Securing BioEncoded IrisCodes Against Correlation Attacks
|
|
- Lucinda Marshall
- 6 years ago
- Views:
Transcription
1 Securing BioEncoded IrisCodes Against Correlation Attacks Osama Ouda a,b, Norimichi Tusmura b and Toshiya Nakaguchi b a Faculty of Computers and Information Sciences, Mansoura University, Mansoura 35516, Egypt b Graduate School of Advanced Integration Science, Chiba University, Chiba-shi, , Japan oouda@graduate.chiba-u.jp, {tsumura, nakaguchi}@faculty.chiba-u.jp Abstract BioEncoding is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as IrisCodes. Unlike existing techniques, BioEncoding does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating the matching accuracy of the original biometric system. However, although the cancelable transformation employed in BioEncoding is non-invertible for a single protected template, it might be possible to recover the original biometric template by correlating several protected templates created from the same biometric signal. In this paper, the vulnerability of BioEncoding to correlation attacks is investigated. First, we show that cancelable templates obtained using BioEncoding are indeed vulnerable to correlation attacks. Then, we propose three different approaches to improve the security of BioEncoding against this type of attacks. The effectiveness of adopting the suggested approaches is validated and their impact on the matching accuracy is investigated empirically using CASIA-IrisV3-Interval dataset. Experimental results confirm the efficacy of the proposed approaches and show that they do not affect the matching accuracy of the recognition system. I. INTRODUCTION Unlike traditional key- and/or token-based authentication systems, biometrics-based authentication systems exhibit several usability advantages. However, since the number of biometric traits associated with each person is limited, canceling and replacing a compromised biometric template is not as easy as replacing a stolen password or token. Moreover, because biometrics may convey sensitive personal information about individuals [1], many security and privacy concerns have been raised about employing biometrics in human authentication/identification [2]. As a result, many template protection techniques have been proposed in the past few years in order to address these concerns [3]. Generally, template protection techniques can be categorized into two main categories; namely, biometric encryption (BE) and cancelable biometrics (CB). In BE techniques, such as fuzzy commitment [4], fuzzy extractors [5], and fuzzy vaults [6], biometric templates are linked with a user-specific key to produce a biometrically encrypted pseudo-identity for the user so that the key could be released only if the true biometric template is present on verification. On the other hand, CB methods, such as distorting transforms [7], BioHashing [8], and BioEncoding [9], derive distorted tem1plates from true biometric signals through applying different distorting transforms to true templates in different applications. Basically, a template protection scheme should be noninvertible, revocable, able to generate a large number of distinct protected templates, and should not introduce significant degradation to the recognition accuracy of the original (unprotected) biometric system [3]. Although it has been claimed that, by authors of existing template protection schemes, it is computationally infeasible to invert the protected templates generated using their proposed methods, it turned out that the security of these methods has been overestimated. Even if the existing transforms are indeed non-invertible for a single protected template, the original template could be inverted by correlating several templates created from the same (true) template (to be used in different applications). This correlation-based attack is sometimes called a record multiplicity attack. Unfortunately, it has been shown that almost all template protection methods that have been proposed so far are susceptible to this type of attacks. Scheirer and Boult [10] showed theoretically that both the fingerprint biometric encryption algorithm of Soutar et al. [11] and the fuzzy vault scheme [6] are vulnerable to recordmultiplicity attacks. Kholmatov and Yanikoglu [12] realized the correlation attack against the fuzzy vault scheme using fingerprints and the obtained results proved that the fuzzy vault scheme is indeed vulnerable to correlation attacks. Simoens et al. [1] demonstrated how protected templates generated by code-offset [4] and bit-permutation sketches [5] can be correlated and reversed. Nagar et al. [13] analyzed the invertibility of two well-known cancelable biometrics techniques, namely, distorting transforms for fingerprints [7] and BioHashing [8] and they showed that both techniques are susceptible to correlation attacks. Zhou and Kalker [14] confirmed that essential information about the original biometric features can be leaked if an attacker gained access to more BioHashes of the same user. BioEncoding [9] is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as IrisCodes. BioEncoding exhibits many advantages over other template protection schemes. Unlike existing tecnniques, BioEncoding does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating /11/$ IEEE
