Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves...
Transcript of Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves...
![Page 1: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/1.jpg)
Cancellable BiometricsCSE666
Faisal Farooq
![Page 2: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/2.jpg)
Biometrics• Measurable, verifiable and unique physical characteristic or
behavioral trait of an individual
FeatureExtraction
Enrolment
Database
FeatureExtraction
Acquisition
Individual
Matcher Outcome
![Page 3: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/3.jpg)
Modalities
Source: International Biometric Group, New York, NY; 1.212.809.9491
![Page 4: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/4.jpg)
Applications• Immigration and Border Security
– points of entry, pre-cleared frequent travelers, passport and visa issuance, asylum cases
• Law Enforcement– criminal investigation, forensics, national ID, driver’s license, correctional
institutions
• Access Control– institutional, government, and residential
• Social services – fraud prevention in entitlement programs
• Attendance Recording– replacement of employee cards, ID’s
• Payment Systems– ATMs and kiosks
![Page 5: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/5.jpg)
Advantages
• Convenience– No passwords, pins to remember (and lose)
• No Buddy-punching– Proper attendance recording
• No Double-dipping– in Ontario, ~2 million more identities in the health system than the population of the province.
• Non-repudiation– “I did not do it”
![Page 6: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/6.jpg)
Disadvantages• Error-prone
– FRR – legitimate user denied access– FAR – illegitimate user granted access
• Intrusive– Less social acceptance
• Security– Personal data adequately protected?
• Non-revocable– Once compromised, the biometric is lost forever– Cannot be revoked or reset
• Cross-Matching– Same biometric at different locations– User can potentially be tracked
![Page 7: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/7.jpg)
Security and Privacy IssuesAttacks on the biometric Attacks on the Authentication
System
•Spoofing–Fake biometric (gummy finger, face image)
•Replay Attack–Injecting templates in input by circumventing sensor
•Tampering–Altering feature sets to obtain high scores
•Substitution–Replacing the template in the database
•Stealing–Acquiring the original template (database/network)
•Overriding–Altering Yes/No response from system
•Trojan Horse–Replacing system component with malicious program
![Page 8: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/8.jpg)
Challenges• Biometric Variance
– Samples from same user change with time• Inconsistent Presentation
– fingers placed differently, pressure applied• Irreproducible Presentation
– Glasses, moustache, cuts, bruises• Imperfect Representation
– Unordered, slight change in signal, sensors• Biometric Matching
– Score/probability based (0-1)
![Page 9: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/9.jpg)
Securing Biometrics
![Page 10: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/10.jpg)
Securing Biometrics
Original space Hash space
hp1
p2
p1
p2
![Page 11: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/11.jpg)
Comparison with plaintext
Avalanche Effect - input is changed slightly, the output changes significantly
![Page 12: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/12.jpg)
Example
Rumplestiltskin
Drop chars at2,5,7,9, 12,14
Rmpetltkn
Rmpetltkn Can it be inverted to the secret ?
Rmpetltkn Drop chars at2,5,7,9, 12,14 Can it be inverted to the secret ?+
Secret
![Page 13: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/13.jpg)
Noisy Situation
Rmplestilskin
Drop chars at2,5,7,9, 12,14
Rplsiskn
Secret
Rmpetltkn
Match ?
