On Security of Fuzzy Commitment Scheme for Biometric Authentication
Pages 399 - 419
Abstract
Biometric security is a prominent research area with growing privacy and security concerns related to biometric data, generally known as biometric templates. Among the recently proposed biometric template protection schemes, fuzzy commitment is the most popular and reliable. It uses error correcting codes to deal with the significant number of bit errors present in the biometric templates. The high error correcting capability of the underlying error correcting codes is crucial to achieving the desired recognition performance in the biometric system. In general, it is satisfied by padding the input biometric template with some additional bits. The fixed padding approaches proposed in the literature have security vulnerabilities that could disclose the user’s biometric data to the attacker, leading to an impersonation attack. We propose a user-specific, random padding scheme that preserves the recognition performance of the system while it prevents the impersonation attack. The empirical results show that the proposed scheme provides 3 times better recognition performance on the IIT Delhi iris database than the baseline, unprotected systems. Through security analysis, we show that the attack complexity of our proposed work is , where k is the length of the secret message used to generate codeword, with bits.
References
[1]
Al-Assam, H., Jassim, S.: Security evaluation of biometric keys. Cmput. Secur. 31(2), 151–163 (2012)
[2]
Berrou, C., Glavieux, A., Thitimajshima, P.: Near shannon limit error-correcting coding and decoding: Turbo-codes. 1. In: Proceedings of ICC’93-IEEE International Conference on Communications, vol. 2, pp. 1064–1070. IEEE (1993)
[3]
Bose RC and Ray-Chaudhuri DK On a class of error correcting binary group codes Inf. Control 1960 3 1 68-79
[4]
Chang D, Garg S, Ghosh M, and Hasan M Biofuse: a framework for multi-biometric fusion on biocryptosystem level Inf. Sci. 2021 546 481-511
[5]
Chang D, Garg S, Hasan M, and Mishra S Cancelable multi-biometric approach using fuzzy extractor and novel bit-wise encryption IEEE Trans. Inf. Forensics Secur. 2020 15 3152-3167
[6]
Chauhan, S., Sharma, A.: Improved fuzzy commitment scheme. Int. J. Inf. Technol. 14, 1321–1331(2019)
[7]
Cullen, C.G.: Matrices and Linear Transformations. Courier Corporation (2012)
[8]
Daugman, J.: 600 million citizens of India are now enrolled with biometric id. SPIE Newsroom 7 (2014)
[9]
Dayal Mohan, D., Sankaran, N., Tulyakov, S., Setlur, S., Govindaraju, V.: Significant feature based representation for template protection. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (2019)
[10]
Dodis Y, Reyzin L, and Smith A Cachin C and Camenisch JL Fuzzy extractors: how to generate strong keys from biometrics and other noisy data Advances in Cryptology - EUROCRYPT 2004 2004 Heidelberg Springer 523-540
[11]
Drozdowski, P., Garg, S., Rathgeb, C., Gomez-Barrcro, M., Chang, D., Busch, C.: Privacy-preserving indexing of iris-codes with cancelable bloom filter-based search structures. In: 2018 26th European Signal Processing Conference (EUSIPCO), pp. 2360–2364. IEEE (2018)
[12]
Gao, S.: A new algorithm for decoding reed-solomon codes. In: In: Bhargava, V.K., Poor, H.V., Tarokh, V., Yoon, S. (eds.) Communications, Information and Network Security, pp. 55–68. Springer, Boston (2003).
[13]
Gomez-Barrero M, Maiorana E, Galbally J, Campisi P, and Fierrez J Multi-biometric template protection based on homomorphic encryption Pattern Recogn. 2017 67 149-163
[14]
Gomez-Barrero M, Rathgeb C, Galbally J, Busch C, and Fierrez J Unlinkable and irreversible biometric template protection based on bloom filters Inf. Sci. 2016 370 18-32
[15]
Hao F, Anderson R, and Daugman J Combining crypto with biometrics effectively IEEE Trans. Comput. 2006 55 9 1081-1088
[16]
Hoang T, Choi D, and Nguyen T Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme Int. J. Inf. Secur. 2015 14 6 549-560
[17]
Hollingsworth KP, Bowyer KW, and Flynn PJ The best bits in an iris code IEEE Trans. Pattern Anal. Mach. Intell. 2008 31 6 964-973
[18]
Jain AK, Nandakumar K, and Nagar A Biometric template security EURASIP J. Adv. Signal Process. 2008 2008 113
[19]
Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proceedings of IEEE International Symposium on Information Theory, 2002, p. 408. IEEE (2002)
[20]
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM conference on Computer and Cmmunications Security, pp. 28–36. ACM (1999)
[21]
Kanade, S., Camara, D., Krichen, E., Petrovska-Delacrétaz, D., Dorizzi, B.: Three factor scheme for biometric-based cryptographic key regeneration using iris. In: Biometrics Symposium, 2008. BSYM 2008, pp. 59–64. IEEE (2008)
[22]
Kanade S, Camara D, Petrovska-Delacrtaz D, and Dorizzi B Application of biometrics to obtain high entropy cryptographic keys World Acad. Sci. Eng. Tech 2009 52 330
[23]
Kanade, S., Petrovska-Delacrétaz, D., Dorizzi, B.: Cancelable iris biometrics and using error correcting codes to reduce variability in biometric data. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 120–127. IEEE (2009)
