08-09-2016, 11:51 AM
1453808675-arpi.docx (Size: 186.78 KB / Downloads: 5)
Abstract—Authenticationisafundamentalissuetoanytrust-orientedcomputingsystemandalsoacriticalpartinmanysecu-rityprotocols.Performingauthenticationisnotoriouslydifficult.Biometricshasbeenwidelyusedandadoptedasapromisingauthenticationmethodduetoitsadvantagesoversomeexistingmethods,particularly,itsresistancetolossesincurredbytheftofpasswordsandsmartcards.However,biometricsintroducesitsownchallenges,suchasbeingirreplaceableoncecompromised.Moreover,theuseofbiometricsintroducesprivacyconcern.
Inthispaper,weproposeasimpleyeteffectivebiometrics-
basedauthenticationsolution.Theproposedapproachintroducesnewconstructs-ReferenceSubject and Biometric Capsule,andstoresthe“difference”(calledBiometricCapsule)betweentheuserandtheReferenceSubjectforauthenticationwithoutrevealingauser’soriginalbiometricinformation.Thisapproachsupportsreplaceabilityandprotectusers’ privacy.Moreover,theproposedapproachcreatesmoreadvantagesa)beinguser-friendlywithoutanyadditionalburdenonusersandpossessingone-for-allpower;(b)beinggenericenoughtobeappliedtovariousbiometrics(e.g.,fingerprint,face,iris)orcombinationsofthem;and©beingadaptiveintermsofsecurityandprivacytofitdifferentauthenticationmodels,applicationrequirements,avail-ableresources,andtrustedor non-fully-trusted environments.Theexperimentalresultsonirisvalidateits performanceandproveitapracticalmechanism.
IndexTerms—biometrics,authentication,replaceability,pri-vacy,ReferenceSubject,BiometricCapsule,biometrictemplate.
I. INTRODUCTION
Authenticationisacriticalpartofanytrustworthycom-putingsystem;itensuresthatonlyindividualswithverifiedidentitiescanlogonthesystemoraccesssystemresources.Inaddition,authenticationalsoservesasthefirststepformanyothersecuritypurposes,suchaskeymanagementandsecuregroupcommunication[3].Passwordsorsmartcardshavebeenthemost widelyusedauthenticationmethods duetoeasyimplementationandreplacement;however,memorizingapasswordorcarryingasmartcard,ormanagingmultiplepasswords/smartcardsfordifferentsystems(oneforeachsys-tem),isasignificantoverheadto users. In addition, theyareartificiallyassociatedwithusersandcannottrulyidentifyindividuals.Moreseriously,theycanbelostorstolen,resultinginimpersonationandothersecuritybreaches.Asaresult,bio-metricsisbecomingapromisingauthentication/identificationmethodbecauseitbindsanindividualwithhisidentityand overcomesthemainshortcomingsinherentintheuseofpasswordsandsmartcards.
Biometricsisatechnologywhichusesphysiologicalorbehavioralcharacteristicstoidentifyorverifyaperson.Typicalcharacteristicsusedforauthenticationincludefingerprint,face,andiris.Aconventionalbiometricauthenticationsystemcon-sistsoftwophases:enrollmentandverification(Fig1).Duringtheenrollmentphase,abiometricfeaturesetisextractedfromuser’sbiometricdataandatemplateiscreatedandstored.Duringtheverificationphase,thesamefeatureextractionalgorithmisappliedtoquerybiometricdata,andtheresultingqueryfeaturesetisusedtoconstructaquerytemplate.Thequerytemplateismatchedagainstthestoredtemplate(s)forauthentication.
opassword/smartcard-basedauthenticationap-
proaches,biometrics-basedsolutionshavemanydesiredfea-turessuchas being resistantto losses incurred by theftofpasswordsandsmartcards,aswellasuser-friendliness.Biometricsbearsauser’sidentityanditishardtobeforged.Unfortunately,biometricsbringsitsowncomplications:
• Securityconcern:conventionalbiometricauthenticationsystemrecordbiometrictemplatesinaCentralAuthen-ticationEntity’s(CA’s)database.Thestoredtemplates,whichcorrelatetousers’biometricdata,becomepoten-tialtargetstobeattacked.Someliterature[6],[7]hasidentifiedthevulnerabilitiescausedbythecompromiseofstoredtemplates.
• Privacyconcern:Biometricsidentifiesindividuals.Tothebestofourknowledge,conventionalbiometricauthentica-tionsystemisprimarilybuiltuponafully-trustedmodel;thatis,thecentralauthenticationentity(CA)istrustedtotakefullcontrolofusers’biometricinformationandisassumedtonotmisusetheinformation.ThisassumptionoftrustworthinessabouttheCAisnotsufficientinthe
currentmaliciousenvironments,sincehandingoverone’sbiometricinformationtootherpartiesorloss/compromiseofone’sbiometrictemplatewillcauseserioususerprivacyconcern.
• Irreplaceability:biometricdataispermanentlyboundtoauser,anditisalmostimpossibletogenerateanewsetofbiometricfeaturesforalegitimateuser.Thuscompromisedbiometricsisnotreplaceable.
