Professional Documents
Culture Documents
Abstract—Authentication is a fundamental issue to any trust- overcomes the main shortcomings inherent in the use of
oriented computing system and also a critical part in many secu- passwords and smartcards.
rity protocols. Performing authentication is notoriously difficult. Biometrics is a technology which uses physiological or
Biometrics has been widely used and adopted as a promising
authentication method due to its advantages over some existing behavioral characteristics to identify or verify a person. Typical
methods, particularly, its resistance to losses incurred by theft of characteristics used for authentication include fingerprint, face,
passwords and smart cards. However, biometrics introduces its and iris. A conventional biometric authentication system con-
own challenges, such as being irreplaceable once compromised. sists of two phases: enrollment and verification (Fig 1). During
Moreover, the use of biometrics introduces privacy concern. the enrollment phase, a biometric feature set is extracted from
In this paper, we propose a simple yet effective biometrics-
based authentication solution. The proposed approach introduces user’s biometric data and a template is created and stored.
new constructs - Reference Subject and Biometric Capsule, During the verification phase, the same feature extraction
and stores the “difference” (called Biometric Capsule) between algorithm is applied to query biometric data, and the resulting
the user and the Reference Subject for authentication without query feature set is used to construct a query template. The
revealing a user’s original biometric information. This approach query template is matched against the stored template(s) for
supports replaceability and protect users’ privacy. Moreover,
the proposed approach creates more advantages: (a) being user- authentication.
friendly without any additional burden on users and possessing (QUROOPHQW 9HULILFDWLRQ
(or extract a reference feature set from a Reference Subject) • Chebyshev Distance (CD):
and computes the difference between the user’s feature set and
CD(~p,~q) = maxi |pi − qi | (6)
the reference feature set, then from the difference generates a
Bio-Capsule to uniquely represent the enrolling user (as shown Thus, the proposed approach computes the difference (mea-
in Fig 2). In the verification phase, a query biometric feature sured by AVC, RVC or REC) of user biometric feature set and
set from a user and the same reference feature set are used to reference feature set, then uses the difference to construct the
generate a query Bio-Capsule which is compared against the Bio-Capsule. If the distance (measured by ED, MD or CD) of
registered Bio-Capsule. If the registered Bio-Capsule and the enrolling Bio-Capsule and query Bio-Capsule is within pre-
query Bio-Capsule are within a certain distance, the user is selected threshold, the user is authenticated.
successfully authenticated (Fig 2).
B. Justification
Enrollment Verification
To justify the proposed approach, we compare the proposed
User Feature User Feature
Extraction Extraction approach with conventional biometric authentication methods.
User Data
Acquisition Bio-Capsule
Bio-Capsule Bio-Capsule
Bio-Capsule
User Data
Acquisition
In conventional biometric authentication, user u provides his
Generation Generation
biometric data uD , from which feature set uF is extracted. For
authentication, from query biometric data uD feature set uF is
RS Feature RS Feature 0 0
Bio-Capsule
Extraction Matcher Extraction
Reference Subject (RS)
Decision
extracted. If Eq. 7 is true, the user is authenticated.
Data Acquisition
0
DIS(uF , uF ) < thresh (7)
Fig. 2: Proposed Reference Subject feature-based authentica-
tion In comparison, the proposed approach computes the dis-
Assume user feature f = ( f1 , · · · , fm ) and reference feature tance of enrolling Bio-Capsule uBC = BC(uF , RSF ) and query Bio-
Capsule uBC = BC(uF , RSF ).
0 0
DIS(uF , uF ) = (9)
• Relative-Value-Comparison (RVC): the difference is for- q n
mulated by ∑nj=1 ∑m
0
i=1 (u f ( j, i) − u f ( j, i))
2
=
n
c( f (i), g(i)) = a, (2) f −g
From Eq. 1, BC( f , g) ≈ Th , where T h is the selected
2a − 1 f (i) − g(i) 2a + 1
if Th < ≤ T h, threshold. Then
2 avg( f (i), g(i)) 2
0
0 ∑nj=1 ED(uBC ( j), uBC ( j))
where a ∈ {−N, · · · , −1, 0, 1, · · · , N}, 1 ≤ i ≤ m, and avg is the DIS(uBC , uBC ) = (10)
n
average. 0
u ( j,i)−RS f ( j,i) u f ( j,i)−RS f ( j,i)
∑nj=1 ED( f Th , Th )
• Relative-Entropy-Comparison (REC): a measure of the =
n
difference between two probability distributions f and g, = DIS(uF , uF )/T h
0
f (i)
c( f , g) = ∑ f (i) log . (3) • Case 2: C is measured by RVC, and DIS is measured using
i g(i)
MD. Then ∑nj=1 MD(uF ( j), uF ( j))
0
0
I(uF ; uCLS ) = H(uF ) − H(uF |uCLS ) (13) IV. E NHANCED CAPABILITY OF THE NEW APPROACH IN A
N ON -T RUST M ODEL
The higher I(uF ; uCLS ) implies greater relevance of uF to uCLS .
