Securing Minutia Cylinder Codes for Fingerprints through Physically Unclonable Functions: An Exploratory Study

A number of personal devices, such as smartphones, have incorporated fingerprint recognition solutions for user authentication purposes. This work proposes a dual-factor fingerprint matching scheme based on P-MCCs (Protected Minutia Cylinder-Codes) generated from fingerprint images and PUFs (Physically Unclonable Functions) generated from device SRAMs (Static Random Access Memories). Combining the fingerprint identifier with the device identifier results in a secure template satisfying the discriminability, irreversibility, revocability, and unlinkability properties, which are strongly desired for data privacy and security. Experiments convey the benefits of the proposed dual-factor authentication mechanism in enhancing the security of personal devices that utilize biometric authentication schemes.Ministerio de Economía y Competitividad del Gobierno de España y PO FEDER-FSE - EC2014-57971-RConsejo Superior de Investigaciones Científicas de España. CSIC - 201750E010 (HW-SEEDS)US National Science Foundation (NSF) - nº 1617466V Plan Propio de Investigación a través de la Universidad de Sevill

Security and accuracy of fingerprint-based biometrics: A review

Biometric systems are increasingly replacing traditional password- and token-based authentication systems. Security and recognition accuracy are the two most important aspects to consider in designing a biometric system. In this paper, a comprehensive review is presented to shed light on the latest developments in the study of fingerprint-based biometrics covering these two aspects with a view to improving system security and recognition accuracy. Based on a thorough analysis and discussion, limitations of existing research work are outlined and suggestions for future work are provided. It is shown in the paper that researchers continue to face challenges in tackling the two most critical attacks to biometric systems, namely, attacks to the user interface and template databases. How to design proper countermeasures to thwart these attacks, thereby providing strong security and yet at the same time maintaining high recognition accuracy, is a hot research topic currently, as well as in the foreseeable future. Moreover, recognition accuracy under non-ideal conditions is more likely to be unsatisfactory and thus needs particular attention in biometric system design. Related challenges and current research trends are also outlined in this paper

Security and accuracy of fingerprint-based biometrics: A review

Biometric systems are increasingly replacing traditional password- and token-based authentication systems. Security and recognition accuracy are the two most important aspects to consider in designing a biometric system. In this paper, a comprehensive review is presented to shed light on the latest developments in the study of fingerprint-based biometrics covering these two aspects with a view to improving system security and recognition accuracy. Based on a thorough analysis and discussion, limitations of existing research work are outlined and suggestions for future work are provided. It is shown in the paper that researchers continue to face challenges in tackling the two most critical attacks to biometric systems, namely, attacks to the user interface and template databases. How to design proper countermeasures to thwart these attacks, thereby providing strong security and yet at the same time maintaining high recognition accuracy, is a hot research topic currently, as well as in the foreseeable future. Moreover, recognition accuracy under non-ideal conditions is more likely to be unsatisfactory and thus needs particular attention in biometric system design. Related challenges and current research trends are also outlined in this paper

Biometrics based privacy-preserving authentication and mobile template protection

Smart mobile devices are playing a more and more important role in our daily life. Cancelable biometrics is a promising mechanism to provide authentication to mobile devices and protect biometric templates by applying a noninvertible transformation to raw biometric data. However, the negative effect of nonlinear distortion will usually degrade the matching performance significantly, which is a nontrivial factor when designing a cancelable template. Moreover, the attacks via record multiplicity (ARM) present a threat to the existing cancelable biometrics, which is still a challenging open issue. To address these problems, in this paper, we propose a new cancelable fingerprint template which can not only mitigate the negative effect of nonlinear distortion by combining multiple feature sets, but also defeat the ARM attack through a proposed feature decorrelation algorithm. Our work is a new contribution to the design of cancelable biometrics with a concrete method against the ARM attack. Experimental results on public databases and security analysis show the validity of the proposed cancelable template

Evaluating biometrics fingerprint template protection for an emergency situation

Biometric template protection approaches have been developed to secure the biometric templates against image reconstruction on the stored templates. Two cancellable fingerprint template protection approaches namely minutiae-based bit-string cancellable fingerprint template and modified minutiae-based bit-string cancellable fingerprint template, are selected to be evaluated. Both approaches include the geometric information of the fingerprint into the extracted minutiae. Six modified fingerprint data sets are derived from the original fingerprint images in FVC2002DB1_B and FVC2002DB2_B by conducting the rotation and changing the quality of original fingerprint images according to the environment conditions during an emergency situation such as wet or dry fingers and disoriented angle of fingerprint images. The experimental results show that the modified minutiae-based bit-string cancellable fingerprint template performs well on all conditions during an emergency situation by achieving the matching accuracy between 83% and 100% on FVC2002DB1_B data set and between 99% and 100% on FVC2002DB2_B data set

On the Security Risk of Cancelable Biometrics

Over the years, a number of biometric template protection schemes, primarily based on the notion of "cancelable biometrics" (CB) have been proposed. An ideal cancelable biometric algorithm possesses four criteria, i.e., irreversibility, revocability, unlinkability, and performance preservation. Cancelable biometrics employed an irreversible but distance preserving transform to convert the original biometric templates to the protected templates. Matching in the transformed domain can be accomplished due to the property of distance preservation. However, the distance preservation property invites security issues, which are often neglected. In this paper, we analyzed the property of distance preservation in cancelable biometrics, and subsequently, a pre-image attack is launched to break the security of cancelable biometrics under the Kerckhoffs's assumption, where the cancelable biometrics algorithm and parameters are known to the attackers. Furthermore, we proposed a framework based on mutual information to measure the information leakage incurred by the distance preserving transform, and demonstrated that information leakage is theoretically inevitable. The results examined on face, iris, and fingerprint revealed that the risks origin from the matching score computed from the distance/similarity of two cancelable templates jeopardize the security of cancelable biometrics schemes greatly. At the end, we discussed the security and accuracy trade-off and made recommendations against pre-image attacks in order to design a secure biometric system.Comment: Submit to P