![Page 14: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/14.jpg)
Properties
• Repeatable– Different instances of the biometric sample from the same
user should produce the same key
• Security– The key has to be non-invertible. The key should not leak
information about the template or the user
![Page 15: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/15.jpg)
Properties
• Discriminability– Samples from different individuals should
produce different keys• Cancelability
– Keys could be cancelled• Reusability
– Keys can be reissued easily
![Page 16: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/16.jpg)
Secure Biometrics*• Security
– Less susceptible to security attacks– Compliance with privacy laws
• Cancelability– revoked if compromised– reissued easily
• Anonymity– Removing true identity from the biometric– No retention of original biometric
• Multiplicity– Use of single biometric for multiple accounts– Cannot be cross-verified or identified
*SCAM Properties – Farooq et al., 2007
![Page 17: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/17.jpg)
Existing Methods
• Philosophy I– Generate stable representation of biometrics– Use conventional security algorithms– Perform matching in encrypted domain
• Philosophy II– Cannot generate reproducible representations– Devise non-invertible transforms – Perform matching in new domain
![Page 18: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/18.jpg)
Existing Methods
• Biometric Encryption (I)
• Fuzzy Schemes (I)
• Non-invertible Transforms (II)
• Others (I/II)
![Page 19: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/19.jpg)
Biometric Encryption
• Key K(B) linked with biometric B
• Same key released for a genuine attempt
• No key released for an impostor attempt
![Page 20: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/20.jpg)
Biometric Key Binding Soutar et al. ’98
Link
Retrieve
Fingerprint Image Features Output
Enrollment
Verification
Stored Template
![Page 21: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/21.jpg)
Enrollment Soutar et al. ’98
Filter DesignConvolution
Random Signal
HS(u)
Phase only
Output Signal
c(x)
Training Samples
Encrypt
Bioscrypt
Hash
Link
H0(u) IDInput
![Page 22: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/22.jpg)
Verification Soutar et al. ’98
Convolution
HS(u)
Test Sample
H0(u)
Bioscrypt
c’(x)
Encrypt Hash ID
Compare
Output
![Page 23: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/23.jpg)
Biometric Encryption - example
PIN ,Pub Pri( )
Alice Bob
Pub
Enrollment
Rand
Template
Template
PIN
PriPri(Rand)
Pub Pri(Rand)( )
Verification
![Page 24: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/24.jpg)
• Advantages– Actual biometric not stored– Key can be arbitrarily long (thus secure)– Key can be cancelled and re-issued
• Disadvantages– Hard to derive robust keys from noisy data– Key error-prone– Highly susceptible to distortion – If key is compromised, biometric not required– Incompatible with standard minutiae representation
![Page 25: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/25.jpg)
Fuzzy Schemes
• Place a secret S in a vault• Lock the vault using a biometric B• Use Chaff points (noise bits) for security• Unlock the vault using biometric B’• Reproduce S from B’ iff d(B,B’) < ε
![Page 26: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/26.jpg)
Fuzzy Vault Juels and Sudan ’02, Clancy et al. ’03
anun + an-1un-1 + an-2un-2 + …+ a0Polynomial Projection
Chaff Points Vault
Enrollment
Verification
VaultError
Correctioncnu*n + cn-1u*n-1 + cn-2u*n-2 + …+ c0
![Page 27: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/27.jpg)
• Advantages– Actual biometric not stored– Auxiliary information reduces intra-user
variation• Disadvantages
– Error rates high– Alignment of query and template an issue– Not easy to regenerate– Revoking and reissuing not straightforward
![Page 28: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/28.jpg)
Auxilliary Data
• Additional Data to facilitate alignment– Helper Data Systems Tuyls et al. ’03, ’04, ’05
– Orientation Field Flow Curves Uludag and Jain ’06
Polynomial Projection
![Page 29: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/29.jpg)
Fuzzy Extractors Dodis et al. ’04
anun + an-1un-1 + an-2un-2 + …+ a0
Public Helper Data
FE
Polynomial Projection
• Use polynomial of higher degree instead of chaff points• Key is regenerated only if query and template are “close”
to each other.
