A practical guide to biometric security technology

As organizations search for more secure authentication methods for user access, e-commerce. and other security applications, biometrics is gaining increasing attention. But should your company use biometrics? And, if so, which ones should you use and how do you choose them? There is no one best biometric technology. Different applications require different biometrics. To select the right biometric for your situation, you will need to navigate through some complex vendor products and keep an eye on future developments in technology and standards. Your options have never been more diverse. After years of research and development, vendors now have several products to offer. Some are relatively immature, having only recently become commercially available, but even these can substantially improve your company's information security posture. We briefly describe some emerging biometric technologies to help guide your decision making     

A fast feature selection technique in multi modal biometrics using cloud framework

Biometrics refers to the process that uses biological or physiological traits to identify individuals. The progress seen in technology and security has a vital role to play in Biometric recognition which is a reliable technique to validate individuals and their identity. The biometric identification is generally based on either their physical traits or their behavioural traits. The multimodal biometrics makes use of either two or more of the modalities to improve recognition. There are some popular modalities of biometrics that are palm print, finger vein, iris, face or fingerprint recognition. Another important challenge found with multimodal biometric features is the fusion, which could result in a large set of feature vectors. Most biometric systems currently use a single model for user authentication. In this existing work, a modified method of heuristics that is efficiently used to identify an optimal feature set that is based on a wrapper-based feature selection technique. The proposed method of feature selection uses the Ant Colony Optimization (ACO) and the Particle Swarm Optimization (PSO) are used to feature extraction and classification process utilizes the integration of face, and finger print texture patterns. The set of training images is converted to grayscale. The crossover operator is applied to generate multiple samples for each number of images. The wok proposed here is pre-planned for each weight of each biometric modality, which ensures that even if a biometric modality does not exist at the time of verification, a person can be certified to provide calculated weights the threshold value. The proposed method is demonstrated better result for fast feature selection in bio metric image authentication and also gives high effectiveness security.     

An introduction evaluating biometric systems

On the basis of media hype alone, you might conclude that biometric passwords will soon replace their alphanumeric counterparts with versions that cannot be stolen, forgotten, lost, or given to another person. But what if the actual performance of these systems falls short of the estimates? The authors designed this article to provide sufficient information to know what questions to ask when evaluating a biometric system, and to assist in determining whether performance levels meet the requirements of an application. For example, a low-performance biometric is probably sufficient for reducing-as opposed to eliminating-fraud. Likewise, completely replacing an existing security system with a biometric-based one may require a high-performance biometric system, or the required performance may be beyond what current technology can provide. Of the biometrics that give the user some control over data acquisition, voice, face, and fingerprint systems have undergone the most study and testing-and therefore occupy the bulk of this discussion. This article also covers the tools and techniques of biometric testing     

Dual-key-binding cancelable palmprint cryptosystem for palmprint protection and information security

Biometric cryptosystems and cancelable biometrics are both practical and promising schemes to enhance the security and privacy of biometric systems. Though a number of bio-crypto algorithms have been proposed, they have limited practical applicability because they lack of cancelability. Since biometrics are immutable, the users whose biometrics are stolen cannot use bio-crypto systems anymore. Cancelable biometric schemes are of cancelability; however, they are difficult to compromise the conflicts between the security and performance. By embedded a novel cancelable palmprint template, namely “two dimensional (2D) Palmprint Phasor”, the proposed palmprint cryptosystem overcomes the lack of cancelability in existing biometric cryptosystems. Besides, the authentication performance is enhanced when users have different tokens/keys. Furthermore, we develop a novel dual-key-binding cancelable palmprint cryptosystem to enhance the security and privacy of palmprint biometric. 2D Palmprint Phasor template is scrambled by the scrambling transformation based on the chaotic sequence that is generated by both the user's token/key and strong key extracted from palmprint. Dual-key-binding scrambling not only has more robustness to resist against chosen plain text attack, but also enhances the secure requirement of non-invertibility. 2D Palmprint Phasor algorithm and dual-key-binding scrambling both increase the difficulty of adversary's statistical analysis. The experimental results and security analysis confirm the efficiency of the proposed scheme.     

