Secure and Revocable Biometric Template Using Fuzzy Vault...
Transcript of Secure and Revocable Biometric Template Using Fuzzy Vault...
Introduction Chapter 1
1
Secure and Revocable Biometric Template Using Fuzzy
Vault for Fingerprint, Iris and Retina
CHAPTER 1
1. INTRODUCTION
1.1 OVERVIEW OF BIOMETRICS
1.1.1 TYPES OF BIOMETRICS
1.1.2 REQUIREMENTS OF BIOMETRICS
1.1.3 BIOMETRIC TEMPLATES
1.1.4 APPLICATION AREAS OF BIOMETRICS
1.1.5 ATTACKS AGAINST BIOMETRIC SYSTEMS
1.1.6 NEED FOR BIOMETRIC TEMPLATE SECURITY
1.2 OVERVIEW OF EXISTING WORK
1.3 PROPOSED METHODOLOGY
1.4 OBJECTIVE OF THE THESIS
1.5 SIGNIFICANT CONTRIBUTIONS
1.6 ORGANIZATION OF THE THESIS
1.7 CHAPTER SUMMARY
Introduction Chapter 1
2
Establishing the identity of a person is very crucial in th e current
connected scenario. The existing authentication mechanisms are password
based and token based. Biometric authentication has proved itself superior
compared to these traditional authenticat ion methods.
1.1 OVERVIEW OF BIOMETRICS
Biometrics is defined as automated methods for identifying or
authenticating a person based on his/her physiological or behavioral traits. The
word biometrics is derived from the Greek words namely “Bio” meaning life
and “metrics” meaning measurements. Biometrics generally deals with the
application of statistical analysis to measurable biological data of a human. The
interesting and basic idea of biometric is that our body itself acts as a password.
The concept of biometrics as a means to identify a person dates back to ancient
period. The significant advancement in the field of computer processing made
possible the recent automated biometric personal identification and
authentication systems.
Pros and Cons of Biometrics over Traditional Authentication Methods
Biometric authentication identifies a person based on “ Who he is?” The
traditional knowledge based authentication methods like password identifies a
person based on “What he knows?” and token based authenticati on method like
badges and cards identifies a person based on “ What he has?” Biometrics
cannot be stolen, shared, guessed, lost or forgotten unlike passwords and
tokens. User need not memorize or carry anything to authenticate him self.
The person has to present himself at the point of authentication. Biometric
systems authenticate a person as such without the necessity to carry or to
memorize anything. Biometric characters are unique to an individual.
Anyhow, biometrics cannot be revoked or reissued unlik e passwords.
Moreover, biometrics leaks personal information about the body of a person.
Introduction Chapter 1
3
Operational Modes of Biometric System
Biometric authentication system requires compari son of a registered or
enrolled biometric sample against newly captured biometr ic sample. Biometric
systems can operate in two different modes namely , identification mode and
verification mod e. In identification mode, the system identifies a person from
the entire enrolled population by searching a database for a match based solely
on the biometric. For example, entire database can be searched to verify a
person’s identity and to find out if he/she has not applied for entitlement
benefits under two different names. This type of matching is known as “one-
to-many” matching. In verification mode, the biometric system authenticates a
person’s claimed identity from their previously enrolled pattern. This is known
as “one-to-one” matching. This type of authentication mechanism is mainly
used in most computer access or network access envi ronments.
The authentication process involves two phases namely , enrolment
phase and identification phase. During enrolment phase , biometric samples are
captured from individuals and stored in the form of biometric templates in
databases. In identificatio n phase, the biometric samples are extracted from the
individuals and compared against the one stored in the database. I f there is a
match, the person is successfully authenticated and he/she is allowed to utilize
the resource or service s and he/she is a legal person. It there is no match, the
personal is not successfully authenticated and he/she is prevented from utilizing
the resource or service s and he/she is an illegal person. The Figure 1.1 shows
the two different phases of personal authentication.
During enrolment phase the biometric samples extracted from
the user is stored in database in the form of biometric templates. Templates
reveal personal information about a person and are prone to attacks. Therefore ,
it is crucial for any biometric system to ensure the security of the biometric
templates.
