Towards cancelable multi-biometrics based on bloom filters: a case study on feature level fusion of face and iris

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. C. Rathgeb, M. Gomez-Barrero, C. Busch, J. Galbally, and J. Fierrez, "Towards cancelable multi-biometrics based on bloom filters: a case study on feature level fusion of face and iris", in International Workshop on Biometrics and Forensics (IWBF), 2015, p. 1-6In this work we propose a generic framework for generating an irreversible representation of multiple biometric templates based on adaptive Bloom filters. The presented technique enables a feature level fusion of different biometrics (face and iris) to a single protected template, improving privacy protection compared to the corresponding systems based on a single biometric trait. At the same time, a significant gain in biometric performance is achieved, confirming the sound- ness of the proposed technique.This work has been partially supported by projects Bio-Shield (TEC2012-34881) from Spanish MINECO, FIDELITY (FP7- SEC-284862) and BEAT (FP7-SEC-284989) from EU, the Center for Advanced Security Research Darmstadt (CASED) and C´atedra UAM-Telef´onica. Marta Gomez-Barrero is supported by a FPU Fellowship from Spanish MECD

Hybrid biometric template protection:Resolving the agony of choice between bloom filters and homomorphic encryption

Abstract Bloom filters (BFs) and homomorphic encryption (HE) are prominent techniques used to design biometric template protection (BTP) schemes that aim to protect sensitive biometric information during storage and biometric comparison. However, the pros and cons of BF‐ and HE‐based BTPs are not well studied in literature. We investigate the strengths and weaknesses of these two approaches since both seem promising from a theoretical viewpoint. Our key insight is to extend our theoretical investigation to cover the practical case of iris recognition on the ground that iris (1) benefits from the alignment‐free property of BFs and (2) induces huge computational burdens when implemented in the HE‐encrypted domain. BF‐based BTPs can be implemented to be either fast with high recognition accuracy while missing the important privacy property of ‘unlinkability’, or to be fast with unlinkability‐property while missing the high accuracy. HE‐based BTPs, on the other hand, are highly secure, achieve good accuracy, and meet the unlinkability‐property, but they are much slower than BF‐based approaches. As a synthesis, we propose a hybrid BTP scheme that combines the good properties of BFs and HE, ensuring unlinkability and high recognition accuracy, while being about seven times faster than the traditional HE‐based approach

Performance comparison of intrusion detection systems and application of machine learning to Snort system

This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that the Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimised SVM with firefly algorithm with FPR (false positive rate) as 8.6% and FNR (false negative rate) as 2.2%, which is a good result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimised machine learning algorithms to Snort

A Survey on Biometrics and Cancelable Biometrics Systems

Now-a-days, biometric systems have replaced the password or token based authentication system in many fields to improve the security level. However, biometric system is also vulnerable to security threats. Unlike password based system, biometric templates cannot be replaced if lost or compromised. To deal with the issue of the compromised biometric template, template protection schemes evolved to make it possible to replace the biometric template. Cancelable biometric is such a template protection scheme that replaces a biometric template when the stored template is stolen or lost. It is a feature domain transformation where a distorted version of a biometric template is generated and matched in the transformed domain. This paper presents a review on the state-of-the-art and analysis of different existing methods of biometric based authentication system and cancelable biometric systems along with an elaborate focus on cancelable biometrics in order to show its advantages over the standard biometric systems through some generalized standards and guidelines acquired from the literature. We also proposed a highly secure method for cancelable biometrics using a non-invertible function based on Discrete Cosine Transformation (DCT) and Huffman encoding. We tested and evaluated the proposed novel method for 50 users and achieved good results

Finger Vein Template Protection with Directional Bloom Filter

Biometrics has become a widely accepted solution for secure user authentication. However, the use of biometric traits raises serious concerns about the protection of personal data and privacy. Traditional biometric systems are vulnerable to attacks due to the storage of original biometric data in the system. Because biometric data cannot be changed once it has been compromised, the use of a biometric system is limited by the security of its template. To protect biometric templates, this paper proposes the use of directional bloom filters as a cancellable biometric approach to transform the biometric data into a non-invertible template for user authentication purposes. Recently, Bloom filter has been used for template protection due to its efficiency with small template size, alignment invariance, and irreversibility. Directional Bloom Filter improves on the original bloom filter. It generates hash vectors with directional subblocks rather than only a single-column subblock in the original bloom filter. Besides, we make use of multiple fingers to generate a biometric template, which is termed multi-instance biometrics. It helps to improve the performance of the method by providing more information through the use of multiple fingers. The proposed method is tested on three public datasets and achieves an equal error rate (EER) as low as 5.28% in the stolen or constant key scenario. Analysis shows that the proposed method meets the four properties of biometric template protection. Doi: 10.28991/HIJ-2023-04-02-013 Full Text: PD

On the Security Risk of Cancelable Biometrics

Over the years, a number of biometric template protection schemes, primarily based on the notion of "cancelable biometrics" (CB) have been proposed. An ideal cancelable biometric algorithm possesses four criteria, i.e., irreversibility, revocability, unlinkability, and performance preservation. Cancelable biometrics employed an irreversible but distance preserving transform to convert the original biometric templates to the protected templates. Matching in the transformed domain can be accomplished due to the property of distance preservation. However, the distance preservation property invites security issues, which are often neglected. In this paper, we analyzed the property of distance preservation in cancelable biometrics, and subsequently, a pre-image attack is launched to break the security of cancelable biometrics under the Kerckhoffs's assumption, where the cancelable biometrics algorithm and parameters are known to the attackers. Furthermore, we proposed a framework based on mutual information to measure the information leakage incurred by the distance preserving transform, and demonstrated that information leakage is theoretically inevitable. The results examined on face, iris, and fingerprint revealed that the risks origin from the matching score computed from the distance/similarity of two cancelable templates jeopardize the security of cancelable biometrics schemes greatly. At the end, we discussed the security and accuracy trade-off and made recommendations against pre-image attacks in order to design a secure biometric system.Comment: Submit to P