Face Templates Encryption Technique Based on Random Projection and Deep Learning

Cancellable biometrics is the solution for the trade-off between two concepts: Biometrics for Security and Security for Biometrics. The cancelable template is stored in the authentication system’s database rather than the original biometric data. In case of the database is compromised, it is easy for the template to be canceled and regenerated from the same biometric data. Recoverability of the cancelable template comes from the diversity of the cancelable transformation parameters (cancelable key). Therefore, the cancelable key must be secret to be used in the system authentication process as a second authentication factor in conjunction with the biometric data. The main contribution of this paper is to tackle the risks of stolen/lost/shared cancelable keys by using biometric trait (in different feature domains) as the only authentication factor, in addition to achieving good performance with high security. The standard Generative Adversarial Network (GAN) is proposed as an encryption tool that needs the cancelable key during the training phase, and the testing phase depends only on the biometric trait. Additionally, random projection transformation is employed to increase the proposed system’s security and performance. The proposed transformation system is tested using the standard ORL face database, and the experiments are done by applying different features domains. Moreover, a security analysis for the proposed transformation system is presented.     

Biometric template protection using cancelable biometrics and visual cryptography techniques

Wide spread use of biometric based authentication implies the need to secure biometric reference data. Various template protection schemes have been introduced to prevent biometric forgery and identity thefts. Cancelable biometrics and visual cryptography are two recent technologies introduced to address the concerns regarding privacy of biometric data, and to improve public confidence and acceptance of biometric systems. Cancelable biometrics is an important technique that allows generation of revocable biometric templates. As the number of biometric instances are limited and once compromised they are lost forever. Cancelable biometrics allows templates to be cancelled and revoked like passwords innumerable times. Recently, various approaches that utilize visual cryptography to secure the stored template and impart privacy to the central databases have been introduced. This work attempts to summarize the existing approaches in literature making use of these two technologies to protect biometric templates.     

ECB4CI: an enhanced cancelable biometric system for securing critical infrastructures

Physical access control is an indispensable component of a critical infrastructure. Traditional password-based methods for access control used in the critical infrastructure security systems have limitations. With the advance of new biometric recognition technologies, security control for critical infrastructures can be improved by the use of biometrics. In this paper, we propose an enhanced cancelable biometric system, which contains two layers, a core layer and an expendable layer, to provide reliable access control for critical infrastructures. The core layer applies random projection-based non-invertible transformation to the fingerprint feature set, so as to provide template protection and revocability. The expendable layer is used to protect the transformation key, which is the main weakness contributing to attacks via record multiplicity. This improvement enhances the overall system security, and undoubtedly, this extra security is an advantage over the existing cancelable biometric systems.     

Analyzing Enterprise Network Vulnerabilities

Abstract

Imagine you are an information security manager and your boss is asking: “How secure are our information systems? Is the security getting better or worse? How do you know that?” One thing is sure: if you do not have a good answer, your own job may not be secure. You could answer that you are monitoring intrusion attempts and investigating alarms, that you are updating the anti-virus software on a regular basis and applying software patches on a timely basis, but that was not the question. Your boss wants to know not only whatyou have done to lower the risk, but how effective you have been. It is all about process, measurements, and trend monitoring.¹     

An iris biometric system for public and personal use

Much work in the emerging field of biometrics has focused on identification applications. Biometrics offers the means to identify individuals without requiring that they carry ID cards and badges or memorize passwords. A leading concern in the development of such applications, however, is how to avoid rejecting valid users or approving imposters. The iris of the eye may provide a solution by offering a much more discriminating biometric than fingerprint or face recognition. The authors have designed and implemented an iris biometric system for personal electronic identification. Further, their system solves problems associated with public use devices such as automated teller machines, where habituated use is not the norm. The system also addresses personal-use arenas, such as home banking, and other Internet and network applications, such as secure business logons. The article describes the public- and personal-use systems, as well as relating statistical analysis and field trials to gauge the effectiveness of their system     

Biometric recognition: security and privacy concerns

Biometrics offers greater security and convenience than traditional methods of personal recognition. In some applications, biometrics can replace or supplement the existing technology. In others, it is the only viable approach. But how secure is biometrics? And what are the privacy implications?.     

