Classical biometric systems require access to enrolled
templates in unencoded form. This differs from traditional
computer security systems where a raw password
need never be stored. Instead, a cryptographic
hash (one-way function) of the password is stored, and
each new test password is hashed and compared with
the stored version. Since such cryptographic techniques
provide important protections, there is great incentive
to develop analogous methods for biometric
systems. Encoded biometric schemes are designed to
avoid these problems by embedding the secret code
into the template, in a way that can be decrypted only
with an image of the enrolled individual.
Since the code is bound to the biometric template, an
attacker should not be able to determine either the
enrolled biometric image or secret code, even if he
had access to the biometric software and hardware.
Such technology would enable enhanced privacy
protection, primarily against secondary use of biometric
images It would also reduce the vulnerability of
network protocols based on biometrics. Biometrically
enabled computers and mobile phones currently
must hide passwords and keys in software; biometric
encryption would protect against this vulnerability.
Another interesting application is for control of access
to digital content with the aim of preventing copyright
infringement. Biometric encryption systems are not
widely deployed; research systems still suffer from
high error rates and slow processing speed. However,
such systems offer some compelling benefits for many
applications, and research is active.
Cancelable biometric features are encoded with a distortion
scheme that varies from application to application. The concept
was developed to address the privacy and security
concerns that biometric features are not secret and
cannot be canceled. During enrollment, the input biometric
image is subjected to a known distortion controlled
by a set of parameters. The distorted biometric
sample can, in some schemes, be processed with standard
biometrics algorithms, which are unaware that
the features presented to them are distorted. During
matching, the live biometric sample must be distorted
with the same parameters, which must be security
stored. The cancelable nature of this scheme is provided
by the distortion, in that it is not the user’s
‘‘actual’’ biometric which is stored, but simply one of
an arbitrarily large number of possible permutations.
The concern with cancelable biometric features is
the security of the storage and transmission of the
distortion parameters.
Biometric cryptosystems are designed to overcome many
security issues in traditional biometric schemes by avoiding template
storage and the match stage of biometric processing.
Instead, the biometric features are bound to a secret
key that is designed to be recoverable only with a
biometric image from the enrolled individual. Clearly,
the key difficulty in the design biometric encryption
systems is the variability in the biometric image between
measurements; the presented biometric image
cannot itself be treated as a code, since it varies with
each presentation.
The earliest biometric encryption system was proposed
by Soutar et al.Enrollment creates a template
binding a secret code to the multiple sample
images. During decryption, an error correcting scheme
based on Hamming distance is used to allow for variability
in the input image. Similar schemes were
proposed for voice passwords and iris images.
A significant body of work on biometric encryption
has been done in the cryptography community,
much based on the fuzzy vault construction of Juels
and Sudan. This scheme allows a cryptographic
encoding with a variable number of un-ordered data
points, which makes it suitable for fingerprint minutiae.
Clancy et al.designed a fingerprint algorithm
that encodes the secret as the coefficients of a Galois
field polynomial. Minutiae points are encoded as
coordinate pairs, and numerous ‘‘chaff ’’ points are
added. During key release, the points closest to the
new minutiae are chosen, and the key estimated
using an error correcting scheme.
Encoded biometric schemes potentially offer some
important advantages in security and privacy, since the
template does not need to be available in unencrypted
form. However, little work has been done to study the
security of biometric encryption schemes. Uludag
et al. [21] note that most proposed biometric encryption
systems only appear to account for a ‘‘limited
amount of variability in the biometric representation.’’
They suggest that many biometric encryption systems
can be attacked simply via the FAR, by presenting
biometric samples from a representative population.
A cryptographic attack of biometric encryption was
developed by Adler, based on using any ‘‘leaked’’
information to attempt a hill-climbing of the biometric
template. Overall, while biometric encryption
offers significant promise, there is little understanding
of the practical applicability and security of these
systems.
No comments:
Post a Comment