One of the primary advantages of the proposed approach is
The conditional information loss of uF on a class uCLS is
that it fits for different security requirements and application
defined as indicative of how much information uF gives about
environments. From Fig. 1 and Fig. 2, it is clear that the new
uCLS :
approach can be directly used in the conventional biometric
ILoss(uF |uCLS ) = 1 − 2−I(u ;u ) F
(14)
CLS
authentication model in which the CA is allowed to completely
Intuitively, it can be seen that: 1) a more relevant feature know and fully control users’ biometric information. Further-
reveals more about a class; and 2) a less relevant feature more, utilization of BC allows the deployment of the proposed
indicates less about a class. approach in not-fully trusted environments. In this section, we
It is considered as a challenging open problem to find briefly present one system design which demonstrates such an
quantitative means to measure the success probability of smart advantage.
attacks against biometric data and also to determine the exact
A. Model and Objectives
information loss of the biometric data [16]. Thus, we prove
the enhanced security of proposed approach by comparing to In the non-trust model, there are two entities: a non-trusted
conventional biometric authentication as follows. CA and users. By non-trust, the CA is stipulated as some party
In conventional biometric authentication, for higher authen- who is kept away from users’ true biometric data. Here users
tication accuracy, it is necessary that each user’s feature set are individuals to be authenticated.
uniquely represents the user, thus user u’s feature set uF is The design objectives in this model are as follows:
more relevant to his own class uCLS than other users’ classes. • Service: users can register to the system, be authenticated
However, a more relevant feature set implies high information by the CA, and unsubscribe from the system at any time.
• Security and privacy: no information is learned by any Further, the user needs not worry about his information being
non-legitimate or un-intended party; compromised infor- further misused, since no real biometric data is recorded, and
mation will not infringe upon users’ biometric data. In the stored Bio-Capsule reveals nothing about a user’s true
particular, the CA does not know users’ original biometric biometric data.
data. It is worthy to mention that a secure channel between the
user and the authentication server can be set up if needed, such
B. Secure Multiple Party Computation (SMPC)
as via a public key cryptosystem, to keep the confidentiality
Secure Multiple Party Computation (SMPC) is described as and integrity of messages transferred between them.
a problem in which people are jointly conducting computation From the above description, it can be seen that by incorpo-
tasks based on the private inputs they each supply; however rating secure two-party computation, the proposed approach
each person wants to keep his inputs from being known by can be easily used in non-trust environments.
others. SMPC has been intensively studied and some good
approaches have been proposed [10], [20]. SMPC, especially, V. E XPERIMENTAL R ESULTS AND A NALYSIS
Secure Two-Party Computation (STPC) will be utilized in this We apply the proposed approach on practical iris data. The
model. As a result, a user’s real biometric information will not implementation essentially includes two stages: enrollment
be revealed to the CA but the CA can compute the user’s BC and verification, and three sections: feature extraction, Bio-
for storage during enrollment and the BC for authentication Capsule generation, and Bio-Capsule matching. The feature
during verification. extraction mainly come from our recent work [2] which is a
C. Non-trusted Model Design well-performed non-cooperative iris recognition method. This
method works with both frontal and off-angle iris images with
The system design in this model includes three components: low-resolution.
enrollment, verification (as shown in Fig 3), and revocation . The experiments were conducted on an IUPUI Remote Iris
Image Database. The average iris radius of the video images
User CA in the database is 95 pixels. In this experiment, for each iris
1. Reg/Ver: uID
2. uF = extract(uD); 2. RSF = extract(RSD); six classifications of angle, frontal look, left look, right look,
3. uF 3.RSF 5. Store uBC for enrollment
(Or match uBC against stored
up-left look, up look and up-right look (e.g. Fig 4), were used.
