Biometrics are finding increased adoption over the past few years in a variety of applications including authentication and identification. However, there are widespread security and privacy concerns about the dangers of using biometric data in an ubiquitous and unchecked manner. Security concerns stem from the fact that biometric data cannot be easily revoked or replaced. Once some biometric data are compromised, they remain compromised forever. Privacy concerns arise from the fact that biometrics data are tightly bound to a person’s identity such that they can be used to violate their privacy.
Despite that there has been a lot of research done over the past few decades on developing techniques for capturing and matching biometric data, security and privacy issues have received comparably less attention. Unfortunately, traditional cryptographic techniques (e.g., shadow passwords) cannot be easily adapted to protect biometric data. The main difficulty is that biometric samples cannot be exactly reproduced.
The main objective of this project is to develop simple, practical and provably effective cryptographic techniques for the security and privacy of biometric data.
Our approachs are two-fold. On one hand, we study hueristic-based techniques, which we call Robust Hash, where we design hash functions that are robust to small noise in the input, yet it is (hueristically) difficult to invert the hash functions. Some results appeared in [4,6].
On the other hand, we also employ rigorous methods based recently proposed cryptographic primitives called secure sketch (Dodis et al., Eurocrypt’04). We study how to construct secure sketch for continuous data ([5]). It is tricky to measure the security in this case since “entropy loss” for continuous data could be very high or even meaningless. We propose to look at an additional security measure called relative entropy loss. We also study how to apply a theoretically sound scheme in practice ([2,3]). It is observed through experiments that there are various trade-offs among the performance and security parameters of the biometric authentication systems, which have to be examined carefully when designing such systems.
This material is based upon work partially supported by the National Science Foundation under Grant No. 0716490.
Participants:
Yagiz Sutcu
Qiming Li
Taha Sencar
Resources:
- Yagiz Sutcu, Husrev Taha Sencar and Nasir Memon, A Robust Hashing Scheme for Biometric Template Protection. under review.
- Yagiz Sutcu, Qiming Li, and Nasir Memon. Protecting Biometric Templates with Sketch: Theory and Practice. Accepted by IEEE Transactions on Information Forensics and Security. [PDF].
- Yagiz Sutcu, Qiming Li, and Nasir Memon. How to Protect Biometric Templates. SPIE Conf. on Security, Steganography and Watermarking of Multimedia Contents IX, January 2007, San Jose, CA. [PDF].
- Yagiz Sutcu, Husrev Taha Sencar and Nasir Memon, A Geometric Transformation to Protect Minutiae-Based Fingerprint Templates. Biometric Technology for Human Identification IV (DS36), part of the SPIE International Defense and Security Symposium. 2007. [PDF].
- Qiming Li, Yagiz Sutcu, and Nasir Memon. Secure sketch for biometric templates. ASIACRYPT, LNCS 4284, 2006. [PDF].
- Yagiz Sutcu, Husrev Taha Sencar and Nasir Memon, A Secure Biometric Authentication Scheme Based on Robust Hashing. ACM Multimedia and Security Workshop, NYC, New York, August 1-2, 2005. [PDF].
A bibliography on biometric security can be found here
Recent Comments