3. Biometric Introduction
Definition:
Any automatically measurable,
robust and distinctive physical
characteristics or personal traits that can
be used to identify an individual or verify
the claimed identity of an individual i.e.
used to provide user’s authenticity.
4. Biometric Introduction
Stages in Biometric:
•Identification/Enrollment
-figure out ‘Who is X?’
-accomplished by system performing
‘one-to-many’ search
•Verification/Authentication
-answer the question ‘Is this X?’
-accomplished by system performing
‘one- to-one’ search
8. Privacy Assessments
The biometric features, samples and
templates can not be considered as ‘Secrets’
since it is possible to capture them to create
real or digital artifacts suitable to a attack a
biometric system. The design and usage of
a biometric system should always respect
strict guidelines to protect the user’s privacy
and these are:
•Scope & capability of the system
•The data protection
•User control of personal data
•Disclosure, auditing and accountability of
the biometric system
9. Biometric System Security
The security ensured by the biometric
systems can itself be compromised. The
general analysis of a biometric system for
vulnerability assessment
extent to which an
compromise the security offered by
determines the
imposter can
the
biometric system. Many of the attacks are
applicable to any information system, the
attacks using fake biometrics and template
modification are unique to biometric
systems.
11. Biometric System Security
Sensor level attacks
A fake biometric sample can be presented
at the sensor to gain access like fingerprint
impressions from object touched by the person.
Replay attacks
It is possible for an adversary to interpret
or acquire a digital copy of th e stored biometric
sample and replay this signal bypassing the
biometric sensor.
Trojan horse attacks
The feature extractor can be replaced by a
program which generates a desired feature set.
12. Biometric System Security
Spoofing the features
The feature vectors generated from the
biometric samples are replaced by the set of
synthetically generated (fake) features.
Attack on matcher
The matcher can also be subjected to a
Trojan horse attack that always produce high or low
match scores irrespective of which user presents the
biometric at the sensor.
Attack on template
The template generated during the user
enrollment/registration can either be stored locally or
at some central location which either modifies stored
templates or replaces it with a new template.
13. Biometric System Security
Attack on communication channel
The data being transferred through a
communication channel can be intercepted for
malicious reasons and modified and inserted
back into the system.
Attack on decision module
The final decision generated by the
biometric system can be overridden by a Trojan
horse program.
A biometric matcher is typically only a part
of a larger information and security management
system. Thus the non-biometric modules in the
overall system can also introduce some security
14. Template Protection
An ideal template protection scheme for a
biometric system should have following
properties:
1. Diversity - The cross-matching of a secured
templates should be ensured in such a manner that
the privacy of the true owner of the template should
be ensured.
2. Revocability - When the biometric template is
compromised, it should be possible to revoke the
compromised template and reissue a new template
based on the biometric trait.
3. Security - It should be extremely difficult to
generate the original biometric feature set from the
protected biometric templates.
15. Template Protection
The secured template must be Non-
invertible i.e. illegal users could not
generate original template from secure
stored template in system database.
There is a tradeoff between matching
performance and the security degree of
biometric template protection scheme.
The methods of protection scheme
are:
1. Biometric cryptosystems
2.Cancellable biometric or T
emplate
16. Template Protection
Biometric Cryptosytems
Binds a digital key to a biometric template or
generates a key from a biometric template.
In enrollment phase, the public information
called helper data is derived from the biometric
template & stored in system database and is
very complicated to
original template from the
computationally
reconstruct the
helper data.
In authentication phase, if the input biometric
is sufficient close to original template then it
17. Template Protection
Key-Binding
In enrollment phase, a digital secret key binds to a
biometric template and combination of them stores
in the system database as helper data.
In recognition phase, a key retrieval algorithm is
applied to input template and helper data to extract
secret key.
Whenever an adversary behavior take
places on the system database the helper data
removes and a new helper data using a new secret
key and biometric template generates.
Example – fuzzy commitment and fuzzy vault
schemes
19. Template Protection
Key-Generation
In enrollment phase, helper data is extracted
from biometric template and the secret key is
generated from the helper data and biometric
template.
In recognition phase the stored helper data
and input biometric template used to generate
the secret key.
Example – Private template approach and
quantization technique
20. Template Protection
Template Transformation
Applying a transform function on biometric data in a
way that reconstructing original biometric data
from transformed biometric is computationally so
hard.
•In enrollment phase, the biometric template
transforms to transformed template using user
specific parameters for transformation and then
stored in system database along with user
specific parameters.
•In recognition phase, the transformation with same
user specific parameters occurs on input biometric
template and resulting transformed template
compares with stored transformed template.
22. Template Protection
Non-Invertible Transformation:
A one-way function
data. To renew a
applying on biometric
biometric
parameters of function must
template the
be changed. In
cases the parameters of transformation are
compromised the attacker is not able to
template.
reconstruct
Because
the original biometric
of variations the
transformation
intra-class
needs to align biometric
template to perform an effective comparison
and this causes to reduce the authentication
performance.
