inf. Sci. 370, 18–32 (2016)
Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006)
Hoang, T., Choi, D., Nguyen, T.: Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme. Int. J. Inf. Secur. 14(6), 549–560 (2015). https://doi.org/10.1007/s10207-015-0273-1
Hollingsworth, K.P., Bowyer, K.W., Flynn, P.J.: The best bits in an iris code. IEEE Trans. Pattern Anal. Mach. Intell. 31(6), 964–973 (2008)
Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP J. Adv. Signal Process. 2008, 113 (2008)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proceedings of IEEE International Symposium on Information Theory, 2002, p. 408. IEEE (2002)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM conference on Computer and Cmmunications Security, pp. 28–36. ACM (1999)
Kanade, S., Camara, D., Krichen, E., Petrovska-Delacrétaz, D., Dorizzi, B.: Three factor scheme for biometric-based cryptographic key regeneration using iris. In: Biometrics Symposium, 2008. BSYM 2008, pp. 59–64. IEEE (2008)
Kanade, S., Camara, D., Petrovska-Delacrtaz, D., Dorizzi, B.: Application of biometrics to obtain high entropy cryptographic keys. World Acad. Sci. Eng. Tech 52, 330 (2009)
Kanade, S., Petrovska-Delacrétaz, D., Dorizzi, B.: Cancelable iris biometrics and using error correcting codes to reduce variability in biometric data. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 120–127. IEEE (2009)
Kanade, S., Petrovska-Delacrétaz, D., Dorizzi, B.: Multi-biometrics based cryptographic key regeneration scheme. In: 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems, pp. 1–7. IEEE (2009)
Kanade, S.G., Petrovska-Delacrétaz, D., Dorizzi, B.: Enhancing information security and privacy by combining biometrics with cryptography. Synth. Lect. Inf. Sec. Privacy Trust 3(1), 1–140 (2012)
Keller, D., Osadchy, M., Dunkelman, O.: Fuzzy commitments offer insufficient protection to biometric templates produced by deep learning. arXiv preprint arXiv:2012.13293 (2020)
Kumar, A., Passi, A.: Comparison and combination of iris matchers for reliable personal authentication. Pattern Recogn. 43(3), 1016–1026 (2010)
Li, P., Yang, X., Qiao, H., Cao, K., Liu, E., Tian, J.: An effective biometric cryptosystem combining fingerprints with error correction codes. Expert Syst. Appl. 39(7), 6562–6574 (2012)
Lin, S., Costello, D.J.: Error Control Coding. Prentice Hall, Englewood Cliffs (2001)
MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes, vol. 16. Elsevier, New York (1977)
Mai, G., Cao, K., Lan, X., Yuen, P.C.: Secureface: face template protection. IEEE Trans. Inf. Forensics Secur. 16, 262–277 (2020)
Malek, M.: Hadamard Codes. California State University, p. 112 (2018)
Masek, L., et al.: Recognition of human iris patterns for biometric identification. Ph.D. thesis, Citeseer (2003)
Nandakumar, K., Jain, A.K.: Biometric template protection: Bridging the performance gap between theory and practice. IEEE Signal Process. Mag. 32(5), 88–100 (2015)
NL, F.: Uk," comparison bose-chaudhuri-hocquenghem bch and reed solomon. CCITT SGXV, Doc.# 476, Working Party XV/4, Specialists Group on Coding for Visual Telephony (2004)
Othman, N., Dorizzi, B., Garcia-Salicetti, S.: OSIRIS: an open source iris recognition software. Pattern Recogn. Lett. 82, 124–131 (2016)
Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40(3), 614–634 (2001)
Rathge, C., Uhl, A., Wild, P.: Reliability-balanced feature level fusion for fuzzy commitment scheme. In: 2011 International Joint Conference on Biometrics (IJCB), pp. 1–7. IEEE (2011)
Rathgeb, C., Breitinger, F., Busch, C.: Alignment-free cancelable iris biometric templates based on adaptive bloom filters. In: 2013 International Conference on Biometrics (ICB), pp. 1–8. IEEE (2013)
Rathgeb, C., Uhl, A.: The state-of-the-art in iris biometric cryptosystems. In: State of the Art in Biometrics, pp. 179–202 (2011)
Rathgeb, C., Uhl, A., Wild, P., Hofbauer, H.: Design decisions for an iris recognition SDK. In: Bowyer, K.W., Burge, M.J. (eds.) Handbook of Iris Recognition. ACVPR, pp. 359–396. Springer, London (2016). https://doi.org/10.1007/978-1-4471-6784-6_16
Stoianov, A.: Security of error correcting code for biometric encryption. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), pp. 231–235. IEEE (2010)
Talreja, V., Valenti, M.C., Nasrabadi, N.M.: Zero-shot deep hashing and neural network based error correction for face template protection. In: 2019 IEEE 10th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–10. IEEE (2019)
Teoh, A.B.J., Kim, J.: Error correction codes for biometric cryptosystem: an overview. Inf. Commun. Mag. 32(6), 39–49 (2015)
Zhou, K., Ren, J.: PassBio: privacy-preserving user-centric biometric authentication. IEEE Trans. Inf. Forensics Secur. 13(12), 3050–3063 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chang, D., Garg, S., Hasan, M., Mishra, S. (2022). On Security of Fuzzy Commitment Scheme for Biometric Authentication. In: Nguyen, K., Yang, G., Guo, F., Susilo, W. (eds) Information Security and Privacy. ACISP 2022. Lecture Notes in Computer Science, vol 13494. Springer, Cham. https://doi.org/10.1007/978-3-031-22301-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-22301-3_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22300-6
Online ISBN: 978-3-031-22301-3
eBook Packages: Computer ScienceComputer Science (R0)