136 updated

8/7/2019 136 Updated

1/19

Three Factor Scheme forBiometric-Based

Cryptographic KeyRegeneration Using Iris

Sanjay KANADE, Danielle CAMARA, Emine KRICHEN,Dijana PETROVSKA-DELACRTAZ, and Bernadette DORIZZI

TELECOM & Management SudParisEvry, France

Last Updated 17th September, 2008

This work was funded by theFrench Agence Nationale de la Recherche

project BIOTYFUL

8/7/2019 136 Updated

2/19

October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris

2

Outline Why Combine Biometrics with Cryptography

State of the art Existing works based on iris Iris Code Matching as Error Correction Problem

Iris Code Shuffling Increasing Error Correction Capability of HadamardCode

Experimental Results Security Analysis Conclusions and Discussions

8/7/2019 136 Updated

3/19


3

Why Combine Biometrics with

Cryptography Shortcomings of Biometrics:

Biometric data is noisy Lack of revocability: - Biometric templates oncestolen/compromised cannot be replaced and newtemplate cannot be issued

No template diversity

Shortcomings of Cryptography:

Easy to guess and can be stolen No strong link between authenticator & user

identity

8/7/2019 136 Updated

4/19


4

State of the ArtThree main categories:

Protecting biometrics and adding revocabilityto biometrics e.g. cancelable biometrics,etc.

Cryptographic key generation from biometrics e.g. Hardened password, Fuzzy extractors,etc.

Cryptographic key regeneration usingbiometrics e.g. fuzzy vault, fuzzycommitment, etc.

8/7/2019 136 Updated

5/19


5

Existing Works on

Key Regeneration Using Iris Hao et al. scheme

Uses Reed-Solomon and Hadamard codes for correctingerrors in iris codes

25% error correction is possible Cannot change error correction capability of Hadamard

codes For comparatively noisy databases (like ICE), this schemecannot work because many genuine comparisons haveHamming distance greater than 25%

Bringer et al. scheme Reed-Muller and Product codes are used The keys generated by this scheme are small (42 bits)

8/7/2019 136 Updated

6/19


6

Iris Code Matching as Error

Correction ProblemNoisy

Communication Channel

Data Encoder Data Decoder

K K

Noise causing elements

Iris Code 1 Iris Code 2

Variations in iris codes are treated as errors and are corrected by thedecoder.

Error correcting capacity of the decoder should be such that it canseparate genuine users from impostors

On successful error correction, K=K which is used as cryptographic key

8/7/2019 136 Updated

7/19


7

Schematic Diagram of the Key

Regeneration Scheme

8/7/2019 136 Updated

8/19


8

Iris Code Shuffling A shuffling key is generated using a password

Iris code is divided into blocks;number of blocks = number of bits in shuffling key

If a bit in the key is 1, corresponding iris code block

is moved to the beginning; otherwise it is moved tothe end

This scheme increases Hamming distance for

impostors, but for genuine users Hamming distanceis unchanged

8/7/2019 136 Updated

9/19


9

Iris Code Shuffling Schematic

Diagram

8/7/2019 136 Updated

10/19


10

Hamming Distance Distributions

Before and After Shuffling

Overlap between genuine and impostor users Hammingdistance is decreased because of shuffling

8/7/2019 136 Updated

11/19


11

Error Correcting Codes Iris codes have two types of errors:

Background errors:- Due to camera noise, irisdistortion, image-capture effects, etc. These areuniformly distributed

Burst errors:- Due to eye-lids, eye-lashes, andspecular reflections. These occur as bursts.

We use Hadamard code to correct

background errors and Reed-Solomon Codesto correct burst errors

8/7/2019 136 Updated

12/19


12

Increasing Error Correction

Capability of Hadamard Code Hadamard codes inherent error correction capacity is 25%

which cannot be changed. Large number of genuine users

comparisons where the hamming distance is more 25%.

Adding similarity to the data can change the error distribution

by decreasing the number of errors in a block Let there be perrors in nbits Adding qzeros uniformly to nwill change the error ratio to

R=p/(q+n); if R < 25%, perrors can be corrected Thus by changing qwe can change (increase) the error

correction capacity of Hadamard code

8/7/2019 136 Updated

13/19


13

Database Used for System

Evaluation NIST-ICE Database

Exp-1 - 1,425 images of right irises of 124 users 12,214 genuine and 1,002,386 impostor comparisons

Exp-2 - 1,528 images of left irises of 120 users 14,653 genuine and 1,151,975 impostor comparisons

8/7/2019 136 Updated

14/19

October 16, 2008 Biometrics Based CryptographicKey Regeneration using Iris 14

Experimental Results

Experimental parameters m =6, Number of bits in each Reed-Solomon code block n

s=61, Number of blocks after Reed-Solomon encoding

8 zeros added to every 12 bits in the iris code; modified iris codelength = 1,980, which is truncated to 1,952 bits.

tsError correction capability of Reed-Solomon Code

ts acts as threshold by adjusting which we can fine tune thesystem performance

ts

KeyLength ICE-Exp-1 ICE-Exp-2FAR FRR FAR FRR

11 234 0.0008 2.48 0.003 3.49

14 198 0.055 1.04 0.124 1.41

15 186 0.096 0.76 0.21 1.09

8/7/2019 136 Updated

15/19


Security Analysis

2

2Entropy log

N

HN

w

=

Nis the number of degrees of freedom which can be calculated as

where p =mean of the binomial distribution, and =standard deviation of the distribution

w= number of bits corresponding to the error correction capacity (which is 35%)

2(1 ) / N p p =

In our experiments, N = 1,172,

w = 410 corresponding to 35% error correction capacity, thus

Entropy of the key, 83 bitsH

8/7/2019 136 Updated

16/19


Comparison With Other Iris

Based Systems

RSH Reed-Solomon and Hadamard codes RMP Reed-Muller and Product codes

[1] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zmor, "Optimal iris fuzzy sketches," in IEEE

Conference on Biometrics: Theory, Applications and Systems, 2007.

[2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactionson Computers, vol. 55, no. 9, pp. 1081-1088, 2006.

Authors ECC Key Bits FRR in % FAR in % Entropyin bits

Database

Hao et al.[2] RSH 140 0.47 0 44 proprietaryBringer et al.[1] RMP 42 5.62 10-5 - ICE

- RSH 186 0.76 0.096 83 ICE-Exp-1

- RSH 234 2.48 0.0008 83 ICE-Exp-1

8/7/2019 136 Updated

17/19


Conclusions and Discussions

Shuffling makes the iris codes more random, which helps in increasing the entropy; also itacts as interleaver and helps in error correction by distributing the error bursts

The zero insertion scheme increases the error correction capability of Hadamard code whichis otherwise fixed

Longer keys compared to other schemes can be obtained with the proposed scheme whichwill have nearly 83 bit entropy

The keys obtained with this scheme can be used in cryptographic systems; otherwise Hashvalues of the original and regenerated keys can be compared to securely verify the user

The locked iris template does not reveal any biometric information thereby protecting thebiometric data

In case of compromise detection, the cryptographic key, smart card, and password can bechanged and a new template can be issued; thus the templates are revocable

8/7/2019 136 Updated

18/19


ContactsFor further questions, please contact

[email protected]@[email protected]

8/7/2019 136 Updated

19/19

Thank You !

136 updated

Documents