23. Template Protection
Salting/Biohashing:
The biometric features are transformed using a
function defined by a user-specific key or
password. Since the transformation is invertible to
a large extent, the key needs to be securely stored
or remembered by the user and presented during
authentication. The parameters of transformation
are kept secret. otherwise the attacker is able
to reconstruct the original biometric template
from the transformed template. The
authentication performance of this method in
comparison with non-invertible transformation
method is higher but has the lower accuracy.
24. Template Protection
The mentioned template protection methods
have their pros and cons in relation to degree
of security, performance, storage requirements
and ability to apply on various types of biometric
data. One of the main limitations of mentioned
methods is the issue of alignment that reduces
the recognition performance. Fractal coding is a
type of template transformation methods along
with some changes and has many advantages
in relation to alignment and applicability to
different types of biometric data. Fractals are self-
similar objects that are similar under various
geometrical scales and could be described by a
set of transformations. Fractal code is a set of
non-linear transformations that approximating a
given image.
26. Template Protection
•cancelable transforms used to generate a
cancelable template. A cancelable transform,
normally, decreases the discriminative power of
the original template.
•A discriminability enhancement transform is then
applied to compensate for the discriminative
power lost in the first step. Another objective of
the discriminability enhancement transform is to
generate a binary template such that biometric
cryptosystem method, e.g., hash function, can be
employed in the final step. This way, the
proposed three-step hybrid framework is able to
satisfy the template protection requirements.
27. Privacy in Multimodal System
Humans beings typically identify other
individuals using a biometric approach which
encompasses more than a single biometric
trait. For example we can recognize a person
watching his face, but the final decision is often
integrated using other biometric traits such as
the voice, the stature, the gait, or the behavior.
In a similar way, a multimodal biometric system
uses different biometric traits and combines
them efficiently.
28. Privacy in Multimodal System
Pros:
The performance of a matching system is
improved with respect to the same system working
with the single traits which compose the multimodal
system.
The global fault tolerance of the system is
enhanced, since, if one biometric subsystem is not
working properly (e.g., a sensor problem occurred),
the multimodal system can keep working using the
remaining biometric submoduls that are correctly
functioning.
The multiple acquisition of different traits at the
same time (or in a very narrow time frame)
achieves an effective deterring against spoofing
29. Privacy in Multimodal System
Cons:
The higher cost of the systems, since they are
composed by multiple and different biometric
subsystems, each for every single traits that
has been selected.
The acquisition time: a multi-acquisition is
mostly longer than a single acquisition. In
addition, the user can perceive the multiple
acquisition as more invasive
inconvenient.
The retention of biometric
and/or
data is
30. Privacy in Multimodal System
Design:
A typical multimodal biometric verification
scheme provides two basic modules. The first,
the enroll module, creates some sort of ID
linked to a single user starting from the user’s
biometric samples. The ID could then be stored
in e.g. a document or a smart card and must be
provided during the verification phase. The
second module, the verification one, verifies if
the ID matches a new set of freshly provided
biometrics. While the number of biometric traits
might in principle be increased as desired.
33. Future Work
Plan for next 10 days:
•Implementation of any transformation
technique for our biometric system.
•Analysis of security attacks.
•Non-invertible transformation as biohashing.
•Verification based on fractal coding.
34. References
S. Prabhakar, S. Pankanti, and A. K. Jain,
“Biometric Recognition: Security and Privacy
Concerns,” IEEE Security and Privacy Magazine,
Vol. 1, No. 2, pp. 33-42, March-April 2003.
Anil K Jain, Ajay Kumar, Biometrics on Next
Generation:An Overview.
Jain AK, Nandakumar K, and Nagar A (2008)
Biometric template security. EURASIP J
Advances n Signal Processing, Special issue on
Biometrics.
A. K. Jain, K. Nandakumar and A. Nagar,
"Biometric Template Security", EURASIP Journal
on Advances in Signal Processing, January
2008.
Stelvio Cimato, Marco Gamassi, Vincenzo
35. References
A. Teoh Beng Jin, D. Ngo Chek Ling, and A. Goh.
Biohashing: two factor authentication featuring
fingerprint data and tokenised random number.
Pattern recognition, 37(11):2245–2255, 2004.
Hossein Malekinezhad, Hossein Ebrahimpour-
Komleh, Protecting Biometric-based Authentication
Systems against Indirect Attacks.
Hossein Malekinezhad, Hossein Ebrahimpour-
Komleh, Fractal Technique for Face Recognition.
Y C Feng1, Pong C Yuen1and Anil K Jain, A Hybrid
Approach for Face Template Protection.
Andrew B.J. Teoha, Yip Wai Kuan b Sangyoun Lee
a, Cancellable biometrics and annotations on
BioHash, Pattern Recognition 41 (2008) 2034 –
2044.