A Biometric Template Security Approach to Fingerprints Based on Polynomial Transformations

The use of biometric identifiers in the field of
information security, access control to resources, authentication in
ATMs and banking among others, are of great concern because of
the safety of biometric data. In the general architecture of a biometric
system have been detected eight vulnerabilities, six of them allow
obtaining minutiae template in plain text. The main consequence
of obtaining minutia templates is the loss of biometric identifier
for life. To mitigate these vulnerabilities several models to protect
minutiae templates have been proposed. Several vulnerabilities in the
cryptographic security of these models allow to obtain biometric data
in plain text. In order to increase the cryptographic security and ease
of reversibility, a minutiae templates protection model is proposed.
The model aims to make the cryptographic protection and facilitate
the reversibility of data using two levels of security. The first level
of security is the data transformation level. In this level generates
invariant data to rotation and translation, further transformation is
irreversible. The second level of security is the evaluation level,
where the encryption key is generated and data is evaluated using a
defined evaluation function. The model is aimed at mitigating known
vulnerabilities of the proposed models, basing its security on the
impossibility of the polynomial reconstruction.

Authors:

• Ramon Santana

Keywords:

• Fingerprint
• template protection
• bio-cryptography
• minutiae protection.

References:

[1] D. Maltoni, D. Maio, A. K. Jain, and Salil Prabhakar, Handbook of
Fingerprint Recognition, 2009.
[2] N. Dahiya and C. Kant, “Biometrics Security Concerns,” in Second
International Conference on Advanced Computing & Communication
Technologies Biometrics, 2012, pp. 299–304.
[3] R. Cappelli, A. Lumini, D. Maio, and D. Maltoni, “Fingerprint
Image Reconstruction from Standard Templates,” IEEE Transactions
On Pattern Analysis And Machine Intelligence, vol. 29, no. 9, pp.
1489–1503, 2007.
[4] A. K. Jain, K. Nandakumar, and A. Nagar, “Fingerprint Template
Protection : From Theory to Practice,” in Security and Privacy in
Biometrics, 2013, pp. 187—-214.
[5] ——, “Biometric Template Security,” EURASIP Journal on Advances
in Signal Processing, vol. 2008, pp. 1—-17, 2008.
[6] M. M. Roja and S. Sawarkar, “ElGamel Encryption for Biometric
Database Protection,” International Journal of Computer Applications,
vol. 68, no. 6, pp. 10–14, 2013.
[7] A. Juels and M. Wattenberg, “A fuzzy commitment scheme,”
in Proceedings of the 6th ACM conference on Computer and
communications security. ACM, 1999, pp. 28–36.
[8] A. Juels and M. Sudan, “A Fuzzy Vault Scheme,” in IEEE International
Symposium on Information Theory, 2002, p. 408.
[9] X. Li and D. Sun, “A Dual-Mode Fingerprint Fusion Encryption Method
Based on Fuzzy Vault,” in International Conference on Cyber-Enabled
Distributed Computing and Knowledge Discover, no. 60773015, 2012,
pp. 208–215.
[10] R. M. Bolle, N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing
security and privacy in biometrics-based authentication systems,” IBM
systems Journal, vol. 40, no. 3, pp. 614–634, 2001.
[11] N. Ratha, J. Connell, and R. M. Bolle, “Cancelable Biometrics : A Case
Study in Fingerprints,” pp. 18–21, 2006.
[12] N. K. Ratha, S. Chikkerur, J. Connell, R. M. Bolle, and S. Member,
“Generating Cancelable Fingerprint Templates,” IEEE Transactions On
Pattern Analysis And Machine Intelligence, vol. 29, no. 4, pp. 561–572,
2007.
[13] A. K. Jain, S. Prabhakar, L. Hong, and S. Pankanti, “FingerCode:
a filterbank for fingerprint representation and matching,” in IEEE
Computer Society Conference on Computer Vision and Pattern
Recognition, vol. 2, 1999, p. 8.
[14] R. Belguechi, C. Rosenberger, and S. A. Aoudia, “BioHashing for
securing fingerprint minutiae templates,” in International Conference on
Pattern Recognition, 2010, pp. 1172–1175.
[15] R. Belguechi, E. Cherrier, C. Rosenberger, and S. Ait-aoudia,
“Operational bio-hash to preserve privacy of fingerprint minutiae
templates,” IET Biometrics, no. February, pp. 1–9, 2013.
[16] A. Teoh, D. Ngo, C. Ling, and A. Goh, “Biohashing : Two factor
authentication featuring fingerprint data and tokenised random number,”
Pattern Recognition, vol. 37, pp. 2245–2255, 2004.
[17] U. Uludag, S. Pankanti, and A. K. Jain, “Fuzzy Vault for Fingerprints,”
pp. 310–319, 2005.