To appear in EURASIP Journal on Advances in Signal Processing, …cse.msu.edu/~rossarun/BiometricsTextBook/Papers/Security/... · 2013-01-17 · 1 Biometric Template Security Anil

1

Biometric Template SecurityAnil K. Jain, Karthik Nandakumar and Abhishek Nagar

Abstract— Biometric recognition offers a reliable andnatural solution to the problem of user authenticationin identity management systems. With the widespreaddeployment of biometric systems in various applications,there are increasing concerns about the security andprivacy of biometric technology. Public confidence andacceptance of the biometrics technology will depend onthe ability of system designers to demonstrate that thesesystems are robust, have low error rates and are tam-per proof. We present a high-level categorization of thevarious vulnerabilities of a biometric system and discusscountermeasures that have been proposed to addressthese vulnerabilities. In particular, we focus on biometrictemplate security which is an important issue becauseunlike passwords and tokens, compromised biometric tem-plates cannot be revoked and reissued. Due to intra-uservariability in the acquired biometric traits, ensuring thesecurity of the template while maintaining the recognitionperformance is a challenging task. We present an overviewof various biometric template protection schemes and dis-cuss their advantages and limitations in terms of security,revocability and impact on matching accuracy. A templateprotection scheme with provable security and acceptablerecognition performance has thus far remained elusive.Development of such a scheme is crucial as biometricsystems are beginning to proliferate into the core physicaland information infrastructure of our society.

Index Terms— Identity management, biometric systemsecurity, template protection, revocable biometric tem-plate, encryption, salting, non-invertible transform, bio-metric cryptosystem, key binding, key generation.

I. INTRODUCTION

A reliable identity management system is ur-gently needed in order to combat the epidemicgrowth in identity theft and to meet the increasedsecurity requirements in a variety of applicationsranging from international border crossings to se-curing information in databases. Establishing theidentity of a person is a critical task in any identitymanagement system. Surrogate representations ofidentity such as passwords and ID cards are not

The authors are with the Department of Computer Scienceand Engineering, Michigan State University, 3115 EngineeringBuilding, East Lansing, MI 48824. Email: {jain, nandakum, na-garabh}@cse.msu.edu.

sufficient for reliable identity determination becausethey can be easily misplaced, shared or stolen.Biometric recognition is the science of establishingthe identity of a person using his/her anatomicaland behavioral traits. Commonly used biometrictraits include fingerprint, face, iris, hand geometry,voice, palmprint, handwritten signatures and gait(see Figure 1). Biometric traits have a number ofdesirable properties with respect to their use as anauthentication token, viz., reliability, convenience,universality etc. These characteristics have led to thewidespread deployment of biometric authenticationsystems. But there are still some issues concerningthe security of biometric recognition systems thatneed to be addressed in order to ensure the integrityand public acceptance of these systems.

There are five major components in a genericbiometric authentication system, namely, sensor,feature extractor, template database, matcher and de-cision module (see Figure 2). Sensor is the interfacebetween the user and the authentication system andits function is to scan the biometric trait of the user.Feature extraction module processes the scannedbiometric data to extract the salient information(feature set) that is useful in distinguishing betweendifferent users. In some cases, the feature extractoris preceded by a quality assessment module whichdetermines whether the scanned biometric trait isof sufficient quality for further processing. Duringenrollment, the extracted feature set is stored in adatabase as a template (XT ) indexed by the user’sidentity information. Since the template databasecould be geographically distributed and contain mil-lions of records (e.g., in a national identificationsystem), maintaining its security is not a trivialtask. The matcher module is usually an executableprogram which accepts two biometric feature setsXT and XQ (from template and query, respectively)as inputs and outputs a match score (S) indicatingthe similarity between the two sets. Finally, thedecision module makes the identity decision andinitiates a response to the query.

Due to the rapid growth in sensing and comput-

To appear in EURASIP Journal on Advances in Signal Processing, Special Issue on Biometrics, January 2008

2

Face Iris Fingerprint Hand geometry

Palmprint Voice Signature Gait

Fig. 1. Examples of body traits that can be used for biometric recognition. Anatomical traits include face, fingerprint, iris, palmprint, handgeometry and ear shape, while gait, signature and keystroke dynamics are some of the behavioral characteristics. Voice can be consideredeither as an anatomical or as a behavioral characteristic.

User

Quality Assessment

Module

Feature Extractor

Matcher

Decision Module

Biometric Sensor

User

Quality Assessment

Module

Feature Extractor

Biometric Sensor

Q X Q

S

Match/Non-match

User Identity, I

T X T

Claimed Identity, I

X T

Enrollment

Authentication

System Database

System Database

Fig. 2. Enrollment and recognition stages in a biometric system. Here, T represents the biometric sample obtained during enrollment, Q isthe query biometric sample obtained during recognition, XT and XQ are the template and query feature sets, respectively and S representsthe match score.

ing technologies, biometric systems have becomeaffordable and are easily embedded in a variety ofconsumer devices (e.g., mobile phones, key fobs,etc.), making this technology vulnerable to the ma-licious designs of terrorists and criminals. To avertany potential security crisis, vulnerabilities of thebiometric system must be identified and addressedsystematically. A number of studies have analyzedpotential security breaches in a biometric system

and proposed methods to counter those breaches[1]–[5]. Formal methods of vulnerability analysissuch as attack trees [6] have also been used to studyhow biometric system security can be compromised.

In this paper, we first summarize the variousaspects of biometric system security in a holisticand systematic manner using the fish-bone model[7]. Our goal here is to broadly categorize thevarious factors that cause biometric system failure


3

and identify the effects of such failures. This paperis not necessarily complete in terms of all thesecurity threats that have been identified, but itprovides a high-level classification of the possiblesecurity threats. We believe that template securityis one of the most crucial issues in designing asecure biometric system and it demands timely andrigorous attention. Towards this end, we present adetailed overview of different template protectionapproaches that have been proposed in the literatureand provide example implementations of specificschemes on a public domain fingerprint database toillustrate the issues involved in securing biometrictemplates.

II. BIOMETRIC SYSTEM VULNERABILITY

A fish bone model (see Figure 3) can be used tosummarize the various causes of biometric systemvulnerability [3]. At the highest level, the failuremodes of a biometric system can be categorizedinto two classes: intrinsic failure and failure due toan adversary attack. Intrinsic failures occur due toinherent limitations in the sensing, feature extractionor matching technologies as well as the limiteddiscriminability of the specific biometric trait. Inadversary attacks, a resourceful hacker (or possiblyan organized group) attempts to circumvent thebiometric system for personal gains. We furtherclassify the adversary attacks into three types basedon factors that enable an adversary to compromisethe system security. These factors include systemadministration, non-secure infrastructure and bio-metric overtness.

A. Intrinsic FailureIntrinsic failure is the security lapse due to an

incorrect decision made by the biometric system. Abiometric verification system can make two typesof errors in decision making, namely false acceptand false reject. A genuine (legitimate) user may befalsely rejected by the biometric system due to thelarge differences in the user’s stored template andquery biometric feature sets (see Figure 4). Theseintra-user variations may be due to incorrect inter-action by the user with the biometric system (e.g.,changes in pose and expression in a face image)or due to the noise introduced at the sensor (e.g.,residual prints left on a fingerprint sensor). Falseaccepts are usually caused by lack of individuality

Fig. 4. Illustration of biometric intra-class variability. Two differentimpressions of the same finger obtained on different days are shownwith minutia points marked on them. Due to translation, rotation anddistortion, the number and location of minutiae in the two imagesare different. The number of minutiae in the left and right images is33 and 26, respectively. The number of common minutiae in the twoimages is 16 and few of these correspondences have been indicatedin the figure.

or uniqueness in the biometric trait which can leadto large similarity between feature sets of differentusers (e.g., similarity in the face images of twinsor siblings). Both intra-user variations and inter-user similarity may also be caused by the use ofnon-salient features and non-robust matchers. Some-times, a sensor may fail to acquire the biometric traitof a user due to limits of the sensing technology oradverse environmental conditions. For example, afingerprint sensor may not be able to capture a goodquality fingerprint of dry/wet fingers. This leads toFailure to Enroll (FTE) or Failure to Acquire (FTA)errors.

Intrinsic failures can occur even when there isno explicit effort by an adversary to circumvent thesystem. So this type of failure is also known as zero-effort-attack. It poses a serious threat if the falseaccept and false reject probabilities are high (see Ta-ble I). Ongoing research is directed at reducing theprobability of intrinsic failure, including the designof new sensors that can acquire the biometric traitsof an individual in a more reliable, convenient andsecure manner, the development of invariant repre-sentation schemes and robust and efficient matchingalgorithms and use of multibiometric systems [12].

