Introduction to Biometric Systems

SecurityDhananjay Dewangan

OverviewBiometric IntroductionPrivacy AssessmentsBiometric System SecurityTemplate ProtectionPrivacy in Multimodal SystemsFuture WorkReferences

Biometric IntroductionDefinition:

Any automatically measurable, robust and distinctive physical characteristics or personal traits that can be used to identify an individual or verify the claimed identity of an individual i.e. used to provide user’s authenticity.

Biometric IntroductionStages in Biometric:•Identification/Enrollment-figure out ‘Who is X?’-accomplished by system performing ‘one-to-many’ search•Verification/Authentication-answer the question ‘Is this X?’-accomplished by system performing ‘one- to-one’ search

Biometric IntroductionTypes of Biometric1.Behavioral

-voice-signature-DNA

2. Physiological-fingerprint-palmprint-face-hand geometry-iris

Biometric Introduction

Biometric IntroductionExpectation from biometric technology

-Performance-Cost-Interoperability-User Convenience-Security

Privacy AssessmentsThe biometric features, samples and templates can not be considered as ‘Secrets’ since it is possible to capture them to create real or digital artifacts suitable to a attack a biometric system. The design and usage of a biometric system should always respect strict guidelines to protect the user’s privacy and these are:•Scope & capability of the system•The data protection•User control of personal data•Disclosure, auditing and accountability of the biometric system

Biometric System Security

The security ensured by the biometric systems can itself be compromised. The general analysis of a biometric system for vulnerability assessment determines the extent to which an imposter can compromise the security offered by the biometric system. Many of the attacks are applicable to any information system, the attacks using fake biometrics and template modification are unique to biometric systems.

Biometric System Security

Biometric System SecuritySensor level attacksA fake biometric sample can be presented at the sensor to gain access like fingerprint impressions from object touched by the person.Replay attacksIt is possible for an adversary to interpret or acquire a digital copy of th e stored biometric sample and replay this signal bypassing the biometric sensor. Trojan horse attacksThe feature extractor can be replaced by a program which generates a desired feature set.

Biometric System SecuritySpoofing the featuresThe feature vectors generated from the biometric samples are replaced by the set of synthetically generated (fake) features.Attack on matcherThe matcher can also be subjected to a Trojan horse attack that always produce high or low match scores irrespective of which user presents the biometric at the sensor.Attack on templateThe template generated during the user enrollment/registration can either be stored locally or at some central location which either modifies stored templates or replaces it with a new template.

Biometric System SecurityAttack on communication channelThe data being transferred through a communication channel can be intercepted for malicious reasons and modified and inserted back into the system.Attack on decision moduleThe final decision generated by the biometric system can be overridden by a Trojan horse program.

A biometric matcher is typically only a part of a larger information and security management system. Thus the non-biometric modules in the overall system can also introduce some security flaws.

Template ProtectionAn ideal template protection scheme for a biometric system should have following properties:1. Diversity - The cross-matching of a secured templates

should be ensured in such a manner that the privacy of the true owner of the template should be ensured.

2. Revocability - When the biometric template is compromised, it should be possible to revoke the compromised template and reissue a new template based on the biometric trait.

3. Security - It should be extremely difficult to generate the original biometric feature set from the protected biometric templates.

4. Performance - The template protection scheme should not degrade the matching performance.

Template ProtectionThe secured template must be Non-invertible i.e. illegal users could not generate original template from secure stored template in system database. There is a tradeoff between matching performance and the security degree of biometric template protection scheme.The methods of protection scheme are: 1. Biometric cryptosystems 2. Cancellable biometric or Template transformation

Template ProtectionBiometric CryptosytemsBinds a digital key to a biometric template or generates a key from a biometric template.In enrollment phase, the public information called helper data is derived from the biometric template & stored in system database and is computationally very complicated to reconstruct the original template from the helper data.In authentication phase, if the input biometric is sufficient close to original template then it can be recovered by decoding the helper data.

Template ProtectionKey-BindingIn enrollment phase, a digital secret key binds to a biometric template and combination of them stores in the system database as helper data.In recognition phase, a key retrieval algorithm is applied to input template and helper data to extract secret key.Whenever an adversary behavior take places on the system database the helper data removes and a new helper data using a new secret key and biometric template generates.Example – fuzzy commitment and fuzzy vault schemes

Template Protection

Template ProtectionKey-GenerationIn enrollment phase, helper data is extracted from biometric template and the secret key is generated from the helper data and biometric template.In recognition phase the stored helper data and input biometric template used to generate the secret key.

Example – Private template approach and quantization technique

Template ProtectionTemplate TransformationApplying a transform function on biometric data in a way that reconstructing original biometric data from transformed biometric is computationally so hard.•In enrollment phase, the biometric template transforms to transformed template using user specific parameters for transformation and then stored in system database along with user specific parameters.• In recognition phase, the transformation with same user specific parameters occurs on input biometric template and resulting transformed template compares with stored transformed template.

