| Biometrics is an automated method of identifying a person or verifying the identity of a person based on a physiological or behavioral characteristic. Biometric-based authentication applications include workstation and network access, transaction security, and identity management. Biometrics is expected to play a key role in personal authentication for large-scale applications such as e-passport, e-comerce and e-government. However, there are many concerns with the use of biometric data and the technolgies, some of which are relevant in several areas of data protection, personal privacy and misuse of the technologies, mainly including: 1) Biometric data contain sensitive information of health, gender, race, etc. Leakage of information would give rise to many troubles for its possessor's social activities, e.g. insurance, job.2) Biometric traits are unique and permanent, once they are compromised, they can not be cancelled or updated.3) The uniqueness of traits makes it easy to trace a person. Although cryptology can ensure the security of biometric data, the management and storage of cryptographic keys are its weakest chain, and it can hardly remove people's anxiety about an intrusion of privacy. The concerns about security of biometrics and its intrusion to privacry have been one of barriers to the wider applications of biometrics. The security of biometric data refers to that they must be properly kept secret while the privacy relates to higher requirement -except its possessor, even data managers can not get any information of biometric data. In order to mitigate worries of the public towards biometrics, it is necessary to develop privacy-protection biometric techniques capable of overcoming those disadvantages of traditional biometrics. Firstly, the matching should be processed in a secret or transformed style, which implies that the templates may be stored in a transformed version. Even when the data are compromised, no information about original biometric data can be leaked out. Secondly, the transformed template must be cancelable. If a template is disclosed, it is easy to create a new transformed template which has no relation to the old one. Thirdly, compared with traditional ones, accuracy performance of new approache does not deteriorate too much.In this thesis, through a review of the advances in privacy-protection biometrics, it is found that in terms of all biometric traits, there is no omnipotent method which can meet requirements of security and accuracy at the same time. Our interest is focused on the authentication technique using fingerprint which is one of the most commonly used biometric characteristics. Most traditional fingerprint systems take minutiae as feature descriptor. However, it is very difficult to design a perfect protection scheme for minutiae due to the two reasons. Firstly, in secret style, the alignment and error tolerance are big problems because the spacial relations among distinct minutiae are damaged. Secondly, variations of scanned regions result in variations of the number of minutiae.Ratha et al proposed a famous scheme called cancelable fingerprint template. In their scheme, a noninvertible function is utilized to transform the minutiae. The template and the query are matched in transformed version. By analysing the security of the scheme it is found that the design of their noninvertible function is not reasonable. If an attacker can crack the smart card storing the parameters of the function, then he can learn most minutiae by solving non-linear equations or brute attack.Fuzzy vault scheme is another important privacy-protection method in which a cryptographic key is bound by a set, and the set is protected by many chaff points. The scheme can handle unordered set, and thus, it is suitable for minutiae. In the thesis, a new implementation is proposed with the following advantages:1) The constructions of binding function are usually related to the length of the cryptographic key in the existing schemes, while the binding function is independent of the key.2) In the existing implemenations, error tolerance is provided by quantization. The margin effect of quantization decreases the accuracy. However, in our implementation, the accuracy is improved without quantization.Fuzzy vault scheme is vulnerable to ARM attack. To overcome this defect, a new method called encrypted fuzzy vault is presented. In the new scheme, a cryptographic key is bound by minutiae as does in fuzzy vault firstly. Then some keys are derived from a password or coarse granulariy of minutiae. The number of these keys is equal to that of minutiae. Each minutia is encrypted by a randomly chosen key. This proposed method can defeat ARM attack, but needs much less storage than that in fuzzy vault.Finally, two remote mutual authentication protocols based on minutiae are designed. In the first scheme, a set of random values is generated as a private template, and then a transformation polynomial is derived from the template and the minutiae. The private template is stored in the server, and the polynomial is stored on a smart card held by the user. At authentication phase, the user's fresh minutiae are transformed by the polynomial, and then a mutual authentication protocols is carried out between the two parties. In the protocol, a PM protocol is embedded, which guarantees that the two parties can jointly calculate the intersection of the private template and the transformed minutiae, without leaking any additional information to each other. If the cardinality of the intersection is large than or equal to a threshold, two parties can verify each other. The second scheme is based on encrypted fuzzy vault. Once the user restores the correct cryptgraphic key, a shared secret between him and the server, from encrypted fuzzy vault, the two parties performs a 2P KDP with the shared key to verify each other.
|
PDF Full Text Request