Abhilasha Bhargav-Spantzel,Anna Squicciarini,Elisa Bertino,Xiangwei Kong,Weike Zhang

DOI: https://doi.org/10.1145/1750389.1750401

2010-01-01

Abstract:We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.

姚琳,范庆娜,孔祥维

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.01.079

2010-01-01

Abstract:Traditional authorization with a variety of secure and privacy limitations,cannot satisfy the security needs of the internet environment,this paper proposed an identity authentication scheme based on biometric encryption.By adopting the biometric encryption,protected the biometric and key of the user well.The scheme could prevent unauthorized users from accessing and avoid unauthorized use of resources.The experiment results show that the scheme can distinguish the genuine users from imitated users though the face expressions very much.The scheme provided perfect authentication,and secure the communication well.

Axel Durbet,Pascal Lafourcade,Denis Migdal,Kevin Thiry-Atighehchi,Paul-Marie Grollemund

DOI: https://doi.org/10.48550/arXiv.2110.15163

2022-07-18

Abstract:Cancelable biometric schemes aim at generating secure biometric templates by combining user specific tokens, such as password, stored secret or salt, along with biometric data. This type of transformation is constructed as a composition of a biometric transformation with a feature extraction algorithm. The security requirements of cancelable biometric schemes concern the irreversibility, unlinkability and revocability of templates, without losing in accuracy of comparison. While several schemes were recently attacked regarding these requirements, full reversibility of such a composition in order to produce colliding biometric characteristics, and specifically presentation attacks, were never demonstrated to the best of our knowledge. In this paper, we formalize these attacks for a traditional cancelable scheme with the help of integer linear programming (ILP) and quadratically constrained quadratic programming (QCQP). Solving these optimization problems allows an adversary to slightly alter its fingerprint image in order to impersonate any individual. Moreover, in an even more severe scenario, it is possible to simultaneously impersonate several individuals.

Cryptography and Security,Computer Vision and Pattern Recognition

Alamgir Sardar,Saiyed Umer,Ranjeet Kumar Rout,Kshira Sagar Sahoo,Amir H. Gandomi

DOI: https://doi.org/10.1109/jiot.2024.3374229

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the increasing use of biometrics in Internet of Things (IoT) based applications, it is essential to ensure that biometric-based authentication systems are secure. Biometric characteristics can be accessed by anyone, which poses a risk of unauthorized access to the system through spoofed biometric traits. Therefore, it is important to implement secure and efficient security schemes suitable for real-life applications, less computationally intensive, and invulnerable. This work presents a hybrid template protection scheme for secure face recognition in IoT-based environments, which integrates Cancelable Biometrics and Bio-Cryptography. Mainly, the proposed system involves two steps: face recognition and face biometric template protection. The face recognition includes face image preprocessing by the Tree Structure Part Model (TSPM), feature extraction by Ensemble Patch Statistics (EPS) technique, and user classification by multi-class linear support vector machine (SVM). The template protection scheme includes cancelable biometric generation by modified FaceHashing and a Sliding-XOR (called S-XOR) based novel Bio-Cryptographic technique. A user biometric-based key generation technique has been introduced for the employed Bio-Cryptography. Three benchmark facial databases, CVL, FEI, and FERET, have been used for the performance evaluation and security analysis. The proposed system achieves better accuracy for all the databases of 200-dimensional cancelable feature vectors computed from the 500-dimensional original feature vector. The modified FaceHashing and S-XOR method shows superiority over existing face recognition systems and template protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Baogang Song,Dongdong Zhao,Jiang Yan,Huanhuan Li,Hao Jiang

2024-08-07

Abstract:With the wide application of biometrics, more and more attention has been paid to the security of biometric templates. However most of existing biometric template protection (BTP) methods have some security problems, e.g. the problem that protected templates leak part of the original biometric data (exists in Cancelable Biometrics (CB)), the use of error-correcting codes (ECC) leads to decodable attack, statistical attack (exists in Biometric Cryptosystems (BCS)), the inability to achieve revocability (exists in methods using Neural Network (NN) to learn pre-defined templates), the inability to use cryptographic hash to guarantee strong security (exists in CB and methods using NN to learn latent templates). In this paper, we propose a framework called BioDeepHash based on deep hashing and cryptographic hashing to address the above four problems, where different biometric data of the same user are mapped to a stable code using deep hashing instead of predefined binary codes thus avoiding the use of ECC. An application-specific binary string is employed to achieve revocability. Then cryptographic hashing is used to get the final protected template to ensure strong security. Ultimately our framework achieves not storing any data that would leak part of the original biometric data. We also conduct extensive experiments on facial and iris datasets. Our method achieves an improvement of 10.12$\%$ on the average Genuine Acceptance Rate (GAR) for iris data and 3.12$\%$ for facial data compared to existing methods. In addition, BioDeepHash achieves extremely low False Acceptance Rate (FAR), i.e. 0$\%$ FAR on the iris dataset and the highest FAR on the facial dataset is only 0.0002$\%$.

