IBM Research
© 2005 IBM Corporation
Nalini K. Ratha*Exploratory Computer Vision GroupIBM T. J. Watson Research CenterHawthorne, NY [email protected]
Cancelable Biometrics
*inputs from J. Connell, R. Bolle, and S. Chikkerur
2
IBM Research
© 2005 IBM Corporation
Introduction
� Privacy issues in biometrics
� How can privacy be enhanced
Survey of existing methods
Cancelable biometrics
� Operational issues
� Sample transforms Conclusions
Revocable/Rescindable/Anonymous/Cancelable biometrics
3
IBM Research
© 2005 IBM Corporation
Large Scale Biometrics Identification
Biometrics identification has become a �must have� tool in homeland security and the next generation intelligent infrastructure� Government: Passports/Visas, Citizen identification, Employee
identification� Financial Services: Consumer point-of-sale ID, Confirmation of
financial transactions These new uses bring new challenges
� Meeting expectations for accuracy (false negative/false positive)
� Supporting transaction response rates where identification or authentication are involved
� Achieving the scale required by emerging applications� Understanding and handling privacy issues
4
IBM Research
© 2005 IBM Corporation
Large scale and Cancelable are not different �
� Two sides of the same coin
Large collection leads to privacy issues
5
IBM Research
© 2005 IBM Corporation
Attack model
Formidable adversaries: Thieves
Hackers
Users
Customers
Employees
Merchants
Competitors
Competitors� governments
6
IBM Research
© 2005 IBM Corporation
Attack Methods
Hardware/Software/Database Attacks
Trojan horse for feature extractor Trojan horse for matcher Overriding templates Feature-based dictionary attack
Other Attacks
Phishing Farming Hill climbing attack Swamping attack Piggy-back attack Spoofing the sensor Collusion at the enrollment process
Channel Attacks
Override result Replay attack Channel attack between matcher and template DB Channel attack at the enrollment time
7
IBM Research
© 2005 IBM Corporation
Biometrics vs. Passwords
Always the sameConstantly varyingData input
Yes (easily)No Revocability
NoYes (mostly)Non-Repudiation
Exact, 100%Inexact, fuzzy, Never 100%
Match algorithm
Typically 6-8 alphanumeric characters
Usually about 100 bytes or more
Size
Hash of the password string
Features (constant size features vs. variable size features from signal)
Internal representation
PasswordsBiometrics
8
IBM Research
© 2005 IBM Corporation
Biometrics and public perception
In a 2002 poll commissioned by SEARCH (funded by US Bureau of Justice Statistics)
- 88% were concerned about possible misuse of their biometrics data
- 80% were comfortable with the use of biometrics �as a means of helping prevent crimes�
9
IBM Research
© 2005 IBM Corporation
Issues
You give up part of yourself that is unique to you
The use of biometrics introduces a problem: biometrics cannot be replaced� biometrics is not a secret � once compromised, compromised forever
What if a biometric is compared: cross matching? � Biometrics collected for one application can be shared to retrieve other
private information (health care, law-enforcement, financial background)
Can we find a function which permits us to safely replace biometrics just like stolen credit cards...
10
IBM Research
© 2005 IBM Corporation
Hashing as a solution
Privacy:The original biometric is not stored
Each application uses a different transformation function Security
It is computationally hard to recover B given T(B)
One way hashT()
One way hashT()
DBT(B)
B
B�Match
T(B),T(B�)
T(B�)
Matching
Enrollment
11
IBM Research
© 2005 IBM Corporation
Hash Functions : Ideal for passwords and text
33B21856A91D2FBB5BC4144C69B23F85
FIRE ALL LINUX
PROGRAMMERS
43C08679B2FD54C65467DDCC9C00AD49
1 character difference
65 bitsdifference !!
MD5
HIRE ALL LINUX
PROGRAMMERS
MD5
Can we simply hash a fingerprint?!
12
IBM Research
© 2005 IBM Corporation
Hashing : Doesn�t work for biometrics
26 pointsmatch
Don�t match at ALL !!F313C86188DDE96b
D48AD58CDECDB9E8
MD5
80BC979099C2FA643E4C5432A03E01B8
MD5
15 pointsdon�t match
OK
13
IBM Research
© 2005 IBM Corporation
Solutions?
