A fingerprint biometric cryptosystem in FPGA

Comunicación presentada al ICIT 2015 celebrado en Sevilla del 17 al 19 de marzo de 2015This paper presents the implementation of a complete fingerprint biometric cryptosystem in a Field Programmable Gate Array (FPGA). This is possible thanks to the use of a novel fingerprint feature, named QFingerMap, which is binary, length-fixed, and ordered. Security of Authentication on FPGA is further improved because information stored is protected due to the design of a cryptosystem based on Fuzzy Commitment. Several samples of fingers as well as passwords can be fused at feature level with codewords of an error correcting code to generate non-sensitive data. System performance is illustrated with experimental results corresponding to 560 fingerprints acquired in live by an optical sensor and processed by the system in a Xilinx Virtex 6 FPGA. Depending on the realization, more or less accuracy is obtained, being possible a perfect authentication (zero Equal Error Rate), with the advantages of real-time operation, low power consumption, and a very small devicePeer reviewe

Fingerprint template protection schemes: A literature review

The fingerprint is the most widely used technology for identification or authentication systems, which can be known as fingerprint authentication systems (FAS).In addition to providing security, the fingerprint is also easy to use, very reliable and has a high accuracy for identity recognition. FAS is still exposed to security attacks because fingerprint information is unencrypted.Therefore, fingerprint information requires protection known as fingerprint template protection (FTP).This paper aims to provide an organized literature on FTP.Three research questions were formulated to guide the literature analysis.First, this analysis focuses on the types of FTP schemes; second, the metrics used for evaluating the FTP schemes; and finally, the common datasets used for evaluating the FTP schemes. The latest information and references are analysed and classified based on FTP methods and publication year to obtain information related to the development and application of FTP.This study mainly surveyed 62 documents reported on FTP schemes between the year 2000 and 2017.The results of this survey can be a source of reference for other researchers in finding literature relevant to the FTP

A PUF-and biometric-based lightweight hardware solution to increase security at sensor nodes

Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure storage of secret keys is required. In this work, a low-cost solution is presented to obfuscate secret keys with Physically Unclonable Functions (PUFs), which exploit the hardware identity of the node. In addition, a lightweight fingerprint recognition solution is proposed, which can be implemented in low-cost sensor nodes. Since biometric data of individuals are sensitive, they are also obfuscated with PUFs. Both solutions allow authenticating the origin of the sensed data with a proposed dual-factor authentication protocol. One factor is the unique physical identity of the trusted sensor node that measures them. The other factor is the physical presence of the legitimate individual in charge of authorizing their transmission. Experimental results are included to prove how the proposed PUF-based solution can be implemented with the SRAMs of commercial Bluetooth Low Energy (BLE) chips which belong to the communication module of the sensor node. Implementation results show how the proposed fingerprint recognition based on the novel texture-based feature named QFingerMap16 (QFM) can be implemented fully inside a low-cost sensor node. Robustness, security and privacy issues at the proposed sensor nodes are discussed and analyzed with experimental results from PUFs and fingerprints taken from public and standard databases.Ministerio de Economía, Industria y Competitividad TEC2014-57971-R, TEC2017-83557-

Los Triángulos de Delaunay como Procesamiento Previo para Extractores Difusos

Resumen: La información biométrica que se extrae de las huellas dactilares tiende a ser diferente en cada adquisición, dada la incertidumbre existente en las mediciones y la presencia de ruido en las muestras, lo cual puede ocasionar que las palabras código generadas dentro de un extractor difuso posean un número de errores tal que rebase la capacidad de corrección de la codificación. Como consecuencia se tiene que lo anterior puede ocasionar que las huellas dactilares de una misma persona sean catalogadas como no coincidentes en su verificación o bien, que huellas de individuos diferentes parezcan demasiado similares.Para mitigar los efectos antes mencionados y sobrepasar las dificultades del pre-alineamiento de huellas dactilares, se propuso el uso de triángulos de Delaunay, lo cual permite proveer de estabilidad estructural local a la representación espacial de la información biométrica. En esa propuesta, las minucias de la huella son utilizadas como vértices de las triangulaciones y la red formada por éstas es tolerante a distorsiones, rotaciones y traslaciones. Sin embargo, en dicha propuesta se considera a la dispersión de minucias de huellas dactilares como no degenerativa y por tanto no se mencionan los umbrales o criterios necesarios para la formación de dichas triangulaciones, lo cual repercute en el desempeño de los extractores difusos. Con base en ello, este artículo presenta los resultados obtenidos al probar la formación de triangulaciones de Delaunay en imágenes de huella dactilar, en donde se aplican umbrales y criterios geométricos para luego contabilizar los triángulos coincidentes entre las estructuras formadas y definir los umbrales que maximicen dichas coincidencias. Palabras clave: Extractores Difusos, Huella Dactilar, Triángulos de Delaunay

Development of secured algorithm to enhance the privacy and security template of biometric technology

