Biometric cryptosystem
Recent research has investigated how to strongly combine biometrics and cryptography
in order
- to enhance security and privacy with respect to the storage of biometric reference
templates, and
- to employ biometrics as a wrapper mechanism for securely storing and revealing
cryptographic keys.
However, this approach is challenged by slight variations within the measurement
of biometrics. As subsequent submissions are subject to altered acquisition conditions,
variations within position, physical execution and human interaction, their measurements
are rarely identical.
This inherent fuzziness of biometric data gives rise to different cryptographic values
of the same biometric trait. Thus, cryptographic techniques cannot be directly employed
onto biometrics. However, by tolerating slight variability within its unlocking and locking
sets, the fuzzy vault of Juels and Sudan [10] allows to intersect biometrics with a
cryptographic concept, resulting in a biometric cryptosystem. This cryptographic concept
allows an unordered set of values to be used for locking a secret key value inside
the vault, such that someone who possesses a substantial number of locking elements
will be able to unlock the secret. The secret value can be unlocked by sets that substantially
overlap with the original locking set, which makes the fuzzy vault useful in
circumstances where precise recall of the values that constitute the locking set is difficult
or impossible. The inherent variance within measurements of biometric traits provides
only approximate data and thus biometrics form a natural source of locking data for the
fuzzy vault. Jain et al. [11; 12]] and several others have
investigated the usage of biometric traits within the fuzzy vault. Compared with more
conventional implementations of biometric authentication, the fuzzy vault provides the
advantages of increased security and enhanced privacy by removing the need to store
the biometric traits directly within the biometric system. Current biometric cryptosystems
rely on Juels and Sudan’s fuzzy vault concept which restricts its employment to
only one applicant or one biometric trait.
Considering that biometrics are public data and that confidential data is locked into
the vault under their unique features, a set of multiple biometric inputs is expected to
increase security in terms of spoofing biometrics. The complexity of an attack increases
according to the number of biometrics involved.
The purpose of our approach is to extend the single control fuzzy vault to a multiple
control tool. This generalisation not only allows multiple users or multiple biometric
traits to be granted access to a single secret, but also extends the vault’s capability
to incorporate secret sharing scheme structures. Due to the similarities in employing
polynomial interpolation, we identify a connection between Shamir’s secret sharing
scheme [13] and the fuzzy vault. As pointed out by Juels and Sudan [10], it is
not possible to allow fuzzy inputs in secret sharing by fuzzy hiding of individual shares
in Shamir’s scheme. Nevertheless, we can borrow ideas of generalizing access structures
in Shamir’s scheme in order to attain our goal.
In particular, the proposed construction within one of our publications of a
"multiple control fuzzy vault" has been developed on a threshold, compartmented and hierarchical access structure. These constructions
allow multiple biometrics to be bound with a secret given a secret sharing
access structure. Systems based on our constructions offer the flexibility to choose
among different biometric traits according to the environment. Those include scenarios
applying multimodal biometric applications or shared biometric access control without
requiring storage of unprotected biometric datasets. The multiple control fuzzy vault
can thus be viewed to contribute significant new application opportunities.
More about Cryptography: "The fuzzy vault"
Publication: "The multiple-control fuzzy vault"