![Page 30: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/30.jpg)
Biometric Hardening Monrose et al ’99,’01, ’01, ’02
• Reminiscent to ‘password salting’
Password
Biometric
Hardened Password
![Page 31: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/31.jpg)
Transforms
• Non-invertible transforms of biometrics• Key-based and keyless systems proposed
Ft(x) Gt(x)
Ft’(x) Gt’(x)
Enrolment
Verification
T(k)
T(k)
![Page 32: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/32.jpg)
Transforms
• Advantages– Compatible with standard representations– Security, Cancelability, Anonymity, Multiplicity
• Disadvantages– Some methods require registration– Key-less systems usually have low accuracies
![Page 33: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/33.jpg)
Surface Folding Ratha et al. ’07
)2,),(mod(')),(sin(|),(|'
)),(cos(|),(|'
πθ randG
F
F
yxyxKyxGKyY
yxKyxGKxX
Φ+Φ+=ΘΦ++=
Φ++=→
→
Locally Smooth but not globally smooth
![Page 34: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/34.jpg)
Surface Folding
• Advantages– Achieves cancelability, security and multiplicity– Compatible with standard minutiae based
representations– Compatible with existing point-based matchers
• Disadvantages– Alignment of query and template is an issue– Assume stable points (core and delta) for alignment– Low Security
![Page 35: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/35.jpg)
BioHashing Teoh et al 2006
• Locally Smooth but not globally smooth
• Johnson-Lindenstrauss Lemma
For any 0<ε<1 and any integer n, let m be a positive integer such that
Then, for any set S of n=|S| data points in Rp, there is a map f:Rp Rm such that for all x,y S
3/2/log4
32 εε −≥
nm
∈
222 ||||)1(||)()(||||||)1( yxyfxfyx −+≤−≤−− εε
i.e. a set of n points in high dimensional Euclidean space can be mapped down Into a O(logn/ε2) space such that the distance between the points changes onlyby a factor of 1 ±ε
![Page 36: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/36.jpg)
Random Multispace Quantization• Project biometric to a lower dimensional feature domain (PCA, LDA, FDA)
• Project onto multiple random subspaces derived from external input (key)
• Quantize these individual maps and match
![Page 37: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/37.jpg)
• Advantages– Actual biometric not stored– Auxiliary information increases inter-user
variation– Error rates low*– Easy to generate, revoke, reissue
• Disadvantages– Alignment of query and template an issue– Case when key and biometric both are stolen
![Page 38: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/38.jpg)
Symmetric Hashing Tulyakov et al 2007
Represent Minutia as complex numbers
⎟⎟
⎠
⎞
⎜⎜
⎝
⎛
++
++=+= i
yxy
yxxyxyixz
2222
22
ϕ
|| z
yixz +=
y
x
Denote - magnitude of 22|| yxz += z
Then )sin(cos||||||
|| θθ izizy
zxzz +=⎟⎟
⎠
⎞⎜⎜⎝
⎛+=
![Page 39: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/39.jpg)
Transformation of minutiae set .
ϕ|| z
|||| rz ×
z
rztrz +t
)sin(cos|| ϕϕ irr +=
Multiplying by r means rotating by angle and scaling by factor .
ϕ|| r
trzzf +=)(
![Page 40: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/40.jpg)
Hash functions of minutia pointsConsider following functions of minutia positions:
mn
mmnm
nn
nn
cccccch
cccccch
cccccch
+++=
+++=
+++=
KK
M
KK
KK
2121
222
21212
21211
),,,(
),,,(
),,,(
The values of these symmetric functions do not depend on the order of minutia points.
![Page 41: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/41.jpg)
Hash of transformed minutiaeWhat happens with hash functions if minutia point set is transformed?
ntcccrhntcccrtrctrctrc
cccccch
nn
n
nn
+=++++=++++++=
′++′+′=′′′
),,,()()()()(
),,,(
21121
21
21211
KK
K
KK
2211212
2
221
222
21
2
222
21
222
21212
),,,(2),,,(
)(2)(
)()()(
),,,(
ntcccrthccchr
ntcccrtcccr
trctrctrc
cccccch
nn
nn
n
nn
++=
++++++++=
++++++=
′++′+′=′′′
KK
KK
K
KK
![Page 42: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/42.jpg)
Finding transformation parametersThus can be expressed as a linear combinations of with coefficients depending on transformation parameters r and t.
