Axel Durbet,Paul-Marie Grollemund,Kevin Thiry-Atighehchi

2024-02-21

Abstract:A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.

Cryptography and Security,Computer Vision and Pattern Recognition

Axel Durbet,Kevin Thiry-Atighehchi,Dorine Chagnon,Paul-Marie Grollemund

2024-07-30

Abstract:In a biometric authentication or identification system, the matcher compares a stored and a fresh template to determine whether there is a match. This assessment is based on both a similarity score and a predefined threshold. For better compliance with privacy legislation, the matcher can be built upon a privacy-preserving distance. Beyond the binary output (`yes' or `no'), most schemes may perform more precise computations, e.g., the value of the distance. Such precise information is prone to leakage even when not returned by the system. This can occur due to a malware infection or the use of a weakly privacy-preserving distance, exemplified by side channel attacks or partially obfuscated designs. This paper provides an analysis of information leakage during distance evaluation. We provide a catalog of information leakage scenarios with their impacts on data privacy. Each scenario gives rise to unique attacks with impacts quantified in terms of computational costs, thereby providing a better understanding of the security level.

Cryptography and Security,Computer Vision and Pattern Recognition

Hyunmin Choi,Jiwon Kim,Chiyoung Song,Simon S. Woo,Hyoungshick Kim

DOI: https://doi.org/10.1145/3627673.3680017

2024-10-13

Abstract:We present Blind-Match, a novel biometric identification system that leverages homomorphic encryption (HE) for efficient and privacy-preserving 1:N matching. Blind-Match introduces a HE-optimized cosine similarity computation method, where the key idea is to divide the feature vector into smaller parts for processing rather than computing the entire vector at once. By optimizing the number of these parts, Blind-Match minimizes execution time while ensuring data privacy through HE. Blind-Match achieves superior performance compared to state-of-the-art methods across various biometric datasets. On the LFW face dataset, Blind-Match attains a 99.63% Rank-1 accuracy with a 128-dimensional feature vector, demonstrating its robustness in face recognition tasks. For fingerprint identification, Blind-Match achieves a remarkable 99.55% Rank-1 accuracy on the PolyU dataset, even with a compact 16-dimensional feature vector, significantly outperforming the state-of-the-art method, Blind-Touch, which achieves only 59.17%. Furthermore, Blind-Match showcases practical efficiency in large-scale biometric identification scenarios, such as Naver Cloud's FaceSign, by processing 6,144 biometric samples in 0.74 seconds using a 128-dimensional feature vector.

Computer Vision and Pattern Recognition,Cryptography and Security

Sam Grierson,William J Buchanan,Craig Thomson,Baraq Galeb,Chris Eckl

2024-11-26

Abstract:Biometric systems, while offering convenient authentication, often fall short in providing rigorous security assurances. A primary reason is the ad-hoc design of protocols and components, which hinders the establishment of comprehensive security proofs. This paper introduces a formal framework for constructing secure and privacy-preserving biometric systems. By leveraging the principles of universal composability, we enable the modular analysis and verification of individual system components. This approach allows us to derive strong security and privacy properties for the entire system, grounded in well-defined computational assumptions.

Cryptography and Security

Hossen Asiful Mustafa,Hasan Muhammad Kafi

DOI: https://doi.org/10.48550/arXiv.1711.01198

2017-11-03

Abstract:Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.

Cryptography and Security

Sudipta Banerjee,Anubhav Jain,Zehua Jiang,Nasir Memon,Julian Togelius,Arun Ross

2023-11-21

Abstract:A dictionary attack in a biometric system entails the use of a small number of strategically generated images or templates to successfully match with a large number of identities, thereby compromising security. We focus on dictionary attacks at the template level, specifically the IrisCodes used in iris recognition systems. We present an hitherto unknown vulnerability wherein we mix IrisCodes using simple bitwise operators to generate alpha-mixtures - alpha-wolves (combining a set of "wolf" samples) and alpha-mammals (combining a set of users selected via search optimization) that increase false matches. We evaluate this vulnerability using the IITD, CASIA-IrisV4-Thousand and Synthetic datasets, and observe that an alpha-wolf (from two wolves) can match upto 71 identities @FMR=0.001%, while an alpha-mammal (from two identities) can match upto 133 other identities @FMR=0.01% on the IITD dataset.

