02-10-2012, 04:35 PM
A Secure Fingerprint Matching Technique
[attachment=35060]
ABSTRACT
In this paper, we propose a novel robust secure fingerprint
matching technique, which is secure against side channel attacks.
An algorithm based on the local structure of the minutiae is
presented to match the fingerprints. The main contribution is the
careful division of the fingerprint recognition system into two
parts: a secure part and a non-secure part. Only the relative small
secure part, which contains sensitive biometric template
information, requires realization in specialized DPA-proof logic.
The rest of the system is running on LEON, which is a regular
embedded platform.
MOTIVATION
Biometric recognition systems offer greater security and
convenience than traditional methods of personal recognition.
Along with the rapid growing of this emerging technology, the
system performance, such as accuracy and speed, is continuously
improved. At the same time, the security of the biometric system
itself is becoming more and more important.
One of the most significant disadvantages of the biometric
recognition system is that they cannot be easily recalled. For
example, if one of the fingers is used as a password, once it is
compromised, it never can be used again since it is almost
impossible that a fingerprint can be changed, which means it is
compromised forever. Moreover, since one person only has a
limited number of fingers, different applications might use the
same fingerprint. A person’s biometric stolen from one
application could also be used in some other applications [12].
Therefore the secure storage of the biometric template is
becoming extremely important. In a traditional biometric
recognition system, the biometric template, such as fingerprint,
voice, etc., is usually stored on a central server during enrollment.
The input biometric signal captured by the front-end sensor is sent
to the server and the processing and matching steps are performed
on the server. In this case the safety of the precious biometric
information cannot be guaranteed because attacks might occur
during transmission or on the server. Embedded biometric
recognition systems try to solve this problem by moving the signal
processing and matching engines from the server to the embedded
device.
DPA Proof Technique
Along with the growing of the SCA techniques, countermeasures
against Differential Power Analysis have been proposed at
different levels of abstraction. Yet, advanced versions of DPA are
able to greatly reduce their effects. For example, Random Process
Interrupts [4] can be synchronized by integration techniques [3]
and Modified DPA [11] can handle masking techniques [2].
Random power consuming operations on the other hand merely
lower the side channel information and might be disabled through
tampering.
The former countermeasures attempt to conceal the power
variations at the architectural or algorithmic level, while they
originate at the logic level. Implementing the sensitive parts of a
crypto processor in a logic style, whose power consumption is
independent of the signal transitions, removes the foundation of
DPA. One such logic style available is Sense Amplifier Based
Logic (SABL) [13][14]. A logic gate in SABL charges a total
capacitance with a constant value in every cycle. Hence SABL
consumes the same constant energy independent of the input
values and is an effective countermeasure .
RELATED WORK
Fingerprint Matching
There are two basic types of fingerprint matching techniques:
graph based and minutiae based. For modern embedded
fingerprint recognition systems, the minutiae-based matching is
popular because, on the one hand, the minutiae of the fingerprint
are widely believed the most discriminating and reliable features,
and on the other hand, the template size of the biometric
information based on minutiae is much smaller and the processing
speed is higher than that of graph-based fingerprint matching.
These characteristics are very important for saving memory and
energy on the embedded devices. Lots of work has been done for
minutiae-based fingerprint matching. Some of them use the local
structure of the minutiae to describe the characteristics of the
minutiae set [7]. This approach has high processing speed and
robustness to rotation and partial prints. However, the local
structure usually has less distinct features because it only
represents some parts of the whole minutiae set. Prints from
different fingers may have quite a few similar local structures by
coincidence while prints from the same finger may only have very
few similar structures due to the presence of false minutiae and
the absence of genuine minutiae. Alignment-based matching
algorithms take use of the shape of the ridge connected to
minutiae [8]. This might improve the system accuracy. However,
this approach results in a larger template size because the
associated ridges for each minutia must be saved. Some other
researches combine the local and global structures [9]. The local
structure is used to find the correspondence of two minutiae sets
and increase the reliability of the global matching.
CONCLUSION
In this paper, we present a novel secure fingerprint recognition
system, in which the minutiae-based matching algorithm is robust
against relative low quality of input fingerprint images and
minutiae detection. Secure partitioning is performed to guarantee
low system cost as well as the safety of the precious biometric
template by storing them into a DPA-proof block, an Oracle. By
properly defining the local structure of the minutiae, we achieve
1% FRR and less than 0.01% FAR*.
