skip to main content
10.1145/1750389.1750401acmotherconferencesArticle/Chapter ViewAbstractPublication PagesidtrustConference Proceedingsconference-collections
research-article

Biometrics-based identifiers for digital identity management

Published:13 April 2010Publication History

ABSTRACT

We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.

References

  1. AT & T Databases of Faces. http://www.cl.cam.ac.uk/research/dtg/attarchive/facedatabase.html.Google ScholarGoogle Scholar
  2. K-Fold Cross Validation. http://en.wikipedia.org/wiki/Cross-validation.Google ScholarGoogle Scholar
  3. A. Bhargav-Spantzel, A. C. Squicciarini, R. Xue, and E. Bertino. Practical identity theft prevention using aggregated proof of knowledge. Technical report, CS Department, 2006. CERIAS TR 2006--26.Google ScholarGoogle Scholar
  4. D. Bleichenbacher and P. Q. Nguyen. Noisy polynomial interpolation and noisy Chinese remaindering. Lecture Notes in Computer Science, 1807:53--77, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In B. Pfitzmann, editor, Advances in Cryptology -- EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 93--118. Springer Verlag, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology -- CRYPTO '04, 2004.Google ScholarGoogle Scholar
  7. R. Cappelli. SFinGe: an approach to synthetic fingerprint generation. In International Workshop on Biometric Technologies (BT2004), pages 147--154, Calgary, Canada, June 2004.Google ScholarGoogle Scholar
  8. C.-C. Chang and C.-J. Lin. LIBSVM: a library for support vector machines, 2001. Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm.Google ScholarGoogle Scholar
  9. D. Chaum and T. P. Pedersen. Wallet databases with observers. In CRYPTO '92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, pages 89--105, London, UK, 1993. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Y. Chung, D. Moon, S. Lee, S. Jung, T. Kim, and D. Ahn. Automatic alignment of fingerprint features for fuzzy fingerprint vault. In In Proceedings of Conference on Information Security and Cryptology, pages 358--369, Beijing, China, Dec. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. T. C. Clancy, N. Kiyavash, and D. J. Lin. Secure smartcard based fingerprint authentication. In WBMA '03: Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, pages 45--52, New York, NY, USA, 2003. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. T. Connie, A. Teoh, M. Goh, and D. Ngo. Palmhashing: A novel approach for cancelable biometrics. Information Processing Letters, 93(1):1--5, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Cortes and V. Vapnik. Support-vector networks. Machine Learning, 20(3):273--297, 1995. Google ScholarGoogle ScholarCross RefCross Ref
  14. J. Daugman. Biometric personal identification system based on iris analysis. In United States Patent, 1994.Google ScholarGoogle Scholar
  15. G. Davida, Y. Frankel, and B. Matt. The relation of error correction and cryptography to an offine biometric based identication scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography, 1999., 1999.Google ScholarGoogle Scholar
  16. R. Dhamija and J. D. Tygar. The battle against phishing: Dynamic security skins. In SOUPS '05: Proceedings of the 2005 Symposium on Usable Privacy and Security, pages 77--88, New York, NY, USA, 2005. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Y. C. Feng and P. C. Yuen. Protecting face biometric data on smartcard with reed-solomon code. In Proceedings of CVPR Workshop on Privacy Research In Vision, page 29, New York, USA, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. U. Fiege, A. Fiat, and A. Shamir. Zero knowledge proofs of identity. In STOC '87: Proceedings of the nineteenth annual ACM conference on Theory of computing, pages 210--217, New York, NY, USA, 1987. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. Freire-Santos, J. Fierrez-Aguilar, and J. Ortega-Garcia. Cryptographic key generation using handwritten signature. In P. J. Flynn and S. Pankanti, editors, Proceedings of SPIE: Biometric Technology for Human Identification III, volume 6202, 2006.Google ScholarGoogle ScholarCross RefCross Ref