Cryptography and Security

Thi Ai Thao Nguyen,Tran Khanh Dang,Dinh Thanh Nguyen

DOI: https://doi.org/10.48550/arXiv.1904.00264

2019-03-31

Abstract:Biometric template protection is one of most essential parts in putting a biometric-based authentication system into practice. There have been many researches proposing different solutions to secure biometric templates of users. They can be categorized into two approaches: feature transformation and biometric cryptosystem. However, no one single template protection approach can satisfy all the requirements of a secure biometric-based authentication system. In this work, we will propose a novel hybrid biometric template protection which takes benefits of both approaches while preventing their limitations. The experiments demonstrate that the performance of the system can be maintained with the support of a new random orthonormal project technique, which reduces the computational complexity while preserving the accuracy. Meanwhile, the security of biometric templates is guaranteed by employing fuzzy commitment protocol.

Cryptography and Security

Vivek H. Champaneria,Sankita J. Patel,Mukesh A. Zaveri

DOI: https://doi.org/10.1007/s11042-024-19689-5

IF: 2.577

2024-06-21

Multimedia Tools and Applications

Abstract:In digital identification technologies, fingerprint-based biometric systems are extensively utilized for authentication. Fingerprint authentication systems usually store the original minutiae points as user templates in the database which consist of minutiae bifurcation and ridge end points. Storing original minutiae points in the database can create a potential security risk to a person's identity. An adversary might attack the database and compromise the user template. Various studies have demonstrated the feasibility of reconstructing the original fingerprint by utilizing the minutiae points. Existing research methods still need to be improved, and therefore, it is essential to provide security and robustness to fingerprint-based biometric systems. In this paper, a novel template protection technique using non-invertible transformation is proposed to create a secure and robust template. The transformation function uses the original minutiae positions, orientation details, and user key set values. The results demonstrated equal error rates of 1.5%, 0.85%, and 2.71% for the FVC2002 DB1, DB2, and DB3 fingerprint databases. The proposed method has demonstrated noteworthy performance improvement compared to other notable contributions. The outcome of the proposed method demonstrates practicality and effectiveness.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Babak Poorebrahim Gilkalaye,Shubhabrata Mukherjee,Reza Derakhshani

2024-08-12

Abstract:Generative AI has revolutionized modern machine learning by providing unprecedented realism, diversity, and efficiency in data generation. This technology holds immense potential for biometrics, including for securing sensitive and personally identifiable information. Given the irrevocability of biometric samples and mounting privacy concerns, biometric template security and secure matching are among the most sought-after features of modern biometric systems. This paper proposes a novel obfuscation method using Generative AI to enhance biometric template security. Our approach utilizes synthetic facial images generated by a Generative Adversarial Network (GAN) as "random chaff points" within a secure vault system. Our method creates n sub-templates from the original template, each obfuscated with m GAN chaff points. During verification, s closest vectors to the biometric query are retrieved from each vault and combined to generate hash values, which are then compared with the stored hash value. Thus, our method safeguards user identities during the training and deployment phases by employing the GAN-generated synthetic images. Our protocol was tested using the AT&T, GT, and LFW face datasets, achieving ROC areas under the curve of 0.99, 0.99, and 0.90, respectively. Our results demonstrate that the proposed method can maintain high accuracy and reasonable computational complexity comparable to those unprotected template methods while significantly enhancing security and privacy, underscoring the potential of Generative AI in developing proactive defensive strategies for biometric systems.

