Projects‎ > ‎Projects Archive‎ > ‎

Biometric Authentication

Biometric Authentication

Biometrics are finding increased adoption over the past few years in a variety of applications including authentication and identification. However, there are widespread security and privacy concerns about the dangers of using biometric data in an ubiquitous and unchecked manner. Security concerns stem from the fact that biometric data cannot be easily revoked or replaced. Once some biometric data are compromised, they remain compromised forever. Privacy concerns arise from the fact that biometrics data are tightly bound to a person's identity such that they can be used to violate their privacy.

Despite that there has been a lot of research done over the past few decades on developing techniques for capturing and matching biometric data, security and privacy issues have received comparably less attention. Unfortunately, traditional cryptographic techniques (e.g., shadow passwords) cannot be easily adapted to protect biometric data. The main difficulty is that biometric samples cannot be exactly reproduced.

The main objective of this project is to develop simple, practical and provably effective cryptographic techniques for the security and privacy of biometric data.

Our approachs are two-fold. On one hand, we study hueristic-based techniques, which we call Robust Hash, where we design hash functions that are robust to small noise in the input, yet it is (hueristically) difficult to invert the hash functions. Some results appeared in [4,6].

On the other hand, we also employ rigorous methods based recently proposed cryptographic primitives called secure sketch (Dodis et al., Eurocrypt'04). We study how to construct secure sketch for continuous data ([5]). It is tricky to measure the security in this case since ``entropy loss'' for continuous data could be very high or even meaningless. We propose to look at an additional security measure called relative entropy loss. We also study how to apply a theoretically sound scheme in practice ([2,3]). It is observed through experiments that there are various trade-offs among the performance and security parameters of the biometric authentication systems, which have to be examined carefully when designing such systems.

This material is based upon work partially supported by the National Science Foundation under Grant No. 0716490.

Participants:

Yagiz Sutcu
Qiming Li
Taha Sencar

Resources:

  1. Yagiz Sutcu, Husrev Taha Sencar and Nasir Memon. Securing Biometric Templates via Non-invertible Transformation (under review)
  2. Y. Sutcu, P. Campisi, E. Kelkboom, V. Kumar and N. Ratha. Privacy and Biometrics: Why and How? (under review)
  3. Y. Sutcu, Q. Li and, N. Memon. Design and analysis of fuzzy extractors for faces. Biometric Technology for Human Identification, part of the SPIE International Defense and Security Symposium, 13-17 April 2009, Orlando, USA, to appear.
  4. Y. Sutcu, S. Rane, J.S. Yedidia, S. Draper and A. Vetro. Feature Transformation of Biometric Templates for Secure Biometric Systems based on Error Correcting Codes IEEE Computer Society Workshop on Biometrics, (in association with CVPR 2008), Anchorage, Alaska, USA, June 23-28, 2008.
  5. Y. Sutcu, S. Rane, J.S. Yedidia, S. Draper and A. Vetro. Feature Extraction for a Slepian-Wolf Biometric System Using LDPC Codes IEEE Int. Symposium on Information Theory, (ISIT 2008), Toronto, Ontario, Canada, July 6-11, 2008.
  6. Y. Sutcu, Q. Li and N. Memon. Secure Biometric Templates from Fingerprint-Face Features IEEE Computer Society Workshop on Biometrics, (in association with CVPR 2007), Minneapolis, Minnesota, USA, June 18-23, 2007.
  7. Yagiz Sutcu, Qiming Li, and Nasir Memon. Protecting Biometric Templates with Sketch: Theory and Practice. IEEE Transactions on Information Forensics and Security, 2007. [PDF].
  8. Yagiz Sutcu, Qiming Li, and Nasir Memon. How to Protect Biometric Templates. SPIE Conf. on Security, Steganography and Watermarking of Multimedia Contents IX, January 2007, San Jose, CA. [PDF].
  9. Yagiz Sutcu, Husrev Taha Sencar and Nasir Memon, A Geometric Transformation to Protect Minutiae-Based Fingerprint Templates. Biometric Technology for Human Identification IV (DS36), part of the SPIE International Defense and Security Symposium. 2007. [PDF].
  10. Qiming Li, Yagiz Sutcu, and Nasir Memon. Secure sketch for biometric templates. ASIACRYPT, LNCS 4284, 2006. [PDF].
  11. Yagiz Sutcu, Husrev Taha Sencar and Nasir Memon, A Secure Biometric Authentication Scheme Based on Robust Hashing. ACM Multimedia and Security Workshop, NYC, New York, August 1-2, 2005.
  12. [PDF].

A bibliography on biometric security can be found here