A hybrid cryptosystem for biometric authentication and template protection

Biometrics provides a secure means of authentication because it is difficult to copy, forge, or steal biometric modalities. However, the biometric modalities used are not secret as biometric data can be obtained without the knowledge, permission or cooperation of the owner, thus violating the security of the authentication system and the privacy of legitimate users. Stolen and compromised biometric information can be used to carry out replay, template reconstruction attacks, and other unscrupulous activities such as function creep, profiling, template sharing, and data matching, resulting in catastrophic incidents of security attack, privacy violation and loss of identity, as well as a significant loss of users' confidence in the authentication system. Existing hybrid cryptosystems rely on the secrecy of user-specific parameter and the complexity of template protection algorithms, but do not guarantee template security, user privacy and identity protection once the constituent template protection schemes are compromised. This research proposes a hybrid biometric cryptosystem based on key binding and salting techniques to provide template security, user privacy, resistance to loss of identity and good recognition accuracy. The proposed key binding scheme known as modified shielding function minimizes the complexity of image processing and addresses the security as well as privacy limitations of generic shielding function. We also propose a salting technique known as matrix transformation technique that increases the security of stored biometric data and prevents the recovery of original biometric data from secured templates. Although matrix transformation provides high level template security and user privacy, it has poor recognition accuracy. Therefore, a hybrid cryptosystem is proposed, which leverages on the high security of matrix transformation and good recognition accuracy of the modified shielding function to provide an authentication approach which increases the security of stored biometric data, privacy of legitimate users, resistance to loss of identity and good recognition accuracy. The feasibility of the proposed approach is assessed using face, iris and multibiometric data. The goal is to compare the performance of the approach on different biometric modalities. This provides a comparison between the recognition accuracy of a highly reliable biometric modality such as iris and that of a less reliable modality such as face. The multibiometric modality provides a midpoint between the performances based on iris and face. This is to show that presence of iris bits in multibiometric templates minimizes the impact of the pervasiveness of face on the recognition accuracy of the system. Tt also shows that the presence of face data in multibiometric templates has a negative impact on the reliability of iris. The face dataset consists of 756 face images of 108 subjects obtained from CASIA near infrared database. The experimental dataset for iris also consists of 756 images of 108 subjects which are obtained from the CASIA iris VI database. The multibiometric dataset is constructed based on the fusion of756 face images and 756 iris images of 108 subjects. Experimental results show that the hybrid scheme has better recognition accuracy for iris as compared to face or multibiometric data. The genuine-imposter curves show that template protection leads to a reduction in recognition accuracy. Security and privacy analyses show that the hybrid scheme provides much better template security, user privacy and resistance to loss of identity compared to modified shielding function and matrix transformation. Overall, the hybrid scheme provides good recognition accuracy and increases the security of stored biometric data, privacy of legitimate users and protection against loss of identity even if an impostor compromises the constituent template protection algorithms.