A review on performance,security and various biometric template protection schemes for biometric authentication systems

Identifying a person based on their behavioral and biological qualities in an automated manner is called biometrics. The authentication system substituting traditional password and token for authentication and relies gradually on biometric authentication methods for verification of the identity of an individual. This proves the fact that society has started depending on biometric-based authentication systems. Security of biometric authentication needs to be reviewed and discussed as there are multiple points related to integrity and public reception of biometric-based authentication systems. Security and recognition accuracy are the two most important aspects which must be considered while designing biometric authentication systems. During enrollment phase scanning of biometric data is done to determine a set of distinct biometric feature set known as biometric template. Protection of biometric templates from various hacking efforts is a topic of vital importance as unlike passwords or tokens, compromised biometric templates cannot be reissued. Therefore, giving powerful protection techniques for biometric templates and still at that very moment preparing great identification accuracy is a good research problem nowadays, as well as in the future. Furthermore, efficiency under non-ideal conditions is also supposed to be inadequate and thus needs special attention in the design of a biometric authentication system. Disclosure of various biometric traits in miscellaneous applications creates a severe compromise on the privacy of the user. Biometric authentication can be utilized for remote user authentication. In this case, the biometric data of users typically called templates are stored in a server. The uniqueness and stability of biometrics ended it useful over traditional authentication systems. But, a similar thing made the enduring harm of a user’s identity in biometric systems. The architecture of the biometric system leads to several hazards that lead to numerous security concerns and privacy threats. To address this issue, biometric templates are secured using several schemes that are categorized as biometric cryptosystems, cancelable biometrics, hybrid methods, Homomorphic Encryption, visual cryptography based methods. Biometric cryptosystems and cancelable biometrics techniques provide reliable biometric security at a great level. However, there persist numerous concerns and encounters that are being faced during the deployment of these protection technologies. This paper reviews and analyses various biometric template protection methods. This review paper also reflects the limitations of various biometric template protection methods being used in present times and highlights the scope of future work.

     

Evaluation of a template protection approach to integrate fingerprint biometrics in a PIN-based payment infrastructure

Biometric authentication has a great potential to improve the security, reduce cost, and enhance the customer convenience of payment systems. Despite these benefits, biometric authentication has not yet been adopted by large-scale point-of-sale and automated teller machine systems. This paper aims at providing a better understanding of the benefits and limitations associated with the integration of biometrics in a PIN-based payment authentication system. Based on a review of the market drivers and deployment hurdles, a method is proposed in which biometrics can be seamlessly integrated in a PIN-based authentication infrastructure. By binding a fixed binary, renewable string to a noisy biometric sample, the data privacy and interoperability between issuing and acquiring banks can improve considerably compared to conventional biometric approaches. The biometric system security, cost aspects, and customer convenience are subsequently compared to PIN by means of simulations using fingerprints. The results indicate that the biometric authentication performance is not negatively influenced by the incorporation of key binding and release processes, and that the security expressed as guessing entropy of the biometric key is virtually identical to the current PIN. The data also suggest that for the fingerprint database under test, the claimed benefits for cost reduction, improved security and customer convenience do not convincingly materialize when compared to PIN. This result can in part explain why large-scale biometric payment systems are virtually non-existent in Europe and the United States, and suggests that other biometric modalities than fingerprints may be more appropriate for payment systems.     

