1.1 Biometric authentication and encryption
Shankar Raghavan (PMP student University of Washington)
human to remember, and most
Biometrics are data obtained from a
importantly, c. its always conveniently
person based on his or her physiological
there with the person. The symmetric
or behavioral characteristics. Biometric
and asymmetric keys are impossible to
data is attractive in the field of
be remembered in the human brain. The
cryptography for uniquely identifying
convenience of neither having to
and authenticating a person or to be used
remember anything, nor carry anything,
as a key for encrypting data that can be
makes biometric authentication a very
uniquely decrypted by the same person
attractive proposition.
later. These two areas are the focus of
2. Biometric identifiers
this paper.
Fingerprint, facial images, iris
1. Why biometrics for
recognition, retinal scanning, hand
authentication?
geometry, voice and signatures are the
popular biometric technologies used.
Biometrics have the advantages of being
Umut et al [1] give a comparison of the
a. unique for a person with no chance of
different biometric identifiers and the
unintentional duplication, b. much
table below summarizes that:
longer and random compared to a
password that is within the ability of a
Biometric Identifier
Face
Fingerprint
Universality
High
Medium
Distinctiveness
Low
High
Permanence
Medium
Medium
Hand geometry
Iris
Retinal
Signature
Voice
Medium
High
High
Low
Medium
Medium
High
High
Low
Low
Medium
High
High
Low
Low
Performance
Low
MediumHigh
Medium
High
High
Low
Low
Acceptability
High
Medium
Medium
Low
Low
High
High
Universality: Do all people have it?
Distinctiveness: Can people be distinguished based on that identifier?
Permanence: Does the identifier change its features with time?
Performance: How accurate is the technique and how fast can it measure?
Acceptability: Willingness of people to use it.
Fingerprints are one of the oldest forms
of biometric identifiers and continue
being the most frequently deployed
biometric system due to their proven
track record. Finger prints are unique to
each person (even identical twins) and
each finger. The basis for identification
was primarily based on minutiae that
mark ends or bifurcation of ridges and
shown as the white lines in fig 1 below.
The orientation and location of these
minutiae is recorded and compared.
About 10-11 minutiae are sufficient in
uniquely identifying a person. An
elaborate indexing system known as the
“Henry system” was also used widely
later and is adopted by computer based
identification schemes for classification.
The minutiae form a triplet (x, y, θ),
where x and y are their location (of the
point of ridge ending or bifurcation) and
θ is the point of orientation of the
minutiae (as if the ridge continued in the
ridge ending case).
remove glasses, place their eye close to
the device, and focus on a certain point.
This has been the main drawback as
users feel uncomfortable with agreeing
to be examined in this manner.
Hand geometry involves measurements
of the human hand, including its shape,
and lengths and widths of the fingers,
can be used as biometric characteristics.
However this may not be invariant over
the lifespan of an individual.
The other types of scan are not described
further in this paper as they may not be
as widely used in the future.
3. Biometric authentication
systems
Fig 1
Iris scans analyze the features that exist
in the colored tissue surrounding the
pupil which has more than 200 points
that can be used for comparison,
including rings, furrows and freckles.
The scans use a regular video camera
style and can be done from further away
than a retinal scan. The uniqueness of
eyes, even between the left and right eye
of the same person, makes iris scanning
very powerful for identification
purposes. The likelihood of a false
positive is extremely low and its relative
speed and ease of use make it a great
potential biometric. The only drawbacks
are the potential difficulty in getting
someone to hold their head in the right
spot for the scan if they are not doing the
scan willingly.
Retinal scanning analyses the layer of
blood vessels at the back of the eye.
Scanning involves using a low-intensity
light source and an optical coupler and
can read the patterns at a great level of
accuracy. It does require the user to
The authentication mechanism is
described by fig 2 below [2]. Logically
the authentication can be divided into an
enrollment module and identification
module. During enrollment phase, the
biometric characteristics are scanned by
a sensor to obtain a digital characteristic.
To facilitate the matching and reduce the
space, its further processed by a feature
extractor before moving it to a template
database.