B. Adversary Attacks

Here an adversary intentionally stages an attackon the biometric system whose success depends onthe loopholes in the system design and the availabil-


4

Biometric System Failure

Administration

Intrinsic Failure

Biometric Overtness

Non-Secure Infrastructure

Sensor/ Representation/ Matcher Limitations

Individuality of Biometric Trait

Spoofing

Replay

Insider Attack

Hill climbing

Exception Processing

Enrollment Fraud

Steal/ Modify Templates

Function creep

Trojan Horse

Fig. 3. Fish-bone model for categorizing biometric system vulnerabilities (adapted from [3]).

TABLE I

FALSE REJECT AND FALSE ACCEPT RATES ASSOCIATED WITH STATE-OF-THE-ART FINGERPRINT, FACE, VOICE AND IRIS VERIFICATION

SYSTEMS. NOTE THAT THE ACCURACY ESTIMATES OF BIOMETRIC SYSTEMS ARE DEPENDENT ON A NUMBER OF TEST CONDITIONS AND

TARGET POPULATION.

Biometric Test Test Conditions False FalseTrait Reject Accept

Rate RateFingerprint FVC 2006 [8] Heterogeneous population including manual 2.2% 2.2%

workers and elderly peopleFpVTE 2003 [9] U.S. government operational data 0.1% 1%

Face FRVT 2006 [10] Controlled illumination, high resolution 0.8%-1.6% 0.1%Voice NIST 2004 [11] Text independent, multi-lingual 5-10% 2-5%Iris ICE 2006 [10] Controlled illumination, broad quality range 1.1%-1.4% 0.1%


5

ity of adequate computational and other resources tothe adversary. We categorize the adversary attacksinto three main classes: administration attack, non-secure infrastructure and biometric overtness.

• Administration Attack: This attack, alsoknown as the insider attack, refers to all vulner-abilities introduced due to improper administra-tion of the biometric system. These include theintegrity of the enrollment process (e.g., valid-ity of credentials presented during enrollment),collusion (or coercion) between the adversaryand the system administrator or a legitimateuser and abuse of exception processing proce-dures.

• Non-secure infrastructure: The infrastructureof a biometric system consists of hardware,software and the communication channels be-tween the various modules. There are a numberof ways in which an adversary can manipulatethe biometric infrastructure that can lead tosecurity breaches. A detailed discussion onthese types of attacks is presented in SectionII-D.

• Biometric overtness: It is possible for an ad-versary to covertly acquire the biometric char-acteristics of a genuine user (e.g., fingerprintimpressions lifted from a surface) and use themto create physical artifacts (gummy fingers)of the biometric trait. Hence, if the biometricsystem is not capable of distinguishing betweena live biometric presentation and an artificialspoof, an adversary can circumvent the systemby presenting spoofed traits.

C. Effects of Biometric System Failure

When a biometric system is compromised, it canlead to two main effects: i) denial-of-service and ii)intrusion.

Denial-of-service refers to the scenario where alegitimate user is prevented from obtaining the ser-vice that he is entitled to. An adversary can sabotagethe infrastructure (for example, physically damagea fingerprint sensor) thereby preventing users fromaccessing the system. Intrinsic failures like falsereject, failure to capture and failure to acquire alsolead to denial-of-service. Administrative abuse suchas modification of templates or the operating pa-rameters (e.g. matching threshold) of the biometricsystem may also result in denial-of-service.

Intrusion refers to an impostor gaining illegit-imate access to the system, resulting in loss ofprivacy (e.g. unauthorized access to personal infor-mation) and security threats (e.g. terrorists crossingborders). All the four factors that cause biomet-ric system vulnerability, namely, intrinsic failure,administrative abuse, non-secure infrastructure andbiometric overtness, can result in intrusion.

D. Countering Adversary AttacksAdversary attacks generally exploit the system

vulnerabilities at one or more modules or interfaces.Ratha et al. [13] identified eight points of attackin a biometric system (see Figure 5). We groupthese attacks into four categories, namely, (i) attacksat the user interface (input level), (ii) attacks atthe interfaces between modules, (iii) attacks on themodules and (iv) attacks on the template database.

E. Attacks at the User InterfaceAttack at user interface is mostly due to the

presentation of a spoof biometric trait [14]–[17].If the sensor is unable to distinguish between fakeand genuine biometric traits, the adversary easilyintrudes the system under a false identity. A numberof efforts have been made in developing hardwareas well as software solutions that are capable ofperforming liveness detection [18]–[26].

F. Attacks at the Interface between ModulesAn adversary can either sabotage or intrude on the

communication interfaces between different mod-ules. For instance, he can place an interfering sourcenear the communication channel (e.g., a jammerto obstruct a wireless interface). If the channelis not secured physically or cryptographically, anadversary may also intercept and/or modify thedata being transferred. For example, Juels et al.[27] outlined the security and privacy issues intro-duced by insecure communication channels in ane-passport application that uses biometric authenti-cation. Insecure communication channels also allowan adversary to launch replay [28] or hill-climbingattacks [29].

A common way to secure a channel is by cryp-tographically encoding all the data sent through theinterface, say using public key infrastructure. Buteven then an adversary can stage a replay attack by


6

Sensor Feature

Extractor Matcher Application Device ( e . g . , cash dispenser )

Stored Templates

1 . Fake Biometric

2 . Replay Old Data

3 . Override Feature Extractor

Yes / No

8 . Override Final Decision

5 . Override Matcher

4 . Synthesized Feature Vector

7 . Intercept the Channel

6 . Modify Template

Fig. 5. Points of attack in a generic biometric system (adapted from [13]).

first intercepting the encrypted data passing throughthe interface when a genuine user is interacting withthe system and then sending this captured data tothe desired module whenever he wants to break intothe system. A countermeasure for this attack is touse time-stamps [30], [31] or a challenge/responsemechanism [32].

G. Attacks on the Software ModulesThe executable program at a module can be

modified such that it always output the valuesdesired by the adversary. Such attacks are knownas Trojan horse attacks. Secure code executionpractices [33] or specialized hardware which canenforce secure execution of software should be used.Another component of software integrity relates toalgorithmic integrity. Algorithmic integrity impliesthat the software should be able to handle anyinput in a desirable manner. As an example ofalgorithmic loophole, consider a matching modulein which a specific input value, say X0, is nothandled properly and whenever X0 is input to thematcher, it always outputs a match (accept) decision.This vulnerability might not affect the normal func-tioning of the system because the probability of X0

being generated from a real biometric data may benegligible. However, an adversary can exploit thisloophole to easily breach the security without beingnoticed.

H. Attacks on the Template DatabaseOne of the most potentially damaging attack on a

biometric system is against the biometric templates

stored in the system database. Attacks on the tem-plate can lead to the following three vulnerabilities:(i) A template can be replaced by an impostors’stemplate to gain unauthorized access, (ii) A physicalspoof can be created from the template (see [34]–[36]) to gain unauthorized access to the system(as well as other systems which use the samebiometric trait) and (iii) The stolen template canbe replayed to the matcher to gain unauthorizedaccess. A potential abuse of biometric identifiersis cross-matching or function creep [37] where thebiometric identifiers are used for purposes other thanthe intended purpose. As an example, a fingerprinttemplate stolen from a bank’s database may be usedto search a criminal fingerprint database or cross-link to a person’s health records.

The most straightforward way to secure the bio-metric system, including the template, is to putall the system modules and the interfaces betweenthem on a smart card (or more generally a secureprocessor). In such systems, known as match-on-card or system-on-card technology, sensor, featureextractor, matcher and template reside on the card[38]. The advantage of this technology is that thebiometric information never leaves the card. How-ever, system-on-card solutions are not appropriatefor most large-scale applications; they are expensiveand users must carry the card with them all thetime. Further, it is possible that the template canbe gleaned from a stolen card. So it is important toprotect the template even in match-on-card applica-tions. Passwords and PIN have the property that ifthey are compromised, the system administrator canissue a new one to the user. It is desirable to have the


7

same property of revocability or cancelability withbiometric templates. The following section providesa detailed description of the approaches that havebeen proposed for securing biometric templates.

III. TEMPLATE PROTECTION SCHEMES

An ideal biometric template protection schemeshould possess the following four properties [39].

1) Diversity: The secure template must not al-low cross-matching across databases, therebyensuring the user’s privacy.

2) Revocability: It should be straightforward torevoke a compromised template and reissue anew one based on the same biometric data.

3) Security: It must be computationally hard toobtain the original biometric template fromthe secure template. This property preventsan adversary from creating a physical spoofof the biometric trait from a stolen template.

4) Performance: The biometric template protec-tion scheme should not degrade the recog-nition performance (FAR and FRR) of thebiometric system.

