Secure and privacy-preserving user authentication using biometrics
Identity management lies in the field of Information Security, presenting numerous attractive research categories. Biometrics have been established as a new approach to mitigate the limitations and weaknesses of traditional access methods of passwords and tokens. However, biometrics introduce new security and privacy risks since they cannot be easily revoked. Due to the noisy nature of biometrics, traditional cryptography cannot be used to efficiently protect biometric systems. Thus, template protection schemes have been developed in order to encrypt and decrypt biometric data in an error-tolerant way. In this thesis, we design, implement and evaluate a fuzzy vault template protection scheme, in order to protect fingerprint minutiae points. Fuzzy vault schemes can protect a secret value using a biometric template, and this secret value can be decrypted only if an input template overlaps significantly with the original one. In these designs, the security is based on the hardness of the polynomial reconstruction problem. During this research, the most challenging issue that has been faced is the issue of alignment for the biometric templates in the encrypted domain. State-of-the art is discussed, being focused on the use of minutiae points and any information extracted from the fingerprint image. By addressing the advantages and disadvantages of the suggested methods, we utilize an alignment technique to handle the problematic area of the minutiae patterns alignment in cryptographic approaches. This method is considered to be ideal for private friendly biometric designs based on stored minutiae points, instead of full fingerprints, rendering irreversible the access at the original images. After the fuzzy vault implementation, our experiments show that there is significant trade-off between system’s security and performance, under different parameter values. Finally, the results of this thesis can provide a useful tool for other researchers, since our findings indicate which of the combinations for the experiments can be utilized for the design of a biometric scheme that is both accurate and secure.