Fig 2
There are two basic types of recognition
errors viz the false accept rate FAR (aka
FMR or false match rate) and the false
reject rate FRR (aka FNMR or false non
match rate). If a non-matching pair of
fingerprints is accepted as a match, it is
called a false accept. On the other hand,
if a matching pair of fingerprints is
rejected by the system, it is called a false
reject. In a biometric authentication
system, the relative false accept and
false reject rates can be set by choosing
a particular operating point (i.e., a
detection threshold). By setting a high
threshold for acceptance, the FAR error
can be close to zero, and similarly by
setting a significantly low threshold, the
FRR rate can be close to zero. A
meaningful operating point for the
threshold is decided based on the
application requirements, and the FAR
versus FRR error rates at that operating
point may be quite different. To provide
high security, biometric systems operate
at a low FAR instead of the commonly
recommended equal error rate (EER)
operating point where FAR = FRR.
System vulnerabilities
Fig 3 shows threat points on the
authentication system described above.
Fig 3
Type 1 attack involves presenting a fake
biometric and is known as the data
acquisition attack.
Submitting a previously intercepted
biometric data constitutes the second
type of attack known as replay attack.
In the third type of attack, the feature
extractor module is compromised to
produce feature values selected by the
attacker. Genuine feature values are
replaced with the ones selected by the
attacker in the fourth type of attack.
Matcher can be modified to output an
artificially high matching score in the
fifth type of attack. The attack on the
template database (e.g., adding a new
template, modifying an existing
template, removing templates, etc.)
constitutes the sixth type of attack. The
transmission medium between the
template database and matcher is
attacked in the seventh type of attack,
resulting in the alteration of the
transmitted templates. Finally, the
matcher result (accept or reject) can be
overridden by the attacker in type 8.
Vulnerabilities against data
acquisition and other attacks
Of all the attacks described above, Type
1 data acquisition attacks are the most
serious and one seen as not completely
solvable. A biometric identifier once
stolen, is stolen for life (or 1 of 10 times
for a finger print assuming all fingers
can be used). An authority can issue a
new PIN number or key and also
periodically expire keys to limit
compromise, but cannot do the same
with biometrics. Also, this attack
operates in the analog domain and hence
digital protections like encryption,
hashing, digital signature are not
applicable. Hence its important we use
biometric identifiers that are difficult to
duplicate. The following section presents
fingerprint attacks, two of type 1 (and
mitigations of these in the other
biometric identifiers like iris or retinal
scanning) and one of type 4.
Dummy finger
Uludag and Jain [3] present a method to
create dummy fingers with or without
the cooperation of the owner. In case the
owner cooperates (possibly cooperation
means even a corpse!), its involves
creating a cast and filling with liquid
silicone rubber, and then extracting a
wafer thin artificial silicon finger which
can fit on top of a real finger. Without a
cast it involves enhancing the prints left
on objects by the owner with powder,
taking photo and transferring it to a
printed circuit board and etching out the
material to produce the dummy. The
main threat posed by this ability to
produce wafer thin silicon dummy
fingers is that it can beat all the hurdles
put by manufacturers to test temperature,
conductivity, heartbeat and dielectric
constant to distinguish a real finger from
a dielectric finger – since a wafer thin
finger is almost in contact with the
attacker’s body and generate these
variables. Also these parameters don’t
work well when the system has tuned to
accept tolerances (to reduce FRR) in
different environmental conditions (eg
summer vs winter).
constant movement of the pupil of the
eye can be added as part of the pattern
recognition. The latter will also help
prevent false positives that can be
generated by putting high resolution
images of a person’s iris in front of a
camera.
Hill climbing attack (type 4)
Uldug and Jain [3] describe a hill
climbing attack that can be carried out
by attacking the feature extraction. The
algorithm is as follows:
i. Attacker generates a set of synthetic
template for a user.
ii. Send them to the matcher and
intercept the matching scores.
iii. Declare the best guess to be the
template with highest matching
score.
iv. Modify this best template by
modifying an existing minutia,
adding a new one, or deleting an
existing one.
v. If any of these attempts results in
being accepted by the matcher and a
higher matching score, then choose
that template and stop the attack.
