Securing BioEncoded IrisCodes Against Correlation Attacks

Transcription

1 Securing BioEncoded IrisCodes Against Correlation Attacks Osama Ouda a,b, Norimichi Tusmura b and Toshiya Nakaguchi b a Faculty of Computers and Information Sciences, Mansoura University, Mansoura 35516, Egypt b Graduate School of Advanced Integration Science, Chiba University, Chiba-shi, , Japan oouda@graduate.chiba-u.jp, {tsumura, nakaguchi}@faculty.chiba-u.jp Abstract BioEncoding is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as IrisCodes. Unlike existing techniques, BioEncoding does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating the matching accuracy of the original biometric system. However, although the cancelable transformation employed in BioEncoding is non-invertible for a single protected template, it might be possible to recover the original biometric template by correlating several protected templates created from the same biometric signal. In this paper, the vulnerability of BioEncoding to correlation attacks is investigated. First, we show that cancelable templates obtained using BioEncoding are indeed vulnerable to correlation attacks. Then, we propose three different approaches to improve the security of BioEncoding against this type of attacks. The effectiveness of adopting the suggested approaches is validated and their impact on the matching accuracy is investigated empirically using CASIA-IrisV3-Interval dataset. Experimental results confirm the efficacy of the proposed approaches and show that they do not affect the matching accuracy of the recognition system. I. INTRODUCTION Unlike traditional key- and/or token-based authentication systems, biometrics-based authentication systems exhibit several usability advantages. However, since the number of biometric traits associated with each person is limited, canceling and replacing a compromised biometric template is not as easy as replacing a stolen password or token. Moreover, because biometrics may convey sensitive personal information about individuals [1], many security and privacy concerns have been raised about employing biometrics in human authentication/identification [2]. As a result, many template protection techniques have been proposed in the past few years in order to address these concerns [3]. Generally, template protection techniques can be categorized into two main categories; namely, biometric encryption (BE) and cancelable biometrics (CB). In BE techniques, such as fuzzy commitment [4], fuzzy extractors [5], and fuzzy vaults [6], biometric templates are linked with a user-specific key to produce a biometrically encrypted pseudo-identity for the user so that the key could be released only if the true biometric template is present on verification. On the other hand, CB methods, such as distorting transforms [7], BioHashing [8], and BioEncoding [9], derive distorted tem1plates from true biometric signals through applying different distorting transforms to true templates in different applications. Basically, a template protection scheme should be noninvertible, revocable, able to generate a large number of distinct protected templates, and should not introduce significant degradation to the recognition accuracy of the original (unprotected) biometric system [3]. Although it has been claimed that, by authors of existing template protection schemes, it is computationally infeasible to invert the protected templates generated using their proposed methods, it turned out that the security of these methods has been overestimated. Even if the existing transforms are indeed non-invertible for a single protected template, the original template could be inverted by correlating several templates created from the same (true) template (to be used in different applications). This correlation-based attack is sometimes called a record multiplicity attack. Unfortunately, it has been shown that almost all template protection methods that have been proposed so far are susceptible to this type of attacks. Scheirer and Boult [10] showed theoretically that both the fingerprint biometric encryption algorithm of Soutar et al. [11] and the fuzzy vault scheme [6] are vulnerable to recordmultiplicity attacks. Kholmatov and Yanikoglu [12] realized the correlation attack against the fuzzy vault scheme using fingerprints and the obtained results proved that the fuzzy vault scheme is indeed vulnerable to correlation attacks. Simoens et al. [1] demonstrated how protected templates generated by code-offset [4] and bit-permutation sketches [5] can be correlated and reversed. Nagar et al. [13] analyzed the invertibility of two well-known cancelable biometrics techniques, namely, distorting transforms for fingerprints [7] and BioHashing [8] and they showed that both techniques are susceptible to correlation attacks. Zhou and Kalker [14] confirmed that essential information about the original biometric features can be leaked if an attacker gained access to more BioHashes of the same user. BioEncoding [9] is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as IrisCodes. BioEncoding exhibits many advantages over other template protection schemes. Unlike existing tecnniques, BioEncoding does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating /11/$ IEEE