Fingerprint classification: a review

Biometrics is the automatic identification of an individual that is based on physiological or behavioural characteristics. Due to its security-related applications and the current world political climate, biometrics is currently the subject of intense research by both private and academic institutions. Fingerprints are emerging as the most common and trusted biometric for personal identification. The main objective of this paper is to review the extensive research that has been done on fingerprint classification over the last four decades. In particular, it discusses the fingerprint features that are useful for distinguishing fingerprint classes and reviews the methods of classification that have been applied to the problem. Finally, it presents empirical results from the state of the art fingerprint classification systems that have been tested using the NIST Special Database 4.     

An effective biometric cryptosystem combining fingerprints with error correction codes

With the emergence and popularity of identity verification means by biometrics, the biometric system which can assure security and privacy has received more and more concentration from both the research and industry communities. In the field of secure biometric authentication, one branch is to combine the biometrics and cryptography. Among all the solutions in this branch, fuzzy commitment scheme is a pioneer and effective security primitive. In this paper, we propose a novel binary length-fixed feature generation method of fingerprint. The alignment procedure, which is thought as a difficult task in the encrypted domain, is avoided in the proposed method due to the employment of minutiae triplets. Using the generated binary feature as input and based on fuzzy commitment scheme, we construct the biometric cryptosystems by combining various of error correction codes, including BCH code, a concatenated code of BCH code and Reed-Solomon code, and LDPC code. Experiments conducted on three fingerprint databases, including one in-house and two public domain, demonstrate that the proposed binary feature generation method is effective and promising, and the biometric cryptosystem constructed by the feature outperforms most of the existing biometric cryptosystems in terms of ZeroFAR and security strength. For instance, in the whole FVC2002 DB2, a 4.58% ZeroFAR is achieved by the proposed biometric cryptosystem with the security strength 48 bits.     

基于指纹生物特征识别的新型防伪系统设计

针对防伪识别中识别效率和准确率低等问题,研究了指纹生物特征在标签防伪领域中的应用,提出了基于TI DSP芯片TMS320 C5515为核心的标签防伪系统设计方案,完成了由指纹模板录入、防伪标签生成、防伪标签检测、检测结果显示等指纹标签防伪检测系统的硬件与软件设计,实现对防伪标签的制作与智能化识别检测.实验结果表明,指纹录入与标签指纹采集匹配正确率达到97％以上,融合了特种油墨的指纹标签能实现标签的防伪检测,识别产品真伪,防止标签复制.指纹生物特征识别的新型防伪系统简单易用、识别率高,可提高产品防伪识别的准确性和效率.     

RP-LPP : a random permutation based locality preserving projection for cancelable biometric recognition

Biometrics are being increasingly used across the world, but it also raises privacy and security concerns of the enrolled identities. The main reason is due to the fact that biometrics are not cancelable and if compromised may give access to the intruder. Cancelable biometric template is a solution to this problem which can be reissued if compromised. In this paper, we suggest a simple and powerful method called Random Permutation Locality Preserving Projection (RP-LPP) for Cancelable Biometric Recognition. Here, we exploit the mathematical relationship between the eigenvalues and eigenvectors of the original biometric image and its randomly permuted version is exploited for carrying out cancelable biometric recognition. The proposed technique work in a cryptic manner by accepting the cancelable biometric template and a key (called PIN) issued to a user. The effectiveness of the proposed techniques is demonstrated on three freely available face (ORL), iris (UBIRIS) and ear (IITD) datasets against state-of-the-art methods. The advantages of proposed technique are (i) the classification accuracy remains unaffected due to cancelable biometric templates generated using random permutation, (ii) security and quality of generated templates and (iii) robustness across different biometrics. In addition, no image registration is required for performing recognition.

