SECURITY/PRIVACY ANALYSIS OF BIOMETRIC HASHING AND TEMPLATE PROTECTION FOR FINGERPRINT MINUTIAE
EE, PhD Dissertation, 2016
Assoc. Prof. Dr. Hakan Erdoğan (Thesis Advisor),
Assoc. Prof. Dr. Müjdat Çetin,
Prof. Dr. Berrin Yanıkoğlu,
Assoc. Prof. Dr. Murat Saraçlar,
Assoc. Prof. Dr. Olcay Kurşun
Date & Time: June 2nd, 2016 – 1 PM
Place: FENS G025
Keywords : Biometrics, biometric template protection, face verification, fingerprint verification, biohashing
This thesis has two main parts. The first part deals with security and privacy analysis of biometric hashing. The second part introduces a method for fixed-length feature vector extraction and hash generation from fingerprint minutiae.
The upsurge of interest in biometric systems has lead to development of biometric template protection methods in order to overcome security and privacy problems. Biometric hashing produces a secure binary template by combining a personal secret key and the biometric of a person, which leads to a two factor authentication method. This dissertation analyzes biometric hashing both from a theoretical point of view and in regards to its practical application. For theoretical evaluation of biohashes, a systematic approach which uses estimated entropy based on degree of freedom of a binomial distribution is outlined. In addition, novel practical security and privacy attacks against biometric hashing are presented to quantify additional protection provided by biometrics in cases where the secret key is compromised (i.e., the attacker is assumed to know the user's secret key). The results show that biometric templates would be in serious danger of being exposed when the secret key is known by an attacker, and the system would be under a serious threat as well.
Due to its distinctiveness and performance, fingerprint is preferred among various biometric modalities in many settings. Most fingerprint recognition systems use minutiae information, which is an unordered collection of minutiae locations and orientations. Template protection algorithms (such as fuzzy commitment and other modern cryptographic alternatives) require a fixed-length binary template. However, such a template protection method is not directly applicable to fingerprint minutiae representation which by its nature is of variable size. This dissertation introduces a novel and empirically validated framework that represents a minutiae set with a rotation invariant fixed-length vector and hence enables using biometric template protection methods for fingerprint recognition without significant loss in verification performance. In addition, the fixed-length vector produced by this framework is converted into a binary hash so that modern cryptographic alternatives based on homomorphic encryption can be applied for minutiae template protection.