IBM Research
Cancelable Biometrics
Nalini K. Ratha* Exploratory Computer Vision Group IBM T. J. Watson Research Center Hawthorne, NY 10532
[email protected] *inputs from J. Connell, R. Bolle, and S. Chikkerur © 2005 IBM Corporation
IBM Research
Revocable/Rescindable/Anonymous/Cancelable biometrics Introduction – Privacy issues in biometrics – How can privacy be enhanced Survey of existing methods Cancelable biometrics – Operational issues – Sample transforms Conclusions
2
© 2005 IBM Corporation
IBM Research
Large Scale Biometrics Identification Biometrics identification has become a “must have” tool in homeland security and the next generation intelligent infrastructure – Government: Passports/Visas, Citizen identification, Employee identification – Financial Services: Consumer point-of-sale ID, Confirmation of financial transactions
These new uses bring new challenges – Meeting expectations for accuracy (false negative/false positive) – Supporting transaction response rates where identification or authentication are involved – Achieving the scale required by emerging applications – Understanding and handling privacy issues
3
© 2005 IBM Corporation
IBM Research
Large scale and Cancelable are not different …
Large collection leads to privacy issues
… Two sides of the same coin 4
© 2005 IBM Corporation
IBM Research
Attack model
Formidable adversaries: Thieves Hackers Users Customers Employees Merchants Competitors Competitors’ governments
5
© 2005 IBM Corporation
IBM Research
Attack Methods Hardware/Software/Database Attacks
Trojan horse for feature extractor Trojan horse for matcher Overriding templates Feature-based dictionary attack
Other Attacks
Phishing Farming Hill climbing attack Swamping attack Piggy-back attack Spoofing the sensor Collusion at the enrollment process
Channel Attacks
6
Override result Replay attack Channel attack between matcher and template DB Channel attack at the enrollment time
© 2005 IBM Corporation
IBM Research
Biometrics vs. Passwords Biometrics
Passwords
Internal representation
Features (constant size features vs. variable size features from signal)
Hash of the password string
Size
Usually about 100 bytes or more
Typically 6-8 alphanumeric characters
Data input
Constantly varying
Always the same
Match algorithm
Inexact, fuzzy, Never 100%
Exact, 100%
Non-Repudiation
Yes (mostly)
No
Revocability
No
Yes (easily)
7
© 2005 IBM Corporation
IBM Research
Biometrics and public perception In a 2002 poll commissioned by SEARCH (funded by US Bureau of Justice Statistics) - 88% were concerned about possible misuse of their biometrics data - 80% were comfortable with the use of biometrics “as a means of helping prevent crimes”
8
© 2005 IBM Corporation
IBM Research
Issues You give up part of yourself that is unique to you The use of biometrics introduces a problem: biometrics cannot be replaced – biometrics is not a secret – once compromised, compromised forever
What if a biometric is compared: cross matching? – Biometrics collected for one application can be shared to retrieve other private information (health care, law-enforcement, financial background)
Can we find a function which permits us to safely replace biometrics just like stolen credit cards...
9
© 2005 IBM Corporation
IBM Research
Hashing as a solution
B
One way hash T()
T(B) DB Enrollment
B’
One way hash T()
T(B’)
Match T(B),T(B’) Matching
10
Privacy: The original biometric is not stored Each application uses a different transformation function Security It is computationally hard to recover B given T(B) © 2005 IBM Corporation
IBM Research
Hash Functions : Ideal for passwords and text HIRE ALL LINUX PROGRAMMERS
1 character difference
MD5
33B21856A91D2FBB 5BC4144C69B23F85
65 bits difference !!
FIRE ALL LINUX PROGRAMMERS MD5
43C08679B2FD54C6 5467DDCC9C00AD49
Can we simply hash a fingerprint?! 11
© 2005 IBM Corporation
IBM Research
Hashing : Doesn’t work for biometrics 26 points match
OK 15 points don’t match
MD5
F313C86188DDE96b D48AD58CDECDB9E8 12
MD5
Don’t match at ALL !!