Computer Vision and Pattern Recognition

Ning Wang,Qiong Li,Ahmed A. Abd El-Latif,Jialiang Peng,Xuehu Yan,Xiamu Niu

DOI: https://doi.org/10.1007/s11760-014-0663-2

2014-01-01

Abstract:In recent years, biometrics template protection has been extensively studied and lots of schemes have been proposed. However, most of them have not considered the forgery, large difference of intra-class and the security of unimodal biometrics leakage. And there is no multibiometrics template scheme based on the fusion of dual iris, thermal and visible face images. In this paper, a novel multibiometrics template protection scheme based on fuzzy commitment and chaotic system, and the security analysis approach for unimodal biometrics leakage are proposed. Firstly, the thermal face images are captured to overcome the forgery. Then, the fuzzy commitment is generated from the corporation of error correcting code (ECC) and the fusion binary features. Additionally, the dual iris feature vectors are encrypted via the chaotic system, and the score level fusion based on Aczél-Alsina triangular-norm (AA T-norm) is implemented to acquire the final verification performance. Finally, the entropy of both mutlibiometrics and unimodal information leakage is analyzed to show the security of the proposed approach. The experimental tests are conducted on a virtual multibiometrics database, which merges the challenging CASIA-Iris-Thousand and the NVIE face database. The verification performance decreases from EER of 3 × 10^-2 to 1.163 × 10^-1

WANG Ning,LI Qiong,NIU Xiamu

DOI: https://doi.org/10.3969/j.issn.2095-2163.2013.03.017

2013-01-01

Abstract:Some problems of unimodal biometrics can be solved by multibiometrics,and it is valuable to implement the multibiometric system based on the lower quality dual iris,thermal face images.However,the threat is higher if leakage of the template of multibiometrcs.This paper converts the real thermal face image feature to binary initially,and then generates the secure sketch and biometric via binary thermal face image feature based on the fuzzy commitment scheme.The biometric key is used to encrypt the lower quality iris binary feature for securing the multibiometric template.The experimental results show that this approach can solve the problem of larger distance of intra-class of biometric feature template.And the system not only keeps higher verification performance,but also has the higher security.Furthermore,the paper also analyzes the security based on cross matching after the leakage of the part biometric thermal face feature.Meanwhile the paper obtains the conclusion of decreasing the error tolerance capability and sacrificing verification performance to enhance the system security.

Daile Osorio-Roig,Mahdi Ghafourian,Christian Rathgeb,Ruben Vera-Rodriguez,Christoph Busch,Julian Fierrez

2023-10-05

Abstract:Nowadays, facial recognition systems are still vulnerable to adversarial attacks. These attacks vary from simple perturbations of the input image to modifying the parameters of the recognition model to impersonate an authorised subject. So-called privacy-enhancing facial recognition systems have been mostly developed to provide protection of stored biometric reference data, i.e. templates. In the literature, privacy-enhancing facial recognition approaches have focused solely on conventional security threats at the template level, ignoring the growing concern related to adversarial attacks. Up to now, few works have provided mechanisms to protect face recognition against adversarial attacks while maintaining high security at the template level. In this paper, we propose different key selection strategies to improve the security of a competitive cancelable scheme operating at the signal level. Experimental results show that certain strategies based on signal-level key selection can lead to complete blocking of the adversarial attack based on an iterative optimization for the most secure threshold, while for the most practical threshold, the attack success chance can be decreased to approximately 5.0%.

