Umut Uludag

Biometric cryptosystems: issues and challenges

In traditional cryptosystems, user authentication is based on possession of secret keys; the method falls apart if the keys are not kept secret (i.e., shared with non-legitimate users). Further, keys can be forgotten, lost, or stolen and, thus, cannot provide non-repudiation. Current authentication systems based on physiological and behavioral characteristics of persons (known as biometrics), such as fingerprints, inherently provide solutions to many of these problems and may replace the authentication component of traditional cryptosystems. We present various methods that monolithically bind a cryptographic key with the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication. We assess the performance of one of these biometric key binding/generation algorithms using the fingerprint biometric. We illustrate the challenges involved in biometric key generation primarily due to drastic acquisition variations in the representation of a biometric identifier and the imperfect nature of biometric feature extraction and matching algorithms. We elaborate on the suitability of these algorithms for digital rights management systems.

Large-scale evaluation of multimodal biometric authentication using state-of-the-art systems

We examine the performance of multimodal biometric authentication systems using state-of-the-art commercial off-the-shelf (COTS) fingerprint and face biometric systems on a population approaching 1,000 individuals. The majority of prior studies of multimodal biometrics have been limited to relatively low accuracy non-COTS systems and populations of a few hundred users. Our work is the first to demonstrate that multimodal fingerprint and face biometric systems can achieve significant accuracy gains over either biometric alone, even when using highly accurate COTS systems on a relatively large-scale population. In addition to examining well-known multimodal methods, we introduce new methods of normalization and fusion that further improve the accuracy.

Fuzzy vault for fingerprints

Biometrics-based user authentication has several advantages over traditional password-based systems for standalone authentication applications, such as secure cellular phone access. This is also true for new authentication architectures known as crypto-biometric systems, where cryptography and biometrics are merged to achieve high security and user convenience at the same time. In this paper, we explore the realization of a previously proposed cryptographic construct, called fuzzy vault, with the fingerprint minutiae data. This construct aims to secure critical data (e.g., secret encryption key) with the fingerprint data in a way that only the authorized user can access the secret by providing the valid fingerprint. The results show that 128-bit AES keys can be secured with fingerprint minutiae data using the proposed system.

Hiding biometric data

With the wide spread utilization of biometric identification systems, establishing the authenticity of biometric data itself has emerged as an important research issue. The fact that biometric data is not replaceable and is not secret, combined with the existence of several types of attacks that are possible in a biometric system, make the issue of security/integrity of biometric data extremely critical. We introduce two applications of an amplitude modulation-based watermarking method, in which we hide a users biometric data in a variety of images. This method has the ability to increase the security of both the hidden biometric data (e.g., eigen-face coefficients) and host images (e.g., fingerprints). Image adaptive data embedding methods used in our scheme lead to low visibility of the embedded signal. Feature analysis of host images guarantees high verification accuracy on watermarked (e.g., fingerprint) images.

Attacks on biometric systems: a case study in fingerprints

In spite of numerous advantages of biometrics-based personal authentication systems over traditional security systems based on token or knowledge, they are vulnerable to attacks that can decrease their security considerably. In this paper, we analyze these attacks in the realm of a fingerprint biometric system. We propose an attack system that uses a hill climbing procedure to synthesize the target minutia templates and evaluate its feasibility with extensive experimental results conducted on a large fingerprint database. Several measures that can be utilized to decrease the probability of such attacks and their ramifications are also presented.

Biometric template selection and update: a case study in fingerprints

A biometric authentication system operates by acquiring biometric data from a user and comparing it against the template data stored in a database in order to identify a person or to verify a claimed identity. Most systems store multiple templates per user in order to account for variations observed in a persons biometric data. In this paper we propose two methods to perform automatic template selection where the goal is to select prototype fingerprint templates for a finger from a given set of fingerprint impressions. The first method, called DEND, employs a clustering strategy to choose a template set that best represents the intra-class variations, while the second method, called MDIST, selects templates that exhibit maximum similarity with the rest of the impressions. Matching results on a database of 50 different fingers, with 200 impressions per finger, indicate that a systematic template selection procedure as presented here results in better performance than random template selection. The proposed methods have also been utilized to perform automatic template update. Experimental results underscore the importance of these techniques.

Hiding a face in a fingerprint image

With the wide spread utilization of biometric identification systems, establishing the authenticity of biometric data itself has emerged as an important research issue. We present a fingerprint image watermarking method that can embed facial information into host fingerprint images. This scheme has the advantage that in addition to fingerprint matching, the recovered face during the decoding can be used to establish the authenticity of the fingerprint and the user. By computing the ROC curves on a fingerprint database of 160 individuals, we show the advantages of the proposed watermarking scheme. Further, our scheme does not introduce any significant degradation in the fingerprint matching performance.

Biometric template selection: a case study in fingerprints

A biometric authentication system operates by acquiring biometric data from a user and comparing it against the template data stored in a database in order to identify a person or to verify a claimed identity. Most systems store multiple templates per user to account for variations in a persons biometric data. In this paper we propose two techniques to automatically select prototype fingerprint templates for a finger from a given set of fingerprint impressions. The first method, called DEND, performs clustering in order to choose a template set that best represents the intra-class variations, while the second method, called MDIST, selects templates that have maximum similarity with the rest of the impressions and, therefore, represent typical measurements of biometric data. Matching results on a database of 50 different fingers, with 100 impressions per finger, indicate that a systematic template selection procedure as presented here results in better performance than random template selection.

Multimedia content protection via biometrics-based encryption

We propose a multimedia content protection framework that is based on biometric data of the users and a layered encryption/decryption scheme. Password-only encryption schemes are vulnerable to illegal key exchange problems. By using biometric data along with hardware identifiers as keys, it is possible to alleviate fraudulent usage of protected content. A combination of symmetric and asymmetric key systems is utilized for this purpose. The computational requirements and applicability of the proposed method are addressed. The results of encryption and decryption experiments related to time measurements are included. Watermarking systems can be used to complement the proposed method to permit novel uses of protected multimedia data.

Secure fingerprint matching with external registration

Biometrics-based authentication systems offer enhanced security and user convenience compared to traditional token-based (e.g., ID card) and knowledge-based (e.g., password) systems. However, the increased deployment of biometric systems in several commercial and government applications has raised questions about the security of the biometric system itself. Since the biometric traits of a user cannot be replaced if compromised, it is imperative that these systems are suitably secure in order to protect the privacy of the user as well as the integrity of the overall system. In this paper, we first investigate several methods that have been proposed in the literature to increase the security of the templates residing in a biometric system. We next propose a novel fingerprint matching architecture for resource-constrained devices (e.g., smart cards) that ensures the security of the minutiae templates present in the device. Experimental results describing the impact of several system parameters on the matching performance as well as the computational and storage costs are provided. The proposed architecture is shown to enhance the security of the minutiae templates while maintaining the overall matching performance of the system.