  20. A. Georghiades, P. Belhumeur, and D. Kriegman. From few to many: Illumination cone models for face recognition under variable lighting and pose. IEEE Pattern Analysis and Machine Intelligence, 23(6):643--660, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. A. Goh and D. C. Ngo. Computation of cryptographic keys from face biometrics. In Communications and Multimedia Security, volume 2828 of LNCS, pages 1--13, 2003.Google ScholarGoogle Scholar
  22. K.-S. Goh, E. Chang, and K.-T. Cheng. Support vector machine pairwise classifiers with error reduction for image classification. In MULTIMEDIA '01: Proceedings of the 2001 ACM workshops on Multimedia, pages 32--37, New York, NY, USA, 2001. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. G. H. Golub and C. F. V. Loan. Matrix Computations. Johns Hopkins University Press, Baltimore, Maryland, 1983.Google ScholarGoogle Scholar
  24. F. Hao, R. Anderson, and J. Daugman. Combining crypto with biometrics effectively. IEEE Transactions on Computers, 55(9):1081--1088, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, 2002.Google ScholarGoogle Scholar
  26. A. Juels and M. Wattenberg. A fuzzy commitment scheme. In ACM Conference on Computer and Communications Security, pages 28--36, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Juels and M. Wattenberg. A fuzzy vault scheme. In Proceedings of IEEE International Symposium on Information Theory, 2002., 2002.Google ScholarGoogle ScholarCross RefCross Ref
  28. H. Kang, B. Lee, H. Kim, D. Shin, and J. Kim. A study on performance evaluation of fingerprint sensors. In Audio and Video Based Biometric Person Authentication, pages 574--583, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Kong, K.-H. Cheung, D. Zhang, M. Kamel, and J. You. An analysis of biohashing and its variants. Pattern Recognition, 39(7):1359--1368, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. S. Kozat, R. Venkatesan, and M. K. Mihcak. Robust perceptual image hashing via matrix invariants. In International Conference on Image Processing, pages V: 3443--3446, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  31. C. Li, L. Khan, and B. Prabhakaran. Real-time classification of variable length multi-attribute motions. Knowledge Information Systems, 10(2):163--183, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. C.-C. Li and K. S. Fu. Machine-assisted pattern classification in medicine and biology. Annual Review of Biophysics and Bioengineering, 9:393--436, 1980.Google ScholarGoogle ScholarCross RefCross Ref
  33. A. Lumini and L. Nanni. An improved biohashing for human authentication. Pattern Recognition, 40(3):1057--1065, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. D. Maio and D. Maltoni. FVC2004: third fingerprint verification competition. http://bias.csr.unibo.it/fvc2004/, 2004.Google ScholarGoogle Scholar
  35. P. Mihailescu. The fuzzy vault for fingerprints is vulnerable to brute force attack. Technical report, University of Göttingen, 2007.Google ScholarGoogle Scholar
  36. M. K. Mihçak and R. Venkatesan. New iterative geometric methods for robust perceptual image hashing. In DRM '01: Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, pages 13--21, London, UK, 2002. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. X. min Tao, F. rong Liu, and T. xian Zhou. A novel approach to intrusion detection based on SVD and SVM. Industrial Electronics Society, 3(2--6):2028--2033, November 2004.Google ScholarGoogle Scholar
  38. F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel. Cryptographic key generation from voice. In SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy, page 202, Washington, DC, USA, 2001. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In CCS '99: Proceedings of the 6th ACM conference on Computer and communications security, pages 73--82, New York, NY, USA, 1999. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. K. Nandakumar, A. K. Jain, and S. Pankanti. Fingerprint-based fuzzy vault: Implementation and performance. In IEEE Transactions on Information Forensics and Security, 2007 (To appear), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. D. C. Ngo, A. B. Teoh, and A. Goh. Biometric hash: high-confidence face recognition. IEEE Transactions on Circuits and Systems for Video Technology, 16(6):771--775, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. A. Pfitzmann and M. Köhntopp. Anonymity, unobservability, and pseudonymity - a proposal for terminology. pages 1--9. 2001.Google ScholarGoogle Scholar
