Abstract
With the widespread development of biometrics, concerns about security and privacy are increasing. In biometrics, template protection technology aims to protect the confidentiality of biometric templates (i.e., enrolled biometric data) by certain conversion. The fuzzy commitment scheme gives a practical way to protect biometric templates using a conventional error-correcting code. The scheme has both concealing and binding of templates, but it has some privacy problems. Specifically, in case of successful matching, stored biometric templates can be revealed. To address such problems, we improve the scheme. Our improvement is to coat with two error-correcting codes. In particular, our scheme can conceal stored biometric templates even in successful matching. Our improved scheme requires just conventional error-correcting codes as in the original scheme, and hence it gives a practical solution for both template security and privacy of biometric templates.
A part of this research was done when the first author belonged to Fujitsu Laboratories Ltd.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Homomorphic encryption is encryption with additional property that it can support operations on encrypted data (without decryption). In other words, this encryption enables certain meaningful operations while preserving the confidentiality of data.
- 2.
The original fuzzy commitment is vulnerable against statistical attack (e.g., see [21] for iris-biometric case) since biometric feature vectors are non-uniform in general. Then we need to consider the security of our scheme in case that biometric feature vectors are non-uniform. But we do not discuss this here due to space restriction.
- 3.
In the e-sketch protocol, templates can be revoked by changing keys for encryption and decryption. On the other hand, both the original fuzzy commitment scheme and ours require no keys for authentication. Therefore it is possible for an attacker to recover biometric data by generating biometric data similar to stored templates permanently.
References
Belguechi, R., Alimi, V., Cherrier, E., Lacharme, P., Rosenberger, C.: An overview on privacy preserving biometrics. In: Yang, J. (ed.) Recent Application in Biometrics. InTech, Croatia (2011)
Blahut, R.E.: Algebraic Codes on Lines, Planes, and Curves: An Engineering Approach. Cambridge University Press, Cambridge (2008)
Daugman, J.: High confidence visual recognition of persons by a test of statistical independence. IEEE Trans. Pattern Anal. Mach. Intell. 15(11), 1148–1161 (1993)
Daugman, J.: The importance of being random: statistical principles of iris recognition. Pattern Recogn. 36(2), 279–291 (2003)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). Full version in SIAM Journal on Computing, 38 (1), 97–139 (2008)
Failla, P., Sutcu, Y., Barni, M.: Esketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics. In: Proceedings of the 12th ACM Workshop on Multimedia and Security, pp. 241–246. ACM (2010)
Fujitsu Laboratories Ltd.: Press release: Fujitsu develops world’s first authentication technology to extract and match 2,048-bit feature codes from palm vein images (2013), http://www.fujitsu.com/global/news/pr/archives/month/2013/20130805-01.html
Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006)
Hoang, T., Choi, D., Nguyen, T.: Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme. Int. J. Inf. Secur. 14(6), 1–12 (2015)
Ignatenko, T., Willems, F.M.: On privacy in secure biometric authentication systems. In: IEEE International Conference on Acoustics, Speech and Signal Processing–ICASSP, vol. 2, pp. 121–124 (2007)
Ignatenko, T., Willems, F.M.: Information leakage in fuzzy commitment schemes. IEEE Trans. Inf. Forensics Secur. 5(2), 337–348 (2010)
Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP J. Adv. Signal Process. 2008, 113:1–113:17 (2008). http://dx.doi.org/10.1155/2008/579416
Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 28–36. ACM (1999)
Maltoni, D., Maio, D., Jain, A.K., Prabhakar, S.: Handbook of fingerprint recognition, 2nd edn. Springer, Heidelberg (2009)
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. DSN Prog. Rep. 42(44), 114–116 (1978)
Moon, T.K.: Error correction coding. Mathematical Methods and Algorithms. Wiley, Hoboken (2005)
Nandakumar, K., Nagar, A., Jain, A.K.: Hardening fingerprint fuzzy vault using password. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 927–937. Springer, Heidelberg (2007)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Pandey, J., Ojha, D., Sharma, A.: Enhance fuzzy commitment scheme: an approach for post quantum cryptosystem. J. Appl. Theor. Inf. Technol. 9, 16–19 (2005)
Rathgeb, C., Uhl, A.: Statistical attack against iris-biometric fuzzy commitment schemes. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops–CVPRW, pp. 23–30 (2011)
Rathgeb, C., Uhl, A., Wild, P.: Iris-biometric fuzzy commitment schemes under image compression. In: Ruiz-Shulcloper, J., Sanniti di Baja, G. (eds.) CIARP 2013, Part II. LNCS, vol. 8259, pp. 374–381. Springer, Heidelberg (2013)
Sutcu, Y., Sencar, H.T., Memon, N.: A secure biometric authentication scheme based on robust hashing. In: Proceedings of the 7th Workshop on Multimedia and Security, pp. 111–116. ACM (2005)
Teoh, A.B., Goh, A., Ngo, D.C.: Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs. IEEE Trans. Pattern Anal. Mach. Intell. 28(12), 1892–1901 (2006)
U.S. Department of Homeland Security: Privacy impact assessment for the biometric storage system (28 March 2007)
Zhou, X., Kevenaar, T.A., Kelkboom, E., Busch, C., Veen, M., Nouak, A.: Privacy enhancing technology for a 3D-face recognition system. BIOSIG 108(2), 3–14 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Yasuda, M., Shimoyama, T., Abe, N., Yamada, S., Shinzaki, T., Koshiba, T. (2016). Privacy-Preserving Fuzzy Commitment for Biometrics via Layered Error-Correcting Codes. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds) Foundations and Practice of Security. FPS 2015. Lecture Notes in Computer Science(), vol 9482. Springer, Cham. https://doi.org/10.1007/978-3-319-30303-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-30303-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30302-4
Online ISBN: 978-3-319-30303-1
eBook Packages: Computer ScienceComputer Science (R0)