Computer Vision and Pattern Recognition

Daile Osorio-Roig,Mahdi Ghafourian,Christian Rathgeb,Ruben Vera-Rodriguez,Christoph Busch,Julian Fierrez

2023-10-05

Abstract:Nowadays, facial recognition systems are still vulnerable to adversarial attacks. These attacks vary from simple perturbations of the input image to modifying the parameters of the recognition model to impersonate an authorised subject. So-called privacy-enhancing facial recognition systems have been mostly developed to provide protection of stored biometric reference data, i.e. templates. In the literature, privacy-enhancing facial recognition approaches have focused solely on conventional security threats at the template level, ignoring the growing concern related to adversarial attacks. Up to now, few works have provided mechanisms to protect face recognition against adversarial attacks while maintaining high security at the template level. In this paper, we propose different key selection strategies to improve the security of a competitive cancelable scheme operating at the signal level. Experimental results show that certain strategies based on signal-level key selection can lead to complete blocking of the adversarial attack based on an iterative optimization for the most secure threshold, while for the most practical threshold, the attack success chance can be decreased to approximately 5.0%.

Computer Vision and Pattern Recognition

Wencheng Yang,Song Wang,Muhammad Shahzad,Wei Zhou

DOI: https://doi.org/10.1016/j.jisa.2020.102704

IF: 4.96

2021-05-01

Journal of Information Security and Applications

Abstract:<p>Biometric template data protection is critical in preventing user privacy and identity from leakage. Random projection based cancelable biometrics is an efficient and effective technique to achieve biometric template protection. However, traditional random projection based cancelable template design suffers from the attack via record multiplicity (ARM), where an adversary obtains multiple transformed templates from different applications and the associated parameter keys so as to assemble them into a full-rank linear equation system, thereby retrieving the original feature vector. To address this issue, in this paper we propose a feature-adaptive random projection based method, in which the projection matrixes, the key to the ARM, are generated from one basic matrix in conjunction with local feature slots. The generated projection matrixes are discarded after use, thus making it difficult for the adversary to launch the ARM. Moreover, the random projection in the proposed method is performed on a local-feature basis. This feature-adaptive random projection can mitigate the negative impact of biometric uncertainty on recognition accuracy, as it limits the error to part of the transformed feature vector rather than the entire vector. The proposed method is evaluated on four public available databases FVC2002 DB1-DB3 and FVC2004 DB2. The experimental results and security analysis show the validity of the proposed method.</p>

computer science, information systems

Manoj Krishnaswamy,G. Hemantha Kumar

DOI: https://doi.org/10.48550/arXiv.1401.5632

2014-01-22

Abstract:In this paper we address the issues of using edge detection techniques on facial images to produce cancellable biometric templates and a novel method for template verification against tampering. With increasing use of biometrics, there is a real threat for the conventional systems using face databases, which store images of users in raw and unaltered form. If compromised not only it is irrevocable, but can be misused for cross-matching across different databases. So it is desirable to generate and store revocable templates for the same user in different applications to prevent cross-matching and to enhance security, while maintaining privacy and ethics. By comparing different edge detection methods it has been observed that the edge detection based on the Roberts Cross operator performs consistently well across multiple face datasets, in which the face images have been taken under a variety of conditions. We have proposed a novel scheme using hashing, for extra verification, in order to harden the security of the stored biometric templates.

Computer Vision and Pattern Recognition

Hatef Otroshi Shahreza,Vedrana Krivokuća Hahn,Sébastien Marcel

2023-09-04

Abstract:Applications of face recognition systems for authentication purposes are growing rapidly. Although state-of-the-art (SOTA) face recognition systems have high recognition accuracy, the features which are extracted for each user and are stored in the system's database contain privacy-sensitive information. Accordingly, compromising this data would jeopardize users' privacy. In this paper, we propose a new cancelable template protection method, dubbed MLP-hash, which generates protected templates by passing the extracted features through a user-specific randomly-weighted multi-layer perceptron (MLP) and binarizing the MLP output. We evaluated the unlinkability, irreversibility, and recognition accuracy of our proposed biometric template protection method to fulfill the ISO/IEC 30136 standard requirements. Our experiments with SOTA face recognition systems on the MOBIO and LFW datasets show that our method has competitive performance with the BioHashing and IoM Hashing (IoM-GRP and IoM-URP) template protection algorithms. We provide an open-source implementation of all the experiments presented in this paper so that other researchers can verify our findings and build upon our work.

