Establishing identity is becoming critical in our vastly interconnected society. Questions such as “Is she really who she claims to be?, ” “Is this person authorized to use this facility?, ” or “Is he in the watchlist posted by the government? ” are routinely being posed in a variety of scenarios ranging from issuing a driver’s license to gaining entry into a country. The need for reliable user authentication techniques has increased in the wake of heightened concerns about security and rapid advancements in networking, communication, and mobility. Biometrics, described as the science of recognizing an individual based on his or her physical or behavioral traits, is beginning to gain acceptance as a legitimate method for determining an individual’s identity. Biometric systems have now been deployed in various commercial, civilian, and forensic applications as a means of establishing identity. In this paper, we provide an overview of biometrics and discuss some of the salient research issues that need to be addressed for making biometric technology an effective tool for providing information security. The primary contribution of this overview includes: 1) examining applications where biometrics can solve issues pertaining to information security; 2) enumerating the fundamental challenges encountered by biometric systems in real-world applications; and 3) discussing solutions to address the problems of scalability and security in large-scale authentication systems.

This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various “proven ” security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have “proven ” security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address the privacy and security requirements. 1.

This paper considers generating binary feature vectors from biometric face data such that their privacy can be protected using recently introduced helper data systems. We explain how the binary feature vectors can be derived and investigate their statistical properties. Experimental results for a subset of the FERET and Caltech databases show that their is only a slight degradation in classification results when using the binary rather than the real-valued feature vectors. Finally, the scheme to extract the binary vectors is combined with a helper data scheme leading to renewable and privacy preserving facial templates with acceptable classification results provided that the within-class variation is not too large. 1

We show that there is a direct relation between the maximum length of the keys extracted from biometric data and the error rates of the biometric system. The length of the bio-key depends on the amount of distinguishing information that can be extracted from the source data. This information can be used a-priori to evaluate the potential of the biometric data in the context of a specific cryptographic application. We model the biometric data more naturally as a continuous distribution and we give a new definition for fuzzy extractors that works better for this type of data. 1

Abstract—Body Area Networks (BAN) can play a major role in monitoring the health of soldiers in a battlefield. Securing BANs is essential to ensure safety of the soldiers. This paper presents a novel key agreement protocol called Photoplethysmogram PPGbased based Key Agreement (PKA) which allows sensors in a BAN to agree to a common key using PPG values obtained from the subject (soldier) they are deployed on. Using the stimuli which the sensors are designed to monitor directly for cryptographic purposes, enables administrators to provide security for BANs with minimal initial setup. The principal contributions of this paper are: 1) demonstration of the viability of the PPG signals for agreeing upon common symmetric cryptographic keys between two nodes in BAN, and 2) analysis of the security, performance and quality of the keys produced by PKA. I.

User privacy and template security are major concerns in the use of biometric systems. These are serious concerns based on the fact that once compromised, biometric traits can not be canceled or reissued. The Fuzzy Vault scheme has emerged as a promising method to alleviate the template security problem. The scheme is based on binding the biometric template with a secret key and scrambling it with a large amount of redundant data, such that it is computationally infeasible to extract the secret key without possession of the biometric trait. It was recently claimed that the scheme is susceptible to correlation based attacks which assume the availability of two fuzzy vaults created using the same biometric data (e.g. two impressions of the same fingerprint) and suggests that correlating them would reveal the biometric data hidden inside. In this work, we implemented the fuzzy vault scheme using fingerprints and performed correlation attacks against a database of 400 fuzzy vaults (200 matching pairs). Given two matching vaults, we could successfully unlock 59 % of them within a short time. Furthermore, it was possible to link an unknown vault to a short list containing its matching pair, for 41 % of all vaults. These results prove the claim that the fuzzy vault scheme without additional security measures is indeed vulnerable to correlation attacks.

Multibiometric systems, which consolidate information from multiple biometric sources, are gaining popularity because they are able to overcome limitations such as non-universality, noisy sensor data, large intra-user variations and susceptibility to spoof attacks that are commonly encountered in unibiometric systems. In this thesis, we address two critical issues in the design of a multibiometric system, namely, fusion methodology and template security. First, we propose a fusion methodology based on the Neyman-Pearson theorem for combination of match scores provided by multiple biometric matchers. The likelihood ratio (LR) test used in the Neyman-Pearson theorem directly maximizes the genuine accept rate (GAR) at any desired false accept rate (FAR). The densities of genuine and impostor match scores needed for the LR test are estimated using finite Gaussian mixture models. We also extend the likelihood ratio based fusion scheme to incorporate the quality of the biometric samples. Further, we also show that the LR framework can be used for designing sequential multibiometric systems by constructing a binary decision tree classifier based on the marginal likelihood ratios of the

In recent literature, privacy protection technologies for biometric templates were proposed. Among these is the so-called helper-data system (HDS) based on reliable component selection. In this paper we integrate this approach with face biometrics such that we achieve a system in which the templates are privacy protected, and multiple templates can be derived from the same facial image for the purpose of template renewability. Extracting binary feature vectors forms an essential step in this process. Using the FERET and Caltech databases, we show that this quantization step does not significantly degrade the classification performance compared to, for example, traditional correlation-based classifiers. The binary feature vectors are integrated in the HDS leading to a privacy protected facial recognition algorithm with acceptable FAR and FRR, provided that the intra-class variation is sufficiently small. This suggests that a controlled enrollment procedure with a sufficient number of enrollment measurements is required. 2.

Securing biometrics databases from being compromised is an important research challenge that must be overcome in order to support widespread use of biometrics based authentication. In this paper we present a novel method for securing fin-gerprints by hashing the fingerprint minutia and performing matching in the hash space. Our approach uses a family of symmetric hash functions and does not de-pend on the location of the (usually unstable) singular points (core and delta) as is the case with other methods described in the literature. It also does not assume a pre-alignment between the test and the stored fingerprint templates. We argue that these assumptions, which are often made, are unrealistic given that fingerprints are very often only partially captured by the commercially available sensors. The Equal Error Rate (EER) achieved by our system is 3%. We also present the perfor-mance analysis of a hybrid system that has an EER of 1.96 % which reflects almost no drop in performance when compared to straight matching with no security en-hancements. The hybrid system involves matching using our secure algorithm but the final scoring reverts to that used by a straight matching system.

Abstract- In this paper, we will discuss relevant research progress in the field of mobile fingerprint template protection. The discussion will cover three main stream schemes called biometric key generation, fuzzy schemes and noninvertible transforms. Some pitfalls and open issues for future research in these areas are pointed out. I.