EURASIP Journal on Advances in Signal Processing
Volume 2008 (2008), Article ID 579416, 17 pages
doi:10.1155/2008/579416
Review Article

Biometric Template Security

Anil K. Jain, Karthik Nandakumar, and Abhishek Nagar

Department of Computer Science and Engineering, Michigan State University, 3115 Engineering Building, East Lansing, MI 48824, USA

Received 2 July 2007; Revised 28 September 2007; Accepted 4 December 2007

Academic Editor: Arun Ross

Copyright © 2008 Anil K. Jain et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. A. K. Jain, A. Ross, and S. Pankanti, “Biometrics: a tool for information security,” IEEE Transactions on Information Forensics and Security, vol. 1, no. 2, pp. 125–143, 2006.
  2. C. Roberts, “Biometric attack vectors and defences,” Computers and Security, vol. 26, no. 1, pp. 14–25, 2007.
  3. M1.4 Ad Hoc Group on Biometric in E-Authentication, “Study report on biometrics in E-authentication,” Tech. Rep. INCITS M1/07-0185rev, Toronto, Ontario, Canada, August 2007.
  4. I. Buhan and P. Hartel, “The state of the art in abuse of biometrics,” Tech. Rep. TR-CTIT-05-41, December 2005.
  5. A. K. Jain, A. Ross, and U. Uludag, “Biometric template security: challenges and solutions,” in Proceedings of the European Signal Processing Conference (EUSIPCO '05), Antalya, Turkey, September 2005.
  6. B. Cukic and N. Bartlow, “Biometric system threats and countermeasures: a risk based approach,” in Proceedings of the Biometric Consortium Conference (BCC '05), Crystal City, Va, USA, September 2005.
  7. K. Ishikawa, Guide to Quality Control, Nordica International, Tokyo, Japan.
  8. A. Ross, K. Nandakumar, and A. K. Jain, Handbook of Multibiometrics, Springer, Berlin, Germany, 2006.
  9. Biometric System Laboratory - University of Bologna, “FVC2006: the 4th international fingerprint verification competition,” 2006, http://bias.csr.unibo.it/fvc2006/default.asp.
  10. C. Wilson, A. R. Hicklin, M. Bone, et al., “Fingerprint vendor technology evaluation 2003: summary of results and analysis report,” Tech. Rep. NISTIR 7123, June 2004.
  11. P. J. Phillips, W. T. Scruggs, A. J. Ó Toole, et al., “FRVT 2006 and ICE 2006 large-scale results,” Tech. Rep. NISTIR 7408, 2007.
  12. M. Przybocki and A. Martin, “NIST speaker recognition evaluation chronicles,” in Proceedings of Odyssey: The Speaker and Language Recognition Workshop, pp. 12–22, Toledo, Spain, May 2004.
  13. N. K. Ratha, J. H. Connell, and R. M. Bolle, “An analysis of minutiae matching strength,” in Proceedings of the 3rd International Conference on Audio- and Video-Based Biometric Person Authentication (AVBPA '01), pp. 223–228, Halmstad, Sweden, June 2001.
  14. T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino, “Impact of artificial “gummy” fingers on fingerprint systems,” in Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 of Proceedings of SPIE, pp. 275–289, San Jose, Calif, USA, January 2002.
  15. T. Matsumoto, M. Hirabayashi, and K. Sato, “A vulnerability evaluation of iris matching (part 3),” in Proceedings of the Symposium on Cryptography and Information Security (SCIS '04), pp. 701–706, Iwate, Japan, January 2004.
  16. W. R. Harrison, Suspect Documents, Their Scientific Examination, Nelson-Hall, Chicago, Ill, USA, 1981.
  17. A. Eriksson and P. Wretling, “How flexible is the human voice? A case study of mimicry,” in Proceedings of the European Conference on Speech Technology (Eurospeech '97), pp. 1043–1046, Rhodes, Greece, September 1997.
  18. S. T. V. Parthasaradhi, R. Derakhshani, L. A. Hornak, and S. A. C. Schuckers, “Time-series detection of perspiration as a liveness test in fingerprint devices,” IEEE Transactions on Systems, Man and Cybernetics Part C, vol. 35, no. 3, pp. 335–343, 2005.