Manyapproaches[9],[5]addressingthesecurityandpri-vacyissuesofbiometricshavebeenproposedintheliterature.Theseapproachesavoidstorageofplainbiometrictemplatesbyrecordingthemina“distorted”way.
Inthisresearchweproposeaprivacy-preservingyetreplace-ablebiometrics-basedauthenticationapproach.Intheproposedapproach,neitherplainnordistortedbiometrictemplatesarestoredinCA’sdatabase,insteadthesystemstoresdecorateddata(whatwecalledBiometricCapsule,denotedasBio-CapsuleorBC)derivedfrombiometricinformationofanenrollinguserandaReferenceSubject(RS).FromtheBC,auser’soriginalinformationisrevealedonlytoabareminimum.Moreover,theproposedapproachcanbeappliedindifferentenvironments: a fully-trustenvironment in which theCA is al-lowedtoknowusers’biometricinformation,adistributed-trustenvironmentinwhichanypartycannotgainfullinformationaboutauser,aswellasanon-trustenvironmentinwhichuser’struebiometricinformationishiddenfromtheCA.Thisapproachcanbeadoptedtovariousbiometrics,e.g.,iris,face,fingerprint,oranycombinationofthem.Insummary,asidefromthedesirablefeaturesprovidedbyconventionalbiometricauthenticationapproaches,theproposedapproachhasseveralotherattractivefeatures:1)itisabletodefendnotonlyagainstsomeattacksfromoutsidersbutalsoagainstpossiblemisbehaviororcompromiseoftheCA;2)userprivacyispreserved,andcompromisedBCcanhardlyrevealuser’struebiometricinformation;3)unsubscriptioncostfromthesystemis minimized; 4) it can be applied to variousbiometrics,
e.g.iris,face;evenotherauthenticationapproachessuchaspassword/smartcard-basedones.
Therestofthepaperisorganizedasfollows.RelatedworksarebrieflyreviewedinSectionII.SectionIIIintroducestheproposedapproach.Theapproachappliedinnon-trustedenvi-ronmentisbrieflypresentedinSectionIV.SectionVappliestheapproachtopracticalirisdataandpresentsexperimentalresults.WeconcludethepaperandhighlightsomechallengingresearchissuesinSectionVI.
II. RELATED WORKS
Providingsecureandreplaceablebiometrics-basedauthen-tication solutionbydirectlyapplyingtraditionalcryptographicmethodstobiometricsrequiresextractingnon-changingpat-ternsfrombiometricdata,whichisoftenchallenging[6].Insteadsomeresearchappliesatransformationfunctiontoextractedpatternsandusesthetransformedpatternsforau-thentication.Lee[9]proposedafuzzyvaultsystemwhichincorporatesfuzzylogicanderrorcorrectionwithlocalirisfeaturestotoleratethewithin-classvariance.Still,thedesign
ofarobusthashingalgorithmtobettertoleratethewithin-classvarianceofbiometrictemplates,whilediscriminatingbetween-classdistance,isverychallenging.In[13],Rathaproposedthe“cancelablebiometrics”methodwhichtrans-formstheoriginalbiometricdataandcreatesalternativesformatching.Thetransformationparametersaredeterminedbyexternaladdedrandomness,suchasa user PIN or token.Thetransformedpatternscanbechanged(orrevoked/reissued)bychangingtheuserPINortoken;asaresult,thismethodachieves“cancelability”.Theyalsoproposedthreetypesofnon-invertibletransformation(Cartesiantransformation,polartransformationsandfunctiontransformation)tomaptheorig-inalbiometricdatatoanotherspaceandstorethetransformedtemplateinadatabase[12].Takahashi[18],[19]generateda scrambling filter which is applied to the original imagetoproduceascrambledtemplatetoenrollintothedatabase.Similar workwasdonein[15],fortheenrollmentstage whereSavvidesusedarandomconvolutionkernelandarandomlygeneratedfrequencyshufflertoscrambletheoriginalimages,andsynthesizetransformedimagesasanencryptedMACE(minimumaveragecorrelationenergy)filterastheforminafrequencydomain.In[4],Govindarajuproposedabiometricconvolutionmethodwhichtransformstheprimarybiometricstoanewsetoffeaturesusingtheone-waymappingfunctionderivedfromasecondaryortertiarybiometrics.Maiorana[11]introducedasetofnon-invertibletransformationsappliedtobiometricswhosetemplatecanberepresentedbyasetofsequencestogeneratemultipletransformedversionsofthetemplate.
Someresearchappliesbiometricpatternstocryptosystemstogeneratecryptographickeysandperformauthenticationaswell.Hao[5] proposeda two-factor schemeusing codingtheory.OtherpopularapproachesarethefuzzyvaultschemeproposedbyJuels[8],anditsimplementations.Dodis[1]proposed two primitives: fuzzy extractor which extracts nearlyuniformlyrandomkeysfrombiometricinput,andsecuresketchwhichproducespublichelperinformationwithoutrevealingmuchaboutthebiometricinput.Sutcu[16]discussedthepracticalissuesinsecuresketchconstructionandshowedthesubtletiesinevaluatingsecurityofpracticalsystems.Theapplicationofsecuresketchinthedesignofmulti-factor(e.g.,biometricsandpassword)andmulti-biometrics(e.g.,faceandfingerprint)werealsoinvestigated