Three Factor Scheme for Biometric-Based Cryptographic Key Regeneration Using Iris

Three Factor Scheme for Biometric-Based Cryptographic Key Regeneration Using Iris Sanjay KANADE, Danielle CAMARA, Emine KRICHEN, Dijana PETROVSKA-DELACRÉTAZ, and Bernadette DORIZZI TELECOM & Management SudParis Evry, France Last Updated 17th September, 2008 This work was funded by the French Agence Nationale de la Recherche project BIOTYFUL

Outline Why Combine Biometrics with Cryptography State of the art Existing works based on iris Iris Code Matching as Error Correction Problem Iris Code Shuffling Increasing Error Correction Capability of Hadamard Code Experimental Results Security Analysis Conclusions and Discussions 2

Why Combine Biometrics with Cryptography Shortcomings of Biometrics: Biometric data is noisy Lack of revocability: - Biometric templates once stolen/compromised cannot be replaced and new template cannot be issued No template diversity Shortcomings of Cryptography: Easy to guess and can be stolen No strong link between authenticator & user identity 3

State of the Art Three main categories: Protecting biometrics and adding revocability to biometrics e.g. cancelable biometrics, etc. Cryptographic key generation from biometrics e.g. Hardened password, Fuzzy extractors, etc. Cryptographic key regeneration using biometrics e.g. fuzzy vault, fuzzy commitment, etc. 4

Existing Works on Key Regeneration Using Iris Hao et al. scheme Uses Reed-Solomon and Hadamard codes for correcting errors in iris codes 25% error correction is possible Cannot change error correction capability of Hadamard codes For comparatively noisy databases (like ICE), this scheme cannot work because many genuine comparisons have Hamming distance greater than 25% Bringer et al. scheme Reed-Muller and Product codes are used The keys generated by this scheme are small (42 bits) 5

Iris Code Matching as Error Correction Problem K K Noisy Data Encoder Data Decoder Communication Channel Noise causing elements Iris Code 1 Iris Code 2 Variations in iris codes are treated as errors and are corrected by the decoder. Error correcting capacity of the decoder should be such that it can separate genuine users from impostors On successful error correction, K=K which is used as cryptographic key 6

Schematic Diagram of the Key Regeneration Scheme 7

Iris Code Shuffling A shuffling key is generated using a password Iris code is divided into blocks; number of blocks = number of bits in shuffling key If a bit in the key is 1, corresponding iris code block is moved to the beginning; otherwise it is moved to the end This scheme increases Hamming distance for impostors, but for genuine users Hamming distance is unchanged 8

Iris Code Shuffling Schematic Diagram 9

Hamming Distance Distributions Before and After Shuffling Overlap between genuine and impostor users Hamming distance is decreased because of shuffling 10

Error Correcting Codes Iris codes have two types of errors: Background errors:- Due to camera noise, iris distortion, image-capture effects, etc. These are uniformly distributed Burst errors:- Due to eye-lids, eye-lashes, and specular reflections. These occur as bursts. We use Hadamard code to correct background errors and Reed-Solomon Codes to correct burst errors 11

Increasing Error Correction Capability of Hadamard Code Hadamard code s inherent error correction capacity is 25% which cannot be changed. Large number of genuine users comparisons where the hamming distance is more 25%. Adding similarity to the data can change the error distribution by decreasing the number of errors in a block Let there be p errors in n bits Adding q zeros uniformly to n will change the error ratio to R=p/(q+n); if R < 25%, p errors can be corrected Thus by changing q we can change (increase) the error correction capacity of Hadamard code 12

Database Used for System NIST-ICE Database Evaluation Exp-1-1,425 images of right irises of 124 users 12,214 genuine and 1,002,386 impostor comparisons Exp-2-1,528 images of left irises of 120 users 14,653 genuine and 1,151,975 impostor comparisons 13

Experimental Results Experimental parameters m = 6, Number of bits in each Reed-Solomon code block n s = 61, Number of blocks after Reed-Solomon encoding 8 zeros added to every 12 bits in the iris code; modified iris code length = 1,980, which is truncated to 1,952 bits. t s Error correction capability of Reed-Solomon Code ICE-Exp-1 ICE-Exp-2 t s Key Length FAR FRR FAR FRR 11 234 0.0008 2.48 0.003 3.49 14 198 0.055 1.04 0.124 1.41 15 186 0.096 0.76 0.21 1.09 t s acts as threshold by adjusting which we can fine tune the system performance 14

Security Analysis Entropy H = log 2 N 2 N w N is the number of degrees of freedom which can be calculated as 2 N = p(1 p) / σ where p = mean of the binomial distribution, and σ = standard deviation of the distribution w = number of bits corresponding to the error correction capacity (which is 35%) In our experiments, N = 1,172, w = 410 corresponding to 35% error correction capacity, thus Entropy of the key, H 83 bits 15

Comparison With Other Iris Based Systems Authors ECC Key Bits FRR in % FAR in % Entropy Database in bits Hao et al.[2] RSH 140 0.47 0 44 proprietary Bringer et al.[1] RMP 42 5.62 10-5 - ICE - RSH 186 0.76 0.096 83 ICE-Exp-1 - RSH 234 2.48 0.0008 83 ICE-Exp-1 RSH Reed-Solomon and Hadamard codes RMP Reed-Muller and Product codes [1] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zémor, "Optimal iris fuzzy sketches," in IEEE Conference on Biometrics: Theory, Applications and Systems, 2007. [2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, 2006. 16

Conclusions and Discussions Shuffling makes the iris codes more random, which helps in increasing the entropy; also it acts as interleaver and helps in error correction by distributing the error bursts The zero insertion scheme increases the error correction capability of Hadamard code which is otherwise fixed Longer keys compared to other schemes can be obtained with the proposed scheme which will have nearly 83 bit entropy The keys obtained with this scheme can be used in cryptographic systems; otherwise Hash values of the original and regenerated keys can be compared to securely verify the user The locked iris template does not reveal any biometric information thereby protecting the biometric data In case of compromise detection, the cryptographic key, smart card, and password can be changed and a new template can be issued; thus the templates are revocable 17

Contacts For further questions, please contact Sanjay.Kanade@it-sudparis.eu Dijana.Petrovska@it-sudparis.eu Danielle.Camara@it-sudparis.eu 18

Thank You!