2 the matching accuracy. However, similar to other template protection techniques, the security of BioEncoidng against correlation attacks is questionable. In this paper, we investigate the security of BioEncoding against correlation attacks and we show that it is indeed vulnerable to this type of attacks. Then, we illustrate three different approaches to improve the security of BioEncoding against correlation attacks. The impact of adopting these approaches on both security and matching accuracy is also investigated. The rest of this paper is organized as follows. In Section II, the main procedure of BioEncoding is reviewed. In Section III, vulnerability of BioEncoding to correlation attacks is discussed. In Section IV, we describe the proposed approaches for securing BioEncoding against correlation attacks. Section V presents a set of experiments for validating the effectiveness of the proposed approaches. Finally, Section VI concludes the paper. II. BIOENCODING OVERVIEW The procedure of BioEncoding, presented in [9] and illustrated by the example shown in Fig.1, can be summarized as follows: 1) Divide bits of the true IrisCode into n/m words of fixed length m, where n is the number of bits in the IrisCode. In the example shown in Fig.1, n =30and m =3and the number of words is 10. 2) Generate a (pseudo-) random sequence S of length l = 2 m (in Fig.1, l =8) using a random seed that can be stored in a centralized storage. 3) Map each word in the true IrisCode to a single bit value in S whose location is addressed by the value in that word. 4) Constitute the protected BioCode from the set of n/m addressed bits. 5) Store the BioCode in the centralized storage and discard the original (unprotected) template. In fact, the discrimination between the resulting BioCodes is due to the variation existing between the true templates and not resulted from the random sequence and hence the same random sequence could be used with all users. Therefore, BioEncoding can be used without employing physical userspecific tokens since there no user-specific information need to be stored. On the other hand, it is straightforward to show that BioEncoding meets all the requirements of the cancelable biometrics construct. For the revocability requirement, in case of compromising the stored BioCodes, changing the random sequence and re-enrolling the users would generate a new set of protected BioCodes. Regarding the diversity requirement, it is possible to generate a large number of different BioCodes, especially when m is large, since 2 2m different random sequences can be generated using address words of length m.for the non-invertibility requirement, the many-to-one nature of the transformation process can guarantee its irreversibility. As shown in Fig. 2, every bit in the protected BioCode could be Fig. 1. Illustration of BioEncoding transformation process where m = 3. Fig. 2. The irreversibility of BioEncoding is due to the many-to-one nature of the transform. originated from 2 m 1 address words in the original IrisCode (assuming that the employed random sequence S is balanced, i.e. the number of ones in S equals the number of zeros equals 2 m 1 ). For example, the first bit in the protected BioCode shown in Fig. 2 could be originated from one of the address words 000, 011, 101 or 111. Hence, an attacker would have no way to guess the values of address words in the true IrisCode even he/she gained access to both the protected BioCode and the random sequence.

3 III. VULNERABILITY TO CORRELATION ATTACKS In this section, we show that although BioEncoding might be non-invertible for a single protected template [9], compromising more than one BioEncoded template, employed in different applications, can not only allow the attacker to reveal some information about the original biometric data, but also may enable him to recover the original features entirely, even with a limited number of compromised templates. As explained in the previous Section and illustrated in Fig. 2, due to the many-to-one transformation adopted in BioEncoding, every bit in a (single) compromised BioCode could be originated from 2 m 1 address words in the true template, where m is the size of any address word in the true IrisCode. However, if an adversary could gain access to more than one protected BioCode for the same user, he would try to correlate bits at the same position and hence reduce the list of candidate words. To further illustrate this scenario, let us assume that an attacker could gain access to the two BioCodes, BioCode1 and BioCode2, along with their corresponding random sequences, S 1 and S 2, shown in the example in Fig. 3. Since the first bit in BioCode1 is 0 and the first bit in BioCode2 is 1, the task now is to search for words that address 0 in S 1 AND address 1 in S 2. In our example, only two words, 011 and 101, satisfy this condition. Recall that in the case of compromising only one BioCode, shown in the example in Fig. 2, there were four candidate words. That is, the number of candidate words reduces with the number of compromised BioCodes. More formally, assuming that the random sequences that are employed in different applications are independent and identically distributed, it would be expected that the fractional Hamming distance between any pair of these sequences to be 0.5 (i.e. 50% of the bits in these sequences are similar). Under this assumption, if the number of the compromised databases is 2, then the many-to-one transformation employed in BioEncoding would reduce from 2 m 1 -to-1 to 2 m 2 -to-1. That is, bits at position i in the compromised BioCodes would be originated from 2 m 2 address words in the original template rather than 2 m 1 words as in case of compromising a single BioCode. Generally, if the number of compromised BioCodes is k, the many-to-one transformation of BioEncoding would reduce from 2 m 1 -to-1 to 2 m k -to-1 transformation. Obviously, if k = m, the many-to-one transformation would reduce to a one-to-one