The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Xukai Zou - Indiana University-Purdue University Indianapolis

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Resilient, privacy-preserving, revocable and user-centric authentication – Biometric Capsule

Feb 24, 2016

Download: Video Icon MP4 Video Size: 201.8MB  
Watch on Youtube Watch on YouTube


User authentication and identity management are the first-gate defense and access protection for cyber systems. Authentication failures, including post-authentication attacks, have caused constant system breaches and resulted in serious economic and social consequences to governments, enterprises, and individuals.

Passwords or smartcards have issues related to true identity, loss/theft, interoperability, cross-system password vulnerability, and post-authentication attacks. It is frustrating to memorize passwords and painful when one cannot log into a system because of forgetting the password. Due to biometrics' memorization-free, identity-binding and loss-resistant properties, assisted with widely-deployed built-in biometric sensors in mobile devices, biometric authentication is becoming more feasible and very attractive. However, biometrics technology introduces its own challenges. One serious problem is that biometric templates are hard to replace once compromised. In addition, biometrics may disclose a user's sensitive information (e.g., race, gender, even health condition), thus creating user privacy concerns.

A demo at Black Hat USA 2015 has alerted the public: fingerprints stored on smartphones can be stolen--remotely and at a large scale. The lost biometrics cannot be revoked and the individual's biometric identity becomes permanently void. A most recent event ``iPhone Error 53" has shocked the real world, and both angered and worried end customers: the iPhones of thousands of iPhone 6 users were killed after their iPhones' touch ID home buttons were repaired (by any third party), which was caused by touch IDs' irrevocability due to the physical binding of fingerprint touch ID with the home button.

In this talk, we will present a new biometric authentication method --Biometric Capsule which can address the aforementioned issues. Unlike existing biometric authentication methods, Bio-Capsule (BC) is a template derived from the secure fusion of a user's biometrics and that of a Reference Subject (RS). The RS is simply a physical object, e.g., a doll, or an artificial one, e.g., an image. Theoretical analysis and experiments have shown that the BC mechanism is solid and efficient. BC is replaceable, non-invertible (thus, preserving privacy), and resilient.

About the Speaker

Xukai Zou
Dr. Xukai Zou is a faculty member of CERIAS and an associate professor at the Department of Computer and Information Sciences, Indiana University-Purdue University Indianapolis. His current research focus is Applied Cryptography, Network Security, Authentication, secure electronic voting and health and genomic data security and privacy. His research has been supported by NSF, the Department of Veterans Affairs and Industry such as Cisco and Northrop Grumman.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!