Abhishek Nagar

Biometric template security

Biometric recognition offers a reliable solution to the problem of user authentication in identity management systems. With the widespread deployment of biometric systems in various applications, there are increasing concerns about the security and privacy of biometric technology. Public acceptance of biometrics technology will depend on the ability of system designers to demonstrate that these systems are robust, have low error rates, and are tamper proof. We present a high-level categorization of the various vulnerabilities of a biometric system and discuss countermeasures that have been proposed to address these vulnerabilities. In particular, we focus on biometric template security which is an important issue because, unlike passwords and tokens, compromised biometric templates cannot be revoked and reissued. Protecting the template is a challenging task due to intrauser variability in the acquired biometric traits. We present an overview of various biometric template protection schemes and discuss their advantages and limitations in terms of security, revocability, and impact on matching accuracy. A template protection scheme with provable security and acceptable recognition performance has thus far remained elusive. Development of such a scheme is crucial as biometric systems are beginning to proliferate into the core physical and information infrastructure of our society.

Multibiometric Cryptosystems Based on Feature-Level Fusion

Multibiometric systems are being increasingly de- ployed in many large-scale biometric applications (e.g., FBI-IAFIS, UIDAI system in India) because they have several advantages such as lower error rates and larger population coverage compared to unibiometric systems. However, multibiometric systems require storage of multiple biometric templates (e.g., fingerprint, iris, and face) for each user, which results in increased risk to user privacy and system security. One method to protect individual templates is to store only the secure sketch generated from the corresponding template using a biometric cryptosystem. This requires storage of multiple sketches. In this paper, we propose a feature-level fusion framework to simultaneously protect multiple templates of a user as a single secure sketch. Our main contributions include: (1) practical implementation of the proposed feature-level fusion framework using two well-known biometric cryptosystems, namery,fuzzy vault and fuzzy commitment, and (2) detailed analysis of the trade-off between matching accuracy and security in the proposed multibiometric cryptosystems based on two different databases (one real and one virtual multimodal database), each containing the three most popular biometric modalities, namely, fingerprint, iris, and face. Experimental results show that both the multibiometric cryptosystems proposed here have higher security and matching performance compared to their unibiometric counterparts.

Securing fingerprint template: Fuzzy vault with minutiae descriptors

Fuzzy vault has been shown to be an effective technique for securing fingerprint minutiae templates. Its security depends on the difficulty in identifying the set of genuine minutiae points among a mixture of genuine and chaff points and reconstructing the secure polynomial using the evaluations (ordinate values) available for each point in the vault. We show that the security of fuzzy vault can be improved by ldquoencryptingrdquo these polynomial evaluations using a fuzzy commitment scheme. This encryption makes it difficult for an adversary to decode the vault even if the correct set of minutiae is selected. We use minutiae descriptors, which capture orientation and ridge frequency information in a minutiapsilas neighborhood, for securing the polynomial evaluations. This modification leads to a significant increase in both the security (number of tries an adversary has to make in order to guess the secure key) and matching accuracy of the vault. We validate our results on FVC2002 DB2 and show that false accept rate (FAR) is reduced from 0.7% to 0.01% at a genuine accept rate (GAR) of 95%. At the same time, vault security as measured in terms of min-entropy, is increased from 31 bits to 47 bits in case a perfect code is used.

Hardening fingerprint Fuzzy vault using password

Security of stored templates is a critical issue in biometric systems because biometric templates are non-revocable. Fuzzy vault is a cryptographic framework that enables secure template storage by binding the template with a uniformly random key. Though the fuzzy vault framework has proven security properties, it does not provide privacy-enhancing features such as revocability and protection against cross-matching across different biometric systems. Furthermore, non-uniform nature of biometric data can decrease the vault security. To overcome these limitations, we propose a scheme for hardening a fingerprint minutiae-based fuzzy vault using password. Benefits of the proposed password-based hardening technique include template revocability, prevention of cross-matching, enhanced vault security and a reduction in the False Accept Rate of the system without significantly affecting the False Reject Rate. Since the hardening scheme utilizes password only as an additional authentication factor (independent of the key used in the vault), the security provided by the fuzzy vault framework is not affected even when the password is compromised.

A hybrid biometric cryptosystem for securing fingerprint minutiae templates

Security concerns regarding the stored biometric data is impeding the widespread public acceptance of biometric technology. Though a number of bio-crypto algorithms have been proposed, they have limited practical applicability due to the trade-off between recognition performance and security of the template. In this paper, we improve the recognition performance as well as the security of a fingerprint based biometric cryptosystem, called fingerprint fuzzy vault. We incorporate minutiae descriptors, which capture ridge orientation and frequency information in a minutias neighborhood, in the vault construction using the fuzzy commitment approach. Experimental results show that with the use of minutiae descriptors, the fingerprint matching performance improves from an FAR of 0.7% to 0.01% at a GAR of 95% with some improvement in security as well. An analysis of security while considering two different attack scenarios is also presented. A preliminary version of this paper appeared in the International Conference on Pattern Recognition, 2008 and was selected as the Best Scientific Paper in the biometrics track.