transformation (i.e. invertible transformation). This implies that for address words of size m, it is possible to recover the entire features of the true biometrics data (or at least a close approximation of the original template) if an attacker could gain access to at least m databases. Figure 4 shows an example of recovering the entire (true) template from three compromised BioCodes for m =3. IV. SECURING BIOENCODED TEMPLATES What makes BioEncoding vulnerable to correlation attacks is that in every application of its transformation process, the order, and hence the values, of the address words do not change. As a result, all the corresponding bits (bits at same location i) in two (or more) compromised BioCodes are always Fig. 3. Example of BioCode inversion via correlation attack using 2 compromised databases (m = 3). Fig. 4. Example of BioCode inversion via correlation attack with 3 compromised databases (m = 3). addressed by the same value; that is, value of address word at location i in the original template (assuming that this value is always the same regardless of the intra-user variations). Therefore, modifying the values of address words before every application of BioEncoding would make its security against correlation attacks as robust as its security against brute-force search attacks. In this paper, we propose three different approaches to hinder correlation attacks on BioEncoding. The essence of the three approaches is based on changing the values of address words, in the true IrisCode, before every application of the BioEncoding mapping process. The first approach is to use different lengths of address words in different applications. If an attacker gained access to two BioCodes belonging to the same user, he would not be able to link the ith bit in the two BioCodes to the same word in the true IrisCode since the value of the ith address word used in the first application would be different from the value of the ith address word

4 in the second application due to the change of word size. Although this approach could make BioEncoding more robust against correlation attacks, it restricts the renewability capacity of BioEncoding since one cannot increase the size of address words at will. This is because very large word-sizes would result in small BioCodes that might be more vulnerable to simple brute-force attacks. A more efficient approach is to permute the original template before applying the BioEncoding transformation using different (secret) permutations in different applications. Unlike the first approach, the same size of address words could be used in different applications since the values of corresponding address words are ensured to be different as a result of the permutation process. Obviously, the secret permutation should be stored in the enrolment database in order to be used during verification. Storing this permutation key would not affect the security of the system since what is encoded is the permuted template and hence this key would be useless to the attacker unless he/she could reverse the encoded sequence, which is practically infeasible as explained in Section II. Alternatively, the original template could be XORed with a random sequence of the same length before applying BioEncoding in every new application. Similar to the permutation approach, changing the values of address words is guaranteed after this XORing process. Again, the random sequence which is XORed with the true template needs to be stored in order to be used during verification. Only if the attacker could reverse the encoded (and ciphered) template, which is computationally infeasible, this random sequence could be used to recover the original template. Employing the above approaches would make inverting the protected BioCodes using correlation attacks requires an attacker to perform as many number of trials as required in simple brute-force search attacks at a cost of storing an extra random sequence (in case of XORing approach) or a random permutation key (in case of the permutation approach). V. EXPERIMENTS AND DISCUSSION We have conducted several experiments to testify the effectiveness of the proposed approaches and to investigate the impact of integrating these approaches into BioEncoding on the matching accuracy. The publicly available iris image database collected by the Chinese Academy of Science-Institute of Automation, CASIA-IrisV3-Interval [15] was used in the experiments. This database contains 2639 images captured from 396 different classes (eyes). IrisCodes were generated form all images in the dataset using the open source MATLAB implementation provided by Masek and Kovesi [16]. The objective of the first experiment was to measure the robustness of BioEncoding against correlation attacks. In this experiment, we searched for patterns that consist of the corresponding bits in different BioCodes derived from the same IrisCode (for example, the pattern 01 in Fig.3) in all patterns Fig. 5. Hamming distances between true IrisCodes and code patterns base BioEncoding. Fig. 6. Hamming distances between true IrisCodes and code patterns modified BioEncoding (XORing approach). that are composed of the same bits in the associated random sequences. The address word of the first matched pattern is selected as the reversed word for that pattern (for example, the word 011 in Fig.3). To evaluate the success of this attack, the similarity between the reversed template and the true IrisCode is measured using the normalized Hamming distance. Fig. 7. Hamming distances between true IrisCodes and code patterns modified BioEncoding (permutation approach).

