© The Institution of Engineering and Technology
The security of biometrics against attacks is a serious concern in biometric personal authentication systems. In particular, the security of biometric templates is a topic of rapidly growing importance in the area of user authentication. The authors first demonstrate the security of a protected speech biometric template and devised an algorithm to attack a speech biometric user authentication system where templates are protected by a cryptographic framework. The experimental result showed an improvement for attackers in gaining access to the system. Then, a way to combine a password with a speech biometric cryptosystem is proposed. The authors present two schemes to enhance verification performance in a biometric cryptosystem using a password. Both can resist a password brute-force search if the biometrics are not compromised. Even if the biometrics are compromised, the attackers have to make many more attempts in searching for cryptographic keys in the system described in this study, compared to a traditional password-based approach. Finally, it is shown that the error rate of the proposed scheme is the same as in a traditional password-based approach even when genuine biometrics or templates are compromised.
References
-
-
1)
-
S. Lin ,
D.J. Costello
.
(1983)
Error control coding fundamentals and applications.
-
2)
-
S. Furui
.
Ceptral analysis technique for automatic speaker verification.
IEEE Trans. Acoust. Speech Signal Process.
,
2 ,
254 -
272
-
3)
-
Ballard, L., Kamara, S., Reiter, M.K.: `The practical subtleties of biometric key generation', Proc. 17th Annual USENIX Security Symp., August 2008, San Jose, CA, p. 61–74.
-
4)
-
A.B.J. Teoh ,
L. Chong
.
Secure speech template protection in speaker verification system.
Speech Commun.
,
2 ,
150 -
163
-
5)
-
Ballard, L., Kamara, S., Monrose, F., Reiter, M.K.: `Towards practical biometric key generation with randomized biometric templates', Proc. 15th ACM Conf. on Computer and Communications Security, October 2008, Alexandria, VA, p. 235–244.
-
6)
-
L. Blum ,
M. Blum ,
M. Shub
.
(1982)
Comparison of two pseudo-random number generators, Proc. Crypto'82.
-
7)
-
Savvides, M., Vijaya Kumar, B.V.K.: `Cancelable biometric filters for face recognition', Proc. 17th Int. Conf. on Pattern Recognition, (ICPR'04), 2004, 3, p. 922–925.
-
8)
-
Inthavisas, K., Lopresti, D.: `Biometric template protection for dynamic time warping-based user authentication', Proc. Int. Conf. on Image Processing, Computer Vision, and Pattern Recognition, July 2011, Las Vegas, NV, p. 303–309.
-
9)
-
Inthavisas, K., Lopresti, D.: `Speech biometric mapping for key binding cryptosystem', Biometric Technology for Human Identification VIII (SPIE Defense, Security, and Sensing), April 2011, Orlando, FL, p. 80291P-1–80291P-12.
-
10)
-
Inthavisas, K., Lopresti, D.: `Speech cryptographic key regeneration based on password', Proc. Int. Joint Conf. on Biometrics (IJCB 2011), October 2011, Arlington, VA.
-
11)
-
Maiorana, E., Martinez-Diaz, M., Campisi, P., Ortega-Garcia, J., Neri, A.: `Template protection for HMM-based on-line signature authentication', Computer Vision and Pattern Recognition Workshops, 2008, Anchorage, AK, p. 1–6.
-
12)
-
Burr, W.E., Dodson, D.F., Polk, W.T.: `Information security: electronic authentication guideline', NIST Special Report 800-63, April 2006.
-
13)
-
Woo, R.H., Park, A., Hazen, T.J.: `The MIT mobile device speaker verification corpus: data collection and preliminary experiments', Proc. Odssey, The Speaker and Language Recognition Workshop, June 2006, San Juan, Puerto Rico.
-
14)
-
H. Sakoe ,
S. Chiba
.
Dynamic programming algorithm optimization for spoken word recognition.
IEEE Trans. Acoust. Speech Signal Process.
,
1 ,
43 -
49
-
15)
-
D.S. Carstens ,
P.R. McCauley-Bell ,
L.C. Malone ,
R.F. DeMara
.
Evaluation of the human impact of password authentication practices on information security.
Inf. Sci. J.
,
67 -
85
-
16)
-
Monrose, F., Reiter, M.K., Li, Q., Lopresti, D., Shih, C.: `Towards speech-generated cryptographic keys on resource constrained devices (extended abstract)', Proc. 11th USENIX Security Symp., August 2002.
-
17)
-
Black, J., Rogaway, P.: `Ciphers with arbitrary finite domains', Proc. Cryptographer's Track at the RSA Conf. Topics in Cryptology, 2002, p. 114–130.
-
18)
-
Inthavisas, K.: `Secure speech biometric templates', January 2012, PhD, Lehigh University, Bethlehem, Pennsylvania.
-
19)
-
Inthavisas, K., Lopresti, D.: `Attacks on speech biometric authentication', Proc. Int. Conf. on Image Processing, Computer Vision, and Pattern Recognition, July 2011, Las Vegas, NV, p. 310–316.
-
20)
-
Stoianov, A.: `Security of error correcting code for biometric encryption', Eighth Annual Int. Conf. on Privacy Security and Trust, August 2010, Ottawa, Canada, p. 231–235.
-
21)
-
Kominek, J., Black, A.: `The CMU arctic speech databases', Fifth ISCA Speech Synthesis Workshop, 2004, Pittsburgh, PA, p. 223–224.
-
22)
-
Nandakumar, K., Nagar, A., Jain, A.K.: `Hardening fingerprint-based fuzzy vault using password', Proc. Second Int. Conf. on Biometrics (ICB), August 2007, Seoul, South Korea, p. 927–937.
-
23)
-
F. Hao ,
R. Anderson ,
J. Daugman
.
Combining cryptography with biometrics effectively.
IEEE Trans. Comput.
,
9 ,
1081 -
1088
-
24)
-
Maiorana, E., Campisi, P., Neri, A.: `Template protection for dynamic time warping-based biometric signature authentication', Proc. 16th Int. Conf. on Digital Signal Processing, June 2009, Santorini, Greece, p. 526–531.
-
25)
-
Kanade, S., Camara, D., Krichen, E., Petrovska-Delacretaz, D., Dorrizzi, B.: `Three factor scheme for biometric-based cryptographic key regeneration using iris', Biometrics Symp., September 2008, Tampa, FL, p. 59–64.
-
26)
-
O.T. Song ,
A.B.J. Teoh ,
D.C.L. Ngo
.
Application-specific key release scheme from biometrics.
Int. J. Netw. Sec.
,
2 ,
127 -
133
-
27)
-
Bellovin, S.M., Merritt, M.: `Encrypted key exchange: password-based protocols secure against dictionary attacks', Proc. 1992 IEEE Symp. on Security and Privacy, 1992, Washington, DC, USA, p. 72–84.
-
28)
-
F. Hao ,
C.W. Chan
.
Private key generation from on-line handwritten signatures.
Inf. Manage. Comput. Sec.
,
2 ,
159 -
164
-
29)
-
J.R. Deller ,
J.G. Proakis ,
J.H.L. Hansen
.
(1993)
Discrete-time processing of speech signals.
-
30)
-
Juels, A., Sudan, M.: `A fuzzy commitment scheme', Proc. Sixth ACM Conf. on Computer and Communication Security, November 1999, p. 28–36.
-
31)
-
S. Furui
.
(2001)
Digital speech processing, synthesis and recognition.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-bmt.2011.0008
Related content
content/journals/10.1049/iet-bmt.2011.0008
pub_keyword,iet_inspecKeyword,pub_concept
6
6