2 the matching accuracy. However, similar to other template protection techniques, the security of BioEncoidng against correlation attacks is questionable. In this paper, we investigate the security of BioEncoding against correlation attacks and we show that it is indeed vulnerable to this type of attacks. Then, we illustrate three different approaches to improve the security of BioEncoding against correlation attacks. The impact of adopting these approaches on both security and matching accuracy is also investigated. The rest of this paper is organized as follows. In Section II, the main procedure of BioEncoding is reviewed. In Section III, vulnerability of BioEncoding to correlation attacks is discussed. In Section IV, we describe the proposed approaches for securing BioEncoding against correlation attacks. Section V presents a set of experiments for validating the effectiveness of the proposed approaches. Finally, Section VI concludes the paper. II. BIOENCODING OVERVIEW The procedure of BioEncoding, presented in [9] and illustrated by the example shown in Fig.1, can be summarized as follows: 1) Divide bits of the true IrisCode into n/m words of fixed length m, where n is the number of bits in the IrisCode. In the example shown in Fig.1, n =30and m =3and the number of words is 10. 2) Generate a (pseudo-) random sequence S of length l = 2 m (in Fig.1, l =8) using a random seed that can be stored in a centralized storage. 3) Map each word in the true IrisCode to a single bit value in S whose location is addressed by the value in that word. 4) Constitute the protected BioCode from the set of n/m addressed bits. 5) Store the BioCode in the centralized storage and discard the original (unprotected) template. In fact, the discrimination between the resulting BioCodes is due to the variation existing between the true templates and not resulted from the random sequence and hence the same random sequence could be used with all users. Therefore, BioEncoding can be used without employing physical userspecific tokens since there no user-specific information need to be stored. On the other hand, it is straightforward to show that BioEncoding meets all the requirements of the cancelable biometrics construct. For the revocability requirement, in case of compromising the stored BioCodes, changing the random sequence and re-enrolling the users would generate a new set of protected BioCodes. Regarding the diversity requirement, it is possible to generate a large number of different BioCodes, especially when m is large, since 2 2m different random sequences can be generated using address words of length m.for the non-invertibility requirement, the many-to-one nature of the transformation process can guarantee its irreversibility. As shown in Fig. 2, every bit in the protected BioCode could be Fig. 1. Illustration of BioEncoding transformation process where m = 3. Fig. 2. The irreversibility of BioEncoding is due to the many-to-one nature of the transform. originated from 2 m 1 address words in the original IrisCode (assuming that the employed random sequence S is balanced, i.e. the number of ones in S equals the number of zeros equals 2 m 1 ). For example, the first bit in the protected BioCode shown in Fig. 2 could be originated from one of the address words 000, 011, 101 or 111. Hence, an attacker would have no way to guess the values of address words in the true IrisCode even he/she gained access to both the protected BioCode and the random sequence.
3 III. VULNERABILITY TO CORRELATION ATTACKS In this section, we show that although BioEncoding might be non-invertible for a single protected template [9], compromising more than one BioEncoded template, employed in different applications, can not only allow the attacker to reveal some information about the original biometric data, but also may enable him to recover the original features entirely, even with a limited number of compromised templates. As explained in the previous Section and illustrated in Fig. 2, due to the many-to-one transformation adopted in BioEncoding, every bit in a (single) compromised BioCode could be originated from 2 m 1 address words in the true template, where m is the size of any address word in the true IrisCode. However, if an adversary could gain access to more than one protected BioCode for the same user, he would try to correlate bits at the same position and hence reduce the list of candidate words. To further illustrate this scenario, let us assume that an attacker could gain access to the two BioCodes, BioCode1 and BioCode2, along with their corresponding random sequences, S 1 and S 2, shown in the example in Fig. 3. Since the first bit in BioCode1 is 0 and the first bit in BioCode2 is 1, the task now is to search for words that address 0 in S 1 AND address 1 in S 2. In our example, only two words, 011 and 101, satisfy this condition. Recall that in the case of compromising only one BioCode, shown in the example in Fig. 2, there were four candidate words. That is, the number of candidate words reduces with the number of compromised BioCodes. More formally, assuming that the random sequences that are employed in different applications are independent and identically distributed, it would be expected that the fractional Hamming distance between any pair of these sequences to be 0.5 (i.e. 50% of the bits in these sequences are similar). Under this assumption, if the number of the compromised databases is 2, then the many-to-one transformation employed in BioEncoding would reduce from 2 m 1 -to-1 to 2 m 2 -to-1. That is, bits at position i in the compromised BioCodes would be originated from 2 m 2 address words in the original template rather than 2 m 1 words as in case of compromising a single BioCode. Generally, if the number of compromised BioCodes is k, the many-to-one transformation of BioEncoding would reduce from 2 m 1 -to-1 to 2 m k -to-1 transformation. Obviously, if k = m, the many-to-one transformation would reduce to a one-to-one transformation (i.e. invertible transformation). This implies that for address words of size m, it is possible to recover the entire features of the true biometrics data (or at least a close approximation of the original template) if an attacker could gain access to at least m databases. Figure 4 shows an example of recovering the entire (true) template from three compromised BioCodes for m =3. IV. SECURING BIOENCODED TEMPLATES What makes BioEncoding vulnerable to correlation attacks is that in every application of its transformation process, the order, and hence the values, of the address words do not change. As a result, all the corresponding bits (bits at same location i) in two (or more) compromised BioCodes are always Fig. 3. Example of BioCode inversion via correlation attack using 2 compromised databases (m = 3). Fig. 4. Example of BioCode inversion via correlation attack with 3 compromised databases (m = 3). addressed by the same value; that is, value of address word at location i in the original template (assuming that this value is always the same regardless of the intra-user variations). Therefore, modifying the values of address words before every application of BioEncoding would make its security against correlation attacks as robust as its security against brute-force search attacks. In this paper, we propose three different approaches to hinder correlation attacks on BioEncoding. The essence of the three approaches is based on changing the values of address words, in the true IrisCode, before every application of the BioEncoding mapping process. The first approach is to use different lengths of address words in different applications. If an attacker gained access to two BioCodes belonging to the same user, he would not be able to link the ith bit in the two BioCodes to the same word in the true IrisCode since the value of the ith address word used in the first application would be different from the value of the ith address word
