Information and Communications Magazine (정보와 통신)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Error Correction Codes for Biometric Cryptosystem: An Overview

  • Published : 2015.05.29
Download PDF
⟨ Previous Next ⟩

Abstract

In cryptographic applications, the key protection is either knowledge-based (passwords) or possession-based (tamper-proof device). Unfortunately, both approaches are easily forgotten or stolen, thus introducing various key management issues. By incorporating biometrics technologies which utilize the uniqueness of personal characteristics, the security of cryptosystems could be strengthened as authentication now requires the presence of the user. Biometric Cryptosystem (BC) encompasses the design of cryptographic keys protection methods by incorporating biometrics. BC involves either key-biometrics binding or direct key generation from biometrics. However, the wide acceptance and deployment of BC solutions are constrained by the fuzziness related with biometric data. Hence, error correction codes (ECCs) should be adopted to ensure that fuzziness of biometric data can be alleviated. In this overview paper, we present such ECC solutions used in various BCs. We also delineate on the important facts to be considered when choosing appropriate ECCs for a particular biometric based solution from accuracy performance and security perspectives.

Keywords

References

  1. B. Schneier. Applied Cryptography: Protocols Algorithms and Source Code in C. John Wiley and Sons, Inc. 1996.
  2. A.K. Jain, L. Hong, S. Pankanti. Biometrics Identification. Commun. ACM 43 (2) 91-98, 2000.
  3. U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, "Biometric cryptosystems: issues and challenges," Proceedings of the IEEE, vol. 92, no. 6, pp. 948-960, Jun. 2004. https://doi.org/10.1109/JPROC.2004.827372
  4. Tomko GJ, Soutar C, Schmidt GJ (1996) Fingerprint controlled pub Invalid source specified.lic key cryptographic sys-tem. US Patent 5541994, 30 July 1996 (Filing date: 7 Sept 1994).
  5. A. Cavoukian, M. Chibba, and A. Stoianov, "Advances in Biometric Encryption: Taking Privacy by Design from Academic Research to Deployment," Review of Policy Research, vol. 29, no. 1, pp. 37-61, Jan. 2012. https://doi.org/10.1111/j.1541-1338.2011.00537.x
  6. Harsha S. Gardiyawasam Pussewalage, Jiankun Hu, and Josef Pieprzyk, "A Survey: Error Control Methods Used in Bio-Cryptography," presented at the 2014 10th International Conference on Natural Computation (ICNC 2014), 2014.
  7. T. C. Clancy, N. Kiyavash, and D. J. Lin, "Secure smartcardbased fingerprint authentication," in Proceedings of the 2003 ACM SIGMM workshop on Biometrics methods and applications, 2003, pp. 45-52.
  8. F. Hao, R. Anderson, and J. Daugman, "Combining Crypto with Biometrics Effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, Sep. 2006. https://doi.org/10.1109/TC.2006.138
  9. P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G.-J. Schrijen, A. M. Bazen, and R. N. J. Veldhuis, "Practical biometric authentication with template protection," in Proceedings of the 5th international conference on Audio- and Video-Based Biometric Person Authentication, Berlin, Heidelberg, 2005, pp. 436-446.
  10. M. Baldi, M. Bianchi, F. Chiaraluce, J. Rosenthal, and D. Schipani, "On fuzzy syndrome hashing with LDPC coding," in Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, New York, NY, USA, 2011, pp. 24:1-24:5.
  11. E. Maiorana, D. Blasi, and P. Campisi, "Biometric template protection using turbo codes and modulation constellations," in 2012 IEEE International Workshop on Information Forensics and Security (WIFS), 2012, pp. 25-30.
  12. Y. Imamverdiyev, A. B. J. Teoh, and J. Kim, "Biometric cryptosystem based on discretized fingerprint texture descriptors," Expert Systems with Applications, vol. 40, no. 5, pp. 1888-1901, 2013. https://doi.org/10.1016/j.eswa.2012.10.009
  13. A. Juels and M. Wattenberg, "A fuzzy commitment scheme," in Proceedings of the 6th ACM conference on Computer and communications security, New York, NY, USA, 1999, pp. 28-36.