Introduction Chapter 1
4
Figure 1.1 Phases of Biometric Authentication Process
1.1.1 Types of Biometrics
Biometrics is normally classified into two categories namely,
physiological and behavioural. Physiological biometrics is called passive
biometrics and behavio ural biometrics is called active biometrics. The main
difference between these two types of biometrics is in the data acquisition. In
physiological biometrics data is acquired in the form of bodily measurement
which does not necessaril y require an action by the user . Data acquisition of
biometric information in the behavioural category requires users to be active,
i.e. to perform some activity in front of a sensor. Behavio ural biometric
capturing require user co-operation. Most of the physiological biometrics can
be acquired even without explicit consent of subjects. Physiological
biometrics uses a physical trait, such as a fingerprint . The physical trait is
analyzed, measured and digitally store d. Behavioural biometrics involves the
Verification
Capture Process
Process Capture
Compare
Store
Present Biometric
No Match
Match
Present Biometric
Enrollment
Introduction Chapter 1
5
use of a behavioural trait or pattern, such as a voice . These traits are stored in a
similar way to the physiological traits except they are updated regularly to cope
with the ever changing patterns in the trait. These two types are suitable to
different situations and circumstances. Physiological biometrics ha s proved
more reliable than the behavioural one as the physical traits generally stay the
same all the time, whereas behavioral traits change and have more chance for
error. Examples of physical biometrics are fingerprint, iris, retina, DNA, palm
print, hand geometry, footprint etc. Examples of behavioural biometrics
involve voice, key stoke dynamics, mouse dynamics, gait, signature etc.
Another class of biometric called esoteric biometric as elaborated by
John Woodward et al [58] is also identified. Esoteric biometrics is still under
early development or at an experimental stage . As the computing power
becomes economic they will in future be moved from esoter ic biometric to
primary main stream biometrics. Examples of esoteric biometric s are vein
pattern, body odour, brain wave pattern, facial thermograph, skin
luminescence, fingernail bed, ear shape, foot print, foot dynamics, lip print, lip
movement, knee creases, elbow creases and swea t pores. Even tooth can be
used as biometrics as shown by A.K. Jain et al [45]. Antonellin et al [7]
detected fake fingerprints by analyzing skin distortion.
Certain other type of biometrics is known as soft biometrics. Soft
biometrics is not distinct and permanent. They are not enough to uniquely
identify a person. Soft biometrics when combined with primary biometrics like
face, fingerprint, iris and retina gives better results . Example of soft biometrics
involves age, height, weight, body fat content, eye colo ur, skin colour, scar,
tattoos and marks. Figure 1.2 shows different biometric traits. All these
biometrics add meaning to the phrase “our body as password”.
Introduction Chapter 1
6
Figure 1.2 Different Types of Biometrics
(a) Fingerprint (b) Hand Geometry (c) Palm (d) Vein Pattern
(e) Eye (f) Retina (g) Iris (h) Facial Thermogram
(i) Tooth (j) Ear (k) DNA (l) Gait
(m) Footprint (n) Voice (o) Signature (p) Mouse dynamics
(q) Hair (r) Key stroke dynamics (s) Face (t) Nose
Introduction Chapter 1
7
Biometric traits like fingerprint, retina and iris have certain merits when
compared to other biometrics. They can be employed in specific applications.
Fingerprints are largely universal. Fingerprints are unique even for ide ntical
twins. Fingerprints are reliable, easy to measure and impart high user
convenience. Fingerprint capturing devices are inexpensive. Fingerprint
scanners are more accurate, faster and require less computation and storage.
Fingerprint is the most acc epted biometrics. Fingerprints are classified
depending on the flow curves [24]. Multiple fingerprint scans can make the
system more resistive towards attacks.
Iris provides high speed of comparison and it is well suited for one-to-
many identification. The iris templates are more stable or have more template
longevity. Iris templates need not be updated frequently, a single enrollment
can last a lifetime. It is an internal organ that is well protected against damage
and wear by a highly transparent and se nsitive membrane. The shape of the iris
is more predictable than face due to its geometric configuration unlike face.
The iris has a fine texture. Even genetically identical individuals have
completely independent iris textures unlike DNA. Genetically iden tical twins
have same DNA structure. Liveness detection mechanism can be augmented
with iris recognition for better performance. Light will not converge on a
deceased person’s iris.
Retina scanning is quite accurate and very unique to each individual
similar to the iris scan. The retina patterns are unique and difficult to duplicate.