  19. A. Antonelli, R. Cappelli, D. Maio, and D. Maltoni, “Fake finger detection by skin distortion analysis,” IEEE Transactions on Information Forensics and Security, vol. 1, no. 3, pp. 360–373, 2006.
  20. D. R. Setlak, “Fingerprint sensor having spoof reduction features and related methods,” 1999, US patent no. 595344.
  21. K. A. Nixon and R. K. Rowe, “Multispectral fingerprint imaging for spoof detection,” in Biometric Technology for Human Identification II, vol. 5779 of Proceedings of SPIE, pp. 214–225, Orlando, Fla, USA, March 2005.
  22. J. Li, Y. Wang, T. Tan, and A. K. Jain, “Live face detection based on the analysis of fourier spectra,” in Biometric Technology for Human Identification, vol. 5404 of Proceedings of SPIE, pp. 296–303, Orlando, Fla, USA, April 2004.
  23. K. Kollreider, H. Fronthaler, and J. Bigun, “Evaluating liveness by face images and the structure tensor,” in Proceedings of the 4th IEEE Workshop on Automatic Identification Advanced Technologies (AUTO ID '05), pp. 75–80, Buffalo, NY, USA, October 2005.
  24. H.-K. Jee, S.-U. Jung, and J.-H. Yoo, “Liveness detection for embedded face recognition system,” International Journal of Biomedical Sciences, vol. 1, no. 4, pp. 235–238, 2006.
  25. J. Daugman, “Recognizing persons by their iris patterns,” in Biometrics: Personal Identification in Networked Society, A. K. Jain, R. Bolle, and S. Pankanti, Eds., pp. 103–122, Kluwer Academic Publishers, London, UK, 1999.
  26. E. C. Lee, K. R. Park, and J. Kim, “Fake iris detection by using purkinje image,” in Proceedings of International Conference on Advances in Biometrics (ICB '06), vol. 3832 of Lecture Notes in Computer Science, pp. 397–403, Hong Kong, 2006.
  27. A. Juels, D. Molnar, and D. Wagner, “Security and privacy issues in E-passports,” in Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, (SecureComm '05), pp. 74–88, Athens, Greece, September 2005.
  28. P. Syverson, “A taxonomy of replay attacks,” in Proceedings of the Computer Security Foundations Workshop (CSFW '97), pp. 187–191, Franconia, NH, USA, June 1994.
  29. A. Adler, “Vulnerabilities in biometric encryption systems,” in Proceedings of the 5th International Conference on Audio- and Video-Based Biometric Person Authentication (AVBPA '05), vol. 3546 of Lecture Notes in Computer Science, pp. 1100–1109, Hilton Rye Town, NY, USA, July 2005.
  30. K. Lam and D. Gollmann, “Freshness assurance of authentication protocols,” in Proceedings of the European Symposium on Research in Computer Security (ESORICS '92), pp. 261–272, Toulouse, France, 1992.
  31. K. Lam and T. Beth, “Timely authentication in distributed systems,” in Proceedings of the European Symposium on Research in Computer Security (ESORICS '92), vol. 648, pp. 293–303, Toulouse, France, 1992.
  32. R. M. Bolle, J. H. Connell, and N. K. Ratha, “Biometric perils and patches,” Pattern Recognition, vol. 35, no. 12, pp. 2727–2738, 2002.
  33. R. Seacord, Secure Coding in C and C++, Addison-Wesley, Reading, Mass, USA, 2005.
  34. A. Ross, J. Shah, and A. K. Jain, “From template to image: reconstructing fingerprints from minutiae points,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 544–560, 2007.
  35. R. Cappelli, A. Lumini, D. Maio, and D. Maltoni, “Fingerprint image reconstruction from standard templates,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 9, pp. 1489–1503, 2007.
  36. A. Adler, “Images can be regenerated from quantized biometric match score data,” in Proceedings of the Canadian Conference on Electrical and Computer Engineering, vol. 1, pp. 469–472, Niagara Falls, Ontario, Canada, May 2004.
