Privacy protecting biometric authentication systems

As biometrics gains popularity and proliferates into the daily life, there is an increased concern over the loss of privacy and potential misuse of biometric data held in central repositories. The major concerns are about i) the use of biometrics to track people, ii) non-revocability of biometrics (eg. if a fingerprint is compromised it can not be canceled or reissued), and iii) disclosure of sensitive information such as race, gender and health problems which may be revealed by biometric traits. The straightforward suggestion of keeping the biometric data in a user owned token (eg. smart cards) does not completely solve the problem, since malicious users can claim that their token is broken to avoid biometric verification altogether. Put together, these concerns brought the need for privacy preserving biometric authentication methods in the recent years. In this dissertation, we survey existing privacy preserving biometric systems and implement and analyze fuzzy vault in particular; we propose a new privacy preserving approach; and we study the discriminative capability of online signatures as it relates to the success of using online signatures in the available privacy preserving biometric verification systems. Our privacy preserving authentication scheme combines multiple biometric traits to obtain a multi-biometric template that hides the constituent biometrics and allows the possibility of creating non-unique identifiers for a person, such that linking separate template databases is impossible. We provide two separate realizations of the framework: one uses two separate fingerprints of the same individual to obtain a combined biometric template, while the other one combines a fingerprint with a vocal pass-phrase. We show that both realizations of the framework are successful in verifying a person's identity given both biometric traits, while preserving privacy (i.e. biometric data is protected and the combined identifier can not be used to track people). The Fuzzy Vault emerged as a promising construct which can be used in protecting biometric templates. It combines biometrics and cryptography in order to get the benefits of both fields; while biometrics provides non-repudiation and convenience, cryptography guarantees privacy and adjustable levels of security. On the other hand, the fuzzy vault is a general construct for unordered data, and as such, it is not straightforward how it can be used with different biometric traits. In the scope of this thesis, we demonstrate realizations of the fuzzy vault using fingerprints and online signatures such that authentication can be done while biometric templates are protected. We then demonstrate how to use the fuzzy vault for secret sharing, using biometrics. Secret sharing schemes are cryptographic constructs where a secret is split into shares and distributed amongst the participants in such a way that it is constructed/revealed only when a necessary number of share holders come together (e.g. in joint bank accounts). The revealed secret can then be used for encryption or authentication. Finally, we implemented how correlation attacks can be used to unlock the vault; showing that further measures are needed to protect the fuzzy vault against such attacks. The discriminative capability of a biometric modality is based on its uniqueness/entropy and is an important factor in choosing a biometric for a large-scale deployment or a cryptographic application. We present an individuality model for online signatures in order to substantiate their applicability in biometric authentication. In order to build our model, we adopt the Fourier domain representation of the signature and propose a matching algorithm. The signature individuality is measured as the probability of a coincidental match between two arbitrary signatures, where model parameters are estimated using a large signature database. Based on this preliminary model and estimated parameters, we conclude that an average online signature provides a high level of security for authentication purposes. Finally, we provide a public online signature database along with associated testing protocols that can be used for testing signature verification system