4 in the second application due to the change of word size. Although this approach could make BioEncoding more robust against correlation attacks, it restricts the renewability capacity of BioEncoding since one cannot increase the size of address words at will. This is because very large word-sizes would result in small BioCodes that might be more vulnerable to simple brute-force attacks. A more efficient approach is to permute the original template before applying the BioEncoding transformation using different (secret) permutations in different applications. Unlike the first approach, the same size of address words could be used in different applications since the values of corresponding address words are ensured to be different as a result of the permutation process. Obviously, the secret permutation should be stored in the enrolment database in order to be used during verification. Storing this permutation key would not affect the security of the system since what is encoded is the permuted template and hence this key would be useless to the attacker unless he/she could reverse the encoded sequence, which is practically infeasible as explained in Section II. Alternatively, the original template could be XORed with a random sequence of the same length before applying BioEncoding in every new application. Similar to the permutation approach, changing the values of address words is guaranteed after this XORing process. Again, the random sequence which is XORed with the true template needs to be stored in order to be used during verification. Only if the attacker could reverse the encoded (and ciphered) template, which is computationally infeasible, this random sequence could be used to recover the original template. Employing the above approaches would make inverting the protected BioCodes using correlation attacks requires an attacker to perform as many number of trials as required in simple brute-force search attacks at a cost of storing an extra random sequence (in case of XORing approach) or a random permutation key (in case of the permutation approach). V. EXPERIMENTS AND DISCUSSION We have conducted several experiments to testify the effectiveness of the proposed approaches and to investigate the impact of integrating these approaches into BioEncoding on the matching accuracy. The publicly available iris image database collected by the Chinese Academy of Science-Institute of Automation, CASIA-IrisV3-Interval [15] was used in the experiments. This database contains 2639 images captured from 396 different classes (eyes). IrisCodes were generated form all images in the dataset using the open source MATLAB implementation provided by Masek and Kovesi [16]. The objective of the first experiment was to measure the robustness of BioEncoding against correlation attacks. In this experiment, we searched for patterns that consist of the corresponding bits in different BioCodes derived from the same IrisCode (for example, the pattern 01 in Fig.3) in all patterns Fig. 5. Hamming distances between true IrisCodes and code patterns base BioEncoding. Fig. 6. Hamming distances between true IrisCodes and code patterns modified BioEncoding (XORing approach). that are composed of the same bits in the associated random sequences. The address word of the first matched pattern is selected as the reversed word for that pattern (for example, the word 011 in Fig.3). To evaluate the success of this attack, the similarity between the reversed template and the true IrisCode is measured using the normalized Hamming distance. Fig. 7. Hamming distances between true IrisCodes and code patterns modified BioEncoding (permutation approach).
5 We tested different word sizes (m = 3, 4, 5 and 6) assuming different number of compromised BioCodes (1 to 6) and the whole process is repeated 100 times using different random sequences for each configuration. The results obtained from this experiment, shown in Fig.5, indicate that the percentage of the recovered bits in true IrisCodes increases when the number of compromised BioCodes increases. More importantly, the results imply that for BioCodes generated using address words of length m, more than 75% of the true IrisCode can be recovered if the number of the compromised BioCodes is m. The above experiment, using the same setup, was repeated to test the effectiveness of XORing (or permuting) the true template before applying the random addressing process of BioEncoding. Figures 6 and 7 show the obtained results for XORing and permuting, respectively. Both figures show similar results that illustrate the efficacy of integrating the proposed ciphering step in the BioEncoding technique. Using this step, the resistance of BioEncoding against correlation attacks would become as same as its resistance against brute-force search attacks since in every new application of BioEncoding, different patterns are used for the same IrisCode. Furthermore, correlating more BioCodes derived from different permutation of the same IrisCode would produce more random templates as the number of BioCodes increases since the probability of the average mismatch between the reversed words and the true words increases with increasing the number of BioCodes employed in the attack until the mismatch reaches 50% (totally random) as shown in Fig.6 and