[attachment=35060]
ABSTRACT
In this paper, we propose a novel robust secure fingerprint
matching technique, which is secure against side channel attacks.
An algorithm based on the local structure of the minutiae is
presented to match the fingerprints. The main contribution is the
careful division of the fingerprint recognition system into two
parts: a secure part and a non-secure part. Only the relative small
secure part, which contains sensitive biometric template
information, requires realization in specialized DPA-proof logic.
The rest of the system is running on LEON, which is a regular
embedded platform.
MOTIVATION
Biometric recognition systems offer greater security and
convenience than traditional methods of personal recognition.
Along with the rapid growing of this emerging technology, the
system performance, such as accuracy and speed, is continuously
improved. At the same time, the security of the biometric system
itself is becoming more and more important.
One of the most significant disadvantages of the biometric
recognition system is that they cannot be easily recalled. For
example, if one of the fingers is used as a password, once it is
compromised, it never can be used again since it is almost
impossible that a fingerprint can be changed, which means it is
compromised forever. Moreover, since one person only has a
limited number of fingers, different applications might use the
same fingerprint. A person’s biometric stolen from one
application could also be used in some other applications [12].
Therefore the secure storage of the biometric template is
becoming extremely important. In a traditional biometric
recognition system, the biometric template, such as fingerprint,
voice, etc., is usually stored on a central server during enrollment.
The input biometric signal captured by the front-end sensor is sent
to the server and the processing and matching steps are performed
on the server. In this case the safety of the precious biometric
information cannot be guaranteed because attacks might occur
during transmission or on the server. Embedded biometric
recognition systems try to solve this problem by moving the signal
processing and matching engines from the server to the embedded
device.
DPA Proof Technique
Along with the growing of the SCA techniques, countermeasures
against Differential Power Analysis have been proposed at
different levels of abstraction. Yet, advanced versions of DPA are
able to greatly reduce their effects. For example, Random Process
Interrupts [4] can be synchronized by integration techniques [3]
and Modified DPA [11] can handle masking techniques [2].
Random power consuming operations on the other hand merely
lower the side channel information and might be disabled through
tampering.
The former countermeasures attempt to conceal the power
variations at the architectural or algorithmic level, while they
originate at the logic level. Implementing the sensitive parts of a
crypto processor in a logic style, whose power consumption is
independent of the signal transitions, removes the foundation of
DPA. One such logic style available is Sense Amplifier Based
Logic (SABL) [13][14]. A logic gate in SABL charges a total
capacitance with a constant value in every cycle. Hence SABL
consumes the same constant energy independent of the input
values and is an effective countermeasure .
RELATED WORK
Fingerprint Matching
There are two basic types of fingerprint matching techniques:
graph based and minutiae based. For modern embedded
fingerprint recognition systems, the minutiae-based matching is
popular because, on the one hand, the minutiae of the fingerprint
are widely believed the most discriminating and reliable features,
and on the other hand, the template size of the biometric
information based on minutiae is much smaller and the processing
speed is higher than that of graph-based fingerprint matching.
These characteristics are very important for saving memory and
energy on the embedded devices. Lots of work has been done for
minutiae-based fingerprint matching. Some of them use the local
structure of the minutiae to describe the characteristics of the
minutiae set [7]. This approach has high processing speed and
robustness to rotation and partial prints. However, the local
structure usually has less distinct features because it only
represents some parts of the whole minutiae set. Prints from
different fingers may have quite a few similar local structures by
coincidence while prints from the same finger may only have very
few similar structures due to the presence of false minutiae and
the absence of genuine minutiae. Alignment-based matching
algorithms take use of the shape of the ridge connected to
minutiae [8]. This might improve the system accuracy. However,
this approach results in a larger template size because the
associated ridges for each minutia must be saved. Some other
researches combine the local and global structures [9]. The local
structure is used to find the correspondence of two minutiae sets
and increase the reliability of the global matching.
CONCLUSION
In this paper, we present a novel secure fingerprint recognition
system, in which the minutiae-based matching algorithm is robust
against relative low quality of input fingerprint images and
minutiae detection. Secure partitioning is performed to guarantee
low system cost as well as the safety of the precious biometric
template by storing them into a DPA-proof block, an Oracle. By
properly defining the local structure of the minutiae, we achieve
1% FRR and less than 0.01% FAR*.