Computer Vision and Pattern Recognition,Cryptography and Security

Kai Xi,Jiankun Hu

DOI: https://doi.org/10.1109/icc.2009.5198785

2009-01-01

Abstract:Biometric authentication is emerging as the promising solution to conventional cryptography based authentication technologies. However, protecting users' biometric templates stored in a mobile device in a secure way is a challenge issue and has attracted many attentions. As one of the possible solutions, the Fuzzy Vault construct binds a secret key and biometric information to provide template protection. Most existing Fingerprint Fuzzy Vault algorithms use pre-aligned fingerprint impressions and rely strongly on image registration, a process that is well known to be nontrivial and unreliable. Moreover, it is inherently insecure to store raw fingerprint images for the alignment. In this paper, we propose a Fingerprint Fuzzy Vault based on composite features which are reliable, distortion tolerant and registration-free. Experimental results on public database show that our scheme can improve verification performance significantly.

Hongfeng Zhu

DOI: https://doi.org/10.1002/sec.1182

IF: 1.968

2015-02-10

Security and Communication Networks

Abstract:Authenticated key agreement protocols, aiming at solving the problems to set up a secure channel over public Internet, can achieve authentication of the corresponding participants and confidentiality of data transmission. Nowadays, most of the authenticated key agreement protocols focus on security, efficiency, and user experience at the same time. One‐time password authenticated algorithm, which is that a hash chain can update by itself smoothly and securely through capturing the secure bit of the tip, has the feature of high‐efficient. In addition, biometrics‐based algorithm can make the scheme more secure and more amiable for users. The combination of aforementioned algorithms can lead to a high practical scheme in the universal client/server architecture. Based on these motivations, the paper firstly proposed the new concept of one‐time identity–password (OTIP), which means the identity and the password can be used only once. Then, a new robust biometrics‐based OTIP authenticated key agreement protocol is given based on the OTIP. Security of the protocol is based on the biometric authentication, a secure symmetric encryption and a secure one‐way hash function with the hash chain. At the same time, the proposed protocol can not only refrain from many consuming algorithms but also robust to many kinds of attacks and owns much excellent features. Finally, we provide the secure proof and the efficiency analysis about our proposed scheme. Copyright © 2015 John Wiley &amp; Sons, Ltd. The paper firstly proposed a new concept of one‐time identity–password, which means identity and password can be used only once. Then, we present a provably secure and flexible one‐time identity–password authenticated key agreement scheme based on biometrics. The core ideas of our scheme are features of security and efficiency in the mobile device and server&#x27;s side and feature of user friendly for the user&#x27;s side. Through comparing with recently related work, our scheme has satisfactory security, efficiency, and functionality.

computer science, information systems,telecommunications

Xingbo Dong,Jaewoo Park,Zhe Jin,Andrew Beng Jin Teoh,Massimo Tistarelli,KokSheik Wong

DOI: https://doi.org/10.48550/arXiv.1910.07770

2022-09-29

Abstract:Cancelable biometrics (CB) employs an irreversible transformation to convert the biometric features into transformed templates while preserving the relative distance between two templates for security and privacy protection. However, distance preservation invites unexpected security issues such as pre-image attacks, which are often <a class="link-external link-http" href="http://neglected.This" rel="external noopener nofollow">this http URL</a> paper presents a generalized pre-image attack method and its extension version that operates on practical CB systems. We theoretically reveal that distance preservation property is a vulnerability source in the CB schemes. We then propose an empirical information leakage estimation algorithm to access the pre-image attack risk of the CB schemes. The experiments conducted with six CB schemes designed for the face, iris and fingerprint, demonstrate that the risks originating from the distance computed from two transformed templates significantly compromise the security of CB schemes. Our work reveals the potential risk of existing CB systems theoretically and experimentally.