A retina scan cannot be faked as it is currently impossible to forge a human
retina. Furthermore, the retina of a deceased person decays too rapidly to be
used to deceive a retinal scan. Retina, being the internal organ , is less prone to
damage. Retina is more suitable for high security applications like military,
access to power plant and other high security governme nt applications.
Introduction Chapter 1
8
1.1.2 Requirements for Biometrics
Physical and Behavio ural biometrics should posses certain characters
that make them suitable to be employed in biometric system s. Requirements
are separated as theoritical and practical and are as follows,
Theoritical requirements : -
• Universality: Each person should have the biometric characteristic s
• Distinctiveness: Any two persons are not equal in terms of the
characteristic
• Permanence: The characteristics remain the same over time or has no
abrupt changes
• Collectabillity: The characteristics should be able to be measured
quantitatively
Practical requirements :-
• Performance: The achievable recognition accuracy and speed that the
biometric system can achieve
• Acceptability: The acceptance of the end-users in using the biometric
system in their daily lives
• Circumvention: The degree of security of the system given fraudulent
attacks
Biometric samples captured during enrollment phase are stored in the
form of templates. Biometric templates play important role in the biometric
authentication process. Biometric templates should possess certain important
properties.
1.1.3 Biometric Templates
A template represents a set of salient features that summarizes the
biometric data (signal) of an individual. A biometric template is a digital
reference of distinct characteristics that have been extracted from a biometric
sample. Templates are used during the biometric authentication process . Due
Introduction Chapter 1
9
to its compact nature, it is commonly assumed that the template c annot be used
to elicit complete information about the original biometric signal. Furthermore,
since the templates are typically stored in an encrypted form, it is substantially
difficult to decrypt and determine the contents of the stored template.
Constraints for Biometric Templates
Protected biometric templates used in a privacy -protected verification
system should satisfy the following constraints ;
• Original biometric samples should not be decoded from the protected
templates
• Private information should not be derived from the protected
templates
• It should not be possible to link subjects within and across the
databases through comparison of templates
• Should allow identity verification data for specific predefined
application only
Properties of Biometric Templates
Biometric template should posses the following properties ;
• Revocable, renewable and diversifiable protected template
• Universal approach
• Interoperability
• Data minimization
• Intrinsic security
• Seamless integration with existing veri fication methods
• Architecture flexibility
Introduction Chapter 1
10
Biometric Templates Security and Privacy Risks
The security and privacy risks involved in biometric templates are as
follows;
• Identity theft – When biometric templates are lost, a person
loses his identity. When compromised they cannot be revoked or
reissued.
• Cross matching attacks – Adversary can cross –link the stolen
templates with other biometric databases or datasets. Privacy of
the human being is not guaranteed.
• Disclosure of Sensitive informati on - Biometric information
allows arriving at conclusions about the properties of the
enrollee's body. Biometric templates may reveal sensitive
medical information.
1.1.4 Application Areas of Biometrics
Biometric authentication finds its applications in the fol lowing vital areas
namely,
• Access Control to Facilities and Computers
• Criminal Identification
• Border Security
• Access to Nuclear Power Plant
• Identity Authentication in Network Environment
• Airport Security
• Issue of Passports or Driving Licenses
• Forensic and Medical Databases
The Biometric-based authentication applications include the following areas;
Ø Workstation and Network Access
Ø Single sign-on
Introduction Chapter 1
11
Ø Application logon
Ø Data protection
Ø Remote Access to Resources
Ø Transaction Security
Ø Web Security
Ø E-commerce and E-government
Ø Investing and other Financial Transactions
Ø Retail Sales
Ø Secure Electronic Banking
Ø Law Enforcement
Ø Health and Social Services
Biometric technologies are expected to play a key role in
Ø Personal authentication for la rge-scale enterprise network
authentication environments
Ø Point-of-Sale
Ø Protection of all types of digital content such as
• Digital Rights Management
• Health Care Applications
1.1.5 Attacks against Biometric Systems
Attacks, vulnerabilities and issues related to biometrics are discussed in
the work of Alder et al [1[[2][3], A.K. Jain et al [53][54], A. Ross et al [99],
Uludag et al [123], Williams et al [131] . Biometric systems are prone to a
variety of attacks. Attacks against biometric system s are grouped into four
categories namely,
Introduction Chapter 1
12
(i) Attacks at the user interface (input level),
(ii) Attacks at the interfaces between modules
(iii) Attacks on the modules
(iv) Attacks on the stored templates
Among the above four varieties of attack, the st ored biometric template
attack is the worst. This work provides security to biometric templates against
stored biometric template attack s.
