ABSTRACT
We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.
- AT & T Databases of Faces. http://www.cl.cam.ac.uk/research/dtg/attarchive/facedatabase.html.Google Scholar
- K-Fold Cross Validation. http://en.wikipedia.org/wiki/Cross-validation.Google Scholar
- A. Bhargav-Spantzel, A. C. Squicciarini, R. Xue, and E. Bertino. Practical identity theft prevention using aggregated proof of knowledge. Technical report, CS Department, 2006. CERIAS TR 2006--26.Google Scholar
- D. Bleichenbacher and P. Q. Nguyen. Noisy polynomial interpolation and noisy Chinese remaindering. Lecture Notes in Computer Science, 1807:53--77, 2000. Google ScholarDigital Library
- J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In B. Pfitzmann, editor, Advances in Cryptology -- EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 93--118. Springer Verlag, 2001. Google ScholarDigital Library
- J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology -- CRYPTO '04, 2004.Google Scholar
- R. Cappelli. SFinGe: an approach to synthetic fingerprint generation. In International Workshop on Biometric Technologies (BT2004), pages 147--154, Calgary, Canada, June 2004.Google Scholar
- C.-C. Chang and C.-J. Lin. LIBSVM: a library for support vector machines, 2001. Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm.Google Scholar
- D. Chaum and T. P. Pedersen. Wallet databases with observers. In CRYPTO '92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, pages 89--105, London, UK, 1993. Springer-Verlag. Google ScholarDigital Library
- Y. Chung, D. Moon, S. Lee, S. Jung, T. Kim, and D. Ahn. Automatic alignment of fingerprint features for fuzzy fingerprint vault. In In Proceedings of Conference on Information Security and Cryptology, pages 358--369, Beijing, China, Dec. 2005. Google ScholarDigital Library
- T. C. Clancy, N. Kiyavash, and D. J. Lin. Secure smartcard based fingerprint authentication. In WBMA '03: Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, pages 45--52, New York, NY, USA, 2003. ACM Press. Google ScholarDigital Library
- T. Connie, A. Teoh, M. Goh, and D. Ngo. Palmhashing: A novel approach for cancelable biometrics. Information Processing Letters, 93(1):1--5, 2005. Google ScholarDigital Library
- C. Cortes and V. Vapnik. Support-vector networks. Machine Learning, 20(3):273--297, 1995. Google ScholarCross Ref
- J. Daugman. Biometric personal identification system based on iris analysis. In United States Patent, 1994.Google Scholar
- G. Davida, Y. Frankel, and B. Matt. The relation of error correction and cryptography to an offine biometric based identication scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography, 1999., 1999.Google Scholar
- R. Dhamija and J. D. Tygar. The battle against phishing: Dynamic security skins. In SOUPS '05: Proceedings of the 2005 Symposium on Usable Privacy and Security, pages 77--88, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- Y. C. Feng and P. C. Yuen. Protecting face biometric data on smartcard with reed-solomon code. In Proceedings of CVPR Workshop on Privacy Research In Vision, page 29, New York, USA, June 2006. Google ScholarDigital Library
- U. Fiege, A. Fiat, and A. Shamir. Zero knowledge proofs of identity. In STOC '87: Proceedings of the nineteenth annual ACM conference on Theory of computing, pages 210--217, New York, NY, USA, 1987. ACM Press. Google ScholarDigital Library
- M. Freire-Santos, J. Fierrez-Aguilar, and J. Ortega-Garcia. Cryptographic key generation using handwritten signature. In P. J. Flynn and S. Pankanti, editors, Proceedings of SPIE: Biometric Technology for Human Identification III, volume 6202, 2006.Google ScholarCross Ref
- A. Georghiades, P. Belhumeur, and D. Kriegman. From few to many: Illumination cone models for face recognition under variable lighting and pose. IEEE Pattern Analysis and Machine Intelligence, 23(6):643--660, 2001. Google ScholarDigital Library
- A. Goh and D. C. Ngo. Computation of cryptographic keys from face biometrics. In Communications and Multimedia Security, volume 2828 of LNCS, pages 1--13, 2003.Google Scholar
- K.-S. Goh, E. Chang, and K.-T. Cheng. Support vector machine pairwise classifiers with error reduction for image classification. In MULTIMEDIA '01: Proceedings of the 2001 ACM workshops on Multimedia, pages 32--37, New York, NY, USA, 2001. ACM Press. Google ScholarDigital Library
