Hisham Al-Assam

A lightweight approach for biometric template protection

Privacy and security are vital concerns for practical biometric systems. The concept of cancelable or revocable biometrics has been proposed as a solution for biometric template security. Revocable biometric means that biometric templates are no longer fixed over time and could be revoked in the same way as lost or stolen credit cards are. In this paper, we describe a novel and an efficient approach to biometric template protection that meets the revocability property. This scheme can be incorporated into any biometric verification scheme while maintaining, if not improving, the accuracy of the original biometric system. However, we shall demonstrate the result of applying such transforms on face biometric templates and compare the efficiency of our approach with that of the well-known random projection techniques. We shall also present the results of experimental work on recognition accuracy before and after applying the proposed transform on feature vectors that are generated by wavelet transforms. These results are based on experiments conducted on a number of well-known face image databases, e.g. Yale and ORL databases.

Improving performance and security of biometrics using efficient and stable random projection techniques

The challenges in biometrics research activities have expanded recently to include the maintenance of security and privacy of biometric templates beside the traditional work to improve accuracy, speed, and robustness. Revocable biometric templates and biometric cryptosystems have been developed as template protection measures. Revocability means that biometric templates could be revoked in the same way as lost or stolen credit cards are, while biometric cryptosystems aim to generate biometric keys and hashes to be used as proof of identity. Recently developed biometric protection schemes involve the use of random projections (RP) onto secret personalised domains. In this paper, we propose a novel and efficient orthonormal RP scheme to be used for the generation of revocable biometrics. We shall demonstrate the result of applying our RP transforms on face biometrics and compare its efficiency with that of the widely used RP technique based on the Gram-Schmidt process. We shall also present the results of experimental work on recognition accuracy before and after applying the proposed transform on feature vectors that are generated by wavelet transformed face images. Some security analysis of our scheme will also be presented.

Security evaluation of biometric keys

Biometric cryptosystems combine biometrics with cryptography by producing Biometric Cryptographic Keys (BCKs) to provide stronger security mechanisms while protecting against identity theft. The process of generating/binding biometric keys consists of a number of steps starting with a feature extraction procedure, the complexity of which depends on the specific biometric trait/scheme, followed often by user selected transformation to allow for revocability, and an error correction scheme to tolerate reasonable amount of intra-class variation. Each of these steps has its own effect on the security of the generated/bound key. Proper security evaluation must include thorough analysis of the security effect of each of these steps. We propose a comprehensive approach to BCKs security evaluation that takes into consideration each of the steps involved in their construction. We first review existing BCKs and highlight that the analysis of their security is either insufficient or not provided. In addition to evaluating the correctness (i.e. error rates), and the generated/bound key size, we evaluate the randomness of biometric features employed in the process of key generation. Our proposal combines the Kullback-Leibler divergence and the discrimination entropy to formulate a new measure of the Entropy of Biometric Features (EBF), defined as the average number of bits that distinguishes a user from a given population. Then we rigorously evaluate the impact of using error correcting scheme on the security of BCKs to calculate the Effective Entropy of Biometric Features (EEBF). Finally, inherent individual differences of the EBFs will be discussed. Here, we focus on face-based BCKs, but this does not restrict the use of the proposed evaluation. This paper argues that current face-based BCKs are not secure enough for high level security applications, and demonstrates that the average EEBF of BCKs using PCA-based facial features is less than 20-bit even when applying a user-based randomization on biometric features.

Multi-factor biometrics for authentication: a false sense of security

Multi-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply User-Based Transformations (UBTs) on biometric features. Typically, UBTs rely on generating user-based transformation keys from a password/PIN or retrieved from a token. One significant advantage of employing UBTs is its ability to achieve zero or near zero Equal Error Rate (EER) i.e. a clear separation of genuine and imposter distributions. However, the effect of compromised transformation keys on authentication accuracy has not been tested rigorously. In this paper, we challenge the myth that has been reported in the literature that in the case of stolen transformation key(s), accuracy drops but remains close to the accuracy of biometric only system. Moreover, we shall show that a multi-factor authentication system setup to operate at a zero EER has a serious security lapse in the event of stolen or compromised keys. In such a scenario, the False Acceptance Rate (FAR) of the system reaches unacceptable levels. We shall demonstrate this by experiments conducted on face and fingerprint biometrics, and show that an imposter with a stolen key needs no more than two attempts on average to be falsely accepted by the biometric system.

Combining steganography and biometric cryptosystems for secure mutual authentication and key exchange

Although biometric authentication is perceived to be more reliable than traditional authentication schemes, it becomes vulnerable to several attacks when it comes to remote authentication over open networks. Steganography based techniques have been used in the context of remote authentication to hide biometric feature vectors. Biometric cryptosystems, on the other hand, are proposed to enhance the security of biometric systems and to create revocable representations of individuals. However, neither steganography nor biometric cryptosystems are immune against replay attack and other remote attacks. This paper proposes a novel approach that combines steganography with biometric cryptosystems effectively to establish robust remote mutual authentication between two parties as well as key exchange that facilitates one-time stego-keys. The proposal involves the use of random orthonormal projection and multi-factor biometric key binding techniques, and relies on a mutual challenge/response and one-time stego-keys to prevent replay attacks and provide non-repudiation feature. Implementation details and simulation results based on face biometric show the viability of our proposal. Furthermore, we argue that the proposed scheme enhances security while it can be both user-friendly and cost-effective.