A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Mathematical and Computer Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyThe security of information and personal privacy are the growing concerns in today’s human life worldwide. The storage of biometric data in the database has raised the prospect of compromising the database leading to grave risks and misuse of the person’s privacy such as growth in terrorism and identity fraud. When a person’s biometric data stored is revealed, their security and privacy are being compromised. This research described a detailed evaluation on several outbreaks and threats associated with the biometric technology. It analyzed the user’s fear and intimidations to the biometric technology alongside the protection steps for securing the biometric data template in the database. It is known that, when somebody’s biometric data template is compromised from the database that consequently might indicate proof of identity robbery of that person. Mixed method to compute and articulate the results as well as a new tactic of encryption-decryption algorithm with a design pattern of Model View Template (MVT) are used for securing the biometric data template in the database. The model managed information logically, the view indicated the visualization of the data, and the template directed the data migration into pattern object. Factors influencing fear of biometric technology such as an exposer of personal information, improper data transfer, and data misuse are found. Strong knowledge of the ideal technology like the private skills of the biometric technology, data secrecy and perceived helpfulness are established. The fears and attacks along the technology like a counterfeit of documents and brute-force attack are known. The designed algorithm based on the cryptographic module of the Fernet keys instance are utilized. The Fernet keys are combined to generate a multiFernet key, integrated with biometric data to produce two encrypted files (byte and text file). These files are incorporated with Twilio message and firmly stored in the database. The storage database has security measures that guard against an impostor’s attack. The database system can block the attacker from unauthorized access. Thus, significantly increased individual data privacy and integrity

An enhanced fingerprint template protection scheme

Fingerprint template protection (FTP) is required to secure authentication due to fingerprint has been widely used for user authentication systems. Fingerprint authentication consists of a microcontroller, fingerprint sensor, secure access control, and human interface. However, as many users frequently assess the systems, fingerprints could be replicated and modified by attackers. Currently, most existing FTP schemes fail to meet the properties of fingerprint authentication systems, namely diversity, revocability, security, and match/recognition performance, due to intra-user variability in fingerprint identifiers and matching issues in unencrypted domains. Therefore, this study aims to enhance the existing schemes by using chaos-based encryption and hash functions to meet the specified properties by securing users’ fingerprint templates (FT) within the embedded systems. Furthermore, an improved chaos-based encryption algorithm was proposed for encrypting FT. The MATLAB simulation with Fingerprint Verification Competition (FVC) 2002 database was used to measure the encryption results, secret key spaces, key sensitivity, histogram, correlation, differential, entropy information, matching/recognition analysis, and revocability. The proposed FTP scheme was also evaluated using Burrows–Abadi– Needham (BAN) logic analysis for protocol robustness with resistance to replay attacks, stolen-verifier attacks, and perfect forward secrecy. The results demonstrate that the enhanced chaos-based encryption algorithm for FTP improves its encryption time, which is 0.24 seconds faster than the selected benchmark study. The enhanced FTP scheme also achieved security, revocability, diversity, and matching/recognition performance properties. The matching/recognition performance evaluation produced higher verification rates and a low false rejection rate. The rates were 99.10 % and 0.90%, respectively. The equal error rate decreased from 2.10% to 1.05%. As a conclusion, the enhanced FTP scheme could be an alternative to the existing FTP for embedded system authentication to withstand various possible attacks and provides the desired security features. The scheme also can be a reference to comprehensive security analysis

Automatic signature verification system

Philosophiae Doctor - PhDIn this thesis, we explore dynamic signature verification systems. Unlike other signature models, we use genuine signatures in this project as they are more appropriate in real world applications. Signature verification systems are typical examples of biometric devices that use physical and behavioral characteristics to verify that a person really is who he or she claims to be. Other popular biometric examples include fingerprint scanners and hand geometry devices. Hand written signatures have been used for some time to endorse financial transactions and legal contracts although little or no verification of signatures is done. This sets it apart from the other biometrics as it is well accepted method of authentication. Until more recently, only hidden Markov models were used for model construction. Ongoing research on signature verification has revealed that more accurate results can be achieved by combining results of multiple models. We also proposed to use combinations of multiple single variate models instead of single multi variate models which are currently being adapted by many systems. Apart from these, the proposed system is an attractive way for making financial transactions more secure and authenticate electronic documents as it can be easily integrated into existing transaction procedures and electronic communication

Jedna klasa biometrijskog kriptosistema zasnovanog na konvolucionim neuronskim mrežama

U ovoj doktorskoj disertaciji predložen je novi biometrijski kriptosistem otisaka prstiju baziran na sistemu fazi povezivanja i dubokih konvolucionih neuronskih mreža. Centralni doprinos rada predstavlja novi pristup automatskom izdvajanju obeležja fiksne dužine iz otisaka prstiju, u potpunosti zasnovanom na konvolucionim neuronskim mrežama. Predloženom kvantizacijom obeležja kodovanjem sa dva bita, biometrijski šabloni su prevedeni u binarni domen, što je omogućilo primenu XOR biometrije i razvoj biometrijskog kriptosistema koji se može koristiti za upravljanje ključevima (engl. key-release) ili za zaštitu šablona. Problem varijabilnosti biometrijskih podataka marginalizovan je primenom BCH koda za korekciju grešaka, koji radi na nivou bloka što ga čini otpornim na poznate statističke napade. Predloženi biometrijski kriptosistem sistem može upravljati dužinom ključeva od 265 bita, što zadovoljava potrebe savremenih kriptografskih sistema, uz prihvatljivu marginu EER greške od 1%. Evaluacija eksperimentalnih rezultata potvrđuje značajan napredak u odnosu na druge biometrijske kriptosisteme i sisteme za poređenje otisaka na osnovu njihove teksture