Fig.7. Finally, to investigate the impact of integrating the ciphering step into BioEncoding on the matching performance, a subset that contains 740 iris images (74 class, 10 images/class) were selected from the employed dataset. Then, the genuine and imposter matching scores were calculated for unprotected IrisCodes, BioCodes generated using base BioEncoding, BioCodes derived using modified BioEncoding using permutation, and BioCodes derived using modified BioEncoding using XORing. All BioCodes were generated using address words of length 5. For genuine comparisons, the first template of each class was matched against the other remaining nine templates of the same eye, and for imposter comparisons, the first template of each class was matched against all templates of all the other classes. The ROC curves for the four test scenarios are shown in Fig. 8. The obtained results show that integrating the ciphering step into BioEncoding does not affect the matching accuracy of the system. VI. CONCLUSION In this paper, the security of a recently proposed cancelable biometrics scheme, known as BioEncoding, against correlation attacks, has been investigated. We showed that although BioEncoding is secure against brute-force attacks, it is vulnerable to correlation attacks. Accordingly, we proposed three different approaches to enhance the security of BioEncoding against correlation attacks. Experimental results using CASIA- V3-Interval dataset validated our analysis and confirmed the Fig. 8. ROC curves for IrisCodes and BioCodes derived using base and modified BioEncoding. effectiveness of the proposed modifications in terms of security and accuracy. REFERENCES [1] K. Simoens, P. Tuyls and B. Preneel, Privacy Weaknesses in Biometric Sketches, in Proc. IEEE Symposium on Security and Privacy, [2] S. Prabhakar, S. Pankanti and A. K. Jain, Biometric Recognition: Security and Privacy Concerns, IEEE Security and Privacy Magazine, vol.1, no.2, pp.33-42, Mar [3] A. K. Jain, K. Nandakumar and A. Nagar, Biometric Template Security, EURASIP Journal on Advances in Signal Processing, January [4] A. Juels and M. A. Wattenberg, fuzzy commitment scheme, ACM Conference on Computer and Communications Security, CCS [5] F. Hao, R. Anderson and J. Daugman, Combining crypto with biometrics effectively, IEEE Transactions on Computers, vol. 55, no. 9, pp , Sep [6] A. Jules and M. Sudan, A Fuzzy vault scheme, Proceedings of IEEE International symposium on Information Theory, p. 408, [7] N. K. Ratha, S. Chikkerur, J. H. Connell and R. Bolle, Generating cancelable fingerprint templates, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp , [8] A.B.J. Teoh, D.C.L. Ngo and A. Goh, BioHashing: two factor authentication featuring fingerprint data and tokenised random number, Pattern Recognition, vol. 37, no. 11, pp , Nov [9] O. Ouda, N. Tsumura and T. Nakaguchi, BioEncoding: a reliable tokenless cancelable biometrics scheme for protecting IrisCodes, IEICE Trans. Inf & Syst., vol.e93-d, no.7, July [10] W. J. Scheirer and T. E. Boult, Cracking fuzzy vaults and biometric encryption, in Proceedings of the Biometrics Symposium, Baltimore, Md, USA, September [11] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy and B. V. K. V. Kumar, Biometric Encrpytion, in ICSA Guide to Cryptography, R. K. Nichols, Ed., McGraw Hill, New York, NY, USA, [12] A. Kholmatov and B. Yanikoglu, Realization of correlation attack against fuzzy vault scheme, In Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, vol of Proceedings of SPIE, [13] A. Nagar, K. Nandakumar and A. K. Jain, Biometric template transformation: a security analysis, In Media Forensics and Security II, vol of Proceedings of SPIE, [14] X. Zhou and T. Kalker, On the security of BioHashing, in Media Forensics and Security II, vol of Proceedings of SPIE, [15] CASIA iris image database, Available: abases.htm. [16] Libor Masek, Peter Kovesi. MATLAB Source Code for a Biometric Identification System Based on Iris Patterns. The School of Computer Science and Software Engineering, The University of Western Australia
PAPER BioEncoding: A Reliable Tokenless Cancelable Biometrics Scheme for Protecting IrisCodes
IEICE TRANS. INF. & SYST., VOL.Exx??, NO.xx XXXX 200x 1 PAPER BioEncoding: A Reliable Tokenless Cancelable Biometrics Scheme for Protecting IrisCodes Osama OUDA a), Nonmember, Norimichi TSUMURA, and Toshiya
More informationPIN-based cancelable biometrics
PIN-based cancelable biometrics Patrick Lacharme, Aude Plateaux GREYC Research lab, Ensicaen - UCBN - CNRS 6 Boulevard Maréchal Juin, 14000 Caen, France. Aude Plateaux is also with BULL SAS, France. patrick.lacharme@ensicaen.fr,
More informationThis is an accepted version of a paper published in Elsevier Information Fusion. If you wish to cite this paper, please use the following reference:
This is an accepted version of a paper published in Elsevier Information Fusion. If you wish to cite this paper, please use the following reference: T. Murakami, T. Ohki, K. Takahashi, Optimal sequential
More informationEXTRACTING BIOMETRIC BINARY STRINGS WITH MINIMAL AREA UNDER THE FRR CURVE FOR THE HAMMING DISTANCE CLASSIFIER
17th European Signal Processing Conference (EUSIPCO 29) Glasgow, Scotland, August 24-28, 29 EXTRACTING BIOMETRIC BINARY STRINGS WITH MINIMA AREA UNER THE CURVE FOR THE HAMMING ISTANCE CASSIFIER Chun Chen,
More informationResearch Article Binary Biometric Representation through Pairwise Adaptive Phase Quantization
Hindawi Publishing Corporation EURASIP Journal on Information Security Volume, Article ID 5436, 6 pages doi:.55//5436 Research Article Binary Biometric Representation through Pairwise Adaptive Phase Quantization
More informationSecure Sketch for Multiple Secrets
Secure Sketch for Multiple Secrets Chengfang Fang 1, Qiming Li 2, and Ee-Chien Chang 1, 1 School of Computing, National University of Singapore {c.fang,changec}@comp.nus.edu.sg 2 Institute for Infocomm
More informationON BINARY REPRESENTATIONS FOR BIOMETRIC TEMPLATE PROTECTION. Chun Chen
ON BINARY REPRESENTATIONS FOR BIOMETRIC TEMPLATE PROTECTION Chun Chen De promotiecommissie: voorzitter en secretaris: Prof.dr.ir. A.J. Mouthaan promotor: Prof.dr.ir. C.H. Slump assistent promotor: Dr.ir.