  14. Giles Brassard, David Chaum, and Claude Crepeau, Minimum Disclosure Proofs of Knowledge Journal of Computer and System Sciences, vol. 37, pp. 156-189, 1988 https://doi.org/10.1016/0022-0000(88)90005-0
  15. J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zemor, "Optimal iris fuzzy sketches", in IEEE First International Conference on Biometrics: Theory, Applications, and Systems, BTAS'07, 2007.
  16. R. Alvarez Marino, F. Hernandez Alvarez, and L. Hernandez Encinas, "A crypto-biometric scheme based on iris-templates with fuzzy extractors," Information Sciences, vol. 195, pp. 91-102, Jul. 2012.
  17. S. Kanade, D. Petrovska-Delacretaz, and B. Dorizzi, "Cancelable Iris Biometrics and using Error Correcting Codes to reduce Variability in Biometric Data", in IEEE Conference on Computer Vision and Pattern Recognition, IEEE, pp. 120-127, Florida, USA, Jun. 2009.
  18. S. Kanade, D. Camara, E. Krichen, D. Petrovska-Delacretaz, and B.Dorizzi, "Three Factor Scheme for Biometric-based Cryptographic Key Regeneration using Iris", in Biometrics Symposium, IEEE, pp. 59-64, Florida, USA, Sep. 2008.
  19. M. van der Veen, T. Kevenaar, G.-J. Schrijen, T. H. Akkermans, and F. Zuo, "Face biometrics with renewable templates," Proceedings of SPIE, vol. 6072, no. 1, p. 60720J-60720J-12, Feb. 2006.
  20. E. J. C. Kelkboom, B. Gokberk, T. A. M. Kevenaar, A. H. M. Akkermans, and M. Veen, "3D Face": Biometric Template Protection for 3D Face Recognition," in Advances in Biometrics, vol. 4642, 2007, pp. 566-573.
  21. B. Chen and V. Chandran, "Biometric Based Cryptographic Key Generation from Faces," in 9th Biennial Conference of the Australian Pattern Recognition Society on Digital Image Computing Techniques and Applications, 2007, pp. 394-401.
  22. P. Tuyls, A. Akkermans, T. Kevenaar, G. Schrijen, and R. Veldhuis, "Practical Biometric Authentication with Template Protection", in Proceedings of 5 th International Conference on Audio-and Video-Based Biometric Person Authentication, Springer, pp. 436-446, New York, USA, Jul. 2005.
  23. A. Juels and M. Sudan, "A fuzzy vault scheme," in IEEE International Symposium on Information Theory, 2002. Proceedings, 2002.
  24. U. Uludag, S. Pankanti, and A. K. Jain, "Fuzzy Vault for Fingerprints," in Audio- and Video-Based Biometric Person Authentication, 2005, pp. 310-319.
  25. A. Nagar, K. Nandakumar, and A. K. Jain, "Securing Fingerprint Template: Fuzzy Vault with Minutiae Descriptors", in Proceedings of 19th International Conference on Pattern Recognition, IEEE, pp. 1-4, Florida, USA, Dec. 2008.
  26. Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data," SIAM J. Comput., vol. 38, no. 1, pp. 97-139, Mar. 2008. https://doi.org/10.1137/060651380
  27. X. Boyen, "Reusable cryptographic fuzzy extractors," in Proceedings of the 11th ACM conference on Computer and communications security, New York, NY, USA, 2004, pp. 82-91.
  28. P. Tuyls and J. Goseling, Capacity and Examples of Template Protecting. BioAW 2004, LNCS 3087, 158-170, Prague, 2004.
  29. Yagiz Sutcu, Qiming Li, and N. Memon, "Protecting Biometric Templates With Sketch: Theory and Practice," IEEE Transactions on Information Forensics and Security, vol. 2, no. 3, pp. 503-512, Sep. 2007. https://doi.org/10.1109/TIFS.2007.902022
  30. E. Maiorana, D. Blasi, and P. Campisi, "Biometric template protection using turbo codes and modulation constellations," in 2012 IEEE International Workshop on Information Forensics and Security (WIFS), 2012, pp. 25-30.
  31. A. Arakala, J. Jeffers, and K. J. Horadam, "Fuzzy Extractors for Minutiae-Based Fingerprint Authentication," in Advances in Biometrics, vol. 4642, S.-W. Lee and S. Z. Li, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 760-769.
  32. S. Cimato, M. Gamassi, V. Piuri, R. Sassi, and F. Scotti, "Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System," in Computer Security Applications Conference, 2008. ACSAC 2008. Annual, 2008, pp. 130-139.