Crypto community:
� Reduce uncertainty of the biometric - quantization
� Borrow randomness from key to compensate for lost entropy
� Approaches
� Biometric Hardening (Goh et al �03, Teoh et al �04, Soutar et. Al �98)� Biometric Keying (Davida et al. �98, Monrose �99, Monrose �01)� Fuzzy techniques (Juels & Watenberg �98, Juels & Sudan 02, Dodis 04,
Tuyls 04)
Biometric community:
� Mask the original biometric � preserves entropy (CMU)� Cancelable biometrics (IBM)
14
IBM Research
© 2005 IBM Corporation
Biometric Hardening Template is combined with user specific random information This is similar to �salting� of passwords before hashing
Feature
ExtractionFeature Salting
Error Tolerant
Discretization
Goh and Ngo, 2003
�Face Biometrics
�`Eigen faces� features
Soutar et al,1998
�Fingerprints
�Fourier transform features
�Features are projected
on to user specific
orthogonal random
vectors
�Fourier features are
multiplied with user
specific random phase
array
�Binary values are
derived using quantization
�The key acts as a Shamir
secret key share
�Binary values are
derived using quantization
�Key is embedded using a
redundant lookup table
High uncertainty Zero uncertainty
15
IBM Research
© 2005 IBM Corporation
Biometric Keying
The binary key is directly derived from the biometric template The transformation has to be error tolerant More scalable than �biometric hardening� methods
Feature
ExtractionBinarization
Error tolerant
Representation
Davida et al., 1998
�Iris Biometric
�Iris code features
Monrose et al., 1999
�Key stroke dynamics
�Key duration and latency
time features
�Monrose et al., 2001
�Speech biometric
�Cepstral features
�Features are already
binary
�Binarization is done by
comparing feature value
with a global threshold �T�
�User specific hamming
codes are used to correct
errors caused by offsets
�Consistency of each
feature is learned over
time for each user
�The inconsistent features
are discarded
16
IBM Research
© 2005 IBM Corporation
Biometric Hardening Template is combined with user specific random information. This is similar to `salting` of passwords before hashing
Feature
ExtractionFeature Salting
Error Tolerant
Discretization
Goh and Ngo, 2003
�Face Biometrics
�`Eigen faces� features
Soutar et al,1998
�Fingerprints
�Fourier transform features
�Features are projected
on to user specific
orthogonal random
vectors
�Fourier features are
multiplied with user
specific random phase
array
�Binary values are
derived using quantization
�The key acts as a Shamir
secret key share
�Binary values are
derived using quantization
�Key is embedded using a
redundant lookup table
High uncertainty Zero uncertainty
17
IBM Research
© 2005 IBM Corporation
Cancelable signal transform (CMU)
Requires the use of the MACE correlation engine
18
IBM Research
© 2005 IBM Corporation
IBM Solution: Cancelable Biometrics
Intentional repeatabledistortion� alters signal but still in
correct format
� generates a similar signal each time
Compromised scenario:� a new distortion
creates a new biometrics
Comparison scenario:� different distortions for
different accounts© New Yorker Magazine (Charles Addams)
19
IBM Research
© 2005 IBM Corporation
Cancelable Biometrics: Example
Two images of the same face
repeatable distortion
DON�T
MATCH
DON�T
MATCH
MATCH
MATCH
20
IBM Research
© 2005 IBM Corporation
Operational Issues
Application: Must be applied directly at the sensor
There should be no scope for the original signal to leave the sensor
The transform can be applied at
� signal level� feature level
Registration: For repeatability, often we have to register (align) before applying
any distortion transform
Use invariant points to align two patterns
� core and delta in fingerprint images� nose and mouth in face images
21
IBM Research
© 2005 IBM Corporation
Cancelable Biometrics vs. Biometric Cryptography
NONOYESYESYESRevocable
YesNoNoYESYesRetains entropy?
NONONOYESYES/NO
Preservesrepresentation?
YES(Juels et al,Uludag et. al)
NONOYESYESApplicable forfingerprints(minutiae)?
FuzzyTechniques
BiometricKeying
BiometricHardening
CancelableBiometrics
Ideal
Made in IBM!
22
IBM Research
© 2005 IBM Corporation
Real example: two images of the same face
23
IBM Research
© 2005 IBM Corporation
Registration and Distortion
24
IBM Research
© 2005 IBM Corporation
Images look similar, but not like the original
25
IBM Research
© 2005 IBM Corporation
Fingerprint example: two impressions
Registration based on �core� and �delta�
Original 1 Original 2
26
IBM Research
© 2005 IBM Corporation
Distorted versions still appear similar
Distorted 1 Distorted 2
27
IBM Research
© 2005 IBM Corporation
Minutiae of distortions match, but not to original
Original 1 Distorted 1 Distorted 2
no match match
28
IBM Research
© 2005 IBM Corporation
Conclusions
Privacy issues in biometrics databases need to be addressed for acceptable mass deployment
Privacy enhancement for biometrics requires both information security and biometrics experts to contribute
Our initial experimental results are extremely encouraging