More informationA Fuzzy Sketch with Trapdoor
A Fuzzy Sketch with Trapdoor Julien Bringer 1, Hervé Chabanne 1, Quoc Dung Do 2 1 SAGEM Défense Sécurité, 2 Ecole Polytechnique, ENST Paris. Abstract In 1999, Juels and Wattenberg introduce an effective
More informationCancellable biometrics and annotations on BioHash
Pattern Recognition 41 (28) 234 244 www.elsevier.com/locate/pr Cancellable biometrics and annotations on BioHash Andrew B.J. Teoh a,, Yip Wai Kuan b, Sangyoun Lee a a Biometrics Engineering Research Center
More informationRELIABLE BIOMETRIC AUTHENTICATION WITH PRIVACY PROTECTION
RELIABLE BIOMETRIC AUTHENTICATION WITH PRIVACY PROTECTION E. VERBITSKIY, P. TUYLS, D. DENTENEER, J.P. LINNARTZ PHILIPS RESEARCH LABORATORIES PROF. HOLSTLAAN 4, AA 5656 EINDHOVEN, THE NETHERLANDS {EVGENY.VERBITSKIY,PIM.TUYLS,DEE.DENTENEER,J.P.LINNARTZ@PHILIPS.COM}
More informationPartial Hiding in Public-Key Cryptography
Partial Hiding in Public-Key Cryptography Eabhnat Ní Fhloinn and Michael Purser School of Mathematics, Trinity College Dublin, Ireland. Abstract. This paper explores the idea of exposing sections of the
More informationInformation Leakage of Continuous-Source Zero Secrecy Leakage Helper Data Schemes
Information Leakage of Continuous-Source Zero Secrecy Leakage Helper Data Schemes Joep de Groot, Boris Škorić, Niels de Vreede, Jean-Paul Linnartz Abstract A Helper Data Scheme is a cryptographic primitive
More informationAn Analysis of BioHashing and Its Variants
An Analysis of BioHashing and Its Variants 1, 2 Adams Kong, 1 King-Hong Cheung, 1 David Zhang, 2 Mohamed Kamel and 1 Jane You 1 Biometrics Research Centre Department of Computing The Hong Kong Polytechnic
More informationDiagnostic Category Leakage in Helper Data Schemes for Biometric Authentication
Secrypt 23 Diagnostic Category Leakage in Helper Data Schemes for Biometric Authentication Joep de Groot, Boris Škorić 2, Niels de Vreede 2, Jean-Paul Linnartz Signal Processing Systems, Eindhoven University
More informationTHE FUZZY VAULT FOR FINGERPRINTS IS VULNERABLE TO BRUTE FORCE ATTACK
THE FUZZY VAULT FOR FINGERPRINTS IS VULNERABLE TO BRUTE FORCE ATTACK PREDA MIHĂILESCU Abstract. The fuzzy vault approach is one of the best studied and well accepted ideas for binding cryptographic security
More informationSecure Sketch for Multi-Sets
Secure Sketch for Multi-Sets Ee-Chien Chang Vadym Fedyukovych Qiming Li March 15, 2006 Abstract Given the original set X where X = s, a sketch P is computed from X and made public. From another set Y where
More informationT Cryptography: Special Topics. February 24 th, Fuzzy Extractors: Generating Strong Keys From Noisy Data.
February 24 th, 2005 Fuzzy Extractors: Generating Strong Keys From Noisy Data Helsinki University of Technology mkivihar@cc.hut.fi 1 Overview Motivation and introduction Preliminaries and notation General
More informationAMONG several approaches for image classification,
IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE 1 A Framework for Binding and Retrieving Class-Specific Information to and from Image Patterns using Correlation Filters Vishnu Naresh Boddeti,
More informationA Contrario Detection of False Matches in Iris Recognition
A Contrario Detection of False Matches in Iris Recognition Marcelo Mottalli, Mariano Tepper, and Marta Mejail Departamento de Computación, Universidad de Buenos Aires, Argentina Abstract. The pattern of
More informationFingerprint Individuality
Fingerprint Individuality On the Individuality of Fingerprints, Sharat Pankanti, Anil Jain and Salil Prabhakar, IEEE Transactions on PAMI, 2002 US DOJ, Office of the Inspector General, A Review of the
More informationSecure Sketch for Biometric Templates
Secure Sketch for Biometric Templates Qiming Li 1, Yagiz Sutcu 2, and Nasir Memon 3 1 Department of Computer and Information Science 2 Department of Electrical and Computer Engineering 3 Department of
More informationResearch Article Biometric Quantization through Detection Rate Optimized Bit Allocation
Hindawi Publishing Corporation EURASIP Journal on Advances in Signal Processing Volume 9, Article ID 78484, 6 pages doi:.55/9/78484 Research Article Biometric Quantization through Detection Rate Optimized
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationBiometric Security Based on ECG
Biometric Security Based on ECG Lingni Ma, J.A. de Groot and Jean-Paul Linnartz Eindhoven University of Technology Signal Processing Systems, Electrical Engineering l.ma.1@student.tue.nl j.a.d.groot@tue.nl
More informationIf you wish to cite this paper, please use the following reference:
This is an accepted version of a paper published in Proceedings of the st IEEE International Workshop on Information Forensics and Security (WIFS 2009). If you wish to cite this paper, please use the following
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationCoding Solutions for the Secure Biometric Storage Problem
1 Coding Solutions for the Secure Biometric Storage Problem Davide Schipani and Joachim Rosenthal Institute of Mathematics University of Zurich Winterthurerstr. 190, 8057 Zurich, Switzerland Email: {davide.schipani,
More informationFoundations of Cryptography
- 111 - Foundations of Cryptography Notes of lecture No. 10B & 11 (given on June 11 & 18, 1989) taken by Sergio Rajsbaum Summary In this lecture we define unforgeable digital signatures and present such