  37. A. K. Jain, R. Bolle, and S. Pankanti, Eds., Biometrics: Personal Identification in Networked Society, A. K. Jain, R. Bolle, and S. Pankanti, Eds., Kluwer Academic Publishers, Dordrecht, The Netherlands, 1999.
  38. A. K. Jain and S. Pankanti, “A touch of money,” IEEE Spectrum, vol. 43, no. 7, pp. 22–27, 2006.
  39. D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition, Springer, Berlin, Germany, 2003.
  40. U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, “Biometric cryptosystems: issues and challenges,” Proceedings of the IEEE, vol. 92, no. 6, pp. 948–960, 2004.
  41. A. Cavoukian and A. Stoianov, “Biometric encryption: a positive-sum technology that achieves strong authentication, security and privacy,” March 2007.
  42. A. Vetro and N. Memon, “Biometric system security,” in Proceedings of the 2nd International Conference on Biometrics, Seoul, South Korea, August 2007.
  43. T. E. Boult, W. J. Scheirer, and R. Woodwork, “Revocable fingerprint biotokens: accuracy and security analysis,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR '97), pp. 1–8, Minneapolis, Minn, USA, June 2007.
  44. C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. V. K. V. Kumar, “Biometric Encrpytion,” in ICSA Guide to Cryptography, R. K. Nichols, Ed., McGraw Hill, New York, NY, USA, 1999.
  45. K. Nandakumar, A. Nagar, and A. K. Jain, “Hardening fingerprint fuzzy vault using password,” in Proceedings of 2nd International Conference on Biometrics, pp. 927–937, Seoul, South Korea, August 2007.
  46. O. T. Song, A. B. J. Teoh, and D. C. L. Ngo, “Application-specific key release scheme from biometrics,” International Journal of Network Security, vol. 6, no. 2, pp. 127–133, 2008.
  47. A. B. J. Teoh, A. Goh, and D. C. L. Ngo, “Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 28, no. 12, pp. 1892–1901, 2006.
  48. P. N. Belhumeur, J. P. Hespanha, and D. J. Kriegman, “Eigenfaces versus fisherfaces: recognition using class specific linear projection,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 9, no. 7, pp. 711–720, 1997.
  49. C. S. Chin, A. T. B. Jin, and D. N. C. Ling, “High security iris verification system based on random secret integration,” Computer Vision and Image Understanding, vol. 102, no. 2, pp. 169–177, 2006.
  50. T. Connie, A. B. J. Teoh, M. Goh, and D. C. L. Ngo, “PalmHashing: a novel approach for cancelable biometrics,” Information Processing Letters, vol. 93, no. 1, pp. 1–5, 2005.
  51. M. Savvides and B. V. K. Vijaya Kumar, “Cancellable biometric filters for face recognition,” in Proceedings of the IEEE International Conference Pattern Recognition (ICPR '94), vol. 3, pp. 922–925, Cambridge, UK, August 2004.
  52. N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, “Generating cancelable fingerprint templates,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 561–572, 2007.
  53. Y. Sutcu, H. T. Sencar, and N. Memon, “A secure biometric authentication scheme based on robust hashing,” in Proceedings of the 7th Multimedia and Security Workshop (MM and Sec '05), pp. 111–116, New York, NY, USA, August 2006.
  54. A. B. J. Teoh, K.-A. Toh, and W. K. Yip, “2N discretisation of BioPhasor in cancellable biometrics,” in Proceedings of 2nd International Conference on Biometrics, pp. 435–444, Seoul, South Korea, August 2007.
  55. X. Boyen, “Reusable cryptographic fuzzy extractors,” in Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS '04), pp. 82–91, Washington, DC, USA, October 2004.
  56. A. Juels and M. Wattenberg, “A fuzzy commitment scheme,” in Proceedings of 6th ACM Conference on Computer and Communications Security (ACM CCS '99), pp. 28–36, Singapore, November 1999.
  57. J. L. Carter and M. N. Wegman, “Universal classes of hash functions,” Journal of Computer and System Sciences, vol. 18, no. 2, pp. 143–154, 1979.
