(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 5, May 2011
Cancelable Biometrics – A Survey
Associate Professor, Dept of Computer Science & EnggGeethanjali College of Engg & TechnologyHyderabad,Indiaindira_sowmya@yahoo.co.in
Prof & Head,Dept of Information TechnologySreeNidhi Institute of Science & TechnologyHyderabad,Indiavbalaram@sreenidhi.edu.in
Associate Professor & Head, Dept of CSEJawaharlal Nehru Technological University, Anantapur,Indiaeswarcsejntua@gmail.com
In recent times Biometrics has emerged as a reliable,convenient and effective method of user authentication. However,with the increasing use of biometrics in several diverseapplications, concerns about the privacy and security of biometric data contained in the database systems has increased.It is therefore imperative that Biometric systems instillconfidence in the general public, by demonstrating that, thesesystems are robust, have low error rates and are tamper proof. Inthis context, Biometric template security and revocabilitybecomes an important issue. Protecting a biometric templateassumes extreme importance because unlike a password or token,which when compromised can easily be revoked or replaced , abiometric cannot be replaced, once it is compromised. Besides if the same biometric trait is used in multiple applications, a usercan be potentially tracked from one application to the other bycross matching biometric databases. Cancelable biometricsattempts to solve this problem by constructing revocablebiometric templates. This paper attempts to bring out the variousmethods followed by different researchers towards building suchtechnology.
Cancelable biometrics, biometric template, Salting,Biophasoring, Noninvertible transforms, Key binding, Keygeneration.
Any Biometric, must in general fulfill the criteria of uniqueness, universality, acceptability, collectability andpermanence. Permanence is a key feature for biometrics whichmeans a biometric must retain its features in particular theuniqueness , unchanged or acceptably changed , over thelifetime of the individual. However, this very feature of permanence has brought biometrics to challenge a new risk.Conventional authentication methods like passwords andtokens have one great advantage that biometrics do not haveviz.,they can be cancelled and replaced by a newer version , if ever they were lost or stolen. On the other hand if biometricdata is ever compromised from a database, by unauthorizedpersons, the genuine owner will lose control over it foreverand lose his/her identity. This makes the biometrictemplates stored in the database stand out as a vulnerability of the authentication system.
A successful attack on the biometric template in thedatabase can lead to the following risks :i)
Template can be replaced by an imposter’s templateto gain unauthorized access.ii)
A physical fake can be created from the template togain access to the system as well as other systemswhich use the same biometric trait.iii)
Stolen template can be replayed to the matcher togain unauthorized access.
Therefore the design of a biometric database should be suchthat , it protects the biometric templates against the abovevulnerabilities. Such a Biometric template protection schemeshould have the following four properties.
The secure template must not allow crossmatching across different databases. This propertyensures privacy of user’s data.
It should be easy to revoke acompromised template and reissue a new template inits place using the same biometric. This propertyensures cancelability.
It must be computationally impractical toobtain original biometric template from the securetemplate. This property ensures that physicalspoofing of the biometric is not possible from thestolen template.
Using the secure template in place of original , should not degrade the performance of thesystem.
Intra user variability :
The secure template shouldaccommodate the intra user variability whileacquiring and matching the biometric templatesduring authentication process.
Template protection methods