Biometric identity verification using on-line & off-line signature verification

Biometrics is the utilization of biological characteristics (face, iris, fingerprint) or behavioral traits (signature, voice) for identity verification of an individual. Biometric authentication is gaining popularity as a more trustable alternative to password-based security systems as it is relatively hard to be forgotten, stolen, or guessed. Signature is a behavioral biometric: it is not based on the physical properties, such as fingerprint or face, of the individual, but behavioral ones. As such, one's signature may change over time and it is not nearly as unique or difficult to forge as iris patterns or fingerprints, however signature's widespread acceptance by the public, make it more suitable for certain lower-security authentication needs. Signature verification is split into two according to the available data in the input. Off-line signature verification takes as input the image of a signature and is useful in automatic verification of signatures found on bank checks and documents. On-line signature verification uses signatures that are captured by pressure-sensitive tablets and could be used in real time applications like credit card transactions or resource accesses. In this work we present two complete systems for on-line and off-line signature verification. During registration to either of the systems the user has to submit a number of reference signatures which are cross aligned to extract statistics describing the variation in the user's signatures. Both systems have similar verification methodology and differ only in data acquisition and feature extraction modules. A test signature's authenticity is established by first aligning it with each reference signature of the claimed user, resulting in a number of dissimilarity scores: distances to nearest, farthest and template reference signatures. In previous systems, only one of these distances, typically the distance to the nearest reference signature or the distance to a template signature, was chosen, in an ad-hoc manner, to classify the signature as genuine or forgery. Here we propose a method to utilize all of these distances, treating them as features in a two-class classification problem, using standard pattern classification techniques. The distances are first normalized, resulting in a three dimensional space where genuine and forgery signature distributions are well separated. We experimented with the Bayes classifier, Support Vector Machines, and a linear classifier used in conjunction with Principal Component Analysis, to classify a given signature into one of the two classes (forgery or genuine). Test data sets of 620 on-line and 100 off-line signatures were constructed to evaluate performances of the two systems. Since it is very difficult to obtain real forgeries, we obtained skilled forgeries which are supplied by forgers who had access to signature data to practice before forging. The online system has a 1.4% error in rejecting forgeries, while rejecting only 1.3% of genuine signatures. As an offine signature is easier to forge, the offine system's performance is lower: a 25% error in rejecting forgery signatures and 20% error in rejecting genuine signatures. The results for the online system show significant improvement over the state-of-the-art results, and the results for the offline system are comparable with the performance of experienced human examiners

Biometric cryptosystem using online signatures

Biometric cryptosystems combine cryptography and biometrics to benefit from the strengths of both fields. In such systems, while cryptography provides high and adjustable security levels, biometrics brings in non-repudiation and eliminates the need to remember passwords or to carry tokens etc. In this work we present a biometric cryptosystems which uses online signatures, based on the Fuzzy Vault scheme of Jules et al. The Fuzzy Vault scheme releases a previously stored key when the biometric data presented for verification matches the previously stored template hidden in a vault. The online signature of a person is a behavioral biometric which is widely accepted as the formal way of approving documents, bank transactions, etc. As such, biometric-based key release using online signatures may have many application areas. We extract minutiae points (trajectory crossings, endings and points of high curvature) from online signatures and use those during the locking & unlocking phases of the vault. We present our preliminary results and demonstrate that high security level (128 bit encryption key length) can be achieved using online signatures

Turkish handwritten text recognition: a case of agglutinative languages

We describe a system for recognizing unconstrained Turkish handwritten text. Turkish has agglutinative morphology and theoretically an infinite number of words that can be generated by adding more suffixes to the word. This makes lexicon-based recognition approaches, where the most likely word is selected among all the alternatives in a lexicon, unsuitable for Turkish. We describe our approach to the problem using a Turkish prefix recognizer. First results of the system demonstrates the promise of this approach, with top-10 word recognition rate of about 40% for a small test data of mixed handprint and cursive writing. The lexicon-based approach with a 17,000 word-lexicon (with test words added) achieves 56% top-10 word recognition rate

Combining multiple biometrics to protect privacy

As biometrics are gaining popularity, there is increased concern over the loss of privacy and potential misuse of biometric data held in central repositories. The association of fingerprints with criminals raises further concerns. On the other hand, the alternative suggestion of keeping biometric data in smart cards does not solve the problem, since forgers can always claim that their card is broken to avoid biometric verification altogether. We propose a biometric authentication framework which uses two separate biometric features combined to obtain a non-unique identifier of the individual, in order to address privacy concerns. As a particular example, we demonstrate a fingerprint verification system that uses two separate fingerprints of the same individual. A combined biometric ID composed of two fingerprints is stored in the central database and imprints from both fingers are required in the verification process, lowering the risk of misuse and privacy loss. We show that the system is successful in verifying a person’s identity given both fingerprints, while searching the combined fingerprint database using a single fingerprint, is impractical