1.1.6 Need for biometric template security
A template represents a set of salient features that summarizes the
biometric data (signal) of an individual. As biometrics finds its applications in
crucial high security areas and is subjected to different types of attacks,
providing security and revocability to the biometric template is an important
issue. Biometrics is not private and only limited biometrics are present in the
human body. Hence, it is very important to secure biometric templates.
Moreover, they leak personal information like disease and disorders in a
person. When the biometric is lost , a person loses his identity. Therefore
providing security to biometric templates is very important in any biometric
based authentication system.
1.2 OVERVIEW OF EXISTING WORK
As a result of literature survey it is found that the biometric systems are
prone to variety of attacks. Stored biome tric template attack is the severe of all
the attacks. Biometric templates schemes are broadly classified as feature
transformation based approach and crypto biometric system based approach.
Feature transformation based approach is further divided into sal ting and non
invertible transformation. Crypto biometric systems are further categorized as
key generation and key binding approach.
Introduction Chapter 1
13
A single approach is not enough to achieve all the properties of a
biometric template like security, revocability and dive rsity. Hybrid methods
perform well compared to single primary method for biometric template
security. Multibiometrics are more significant than unibiometric systems as
they overcome certain limitations of unibiometrics. Multibiometric
authentication systems are employed in several high security applications.
Therefore providing security to multibiometric system is of much importance.
Anyhow, very few have worked in multibiometric template security using a
hybrid approach.
Eye biometrics like iris and reti na has certain merits when compared to
other biometric trait. Retina is suitable for high security applications.
However, very few have worked on retinal template security. Providing
security to retinal template is very crucial as it reveals diseases and disorders in
a person like hypertension and diabetes.
Based on the above discussions the proposed method arrived is Fuzzy
vault, which is a key binding based crypto biometric method. It is a proven
technology for biometric template security. It mixes t he idea of biometrics
with cryptography. Fuzzy vault eliminates the key management problem as
compared to other practical cryptosystems. The security of the fuzzy vault lies
in the polynomial reconstruction problem.
Fuzzy vault has certain limitations li ke non-revocability and function
creeping. Fuzzy vault when hardened with password overcome s these
limitations. Password hardening provides security as well as revocability.
Password hardening of fuzzy vault is a hybrid approach. It mixes the idea of
biometric crypto biometric system (fuzzy vault) with that of feature
transformation based approach (salting – password transformation).
Multibiometric templates can also be protected using password hardened fuzzy
vault.
Introduction Chapter 1
14
From the literature it is found that s oft biometrics when combined with
primary biometrics gives better performance. The idea of soft biometrics is
also utilized to derive combined user and soft biometric based password for
transforming the biometric templates. Soft biometrics like height, ge nder and
eye colour are applied. Iris and retinal template combination improves user
convenience as both the capturing cameras can be mounted on a single device.
From the existing methods , it is observed that very few have worked on the
following;
• Multibiometric template security
• Hybrid approach on multibiometric security
• Retinal template security
• The calculation of the strength of their method s
• Providing all the properties of biometric template namely security,
revocability and diversity
• Methods that are resistive towards attacks
In order to overcome the limitations in the existing method s the
proposed method provides security to multi biometric templates using a hybrid
approach.
1.3 PROPOSED METHODOLOGY
The proposed method is attempted to provide secur ity, diversity and
revocability to unibiometric and multibiometric templates by a hybrid
approach. The security of the proposed fuzzy vault method is measured by
min-entropy which is expressed in terms of security bits. The number of
evaluations required t o compromise the vault by a brute force attack is also
calculated. This method is resistive towards specific attacks against fuzzy vault
namely, record multiplicity attack, stolen key inversion attack and blended
Introduction Chapter 1
15
substitution attack. It also constructs re tina based fuzzy vault for high security
applications.