  58. A. Juels and M. Sudan, “A fuzzy vault scheme,” in Proceedings of the IEEE International Symposium on Information Theory, p. 408, Piscataway, NJ, USA, June-July 2002.
  59. P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G.-J. Schrijen, A. M. Bazen, and R. N. J. Veldhuis, “Practical biometric authentication with template protection,” in Proceedings of the 5th International Conference on Audio- and Video-Based Biometric Person Authentication (AVBPA '05), vol. 3546 of Lecture Notes in Computer Science, pp. 436–446, Hilton Rye Town, NY, USA, July 2005.
  60. S. C. Draper, A. Khisti, E. Martinian, A. Vetro, and J. S. Yedidia, “Using distributed source coding to secure fingerprint biometrics,” in Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP '07), vol. 2, pp. 129–132, Honolulu, Hawaii, USA, April 2007.
  61. G. I. Davida, Y. Frankel, and B. J. Matt, “On enabling secure applications through off-line biometric identification,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 148–157, Oakland, Calif, USA, May 1998.
  62. F. Monrose, M. K. Reiter, and S. Wetzel, “Password hardening based on keystroke dynamics,” in Proceedings of the 6th ACM conference on Computer and Communications Security (ACM CCS '99), pp. 73–82, Singapore, November 1999.
  63. F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel, “Cryptographic key generation from voice,” in Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–213, Oakland, Calif, USA, May 2001.
  64. F. Hao, R. Anderson, and J. Daugman, “Combining crypto with biometrics effectively,” IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081–1088, 2006.
  65. E. J. C. Kelkboom, B. Gkberk, T. A. M. Kevenaar, A. H. M. Akkermans, and M. van der Veen, “3D face: biometric template protection for 3D face recognition,” in Proceedings of 2nd International Conference on Biometrics, pp. 566–573, Seoul, South Korea, August 2007.
  66. T. Clancy, D. Lin, and N. Kiyavash, “Secure smartcard-based fingerprint authentication,” in Proceedings of the ACM SIGMM Workshop on Biometric Methods and Applications, pp. 45–52, Berkley, Mich, USA, November 2003.
  67. S. Yang and I. Verbauwhede, “Automatic secure fingerprint verification system based on fuzzy vault scheme,” in Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP '05), vol. 5, pp. 609–612, Philadelphia, Pa, USA, March 2005.
  68. Y. Chung, D. Moon, S. Lee, S. Jung, T. Kim, and D. Ahn, “Automatic alignment of fingerprint features for fuzzy fingerprint vault,” in Proceedings of the 1st Conference on Information Security and Cryptology (CISC '05), vol. 3822 of Lecture Notes in Computer Science, pp. 358–369, Beijing, China, December 2005.
  69. U. Uludag and A. K. Jain, “Securing fingerprint template: fuzzy vault with helper data,” in Proceedings of the Conference on Computer Vision and Pattern Recognition Workshops (CVPRW '06), p. 163, New York, NY, USA, June 2006.
  70. A. Nagar and S. Chaudhury, “Biometrics based asymmetric cryptosystem design using modified fuzzy vault scheme,” in Proceedings of the 18th International Conference on Pattern Recognition (ICPR '06), vol. 4, pp. 537–540, Hong Kong, August 2006.
  71. Y. C. Feng and P. C. Yuen, “Protecting face biometric data on smartcard with reed-solomon code,” in Proceedings of the Conference on Computer Vision and Pattern Recognition Workshops (CVPRW '06), p. 29, New York, NY, USA, June 2006.
  72. Y. J. Lee, K. Bae, S. J. Lee, K. R. Park, and J. Kim, “Biometric key binding: fuzzy vault based on iris images,” in Proceedings of 2nd International Conference on Biometrics, pp. 800–808, Seoul, South Korea, August 2007.
  73. M. Freire-Santos, J. Fierrez-Aguilar, and J. Ortega-Garcia, “Cryptographic key generation using handwritten signature,” in Biometric Technology for Human Identification III, vol. 6202 of Proceedings of SPIE, pp. 225–231, Orlando, Fla, USA, April 2006.