More informationApplication of hopfield network in improvement of fingerprint recognition process Mahmoud Alborzi 1, Abbas Toloie- Eshlaghy 1 and Dena Bazazian 2
5797 Available online at www.elixirjournal.org Computer Science and Engineering Elixir Comp. Sci. & Engg. 41 (211) 5797-582 Application hopfield network in improvement recognition process Mahmoud Alborzi
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 23 February 2011 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationClassification Performance Comparison of a Continuous and Binary Classifier under Gaussian Assumption
Classification Performance Comparison of a Continuous and Binary Classifier under Gaussian Assumption E.J.C. Kelkboom and J. Breebaart Philips Research, The Netherlands Emile.Kelkboom@philips.com Jeroen.Breebaart@philips.com
More informationTechnical Report. Results from 200 billion iris cross-comparisons. John Daugman. Number 635. June Computer Laboratory
Technical Report UCAM-CL-TR-635 ISSN 1476-2986 Number 635 Computer Laboratory Results from 200 billion iris cross-comparisons John Daugman June 2005 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom
More informationOptimal XOR based (2,n)-Visual Cryptography Schemes
Optimal XOR based (2,n)-Visual Cryptography Schemes Feng Liu and ChuanKun Wu State Key Laboratory Of Information Security, Institute of Software Chinese Academy of Sciences, Beijing 0090, China Email:
More informationHas this Person Been Encountered Before? : Modeling an Anonymous Identification System
A version of this paper appears in the IEEE Computer Society Workshop on Biometrics at the Computer Vision and Pattern Recognition Conference (CVPR 1, Providence, RI, USA, June 1 Has this Person Been Encountered
More informationCryptanalysis of a Message Authentication Code due to Cary and Venkatesan
Cryptanalysis of a Message Authentication Code due to Cary and Venkatesan Simon R. Blackburn and Kenneth G. Paterson Department of Mathematics Royal Holloway, University of London Egham, Surrey, TW20 0EX,
More informationInformation-Theoretic Analysis of Iris Biometrics for Biometric Cryptography
Acta Polytechnica Hungarica Vol. 14, No. 4, 2017 Information-Theoretic Analysis of Iris Biometrics for Biometric Cryptography Sasa Adamovic, Milan Milosavljevic, Mladen Veinovic, Marko Sarac, Aleksandar
More informationSecurity Implications of Quantum Technologies
Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu
More information1 Indistinguishability for multiple encryptions
CSCI 5440: Cryptography Lecture 3 The Chinese University of Hong Kong 26 September 2012 1 Indistinguishability for multiple encryptions We now have a reasonable encryption scheme, which we proved is message
More informationComparison of Selected Fast Orthogonal Parametric Transforms in Data Encryption
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 23 No. 2 (2015), pp. 55-68 Comparison of Selected Fast Orthogonal Parametric Transforms in Data Encryption Dariusz Puchala Lodz University of Technology Institute
More informationCoding Solutions for the Secure Biometric Storage Problem 1
Coding Solutions for the Secure Biometric Storage Problem 1 Davide Schipani University of Zürich Mathematics Institute CH-8057 Zurich, Switzerland Joachim Rosenthal University of Zürich Mathematics Institute
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationScore calibration for optimal biometric identification
Score calibration for optimal biometric identification (see also NIST IBPC 2010 online proceedings: http://biometrics.nist.gov/ibpc2010) AI/GI/CRV 2010, Ottawa Dmitry O. Gorodnichy Head of Video Surveillance
More informationPassword Cracking: The Effect of Bias on the Average Guesswork of Hash Functions
Password Cracking: The Effect of Bias on the Average Guesswork of Hash Functions Yair Yona, and Suhas Diggavi, Fellow, IEEE Abstract arxiv:608.0232v4 [cs.cr] Jan 207 In this work we analyze the average
More informationPredicting large population data cumulative match characteristic performance from small population data
Predicting large population data cumulative match characteristic performance from small population data Amos Y. Johnson, Jie Sun, and Aaron F. Bobick GVU Center / College of Computing Georgia Tech, Atlanta,
More informationFuzzy Extractors and Cryptography, or How to Use Your Fingerprints
Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints Yevgeniy Dodis. Leonid Reyzin Adam Smith November 11, 2003 Abstract We provide formal definitions and efficient secure techniques for
More informationCryptanalysis of Patarin s 2-Round Public Key System with S Boxes (2R)
Cryptanalysis of Patarin s 2-Round Public Key System with S Boxes (2R) Eli Biham Computer Science Department Technion Israel Institute of Technology Haifa 32000, Israel biham@cs.technion.ac.il http://www.cs.technion.ac.il/~biham/
More informationRole of Assembling Invariant Moments and SVM in Fingerprint Recognition
56 Role of Assembling Invariant Moments SVM in Fingerprint Recognition 1 Supriya Wable, 2 Chaitali Laulkar 1, 2 Department of Computer Engineering, University of Pune Sinhgad College of Engineering, Pune-411
More informationA Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems
MITSUBISHI ELECTRIC RESEARCH LABORATORIES http://www.merl.com A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems Wang, Y.; Rane, S.; Draper, S.C.; Ishwar,
More informationPerfectly secure cipher system.
