136 updated
TRANSCRIPT
-
8/7/2019 136 Updated
1/19
Three Factor Scheme forBiometric-Based
Cryptographic KeyRegeneration Using Iris
Sanjay KANADE, Danielle CAMARA, Emine KRICHEN,Dijana PETROVSKA-DELACRTAZ, and Bernadette DORIZZI
TELECOM & Management SudParisEvry, France
Last Updated 17th September, 2008
This work was funded by theFrench Agence Nationale de la Recherche
project BIOTYFUL
-
8/7/2019 136 Updated
2/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
2
Outline Why Combine Biometrics with Cryptography
State of the art Existing works based on iris Iris Code Matching as Error Correction Problem
Iris Code Shuffling Increasing Error Correction Capability of HadamardCode
Experimental Results Security Analysis Conclusions and Discussions
-
8/7/2019 136 Updated
3/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
3
Why Combine Biometrics with
Cryptography Shortcomings of Biometrics:
Biometric data is noisy Lack of revocability: - Biometric templates oncestolen/compromised cannot be replaced and newtemplate cannot be issued
No template diversity
Shortcomings of Cryptography:
Easy to guess and can be stolen No strong link between authenticator & user
identity
-
8/7/2019 136 Updated
4/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
4
State of the ArtThree main categories:
Protecting biometrics and adding revocabilityto biometrics e.g. cancelable biometrics,etc.
Cryptographic key generation from biometrics e.g. Hardened password, Fuzzy extractors,etc.
Cryptographic key regeneration usingbiometrics e.g. fuzzy vault, fuzzycommitment, etc.
-
8/7/2019 136 Updated
5/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
5
Existing Works on
Key Regeneration Using Iris Hao et al. scheme
Uses Reed-Solomon and Hadamard codes for correctingerrors in iris codes
25% error correction is possible Cannot change error correction capability of Hadamard
codes For comparatively noisy databases (like ICE), this schemecannot work because many genuine comparisons haveHamming distance greater than 25%
Bringer et al. scheme Reed-Muller and Product codes are used The keys generated by this scheme are small (42 bits)
-
8/7/2019 136 Updated
6/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
6
Iris Code Matching as Error
Correction ProblemNoisy
Communication Channel
Data Encoder Data Decoder
K K
Noise causing elements
Iris Code 1 Iris Code 2
Variations in iris codes are treated as errors and are corrected by thedecoder.
Error correcting capacity of the decoder should be such that it canseparate genuine users from impostors
On successful error correction, K=K which is used as cryptographic key
-
8/7/2019 136 Updated
7/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
7
Schematic Diagram of the Key
Regeneration Scheme
-
8/7/2019 136 Updated
8/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
8
Iris Code Shuffling A shuffling key is generated using a password
Iris code is divided into blocks;number of blocks = number of bits in shuffling key
If a bit in the key is 1, corresponding iris code block
is moved to the beginning; otherwise it is moved tothe end
This scheme increases Hamming distance for
impostors, but for genuine users Hamming distanceis unchanged
-
8/7/2019 136 Updated
9/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
9
Iris Code Shuffling Schematic
Diagram
-
8/7/2019 136 Updated
10/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
10
Hamming Distance Distributions
Before and After Shuffling
Overlap between genuine and impostor users Hammingdistance is decreased because of shuffling
-
8/7/2019 136 Updated
11/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
11
Error Correcting Codes Iris codes have two types of errors:
Background errors:- Due to camera noise, irisdistortion, image-capture effects, etc. These areuniformly distributed
Burst errors:- Due to eye-lids, eye-lashes, andspecular reflections. These occur as bursts.
We use Hadamard code to correct
background errors and Reed-Solomon Codesto correct burst errors
-
8/7/2019 136 Updated
12/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
12
Increasing Error Correction
Capability of Hadamard Code Hadamard codes inherent error correction capacity is 25%
which cannot be changed. Large number of genuine users
comparisons where the hamming distance is more 25%.
Adding similarity to the data can change the error distribution
by decreasing the number of errors in a block Let there be perrors in nbits Adding qzeros uniformly to nwill change the error ratio to
R=p/(q+n); if R < 25%, perrors can be corrected Thus by changing qwe can change (increase) the error
correction capacity of Hadamard code
-
8/7/2019 136 Updated
13/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris
13
Database Used for System
Evaluation NIST-ICE Database
Exp-1 - 1,425 images of right irises of 124 users 12,214 genuine and 1,002,386 impostor comparisons
Exp-2 - 1,528 images of left irises of 120 users 14,653 genuine and 1,151,975 impostor comparisons
-
8/7/2019 136 Updated
14/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris 14
Experimental Results
Experimental parameters m =6, Number of bits in each Reed-Solomon code block n
s=61, Number of blocks after Reed-Solomon encoding
8 zeros added to every 12 bits in the iris code; modified iris codelength = 1,980, which is truncated to 1,952 bits.
tsError correction capability of Reed-Solomon Code
ts acts as threshold by adjusting which we can fine tune thesystem performance
ts
KeyLength ICE-Exp-1 ICE-Exp-2FAR FRR FAR FRR
11 234 0.0008 2.48 0.003 3.49
14 198 0.055 1.04 0.124 1.41
15 186 0.096 0.76 0.21 1.09
-
8/7/2019 136 Updated
15/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris 15
Security Analysis
2
2Entropy log
N
HN
w
=
Nis the number of degrees of freedom which can be calculated as
where p =mean of the binomial distribution, and =standard deviation of the distribution
w= number of bits corresponding to the error correction capacity (which is 35%)
2(1 ) / N p p =
In our experiments, N = 1,172,
w = 410 corresponding to 35% error correction capacity, thus
Entropy of the key, 83 bitsH
-
8/7/2019 136 Updated
16/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris 16
Comparison With Other Iris
Based Systems
RSH Reed-Solomon and Hadamard codes RMP Reed-Muller and Product codes
[1] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zmor, "Optimal iris fuzzy sketches," in IEEE
Conference on Biometrics: Theory, Applications and Systems, 2007.
[2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactionson Computers, vol. 55, no. 9, pp. 1081-1088, 2006.
Authors ECC Key Bits FRR in % FAR in % Entropyin bits
Database
Hao et al.[2] RSH 140 0.47 0 44 proprietaryBringer et al.[1] RMP 42 5.62 10-5 - ICE
- RSH 186 0.76 0.096 83 ICE-Exp-1
- RSH 234 2.48 0.0008 83 ICE-Exp-1
-
8/7/2019 136 Updated
17/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris 17
Conclusions and Discussions
Shuffling makes the iris codes more random, which helps in increasing the entropy; also itacts as interleaver and helps in error correction by distributing the error bursts
The zero insertion scheme increases the error correction capability of Hadamard code whichis otherwise fixed
Longer keys compared to other schemes can be obtained with the proposed scheme whichwill have nearly 83 bit entropy
The keys obtained with this scheme can be used in cryptographic systems; otherwise Hashvalues of the original and regenerated keys can be compared to securely verify the user
The locked iris template does not reveal any biometric information thereby protecting thebiometric data
In case of compromise detection, the cryptographic key, smart card, and password can bechanged and a new template can be issued; thus the templates are revocable
-
8/7/2019 136 Updated
18/19
October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris 18
ContactsFor further questions, please contact
-
8/7/2019 136 Updated
19/19
Thank You !