The major challenge in designing a biometrictemplate protection scheme that satisfies all theabove requirements is the need to handle intra-user variability in the acquired biometric identifiers.Recall that multiple acquisitions of the same bio-metric trait do not result in the same feature set(see Figure 4). Due to this reason, one cannot storea biometric template in an encrypted form (usingstandard encryption techniques like RSA, AES, etc.)and then perform matching in the encrypted domain.Note that encryption is not a smooth function anda small difference in the values of the feature setsextracted from the raw biometric data would leadto very large difference in the resulting encryptedfeatures. While it is possible to decrypt the tem-plate and perform matching between the query anddecrypted template, such an approach is not securebecause it leaves the template exposed during everyauthentication attempt. Hence, standard encryptiontechniques are not useful for securing biometrictemplates.

The template protection schemes proposed inthe literature can be broadly classified into twocategories (see Figure 6), namely, feature trans-formation approach and biometric cryptosystem. Inthe feature transform approach, a transformation

function (F) is applied to the biometric template(T ) and only the transformed template (F(T ; K))is stored in the database (see Figure 7). The pa-rameters of the transformation function are typicallyderived from a random key (K) or password. Thesame transformation function is applied to queryfeatures (Q) and the transformed query (F(Q; K))is directly matched against the transformed template(F(T ; K)). Depending on the characteristics of thetransformation function F , the feature transformschemes can be further categorized as salting andnon-invertible transforms. In salting, F is invertible,i.e., if an adversary gains access to the key and thetransformed template, she can recover the originalbiometric template (or a close approximation of it).Hence, the security of the salting scheme is basedon the secrecy of the key or password. On the otherhand, non-invertible transformation schemes typi-cally apply a one-way function on the template andit is computationally hard to invert a transformedtemplate even if the key is known.

Biometric cryptosystems [40], [41] were origi-nally developed for the purpose of either securinga cryptographic key using biometric features ordirectly generating a cryptographic key from bio-metric features. However, they can also be used asa template protection mechanism. In a biometriccryptosystem, some public information about thebiometric template is stored. This public informa-tion is usually referred to as helper data and hence,biometric cryptosystems are also known as helperdata-based methods [42]. While the helper datadoes not (is not supposed to) reveal any significantinformation about the original biometric template, itis needed during matching to extract a cryptographickey from the query biometric features. Matching isperformed indirectly by verifying the validity of theextracted key (see Figure 8). Error correction codingtechniques are typically used to handle intra-uservariations.

Biometric cryptosystems can be further classi-fied as key binding and key generation systemsdepending on how the helper data is obtained. Whenthe helper data is obtained by binding a key (thatis independent of the biometric features) with thebiometric template, we refer to it as a key-bindingbiometric cryptosystem. Note that given only thehelper data, it is computationally hard to recovereither the key or the original template. Matchingin a key binding system involves recovery of the


8

Template Protection

Feature Transformation

Biometric Cryptosystem (Helper Data Methods)

Salting (e.g., Biohashing)

Non-invertible Transform

(e.g., Robust Hashing)

Key Binding (e.g., Fuzzy Vault,

Fuzzy Commitment)

Key Generation (e.g., Secure Sketch-

Fuzzy Extractor)

Fig. 6. Categorization of template protection schemes.

Key (K) Transformed Template

F (T,K)

Biometric Query (Q)

Match/ Non-match

Transform F

Matching

Key (K) Biometric

Template (T)

Transform F

Enrollment Authentication

F (Q,K)

Fig. 7. Authentication mechanism when the biometric template is protected using a feature transformation approach.

key from the helper data using the query biometricfeatures. If the helper data is derived only fromthe biometric template and the cryptographic keyis directly generated from the helper data and thequery biometric features, it leads to a key generationbiometric cryptosystem.

Some template protection techniques make useof more than one basic approach (e.g., salting fol-lowed by key-binding). We refer to such techniquesas hybrid schemes. Template protection schemesproposed in [43]–[46] are examples of the hybridapproach. A brief summary of the various templateprotection approaches is presented in Table II. Apartfrom salting, none of the other template protectionschemes require any secret information (such asa key) that must be securely stored or presentedduring matching. We shall now discuss these fourapproaches in detail with one illustrative method foreach approach.

A. SaltingSalting or Biohashing is a template protection

approach in which the biometric features are trans-formed using a function defined by a user-specifickey or password. Since the transformation is invert-ible to a large extent, the key needs to be securelystored or remembered by the user and presentedduring authentication. This need for additional infor-mation in the form of a key increases the entropy1 ofthe biometric template and hence makes it difficultfor the adversary to guess the template.

Advantages:• Introduction of key results in low false accept

rates.• Since the key is user-specific, multiple tem-

plates for the same user biometric can be gen-1Entropy of a biometric template can be understood as a measure

of the number of different identities that are distinguishable by abiometric system.


9

Biometric Template (T)

Helper Data Extraction

Helper Data H = F (T)

Biometric Query (Q)

Recovery

Extracted Key (K)

Validity Check

Match/ Non-match

Enrollment Authentication

Fig. 8. Authentication mechanism when the biometric template is secured using a key generation biometric cryptosystem. Authenticationin a key-binding biometric cryptosystem is similar except that the helper data is a function of both the template and the key K, i.e.,H = F(T ; K).

TABLE II

SUMMARY OF DIFFERENT TEMPLATE PROTECTION SCHEMES. HERE, T REPRESENTS THE BIOMETRIC TEMPLATE, Q REPRESENTS THE

QUERY AND K IS THE KEY USED TO PROTECT THE TEMPLATE. IN SALTING AND NON-INVERTIBLE FEATURE TRANSFORM, FREPRESENTS THE TRANSFORMATION FUNCTION AND M REPRESENTS THE MATCHER THAT OPERATES IN THE TRANSFORMED DOMAIN.

IN BIOMETRIC CRYPTOSYSTEMS, F IS THE HELPER DATA EXTRACTION SCHEME AND M IS THE ERROR CORRECTION SCHEME THAT

ALLOWS RECONSTRUCTION OF THE KEY K .

Approach What imparts securityto the template?

What entities arestored?

How are intra-uservariations handled?

Salting Secrecy of key K Public domain:Transformed templateF(T ; K)Secret: Key K

Quantizationand matching intransformed domainM(F(T ; K),F(Q; K))

Non-invertibletransform

Non-invertibility ofthe transformationfunction F

Public domain:Transformed templateF(T ; K), key K

Matching intransformed domainM(F(T ; K),F(Q; K))

Key-binding bio-metric cryptosys-tem

Level of securitydepends on theamount of informationrevealed by the helperdata H

Public domain: HelperData H = F(T ; K)

Error correction anduser specific quantiza-tionK = M(F(T ; K), Q)

Key-generatingbiometriccryptosystem

Level of securitydepends on theamount of informationrevealed by the helperdata H

Public domain: HelperData H = F(T )

Error correction anduser specific quantiza-tionK = M(F(T ), Q)


10

erated by using different keys (allowing diver-sity). Also in case a template is compromised,it is easy to revoke the compromised templateand replace it with a new one generated byusing a different user-specific key (allowingrevocability).

Limitations:• If the user-specific key is compromised, the

template is no longer secure, because the trans-formation is usually invertible i.e. if an ad-versary gains access to the key and the trans-formed template, she can recover the originalbiometric template.

• Since matching takes place in the transformeddomain, the salting mechanism needs to bedesigned in such a way that the recognitionperformance does not degrade, especially in thepresence of large intra-user variations.

An example of salting approach is the ran-dom multi-space quantization technique proposedby Teoh et al. [47]. In this technique, the authorsfirst extract the most discriminative projections ofthe face template using Fisher discriminant analysis[48] and then project the obtained vectors on arandomly selected set of orthogonal directions. Thisrandom projection defines the salting mechanism forthe scheme. To account for intra-user variations, thefeature vector obtained after random projection isbinarized. The threshold for binarization is selectedbased on the criteria that the expected numberof zeros in the template is equal to the expectednumber of ones so as to maximize the entropy ofthe template. Note that the security in this schemeis provided by the user-specific random projectionmatrix. If an adversary gains access to this ma-trix, she can obtain a coarse (some information islost due to binarization) estimate of the biometrictemplate. Similar biohashing schemes have beenproposed for iris [49] and palmprint [50] modalities.Another example of salting is the cancelable facefilter approach proposed in [51] where user-specificrandom kernels are convolved with the face imagesduring enrollment and authentication.

B. Non-invertible TransformIn this approach, the biometric template is se-

cured by applying a non-invertible transformationfunction to it. Non-invertible transform refers to aone-way function, F , that is “easy to compute” (in

polynomial time) but “hard to invert” (given F(x),the probability of finding x in polynomial-time issmall). The parameters of the transformation func-tion are defined by a key which must be availableat the time of authentication to transform the queryfeature set. The main characteristic of this approachis that even if the key and/or the transformedtemplate are known, it is computationally hard (interms of brute force complexity) for an adversaryto recover the original biometric template.