- G. H. Golub and C. F. V. Loan. Matrix Computations. Johns Hopkins University Press, Baltimore, Maryland, 1983.Google Scholar
- F. Hao, R. Anderson, and J. Daugman. Combining crypto with biometrics effectively. IEEE Transactions on Computers, 55(9):1081--1088, 2006. Google ScholarDigital Library
- R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, 2002.Google Scholar
- A. Juels and M. Wattenberg. A fuzzy commitment scheme. In ACM Conference on Computer and Communications Security, pages 28--36, 1999. Google ScholarDigital Library
- A. Juels and M. Wattenberg. A fuzzy vault scheme. In Proceedings of IEEE International Symposium on Information Theory, 2002., 2002.Google ScholarCross Ref
- H. Kang, B. Lee, H. Kim, D. Shin, and J. Kim. A study on performance evaluation of fingerprint sensors. In Audio and Video Based Biometric Person Authentication, pages 574--583, 2003. Google ScholarDigital Library
- A. Kong, K.-H. Cheung, D. Zhang, M. Kamel, and J. You. An analysis of biohashing and its variants. Pattern Recognition, 39(7):1359--1368, 2006. Google ScholarDigital Library
- S. S. Kozat, R. Venkatesan, and M. K. Mihcak. Robust perceptual image hashing via matrix invariants. In International Conference on Image Processing, pages V: 3443--3446, 2004.Google ScholarCross Ref
- C. Li, L. Khan, and B. Prabhakaran. Real-time classification of variable length multi-attribute motions. Knowledge Information Systems, 10(2):163--183, 2006. Google ScholarDigital Library
- C.-C. Li and K. S. Fu. Machine-assisted pattern classification in medicine and biology. Annual Review of Biophysics and Bioengineering, 9:393--436, 1980.Google ScholarCross Ref
- A. Lumini and L. Nanni. An improved biohashing for human authentication. Pattern Recognition, 40(3):1057--1065, 2007. Google ScholarDigital Library
- D. Maio and D. Maltoni. FVC2004: third fingerprint verification competition. http://bias.csr.unibo.it/fvc2004/, 2004.Google Scholar
- P. Mihailescu. The fuzzy vault for fingerprints is vulnerable to brute force attack. Technical report, University of Göttingen, 2007.Google Scholar
- M. K. Mihçak and R. Venkatesan. New iterative geometric methods for robust perceptual image hashing. In DRM '01: Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, pages 13--21, London, UK, 2002. Springer-Verlag. Google ScholarDigital Library
- X. min Tao, F. rong Liu, and T. xian Zhou. A novel approach to intrusion detection based on SVD and SVM. Industrial Electronics Society, 3(2--6):2028--2033, November 2004.Google Scholar
- F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel. Cryptographic key generation from voice. In SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy, page 202, Washington, DC, USA, 2001. IEEE Computer Society. Google ScholarDigital Library
- F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In CCS '99: Proceedings of the 6th ACM conference on Computer and communications security, pages 73--82, New York, NY, USA, 1999. ACM Press. Google ScholarDigital Library
- K. Nandakumar, A. K. Jain, and S. Pankanti. Fingerprint-based fuzzy vault: Implementation and performance. In IEEE Transactions on Information Forensics and Security, 2007 (To appear), 2007. Google ScholarDigital Library
- D. C. Ngo, A. B. Teoh, and A. Goh. Biometric hash: high-confidence face recognition. IEEE Transactions on Circuits and Systems for Video Technology, 16(6):771--775, June 2006. Google ScholarDigital Library
- A. Pfitzmann and M. Köhntopp. Anonymity, unobservability, and pseudonymity - a proposal for terminology. pages 1--9. 2001.Google Scholar
- H. Proença and L. A. Alexandre. UBIRIS: a noisy iris image database. In ICIAP 2005: International Conference on Image Analysis and Processing, volume 1, pages 970--977, 2005. Google ScholarDigital Library
- H. Proença and L. A. Alexandre. Toward non-cooperative iris recognition: A classification approach using multiple signatures. IEEE Transactions on Pattern Analysis and Machine Intelligence, Special Issue on Biometrics, 9(4):607--612, July 2007. ISBN 0162-8828.Google ScholarDigital Library
