Encyclopedia of Cryptography and Security

2011 Edition
| Editors: Henk C. A. van Tilborg, Sushil Jajodia

Biometric Encryption

  • Ann Cavoukian
  • Alex Stoianov
Reference work entry
DOI: https://doi.org/10.1007/978-1-4419-5906-5_880
How to cite

Synonyms

 Biometric cryptosystem;  Biometric keys;  Biometric key generation

Related Concepts

 Biometric Privacy

Definition

Biometric encryption (BE) is a group of emerging technologies that securely bind a digital key to a biometric or generate a digital key from the biometric, so that no biometric image or template is stored. It must be computationally difficult to retrieve either the key or the biometric from the stored BE template, which is also called “helper data.” The key will be recreated only if the genuine biometric sample is presented on verification. The output of the BE authentication is either a key (correct or incorrect) or a failure message.

Unlike conventional cryptography, this “encryption/ decryption” process is fuzzy because of the natural variability of the biometrics. BE conceptually differs from other systems that encrypt biometric images or templates using conventional encryption, or store a cryptographic key and release it upon successful biometric...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Ratha NK, Connell JH, Bolle RM (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614–634CrossRefGoogle Scholar
  2. 2.
    Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP J Adv Signal Process, 2008:1–7CrossRefGoogle Scholar
  3. 3.
    Cavoukian A, Stoianov A (2009) Biometric encryption: the new breed of untraceable biometrics. Chapter 26 In Boulgouris NV, Plataniotis KN, Micheli-Tzanakou E. (eds) Biometrics: fundamentals, theory, and systems. Wiley - IEEE Press, pp 655–718, LondonGoogle Scholar
  4. 4.
    Cavoukian A (2009) Privacy by design. Information and privacy Commissioner of Ontario, Canada, Jan 28, 2009. http://www.ipc.on.ca/images/Resources/privacybydesign.pdf
  5. 5.
    Ratha NK, Chikkerur S, Connell JH, Bolle RM (2007) Generating cancelable fingerprint templates. IEEE Trans Pattern Anal Mach Intell 29(4):561–572CrossRefGoogle Scholar
  6. 6.
    Tomko GJ, Soutar C, Schmidt GJ (1996) Fingerprint controlled public key cryptographic system. U.S. Patent 5541994, July 30, 1996 (Filing date: Sept. 7, 1994)Google Scholar
  7. 7.
    Tuyls P, Škorić B, Kevenaar T (eds) (2007) Security with Noisy Data: private biometrics, secure key storage and anti-counterfeiting. Springer, LondonMATHGoogle Scholar
  8. 8.
    Sheng W, Howells G, Fairhurst M, Deravi F (2008) Template-free biometric-key generation by means of fuzzy genetic clustering. IEEE Trans Inf Forensics Security 3(2):183–191CrossRefGoogle Scholar
  9. 9.
    Soutar C, Roberge D, Stoianov A, Gilroy R, Vijaya Kumar BVK (1999) Biometric EncryptionTM. In Nichols RK (ed) ICSA guide to cryptography, Ch. 22. McGraw-Hill, New YorkGoogle Scholar
  10. 10.
    Davida GI, Frankel Y, Matt BJ (1998) On enabling secure applications through off-line biometric identification. In IEEE Symposium on Security and Privacy, 1998, pp 148–157, Oakland, CAGoogle Scholar
  11. 11.
    Monrose F, Reiter MK, Wetzel R (1999) Password hardening based on keystroke dynamics. In Sixth ACM Conference on Computer and Communications Security (CCCS 1999), pp 73–82, ACM Press, New YorkCrossRefGoogle Scholar
  12. 12.
    Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In Sixth ACM Conference on Computer and Communications Security, pp 28–36, ACM Press, New YorkGoogle Scholar
  13. 13.
    Juels A, Sudan M (2002) A fuzzy vault scheme. In 2002 IEEE International Symposium on Information Theory, p 408, Piscataway, New JerseyGoogle Scholar
  14. 14.
    Dodis Y, Reyzin L, Smith A (2004) Fuzzy Extractors: how to generate strong keys from biometrics and other noisy data. In Eurocrypt 2004 Lecture Notes of Computer Science, vol 3027, pp 523–540, Springer, HeidelbergGoogle Scholar
  15. 15.
    Linnartz J-P, Tuyls P (2003) New shielding functions to enhance privacy and prevent misuse of biometric templates. In 4th International Conference on Audio and Video Based Biometric Person Authentication, pp 393–402, Guildford, UKGoogle Scholar
  16. 16.
    Buhan IR, Doumen JM, Hartel PH, Veldhuis RNJ (2007) Constructing practical Fuzzy Extractors using QIM. Technical Report TR-CTIT-07–52 Centre for Telematics and Information Technology, University of Twente, EnschedeGoogle Scholar
  17. 17.