Defence against the attacks
Gummy fingers
Matsumoto attacked 11 different
fingerprint verification systems with
artificially created gummy (gelatin)
fingers. A residual fingerprint from a
glass plate is enhanced with a
cyanoacrylate adhesive. After capturing
an image of the print, PCB based
processing similar to the operation
described above is used to create the
gummy fingers.
Iris/retinal scanning mitigation of type 1
Both iris and retinal biometrics
degenerate very quickly on a dead
corpse. In addition measurements of the
Liveness detection – Type 1 defence
To thwart these attacks two software
based methods were used for fingerprint
liveness detection as described in [3]. In
the static method, the periodicity of the
sweat pores along the ridges was
measured, while in the dynamic method,
the sweat diffusion pattern over a time of
5 seconds was measured. The EER was
10% for static method and 11-39% for
dynamic method.
WSQ data hiding – Type 2 defence
The Wavelet Scalar Quantization image
compression scheme is a good way to
transmit finger print or retinal scans due
to their low image distortion
characteristics. Ratha/Bolle [4] suggest a
method of data hiding or steganography
to embed additional information directly
in the compressed finger print images.
This is mainly to prevent replay attacks.
The service provider issues a different
verification string for each transaction.
The string is mixed in with the finger
print image before transmission in such a
manner that it causes minimal impact on
the decompressed image. The location of
the string is dependent on the structure
of the image itself rather than putting it
in a fixed location that can easily be
hacked.
Cancelable biometrics
The invariance of biometrics over time is
one of its biggest liabilities, once
compromised its done for ever. In order
to alleviate this problem, atleast with
respect to type 1 or 2 attacks where the
biometrics are compromised over the
wire rather than before the sensor,
intentional and repeatable distortion of
the biometric is done. With this
approach, every instance of enrollment
can use a different transform, rendering
cross-matching impossible. In the event
of a compromise, the distortion function
is simply modified. Examples of
distortion functions include grid
morphing and block permutation.
Image based Challenge response system
Ratha et al [4] describes a challenge
response system based on a challenge to
the sensor. The sensor is assumed to
have enough intelligence to respond to
the challenge. For eg: silicon fingerprint
scanners with an embedded processor.
The server issues a challenge based on
the image to a client system over a
communication channel. For eg it may
pass a challenge string followed by
numbers 10, 30, 100. The client system
passes the challenge to the intelligent
sensor which responds by picking the
10th, 30th and 100th pixel values and
sending them back to the server. It also
sends the image, which the server
crosschecks.
4. Fuzziness in biometrics
One of the interesting problems for
cryptography in biometric
authentication/encryption is that of
overcoming the unpredictability in
producing identical data by the same
subject. This can happen especially with
certain biometrics like facial features or
finger prints (a dry skin finger print and
a skin with enough moisture will yield
different prints for the same person at
different times). Biometric systems are
also error prone and can cause the
unpredictability.
A particular problem is in generating
hash codes for storing biometric data.
Passwords can be hashed one-way and
stored, and the hashes can be compared
during authentication. This is not
possible in biometric data since the input
presented during authentication changes
each time.
Fuzzy commitment scheme
To solve the above issue, Juels and
Wattenberg [5] present a fuzzy
commitment scheme that uses error
correcting code in order to have a
slightly different biometric data still
authenticate. The enrollment process
uses the subject’s biometric x and
generates a codeword c which is near to
x (say a lattice point in the same block as
x) to which the subject commits to use as
the secret. Next the system generates a
hash of c and a delta between x and c.
The function y which is hash of c is the
fuzzy commitment of c and does not
reveal much about x. During
authentication, when presented with x’,
the system can subtract the delta and
then use a decoding function to obtain
c’. The decommitment is successful if
hash of c’ = y.
Another alternative presented was to
simply use the hamming distance or the
Euclidian distance to calculate the
difference between x and x’ and have a
threshold to declare a match in them.
Fuzzy vault scheme
Juels and Madhusudan [6] presented a
fuzzy vault system as a variant to the
fuzzy commitment scheme. This is a
cryptographic construction where Alice
can lock her secret using the set A and
Bob will be able to unlock that secret
with his own set B provided A overlaps
enough with B. The sets A and B may be
unordered sets. In relevance to
biometrics, the set A is Alice’s biometric
template, and the set B is again Alice’s
biometric template but when rescanned.