5 We tested different word sizes (m = 3, 4, 5 and 6) assuming different number of compromised BioCodes (1 to 6) and the whole process is repeated 100 times using different random sequences for each configuration. The results obtained from this experiment, shown in Fig.5, indicate that the percentage of the recovered bits in true IrisCodes increases when the number of compromised BioCodes increases. More importantly, the results imply that for BioCodes generated using address words of length m, more than 75% of the true IrisCode can be recovered if the number of the compromised BioCodes is m. The above experiment, using the same setup, was repeated to test the effectiveness of XORing (or permuting) the true template before applying the random addressing process of BioEncoding. Figures 6 and 7 show the obtained results for XORing and permuting, respectively. Both figures show similar results that illustrate the efficacy of integrating the proposed ciphering step in the BioEncoding technique. Using this step, the resistance of BioEncoding against correlation attacks would become as same as its resistance against brute-force search attacks since in every new application of BioEncoding, different patterns are used for the same IrisCode. Furthermore, correlating more BioCodes derived from different permutation of the same IrisCode would produce more random templates as the number of BioCodes increases since the probability of the average mismatch between the reversed words and the true words increases with increasing the number of BioCodes employed in the attack until the mismatch reaches 50% (totally random) as shown in Fig.6 and Fig.7. Finally, to investigate the impact of integrating the ciphering step into BioEncoding on the matching performance, a subset that contains 740 iris images (74 class, 10 images/class) were selected from the employed dataset. Then, the genuine and imposter matching scores were calculated for unprotected IrisCodes, BioCodes generated using base BioEncoding, BioCodes derived using modified BioEncoding using permutation, and BioCodes derived using modified BioEncoding using XORing. All BioCodes were generated using address words of length 5. For genuine comparisons, the first template of each class was matched against the other remaining nine templates of the same eye, and for imposter comparisons, the first template of each class was matched against all templates of all the other classes. The ROC curves for the four test scenarios are shown in Fig. 8. The obtained results show that integrating the ciphering step into BioEncoding does not affect the matching accuracy of the system. VI. CONCLUSION In this paper, the security of a recently proposed cancelable biometrics scheme, known as BioEncoding, against correlation attacks, has been investigated. We showed that although BioEncoding is secure against brute-force attacks, it is vulnerable to correlation attacks. Accordingly, we proposed three different approaches to enhance the security of BioEncoding against correlation attacks. Experimental results using CASIA- V3-Interval dataset validated our analysis and confirmed the Fig. 8. ROC curves for IrisCodes and BioCodes derived using base and modified BioEncoding. effectiveness of the proposed modifications in terms of security and accuracy. REFERENCES [1] K. Simoens, P. Tuyls and B. Preneel, Privacy Weaknesses in Biometric Sketches, in Proc. IEEE Symposium on Security and Privacy, [2] S. Prabhakar, S. Pankanti and A. K. Jain, Biometric Recognition: Security and Privacy Concerns, IEEE Security and Privacy Magazine, vol.1, no.2, pp.33-42, Mar [3] A. K. Jain, K. Nandakumar and A. Nagar, Biometric Template Security, EURASIP Journal on Advances in Signal Processing, January [4] A. Juels and M. A. Wattenberg, fuzzy commitment scheme, ACM Conference on Computer and Communications Security, CCS [5] F. Hao, R. Anderson and J. Daugman, Combining crypto with biometrics effectively, IEEE Transactions on Computers, vol. 55, no. 9, pp , Sep [6] A. Jules and M. Sudan, A Fuzzy vault scheme, Proceedings of IEEE International symposium on Information Theory, p. 408, [7] N. K. Ratha, S. Chikkerur, J. H. Connell and R. Bolle, Generating cancelable fingerprint templates, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp , [8] A.B.J. Teoh, D.C.L. Ngo and A. Goh, BioHashing: two factor authentication featuring fingerprint data and tokenised random number, Pattern Recognition, vol. 37, no. 11, pp , Nov [9] O. Ouda, N. Tsumura and T. Nakaguchi, BioEncoding: a reliable tokenless cancelable biometrics scheme for protecting IrisCodes, IEICE Trans. Inf & Syst., vol.e93-d, no.7, July [10] W. J. Scheirer and T. E. Boult, Cracking fuzzy vaults and biometric encryption, in Proceedings of the Biometrics Symposium, Baltimore, Md, USA, September [11] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy and B. V. K. V. Kumar, Biometric Encrpytion, in ICSA Guide to Cryptography, R. K. Nichols, Ed., McGraw Hill, New York, NY, USA, [12] A. Kholmatov and B. Yanikoglu, Realization of correlation attack against fuzzy vault scheme, In Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, vol of Proceedings of SPIE, [13] A. Nagar, K. Nandakumar and A. K. Jain, Biometric template transformation: a security analysis, In Media Forensics and Security II, vol of Proceedings of SPIE, [14] X. Zhou and T. Kalker, On the security of BioHashing, in Media Forensics and Security II, vol of Proceedings of SPIE, [15] CASIA iris image database, Available: abases.htm. [16] Libor Masek, Peter Kovesi. MATLAB Source Code for a Biometric Identification System Based on Iris Patterns. The School of Computer Science and Software Engineering, The University of Western Australia