The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

A Novel Approach to Robust, Secured, and Cancellable Biometrics

Principal Investigator: Xukai Zou

Biometrics is to automatically identify or verify a person using physical, biological, and behavior characteristics, which include face, iris, fingerprints, hand geometry, voice, and etc. Compared to the traditional identification and verification methods (such as, some paper, plastic ID card, or password), biometrics is more convenient for users, reduces fraud, and can be more secure.  Biometrics is becoming an important ally of security, intelligence, and law enforcement.

However, there are concerns about biometrics for daily life applications, such as security issues, privacy issues, standards, and etc. Among them, the biggest concern is the security of the biometric data. Unlike traditional identity methods, it is very hard, sometimes impossible, to re-issue a person’s biometric data. If biometric data is obtained, for example compromised due to identity theft, the user will lose control over them forever and lose his/her identity.

Some researchers proposed to encrypt biometric data. They are using quite standard methods such as Advanced Encryption Standard (AES) and Public key cryptosystem RSA and cryptographic hash functions. The main issue related to them is key and key management, which has been studied independently from biometrics.  As a result, there is a lack of research on the dependent relation between biometrics and encryption/integrity/key management and on comprehensive mechanisms involving authentication, encryption, data integrity, and key management. 

Recently, some biometric researchers have proposed cancellable biometrics, which allows the system to re-issue the biometric for a user. The key idea of the cancellable biometrics is to distort the biometric image/signal/features before matching. The distortion parameters can be easily changed, which provides the cancelable nature of the scheme.

However, few if any have combined encryption and cancellable biometrics together to ensure the security of biometric data in storage, transmission, and identification. The simple and naïve approach is to put them together by designing a cancellable biometric method and applying encryption. This approach does not take consideration of the characteristics of biometrics and would not be applicable to real-life scenarios.

In this project, we propose a robust, secured, and cancellable biometrics method, which incorporates the encryption/key/key management into the cancellable biometric method design to provide the optimum solution. The PIs are experts in the field of biometrics, security, and network administration, which are essential for the success of this project.

Personnel

Other PIs: Yingzi Du Scott Orr

Students: Yan Sui Tuo Lu Zhi Zhou Kai Yang

Keywords: biometrics, encryption, key management, Privacy, security