The proposed method considers fuzzy vault scheme to provide security
to biometric templates. The fuzzy vault is password hardened to impart
revocability to biometric templates. Hence, th e password hardened fuzzy vault
is a hybrid approach which blends the idea of feature transformation approach
as salting and biometric crypto system approach as fuzzy vault. The problem
of providing security to the stored biometric templates and making it more
resistive towards attack has been addressed in the following approaches. The
proposed method is structured into six different phases,
Phase 1 Unimodal biometric fuzzy vaults for fingerprint, iris and retinal
templates
• To provide security
Phase 2 Password hardened fuzzy vault
• To overcome certain limitations of fuzzy vault
• To provide additional security , revocability and diversity
• To make the vault more difficult for attackers
Phase 3 Multimodal biometric fuzzy vaults
• To overcome certain limitations of unimoda l biometrics
• To provide multimodal biometric security and to utilize its
merits
• Compromising both the biometric template becomes v ery
difficult for an attacker
Phase 4 Password hardened multimodal fuzzy vaults (bimodal)
• To provide additional security, revocability and div ersity in
multimodal biometrics
• Compromising both the biometric template and password at the
same time becomes very difficult for an attacker
Introduction Chapter 1
16
• To overcome the limitations of unibiometrics and plain fuzzy
vault
• To utilize the merits of password hardening and multibiometrics
Phase 5 Password hardened multimodal fuzzy vaults (Trimodal)
• To provide additional security, revocability and diversity in
multimodal biometrics
• To make the vault more suitable for very high security
applications
• Compromising all the three biometric template and password at
the same time becomes very difficult for an attacker
• To overcome the limitations of unibiometrics and plain fuzzy
vault
• To utilize the merits of password hardening and multibiometrics
Phase 6 Combined user and soft biometric based password hardened fuzzy
vault
• To introduce the idea of soft biometrics
1.3.1 Unimodal biometric Fuzzy Vault
This Phase contains the following steps: -
Step 1:- Feature extraction from the biometrics (fingerprint, iris, and
retina)
Step 2:- Construction of Fuzzy Vault
Step 3:- Security Analysis of unimodal Fuzzy Vault
In step 1 the co-ordinates (x, y) of the minutiae feature points from the
biometric are extracted. They act as the locking and unlocking unit for the
fuzzy vault. In step 2 the unimodal fuzzy vault is implemented for fingerprint,
iris, and retina. Finally, in step 3 the security of the fuzzy vault is mea sured by
min-entropy which is expressed in terms of security bits. The min -entropy of
the minutiae template M T given the vault V can be calculated as [84][85].
Introduction Chapter 1
17
Where
r = number of genuine points in the vault
c = number of chaff points in the vault
t = the total number of points in the vault (r + c)
n = degree of the polynomial
In this phase it is found that fuzzy vault provides security but lacks
revocability. Fuzzy vault can be subjected to cross -matching across data base.
It is easy for an attacker to substitute some of his own points as chaff points
and conquer the vault. Fuzzy vault canno t be used for diversifiable
applications. To overcome all these limitations , fuzzy vault is password
hardened in phase 2. Retina fuzzy vault can be used for high security
applications.
1.3.2 Password Hardened Unimodal biometric Fuzzy Vault
Phase 2 implements password hardened fuzzy vault for fingerprint, iris
and retina templates. The following steps show the process of password
hardening the fuzzy vault.
Steps in Password Hardening: -
1. A random transformation function is derived from the user
password
2. The password transformed function is ap plied to the biometric
template
3. Fuzzy vault frame work is constructed to secure the transformed
template
Introduction Chapter 1
18
4. The key derived from the same password is used to encrypt the
vault
This process of random transformation enhances t he user privacy and
facilitates the generation of revocable templates that resist cross matching. This
transformation reduces the similarity between the original and transformed
template. The user password is restricted to the size of 8 characters.
Therefore, the length of the password is 64 bits. These 64 bits are divided into
4 blocks of each 16 bits in length. The feature point highlighted in fingerprint
template and retinal vascular tree is divided into 4 quadrants. One password
block is assigned to each quadrant. Permutation is applied in such a way that
the relative position of the feature point does not change.
Each 16 bit password block is split into two components T u of 7 bits
and Tv of 9 bits in length. T u and Tv represent the amount of translation in the
horizontal and vertical directions, respectively. The new feature points are
obtained by the following transformation.
X’u = (Xu + Tu) mod (2 ^ 7)
Y’u = (Yv + Tv) mod (2 ^ 9)
Where Xu and X’u are the horizontal distance before and after transformation
respectively. Similarly Y v and Y’v are the vertical distance before and after
transformation respectively.
