Biometrics-based authentication schemes that use fingerprint matching, face recognition, etc., offer usability advantages over passwords and ID cards. Biometric schemes are therefore rapidly replacing traditional authentication schemes. Despite the obvious advantages, however, the use of biometrics raises several security and privacy concerns. Unlike passwords and cryptographic keys, biometrics are not concealed and can be easily misused without a user's consent. In addition, unlike PINs and credit card numbers, biometrics are permanently associated with an individual and cannot be ‘canceled’ and changed if compromised. Conceptual frameworks for cancelable biometric representations have been presented in: R. M. Bolle, J. H. Connell, S. Pankanti, N. K. Ratha, and A. W. Senior. Guide to Biometrics. Springer Verlag, 2003; and N. K. Ratha, J. H. Connell, and R. Bolle. Enhancing Security and Privacy in Biometrics-based Authentication System. IBM Systems Journal, 40(3):614-634, 2001; a comprehensive review can be found in: U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain. Biometric Cryptosystems: Issues and Challenges. Proceedings of the IEEE, 92(6):948-960, June, 2004.
Recently, anonymous templates for biometric samples have been described. These include adding user-specific ‘extra’ information to the existing biometric template (reminiscent to password ‘salting’ methods) [see e.g. T. Connie, A. B. J. Teoh, M. K. O. Goh, and D. C. L. Ngo. PalmHashing: a Novel Approach for Cancelable Biometrics. Information Processing Letters, 93(1): 1-5, Jan. 2005; and M. Savvides, B. V. K. V. Kumar, and P. K. Khosla. Cancelable Biometric Filters for Face Recognition. In International Conference on Pattern Recognition, pages 922-925, 2004; generating robust keys from noisy biometric data; schemes involving auxiliary information like helper data or fuzzy extractors [see e.g., G. Davida, Y. Frankel, B. Matt, and R. Peralta. On The Relation of Error Correction and Cryptography to an Off-Line Biometric Based Identification Scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography (1999); F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel. Cryptographic Key Generation from Voice. In Proc. IEEE Symp. On Security and Privacy, pages 202-213, May, 2001; F. Monrose, M. K. Reiter, and S. Wetzel. Password Hardening Based on Key Stroke Dynamics. In ACM Conf. on Computer and Communications Security, pages 73-82, 1999; and U. Uludag and A. K. Jain. A Fuzzy Fingerprint Vault. In Workshop: Biometrics: Challenges arising from theory to practice, pages 13-16, 2004]; and, non-invertible transforms where the original biometric is transformed using a one-way function [see e.g., R. Ang, R. Safavi-Naini, and L. McAven. Cancelable Key-based Fingerprint Templates. In 10th Australian Conf. on Information Security and Privacy, ACISP 2005, pages 242-252, Brisbane, Australia, July, 2005; N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle. Generating Cancelable Fingerprint Templates. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4):561-572, 2007; and S. Tulyakov, F. Farooq, and V. Govindaraju. Symmetric Hash Functions for Fingerprint Minutiae. In ICAPR (2), pages 30-38, Bath, UK, 2005].
Unfortunately, the templates often have considerably higher error rates than the baseline matchers [see e.g., S. Tulyakov, F. Farooq, and V. Govindaraju. Symmetric Hash Functions for Fingerprint Minutiae. In ICAPR (2), pages 30-38, Bath, UK, 2005; P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G. J. Schrijen, A. M. Bazen, and R. N. J. Veldhuis. Practical Biometric Authentication with Template Protection. In AVBPA, pages 436^146, 2005; and U. Uludag and A. K. Jain. A Fuzzy Fingerprint Vault]. In Workshop: Biometrics: Challenges Arising from Theory to Practice, pages 13-16, 2004). A recent work describes one-way transformation functions that work with existing point-based matchers. However, they require that there exist reliable registration points (core and delta in this case) for the alignment of the fingerprints into guarantee repeatability of the transformations [see N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle. Generating Cancelable Fingerprint Templates. In IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4):561-572, 2007]. In another work, a two-factor authentication system with high accuracy is presented, but the algorithm also requires a reliable registration point (core) for the extraction of the integrated wavelet and Fourier-Mellin transform. This prevents compatibility of such systems with the existing databases and perhaps fingerprint scanners [see A. Teoh, D. Ngo, and A. Goh. Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenised Random Number. Pattern Recognition, 37(11):2245-2255, November 2004].
Thus, there is a need for improved anonymous biometrics [see NSF Workshop on Biometrics Research Agenda, April/May, 2003.], which afford the usability advantages of biometrics in combination with the security and privacy advantages of conventional key-based systems. This requires cancelable (also known as revocable) and private biometric representations.