Multi-factor challenge/response approach for remote biometric authentication

Although biometric authentication is perceived to be more reliable than traditional authentication schemes, it becomes vulnerable to many attacks when it comes to remote authentication over open networks and raises serious privacy concerns. This paper proposes a biometric-based challenge-response approach to be used for remote authentication between two parties A and B over open networks. In the proposed approach, a remote authenticator system B (e.g. a bank) challenges its client A who wants to authenticate his/her self to the system by sending a one-time public random challenge. The client A responds by employing the random challenge along with secret information obtained from a password and a token to produce a one-time cancellable representation of his freshly captured biometric sample. The one-time biometric representation, which is based on multi-factor, is then sent back to B for matching. Here, we argue that eavesdropping of the one-time random challenge and/or the resulting one-time biometric representation does not compromise the security of the system, and no information about the original biometric data is leaked. In addition to securing biometric templates, the proposed protocol offers a practical solution for the replay attack on biometric systems. Moreover, we propose a new scheme for generating a password-based pseudo random numbers/permutation to be used as a building block in the proposed approach. The proposed scheme is also designed to provide protection against repudiation. We illustrate the viability and effectiveness of the proposed approach by experimental results based on two biometric modalities: fingerprint and face biometrics.

Automatic spine curvature estimation from X-ray images of a mouse model

Automatic segmentation and quantification of skeletal structures has a variety of applications for biological research. Although solutions for good quality X-ray images of human skeletal structures are in existence in recent years, automatic solutions working on poor quality X-ray images of mice are rare. This paper proposes a fully automatic solution for spine segmentation and curvature quantification from X-ray images of mice. The proposed solution consists of three stages, namely preparation of the region of interest, spine segmentation, and spine curvature quantification, aiming to overcome technical difficulties in processing the X-ray images. We examined six different automatic measurements for quantifying the spine curvature through tests on a sample data set of 100 images. The experimental results show that some of the automatic measures are very close to and consistent with the best manual measurement results by annotators. The test results also demonstrate the effectiveness of the curvature quantification produced by the proposed solution in distinguishing abnormally shaped spines from the normal ones with accuracy up to 98.6%.

Automated classification of static ultrasound images of ovarian tumours based on decision level fusion

Ovarian cancer is the most deadly cancer of the female reproductive system. Early detection of ovarian carcinoma continues to be a challenging task. Manual classifications are generally based on subjective assessment by experts, which may result in different diagnoses. In this paper, we propose a new method for automatic ovarian tumour classification based on decision level fusion. The proposed method first extracts two different types of features (Histogram and Local Binary Pattern) from ultrasound images of the ovary. Support Vector Machine (SVM) is then used to classify ovarian tumour based on each type of features separately. The method then employs a novel decision fusion that categorizes SVM-based decision scores into a measure of confidence to assist the final diagnostic decision making. Experimental results on 187 ultrasound images of ovarian tumour show classification accuracy of 90%, 81% and 69% based on classification decisions of high, medium and low confidence respectively, whereas 18% of the cases were unclassified as inconclusive not sure cases. The paper argues that such confidence based prediction outcomes are more meaningful than other classical alternatives and closer to the reality in diagnosis of ovarian cancers.

Exploiting Relative Entropy and Quality Analysis in Cumulative Partial Biometric Fusion

Relative Entropy (RE) of individual’s biometric features is the amount of information that distinguishes the individual from a given population. This paper presents an analysis of RE measures for face biometric in relation to accuracy of face-based authentication, and proposes a RE-based partial face recognition scheme that fuses face regions according to their RE-ranks. We establish that different facial feature extraction techniques (FET) result in different RE values, and compare RE values in PCA features with those for a number of wavelet subband features at different levels of decomposition. We demonstrate that for each of the FETs there is a strong positive correlation between RE and authentication accuracy, and that increased image quality results in increased RE and increased authentication accuracy for all FETs. In fact, severe image quality degradation may result in more than 75% drop in RE values. We also present a regional version of these investigations in order to determine the facial regions that have more influence on accuracy and RE values, and propose a partial face recognition that fuses in a cumulative manner horizontal face regions according to their RE-ranks. We argue that the proposed approach is not only useful when parts of facial images are unavailable but also it outperforms the use of the full face images. Our experiments show that the required percentage of facial images for achieving the optimal performance of face recognition varies from just over 1% to 45% of the face image depending on image quality whereas authentication accuracy improves significantly especially for low quality face images.

Integrating Cancellable Biometrics with Geographical Location for Effective Unattended Authentication of Users of Mobile Devices

Over the past decade, security and privacy concerns about the growing deployment of biometrics as a proof of identity have motivated researchers to investigate solutions such as cancellable biometrics to enhance the security of biometric systems. However, the open nature of newly emerged mobile authentication scenarios has made these solutions impractical and necessitated the need for new innovative solutions. This paper proposes an effective authentication scheme for remote users on mobile-handsets. The proposal incorporates cancellable biometrics with actual mobile-handset location to produce a one-time authentication token. For added security, the location is obtained and verified via two independent sources, and the authentication token is robustly stamped by the transaction time to guarantee the liveliness. This makes the proposed scheme immune against replay and other remote fraudulent attacks. Trials and simulations based on using biometric datasets and real GPS/Cellular measurements show the viability of our scheme for unattended and mobile authentication. 