Advantages:• Since it is hard to recover the original biometric

template even when the key is compromised,this scheme provides better security than thesalting approach.

• Diversity and revocability can be achievedby using application-specific and user-specifictransformation functions, respectively.

Limitations:• The main drawback of this approach is the

trade-off between discriminability and non-invertibility of the transformation function. Thetransformation function should preserve thediscriminability (similarity structure) of thefeature set, i.e., just like in the original featurespace, features from the same user should havehigh similarity in the transformed space andfeatures from different users should be quitedissimilar after transformation. On the otherhand, the transformation should also be non-invertible, i.e., given a transformed feature setit should be hard for an adversary to obtain theoriginal feature set (or a close approximationof it). It is difficult to design transformationfunctions that satisfy both the discriminabilityand non-invertibility conditions simultaneously.Moreover, the transformation function also de-pends on the biometric features to be used ina specific application.

Intra-user variations can be handled either byusing transformation functions that are tolerant toinput variations (e.g., robust hashing [52]) or byusing non-invertible transformation functions thatleave the biometric template in the original (feature)space even after the transformation (e.g., fingerprintminutiae can be transformed into another set ofminutiae in a non-invertible manner). In the latterscenario, intra-user variations can be handled byapplying the same biometric matcher on the trans-


11

formed features as on the original feature set. Tem-plates that lie in the same space after the applicationof a non-invertible transform have been referredto as cancelable templates in [32]. Non-invertibletransformation functions have been proposed forfingerprint [53] and face [54] modalities in theliterature.

Ratha et al. [53] proposed and analyzed threenon-invertible transforms for generating cance-lable fingerprint templates. The three transforma-tion functions are cartesian, polar and functional.These functions were used to transform fingerprintminutiae data such that a minutiae matcher can stillbe applied to the transformed minutiae. In cartesiantransformation, the minutiae space (fingerprint im-age) is tessellated into a rectangular grid and eachcell (possibly containing some minutiae) is shiftedto a new position in the grid corresponding to thetranslations set by the key. The polar transforma-tion is similar to cartesian transformation with thedifference that the image is now tessellated intoa number of shells and each shell is divided intosectors. Since the size of sectors can be different(sectors near the center are smaller than the onesfar from the center), restrictions are placed on thetranslation vector generated from the key so thatthe radial distance of the transformed sector is notvery different than the radial distance of the originalposition. Examples of minutiae prior to and afterpolar and cartesian transformations are shown inFigure 9.

For the functional transformation, Ratha et al.[53] used a mixture of 2D Gaussians and electricpotential field in a 2D random charge distribution asa means to translate the minutiae points. The mag-nitude of these functions at the point correspondingto a minutia is used as a measure of the magnitudeof the translation and the gradient of a function isused to estimate the direction of translation of theminutiae. In all the three transforms, two or moreminutiae can possibly map to the same point in thetransformed domain. For example, in the cartesiantransformation, two or more cells can be mappedonto a single cell so that even if an adversary knowsthe key and hence the transformation between cells,he cannot determine the original cell to which aminutia belongs because each minutiae can inde-pendently belong to one of the possible cells. Thisprovides a limited amount of non-invertibility tothe transform. Also since the transformations used

are locally smooth, the error rates are not affectedsignificantly and the discriminability of minutiae ispreserved to a large extent.

C. Key Binding Biometric CryptosystemIn a key binding cryptosystem, the biometric

template is secured by monolithically binding it witha key within a cryptographic framework. A singleentity that embeds both the key and the templateis stored in the database as helper data. This helperdata does not reveal much information about the keyor the biometric template, i.e., it is computationallyhard to decode the key or the template without anyknowledge of the user’s biometric data. Usually thehelper data is an association of an error correctingcode (selected using the key) and the biometrictemplate. When a biometric query differs from thetemplate within certain error tolerance, the associ-ated codeword with similar amount of error can berecovered which can be decoded to obtain the exactcodeword and hence, recover the embedded key.Recovery of the correct key implies a successfulmatch.

Advantages:• This approach is tolerant to intra-user varia-

tions in biometric data and this tolerance isdetermined by the error correcting capabilityof the associated codeword.

Limitations:• Matching has to be done using error correc-

tion schemes and this precludes the use ofsophisticated matchers developed specificallyfor matching the original biometric template.This can possibly lead to a reduction in thematching accuracy.

• In general, biometric cryptosystems are notdesigned to provide diversity and revocability.However, attempts are being made to introducethese two properties into biometric cryptosys-tems mainly by using them in conjunction withother approaches such as salting [43], [45],[55].

• The helper data needs to be carefully designed;it is based on the specific biometric features tobe used and the nature of associated intra-uservariations.

Fuzzy commitment scheme [56] proposed byJuels and Wattenberg is a well-known example ofthe key binding approach. During enrollment, we


12

(a) (b)

(c) (d)

Fig. 9. Illustration of cartesian and polar transformation functions used in [53] for generating cancelable biometrics. (a) Original minutiaeon radial grid, (b) Transformed minutiae after polar transformation, (c) Original minutiae on rectangular grid and (d) Transformed minutiaeafter cartesian transformation.

commit (bind) a codeword w of an error-correctingcode C using a fixed length biometric feature vectorx as the witness. Given a biometric template x, thefuzzy commitment (or the helper data) consists ofh(w) and x − w, where h is a hash function [57].During verification, the user presents a biometricvector x′. The system subtracts x − w stored inthe database from x′ to obtain w′ = w + δ, whereδ = x′−x. If x′ is close to x, w′ is close to w sincex′−x = w′−w. Therefore, w′ can now be decoded

to obtain the nearest codeword which would be wprovided that the distance between w and w′ is lessthan the error correcting capacity of the code C.Reconstruction of w indicates a successful match.

A number of other template protection tech-niques like fuzzy vault [58], shielding functions [59]and distributed source coding [60] can be consid-ered as key binding biometric cryptosystems. Otherschemes for securing biometric templates such asthe ones proposed in [61]–[65] also fall under this


13

category. The fuzzy vault scheme proposed by Juelsand Sudan [58] has become one of the most popularapproaches for biometric template protection and itsimplementations for fingerprint [66]–[70], face [71],iris [72] and signature [73] modalities have beenproposed.

D. Key Generating Biometric Cryptosystem

Direct cryptographic key generation from biomet-rics is an attractive proposition but it is a difficultproblem because of the intra-user variability. Earlybiometric key generation schemes such as those byChang et al. [74] and Veilhauer et al. [75] employeduser-specific quantization schemes. Information onquantization boundaries is stored as helper datawhich is used during authentication to account forintra-user variations. Dodis et al. [76] introducedthe concepts of secure sketch and fuzzy extractor inthe context of key generation from biometrics. Thesecure sketch can be considered as helper data thatleaks only limited information about the template(measured in terms of entropy loss), but facilitatesexact reconstruction of the template when presentedwith a query that is close to the template. The fuzzyextractor is a cryptographic primitive that generatesa cryptographic key from the biometric features.

Dodis et al. [76] proposed secure sketches forthree different distance metrics, namely, Hammingdistance, set difference and edit distance. Li andChang [77] introduced a two-level quantizationbased approach for obtaining secure sketches. Sutcuet al. [78] discussed the practical issues in securesketch construction and proposed a secure sketchbased on quantization for face biometric. The prob-lem of generating fuzzy extractors from continuousdistributions was addressed by Buhan et al. in [79].Secure sketch construction for other modalities suchas fingerprints [80], [81], 3D face [82] and multi-modal systems (face and fingerprint) [83] have alsobeen proposed. Protocols for secure authenticationin remote applications [84], [85] have also beenproposed based on the fuzzy extractor scheme.

Key generating biometric cryptosystems usuallysuffer from low discriminability which can be as-sessed in terms of key stability and key entropy.Key stability refers to the extent to which the keygenerated from the biometric data is repeatable. Keyentropy relates to the number of possible keys thatcan be generated. Note that if a scheme generates

the same key irrespective of the input template,it has high key stability but zero entropy leadingto high false accept rate. On the other hand, ifthe scheme generates different keys for differenttemplates of the same user, the scheme has highentropy but no stability and this leads to high falsereject rate. While it is possible to derive a keydirectly from biometric features, it is difficult tosimultaneously achieve high key entropy and highkey stability.

Advantages:• Direct key generation from biometrics is an

appealing template protection approach whichcan also be very useful in cryptographic appli-cations.

Limitations:• It is difficult to generate key with high stability

and entropy.