- A. Ross, A. K. Jain, and J.-Z. Qian. Information fusion in biometrics. In Pattern Recognition Letters, volume 24, pages 2115--2125, September 2003. Google ScholarDigital Library
- F. Samaria and A. Harter. Parameterisation of a stochastic model for human face identification. In IEEE Workshop on Applications of Computer Vision, Sarasota (Florida), December 1994.Google ScholarCross Ref
- A. Shamir. How to share a secret. Communications of the ACM, 22(11):612--613, 1979. Google ScholarDigital Library
- C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. Kumar. Biometric encryption#8482; - enrollment and verification procedures. In SPIE 98: In Proceedings of Optical Pattern Recognition IX, volume 3386, pages 24--35, 1998.Google ScholarCross Ref
- C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. Kumar. Biometric encryption#8482; using image processing. In SPIE 98: In Proceedings of Optical Security and Counterfeit Deterrence Techniques II, volume 3314, pages 178--188, 1998.Google ScholarCross Ref
- C. Soutar and G. J. Tomko. Secure private key generation using a fingerprint. In Proceedings of Cardtech/Securetech Conference, volume 1, pages 245--252, May 1996.Google Scholar
- U. Uludag and A. Jain. Securing fingerprint template: Fuzzy vault with helper data. In CVPRW '06: Proceedings of the 2006 Conference on Computer Vision and Pattern Recognition Workshop, page 163, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- U. Uludag, S. Pankanti, S. Prabhakar, and A. Jain. Biometric cryptosystems: Issues and challenges. In Proceedings of the IEEE, Special Issue on Enabling Security Technologies for Digital Rights Management, 2004., volume 92, 2004.Google ScholarCross Ref
- V. N. Vapnik. The nature of statistical learning theory. Springer-Verlag New York, Inc., New York, NY, USA, 1995. Google ScholarDigital Library
- S. Wang and Y. Wang. Fingerprint enhancement in the singular point area. IEEE Signal Processing Letters, 11(1):16--19, January 2004.Google ScholarCross Ref
- Y. Wang, Y. Sun, M. Liu, P. Lv, and T. Wu. Automatic inspection of small component on loaded PCB based on SVD and SVM. In Mathematics of Data/Image Pattern Recognition, Compression, and Encryption with Applications IX., volume 6315 of Society of Photo-Optical Instrumentation Engineers (SPIE) Conference, September 2006.Google Scholar
- J. Woo, A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino. Verification of receipts from m-commerce transactions on nfc cellular. In 10th IEEE Conference on E-Commerce Technology (CEC 08), July 2008. Google ScholarDigital Library
- S. Yang and I. Verbauwhede. Automatic secure fingerprint verification system based on fuzzy vault scheme. In ICASSP '05: Proceedings of the Acoustics, Speech, and Signal Processing, volume 5, pages 609--612, Philadelphia, USA, March 2005.Google Scholar
- W. Zhang, Y.-J. Chang, and T. Chen. Optimal thresholding for key generation based on biometrics. In ICIP '04: International Conference on Image Processing, pages 3451--3454, 2004.Google Scholar
Index Terms
Biometrics-based identifiers for digital identity management
Recommendations
A privacy-preserving cancelable iris template generation scheme using decimal encoding and look-up table mapping
Biometric-based recognition systems have overcome passive issues of traditional human authentication systems. However, security theft and privacy invasion are two passive issues that still persist in the effective deployment of biometric-based ...
Uncoupling Biometrics from Templates for Secure and Privacy-Preserving Authentication
SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and TechnologiesBiometrics are widely used for authentication in several domains, services and applications. However, only very few systems succeed in effectively combining highly secure user authentication with an adequate privacy protection of the biometric templates,...
Spectroscopically Enhanced Method and System for Multi-Factor Biometric Authentication
This paper proposes a spectroscopic method and system for preventing spoofing of biometric authentication. One of its focus is to enhance biometrics authentication with a spectroscopic method in a multi-factor manner such that a person's unique ‘...
Comments