Biometrics

Biometrics refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology, in particular, biometrics is used as a form of identity access. management and access control. It is also used to identify individuals in groups that are under surveillance. Biometric characteristics can be divided in two main classes: Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, hand and palm geometry, iris recognition, which has largely replaced retina, and odor/scent.Behavioral are related to the behavior of a person. Examples include, but are not limited to typing rhythm, gait, and voice. Some researchers have coined the term behaviometrics for this class of biometrics. Strictly speaking, voice is also a physiological trait because every person has a different vocal tract, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral.

Biometrics are no longer science-fiction and have found their way to all sorts of real-life applications. They are used as keys for opening doors or vaults, but also for border checks or for granting access to your personal computer. In the future, your fingerprints, face images and iris scans, will be everywhere.
Biometric data are considered to be sensitive and should be protected as much as possible. If they are exposed, they may reveal personal information about the subject, e.g., the age or a disease from which the subject is currently suffering. They might also lead to impersonation attacks, e.g., by constructing gummy fingers that produce prints similar to genuine ones, or profiling, which means that an adversary will try to create an extensive profile about the subject by matching data from different databases based on the biometric template, which serves as an identifier. For these reasons, biometric templates should be well protected. In the last decade several mechanisms for biometric template protection have been invented.

One notable example is a concept called cancellable biometrics, where the idea is to apply a one-way transform on biometric data before sending them to the verifier. Then the matching algorithm runs on the transformed data. Unfortunately, no good transforms have been discovered that provide both a high level of accuracy and security. The approach of transforming data and computing some result on it, relates to multi-party computation (MPC). An MPC protocol is a protocol in which a set of participants, each holding some private data, jointly compute a public function on the respective inputs and learn the result without learning anything about the data that was brought in by the other participants individually.

A biometric authentication scheme can be translated to a multi-party protocol: the subject inputs a template based on a fresh sample, the verifier inputs the previously registered template and they both want to compute the matching score between the two without revealing the templates to each other. There is a significant difference between templates and matching algorithms for different modalities so not all modalities are suited for this approach. Fingerprint templates may consist of a non-fixed set of coordinates and orientation tuples for minutiae, i.e., characteristic points in the fingerprint. Iriscodes are 2048-bit strings containing phase information derived from particular filters applied on an image of the iris. Matching iriscodes is basically the same as computing the hamming distance, while minutiae matching is far more complex. The purpose of this work is to study multi-party computation schemes and their applicability to the matching algorithms of different biometric modalities. Your task is to compare them, to come up with one or more new biometric authentication protocols based on multi-party computation and to implement them.

The first time an individual uses a biometric system is called an enrollment. During the enrollment, biometric information from an individual is stored. In subsequent uses, biometric information is detected and compared with the information stored at the time of enrollment. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and the system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted in the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of the relevant characteristics extracted from the source. Elements of the biometric measurement that are not used in the comparison algorithm are discarded in the template to reduce the filesize and to protect the identity of the enrollee. If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm. The matching program will analyze the template with the input. This will then be output for any specified use or purpose.

The advantage of passwords over biometrics is that they can be re-issued. If a token or a password is lost or stolen, it can be cancelled and replaced by a newer version. This is not naturally available in biometrics. If someone’s face is compromised from a database, they cannot cancel or reissue it. Cancelable biometrics is a way in which to incorporate protection and the replacement features into biometrics. It was first proposed by Ratha et al. Several methods for generating cancelable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching.

The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al.and Savvides et al., whereas other methods, such as Dabbah et al.,take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies.
Biometrics