IV. IMPLEMENTATION OF TEMPLATE SECURITYAPPROACHES

While good implementations of salting [47], non-invertible transform [53] and key binding biometriccryptosystem [45] are available in the literature, keygeneration biometric cryptosystems with high keyentropy and stability have been more difficult to im-plement in practice [78], [80], [81]. For illustrationpurposes, we provide implementations of the firstthree template protection schemes for fingerprinttemplates (see Figure 10). Biometric vendors typi-cally have their own template formats that may con-tain some proprietary features in order to improvethe matching accuracy. For example, a fingerprintminutiae template can consist of attributes such asridges counts, minutia type, quality of the minutia,etc. in addition to standard attributes, namely, xcoordinate, y coordinate and minutiae angle. In ourimplementation, we consider only commonly usedfingerprint features such as texture features and x,y and angle attributes of the minutiae.

To evaluate the performance of the three im-plementations, we used a public-domain fingerprintdatabase, namely the FVC2002-DB2. This database[86] consists of 800 images of 100 fingers with8 impressions per finger obtained using an opticalsensor. The size of the images in this database is560 × 296, the resolution of the sensor is 569 dpiand the images are generally of good quality. Ourgoal here is not to determine the superiority of one


14

template protection method over the other but tosimply highlight the various issues that need to beconsidered in implementing a template protectionscheme. Of course, performance varies dependingon the choice of the biometric modality, databaseand the values of the parameters used in eachscheme.

A. SaltingWe chose the random multispace quantization

(RMQ) technique proposed by Teoh et al. [47] tosecure the texture (fingercode) features described in[87]. The fingercode features were selected for thisimplementation, because the RMQ technique worksonly on fixed length feature vectors. In this imple-mentation, we considered the first four impressionsfrom each finger in the FVC2002-DB2. Since thealgorithm requires alignment of fingerprint imagesprior to the application of Fisher Discriminant Anal-ysis, we align the different impressions of a fingerwith respect to the first impression using minutiaeand find the common (overlapping) fingerprint re-gion in all the four impressions. Texture featureswere extracted only for the common region and theremaining image region was masked out.

Since our implementation inherently uses infor-mation from all the impressions of a finger (byextracting a common region from all the impres-sions and by doing FDA based on all the fingerimpressions) and then using the same images fortesting (resubstitution method of error estimation),it has excellent performance (0% EER). In ourimplementation, we used 80 bits to represent thefinal feature vector. The corresponding ROC curvesare shown in Figure 11. It can be inferred from theresults that in case the key is secure, the impostorand genuine distributions have little overlap leadingto near 0% EER. In cases where the impostor doesknow (or guesses) the true key, the performance ofthe system is close to the case when no RMQ tech-nique is applied. Further, if the adversary knows thekey, original biometric template can be recovered byhim.

B. Non-invertible TransformWe implemented two non-invertible transforms,

namely, polar and functional (with a mixture ofGaussian as the transformation function) defined in[53]. For the polar transform, the central region of

10−2

10−1

100

101

102

10

20

30

40

50

60

70

80

90

100

False Accept Rate (%)

Gen

uine

Acc

ept R

ate

(%)

OriginalRMQ (Insecure Key) RMQ (Secure Key)

Fig. 11. ROC curves of random multispace quantization (RMQ)[47] using the texture features proposed in [87]. The “Original”curve corresponds to the matcher using the Euclidean distancebetween texture features of query and template; “Insecure Key” curvecorresponds to the case when the impostor knows the key (used togenerate the random feature space); “Secure Key” curve correspondsto the case when the impostor does not know the key.

the image was tesselated into n = 6 sectors ofequal angular width and 30-pixel wide concentricshells. The transformation here is constrained suchthat it only shifts the sector number of the minutiaewithout changing the shell. There are n! ways inwhich the n sectors in each shell can be reassigned.Given k shells in the image (constrained by thewidth of the image and ignoring the central regionof radius 15 pixels), the number of different waysa transformation can be constructed is (n!)k whichis equivalent to log2(n!)k bits of security.

For the functional transformation, we used amixture of 24 Gaussians with the same isotropicstandard deviation of 30 pixels (where the peakscan correspond to +1 or -1 as used in [53]) forcalculating the displacement and used the directionof gradient of the mixture of Gaussian function asthe direction of minutiae displacement. Since themean vector of the Gaussians can fall anywhere inthe image, there are 296 x 560 possible differentvalues of means of each Gaussian component. Asthere are 24 Gaussian components and each one canpeak at +1 or -1, there are (296∗560∗2)24 possibletransformations. However, two transformations withslightly shifted component means will produce twosimilar templates such that one template can be usedto verify the other.


15

(a)

(d)

...

(b)

10010…01110 (80 bits)

(e)

(c)

(f)

Fig. 10. Template protection schemes implemented on a fingerprint template. (a) Fingerprint image, (b) Fingercode template (texturefeatures) corresponding to the image in (a), (c) Fingercode template after salting, (d) Minutiae template corresponding to the image in (a),(e) Minutiae template after non-invertible functional transformation and (f) Minutiae template hidden among chaff points in a fuzzy vault.

To analyze the security of the functional trans-formation, Ratha et al. [53] assumed that for eachminutiae in the fingerprint, its transformed coun-terpart could be present in a shell of width dpixels at a distance of K pixels from the minutiae.Further, assuming that the matcher cannot distin-guish minutiae that are within δr pixels and theirorientations are within δθ degrees, each transformedminutiae encodes Im = log2(π

((K+d)2−K2)(δr)2

∗ πδθ

) bitsof information. Assuming that there are N minutiaein template fingerprint and one needs to match at

least m minutiae to get accepted, the adversaryneeds to make 2Im∗m−log2((N

m)) attempts. Note thatthis analysis is based on the simplifying assumptionthat each minutiae is transformed independently.This overestimates the number of attempts neededby an adversary to guess the biometric template.

Among the eight impressions available for eachof the 100 fingers in FVC2002-DB2, we use onlythe first two impressions in this experiment becausethey have the best image quality. The results, basedon the minutiae matcher in [88], are shown in


16

Figure 12 which indicates a decrease in GAR fora fixed FAR. In terms of security, non-invertibletransformation is one of the better approaches sinceit is computationally hard (in terms of brute forcecomplexity) to invert the stored template and obtainthe true template. The true template is never re-vealed especially in case when the transformation ofthe biometric template is done on a separate module(possibly a hand held device [38]) which does notsave the original template in memory and is notaccessible to an adversary.

10−2

10−1

100

101

102

82

84

86

88

90

92

94

96

98

100

False Accept Rate (%)

Gen

uine

Acc

ept R

ate

(%)

OriginalPolar transformationGaussian transformation

Fig. 12. ROC curves corresponding to two non-invertible transforms(Gaussian and polar) on FVC2002-DB2. The “Original” curve rep-resents the case where no transformation is applied to the template,“Gaussian” curve corresponds to the functional transformation of thetemplate and “Polar” corresponds to the polar transformation of thetemplate.

C. Key Binding Biometric CryptosystemA fuzzy vault was chosen for implementation

because concrete implementations on real finger-print data sets are not yet available for many ofthe other key-binding biometric cryptosystems. Weimplemented the fuzzy vault as proposed in [89]using the first two impressions of each of the100 fingers in the FVC2002-DB2. Table III showsthe error rates corresponding to different key sizesused in binding. Compared to the “original” ROCcurve in Figure 12, we observe that the fuzzy vaultscheme has a lower genuine accept rate by about4%. Further, this scheme also has failure to captureerrors if the number of minutiae in the fingerprintimage is not sufficient for vault construction (18 inour implementation).

TABLE III

PERFORMANCE SUMMARY OF THE FUZZY VAULT

IMPLEMENTATION FOR FVC2002-DB2 DATABASE. HERE, n

DENOTES THE DEGREE OF THE ENCODING POLYNOMIAL USED IN

VAULT CONSTRUCTION. THE MAXIMUM KEY SIZE THAT CAN BE

BOUND TO THE MINUTIAE TEMPLATE IS 16n BITS.

FTCR n = 7 n = 8 n = 10GAR FAR GAR FAR GAR FAR

2% 91% 0.13% 91% 0.01% 86 0%

Dodis et al. [76] defined the security of biometriccryptosystems in terms of the min-entropy of thehelper data. In particular, they provided the boundson min-entropy for the fuzzy vault construction in[58]. The security of the fuzzy vault scheme has alsobeen studied by Chang et al. in [90]. An advantageof the fuzzy vault (key binding) scheme is thatinstead of providing a “Match/Non-match” decision,the vault decoding outputs a key that is embeddedin the vault. This key can be used in a variety ofways to authenticate a person (e.g., digital signature,document encryption/decryption etc.).