  43. H. Proença and L. A. Alexandre. UBIRIS: a noisy iris image database. In ICIAP 2005: International Conference on Image Analysis and Processing, volume 1, pages 970--977, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. H. Proença and L. A. Alexandre. Toward non-cooperative iris recognition: A classification approach using multiple signatures. IEEE Transactions on Pattern Analysis and Machine Intelligence, Special Issue on Biometrics, 9(4):607--612, July 2007. ISBN 0162-8828.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. A. Ross, A. K. Jain, and J.-Z. Qian. Information fusion in biometrics. In Pattern Recognition Letters, volume 24, pages 2115--2125, September 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. F. Samaria and A. Harter. Parameterisation of a stochastic model for human face identification. In IEEE Workshop on Applications of Computer Vision, Sarasota (Florida), December 1994.Google ScholarGoogle ScholarCross RefCross Ref
  47. A. Shamir. How to share a secret. Communications of the ACM, 22(11):612--613, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. Kumar. Biometric encryption#8482; - enrollment and verification procedures. In SPIE 98: In Proceedings of Optical Pattern Recognition IX, volume 3386, pages 24--35, 1998.Google ScholarGoogle ScholarCross RefCross Ref
  49. C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. Kumar. Biometric encryption#8482; using image processing. In SPIE 98: In Proceedings of Optical Security and Counterfeit Deterrence Techniques II, volume 3314, pages 178--188, 1998.Google ScholarGoogle ScholarCross RefCross Ref
  50. C. Soutar and G. J. Tomko. Secure private key generation using a fingerprint. In Proceedings of Cardtech/Securetech Conference, volume 1, pages 245--252, May 1996.Google ScholarGoogle Scholar
  51. U. Uludag and A. Jain. Securing fingerprint template: Fuzzy vault with helper data. In CVPRW '06: Proceedings of the 2006 Conference on Computer Vision and Pattern Recognition Workshop, page 163, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. U. Uludag, S. Pankanti, S. Prabhakar, and A. Jain. Biometric cryptosystems: Issues and challenges. In Proceedings of the IEEE, Special Issue on Enabling Security Technologies for Digital Rights Management, 2004., volume 92, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  53. V. N. Vapnik. The nature of statistical learning theory. Springer-Verlag New York, Inc., New York, NY, USA, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. S. Wang and Y. Wang. Fingerprint enhancement in the singular point area. IEEE Signal Processing Letters, 11(1):16--19, January 2004.Google ScholarGoogle ScholarCross RefCross Ref
  55. Y. Wang, Y. Sun, M. Liu, P. Lv, and T. Wu. Automatic inspection of small component on loaded PCB based on SVD and SVM. In Mathematics of Data/Image Pattern Recognition, Compression, and Encryption with Applications IX., volume 6315 of Society of Photo-Optical Instrumentation Engineers (SPIE) Conference, September 2006.Google ScholarGoogle Scholar
  56. J. Woo, A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino. Verification of receipts from m-commerce transactions on nfc cellular. In 10th IEEE Conference on E-Commerce Technology (CEC 08), July 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. S. Yang and I. Verbauwhede. Automatic secure fingerprint verification system based on fuzzy vault scheme. In ICASSP '05: Proceedings of the Acoustics, Speech, and Signal Processing, volume 5, pages 609--612, Philadelphia, USA, March 2005.Google ScholarGoogle Scholar
  58. W. Zhang, Y.-J. Chang, and T. Chen. Optimal thresholding for key generation based on biometrics. In ICIP '04: International Conference on Image Processing, pages 3451--3454, 2004.Google ScholarGoogle Scholar

Index Terms

  1. Biometrics-based identifiers for digital identity management

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in
          • Published in

            cover image ACM Other conferences
            IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the Internet
            April 2010
            127 pages
            ISBN:9781605588957
            DOI:10.1145/1750389

            Copyright © 2010 ACM

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 13 April 2010

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader