Cancelable Biometrics

Bio-information is a strong method when it comes to authentication. For example, passwords (something you know) or hardware tokens (something you have) is easily guessed or stolen, but bio-information (something you are) is not. The probability of finding two persons with identical bio-information is very low. Therefore, it is widely held that bio-information can secure a system against forged authentication, and many organizations that require high security levels have adopted bioinformation in their systems. Biometrics has been used in financial services, such as Internet banking and automatic teller machines. Many companies that require a high level of access control have employed biometrics for basic authentication means.

Bio-information is very difficult to change. When it comes to security issues, bio-information must not be revealed. If a template (that is, the bio-information stored in the system) is revealed, then it must be removed from the system and replaced with a new template in order to prevent threats to other systems or databases. In addition, bio-information can be physically spoofed. Biometric data that can be removed from stored templates and placed into new templates are referred to as cancelable biometrics. However, this cancel-and-change procedure is difficult to achieve with some biometrics because people cannot offer the same bio-information to the system for every authentication attempt. This uncertainty makes the application of cryptographic one-way functions difficult due to an avalanche effect.

Multi-factor Face Authentication

Face authentication has a slightly different characteristic from other biometrics. Face authentication normally does not require special equipment, such as a fingerprint scanner, a microphone, or an infrared camera. The face provides a natural and initial means of distinguishing people, and thus people do not feel a sense of incongruity about face authentication. Despite those strong points, face authentication has several weak points. Face authentication suffers from relatively low accuracy compared to other systems. Moreover, people do not generally hide their faces, and thus an attacker can easily obtain the face images (s)he wants. Due to these weaknesses, face authentication is often utilized as a supplementary means of authentication.

TheVaulters posses the patented cancelable face authentication scheme based on general permutation transformation. The excellence of our idea has been proven by publishing through various international journals. We refer to this technique as GPT scheme.

How It Works

In the traditional face recognition schemes such as Eigenface and Fisherface, face images are transformed to weighted vectors such as y = Ux where x is a face image (vector), y is a weighted vector, and U is a projection matrix. When the system stores (U,y) as the user template, an attacker, who obtains the template database, can obtain the approximation of user’s original face image by computing U+y, where U+ denotes the pseudo-inverse of U.

GPT scheme utilizes user’s additional intervention such as password, USB-token, PIN, etc. to proect the user template. From user’s intervention, GPT scheme extracts permutation matrix P and its inverse P and store the template after multiplying U by P. The new templates look like (y,UP); of course, the format of real template is more complicate because of various security issues. When the user correctly inputs his/her face and intervention, the system can compute Px’ and obtain y’=UPPx’ = Ux’ without revealing U. The rest of authentication procedure is the same as the tranditional face authentication scheme: the system grants the access of the user when the distance between y and y’ is smaller than a certain threshold.

You can learn more from our journal papers shown as below.

Related Papers

  • Jeonil Kang, DaeHun Nyang, and KyungHee Lee, “Two Factor Face Authentication Scheme with Cancelable Feature,” IWBRS 2005, LNCS 3781, pp. 67-76, 2005.
  • DaeHun Nyang and KyungHee Lee, “Fuzzy Face Vault: How to Implement Fuzzy Vault with Weighted Features,” HCII 2007, LNCS 4554, pp. 491-496, 2007.
  • Jeonil Kang, DaeHun Nyang, and KyungHee Lee, “Two-Factor Face Authentication Using Matrix Permutation Transformation And A User Password,” Information Sciences, Vol. 269, pp. 1-20, Jun 2014.
  • Related Patent

  • A cancelable face recognition apparatus and method using permutation matrix having inverse matrix, KR 10-0941372, 2010.2.2.