There are some specific attacks that can be stagedagainst a fuzzy vault, e.g., attacks via record mul-tiplicity, stolen key inversion attack and blendedsubstitution attack [91]. If an adversary has accessto two different vaults (say from two differentapplications) obtained from the same biometric data,he can easily identify the genuine points in thetwo vaults and decode the vault. Thus, the fuzzyvault scheme does not provide diversity and re-vocability. In a stolen key inversion attack, if anadversary somehow recovers the key embedded inthe vault, he can decode the vault to obtain thebiometric template. Since the vault contains a largenumber of chaff points, it is possible for an adver-sary to substitute a few points in the vault usinghis own biometric features. This allows both thegenuine user and the adversary to be successfullyauthenticated using the same identity and such anattack is known as blended substitution. To counterthese attacks, Nandakumar et al. [45] proposed ahybrid approach where (i) biometric features arefirst “salted” based on a user password, (ii) vaultis constructed using the salted template and (iii)the vault is encrypted using a key derived from thepassword. While salting prevents attacks via recordmultiplicity and provides diversity and revocability,encryption provides resistance against blended sub-stitution and stolen key inversion attacks.


17

D. Discussion

We believe that as yet there is no “best” approachfor template protection. The application scenarioand requirements plays a major role in the selectionof a template protection scheme. For instance, ina biometric verification application such as a bankATM, a simple salting scheme based on the user’sPIN may be sufficient to secure the biometric tem-plate if we assume that both the transformed tem-plate and the user’s PIN will not be compromised si-multaneously. On the other hand, in an airport watchlist application, non-invertible transform is a moresuitable approach because it provides both templatesecurity and revocability without relying on anyother input from the user. Biometric cryptosystemsare more appropriate in match-on-card applicationsbecause such systems typically release a key tothe associated application in order to indicate asuccessful match.

The other major factors that influence the choiceof a template protection scheme are the selectedbiometric trait, its feature representation and theextent of intra-user variations. Design of a templateprotection scheme depends on the specific type ofbiometric features used. While good non-invertibletransforms have been proposed for fingerprint minu-tiae features [53], it may be difficult to design asuitable non-invertible transform for IrisCode repre-sentation [25]. In contrast, it may be easier to designa biometric cryptosystem for IrisCode because it isrepresented as a fixed-length binary string wherestandard error correction coding techniques can bereadily applied. Moreover, if the intra-user varia-tions are quite large, it may not be possible to applya non-invertible transform or create a biometriccryptosystem. Therefore, even in a specific appli-cation scenario and for a fixed biometric featurerepresentation, more than one template protectionscheme may be admissible and the choice of thesuitable approach may be based on a number offactors such as recognition performance, computa-tional complexity, memory requirements and useracceptance and co-operation.

V. SUMMARY AND RESEARCH DIRECTIONS

Given the dramatic increase in incidents involvingidentity thefts and various security threats, it isimperative to have reliable identity managementsystems. Biometric systems are being widely used

to achieve reliable user authentication, a criticalcomponent in identity management. But, biometricsystems themselves are vulnerable to a number ofattacks. In this paper, we have summarized variousaspects of biometric system security and discussedtechniques to counter these threats. Among thesevulnerabilities, an attack against stored biometrictemplates is a major concern due to the strong link-age between a user’s template and his identity andthe irrevocable nature of biometric templates. Wehave described various template protection mech-anisms proposed in the literature and highlightedtheir strengths and limitations. Finally, specific im-plementations of these approaches on a commonfingerprint database was presented to illustrate theissues involved in implementing template security.

The available template protection schemes are notyet sufficiently mature for large scale deployment;they do not meet the requirements of diversity, revo-cability, security and high recognition performance.Further, the security analysis of existing schemesis mostly based on the complexity of brute-forceattacks which assumes that the distribution of bio-metric features is uniform. In practice, an adversarymay be able to exploit the non-uniform nature ofbiometric features to launch an attack that may re-quire significantly fewer attempts to compromise thesystem security. While we have pointed out someof the vulnerabilities in specific schemes such asfuzzy vault, a rigorous analysis of the cryptographicstrength of the template security schemes similar tothose available in the cryptanalysis literature has notbeen carried out till date. Such an analysis must beperformed before the template security schemes aredeployed in critical real-world applications.

A single template protection approach may not besufficient to meet all the application requirements.Hence, hybrid schemes that make use of the advan-tages of the different template protection approachesmust be developed. For instance, a scheme thatsecures a a “salted” template using a biometric cryp-tosystem (e.g., [44]–[46]) may have the advantagesof both salting (which provides high diversity andrevocability) and biometric cryptosystem (whichprovides high security) approaches. Finally, withthe growing interest in multibiometric and multi-factor authentication systems, schemes that simul-taneously secure multibiometric templates and mul-tiple authentication factors (biometrics, passwords,etc.) need to be developed.


18

ACKNOWLEDGMENT

This research was supported by Army ResearchOffice contract W911NF-06-1-0418 and the Centerfor Identification Technology Research (CITeR), aNSF/IUCRC program. The authors would like tothank Salil Prabhakar, Sharath Pankanti, AndrewTeoh and the anonymous reviewers for their feed-back and useful suggestions.

REFERENCES

[1] C. Roberts, “Biometric Attack Vectors and Defences,” Comput-ers and Security, vol. 26, no. 1, pp. 14–25, February 2007.

[2] M1.4 Ad Hoc Group on Biometric in E-Authentication, “StudyReport on Biometrics in E-Authentication,” International Com-mittee for Information Technology Standards (INCITS), Tech-nical Report INCITS M1/07-0185rev, March 2007.

[3] A. K. Jain, A. Ross, and S. Pankanti, “Biometrics: A Toolfor Information Security,” IEEE Transactions on InformationForensics and Security, vol. 1, no. 2, pp. 125–143, June 2006.

[4] I. Buhan and P. Hartel, “The State of the Art in Abuse ofBiometrics,” Centre for Telematics and Information Technol-ogy, University of Twente, Technical Report TR-CTIT-05-41,December 2005.

[5] A. K. Jain, A. Ross, and U. Uludag, “Biometric Template Se-curity: Challenges and Solutions,” in Proceedings of EuropeanSignal Processing Conference (EUSIPCO), Antalya, Turkey,September 2005.

[6] B. Cukic and N. Bartlow, “Biometric System Threats andCountermeasures: A Risk Based Approach,” in Proceedings ofBiometric Consortium Conference (BCC), Crystal City, USA,September 2005.

[7] K. Ishikawa, Guide to Quality Control. Tokyo, Japan: NordicaIntl. Ltd.

[8] Biometric System Laboratory - University of Bologna,“FVC2006: The Fourth International Fingerprint Verifica-tion Competition,” Available at http://bias.csr.unibo.it/fvc2006/default.asp.

[9] C. Wilson, A. R. Hicklin, M. Bone, H. Korves, P. Grother,B. Ulery, R. Micheals, M. Zoepfl, S. Otto, and C. Watson,“Fingerprint Vendor Technology Evaluation 2003: Summary ofResults and Analysis Report,” NIST, Technical Report NISTIR7123, June 2004.

[10] P. J. Phillips, W. T. Scruggs, A. J. O´ Toole, P. J. Flynn, K. W.Bowyer, C. L. Schott, and M. Sharpe, “FRVT 2006 and ICE2006 Large-Scale Results,” NIST, Technical Report NISTIR7408, March 2007.

[11] M. Przybocki and A. Martin, “NIST Speaker RecognitionEvaluation Chronicles,” in Odyssey: The Speaker and LanguageRecognition Workshop, Toledo, Spain, May 2004, pp. 12–22.

[12] A. Ross, K. Nandakumar, and A. K. Jain, Handbook of Multi-biometrics. Springer, 2006.

[13] N. K. Ratha, J. H. Connell, and R. M. Bolle, “An Analysisof Minutiae Matching Strength,” in Proceedings of Third In-ternational Conference on Audio- and Video-Based BiometricPerson Authentication (AVBPA), Halmstad, Sweden, June 2001,pp. 223–228.

[14] T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino,“Impact of Artificial Gummy Fingers on Fingerprint Systems,”in Proceedings of SPIE Conference on Optical Security andCounterfeit Deterrence Techniques, vol. 4677, February 2002,pp. 275–289.

[15] T. Matsumoto, M. Hirabayashi, and K. Sato, “A VulnerabilityEvaluation of Iris Matching (Part 3),” in Proceedings of the2004 Symposium on Cryptography and Information Security,Iwate, Japan, January 2004, pp. 701–706.

[16] W. R. Harrison, Suspect Documents, their Scientific Examina-tion. Nelson-Hall Publishers, 1981.

[17] A. Eriksson and P. Wretling, “How Flexible is the HumanVoice? A Case Study of Mimicry,” in Proceedings of theEuropean Conference on Speech Technology, Rhodes, Greece,September 1997, pp. 1043–1046.

[18] S. Parthasaradhi, R. Derakhshani, L. A. Hornak, and S. A. C.Schuckers, “Time-Series Detection of Perspiration as a LivenessTest in Fingerprint Devices,” IEEE Transactions on Systems,Man, and Cybernetics, Part C: Applications and Reviews,vol. 35, no. 3, pp. 335–343, 2005.

