Karl Kümmel
ABSTRACT
Biometric Hash algorithms, also called BioHash, are commonly designed to ensure template protection to its biometric raw data. They provide a certain level of robustness against input variability to assure reproducibility by compensating for intra-class variation of the biometric raw data. This concept can be a potential vulnerability. In this paper, we present two different approaches which exploit this vulnerability to reconstruct raw data out of a given BioHash for handwriting introduced in [1]. The first method uses manual user interaction combined with a genetic algorithm and the second approach uses a spline interpolation function based on specific features to generate raw data. Although they are hard to compare due to the different design, we do compare them with respect to their ability to reconstruct raw data within specific scenarios (constrained and unconstrained time and trails), time consumption during the reconstruction and usability. To show the differences, we evaluate using 250 raw data sets (10 individuals overall) consisting of 5 different handwriting semantics. We generate 50 BioHash vectors out of the raw data and use these as reference data to generate artificial raw data by using both attack methods. These experimental results show that the interactive approach is able to reconstruct raw data more accurate, compared to the automatic method, but with a much higher reconstruction time. If several hundred raw data samples are generated by the automatic approach the chance rises that one of the samples achieve equal or even better results than the interactive approach.
- Vielhauer, C. 2006. Biometric User Authentication for IT Security: From Fundamentals to Handwriting, Springer, NY. Google Scholar
Digital Library
- Jain, A.J., Nandakumar, K., Nagar, A. 2008, "Biometric Template Security," EURASIP Journal on Advances in Signal Processing, vol. 2008, Article ID 579416, 17 pages Google ScholarDigital Library
- A.B.J. Teoh, A. Goh and D.C.L. Ngo, 2006, "Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs" IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.28, no.12, pp. 1892--1901. Google ScholarDigital Library
- A. Juelsand and M. Sudan, 2002, "A Fuzzy Vault Scheme" in Proceedings of IEEE International Symposium on Information Theory, Lausanne, Switzerland, 2002, p. 408.Google Scholar
- A. Nagarand, S. Chaudhury, 2006, "Biometrics based Asymmetric Cryptosystem Design Using Modified Fuzzy Vault Scheme" in Proc. of IEEE International Conference Pattern Recognition, vol.4, HK., China, pp. 537--540. Google ScholarDigital Library
- Y.J. Lee, K. Bae, S.J. Lee, K.R. Park and J. Kim, 2007, "Biometric Key Binding: Fuzzy Vault based on Iris Images" in Proceedings of Second International Conference on Biometrics, Seoul, South Korea, pp.800--808. Google ScholarDigital Library
- Y.C. Feng and P.C. Yuen, 2006, "Protecting Face Biometric Data on Smartcard with Reed-Solomon Code" in Proc. of CVPR Workshop on Biometrics, New York, USA, p.29. Google ScholarDigital Library
- R. Cappelli, A. Erol, D. Maio and D. Maltoni, 2000, "Synthetic Fingerprint-image Generation", in proceedings 15th International Conference on Pattern Recognition (ICPR2000), Barcelona, vol.3, pp.475--478. Google ScholarDigital Library
- Holland, J.H., 1975 "Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology.", Control and Artificial Intelligence: MIT Press, 1995, First Published by University of Michigan Press 1975. Google ScholarDigital Library
- Galbally, J., Fierrez, J., Martinez-Diaz M. and Ortega-Garcia, J., 2009, "Synthetic Generation of Handwritten Signatures Based on Spectral Analysis", in Defense and Security Symposium, Biometric Technologies for Human Identification, BTHI, Proc. SPIE, Orlando, USA.Google Scholar
Index Terms
- Reverse-engineer methods on a biometric hash algorithm for dynamic handwriting
Recommendations
Handwriting biometric hash attack: a genetic algorithm with user interaction for raw data reconstruction
CMS'10: Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia SecurityBiometric Hash algorithms, also called BioHash, are mainly designed to ensure template protection to its biometric raw data. To assure reproducibility, BioHash algorithms provide a certain level of robustness against input variability to ensure high ...
Advanced Studies on Reproducibility of Biometric Hashes
Biometrics and Identity ManagementThe determination of hashes based on biometric data is a recent topic in biometrics as it allows to handle biometric templates in a privacy manner. Two main applications are the generation of secure biometric templates and cryptographic keys. Depending ...
Comparative study on fusion strategies for biometric handwriting
MM&Sec '11: Proceedings of the thirteenth ACM multimedia workshop on Multimedia and securityNowadays, multi-biometric fusion is a recent topic in biometric signal processing. The main goal is to optimize the authentication performance by combining different biometric components, e.g. modalities or algorithms. In this paper we only focus on ...
Comments