The algorithm for locking a secret c
under set A is as follows: Alice selects a
polynomial p with an embedding of c in
its coefficients. She computes
evaluations of p on the set A. She then
creates a random set of points that do not
lie in this polynomial. These serve the
purpose of creating random noise and
hence conceal the polynomial p from the
attacker.
The authentication or unlock mechanism
using set B is as follows: B identifies
many points and hence is able to recover
a set of points that is largely correct but
contain some amount of noise. It uses an
error correcting code called the Reed
Solomon code to remove the noise. If
successful in decrypting, this code
outputs a polynomial intersecting the
large number of input points.
Identity based encryption
An application of biometrics besides
authentication is identity based
encryption. This allows a sender to
encrypt without the use of any other key.
This is something in between
asymmetric and symmetric key
encryption application in that the
decryption happens with a key that has a
subset of attributes or information of the
encryption key. Shamir’s secret sharing
algorithm can be used as a means of
realizing this goal of exchanging a secret
provided n of N attributes match. His
method involves constructing a
polynomial of degree n – 1 (with n-1
coefficients) and providing N attributes
that are points of this polynomial. We
can determine the coefficients by
knowing any n points of the polynomial
and hence determine the value of the
polynomial at a particular point. The
biometric encryption reduces to finding
a polynomial of degree n that satisfies
these N points, any n at a time. The N
may represent the initial minutiae of the
finger print during enrollment, and n
may represent the minutiae that matched
with the original scan.
This method above is not resistant to
collision attacks. As shown in figure 4
below, attacker Bob whose fake finger
print attributes are depicted by dark
brown color cannot match with Alice’s
finger prints because there are only 3
matches, 1 less than the threshold
required by the matcher. However, he
combines his attributes with his friend
Carol (depicted by light brown) possibly
by overlapping the minutiae and
presenting it for authentication. Now
there are 4 matches as required by the
matcher having a threshold of 4.
in comparison to passwords which are
part of the dictionary. In ATMs,
hospitals and public places where the
subject has much less resources and time
and needs to be on the move while
getting his work done, biometrics
provides a simple and quick means of
identification and authentication.
Fig 4
To overcome this problem, Sahai and
Waters [5] present a fuzzy identity based
encryption solution that uses bilinear
maps where the pairing e:GxG  G1 is
e(g a,g b) = e(g ,g ) ab. g Є G. When an
authority is creating a private key for a
user he will associate a random d − 1
degree polynomial, q(x), with each user
with the restriction that each polynomial
have the same valuation at point 0, that
is q(0) = y. For each of the attributes
associated with a user’s identity the key
generation algorithm will issue a private
key component that is tied to the user’s
random polynomial q(x). If the user is
able to “match” at least d components of
the ciphertext with their private key
components, then they will be able to
perform decryption. However, since the
private key components are tied to
random polynomials, multiple users are
unable to combine them in anyway that
allows for collusion attacks.
5. Conclusion
Its likely that biometrics will expand
their encryption in various applications
especially in public places where a
person can be physically verified as
existing at the time he presents his
biometric data. The main advantage of
biometrics is the convenience of not
having to remember or carry anything
and providing a much better protection
However biometrics do not have the
ability to replace standard digital
cryptography because of its limitations
in a) in data acquisistion attacks b) in
revoking/rolling over/reissuing a key
once compromised and c) in computing
exact matches because of the variances
of biometric data. Fuzzy logic
commitment was the area described in
the last section to answer issues on the
last point (c).
References
1. Biometric cryptosystems: Issues
and Challenges : Umut Uludag,
Sharath Pankanti, Salil
Prabhakar, Anil K Jain.
2. Biometric identification : Anil
Jain, Lin Hong, Sharath
Pankanti
3. Attacks on biometric systems :
Umut Uludag, Anil Jain
4. Enhancing security and privacy
in biometrics-based
authentication systems : N.K.
Ratha J.H. Connell, R.M.Bolle
5. Fuzzy identity based encryption :
Amit Sahai and Brent Waters
6. A Fuzzy Commitment Scheme :
Ari Juels and Martin Wattenberg
7. A Fuzzy Vault Scheme : Ari Juels
and Madhusudan