An enhanced fuzzy commitment scheme in biometric template protection

Biometric template protection consists of two approaches; Feature Transformation (FT) and Biometric Cryptography (BC). This research focuses on Key-Binding Technique based on Fuzzy Commitment Scheme (FCS) under BC approach. In FCS, the helper data should not disclose any information about the biometric data. However, literatures showed that it had dependency issue in its helper data which jeopardize security and privacy. Moreover, this also increases the probability of privacy leakage which lead to attacks such as brute-force and cross-matching attack. Thus, the aim of this research is to reduce the dependency of helper data that can caused privacy leakage. Three objectives have been set such as (1) to identify the factors that cause dependency on biometric features (2) to enhance FCS by proposing an approach that reduces this dependency, and (3) to evaluate the proposed approach based on parameters such as security, privacy, and biometric performance. This research involved four phases. Phase one, involved research review and analysis, followed by designing conceptual model and algorithm development in phase two and three respectively. Phase four, involved with the evaluation of the proposed approach. The security and privacy analysis shows that with the additional hash function, it is difficult for adversary to perform brute‐force attack on information stored in database. Furthermore, the proposed approach has enhanced the aspect of unlinkability and prevents cross-matching attack. The proposed approach has achieved high accuracy of 95.31% with Equal Error Rate (EER) of 1.54% which performs slightly better by 1.42% compared to the existing approach. This research has contributed towards the key-binding technique of biometric fingerprint template protection, based on FCS. In particular, this research was designed to create a secret binary feature that can be used in other state-of-the-art cryptographic systems by using an appropriate error-correcting approach that meets security standards

Retrieving secrets from iris fuzzy commitment

Iris patterns contain rich discriminative information and can be efficiently encoded in a compact binary form. These nice properties allow smooth integration with the fuzzy commitment scheme. Instead of storing iris codes directly, a random secret can be derived such that user privacy can be preserved. Despite the successful implementation, the dependency existing in iris codes can strongly reduce the security of fuzzy commitment. This paper shows that the distribution of iris codes complies with the Markov model. Additionally, an algorithm retrieving secrets from the iris fuzzy commitment scheme is proposed. The experimental results show that with knowledge of the iris distribution secrets can be recovered with low complexity. This work shows that distribution analysis is essential for security assessment of fuzzy commitment. Ignoring the dependency of binary features can lead to overestimation of the security