Template Protection

Template ProtectionNon-Invertible Transformation:A one-way function applying on biometric data. To renew a biometric template the parameters of function must be changed. In cases the parameters of transformation are compromised the attacker is not able to reconstruct the original biometric template. Because of intra-class variations the transformation needs to align biometric template to perform an effective comparison and this causes to reduce the authentication performance.

Template ProtectionSalting/Biohashing:The biometric features are transformed using a function defined by a user-specific key or password. Since the transformation is invertible to a large extent, the key needs to be securely stored or remembered by the user and presented during authentication. The parameters of transformation are kept secret. otherwise the attacker is able to reconstruct the original biometric template from the transformed template. The authentication performance of this method in comparison with non-invertible transformation method is higher but has the lower accuracy.

Template ProtectionThe mentioned template protection methods have their pros and cons in relation to degree of security, performance, storage requirements and ability to apply on various types of biometric data. One of the main limitations of mentioned methods is the issue of alignment that reduces the recognition performance. Fractal coding is a type of template transformation methods along with some changes and has many advantages in relation to alignment and applicability to different types of biometric data. Fractals are self-similar objects that are similar under various geometrical scales and could be described by a set of transformations. Fractal code is a set of non-linear transformations that approximating a given image.

Template ProtectionHybrid Approach:•Combination of both methods, Biometric cryptosystem and cancellable biometrics.

Template Protection• cancelable transforms used to generate a cancelable template. A cancelable transform, normally, decreases the discriminative power of the original template.•A discriminability enhancement transform is then applied to compensate for the discriminative power lost in the first step. Another objective of the discriminability enhancement transform is to generate a binary template such that biometric cryptosystem method, e.g., hash function, can be employed in the final step. This way, the proposed three-step hybrid framework is able to satisfy the template protection requirements.

Privacy in Multimodal SystemHumans beings typically identify other individuals using a biometric approach which encompasses more than a single biometric trait. For example we can recognize a person watching his face, but the final decision is often integrated using other biometric traits such as the voice, the stature, the gait, or the behavior. In a similar way, a multimodal biometric system uses different biometric traits and combines them efficiently.

Privacy in Multimodal SystemPros:The performance of a matching system is improved with respect to the same system working with the single traits which compose the multimodal system. The global fault tolerance of the system is enhanced, since, if one biometric subsystem is not working properly (e.g., a sensor problem occurred), the multimodal system can keep working using the remaining biometric submoduls that are correctly functioning.The multiple acquisition of different traits at the same time (or in a very narrow time frame) achieves an effective deterring against spoofing actions.

Privacy in Multimodal SystemCons:The higher cost of the systems, since they are composed by multiple and different biometric subsystems, each for every single traits that has been selected.The acquisition time: a multi-acquisition is mostly longer than a single acquisition. In addition, the user can perceive the multiple acquisition as more invasive and/or inconvenient.The retention of biometric data is proportionally larger in the case of multimodal biometric systems.

Privacy in Multimodal System

Design:A typical multimodal biometric verification scheme provides two basic modules. The first, the enroll module, creates some sort of ID linked to a single user starting from the user’s biometric samples. The ID could then be stored in e.g. a document or a smart card and must be provided during the verification phase. The second module, the verification one, verifies if the ID matches a new set of freshly provided biometrics. While the number of biometric traits might in principle be increased as desired.

Privacy in Multimodal System

Privacy in Multimodal System

Future WorkPlan for next 10 days:•Implementation of any transformation technique for our biometric system.•Analysis of security attacks.•Non-invertible transformation as biohashing.•Verification based on fractal coding.

ReferencesS. Prabhakar, S. Pankanti, and A. K. Jain, “Biometric Recognition: Security and Privacy Concerns,” IEEE Security and Privacy Magazine, Vol. 1, No. 2, pp. 33-42, March-April 2003.Anil K Jain, Ajay Kumar, Biometrics on Next Generation: An Overview.Jain AK, Nandakumar K, and Nagar A (2008) Biometric template security. EURASIP J Advances n Signal Processing, Special issue on Biometrics.A. K. Jain, K. Nandakumar and A. Nagar, "Biometric Template Security", EURASIP Journal on Advances in Signal Processing, January 2008.Stelvio Cimato, Marco Gamassi, Vincenzo Piuri, Roberto Sassi and Fabio Scotti, Privacy in Biometrics.

ReferencesA. Teoh Beng Jin, D. Ngo Chek Ling, and A. Goh. Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition, 37(11):2245–2255, 2004.Hossein Malekinezhad, Hossein Ebrahimpour-Komleh, Protecting Biometric-based Authentication Systems against Indirect Attacks.Hossein Malekinezhad, Hossein Ebrahimpour-Komleh, Fractal Technique for Face Recognition.Y C Feng1, Pong C Yuen1and Anil K Jain, A Hybrid Approach for Face Template Protection.Andrew B.J. Teoha, Yip Wai Kuan b Sangyoun Lee a, Cancellable biometrics and annotations on BioHash, Pattern Recognition 41 (2008) 2034 – 2044.