Three Factor Scheme for Biometric-Based Cryptographic Key ...

Three Factor Scheme for Biometric-Based Cryptographic Key Regeneration Using Iris Sanjay KANADE, Danielle CAMARA, Emine KRICHEN, Dijana PETROVSKA-DELACRÉTAZ, and Bernadette DORIZZI TELECOM & Management SudParis Evry, France Last Updated 17th September, 2008

This work was funded by the French Agence Nationale de la Recherche project BIOTYFUL

Outline • • • • • •

Why Combine Biometrics with Cryptography State of the art Existing works based on iris Iris Code Matching as Error Correction Problem Iris Code Shuffling Increasing Error Correction Capability of Hadamard Code • Experimental Results • Security Analysis • Conclusions and Discussions October 16, 2008

Biometrics Based Cryptographic Key Regeneration using Iris

2

Why Combine Biometrics with Cryptography • Shortcomings of Biometrics: – Biometric data is noisy – Lack of revocability: - Biometric templates once stolen/compromised cannot be replaced and new template cannot be issued – No template diversity

• Shortcomings of Cryptography: – Easy to guess and can be stolen – No strong link between authenticator & user identity October 16, 2008


3

State of the Art Three main categories: • Protecting biometrics and adding revocability to biometrics – e.g. cancelable biometrics, etc. • Cryptographic key generation from biometrics – e.g. Hardened password, Fuzzy extractors, etc. • Cryptographic key regeneration using biometrics – e.g. fuzzy vault, fuzzy commitment, etc. October 16, 2008


4

Existing Works on Key Regeneration Using Iris • Hao et al. scheme – Uses Reed-Solomon and Hadamard codes for correcting errors in iris codes – 25% error correction is possible – Cannot change error correction capability of Hadamard codes – For comparatively noisy databases (like ICE), this scheme cannot work because many genuine comparisons have Hamming distance greater than 25%

• Bringer et al. scheme – Reed-Muller and Product codes are used – The keys generated by this scheme are small (42 bits) October 16, 2008


5

Iris Code Matching as Error Correction Problem K

K’ Data Encoder

Noisy Communication Channel

Data Decoder

Noise causing elements Iris Code 1 Iris Code 2

• Variations in iris codes are treated as errors and are corrected by the decoder. • Error correcting capacity of the decoder should be such that it can separate genuine users from impostors • On successful error correction, K=K’ which is used as cryptographic key October 16, 2008


6

Schematic Diagram of the Key Regeneration Scheme

October 16, 2008


7

Iris Code Shuffling • A shuffling key is generated using a password • Iris code is divided into blocks; number of blocks = number of bits in shuffling key • If a bit in the key is 1, corresponding iris code block is moved to the beginning; otherwise it is moved to the end • This scheme increases Hamming distance for impostors, but for genuine users Hamming distance is unchanged October 16, 2008


8

Iris Code Shuffling – Schematic Diagram

October 16, 2008


9

Hamming Distance Distributions – Before and After Shuffling

Overlap between genuine and impostor users’ Hamming distance is decreased because of shuffling October 16, 2008


10

Error Correcting Codes • Iris codes have two types of errors: – Background errors:- Due to camera noise, iris distortion, image-capture effects, etc. These are uniformly distributed – Burst errors:- Due to eye-lids, eye-lashes, and specular reflections. These occur as bursts.

• We use Hadamard code to correct background errors and Reed-Solomon Codes to correct burst errors October 16, 2008


11

Increasing Error Correction Capability of Hadamard Code • Hadamard code’s inherent error correction capacity is 25% which cannot be changed. Large number of genuine users comparisons where the hamming distance is more 25%. • Adding similarity to the data can change the error distribution by decreasing the number of errors in a block – Let there be p errors in n bits – Adding q zeros uniformly to n will change the error ratio to R=p/(q+n); if R < 25%, p errors can be corrected – Thus by changing q we can change (increase) the error correction capacity of Hadamard code October 16, 2008


12

Database Used for System Evaluation • NIST-ICE Database – Exp-1 - 1,425 images of right irises of 124 users • 12,214 genuine and 1,002,386 impostor comparisons

– Exp-2 - 1,528 images of left irises of 120 users • 14,653 genuine and 1,151,975 impostor comparisons

October 16, 2008


13

Experimental Results • Experimental parameters • m = 6, Number of bits in each Reed-Solomon code block • ns = 61, Number of blocks after Reed-Solomon encoding • 8 zeros added to every 12 bits in the iris code; modified iris code length = 1,980, which is truncated to 1,952 bits. • ts Error correction capability of Reed-Solomon Code

ICE-Exp-1

ICE-Exp-2

FAR

FRR

FAR

FRR

234

0.0008

2.48

0.003

3.49

14

198

0.055

1.04

0.124

1.41

15

186

0.096

0.76

0.21

1.09

ts

Key Length

11

• ts acts as threshold by adjusting which we can fine tune the system performance October 16, 2008


14

Security Analysis 2N Entropy H = log 2 ⎛N⎞ ⎜ ⎟ ⎝w ⎠ N is the number of degrees of freedom which can be calculated as

N = p (1 − p ) / σ 2 where p = mean of the binomial distribution, and σ = standard deviation of the distribution w = number of bits corresponding to the error correction capacity (which is 35%) In our experiments, N = 1,172, w = 410 corresponding to 35% error correction capacity, thus

Entropy of the key, H ≈ 83 bits October 16, 2008


15

Comparison With Other Iris Based Systems Authors

ECC

Key Bits FRR in %

FAR in %

Entropy in bits

Database

Hao et al.[2]

RSH

140

0.47

0

44

proprietary

Bringer et al.[1]

RMP

42

5.62

10-5

-

ICE

-

RSH

186

0.76

0.096

83

ICE-Exp-1

-

RSH

234

2.48

0.0008

83

ICE-Exp-1

• RSH – Reed-Solomon and Hadamard codes • RMP – Reed-Muller and Product codes [1] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zémor, "Optimal iris fuzzy sketches," in IEEE Conference on Biometrics: Theory, Applications and Systems, 2007. [2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, 2006.

October 16, 2008


16

Conclusions and Discussions •

Shuffling makes the iris codes more random, which helps in increasing the entropy; also it acts as interleaver and helps in error correction by distributing the error bursts

•

The zero insertion scheme increases the error correction capability of Hadamard code which is otherwise fixed

•

Longer keys compared to other schemes can be obtained with the proposed scheme which will have nearly 83 bit entropy

•

The keys obtained with this scheme can be used in cryptographic systems; otherwise Hash values of the original and regenerated keys can be compared to securely verify the user

•

The locked iris template does not reveal any biometric information thereby protecting the biometric data

•

In case of compromise detection, the cryptographic key, smart card, and password can be changed and a new template can be issued; thus the templates are revocable

October 16, 2008


17

Contacts For further questions, please contact – [email protected] [email protected] [email protected]

October 16, 2008


18

Thank You !