STPC
4. uBC Bio-Capsule for verification) The total number of images used was 3,707 which includes
STPC: Secure Two-Party Computation both left and right eyes from 31 subjects.
1) Enrollment:
• Step 1: user u starts enrollment by sending CA an enroll-
ment request containing his identity: (a) Look Left (b) Look Center (c) Look Right
u → CA: Reg : uID .
• Step 2: user u and CA acquire biometric data uD and RSD
and extract the feature sets uF and RSF respectively.
• Step 3 and 4: user u and CA conduct a STPC on feature
sets to compute uBC = c(uF , RSF ).
• Step 5: upon receipt of uBC , the CA stores it as the Bio- (d) Look Up-left (e) Look Up (f) Look Up-right
Capsule for u. Fig. 4: IUPUI remote iris image database: multiple angles
2) Verification:
• Step 1: u initiates a verification process by sending the CA The performance of the system is measured by equal error
a verification request containing his identity: rate (EER), false accept rate (FAR) and false reject rate (FRR).
u → CA: Ver : uID . In this experiment, 10 reference feature sets are randomly gen-
• Step 2: user u and CA acquire biometric feature set uF and
0
erated. For each reference feature set, 3,707 images are used
RSF respectively.
0
for both enrollment and verification. The genuine verifications
• Step 3 and 4: user u and CA conduct the STPC to compute are from the same eye; the impostors are the verification results
uBC = c(uD , RSD ) .
0 0 0
from different eyes.
• Step 5: CA compares the uBC from Step 4 and uBC acquired
0
Fig 5 shows ROC curves of applying the proposed approach
in enrollment stage. If they are the within a pre-specified on frontal look eyes (we get similar results on other-look eyes,
threshold, u is authenticated. thus omitted). Here, each curve is obtained by varying the
3) User Revocation: A user can always be revoked from the threshold of the proposed approach. These three curves are
system and our approach is very efficient in such a scenario. obtained by enrolling using different reference feature sets;
The CA can simply abandon the user’s record in its database. and we get a rather stable result.
1
to generate a new Biometric Capsule by composing multiple
0.98 Biometric Capsules are some interesting yet challenging issues
0.96 which will be investigated further.
GAR
0.94
enrolling using Reference feature set 1 R EFERENCES
0.92 enrolling using Reference feature set 2
enrolling using Reference feature set 3 [1] Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. Fuzzy extractors: How
0.9 −3
10 10
−2 −1
10 to generate strong keys from biometrics and other noisy data. SIAM
FAR Journal on Computing, 38:97–139, 2008.
[2] Y. Du, C. Belcher, and Z. Zhou. Scale invariant gabor descriptor-
Fig. 5: IUPUI remote database frontal look eyes accuracy based noncooperative iris recognition. EURASIP J. Adv. Signal Process,
2010:37:1–37:10, February 2010.
[3] C. Gentry, P. Mackenzie, and Z. Ramzan. Password authenticated
key exchange using hidden smooth subgroups. In Proceedings of the
The following experimental result shows that in terms 12th ACM conference on Computer and communications security (ACM
of accuracy the proposed approach is comparable to and CCS’05), pages 299–311, 2005.
[4] V. Govindaraju, V. Chavan, and S. Chikkerur. Biometric convolution
outperforms conventional biometric approaches including 1- using multiple biometrics. Google Patents, 2005.
D Log Gabor, the Regional SIFT and the Gabor Descriptor. [5] F. Hao, R. Anderson, and J. Daugman. Combining crypto with
Table I shows the EER results (the lower, the better) on all- biometrics effectively. IEEE Transactions on Computers, 55(9):1081–
1088, 2006.
look eyes from IUPUI database. Due to the error- and noisy- [6] A. Jain, K. Nandakumar, and A. Nagar. Biometric template security.
prone feature collection process, there exists intrauser variance EURASIP Journal on Advances in Signal Processing, 2008:113:1–
of the within-class biometric templates; that is, biometric data 113:17, 2008.