Computer Vision and Pattern Recognition

Maamar Hamadouche,Zebbiche Khalil,Hanane TEBBI,Mohamed GUERROUMI,Youcef ZAFOUNE

DOI: https://doi.org/10.1007/s11042-023-15300-5

IF: 2.577

2023-06-13

Multimedia Tools and Applications

Abstract:Perceptual image hashing has mainly been used in the literature to authenticate images or to identify similar contents for image copy detection. In this work, we investigate the introduction of perceptual image hashing to protect biometric systems against digital replay attacks, and we propose a novel Replay Attack Detection (RAD) scheme that guarantees the authenticity of the received biometric image on the one hand, and identifies if it has been resubmitted on the other hand. The proposed scheme has the advantages of operating in an uncontrolled environment and does not need the cooperation of end users. It relies on the Challenge/Response principle and combines perceptual image hashing and data hiding techniques. Additionally, a new perceptual image hashing system that performs both content authentication and identification is proposed for fingerprint images. It is based on a shift-invariant calibration signal technique that uses the Discrete Cosine Transform (DCT) and Discrete Sine Transform (DST) of the Differential Block Luminance Mean (DBLM) features to compute the hash sequence. The performance of the proposed system has been evaluated through intensive experiments with real fingerprint images, and the obtained results have shown that the proposed system can provide high performance in terms of authentication and identification. Furthermore, the proposed system outperformed related state-of-the-art image hashing techniques.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Thomas Thebaud,Gaël Le Lan,Anthony Larcher

2024-08-15

Abstract:Biometric recognition systems are security systems based on intrinsic properties of their users, usually encoded in high dimension representations called embeddings, which potential theft would represent a greater threat than a temporary password or a replaceable key. To study the threat of embedding theft, we perform spoofing attacks on two behavioral biometric systems (an automatic speaker verification system and a handwritten digit analysis system) using a set of alignment techniques. Biometric recognition systems based on embeddings work in two phases: enrollment - where embeddings are collected and stored - then authentication - when new embeddings are compared to the stored ones -.The threat of stolen enrollment embeddings has been explored by the template reconstruction attack literature: reconstructing the original data to spoof an authentication system is doable with black-box access to their encoder. In this document, we explore the options available to perform template reconstruction attacks without any access to the encoder. To perform those attacks, we suppose general rules over the distribution of embeddings across encoders and use supervised and unsupervised algorithms to align an unlabeled set of embeddings with a set from a known encoder. The use of an alignment algorithm from the unsupervised translation literature gives promising results on spoofing two behavioral biometric systems.

Cryptography and Security,Artificial Intelligence

Jinyuan Liu,Yong Wang,Kun Wang,Zhuo Liu

DOI: https://doi.org/10.3390/e25020378

2023-02-18

Abstract:Face recognition technology has developed rapidly in recent years, and a large number of applications based on face recognition have emerged. Because the template generated by the face recognition system stores the relevant information of facial biometrics, its security is attracting more and more attention. This paper proposes a secure template generation scheme based on a chaotic system. Firstly, the extracted face feature vector is permuted to eliminate the correlation within the vector. Then, the orthogonal matrix is used to transform the vector, and the state value of the vector is changed, while maintaining the original distance between the vectors. Finally, the cosine value of the included angle between the feature vector and different random vectors are calculated and converted into integers to generate the template. The chaotic system is used to drive the template generation process, which not only enhances the diversity of templates, but also has good revocability. In addition, the generated template is irreversible, and even if the template is leaked, it will not disclose the biometric information of users. Experimental results and theoretical analysis on the RaFD and Aberdeen datasets show that the proposed scheme has good verification performance and high security.

Axel Durbet,Paul-Marie Grollemund,Kevin Thiry-Atighehchi

2024-02-21

Abstract:A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.

Cryptography and Security,Computer Vision and Pattern Recognition

Shraddha S. Shinde,Prof. Anagha P. Khedkar

DOI: https://doi.org/10.48550/arXiv.1312.7511

2013-12-29

Abstract:In identity management system, frequently used biometric recognition system needs awareness towards issue of protecting biometric template as far as more reliable solution is apprehensive. In sight of this biometric template protection algorithm should gratify the basic requirements viz. security, discriminability and cancelability. As no single template protection method is capable of satisfying these requirements, a novel scheme for face template generation and protection is proposed. The novel scheme is proposed to provide security and accuracy in new user enrolment and authentication process. This novel scheme takes advantage of both the hybrid approach and the binary discriminant analysis algorithm. This algorithm is designed on the basis of random projection, binary discriminant analysis and fuzzy commitment scheme. Publicly available benchmark face databases (FERET, FRGC, CMU-PIE) and other datasets are used for evaluation. The proposed novel scheme enhances the discriminability and recognition accuracy in terms of matching score of the face images for each stage and provides high security against potential attacks namely brute force and smart attacks. In this paper, we discuss results viz. averages matching score, computation time and security for hybrid approach and novel approach.

Computer Vision and Pattern Recognition,Cryptography and Security