This transformation is applied for fingerprint, iris and retina templates.
Then fuzzy vault is constructed for transformed templates. In this
implementation 128 bit random key is generated. This key can also be
generated from the retinal structure or iris or fingerprint for added security.
This key is transformed by the 64 bit user passwor d and is used to encrypt the
vault.
Introduction Chapter 1
19
Password hardened biometric templates are revocable and cross -
matching of templates across databases is avoided. Different password can be
used for different applications. Strength of biometric template increases as the
guessing entropy of the password is added with the min -entropy of the fuzzy
vault. Apart from providing revocability, password acts as an additional layer
of security. Vault can be compromised only when the password and biometric
are compromised. Password hardened vault becomes computationally hard for
an attacker to compromise.
Anyhow unimodal fuzzy vault also ha s some limitations. In order to
overcome those limitations, phase 3 constructs multimodal fuzzy vault.
Multimodal fuzzy vault is constructed for three different combinations namely
fingerprint and iris, iris and retina, retina and fingerprint.
1.3.3 Multimodal biometric Fuzzy Vault
Unimodal biometrics [98]-[100] suffers from the following limitations
namely, noise in sensed data, intra-class variations, distinctiveness, non-
universality and easy for spoof attacks. Multimodal fuzzy vault can address the
non-universality problem. It can reduce the Failure to Enroll Rate and Failure
to Capture Rate. It can reduce the effect of noisy data. Multimodal Biometri cs
is more resistant to spoof attacks. Feature points from both the biometric
templates are secured in the fuzzy vault. Multimodal biometric fuzzy vault is
better when compared to their Unimodal counterparts. Security of the templates
increases. It is comp utationally hard for an attacker to compromise the multi
biometric fuzzy vault. Anyhow , multimodal biometric fuzzy vault suffers from
non-revocability and cross matching. Therefore , in phase 4 multimodal
biometric fuzzy vaults are hardened with password.
1.3.4 Password Hardened Multimodal Biometric Fuzzy Vault
All the three vaults are password hardened to impart revocability. To
check for revocability the biometric templates are subjected to three different 8
Introduction Chapter 1
20
character user passwords namely ‘secu rity’, ’quadrant’ and ‘template’.
Multimodal biometric fuzzy vault minimizes the FTCR (Failure to Capture
Rate). Multimodal biometric fuzzy vault is more secure when compared to
unimodal vault.
It is computationally hard for an attacker to compromise. When
hardened with p assword, it becomes non -revocable and overcomes cross -
matching. The attacker can gain the vault only when he/she is able to
simultaneously capture both the biometrics and password. Multibiometric s
provide more user convenience. In this phase security of th e unimodal and
multimodal fuzzy vault s are compared. In Phase 5 , combined user and soft
biometric based password is used for hardening.
1.3.5 Trimodal Biometric Fuzzy Vault
In phase 6, feature points from all three biometrics namely fingerprint,
iris and retina are combined together to f orm a multimodal biometric fuzzy
vault. This vault secures trimodal biometric templates. This trimodal vault is
also hardened to achieve revocability and diversity. It is computationally very
tough for an attacker to compromise a trimodal vault. It is not possible for an
attacker to compromise all the biometrics and password at the same time.
Trimodal biometric fuzzy vault is suitable for very high security applications.
1.3.6 Soft biometric based Password Hardened Biometric Fuzzy V ault
Soft biometrics provides ancillary information about a person.
Examples: - gender, ethnicity, age, height, weight, eye colo ur etc. They lack
distinctiveness or permanence. Hence, Soft biometrics alone is not enough to
differentiate two individuals. An yhow, when combined with primary
biometrics (fingerprint, iris, retina etc.,) soft biometrics gives better results. In
this phase, soft biometric component of the password is obtained by combin ing
the height, eye colour and gender of the person. Seven dif ferent eye colours
are identified and single character code is assigned for them. Consider the 5
Introduction Chapter 1
21
character user password ‘FUZZY’ (40 bits) and soft biometric password
‘155BM’ (24 bits) and the combined password becomes ‘FUZZY155BM’ (64
bits). In this phase, combined user and soft biometric based password hardened
multimodal fuzzy vault is also constructed. The security of the combined soft
biometric based password will have the same security level as that of plain
password based fuzzy vault. However, it wi ll be hard for an attacker to find
out which soft biometric trait combination the system adapts. Current
authentication systems are provided with gender identification, height
measurement, facility to capture the eye colo ur. These facilities can be capture d
and utilized .Certain difficult combination s of soft biometrics can be used to
filter the attackers.
