Obtaining Cryptographic Keys Using Multi-biometrics

  • Sanjay Kanade
  • Dijana Petrovska-Delacrétaz
  • Bernadette Dorizzi


Multi-biometric systems have several advantages over uni-biometrics based systems, such as, better verification accuracy, larger feature space to accommodate more subjects, and higher security against spoofing. Unfortunately, as in case of uni-biometric systems, multi-biometric systems also face the problems of nonrevocability, lack of template diversity, and possibility of privacy compromise. A combination of biometrics and cryptography is a good solution to eliminate these limitations. In this chapter we present a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which, a crypto-biometric key is derived from multi-biometric data. An idea (recently proposed by the authors) denoted as FeaLingECc (Feature Level Fusion through Weighted Error Correction) is used for the multi-biometric fusion. The FeaLingECc allows fusion of different biometric modalities having different performances (e.g., face + iris). This scheme is adapted for a multi-unit system based on two-irises and a multi-modal system using a combination of iris and face. The difficulty in obtaining the crypto-biometric key locked in the system (and in turn the reference biometric data) is 189 bits for the two-iris system while 183 bits for the iris-face system using brute force attack. In addition to strong keys, these systems possess revocability and template diversity and protect user privacy.


Error Correct Code Biometric Data Biometric System False Acceptance Rate Biometric Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Beveridge JR, Bolme D, Raper BA, Teixeira M (2005) The CSU face identification evaluation system. Machine Vision and Applications 16(2):128–138 CrossRefGoogle Scholar
  2. 2.
    Biosecure Tool (2007) Performance evaluation of a biometric verification system. Online.
  3. 3.
    Boyen X (2004) Reusable cryptographic fuzzy extractors. In: 11th ACM Conference on Computer and Communications Security (CCS) Google Scholar
  4. 4.
    Burr WE, Dodson DF, Polk WT (2006) Electronic authentication guideline. Recommendations of the National Institute of Standards and Technology Google Scholar
  5. 5.
    Cimato S, Gamassi M, Piuri V, Sassi R, Scotti F (2008) Privacy-aware biometrics: design and implementation of a multimodal verification system. In: Annual Computer Security Applications Conference (ACSAC). doi: 10.1109/ACSAC.2008.13 Google Scholar
  6. 6.
    Daugman J (2003) The importance of being random: statistical principles of iris recognition. Pattern Recognition 36(2):279–291 CrossRefGoogle Scholar
  7. 7.
    Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the Eurocrypt 2004, pp 523–540 CrossRefGoogle Scholar
  8. 8.
    Fu B, Yang SX, Li J, Hu D (2009) Multibiometric cryptosystem: model structure and performance analysis. IEEE Transactions on Information Forensics and Security 4(4):867–882 CrossRefGoogle Scholar
  9. 9.
    Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Transactions on Computers 55(9):1081–1088 CrossRefGoogle Scholar
  10. 10.
    Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP Journal on Advances in Signal Processing 2008:579416. 17 pp. doi: 10.1155/2008/579416 CrossRefGoogle Scholar
  11. 11.
    Juels A, Sudan M (2002) A fuzzy vault scheme. In: Lapidoth A, Teletar E (eds) Proc IEEE Int Symp Information Theory. IEEE Press, New York, p 408 CrossRefGoogle Scholar
  12. 12.
    Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: Proceedings of the Sixth ACM Conference on Computer and Communication Security (CCCS), pp 28–36 CrossRefGoogle Scholar
  13. 13.
    Kanade S, Camara D, Krichen E, Petrovska-Delacrétaz D, Dorizzi B (2008) Three factor scheme for biometric-based cryptographic key regeneration using iris. In: The 6th Biometrics Symposium (BSYM) Google Scholar
  14. 14.
    Kanade S, Petrovska-Delacrétaz D, Dorizzi B (2009) Cancelable iris biometrics and using error correcting codes to reduce variability in biometric data. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Google Scholar
  15. 15.
    Kanade S, Petrovska-Delacrétaz D, Dorizzi B (2009) Multi-biometrics based cryptographic key regeneration scheme. In: IEEE International Conference on Biometrics: Theory, Applications, and Systems (BTAS) Google Scholar
  16. 16.
    Kanade S, Petrovska-Delacrétaz D, Dorizzi B (2010) Obtaining cryptographic keys using feature level fusion of iris and face biometrics for secure user authentication. In: IEEE CVPR Workshop on Biometrics Google Scholar
  17. 17.
    Kelkboom E, Zhou X, Breebaart J, Veldhuis R, Busch C (2009) Multi-algorithm fusion with template protection. In: IEEE Second International Conference on Biometrics Theory, Applications and Systems Google Scholar
  18. 18.
    Kovesi P (2005) Matlab and octave functions for computer vision and image processing. Online.
  19. 19.
    Lades M, Vorbrüuggen JC, Buhmann J, Lange J, von der Malsburg C, Wüurtz RP, Konen W (1993) Distortion invariant object recognition in the dynamic link architecture. IEEE Transactions on Computers 42(3):300–311 CrossRefGoogle Scholar
  20. 20.
    Lumini A, Nanni L (2007) An improved biohashing for human authentication. Pattern Recognition 40(3):1057–1065. doi: 10.1016/j.patcog.2006.05.030 MATHCrossRefGoogle Scholar
  21. 21.
    MacWilliams FJ, Sloane NJA (1991) Theory of Error-Correcting Codes. North Holland, Amsterdam Google Scholar
  22. 22.
    Maiorana E, Campisi P, Ortega-Garcia J, Neri A (2008) Cancelable biometrics for HMM-based signature recognition. In: IEEE Conference on Biometrics: Theory, Applications and Systems (BTAS) Google Scholar
  23. 23.
    Nandakumar K (2008) Multibiometric systems: fusion strategies and template security. Phd thesis, Department of Computer Science and Engineering, Michigan State University Google Scholar
  24. 24.
    Nandakumar K, Jain AK (2008) Multibiometric template security using fuzzy vault. In: IEEE Second International Conference on Biometrics: Theory, Applications and Systems Google Scholar
  25. 25.
    National Institute of Science and Technology (NIST) (2005) Face recognition grand challenge.
  26. 26.
    National Institute of Science and Technology (NIST) (2005) Iris challenge evaluation.
  27. 27.
  28. 28.
    Petrovska-Delacrétaz D, Chollet G, Dorizzi B (eds) (2009) Guide to Biometric Reference Systems and Performance Evaluation. Springer, Berlin Google Scholar
  29. 29.
    Ratha NK, Chikkerur S, Connell JH, Bolle RM (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):561–572. doi: 10.1109/TPAMI.2007.1004 CrossRefGoogle Scholar
  30. 30.
    Ross AA, Nandakumar K, Jain AK (2006) Handbook of Multibiometrics. International Series on Biometrics. Springer, Berlin Google Scholar
  31. 31.
    Stoianov A (2010) Security of error correcting code for biometric encryption (critical note). In: Eighth Annual International Conference on Privacy, Security and Trust Google Scholar
  32. 32.
    Sutcu Y, Li Q, Memon N (2007) Secure biometric templates from fingerprint-face features. In: IEEE Conference on Computer Vision and Pattern Recognition, pp 1–6. doi: 10.1109/CVPR.2007.383385 Google Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  • Sanjay Kanade
    • 1
  • Dijana Petrovska-Delacrétaz
    • 1
  • Bernadette Dorizzi
    • 1
  1. 1.TELECOM SudParis, CNRS SAMOVAR UMR 5157, Départment Electronique et PhysiqueMINES TELECOMEvryFrance

Personalised recommendations