Perfectly secure cipher system Arindam Mitra Lakurdhi, Tikarhat Road, Burdwan 713102 India Abstract We present a perfectly secure cipher system based on the concept of fake bits which has never been used
More informationRAMAKRISHNA LANKA MSEE, UTA ADVISING PROFESSOR: DR. K. R. RAO
RAMAKRISHNA LANKA MSEE, UTA ADVISING PROFESSOR: DR. K. R. RAO Personal identity management 3 Exponential growth of population and migration of people is a challenge to person management. Risk of identity
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationHow to Correct More Errors in a Secure Sketch
How to Correct More Errors in a Secure Sketch Y-L Lai yenlung.lai@monash.edu August 29, 2018 Abstract Secure sketch produces public information of its input w without revealing it, yet, allows the exact
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationA Modified Moment-Based Image Watermarking Method Robust to Cropping Attack
A Modified Moment-Based Watermarking Method Robust to Cropping Attack Tianrui Zong, Yong Xiang, and Suzan Elbadry School of Information Technology Deakin University, Burwood Campus Melbourne, Australia
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 24 October 2012 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationLecture 22. We first consider some constructions of standard commitment schemes. 2.1 Constructions Based on One-Way (Trapdoor) Permutations
CMSC 858K Advanced Topics in Cryptography April 20, 2004 Lecturer: Jonathan Katz Lecture 22 Scribe(s): agaraj Anthapadmanabhan, Ji Sun Shin 1 Introduction to These otes In the previous lectures, we saw
More information19. Coding for Secrecy
19. Coding for Secrecy 19.1 Introduction Protecting sensitive information from the prying eyes and ears of others is an important issue today as much as it has been for thousands of years. Government secrets,
More informationGuesswork Subject to a Total Entropy Budget
Guesswork Subject to a Total Entropy Budget Arman Rezaee, Ahmad Beirami, Ali Makhdoumi, Muriel Médard, and Ken Duffy arxiv:72.09082v [cs.it] 25 Dec 207 Abstract We consider an abstraction of computational
More informationIf you wish to cite this paper, please use the following reference:
This is an accepted version of a paper published in Proceedings of the 13th International Conference on Applied Cryptography and Network Security (ACNS 2015). If you wish to cite this paper, please use
More informationCryptanalysis of a Multistage Encryption System
Cryptanalysis of a Multistage Encryption System Chengqing Li, Xinxiao Li, Shujun Li and Guanrong Chen Department of Mathematics, Zhejiang University, Hangzhou, Zhejiang 310027, China Software Engineering
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 16, 2013 CPSC 467, Lecture 14 1/45 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
More informationarxiv: v2 [cs.cr] 6 Aug 2017
Cryptanalyzing an Image Scrambling Encryption Algorithm of Pixel Bits Chengqing Li a,, Dongdong Lin a, Jinhu Lü b a Hunan Province Cooperative Innovation Center for Wind Power Equipment and Energy Conversion,
More informationPalmprint based Verification System Robust to Occlusion using Low-order Zernike Moments of Sub-images
BADRINATH, NARESH, GUPTA: PALMPRINT BASED VERIFICATION SYSTEM 1 Palmprint based Verification System Robust to Occlusion using Low-order Zernike Moments of Sub-images Badrinath G. S. badri@cse.iitk.ac.in
More informationCryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1
Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption
More informationIBM Research Report. The Relation between the ROC Curve and the CMC
RC23885 (W0602-49) February 7, 2006 Mathematics IBM Research Report The Relation between the ROC Curve and the CMC R. M. Bolle, J. H. Connell, S. Pankanti, N. K. Ratha, A. W. Senior IBM Research Division
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationA Block Cipher using an Iterative Method involving a Permutation
Journal of Discrete Mathematical Sciences & Cryptography Vol. 18 (015), No. 3, pp. 75 9 DOI : 10.1080/097059.014.96853 A Block Cipher using an Iterative Method involving a Permutation Lakshmi Bhavani Madhuri
More informationCOMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.
COMS W4995 Introduction to Cryptography October 12, 2005 Lecture 12: RSA, and a summary of One Way Function Candidates. Lecturer: Tal Malkin Scribes: Justin Cranshaw and Mike Verbalis 1 Introduction In
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More information2. Definition & Classification
Information Hiding Data Hiding K-H Jung Agenda 1. Data Hiding 2. Definition & Classification 3. Related Works 4. Considerations Definition of Data Hiding 3 Data Hiding, Information Hiding Concealing secret
More informationOne-way Hash Function Based on Neural Network
One-way Hash Function Based on Neural Network Shiguo Lian, Jinsheng Sun, Zhiquan Wang Department of Automation, Nanjing University of Science & echnology, Nanjing, 294, China, sg_lian@63.com Abstract A
More informationWhere do pseudo-random generators come from?