    Teoh ABJ, Ngo DCL, Goh A (2004) Personalised cryptographic key generation based on FaceHashing. Comput Security 23:606–614CrossRefGoogle Scholar
  18. 18.
    Draper SC, Khisti A, Martinian E, Vetro A, Yedidia JS (2007) Using distributed source coding to secure fingerprint biometrics. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Vol 2, pp 129–132, Honolulu, Hawaii, April 2007Google Scholar
  19. 19.
    Socek D, Ćulibrk D, Božović V (2007) Practical secure biometrics using set intersection as a similarity measure. In International Conference on Security and Cryptography (SECRYPT’07), pp 25–32, Barcelona, SpainGoogle Scholar
  20. 20.
    Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Trans. Comp. 55:1081–1088CrossRefGoogle Scholar
  21. 21.
    Bringer J, Chabanne H, Cohen G, Kindarji B, Zémor G (2008) Theoretical and practical boundaries of binary secure sketches. IEEE Trans Inf Forensics Security 3(4):673–683CrossRefGoogle Scholar
  22. 22.
    van der Veen M, Kevenaar T, Schrijen G-J, Akkermans TH, Zuo F (2006) Face biometrics with renewable templates. In: Proceedings of the SPIE, Vol 6072Google Scholar
  23. 23.
    Tuyls P, Akkermans AHM, Kevenaar TAM, Schrijen GJ, Bazen AM, Veldhuis RNJ (2005) Practical biometric authentication with template protection. Lecture Notes on Computer Science, Vol 3546, pp 436–446, Springer, HeidelbergGoogle Scholar
  24. 24.
    Nandakumar K, Jain AK, Pankanti SC, Fingerprint-based Fuzzy Vault: implementation and performance. IEEE Trans Inf Forensics Security 2(4):744–757Google Scholar
  25. 25.
    Nandakumar K, Jain AK (2008) Multibiometric template security using Fuzzy Vault. In: IEEE Second International Conference on Biometrics: Theory, Applications and Systems (BTAS’08), pp. 1–6, Washington DC, September 2008Google Scholar
  26. 26.
    Li Q, Sutcu Y, Memon N (2006) Secure sketch for biometric templates. In: Advances in cryptology – ASIACRYPT 2006. Lecture Notes on Computer Science, Vol 4284, pp 99–113, Springer, BerlinGoogle Scholar
  27. 27.
    Kelkboom EJC, Breebaart J, Buhan I, Veldhuis RNJ (2010) Analytical template protection performance and maximum key size given a Gaussian modeled biometric source. In: Proceedings of SPIE, Vol. 7667, pp 76670D-1–76670D-12Google Scholar
  28. 28.
    Adler A (2005) Vulnerabilities in biometric encryption systems. Lecture Notes on Computer Science, Springer, Vol 3546, pp 1100–1109, New YorkGoogle Scholar
  29. 29.
    Boyen X (2004) Reusable cryptographic fuzzy extractors. In: 11th ACM Conference CCS 2004, pp 82–91, Washington, DC, Oct 2004Google Scholar
  30. 30.
    Chang EC, Shen R, Teo FW (2006) Finding the original point set hidden among chaff. In: ACM Symposium ASIACCS’06, pp 182–188, Taipei, TaiwanGoogle Scholar
  31. 31.
    Scheirer WJ, Boult TE (2007) Cracking Fuzzy Vaults and Biometric Encryption. In: Biometric Consortium Conference, Baltimore, Sep 2007Google Scholar
  32. 32.
    Stoianov A, Kevenaar T, van der Veen M (2009) Security Issues of Biometric Encryption. In: IEEE TIC-STH Symposium on Information Assurance, Biometric Security and Business Continuity, Toronto, Canada, September 2009, pp 34–39Google Scholar
  33. 33.
    Bringer J, Chabanne H (2008) An authentication protocol with encrypted biometric data. Lecture Notes on Computer Sciences, Springer, V. 5023, pp 109–124, BerlinGoogle Scholar
  34. 34.
    Stoianov A (2010) Cryptographically secure biometrics. In: Proceedings of SPIE, Vol. 7667, pp 76670C-1–76670C-12Google Scholar
  35. 35.
    Bringer J, Chabanne H, Kindarji B (2009) Error-tolerant searchable encryption. In: Communication and Information Systems Security Symposium, IEEE International Conference on Communications (ICC) 2009, June 14–18, Dresden, Germany, pp 1–6Google Scholar
  36. 36.
    Delvaux N, Bringer J, Grave J, Kratsev K, Lindeberg P, Midgren J, Breebaart J, Akkermans T, van der Veen M, Veldhuis R, Kindt E, Simoens K, Busch C, Bours P, Gafurov D, Yang B, Stern J, Rust C, Cucinelli B, Skepastianos D (2008) Pseudo identities based on fingerprint characteristics. In: IEEE 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2008), August 15–17, Harbin, China, 2008, pp 1063–1068Google Scholar
  37. 37.
    Martin K, Lu H, Bui FM, Plataniotis KN, Hatzinakos D (2009) A biometric encryption system for the self-exclusion scenario of face recognition. IEEE Systems Journal, 3(4):440–450CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  • Ann Cavoukian
    • 1
  • Alex Stoianov
    • 1
  1. 1.Information and Privacy Commissioner’s Office ofOntarioTorontoCanada