[24]
Kanade, S., Petrovska-Delacrétaz, D., Dorizzi, B.: Multi-biometrics based cryptographic key regeneration scheme. In: 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems, pp. 1–7. IEEE (2009)
[25]
Kanade SG, Petrovska-Delacrétaz D, and Dorizzi B Enhancing information security and privacy by combining biometrics with cryptography Synth. Lect. Inf. Sec. Privacy Trust 2012 3 1 1-140
[26]
Keller, D., Osadchy, M., Dunkelman, O.: Fuzzy commitments offer insufficient protection to biometric templates produced by deep learning. arXiv preprint arXiv:2012.13293 (2020)
[27]
Kumar A and Passi A Comparison and combination of iris matchers for reliable personal authentication Pattern Recogn. 2010 43 3 1016-1026
[28]
Li P, Yang X, Qiao H, Cao K, Liu E, and Tian J An effective biometric cryptosystem combining fingerprints with error correction codes Expert Syst. Appl. 2012 39 7 6562-6574
[29]
Lin, S., Costello, D.J.: Error Control Coding. Prentice Hall, Englewood Cliffs (2001)
[30]
MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes, vol. 16. Elsevier, New York (1977)
[31]
Mai G, Cao K, Lan X, and Yuen PC Secureface: face template protection IEEE Trans. Inf. Forensics Secur. 2020 16 262-277
[32]
Malek, M.: Hadamard Codes. California State University, p. 112 (2018)
[33]
Masek, L., et al.: Recognition of human iris patterns for biometric identification. Ph.D. thesis, Citeseer (2003)
[34]
Nandakumar K and Jain AK Biometric template protection: Bridging the performance gap between theory and practice IEEE Signal Process. Mag. 2015 32 5 88-100
[35]
NL, F.: Uk," comparison bose-chaudhuri-hocquenghem bch and reed solomon. CCITT SGXV, Doc.# 476, Working Party XV/4, Specialists Group on Coding for Visual Telephony (2004)
[36]
Othman N, Dorizzi B, and Garcia-Salicetti S OSIRIS: an open source iris recognition software Pattern Recogn. Lett. 2016 82 124-131
[37]
Ratha NK, Connell JH, and Bolle RM Enhancing security and privacy in biometrics-based authentication systems IBM Syst. J. 2001 40 3 614-634
[38]
Rathge, C., Uhl, A., Wild, P.: Reliability-balanced feature level fusion for fuzzy commitment scheme. In: 2011 International Joint Conference on Biometrics (IJCB), pp. 1–7. IEEE (2011)
[39]
Rathgeb, C., Breitinger, F., Busch, C.: Alignment-free cancelable iris biometric templates based on adaptive bloom filters. In: 2013 International Conference on Biometrics (ICB), pp. 1–8. IEEE (2013)
[40]
Rathgeb, C., Uhl, A.: The state-of-the-art in iris biometric cryptosystems. In: State of the Art in Biometrics, pp. 179–202 (2011)
[41]
Rathgeb C, Uhl A, Wild P, and Hofbauer H Bowyer KW and Burge MJ Design decisions for an iris recognition SDK Handbook of Iris Recognition 2016 London Springer 359-396
[42]
Stoianov, A.: Security of error correcting code for biometric encryption. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), pp. 231–235. IEEE (2010)
[43]
Talreja, V., Valenti, M.C., Nasrabadi, N.M.: Zero-shot deep hashing and neural network based error correction for face template protection. In: 2019 IEEE 10th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–10. IEEE (2019)
[44]
Teoh ABJ and Kim J Error correction codes for biometric cryptosystem: an overview Inf. Commun. Mag. 2015 32 6 39-49
[45]
Zhou K and Ren J PassBio: privacy-preserving user-centric biometric authentication IEEE Trans. Inf. Forensics Secur. 2018 13 12 3050-3063
Index Terms
- On Security of Fuzzy Commitment Scheme for Biometric Authentication
Index terms have been assigned to the content through auto-classification.
Recommendations
Biometric Template Protection with Fuzzy Vault and Fuzzy Commitment
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive StrategiesConventional security methods like password and ID card methods are now rapidly replacing by biometrics for identification of a person. Biometrics uses physiological or behavioral characteristics of a person. Usage of biometric raises critical privacy ...
A Multi-factor Biometric Based Remote Authentication Using Fuzzy Commitment and Non-invertible Transformation
Information and Communication TechnologyAbstractBiometric-based authentication system offers more undeniable benefits to users than traditional authentication system. However, biometric features seem to be very vulnerable - easily affected by different attacks, especially those happening over ...
Partial palm vein based biometric authentication
AbstractPalm vein biometrics is a potential authentication technique. In addition to the inherent liveness property, the palm vein pattern exhibits high authentication accuracy and anti-spoofing capability due to the dense vein pattern and broad coverage ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Nov 2022
538 pages
ISBN:978-3-031-22300-6
DOI:10.1007/978-3-031-22301-3
- Editors:
- Khoa Nguyen,
- Guomin Yang,
- Fuchun Guo,
- Willy Susilo
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2022.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 28 November 2022
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Jan 2025