[19] A. Antonelli, R. Cappelli, D. Maio, and D. Maltoni, “Fake Fin-ger Detection by Skin Distortion Analysis,” IEEE Transactionson Information Forensics and Security, vol. 1, no. 3, pp. 360–373, September 2006.

[20] D. R. Setlak, “Fingerprint Sensor Having Spoof ReductionFeatures and Related Methods,” United States patent numberUS 5953441, 1999.

[21] K. A. Nixon and R. K. Rowe, “Multispectral Fingerprint Imag-ing for Spoof Detection,” in Proceedings of SPIE Conferenceon Biometric Technology for Human Identification, vol. 5779,Orlando, USA, March 2005, pp. 214–225.

[22] J. Li, Y. Wang, T. Tan, and A. Jain, “Live Face Detection Basedon the Analysis of Fourier Spectra,” in Proceedings of SPIEConference on Biometric Technology for Human Identification,vol. 5404, Orlando, USA, March 2004, pp. 296–303.

[23] K. Kollreider, H. Fronthaler, and J. Bigun, “Evaluating Livenessby Face Images and the Structure Tensor,” in Proceedings ofFourth IEEE Workshop on Automatic Identification AdvancedTechnologies, Buffalo, USA, October 2005, pp. 75–80.

[24] H.-K. Jee, S.-U. Jung, and J.-H. Yoo, “Liveness Detection forEmbedded Face Recognition System,” International Journal ofBiomedical Sciences, vol. 1, no. 4, pp. 235–238, 2006.

[25] J. Daugman, “Recognizing Persons by their Iris Patterns,” inBiometrics: Personal Identification in Networked Society, A. K.Jain, R. Bolle, and S. Pankanti, Eds. London, UK: KluwerAcademic Publishers, 1999, pp. 103–122.

[26] E. C. Lee, K. R. Park, and J. Kim, “Fake Iris Detection by UsingPurkinje Image,” in Proceedings of International Conferenceon Biometrics, vol. LNCS 3832, Hong Kong, China, 2006, pp.397–403.

[27] A. Juels, D. Molnar, and D. Wagner, “Security and PrivacyIssues in E-passports,” in Proceedings of First InternationalConference on Security and Privacy for Emerging Areas inCommunications Networks, Athens, Greece, September 2005,pp. 74–88.

[28] P. Syverson, “A Taxonomy of Replay Attacks,” in Proceedingsof the Computer Security Foundations Workshop (CSFW97),Franconia, USA, June 1994, pp. 187–191.

[29] A. Adler, “Vulnerabilities in Biometric Encryption Systems,” inProceedings of Fifth International Conference on Audio- andVideo-Based Biometric Person Authentication (AVBPA), vol.3546, Rye Brook, USA, 2005, pp. 1100–1109.

[30] K. Lam and D. Gollmann, “Freshness Assurance of Authenti-cation Protocols,” in Proceedings of European Symposium onResearch in Computer Security, Toulouse, France, 1992, pp.261–272.

[31] K. Lam and T. Beth, “Timely Authentication in DistributedSystems,” in Proceedings of European Symposium on Researchin Computer Security, vol. 648, Toulouse, France, 1992, pp.293–303.


19

[32] R. M. Bolle, J. H. Connell, and N. K. Ratha, “Biometric Perilsand Patches,” Pattern Recognition, vol. 35, no. 12, pp. 2727–2738, 2002.

[33] R. Seacord, Secure Coding in C and C++. Addison-Wesley,2005.

[34] A. K. Ross, J. Shah, and A. K. Jain, “From Templates to Im-ages: Reconstructing Fingerprints From Minutiae Points,” IEEETransactions on Pattern Analysis and Machine Intelligence,vol. 29, no. 4, pp. 544–560, 2007.

[35] R. Cappelli, A. Lumini, D. Maio, and D. Maltoni, “FingerprintImage Reconstruction From Standard Templates,” IEEE Trans-actions on Pattern Analysis and Machine Intelligence, vol. 29,no. 9, pp. 1489–1503, 2007.

[36] A. Adler, “Images can be Regenerated from Quantized Biomet-ric Match Score Data,” in Proceedings Canadian Conference onElectrical and Computer Engineering, Niagara Falls, Canada,May 2004, pp. 469–472.

[37] A. K. Jain, R. Bolle, and S. Pankanti, Eds., Biometrics: Per-sonal Identification in Networked Society. Kluwer AcademicPublishers, 1999.

[38] A. K. Jain and S. Pankanti, “A Touch of Money,” IEEESpectrum, vol. 3, no. 7, pp. 22–27, 2006.

[39] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbookof Fingerprint Recognition. Springer-Verlag, 2003.

[40] U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, “Biomet-ric Cryptosystems: Issues and Challenges,” vol. 92, no. 6, pp.948–960, June 2004.

[41] A. Cavoukian and A. Stoianov, “Biometric Encryption: APositive-Sum Technology that Achieves Strong Authentication,Security and Privacy,” Office of the Information and PrivacyCommissioner of Ontario, Technical Report, March 2007.

[42] A. Vetro and N. Memon, “Biometric System Security,” Tutorialpresented at Second International Conference on Biometrics,Seoul, South Korea, August 2007.

[43] T. E. Boult, W. J. Scheirer, and R. Woodworth, “FingerprintRevocable Biotokens: Accuracy and Security Analysis,” in Pro-ceedings of IEEE Computer Society Conference on ComputerVision and Pattern Recognition, June 2007, pp. 1–8.

[44] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. K. V.Kumar, “Biometric Encrpytion,” in ICSA Guide to Cryptogra-phy, R. K. Nichols, Ed. McGraw Hill, 1999.

[45] K. Nandakumar, A. Nagar, and A. K. Jain, “Hardening Finger-print Fuzzy Vault Using Password,” in Proceedings of SecondInternational Conference on Biometrics, Seoul, South Korea,August 2007, pp. 927–937.

[46] O. T. Song, A. B. J. Teoh, and D. C. L. Ngo, “Application-Specific Key Release Scheme from Biometrics,” InternationalJournal of Network Security, vol. 6, no. 2, pp. 127–133, March2008.

[47] A. B. J. Teoh, A. Goh, and D. C. L. Ngo, “Random MultispaceQuantization as an Analytic Mechanism for BioHashing ofBiometric and Random Identity Inputs,” IEEE Transactions onPattern Analysis and Machine Intelligence, vol. 28, no. 12, pp.1892–1901, December 2006.

[48] P. N. Belhumeur, J. P. Hespanha, and D. J. Kriegman, “Eigen-faces versus Fisherfaces: Recognition Using Class SpecificLinear Projection,” IEEE Transactions on Pattern Analysis andMachine Intelligence, vol. 9, no. 7, pp. 711–720, 1997.

[49] C. S. Chin, A. B. J. Teoh, and D. C. L. Ngo, “High SecurityIris Verification System Based On Random Secret Integration,”Computer Vision and Image Understanding, vol. 102, no. 2, pp.169–177, May 2006.

[50] T. Connie, A. B. J. Teoh, M. Goh, and D. C. L. Ngo,“PalmHashing: A Novel Approach for Cancelable Biometrics,”Information Processing Letters, January 2005.

[51] M. Savvides and B. V. K. Vijaya Kumar, “Cancellable Biomet-ric Filters for Face Recognition,” in Proceedings of IEEE In-ternational Conference Pattern Recognition, vol. 3, Cambridge,UK, August 2004, pp. 922–925.

[52] Y. Sutcu, H. T. Sencar, and N. Memon, “A Secure BiometricAuthentication Scheme Based on Robust Hashing,” in Proceed-ings of ACM Multimedia and Security Workshop, New York,USA, August 2005, pp. 111–116.

[53] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle,“Generating Cancelable Fingerprint Templates,” IEEE Trans-actions on Pattern Analysis and Machine Intelligence, vol. 29,no. 4, pp. 561–572, April 2007.

[54] A. B. J. Teoh, K.-A. Toh, and W. K. Yip, “2N Discretisationof BioPhasor in Cancellable Biometrics,” in Proceedings ofSecond International Conference on Biometrics, Seoul, SouthKorea, August 2007, pp. 435–444.

[55] X. Boyen, “Reusable Cryptographic Fuzzy Extractors,” in ACMConference on Computer and Communications Security, Wash-ington D.C, USA, October 2004, pp. 82–91.

[56] A. Juels and M. Wattenberg, “A Fuzzy Commitment Scheme,”in Proceedings of Sixth ACM Conference on Computer andCommunications Security, Singapore, November 1999, pp. 28–36.

[57] J. L. Carter and M. N. Wegman, “Universal Classes of HashFunctions,” Journal of Computer and System Sciences, vol. 18,no. 2, pp. 143–154, 1979.

