Cancelable Biometrics

Download PDF
9 downloads 2550 Views 3MB Size Report
Comment
PROGRAMMERS. 43C08679B2FD54C6. 5467DDCC9C00AD49. 1 character difference. 65 bits difference !! MD5. HIRE ALL LINUX. PROGRAMMERS. MD5.
IBM Research

Cancelable Biometrics

Nalini K. Ratha* Exploratory Computer Vision Group IBM T. J. Watson Research Center Hawthorne, NY 10532 [email protected] *inputs from J. Connell, R. Bolle, and S. Chikkerur © 2005 IBM Corporation

IBM Research

Revocable/Rescindable/Anonymous/Cancelable biometrics  Introduction – Privacy issues in biometrics – How can privacy be enhanced  Survey of existing methods  Cancelable biometrics – Operational issues – Sample transforms  Conclusions

2

© 2005 IBM Corporation

IBM Research

Large Scale Biometrics Identification  Biometrics identification has become a “must have” tool in homeland security and the next generation intelligent infrastructure – Government: Passports/Visas, Citizen identification, Employee identification – Financial Services: Consumer point-of-sale ID, Confirmation of financial transactions

 These new uses bring new challenges – Meeting expectations for accuracy (false negative/false positive) – Supporting transaction response rates where identification or authentication are involved – Achieving the scale required by emerging applications – Understanding and handling privacy issues

3

© 2005 IBM Corporation

IBM Research

Large scale and Cancelable are not different …

Large collection leads to privacy issues

… Two sides of the same coin 4

© 2005 IBM Corporation

IBM Research

Attack model

Formidable adversaries:  Thieves  Hackers  Users  Customers  Employees  Merchants  Competitors  Competitors’ governments

5

© 2005 IBM Corporation

IBM Research

Attack Methods Hardware/Software/Database Attacks    

Trojan horse for feature extractor Trojan horse for matcher Overriding templates Feature-based dictionary attack

Other Attacks       

Phishing Farming Hill climbing attack Swamping attack Piggy-back attack Spoofing the sensor Collusion at the enrollment process

Channel Attacks    

6

Override result Replay attack Channel attack between matcher and template DB Channel attack at the enrollment time

© 2005 IBM Corporation

IBM Research

Biometrics vs. Passwords Biometrics

Passwords

Internal representation

Features (constant size features vs. variable size features from signal)

Hash of the password string

Size

Usually about 100 bytes or more

Typically 6-8 alphanumeric characters

Data input

Constantly varying

Always the same

Match algorithm

Inexact, fuzzy, Never 100%

Exact, 100%

Non-Repudiation

Yes (mostly)

No

Revocability

No

Yes (easily)

7

© 2005 IBM Corporation

IBM Research

Biometrics and public perception In a 2002 poll commissioned by SEARCH (funded by US Bureau of Justice Statistics) - 88% were concerned about possible misuse of their biometrics data - 80% were comfortable with the use of biometrics “as a means of helping prevent crimes”

8

© 2005 IBM Corporation

IBM Research

Issues  You give up part of yourself that is unique to you  The use of biometrics introduces a problem: biometrics cannot be replaced – biometrics is not a secret – once compromised, compromised forever

 What if a biometric is compared: cross matching? – Biometrics collected for one application can be shared to retrieve other private information (health care, law-enforcement, financial background)

Can we find a function which permits us to safely replace biometrics just like stolen credit cards...

9

© 2005 IBM Corporation

IBM Research

Hashing as a solution

B

One way hash T()

T(B) DB Enrollment

B’

One way hash T()

T(B’)

Match T(B),T(B’) Matching





10

Privacy: The original biometric is not stored Each application uses a different transformation function Security It is computationally hard to recover B given T(B) © 2005 IBM Corporation

IBM Research

Hash Functions : Ideal for passwords and text HIRE ALL LINUX PROGRAMMERS

1 character difference

MD5

33B21856A91D2FBB 5BC4144C69B23F85

65 bits difference !!

FIRE ALL LINUX PROGRAMMERS MD5

43C08679B2FD54C6 5467DDCC9C00AD49

Can we simply hash a fingerprint?! 11

© 2005 IBM Corporation

IBM Research

Hashing : Doesn’t work for biometrics 26 points match

OK 15 points don’t match

MD5

F313C86188DDE96b D48AD58CDECDB9E8 12

MD5

Don’t match at ALL !!

