Abstract not found

Biometric recognition offers a reliable and natural solution to the problem of user authentication in identity management systems. With the widespread deployment of biometric systems in various applications, there are increasing concerns about the security and privacy of biometric technology. Public confidence and acceptance of the biometrics technology will depend on the ability of system designers to demonstrate that these systems are robust, have low error rates and are tamper proof. We present a high-level categorization of the various vulnerabilities of a biometric system and discuss countermeasures that have been proposed to address these vulnerabilities. In particular, we focus on biometric template security which is an important issue because unlike passwords and tokens, compromised biometric templates cannot be revoked and reissued. Due to intra-user variability in the acquired biometric traits, ensuring the security of the template while maintaining the recognition performance is a challenging task. We present an overview of various biometric template protection schemes and discuss their advantages and limitations in terms of security, revocability and impact on matching accuracy. A template protection scheme with provable security and acceptable recognition performance has thus far remained elusive. Development of such a scheme is crucial as biometric systems are beginning to proliferate into the core physical and information infrastructure of our society.

Abstract — Fuzzy sketches, introduced as a link between biometry and cryptography, are a way of handling biometric data matching as an error correction issue. We focus here on iris biometrics and look for the best error-correcting code in that respect. We show that two-dimensional iterative minsum decoding leads to results near the theoretical limits. In particular, we experiment our techniques on the Iris Challenge Evaluation (ICE) database and validate our findings.

Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In this paper, we exploit a novel source of entropy that can be used with any biometric modality but that has yet to be utilized for key generation, namely associating uncertainty with the way in which the biometric input is measured. Our construction poses only a modest requirement on a user: the ability to remember a low-entropy password. We identify the technical challenges of this approach, and develop novel techniques to overcome these difficulties. Our analysis of this approach indicates that it may offer the potential to generate stronger keys: In our experiments, 40 % of the users are able to generate keys that are at least 2 30 times stronger than passwords alone. Categories and Subject Descriptors E.3 [Data Encryption]; H.1 [Models and Principles]: User/Machine

Multibiometric systems, which consolidate information from multiple biometric sources, are gaining popularity because they are able to overcome limitations such as non-universality, noisy sensor data, large intra-user variations and susceptibility to spoof attacks that are commonly encountered in unibiometric systems. In this thesis, we address two critical issues in the design of a multibiometric system, namely, fusion methodology and template security. First, we propose a fusion methodology based on the Neyman-Pearson theorem for combination of match scores provided by multiple biometric matchers. The likelihood ratio (LR) test used in the Neyman-Pearson theorem directly maximizes the genuine accept rate (GAR) at any desired false accept rate (FAR). The densities of genuine and impostor match scores needed for the LR test are estimated using finite Gaussian mixture models. We also extend the likelihood ratio based fusion scheme to incorporate the quality of the biometric samples. Further, we also show that the LR framework can be used for designing sequential multibiometric systems by constructing a binary decision tree classifier based on the marginal likelihood ratios of the

Abstract In this paper we generalize the concept of Private Information Retrieval (PIR) by formalizing a new cryptographic primitive, named Extended Private Information Retrieval (EPIR). Instead of enabling a user to retrieve a bit (or a block) from a database as in the case of PIR, an EPIR protocol enables a user to evaluate a function f which takes a string chosen by the user and a block from the database as input. Like PIR, EPIR can also be considered as a special case of the secure two-party computation problem (and more specifically the oblivious function evaluation problem). We propose two EPIR protocols, one for testing equality and the other for computing Hamming distance. As an important application, we show how to construct strong privacy-preserving biometric-based authentication schemes by employing these EPIR protocols. 1

Abstract. Physical Unclonable Functions (PUFs) have properties that make them very attractive for a variety of security-related applications. Due to their inherent dependency on the physical properties of the device that contains them, they can be used to uniquely bind an application to a particular device for the purpose of IP protection. This is crucial for the protection of FPGA applications against illegal copying and distribution. In order to exploit the physical nature of PUFs for reliable cryptography a so-called helper data algorithm or fuzzy extractor is used to generate cryptographic keys with appropriate entropy from noisy and non-uniform random PUF responses. In this paper we present for the first time efficient implementations of fuzzy extractors on FPGAs where the efficiency is measured in terms of required hardware resources. This fills the gap of the missing building block for a full FPGA IP protection solution. Moreover, in this context we propose new architectures for the decoders of Reed-Muller and Golay codes, and show that our solutions are very attractive from both the area and error correction capability points of view.

Abstract- In this paper, we will discuss relevant research progress in the field of mobile fingerprint template protection. The discussion will cover three main stream schemes called biometric key generation, fuzzy schemes and noninvertible transforms. Some pitfalls and open issues for future research in these areas are pointed out. I.

Existing asymmetric encryption algorithms require the storage of the secret private key. Stored keys are often protected by poorly selected user passwords that can either be guessed or obtained through brute force attacks. This is a weak link in the overall encryption system and can potentially compromise the integrity of sensitive data. Combining biometrics with cryptography is seen as a possible solution but any biometric cryptosystem must be able to overcome small variations present between different acquisitions of the same biometric in order to produce consistent keys. This paper discusses a new method which uses an entropy based feature extraction process coupled with Reed-Solomon error correcting codes that can generate deterministic bit-sequences from the output of an iterative one-way transform. The technique is evaluated using 3D face data and is shown to reliably produce keys of suitable length for 128-bit Advanced Encryption Standard (AES).

Abstract. From a usability viewpoint, passwords and PINs have reached the end of their useful life. Even though they are convenient for implementers, for users they are increasingly unmanageable. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. Yet we can’t abandon passwords until we come up with an alternative method of user authentication that is both usable and secure. We present an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Unlike most alternatives, Pico doesn’t merely address the case of web passwords: it also applies to all the other contexts in which users must at present remember passwords, passphrases and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides “continuous authentication ” and is resistant to brute force guessing, dictionary attacks, phishing and keylogging. 1 Why users are right to be fed up Remembering an unguessable and un-brute-force-able password was a manageable task twenty or thirty years ago, when each of us had to use only one or two. Since then, though, two trends in computing have made this endeavour much harder. First, computing power has grown by several orders of magnitude: once upon a time, eight characters were considered safe from brute force 1; nowadays, passwords that are truly safe from brute force and from advanced guessing attacks 2 typically exceed the ability of ordinary users to remember them 3 4. Second, and most important, the number of computer-based services with which It’s OK to skip all these gazillions of footnotes.