Computer Science 2426F Fall, 2018 St. George Campus University of Toronto Notes #6 (for Lecture 9) Where do pseudo-random generators come from? Later we will define One-way Functions: functions that are
More informationImplementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction
Implementation of the RSA algorithm and its cryptanalysis Chandra M. Kota and Cherif Aissi 1 University of Louisiana at Lafayette, College of Engineering Lafayette, LA 70504, USA Abstract Session IVB4
More informationAn introduction to Hash functions
An introduction to Hash functions Anna Rimoldi eriscs - Universitée de la Méditerranée, Marseille Secondo Workshop di Crittografia BunnyTN 2011 A. Rimoldi (eriscs) Hash function 12 September 2011 1 / 27
More informationDeep Random based Key Exchange protocol resisting unlimited MITM
Deep Random based Key Exchange protocol resisting unlimited MITM Thibault de Valroger (*) Abstract We present a protocol enabling two legitimate partners sharing an initial secret to mutually authenticate
More informationTowards Provable Security of Substitution-Permutation Encryption Networks
Towards Provable Security of Substitution-Permutation Encryption Networks Zhi-Guo Chen and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University at Kingston, Ontario,
More informationUncloneable Quantum Money
1 Institute for Quantum Computing University of Waterloo Joint work with Michele Mosca CQISC 2006 1 Supported by NSERC, Sun Microsystems, CIAR, CFI, CSE, MITACS, ORDCF. Outline Introduction Requirements
More informationBreaking an encryption scheme based on chaotic Baker map
Breaking an encryption scheme based on chaotic Baker map Gonzalo Alvarez a, and Shujun Li b a Instituto de Física Aplicada, Consejo Superior de Investigaciones Científicas, Serrano 144 28006 Madrid, Spain
More informationExperiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard, F.-X. Standaert, J.-J. Quisquater UCL Crypto Group Microelectronics Laboratory Catholic University of Louvain - UCL
More informationQuantization Index Modulation using the E 8 lattice
1 Quantization Index Modulation using the E 8 lattice Qian Zhang and Nigel Boston Dept of Electrical and Computer Engineering University of Wisconsin Madison 1415 Engineering Drive, Madison, WI 53706 Email:
More informationCube Attacks on Non-Blackbox Polynomials Based on Division Property (Full Version)
Cube Attacks on Non-Blackbox Polynomials Based on Division Property (Full Version) Yosuke Todo 1, Takanori Isobe 2, Yonglin Hao 3, and Willi Meier 4 1 NTT Secure Platform Laboratories, Tokyo 180-8585,
More informationPhysically Unclonable Functions
Physically Unclonable Functions Rajat Subhra Chakraborty Associate Professor Department of Computer Science and Engineering IIT Kharagpur E-mail: rschakraborty@cse.iitkgp.ernet.in ISEA Workshop IIT Kharagpur,
More informationEstimation and sample size calculations for correlated binary error rates of biometric identification devices
Estimation and sample size calculations for correlated binary error rates of biometric identification devices Michael E. Schuckers,11 Valentine Hall, Department of Mathematics Saint Lawrence University,
More informationDelegateable Signature Using Witness Indistinguishable and Witness Hiding Proofs
Delegateable Signature Using Witness Indistinguishable and Witness Hiding Proofs Chunming Tang 1, Dingyi Pei 1,2 Zhuojun Liu 3 1 Institute of Information Security of Guangzhou University, P.R.China 2 State
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationIdentification and Key Distribution Based on Biometric Information
Identification and Key Distribution Based on Biometric Information Prof. Dr. Valery Korzhik University of Telecommunications St. Petersburg (Russia) -2007- 1. Identification of users Alice y(password)
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationNew polynomials for strong algebraic manipulation detection codes 1
Fifteenth International Workshop on Algebraic and Combinatorial Coding Theory June 18-24, 2016, Albena, Bulgaria pp. 7 12 New polynomials for strong algebraic manipulation detection codes 1 Maksim Alekseev
More informationOn the provable security of BEAR/LION schemes
On the provable security of BEAR/LION schemes Bunny 2011 Matteo Piva University of Trento 12nd September, 2011 M. Piva (University of Trento) BEAR and LION 12nd September, 2011 1 / 51 Acknowledgments This
More informationComputers and Mathematics with Applications
Computers and Mathematics with Applications 61 (2011) 1261 1265 Contents lists available at ScienceDirect Computers and Mathematics with Applications journal homepage: wwwelseviercom/locate/camwa Cryptanalysis
More informationEncrypting More Information in Visual Cryptography Scheme
Encrypting More Information in Visual Cryptography Scheme Feng Liu 1, Peng Li 2 and ChuanKun Wu 1 1 State Key Laboratory Of Information Security, Institute of Information Engineering, Chinese Academy of
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationFast Cryptanalysis of the Matsumoto-Imai Public Key Scheme
Fast Cryptanalysis of the Matsumoto-Imai Public Key Scheme P. Delsarte Philips Research Laboratory, Avenue Van Becelaere, 2 B-1170 Brussels, Belgium Y. Desmedt Katholieke Universiteit Leuven, Laboratorium
More informationThe Pseudorandomness of Elastic Block Ciphers
The Pseudorandomness of Elastic Block Ciphers Debra L. Cook and Moti Yung and Angelos Keromytis Department of Computer Science, Columbia University {dcook,moti,angelos}@cs.columbia.edu September 28, 2005
More informationAPPLYING QUANTUM SEARCH TO A KNOWN- PLAINTEXT ATTACK ON TWO-KEY TRIPLE ENCRYPTION
APPLYING QUANTUM SEARCH TO A KNOWN- PLAINTEXT ATTACK ON TWO-KEY TRIPLE ENCRYPTION Phaneendra HD, Vidya Raj C, Dr MS Shivakumar Assistant Professor, Department of Computer Science and Engineering, The National
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationImpossible Differential Cryptanalysis of Mini-AES
Impossible Differential Cryptanalysis of Mini-AES Raphael Chung-Wei Phan ADDRESS: Swinburne Sarawak Institute of Technology, 1 st Floor, State Complex, 93576 Kuching, Sarawak, Malaysia. rphan@swinburne.edu.my
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More information