Secure and privacy-preserving user authentication using biometrics
View/ Open
Keywords
Cryptography ; Biometrics ; Information securityAbstract
Identity management lies in the field of Information Security, presenting numerous
attractive research categories. Biometrics have been established as a new approach
to mitigate the limitations and weaknesses of traditional access methods of passwords
and tokens. However, biometrics introduce new security and privacy risks since they
cannot be easily revoked.
Due to the noisy nature of biometrics, traditional cryptography cannot be used
to efficiently protect biometric systems. Thus, template protection schemes have
been developed in order to encrypt and decrypt biometric data in an error-tolerant
way.
In this thesis, we design, implement and evaluate a fuzzy vault template protection
scheme, in order to protect fingerprint minutiae points. Fuzzy vault schemes can
protect a secret value using a biometric template, and this secret value can be
decrypted only if an input template overlaps significantly with the original one. In
these designs, the security is based on the hardness of the polynomial reconstruction
problem.
During this research, the most challenging issue that has been faced is the issue
of alignment for the biometric templates in the encrypted domain. State-of-the art is
discussed, being focused on the use of minutiae points and any information extracted
from the fingerprint image. By addressing the advantages and disadvantages of the
suggested methods, we utilize an alignment technique to handle the problematic area
of the minutiae patterns alignment in cryptographic approaches. This method is
considered to be ideal for private friendly biometric designs based on stored minutiae
points, instead of full fingerprints, rendering irreversible the access at the original
images.
After the fuzzy vault implementation, our experiments show that there is significant
trade-off between system’s security and performance, under different parameter
values. Finally, the results of this thesis can provide a useful tool for other researchers,
since our findings indicate which of the combinations for the experiments can be
utilized for the design of a biometric scheme that is both accurate and secure.