Computer Vision and Pattern Recognition

Marta Gomez-Barrero,Javier Galbally,Christian Rathgeb,Christoph Busch

DOI: https://doi.org/10.1109/TIFS.2017.2788000

2023-11-08

Abstract:The wide deployment of biometric recognition systems in the last two decades has raised privacy concerns regarding the storage and use of biometric data. As a consequence, the ISO/IEC 24745 international standard on biometric information protection has established two main requirements for protecting biometric templates: irreversibility and unlinkability. Numerous efforts have been directed to the development and analysis of irreversible templates. However, there is still no systematic quantitative manner to analyse the unlinkability of such templates. In this paper we address this shortcoming by proposing a new general framework for the evaluation of biometric templates' unlinkability. To illustrate the potential of the approach, it is applied to assess the unlinkability of four state-of-the-art techniques for biometric template protection: biometric salting, Bloom filters, Homomorphic Encryption and block re-mapping. For the last technique, the proposed framework is compared with other existing metrics to show its advantages.

Computer Vision and Pattern Recognition

Li W,Poh N,Zhou Y.

DOI: https://doi.org/10.1117/12.2061785

2014-01-01

Abstract:Spoof attack by replicating biometric traits represents a real threat to an automatic biometric verification/ authentication system. This is because the system, originally designed to distinguish between genuine users from impostors, simply cannot distinguish between a replicated biometric sample (replica) from a live sample. An effective solution is to obtain some measures that can indicate whether or not a biometric trait has been tempered with, e.g., liveness detection measures. These measures are referred to as evidence of spoofing or anti-spoofing measures. In order to make the final accept/rejection decision, a straightforward solution to define two thresholds: one for the anti-spoofing measure, and another for the verification score. We compared two variants of a method that relies on applying two thresholds - one to the verification (matching) score and another to the anti-spoofing measure. Our experiments carried out using a signature database as well as by simulation show that both the brute-force and its probabilistic variant turn out to be optimal under different operating conditions. © 2014 SPIE.

Babak Poorebrahim Gilkalaye,Shubhabrata Mukherjee,Reza Derakhshani

2024-08-12

Abstract:Generative AI has revolutionized modern machine learning by providing unprecedented realism, diversity, and efficiency in data generation. This technology holds immense potential for biometrics, including for securing sensitive and personally identifiable information. Given the irrevocability of biometric samples and mounting privacy concerns, biometric template security and secure matching are among the most sought-after features of modern biometric systems. This paper proposes a novel obfuscation method using Generative AI to enhance biometric template security. Our approach utilizes synthetic facial images generated by a Generative Adversarial Network (GAN) as "random chaff points" within a secure vault system. Our method creates n sub-templates from the original template, each obfuscated with m GAN chaff points. During verification, s closest vectors to the biometric query are retrieved from each vault and combined to generate hash values, which are then compared with the stored hash value. Thus, our method safeguards user identities during the training and deployment phases by employing the GAN-generated synthetic images. Our protocol was tested using the AT&T, GT, and LFW face datasets, achieving ROC areas under the curve of 0.99, 0.99, and 0.90, respectively. Our results demonstrate that the proposed method can maintain high accuracy and reasonable computational complexity comparable to those unprotected template methods while significantly enhancing security and privacy, underscoring the potential of Generative AI in developing proactive defensive strategies for biometric systems.

Computer Vision and Pattern Recognition

Baogang Song,Dongdong Zhao,Jiang Yan,Huanhuan Li,Hao Jiang

2024-08-07

Abstract:With the wide application of biometrics, more and more attention has been paid to the security of biometric templates. However most of existing biometric template protection (BTP) methods have some security problems, e.g. the problem that protected templates leak part of the original biometric data (exists in Cancelable Biometrics (CB)), the use of error-correcting codes (ECC) leads to decodable attack, statistical attack (exists in Biometric Cryptosystems (BCS)), the inability to achieve revocability (exists in methods using Neural Network (NN) to learn pre-defined templates), the inability to use cryptographic hash to guarantee strong security (exists in CB and methods using NN to learn latent templates). In this paper, we propose a framework called BioDeepHash based on deep hashing and cryptographic hashing to address the above four problems, where different biometric data of the same user are mapped to a stable code using deep hashing instead of predefined binary codes thus avoiding the use of ECC. An application-specific binary string is employed to achieve revocability. Then cryptographic hashing is used to get the final protected template to ensure strong security. Ultimately our framework achieves not storing any data that would leak part of the original biometric data. We also conduct extensive experiments on facial and iris datasets. Our method achieves an improvement of 10.12$\%$ on the average Genuine Acceptance Rate (GAR) for iris data and 3.12$\%$ for facial data compared to existing methods. In addition, BioDeepHash achieves extremely low False Acceptance Rate (FAR), i.e. 0$\%$ FAR on the iris dataset and the highest FAR on the facial dataset is only 0.0002$\%$.