),,,( 21 ni ccch ′′′ Kijccch nj ≤),,,,( 21 K
Denote:
),,,( 21 nii ccchh ′′′=′ K),,,( 21 nii ccchh K=
ntrhh +=′ 112
122
2 2 ntrthhrh ++=′Thus
And r,t can be calculated given 2121 ,,, hhhh ′′
![Page 43: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/43.jpg)
Configurations• n=2, m=1: for each minutia point we find it nearest
neighbor, and
n=3, m=1: for each minutia point we find two nearest neighbors and
3)(),,( 321
3211cccccch ++
=
2),( 21
211cccch +
=
n=3, m=2: for each minutia point find three nearest neighbors, and for each minutia triplet including original minutia point construct 2 hash functions
3)(),,( 321
3211cccccch ++
=
3)()()(),,(
213
212
211
3212
hchchcccch −+−+−=
![Page 44: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/44.jpg)
Security• If the number of stored hash functions is less than the number of minutia points, it is not possible to find the positions of minutia points from local hash values.
• Using system of hash equations is difficult, since it is not known which minutia correspond to particular hash value.
ih
jc
xox x
xo
xo
x
xx o
x
x
oxx
xo
x
x
(a) (b)
(c)
![Page 45: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/45.jpg)
• Advantages– No alignment of query and template required– Achieves cancelability, security – Compatible with standard minutiae based
representations– Compatible with existing point-based matchers
• Disadvantages– Error Rates higher than many existing systems– Security for existing configuration– Multiplicity and reissuing– Scoring
![Page 46: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/46.jpg)
Linear Representations Farooq et al 2007
• Face representation in terms of Eigenfaces
• Iris representation as bit strings
• Can we devise a linear representation for fingerprints?– new way to construct anonymous fingerprint
representations– representation invariant to transformation
(translation/rotation)
![Page 47: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/47.jpg)
•Minutiae triplets form triangles
•Fingerprint can be linearly represented as a set of triangles
•The triangle geometry does not change under rigid transformation
•Multiple invariants can be associated with triangles
Motivation
![Page 48: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/48.jpg)
Invariant features• Independent triangle features
– The sides• Dependent triangle feature
– Height at largest side• Fingerprint features
– Minutiae angles with respect to triangle
s1
s2
s3
a3
a2
a1
h Index
a1a2
a3
s1
.
.
.
.
INDEX
![Page 49: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/49.jpg)
Triangles can be enumerated
=
= s1, s2, s3 quantized using p bits
12.
.
.
.2(3 x p)
Impossible andpossible triangles
0
1
2
3
4
…
…
…
2 (3 x p)
(s1 s2 s3)
(s’1 s’2 s’3)
![Page 50: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/50.jpg)
Triangle Representations
Triangle Indexing
034 1
45 1 0
244 1 1 0
Histogram
![Page 51: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/51.jpg)
00 0 01 000 1 1 0
00 0 01 010 1 1 0
∑ ∑∑
= =
=
n
i
n
i ii
n
i ii
FF
FF
1 1
_1
_
,
),min(
F _F
867.04*3
3=
Matching
![Page 52: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/52.jpg)
• Advantages– No alignment of query and template required– Achieves cancelability, security – Compatible with standard minutiae based
representations– Low Error Rates reported on very large sets– Multiplicity and reissuing very easy
• Disadvantages– Security for existing configuration ??
![Page 53: Cancellable Biometricsgovind/CSE666/fall2007/Secure Biometrics.pdf• Advantages – Achieves cancelability, security and multiplicity – Compatible with standard minutiae based representations](https://reader031.fdocuments.us/reader031/viewer/2022012001/608bc5e96928737f1917246a/html5/thumbnails/53.jpg)
Conclusion
• Open area of research• Increasingly gaining importance• Process Biometric and use conventional
(time tested) security techniques ?• Secure Biometric using new techniques ?