Three Factor Scheme for Biometric-Based Cryptographic Key Regeneration Using Iris Sanjay KANADE, Danielle CAMARA, Emine KRICHEN, Dijana PETROVSKA-DELACRÉTAZ, and Bernadette DORIZZI TELECOM & Management SudParis Evry, France Last Updated 17th September, 2008
This work was funded by the French Agence Nationale de la Recherche project BIOTYFUL
Outline • • • • • •
Why Combine Biometrics with Cryptography State of the art Existing works based on iris Iris Code Matching as Error Correction Problem Iris Code Shuffling Increasing Error Correction Capability of Hadamard Code • Experimental Results • Security Analysis • Conclusions and Discussions October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
2
Why Combine Biometrics with Cryptography • Shortcomings of Biometrics: – Biometric data is noisy – Lack of revocability: - Biometric templates once stolen/compromised cannot be replaced and new template cannot be issued – No template diversity
• Shortcomings of Cryptography: – Easy to guess and can be stolen – No strong link between authenticator & user identity October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
3
State of the Art Three main categories: • Protecting biometrics and adding revocability to biometrics – e.g. cancelable biometrics, etc. • Cryptographic key generation from biometrics – e.g. Hardened password, Fuzzy extractors, etc. • Cryptographic key regeneration using biometrics – e.g. fuzzy vault, fuzzy commitment, etc. October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
4
Existing Works on Key Regeneration Using Iris • Hao et al. scheme – Uses Reed-Solomon and Hadamard codes for correcting errors in iris codes – 25% error correction is possible – Cannot change error correction capability of Hadamard codes – For comparatively noisy databases (like ICE), this scheme cannot work because many genuine comparisons have Hamming distance greater than 25%
• Bringer et al. scheme – Reed-Muller and Product codes are used – The keys generated by this scheme are small (42 bits) October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
5
Iris Code Matching as Error Correction Problem K
K’ Data Encoder
Noisy Communication Channel
Data Decoder
Noise causing elements Iris Code 1 Iris Code 2
• Variations in iris codes are treated as errors and are corrected by the decoder. • Error correcting capacity of the decoder should be such that it can separate genuine users from impostors • On successful error correction, K=K’ which is used as cryptographic key October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
6
Schematic Diagram of the Key Regeneration Scheme
October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
7
Iris Code Shuffling • A shuffling key is generated using a password • Iris code is divided into blocks; number of blocks = number of bits in shuffling key • If a bit in the key is 1, corresponding iris code block is moved to the beginning; otherwise it is moved to the end • This scheme increases Hamming distance for impostors, but for genuine users Hamming distance is unchanged October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
8
Iris Code Shuffling – Schematic Diagram
October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
9
Hamming Distance Distributions – Before and After Shuffling
Overlap between genuine and impostor users’ Hamming distance is decreased because of shuffling October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
10
Error Correcting Codes • Iris codes have two types of errors: – Background errors:- Due to camera noise, iris distortion, image-capture effects, etc. These are uniformly distributed – Burst errors:- Due to eye-lids, eye-lashes, and specular reflections. These occur as bursts.
• We use Hadamard code to correct background errors and Reed-Solomon Codes to correct burst errors October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
11
Increasing Error Correction Capability of Hadamard Code • Hadamard code’s inherent error correction capacity is 25% which cannot be changed. Large number of genuine users comparisons where the hamming distance is more 25%. • Adding similarity to the data can change the error distribution by decreasing the number of errors in a block – Let there be p errors in n bits – Adding q zeros uniformly to n will change the error ratio to R=p/(q+n); if R < 25%, p errors can be corrected – Thus by changing q we can change (increase) the error correction capacity of Hadamard code October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
12
Database Used for System Evaluation • NIST-ICE Database – Exp-1 - 1,425 images of right irises of 124 users • 12,214 genuine and 1,002,386 impostor comparisons
– Exp-2 - 1,528 images of left irises of 120 users • 14,653 genuine and 1,151,975 impostor comparisons
October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
13
Experimental Results • Experimental parameters • m = 6, Number of bits in each Reed-Solomon code block • ns = 61, Number of blocks after Reed-Solomon encoding • 8 zeros added to every 12 bits in the iris code; modified iris code length = 1,980, which is truncated to 1,952 bits. • ts Error correction capability of Reed-Solomon Code
ICE-Exp-1
ICE-Exp-2
FAR
FRR
FAR
FRR
234
0.0008
2.48
0.003
3.49
14
198
0.055
1.04
0.124
1.41
15
186
0.096
0.76
0.21
1.09
ts
Key Length
11
• ts acts as threshold by adjusting which we can fine tune the system performance October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
14
Security Analysis 2N Entropy H = log 2 ⎛N⎞ ⎜ ⎟ ⎝w ⎠ N is the number of degrees of freedom which can be calculated as
N = p (1 − p ) / σ 2 where p = mean of the binomial distribution, and σ = standard deviation of the distribution w = number of bits corresponding to the error correction capacity (which is 35%) In our experiments, N = 1,172, w = 410 corresponding to 35% error correction capacity, thus
Entropy of the key, H ≈ 83 bits October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
15
Comparison With Other Iris Based Systems Authors
ECC
Key Bits FRR in %
FAR in %
Entropy in bits
Database
Hao et al.[2]
RSH
140
0.47
0
44
proprietary
Bringer et al.[1]
RMP
42
5.62
10-5
-
ICE
-
RSH
186
0.76
0.096
83
ICE-Exp-1
-
RSH
234
2.48
0.0008
83
ICE-Exp-1
• RSH – Reed-Solomon and Hadamard codes • RMP – Reed-Muller and Product codes [1] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zémor, "Optimal iris fuzzy sketches," in IEEE Conference on Biometrics: Theory, Applications and Systems, 2007. [2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, 2006.
October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
16
Conclusions and Discussions •
Shuffling makes the iris codes more random, which helps in increasing the entropy; also it acts as interleaver and helps in error correction by distributing the error bursts
•
The zero insertion scheme increases the error correction capability of Hadamard code which is otherwise fixed
•
Longer keys compared to other schemes can be obtained with the proposed scheme which will have nearly 83 bit entropy
•
The keys obtained with this scheme can be used in cryptographic systems; otherwise Hash values of the original and regenerated keys can be compared to securely verify the user
•
The locked iris template does not reveal any biometric information thereby protecting the biometric data
•
In case of compromise detection, the cryptographic key, smart card, and password can be changed and a new template can be issued; thus the templates are revocable
October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
17
Contacts For further questions, please contact –
[email protected] [email protected] [email protected]
October 16, 2008
Biometrics Based Cryptographic Key Regeneration using Iris
18
Thank You !