1.3.7 EXPERIMENTAL RESULTS AND SECURITY ANALYSIS
The proposed fuzzy vault to protect biometric template contains genuine
points from the biometric template and chaff points. The chaff points added are
10 times more than that of the genuine points. Figure 1.3 illustrates feature
extraction from fingerprint , iris and retina. The brute force attack calculations,
parameters and security of the trimodal fuzzy vault s are shown in table 1.1. In
the case of the vault with polynomial degree n, if the adversary uses brute force
attack, the attacker has to try total of (t, n+ 1) combinations of n+1 element
each. Only (r, n+1) combinations are required to decode the vault . Hence, for
an attacker to decode the vault it takes C (t, n+1)/C (r, n+1) evaluations.
a) Fingerprint b)Fingerprint
Minutiae
c) Iris d) Iris Minutiae
Introduction Chapter 1
22
e) Retina f) Retina bifurcation point
Figure 1.3 Feature Extractions from Fingerprint , Iris and Retina
Table 1.1 Security Analyses and Brute Force Attack Calculation for
Unimodal Biometric Fuzzy Vault
The fingerprint, iris and retina are transformed for three different user
passwords to check for revocability. Consider an 8 character user password
‘security’, the ASCII value of which is given by (115, 111, 99, 117, 114, 105,
116, and 121) or 64 bits. These 64 bits are divided into four blocks of 16 bits
each and these are further divided into 7 bits and 9 bits for transformation in
horizontal and vertical directions respectively. The feature point transformation
Fuzzy Vault
Param-meters
Min-entropy of the vault in
terms of security bits
Total no. of Combinations
tried
Combinations required to decode the
vault
No. of
Evaluations
Fingerprint
r = 30 c = 300 t = 330
n = 11
44 2.8440 x 1021 8.6493 x 107 3.2881 x 1013
Iris r = 28 c = 280 t = 308
n = 11
45 1.2247 x 1021 3.0422 x 107 4.0257 x 1013
Retina r = 30 c = 300 t = 330
n = 11
44 2.8440 x 1021 8.6493 x 107 3.2881 x 1013
Introduction Chapter 1
23
is done with other two user passwords namely ‘template’ and ‘quadrant’. For
the same original template different transformed templates are obtaine d when
password is changed. The transformed template for retina is shown in Figure
1.4. This property of hardened fuzzy vault facilitates revocability. Different
passwords can be utilized for di fferent applications to avoid cross matching and
to provide diversity.
a) Password 'security’ (b) Password 'template' (c) Password 'quadrant'
Figure 1.4 Transformed Retinal Features
The min-entropy of the password hardened fuzzy vault is h igher as the
guessing entropy of the password is added with min -entropy of the multi
biometric fuzzy vault. For an 8 ASCII character password the guessing entropy
falls in the range of 18 – 30 bits. The security analysis of the password
hardened unimodal, bimodal, trimodal biometric fuzzy vault is shown in Table
1.2. The security of the vault increases as more number of biometric traits is
considered. Password hardened multibiometric fuzzy vault is more resistive to
spoof attack. The proposed system is imp lemented in Matlab 7.0.