     

基于TrustZone的移动云环境指纹认证终端APP的设计和实现

针对指纹等生物特征在云环境下存在泄露的安全隐患，以及已有的生物特征认证方案安全性或便利性不足的问题，设计并实现了基于正交分解和TrustZone的可信指纹认证终端APP。利用TrustZone的硬件隔离机制，在可信执行环境中完成指纹特征提取、指纹模板生成等敏感操作，与普通执行环境中的应用隔离，从而抵挡恶意程序的攻击，保证认证过程的安全性。基于正交分解算法生成的指纹模板在保证可匹配性的同时融合了随机噪声，可以在一定程度上抵挡针对特征模板的攻击，使得指纹模板可以在云环境下存储和传输，解除用户与设备的绑定，提升了生物认证的便利性。实验和理论分析表明，指纹模板的相关性和随机性比原始特征和随机映射算法更高，有更强的安全性；另外时间和存储开销、识别的准确性的实验结果表明，所设计APP兼顾便利性和安全性，满足移动云环境下安全认证的需求。     

基于TrustZone的移动云环境指纹认证终端APP的设计和实现

针对指纹等生物特征在云环境下存在泄露的安全隐患,以及已有的生物特征认证方案安全性或便利性不足的问题,设计并实现了基于正交分解和TrustZone的可信指纹认证终端APP。利用TrustZone的硬件隔离机制,在可信执行环境中完成指纹特征提取、指纹模板生成等敏感操作,与普通执行环境中的应用隔离,从而抵挡恶意程序的攻击,保证认证过程的安全性。基于正交分解算法生成的指纹模板在保证可匹配性的同时融合了随机噪声,可以在一定程度上抵挡针对特征模板的攻击,使得指纹模板可以在云环境下存储和传输,解除用户与设备的绑定,提升了生物认证的便利性。实验和理论分析表明,指纹模板的相关性和随机性比原始特征和随机映射算法更高,有更强的安全性;另外时间和存储开销、识别的准确性的实验结果表明,所设计APP兼顾便利性和安全性,满足移动云环境下安全认证的需求。     

Fingerprint-Based Fuzzy Vault: Implementation and Performance

Reliable information security mechanisms are required to combat the rising magnitude of identity theft in our society. While cryptography is a powerful tool to achieve information security, one of the main challenges in cryptosystems is to maintain the secrecy of the cryptographic keys. Though biometric authentication can be used to ensure that only the legitimate user has access to the secret keys, a biometric system itself is vulnerable to a number of threats. A critical issue in biometric systems is to protect the template of a user which is typically stored in a database or a smart card. The fuzzy vault construct is a biometric cryptosystem that secures both the secret key and the biometric template by binding them within a cryptographic framework. We present a fully automatic implementation of the fuzzy vault scheme based on fingerprint minutiae. Since the fuzzy vault stores only a transformed version of the template, aligning the query fingerprint with the template is a challenging task. We extract high curvature points derived from the fingerprint orientation field and use them as helper data to align the template and query minutiae. The helper data itself do not leak any information about the minutiae template, yet contain sufficient information to align the template and query fingerprints accurately. Further, we apply a minutiae matcher during decoding to account for nonlinear distortion and this leads to significant improvement in the genuine accept rate. We demonstrate the performance of the vault implementation on two different fingerprint databases. We also show that performance improvement can be achieved by using multiple fingerprint impressions during enrollment and verification.     

Secure Hamming distance computation for biometrics using ideal-lattice and ring-LWE homomorphic encryption

With widespread development of biometrics, concerns about security and privacy are rapidly increasing. Homomorphic encryption enables us to operate on encrypted data without decryption, and it can be applied to construct a privacy-preserving biometric system. In this article, we apply two homomorphic encryption schemes based on ideal-lattice and ring-LWE (Learning with Errors), which both have homomorphic correctness over the ring of integers of a cyclotomic field. We compare the two schemes in applying them to privacy-preserving biometrics. In biometrics, the Hamming distance is used as a metric to compare two biometric feature vectors for authentication. We propose an efficient method for secure Hamming distance. Our method can pack a biometric feature vector into a single ciphertext, and it enables efficient computation of secure Hamming distance over our packed ciphertexts.