[58] A. Juels and M. Sudan, “A Fuzzy Vault Scheme,” in Proceed-ings of IEEE International Symposium on Information Theory,Lausanne, Switzerland, 2002, p. 408.

[59] P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G.-J. Schri-jen, A. M. Bazen, and R. N. J. Veldhuis, “Practical BiometricAuthentication with Template Protection,” in Proceedings ofFifth International Conference on Audio- and Video-basedBiometric Person Authentication, Rye Town, USA, July 2005,pp. 436–446.

[60] S. C. Draper, A. Khisti, E. Martinian, A. Vetro, and J. S.Yedidia, “Using Distributed Source Coding to Secure Finger-print Biometrics,” in Proceedings of IEEE International Con-ference on Acoustics, Speech, and Signal Processing (ICASSP),vol. 2, Hawaii, USA, April 2007, pp. 129–132.

[61] G. I. Davida, Y. Frankel, and B. J. Matt, “On Enabling SecureApplications Through Off-Line Biometric Identification,” inProceedings of IEEE Symposium on Security and Privacy,Oakland, USA, May 1998, pp. 148–157.

[62] F. Monrose, M. K. Reiter, and S. Wetzel, “Password HardeningBased on Keystroke Dynamics,” in Proceedings of Sixth ACMConference on Computer and Communications Security, 1999,pp. 73–82.

[63] F. Monrose, M. Reiter, Q. Li, and S. Wetzel, “CryptographicKey Generation from Voice,” in Proceedings of IEEE Sympo-sium on Security and Privacy, Oakland, USA, May 2001, pp.202–213.

[64] F. Hao, R. Anderson, and J. Daugman, “Combining Cryptowith Biometrics Effectively,” IEEE Transactions on Computers,vol. 55, no. 9, pp. 1081–1088, September 2006.

[65] E. J. C. Kelkboom, B. Gkberk, T. A. M. Kevenaar, A. H. M.Akkermans, and M. van der Veen, ““3D Face”: BiometricTemplate Protection for 3D Face Recognition,” in Proceedingsof Second International Conference on Biometrics, Seoul, SouthKorea, August 2007, pp. 566–573.

[66] T. Clancy, D. Lin, and N. Kiyavash, “Secure Smartcard-BasedFingerprint Authentication,” in Proceedings of ACM SIGMMWorkshop on Biometric Methods and Applications, Berkley,USA, November 2003, pp. 45–52.

[67] S. Yang and I. Verbauwhede, “Automatic Secure Fingerprint


20

Verification System Based on Fuzzy Vault Scheme,” in Proceed-ings of IEEE International Conference on Acoustics, Speech,and Signal Processing, vol. 5, Philadelphia, USA, March 2005,pp. 609–612.

[68] Y. Chung, D. Moon, S. Lee, S. Jung, T. Kim, and D. Ahn,“Automatic Alignment of Fingerprint Features for Fuzzy Fin-gerprint Vault,” in Proceedings of Conference on InformationSecurity and Cryptology, Beijing, China, December 2005, pp.358–369.

[69] U. Uludag and A. K. Jain, “Securing Fingerprint Template:Fuzzy Vault With Helper Data,” in Proceedings of CVPRWorkshop on Privacy Research In Vision, New York, USA, June2006, p. 163.

[70] A. Nagar and S. Chaudhury, “Biometrics based AsymmetricCryptosystem Design Using Modified Fuzzy Vault Scheme,” inProceedings of IEEE International Conference Pattern Recog-nition, vol. 4, Hong Kong, China, August 2006, pp. 537–540.

[71] Y. C. Feng and P. C. Yuen, “Protecting Face Biometric Data onSmartcard with Reed-Solomon Code,” in Proceedings of CVPRWorkshop on Biometrics, New York, USA, June 2006, p. 29.

[72] Y. J. Lee, K. Bae, S. J. Lee, K. R. Park, and J. Kim, “BiometricKey Binding: Fuzzy Vault based on Iris Images,” in Proceedingsof Second International Conference on Biometrics, Seoul, SouthKorea, August 2007, pp. 800–808.

[73] M. Freire-Santos, J. Fierrez-Aguilar, and J. Ortega-Garcia,“Cryptographic Key Generation Using Handwritten Signature,”in Proceedings of SPIE Conference on Biometric Technologiesfor Human Identification, vol. 6202, Orlando, USA, April 2006,pp. 225–231.

[74] Y.-J. Chang, W. Zhang, and T. Chen, “Biometrics Based Cryp-tographic Key Generation,” in Proceedings of IEEE Conferenceon Multimedia and Expo, vol. 3, Taipei, Taiwan, June 2004, pp.2203–2206.

[75] C. Vielhauer, R. Steinmetz, and A. Mayerhofer, “BiometricHash Based on Statistical Features of Online Signatures,”in Proceedings of 16th International Conference on PatternRecognition, vol. 1, Quebec, Canada, August 2002, pp. 123–126.

[76] Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “FuzzyExtractors: How to Generate Strong Keys from Biometrics andOther Noisy Data,” Cryptology ePrint Archive, Tech. Rep. 235,February 2006, A preliminary version of this work appeared inEUROCRYPT 2004.

[77] Q. Li and E. C. Chang, “Robust, Short and Sensitive Au-thentication Tags Using Secure Sketch,” in Proceedings ofACM Multimedia and Security Workshop, Geneva, Switzerland,September 2006, pp. 56–61.

[78] Y. Sutcu, Q. Li, and N. Memon, “Protecting Biometric Tem-plates with Sketch: Theory and Practice,” IEEE Transactions onInformation Forensics and Security, vol. 2, no. 3, pp. 503–512,September 2007.

[79] I. R. Buhan, J. M. Doumen, P. H. Hartel, and R. N. J.Veldhuis, “Fuzzy Extractors for Continuous Distributions,” inProceedings of ACM Symposium on Information, Computer andCommunications Security, Singapore, March 2007, pp. 353–355.

[80] A. Arakala, J. Jeffers, and K. J. Horadam, “Fuzzy Extractors forMinutiae-Based Fingerprint Authentication,” in Proceedings ofSecond International Conference on Biometrics, Seoul, SouthKorea, August 2007, pp. 760–769.

[81] E. C. Chang and S. Roy, “Robust Extraction of Secret Bits FromMinutiae,” in Proceedings of Second International Conferenceon Biometrics, Seoul, South Korea, August 2007, pp. 750–759.

[82] X. Zhou, “Template Protection and its Implementation in 3DFace Recognition Systems,” in Proceedings of SPIE Conference

on Biometric Technology for Human Identification, vol. 6539,Orlando, USA, April 2007, pp. 214–225.

[83] Y. Sutcu, Q. Li, and N. Memon, “Secure Biometric Tem-plates from Fingerprint-Face Features,” in Proceedings of CVPRWorkshop on Biometrics, Minneapolis, USA, June 2007.

[84] X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith,“Secure Remote Authentication Using Biometric Data,” in Ad-vances in Cryptology–EUROCRYPT 2005, Aarhus, Denmark,May 2005, pp. 147–163.

[85] I. R. Buhan, J. M. Doumen, P. H. Hartel, and R. N. J.Veldhuis, “Secure Ad-hoc Pairing with Biometrics: SAfE,” inProceedings of First International Workshop on Security forSpontaneous Interaction, Innsbruck, Austria, September 2007,pp. 450–456.

[86] D. Maio, D. Maltoni, J. L. Wayman, and A. K. Jain, “FVC2002:Second Fingerprint Verification Competition,” in Proceedingsof International Conference on Pattern Recognition (ICPR),Quebec City, Canada, August 2002, pp. 811–814.

[87] A. Ross, A. Jain, and J. Reisman, “A Hybrid FingerprintMatcher,” Pattern Recognition, vol. 36, no. 7, pp. 1661–1673,July 2003.

[88] A. K. Jain, L. Hong, and R. Bolle, “On-line Fingerprint Veri-fication,” IEEE Transactions on Pattern Analysis and MachineIntelligence, vol. 19, no. 4, pp. 302–314, April 1997.

[89] K. Nandakumar, A. K. Jain, and S. Pankanti, “Fingerprint-based Fuzzy Vault: Implementation and Performance,” IEEETransactions on Information Forensics and Security, vol. 2,no. 4, pp. 744–757, December 2007.

[90] E.-C. Chang, R. Shen, and F. W. Teo, “Finding the OriginalPoint Set Hidden Among Chaff,” in Proceedings of ACMSymposium on Information, Computer and CommunicationsSecurity, Taipei, Taiwan, 2006, pp. 182–188.

[91] W. J. Scheirer and T. E. Boult, “Cracking Fuzzy Vaults and Bio-metric Encryption,” in Proceedings of Biometrics Symposium,September 2007.