Cryptography and Security

Thi Ai Thao Nguyen,Tran Khanh Dang,Dinh Thanh Nguyen

DOI: https://doi.org/10.48550/arXiv.1904.00264

2019-03-31

Abstract:Biometric template protection is one of most essential parts in putting a biometric-based authentication system into practice. There have been many researches proposing different solutions to secure biometric templates of users. They can be categorized into two approaches: feature transformation and biometric cryptosystem. However, no one single template protection approach can satisfy all the requirements of a secure biometric-based authentication system. In this work, we will propose a novel hybrid biometric template protection which takes benefits of both approaches while preventing their limitations. The experiments demonstrate that the performance of the system can be maintained with the support of a new random orthonormal project technique, which reduces the computational complexity while preserving the accuracy. Meanwhile, the security of biometric templates is guaranteed by employing fuzzy commitment protocol.

Cryptography and Security

MyeongHoe Lee,JunHo Yoon,Chang Choi

DOI: https://doi.org/10.1111/exsy.13655

IF: 3.3

2024-06-24

Expert Systems

Abstract:Research on multi‐biometric authentication systems using multiple biometric modalities to defend against adversarial attacks is actively being pursued. These systems authenticate users by combining two or more biometric modalities using score or feature‐level fusion. However, research on adversarial attacks and defences against each biometric modality within these authentication systems has not been actively conducted. In this study, we constructed a multi‐biometric authentication system using fingerprint, palmprint, and iris information from CASIA‐BIT by employing score and feature‐level fusion. We verified the system's vulnerability by deploying adversarial attacks on single and multiple biometric modalities based on the FGSM, with epsilon values ranging from 0 to 0.5. The experimental results show that when the epsilon value is 0.5, the accuracy of the multi‐biometric authentication system against adversarial attacks on the palmprint and iris information decreases from 0.995 to 0.018 and 0.003, respectively, and the f1‐score decreases from 0.995 to 0.007 and 0.000, respectively, demonstrating susceptibility to adversarial attacks. In the case of fingerprint data, however, the accuracy and f1‐score decreased from 0.995 to 0.731 and from 0.995 to 0.741, respectively, indicating resilience against adversarial attacks.

computer science, artificial intelligence, theory & methods

Jinyang Shi,Zhiyang You,Ming Gu,Kwok-yan Lam

DOI: https://doi.org/10.1109/icpr.2008.4761874

2008-01-01

Abstract:Biometric authentication and privacy protection are conflicting issues in a practical system. Since biometrics cannot be revoked or canceled if compromised duo to the permanent association with the user, privacy-preserving biometric recognition is desired. However, the recently proposed template protection schemes are not yet sufficiently mature. Specially, the popular noninvertible transform approach will result in an obvious decrease of GAR for a fixed FAR. In this paper, we put forward a novel anonymous fingerprint recognition scheme, Biomapping, as the first approach to integrate the feature extraction, noninvertible transform, and anonymous query as a whole. Biomapping extracts the fingerprint feature utilizing a minutiae-centered region encoding, then performs anonymous enrollment and verification using the noninvertible and discriminable constructions. Experiments on the public domain database show Biomapping can provide better recognition accuracy along with the ability to protect the biometric template, thus becomes a promising solution for privacy trustworthy biometric applications.