[7] A. Jain, S. Pankanti, S. Prabhakar, L. Hong, A. Ross, and J. Wayman.
collected from the same person but at different context are not Biometrics: a grand challenge. In Proceedings of the 17th International
exactly same, therefore the generated templates from those Conference on Pattern Recognition, pages 935–942, 2004.
instable data are not exactly matched. Thus, conventional [8] A. Juels and M. Sudan. A fuzzy vault scheme. Designs, Codes and
Cryptography, 38:237–257, 2006.
biometric authentication is mainly focused on better tolerance [9] Y. Lee, K. Park, S. Lee, K. Bae, and J. Kim. A new method
of the within-class variance of biometric templates while for generating an invariant iris private key based on the fuzzy vault
discriminating between-class distance, which could be very system. IEEE Transactions on Systems, Man, and Cybernetics, Part B:
Cybernetics, 38(5):1302–1313, 2008.
challenging. Considering such intrauser variance or instability [10] Y. Lindell and B. Pinkas. An efficient protocol for secure two-party
of biometric templates, Bio-Capsules could become an al- computation in the presence of malicious adversaries. In Advances in
ternative. Since the Bio-Capsules/“difference” could be more Cryptology - EUROCRYPT 2007, 4515:52–78, 2007.
[11] E. Maiorana, P. Campisi, J. Fierrez, J. Ortega-Garcia, and A. Neri.
stable compared to conventional biometric templates, which Cancelable templates for sequence-based biometrics with application to
will leads to improved performance. Our experimental results on-line signature recognition. IEEE Transactions on Systems, Man and
validate such improvements. Cybernetics, Part A: Systems and Humans, 40(3):525–538, 2010.
[12] N. Ratha, S. Chikkerur, J. Connell, and R. Bolle. Generating cancelable
fingerprint templates. IEEE Transactions on Pattern Analysis and
Machine Intelligence, 29(4):561–572, 2007.
TABLE I: IUPUI remote database accuracy (EER) results [13] N. Ratha, J. Connell, and R. Bolle. Enhancing security and privacy in
Classes Regional SIFT Gabor Descriptor Proposed Method biometrics-based authentication systems. IBM System Journal, 40:614–
Center 0.0350 0.0273 0.0209 634, 2001.
Left 0.0454 0.0214 0.0154 [14] F.M. Reza. An Introduction to Information Theory. Dover, New York,
Right 0.0454 0.0162 0.0155 2010.
Up-Right 0.0567 0.0540 0.0320 [15] M. Savvides, B. Kumar, and P. Khosla. Cancelable biometric filters for
Up-Left 0.0610 0.0492 0.0324 face recognition. In Pattern Recognition, 2004. ICPR 2004. Proceedings
Up 0.1392 0.1251 0.1008 of the 17th International Conference on, volume 3, pages 922–925, 2004.
[16] Y. Sutcu, Q. Li, and N. Memon. Protecting biometric templates
with sketch: Theory and practice. IEEE Transactions on Information
Forensics and Security, 2(3):503–512, 2007.
VI. C ONCLUSIONS [17] Y. Sutcu, Q. Li, and N. Memon. Secure biometric templates from
fingerprint-face features. Computer Vision and Pattern Recognition,
In this paper, we proposed a new biometrics-based au- IEEE Computer Society Conference on, 0:1–6, 2007.
thentication approach. The proposed approach derives fuzzy [18] K. Takahashi, S. Hirata, H. Hino, and M. Mimura. Method, system
data from user’s and Reference Subject’s biometric informa- and program for authenticating a user by biometric information. Google
Patents, 2007.
tion, and from these fuzzy data generates a Bio-Capsule for [19] K. Takahashi and S. Hitachi. Generating provably secure cancelable
authentication. Security analysis shows that the approach is fingerprint templates based on correlation-invariant random filtering.
secure and privacy-preserving and experimental results on iris In Proceedings of IEEE 3rd International Conference on Biometrics:
Theory, Applications, and Systems, pages 1–6, 2009.
and complexity analysis show that the proposed approach [20] A. Yao. Protocols for secure computations. In Proceedings of 23rd
is comparable to conventional biometric authentication ap- Annual Symposium on Foundations of Computer Science, pages 160–
proaches. We will continue to study and test the properties 164, 1982.
and efficiencies of the proposed approach and also extend our
study to other biometrics, e.g., evaluate the performance of
three proposed Biometric Capsule Computation methods on
face, fingerprint, etc. How to enhance the system security and
scalability by employing multiple Reference Subjects and how