80BC979099C2FA64 3E4C5432A03E01B8 © 2005 IBM Corporation
IBM Research
Solutions? Crypto community: – Reduce uncertainty of the biometric - quantization – Borrow randomness from key to compensate for lost entropy – Approaches – Biometric Hardening (Goh et al ‘03, Teoh et al ‘04, Soutar et. Al ‘98) – Biometric Keying (Davida et al. ‘98, Monrose ‘99, Monrose ’01) – Fuzzy techniques (Juels & Watenberg ’98, Juels & Sudan 02, Dodis 04, Tuyls 04) Biometric community: – Mask the original biometric – preserves entropy (CMU) – Cancelable biometrics (IBM)
13
© 2005 IBM Corporation
IBM Research
Biometric Hardening
Template is combined with user specific random information This is similar to “salting” of passwords before hashing
Feature Extraction
Feature Salting
Error Tolerant Discretization
Goh and Ngo, 2003 •Face Biometrics •`Eigen faces’ features
•Features are projected on to user specific orthogonal random vectors
•Binary values are derived using quantization •The key acts as a Shamir secret key share
Soutar et al,1998
•Fourier features are multiplied with user specific random phase array
•Binary values are derived using quantization •Key is embedded using a redundant lookup table
•Fingerprints •Fourier transform features
High uncertainty 14
Zero uncertainty © 2005 IBM Corporation
IBM Research
Biometric Keying
The binary key is directly derived from the biometric template The transformation has to be error tolerant More scalable than ‘biometric hardening’ methods Feature Extraction
Davida et al., 1998 •Iris Biometric •Iris code features
Binarization
Error tolerant Representation
•Features are already binary
•User specific hamming codes are used to correct errors caused by offsets
•Binarization is done by comparing feature value with a global threshold ‘T’
•Consistency of each feature is learned over time for each user
Monrose et al., 1999 •Key stroke dynamics •Key duration and latency time features •Monrose et al., 2001 •Speech biometric •Cepstral features 15
•The inconsistent features are discarded © 2005 IBM Corporation
IBM Research
Biometric Hardening
Template is combined with user specific random information. This is similar to `salting` of passwords before hashing
Feature Extraction
Feature Salting
Error Tolerant Discretization
Goh and Ngo, 2003 •Face Biometrics •`Eigen faces’ features
•Features are projected on to user specific orthogonal random vectors
•Binary values are derived using quantization •The key acts as a Shamir secret key share
Soutar et al,1998
•Fourier features are multiplied with user specific random phase array
•Binary values are derived using quantization •Key is embedded using a redundant lookup table
•Fingerprints •Fourier transform features
High uncertainty 16
Zero uncertainty © 2005 IBM Corporation
IBM Research
Cancelable signal transform (CMU)
Requires the use of the MACE correlation engine
17
© 2005 IBM Corporation
IBM Research
IBM Solution: Cancelable Biometrics Intentional repeatable distortion – alters signal but still in correct format – generates a similar signal each time Compromised scenario: – a new distortion creates a new biometrics Comparison scenario: – different distortions for different accounts 18
© New Yorker Magazine (Charles Addams)
© 2005 IBM Corporation
IBM Research
Cancelable Biometrics: Example Two images of the same face MATCH
DON’T MATCH
repeatable distortion
DON’T MATCH
MATCH
19
© 2005 IBM Corporation
IBM Research
Operational Issues Application: Must be applied directly at the sensor There should be no scope for the original signal to leave the sensor The transform can be applied at – signal level – feature level Registration: For repeatability, often we have to register (align) before applying any distortion transform Use invariant points to align two patterns – core and delta in fingerprint images – nose and mouth in face images
20
© 2005 IBM Corporation
IBM Research
Cancelable Biometrics vs. Biometric Cryptography Ideal
Cancelable Biometric Biometrics Hardening
Biometric Keying
Fuzzy Techniques
Applicable for fingerprints(minutiae)?
YES
YES
NO
NO
YES (Juels et al, Uludag et. al)
Preserves representation? Retains entropy?
YES/ NO Yes
YES
NO
NO
NO
YES
No
No
Yes
Revocable
YES
YES
YES
NO
NO
Made in IBM! 21
© 2005 IBM Corporation
IBM Research
Real example: two images of the same face
22
© 2005 IBM Corporation
IBM Research
Registration and Distortion
23
© 2005 IBM Corporation
IBM Research
Images look similar, but not like the original
24
© 2005 IBM Corporation
IBM Research
Fingerprint example: two impressions Registration based on “core” and “delta”
Original 1 25
Original 2 © 2005 IBM Corporation
IBM Research
Distorted versions still appear similar
Distorted 1
26
Distorted 2
© 2005 IBM Corporation
IBM Research
Minutiae of distortions match, but not to original
Original 1 no match 27
Distorted 2
Distorted 1 match
© 2005 IBM Corporation
IBM Research
Conclusions Privacy issues in biometrics databases need to be addressed for acceptable mass deployment Privacy enhancement for biometrics requires both information security and biometrics experts to contribute Our initial experimental results are extremely encouraging
28
© 2005 IBM Corporation