H. Kalluri,Pavani Chitrapu

DOI: https://doi.org/10.1109/SCEECS57921.2023.10062968

2023-02-18

Abstract:Recent years have seen increased interest in research on biometric template protection due to the widespread use of biometric authentication systems. For providing security to biometric templates, there is a procedure known as Fully Homomorphic Encryption that protects biometric templates from the malicious server environment. Users have more customization options with a biometric authentication system than a password or token. The most popular biometric modalities include fingerprints, iris scans, facial images, etc. Biometric modalities offer security on IoMT -based systems. Face recognition is one of the most often utilized biometric authentication methods in societal structure. Face recognition technology has made enormous strides in recent years. Here, we examine the viability of securing a database of iris templates using a methodology based on fully homomorphic Encryption. By directly matching templates in the encrypted domain, this framework is designed to protect confidentiality and restrict information from leaking from the templates while preserving their utility. We also investigate various classification techniques on machine learning models to achieve improved accuracy with shorter execution times. The aggregate verification vector assists in confirming the accuracy of the computed classification result, and the CKKS technique ensures confidentiality for the biometric templates. This study provides a plethora of information on fully homomorphic biometric authentication, containing a wide assortment of algorithms that satisfy homomorphic Encryption and various methods for extracting the biometric-related template.

Computer Science

Tanguy Gernot,Christophe Rosenberger

DOI: https://doi.org/10.1016/j.cose.2023.103586

IF: 5.105

2024-02-01

Computers & Security

Abstract:User authentication is an important issue on the Internet and usually solved through static and often unique passwords. Another method is to use biometrics, but biometric data are sensitive and need to be protected. Protection schemes such as cancelable biometric template generation have appeared, but they are sensitive to replay attacks. In this paper, we propose an original method to generate one-time biometric templates for user authentication applications. This proposed scheme limits replay attacks, consisting of an attacker maliciously retransmitting an intercepted user's identity proof. Our method is generic: any biometric modality could be used, the identity verification is realized by the service/identity provider to be realistic. Biometric features are extracted from captures using deep learning and then protected with biohashing, a cancelable biometric scheme. Finally, a step consisting of cryptographic hashing and symmetric encryption guarantees the generation of a one-time, non-replayable template. We have tested our scheme on two common biometric databases, from faces and fingerprints, and the results confirm its efficiency and robustness to attacks given a rigorous threat model.

computer science, information systems

Shilian Yu,Ye Ai,Bo Xu,Yicong Zhou,Weifeng Li,Qingmin Liao,Norman Poh

DOI: https://doi.org/10.1016/j.ins.2016.03.005

IF: 8.1

2016-01-01

Information Sciences

Abstract:A conventional biometric authentication system is often designed to distinguish genuine accesses from zero-effort impostor attacks. However, when operating in an adversarial environment, the system has to be robust against presentation attacks such as spoofing. An effective solution to reduce the impact of spoofing attack is to consider both the matching score and liveness score when making the accept/reject decision. In this paper, we consider the joint decision space of matching and liveness scores in the presence of both spoofing attack and zero-effort attack, with application to signature verification. Our investigation aims to understand how decision thresholds in the above space should be optimized. This leads to two dichotomies of methods, namely brute-force approach versus probabilistic approach; and single threshold versus double-threshold approach. This view leads to three novel methods that have never been reported. Based on the experimental results carried out on an off-line signature database, the novel methods turn out to outperform simpler methods with only matching score.

Qi Han,Zhifang Wang,Xiamu Niu

2008-01-01

Abstract:In recent literature, the issue of biometric template protection was raised. Some schemes were proposed to solve the contradiction between the fuzzy biometric information and accurate cryptography functions to achieve the protection of biometric template via cryptography method. In this paper, a novel methodology to achieve the security of the biometric templates in biometric systems is proposed. An adaptive non-uniform quantization (ANUQ) algorithm is introduced to eliminate the contradiction between the fuzziness of the biometric information and the sensitive of the Hash function. The ANUQ algorithm maps different biometric feature vectors from the same individual to a unique quantized feature vector. Then the quantized feature vector can be saved and identified by its hash and the biometric system can be free from the risk of the leakage of users’ privacy information. Based on the ANUQ algorithm, two biometric template protection scheme are designed to meet different applications. Scheme-I involved a single quantizing template while scheme-II use a quantizing template array. The comparison of the two schemes are raised. Further, the testing of these schemes are carried out on an iris recognition algorithm. The results show the feasibility of the ANUQ-based schemes.