Biometric template transformation: a security analysis

One of the critical steps in designing a secure biometric system is protecting the templates of the users that are stored either in a central database or on smart cards. If a biometric template is compromised, it leads to serious security and privacy threats because unlike passwords, it is not possible for a legitimate user to revoke his biometric identifiers and switch to another set of uncompromised identifiers. One methodology for biometric template protection is the template transformation approach, where the template, consisting of the features extracted from the biometric trait, is transformed using parameters derived from a user specific password or key. Only the transformed template is stored and matching is performed directly in the transformed domain. In this paper, we formally investigate the security strength of template transformation techniques and define six metrics that facilitate a holistic security evaluation. Furthermore, we analyze the security of two wellknown template transformation techniques, namely, Biohashing and cancelable fingerprint templates based on the proposed metrics. Our analysis indicates that both these schemes are vulnerable to intrusion and linkage attacks because it is relatively easy to obtain either a close approximation of the original template (Biohashing) or a pre-image of the transformed template (cancelable fingerprints). We argue that the security strength of template transformation techniques must consider also consider the computational complexity of obtaining a complete pre-image of the transformed template in addition to the complexity of recovering the original biometric template.

On matching latent fingerprints

Latent fingerprint identification is of critical importance to law enforcement agencies in forensics application. While tremendous progress has been made in the field of automatic fingerprint matching, latent fingerprint matching continues to be a difficult problem because the challenges involved in latent print matching are quite different from plain or rolled fingerprint matching. Poor quality of friction ridge impressions, small finger area and large non-linear distortion are some of the main difficulties in latent fingerprint matching. We propose a system for matching latent images to rolled fingerprints that takes into account the specific characteristics of the latent matching problem. In addition to minutiae, additional features like orientation field and quality map are also used in our system. Experimental results on the NIST SD27 latent database indicate that the introduction of orientation field and quality map to minutiae-based matching leads to good recognition performance despite the inherently difficult nature of the problem. We achieve the rank-20 accuracy of 93.4% in retrieving 258 latents from a background database of 2,258 rolled fingerprints.

Alignment and bit extraction for secure fingerprint biometrics

Security of biometric templates stored in a system is important because a stolen template can compromise system security as well as user privacy. Therefore, a number of secure biometrics schemes have been proposed that facilitate matching of feature templates without the need for a stored biometric sample. However, most of these schemes suffer from poor matching performance owing to the difficulty of designing biometric features that remain robust over repeated biometric measurements. This paper describes a scheme to extract binary features from fingerprints using minutia points and fingerprint ridges. The features are amenable to direct matching based on binary Hamming distance, but are especially suitable for use in secure biometric cryptosystems that use standard error correcting codes. Given all binary features, a method for retaining only the most discriminable features is presented which improves the Genuine Accept Rate (GAR) from 82% to 90% at a False Accept Rate (FAR) of 0.1% on a well-known public database. Additionally, incorporating singular points such as a core or delta feature is shown to improve the matching tradeoff.

Privacy and security of features extracted from minutiae aggregates

This paper describes our recent analysis on the security and privacy of biometric feature vectors obtained from fingerprint minutiae. A large number of contiguous regions (cuboids) are selected at random in the minutiae space, and several new features are extracted from the minutiae inside each such cuboid. Specifically, the features are extracted from the average minutia coordinate within a cuboid, the standard deviation of the minutiae coordinates, and the aggregate wall distance, i.e., the sum of distance of each minutia from the boundary of the cuboids. In terms of matching performance on a public database, the feature vectors provide an equal error rate of 3 % even if the imposter is allowed to use the same local patches as the genuine user. Performance within a secure biometrics framework is evaluated by applying an LDPC code to the feature vectors and storing only the syndrome at the access control device, for use in authentication. The paper concludes with a discussion on methods to analyze security and privacy of biometric systems that use such local-aggregate-based feature vectors in a secure biometric recognition framework. This discussion highlights security attacks via template injection, spoofing, and cancelability compromises and also considers the difficulty of privacy attacks via template inversion.

On the security of non-invertible fingerprint template transforms

Many transformation functions have been proposed for generating revocable or non-invertible biometric templates. However, their security analysis either ignores the distribution of biometric features or uses inefficient feature matching. This usually leads to unrealistic estimates of security. In this paper we introduce a new measure of non-invertibility, called the Coverage-Effort (CE) curve which measures the number of guesses (Effort) required by an adversary to recover a certain fraction (Coverage) of the original biometric data. In addition to utilizing the feature distribution, the CE curve allows estimation of security against partial recovery of biometric features. We analyze the CE curves obtained using different instances of a mixture of Gaussians based feature transform for fingerprint templates. Our analysis shows that knowledge of the fingerprint minutiae distribution reduces the effort required to obtain a specified coverage.