Introduction Chapter 1
24
Table 1.2 Security Analysis of Password Hardened Fuzzy Vault
1.4 OBJECTIVES OF THE THESIS
The major objectives of the thesis are as follows;
i. To provide security to biometric templates
ii. To impart revocability to biometric templates
iii. To avoid cross-matching of biometric templates across databases
iv. To provide diversity to biometric templates
Brute Force Attack Calculations
Vault Type
Degree of
polynomial
Min-
entropy
of the
vault(in
security
bits)
Total no: of
combinations
tried to decode
the vault
Combinations
Required to
decode the vault
No: of
Evaluations
Min-entropy +
Guessing
entropy of the
password
(in security
bit)
Iris 8 33 6.1088 X 10 16 6.9069 X10 6 8.8445 X 10 9 51 to 63
Retina 8 33 1.1457 X 10 17 1.4307 X 10 7 8.0079 X 10 9 51 to 63
Fingerprint 8 33 1.1457 X 10 17 1.4307 X 10 7 8.0079 X 10 9 51 to 63
Combined Iris and Retina
10 39 1.6377X 10 23 2.2769 X 10 11 7.1925 X 10 11 57 to 69
Combined Fingerprint and Retina
10 39 2.3848 X 10 23 3.4270 X10 11 6.9587 X 10 11 57 to 69
Combined Fingerprint
and Iris 10 39 1.6377X 10 23 2.2769 X 10 11 7.1925 X 10 11 57 to 69
Combined Fingerprint,
Iris and Retina 15 67 2.3872 x 10 37 1.4477 x 10 17
1.6487 x 10 20
85 to 97
Introduction Chapter 1
25
v. To utilize the idea of multibiometrics to overcome certain
limitations of unibiometrics
vi. To make biometric templates more resistive to stored biometric
template attacks
vii. To provide multibiometric template security for different
applications
viii. To provide a hybrid template protection approach
ix. To render the fuzzy vault more resistive towards specific attacks
against it
x. To introduce the idea of soft biometrics
1.5 SIGNIFICANT CONTRIBUTIONS
The following are the significant contribution of this thesis work;
• Retina based fuzzy vaults for high security applications
• Password hardening of multimodal fuzzy vault for added security and
revocability
• Multimodal retina and fingerprint, retina and iris vaults
• Retinal biometric fuzzy vault mounted on a single capturing device
• The idea of soft biometrics is mixed with fuzzy vault scheme
1.6 ORGANIZATION OF THE THESIS
The rest of the thesis is organized as follows ;
• Chapter 2 provides a picture of the attacks against biometric templates,
various methods for Sprotecting the biometric templates , the merits of
hybrid schemes and survey on existing schemes.
• Chapter 3 explains fuzzy vault scheme as the proposed methodology and
shows the different phases of the proposed methodology.
Introduction Chapter 1
26
• Chapter 4 discusses unimodal biometric fuzzy vault, its merits and
demerits.
• Chapter 5 discusses password hardened unimodal fuzzy vault.
• Chapter 6 brings out the merits o f multimodal biometrics and secures
three different combinations of multi modal templates using bimodal
biometric fuzzy vault.
• Chapter 7 shows the password hardened bimodal fuzzy vault.
• Chapter 8 discusses the construction of a tri modal fuzzy vault to pro tect
fingerprint, iris and retinal templates for very high security applications.
This chapter also compares the strength of the vaults discussed in the
previous phases.
• Chapter 9 introduces the idea of soft biometric based password
transformation in fuzzy vault.
• Chapter 10 concludes the thesis with the future scope.
1.7 CHAPTER SUMMARY
This chapter gives the overview of the biometrics and its types. The
importance of biometric templates and their security are elaborated. Biometric
technology has proved itse lf as a powerful alternative to traditional password
based and token based authentication technology. Biometric templates cannot
be revoked or reissued on spoofing. Biometric authentication is employed in
different crucial applications. Any how, biometric authentication systems are
prone to different types of attacks. Stored biometric template attack is the most
severe of all other attacks. Biometrics is generally proposed for high security
applications. Therefore it is very important to provide suitable t emplate
protection mechanism with revocability.
The existing approaches to stored biometric template security do not
provide revocability and diversity. They fail to avoid function creeping where
Introduction Chapter 1
27
the captured biometric template is used for other applica tions other than for
what it is intended for. They do not provide the strength of their method.
Only a very few methods provide security for multibiometric templates
using hybrid approach . Again, only a very few are resistive against stored
biometric template attacks.
Hence, the proposed method attempts to overcome the above mentioned
disadvantages using password hardened fuzzy vault which is a hybrid approach
for biometric template security. This method provides revocability and
diversity apart from se curity to stored biometric templates by password
hardened fuzzy vault. Hardening acts as an additional layer of security apart
from providing revocability. To overcome certain limitations of unimodal
fuzzy vault, multimodal fuzzy vault is constructed. Mul tibiometric fuzzy vault
is more secure when compared to the unibiometric fuzzy vault. Failure to
Capture Rate (FTCR) is minimized in multimodal biometric fuzzy vault.
Attacker finds it very difficult to compromise the password hardened
multimodal fuzzy vau lt as he/she has to simultaneously capture both the
biometrics and password. The strength of the vault is calculated and number of
evaluation required to capture the vault using brute force attack is also found
out.
Introduction Chapter 1
28