Realization of Correlation Attack against Fuzzy Vault Scheme

User privacy and template security are major concerns in the use of biometric systems. These are serious concerns based on the fact that once compromised, biometric traits can not be canceled or reissued. The Fuzzy Vault scheme has emerged as a promising method to alleviate the template security problem. The scheme is based on binding the biometric template with a secret key and scrambling it with a large amount of redundant data, such that it is computationally infeasible to extract the secret key without possession of the biometric trait. It was recently claimed that the scheme is susceptible to correlation based attacks which assume the availability of two fuzzy vaults created using the same biometric data (e.g. two impressions of the same fingerprint) and suggests that correlating them would reveal the biometric data hidden inside. In this work, we implemented the fuzzy vault scheme using fingerprints and performed correlation attacks against a database of 400 fuzzy vaults (200 matching pairs). Given two matching vaults, we could successfully unlock 59% of them within a short time. Furthermore, it was possible to link an unknown vault to a short list containing its matching pair, for 41% of all vaults. These results prove the claim that the fuzzy vault scheme without additional security measures is indeed vulnerable to correlation attacks

Multi-biometric templates using fingerprint and voice

As biometrics gains popularity, there is an increasing concern about privacy and misuse of biometric data held in central repositories. Furthermore, biometric verification systems face challenges arising from noise and intra-class variations. To tackle both problems, a multimodal biometric verification system combining fingerprint and voice modalities is proposed. The system combines the two modalities at the template level, using multibiometric templates. The fusion of fingerprint and voice data successfully diminishes privacy concerns by hiding the minutiae points from the fingerprint, among the artificial points generated by the features obtained from the spoken utterance of the speaker. Equal error rates are observed to be under 2% for the system where 600 utterances from 30 people have been processed and fused with a database of 400 fingerprints from 200 individuals. Accuracy is increased compared to the previous results for voice verification over the same speaker database

Secret sharing using biometric traits

In biometric based authentication, biometric traits of a person are matched against his/her stored biometric profile and access is granted if there is sufficient match. However, there are other access scenarios, which require participation of multiple previously registered users for a successful authentication or to get an access grant for a certain entity. For instance, there are cryptographic constructs generally known as secret sharing schemes, where a secret is split into shares and distributed amongst participants in such a way that it is reconstructed/ revealed only when the necessary number of share holders come together. The revealed secret can then be used for encryption or authentication (if the revealed key is verified against the previously registered value). In this work we propose a method for the biometric based secret sharing. Instead of splitting a secret amongst participants, as is done in cryptography, a single biometric construct is created using the biometric traits of the participants. During authentication, a valid cryptographic key is released out of the construct when the required number of genuine participants present their biometric traits

Offline signature verification using classifier combination of HOG and LBP features

We present an offline signature verification system based on a signature’s local histogram features. The signature is divided into zones using both the Cartesian and polar coordinate systems and two different histogram features are calculated for each zone: histogram of oriented gradients (HOG) and histogram of local binary patterns (LBP). The classification is performed using Support Vector Machines (SVMs), where two different approaches for training are investigated, namely global and user-dependent SVMs. User-dependent SVMs, trained separately for each user, learn to differentiate a user’s signature from others, whereas a single global SVM trained with difference vectors of query and reference signatures’ features of all users, learns how to weight dissimilarities. The global SVM classifier is trained using genuine and forgery signatures of subjects that are excluded from the test set, while userdependent SVMs are separately trained for each subject using genuine and random forgeries. The fusion of all classifiers (global and user-dependent classifiers trained with each feature type), achieves a 15.41% equal error rate in skilled forgery test, in the GPDS-160 signature database without using any skilled forgeries in training