  74. Y.-J. Chang, W. Zhang, and T. Chen, “Biometrics-based cryptographic key generation,” in Proceedings of the IEEE International Conference on Multimedia and Expo (ICME '04), vol. 3, pp. 2203–2206, Taipei, Taiwan, June 2004.
  75. C. Vielhauer, R. Steinmetz, and A. Mayerhöfer, “Biometric hash based on statistical features of online signatures,” in Proceedings of the International Conference on Pattern Recognition, vol. 1, pp. 123–126, Quebec, QC, Canada, August 2002.
  76. Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy extractors: how to generate strong keys from biometrics and other noisy data,” Tech. Rep. 235, February 2006.
  77. Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: how to generate strong keys from biometrics and other noisy data,” in Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology (EUROCRYPT '04), vol. 3027 of Lecture Notes in Computer Science, pp. 523–540, Interlaken, Switzerland, May 2004.
  78. Q. Li and E.-C. Chang, “Robust, short and sensitive authentication tags using secure sketch,” in Proceedings of the 8th Multimedia and Security Workshop (MM and Sec '06), pp. 56–61, Geneva, Switzerland, September 2006.
  79. Y. Sutcu, Q. Li, and N. Memon, “Protecting biometric templates with sketch: theory and practice,” IEEE Transactions on Information Forensics and Security, vol. 2, no. 3, pp. 503–512, 2007.
  80. I. Buhan, J. Doumen, P. Hartel, and R. Veldhuis, “Fuzzy extractors for continuous distributions,” in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS '07), pp. 353–355, Singapore, March 2007.
  81. A. Arakala, J. Jeffers, and K. J. Horadam, “Fuzzy extractors for minutiae-based fingerprint authentication,” in Proceedings of the 2nd International Conference on Biometrics, pp. 760–769, Seoul, South Korea, August 2007.
  82. E. C. Chang and S. Roy, “Robust extraction of secret bits from minutiae,” in Proceedings of 2nd International Conference on Biometrics, pp. 750–759, Seoul, South Korea, August 2007.
  83. X. Zhou, “Template protection and its implementation in 3D face recognition systems,” in Biometric Technology for Human Identification IV, vol. 6539 of Proceedings of SPIE, pp. 214–225, Orlando, Fla, USA, April 2007.
  84. Y. Sutcu, Q. Li, and N. Memon, “Secure biometric templates from fingerprint-face features,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR '07), Minneapolis, Minn, USA, June 2007.
  85. X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, “Secure remote authentication using biometric data,” in Proceedings of the 24th Annual International Conference on Advances in Cryptology (EUROCRYPT '06), vol. 3494 of Lecture Notes in Computer Science, pp. 147–163, Aarhus, Denmark, May 2005.
  86. I. R. Buhan, J. M. Doumen, P. H. Hartel, and R. N. J. Veldhuis, “Secure ad-hoc pairing with biometrics: SAfE,” in Proceedings of 1st International Workshop on Security for Spontaneous Interaction (IWSSI '07), pp. 450–456, Innsbruck, Austria, September 2007.
  87. D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K. Jain, “FVC2002: second fingerprint verification competition,” in Proceedings of the International Conference on Pattern Recognition, vol. 3, pp. 811–814, Quebec, QC, Canada, August 2002.
  88. A. Ross, A. K. Jain, and J. Reisman, “A hybrid fingerprint matcher,” Pattern Recognition, vol. 36, no. 7, pp. 1661–1673, 2003.
  89. A. K. Jain, L. Hong, and R. Bolle, “On-line fingerprint verification,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 19, no. 4, pp. 302–314, 1997.
  90. K. Nandakumar, A. K. Jain, and S. Pankanti, “Fingerprintbased fuzzy vault: implementation and performance,” IEEE Transactions on Information Forensics and Security, vol. 2, no. 4, pp. 744–757, 2007.
  91. E.-C. Chang, R. Shen, and F. W. Teo, “Finding the original point set hidden among chaff,” in Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS '06), pp. 182–188, Taipei, Taiwan, March 2006.
  92. W. J. Scheirer and T. E. Boult, “Cracking fuzzy vaults and biometric encryption,” in Proceedings of the Biometrics Symposium, Baltimore, Md, USA, September 2007.