80BC979099C2FA64 3E4C5432A03E01B8 © 2005 IBM Corporation

IBM Research

Solutions?  Crypto community: – Reduce uncertainty of the biometric - quantization – Borrow randomness from key to compensate for lost entropy – Approaches – Biometric Hardening (Goh et al ‘03, Teoh et al ‘04, Soutar et. Al ‘98) – Biometric Keying (Davida et al. ‘98, Monrose ‘99, Monrose ’01) – Fuzzy techniques (Juels & Watenberg ’98, Juels & Sudan 02, Dodis 04, Tuyls 04)  Biometric community: – Mask the original biometric – preserves entropy (CMU) – Cancelable biometrics (IBM)

13

© 2005 IBM Corporation

IBM Research

Biometric Hardening  

Template is combined with user specific random information This is similar to “salting” of passwords before hashing

Feature Extraction

Feature Salting

Error Tolerant Discretization

Goh and Ngo, 2003 •Face Biometrics •`Eigen faces’ features

•Features are projected on to user specific orthogonal random vectors

•Binary values are derived using quantization •The key acts as a Shamir secret key share

Soutar et al,1998

•Fourier features are multiplied with user specific random phase array

•Binary values are derived using quantization •Key is embedded using a redundant lookup table

•Fingerprints •Fourier transform features

High uncertainty 14

Zero uncertainty © 2005 IBM Corporation

IBM Research

Biometric Keying   

The binary key is directly derived from the biometric template The transformation has to be error tolerant More scalable than ‘biometric hardening’ methods Feature Extraction

Davida et al., 1998 •Iris Biometric •Iris code features

Binarization

Error tolerant Representation

•Features are already binary

•User specific hamming codes are used to correct errors caused by offsets

•Binarization is done by comparing feature value with a global threshold ‘T’

•Consistency of each feature is learned over time for each user

Monrose et al., 1999 •Key stroke dynamics •Key duration and latency time features •Monrose et al., 2001 •Speech biometric •Cepstral features 15

•The inconsistent features are discarded © 2005 IBM Corporation

IBM Research

Biometric Hardening  

Template is combined with user specific random information. This is similar to `salting` of passwords before hashing

Feature Extraction

Feature Salting

Error Tolerant Discretization

Goh and Ngo, 2003 •Face Biometrics •`Eigen faces’ features

•Features are projected on to user specific orthogonal random vectors

•Binary values are derived using quantization •The key acts as a Shamir secret key share

Soutar et al,1998

•Fourier features are multiplied with user specific random phase array

•Binary values are derived using quantization •Key is embedded using a redundant lookup table

•Fingerprints •Fourier transform features

High uncertainty 16

Zero uncertainty © 2005 IBM Corporation

IBM Research

Cancelable signal transform (CMU)

Requires the use of the MACE correlation engine

17

© 2005 IBM Corporation

IBM Research

IBM Solution: Cancelable Biometrics  Intentional repeatable distortion – alters signal but still in correct format – generates a similar signal each time  Compromised scenario: – a new distortion creates a new biometrics  Comparison scenario: – different distortions for different accounts 18

© New Yorker Magazine (Charles Addams)

© 2005 IBM Corporation

IBM Research

Cancelable Biometrics: Example Two images of the same face MATCH

DON’T MATCH

repeatable distortion

DON’T MATCH

MATCH

19

© 2005 IBM Corporation

IBM Research

Operational Issues Application:  Must be applied directly at the sensor  There should be no scope for the original signal to leave the sensor  The transform can be applied at – signal level – feature level Registration:  For repeatability, often we have to register (align) before applying any distortion transform  Use invariant points to align two patterns – core and delta in fingerprint images – nose and mouth in face images

20

© 2005 IBM Corporation

IBM Research

Cancelable Biometrics vs. Biometric Cryptography Ideal

Cancelable Biometric Biometrics Hardening

Biometric Keying

Fuzzy Techniques

Applicable for fingerprints(minutiae)?

YES

YES

NO

NO

YES (Juels et al, Uludag et. al)

Preserves representation? Retains entropy?

YES/ NO Yes

YES

NO

NO

NO

YES

No

No

Yes

Revocable

YES

YES

YES

NO

NO

Made in IBM! 21

© 2005 IBM Corporation

IBM Research

Real example: two images of the same face

22

© 2005 IBM Corporation

IBM Research

Registration and Distortion

23

© 2005 IBM Corporation

IBM Research

Images look similar, but not like the original

24

© 2005 IBM Corporation

IBM Research

Fingerprint example: two impressions Registration based on “core” and “delta”

Original 1 25

Original 2 © 2005 IBM Corporation

IBM Research

Distorted versions still appear similar

Distorted 1

26

Distorted 2

© 2005 IBM Corporation

IBM Research

Minutiae of distortions match, but not to original

Original 1 no match 27

Distorted 2

Distorted 1 match

© 2005 IBM Corporation

IBM Research

Conclusions  Privacy issues in biometrics databases need to be addressed for acceptable mass deployment  Privacy enhancement for biometrics requires both information security and biometrics experts to contribute  Our initial experimental results are extremely encouraging

28

© 2005 IBM Corporation