  33. W. Yang, J. Hu, and S. Wang, "A Delaunay Triangle-Based Fuzzy Extractor for Fingerprint Authentication," in 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2012, pp. 66-70.
  34. R. alvarez Marino, F. Hernandez alvarez, and L. Hernandez Encinas, "A crypto-biometric scheme based on iris-templates with fuzzy extractors," Information Sciences, vol. 195, pp. 91-102, Jul. 2012. https://doi.org/10.1016/j.ins.2012.01.042
  35. Anthony Vetro, Stark Draper, Shantanu Rane, and Jonathan Yedidia, "Securing Biometric Data," in DISTRIBUTED SOURCE CODING, Elsevier, 2009.
  36. T. Santos, L.D. Soares, P.L. Correia, "Iris Verification System with Secure Template Storage", European Signal Processing Conference (EUSIPCO), Aalborg, Denmark, August 2010.
  37. A. Nagar, S. Rane, and A. Vetro, "Privacy and security of features extracted from minutiae aggregates," in Acoustics Speech and Signal Processing (ICASSP), 2010 IEEE International Conference on, 2010, pp. 1826-1829.
  38. Y. Sutcu, S. Rane, J. S. Yedidia, S. C. Draper, and A. Vetro, "Feature extraction for a Slepian-Wolf biometric system using LDPC codes," in Information Theory, 2008. ISIT 2008. IEEE International Symposium on, 2008, pp. 2297-2301.
  39. E. Maiorana, D. Blasi, and P. Campisi, "Biometric template protection using turbo codes and modulation constellations," in 2012 IEEE International Workshop on Information Forensics and Security (WIFS), 2012, pp. 25-30.
  40. S. Noto, P. L. Correia, and L. D. Soares, "Analysis of error correcting codes for the secure storage of biometric templates," in EUROCON - International Conference on Computer as a Tool (EUROCON), 2011 IEEE, 2011, pp. 1-4.
  41. X. Zhou, A. Kuijper, R. Veldhuis, and C. Busch, "Quantifying privacy and security of biometric fuzzy commitment," in International Joint Conference on Biometrics (IJCB), 2011, pp. 1-8.
  42. W. J. Scheirer and T. E. Boult, "Cracking Fuzzy Vaults and Biometric Encryption," in Biometrics Symposium, 2007, pp. 1-6.
  43. A. Kholmatov and B. Yanikoglu, "Realization of correlation attack against the fuzzy vault scheme," in Proc. SPIE 6819, Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, 2008, pp. 68190O-68190O-7.
  44. H. Poon and A. Miri, "A Collusion Attack on the Fuzzy Vault Scheme," ISeCure: The ISC International Journal of Information Security, vol. 1, no. 1, pp. 27-34, Jan. 2009.
  45. L. Ballard, S. Kamara, and M. K. Reiter, "The practical subtleties of biometric key generation," in Proceedings of the 17th conference on Security symposium, Berkeley, CA, USA, 2008, pp. 61-74.
  46. K. Simoens, P. Tuyls, and B. Preneel, "Privacy Weaknesses in Biometric Sketches," in Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, Washington, DC, USA, 2009, pp. 188-203.
  47. M. Blanton and M. Aliasgari, "Analysis of Reusability of Secure Sketches and Fuzzy Extractors," IEEE Transactions on Information Forensics and Security, vol. 8, no. 9, pp. 1433-1455, 2013. https://doi.org/10.1109/TIFS.2013.2272786
  48. A. Stoianov, "Security of Error Correcting Code for biometric Encryption," in 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), 2010, pp. 231-235.
  49. A. Adler, "Vulnerabilities in Biometric Encryption Systems", in Audio- and video-based Biometric Person Authentication (AVBPA2005), Tarrytown, New York, USA. Lecture Notes in Computer Science: Springer, v. 3546, 2005, pp. 1100-1109.
  50. A. Stoianov, T. Kevenaar, and M. V. der Veen, "Security issues of bio-metric encryption," in IEEE TICSTH Symp. on Information Assurance, Biometric Security and Business Continuity, Toronto, Canada, 2009.
  51. E. Maiorana, P. Campisi, and A. Neri, "User adaptive fuzzy commitment for signature templates protection and renewability," SPIE Journal of Electronic Imaging, vol. 17, no. 1, March 2008.
  52. C. Rathgeb and A. Uhl, "Statistical attack against iris-biometric fuzzy commitment schemes," in 2011 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), 2011, pp. 23-30.