Is your biometric data safe

Kot教授的这个讲座在网页上写的标题是:IEEE Distinguished Lecture Talk。多么气质不凡的Distinguished啊!!!作为一个小工程硕,实在有受宠若惊之感。

讲座的大概讲的Kot教授提出了如何构建一个新颖的(novel)系统来保证Biometric信息在服务端的安全。即使这部分信息泄露出去,攻击者也不能够利用它。首先什么是BIOMETRIC呢?你的指纹,你的面部,你的头发都属于Biometric。其实Biometric对于大家都不会陌生,指纹考勤系统实在是相当之普遍啊。而且科幻或者犯罪电影里还有虹膜校验。

Kot教授提出Biometric的验证系统的不安全的方面,如果被泄露出去,Biometric信息不像普通密码一样容易被更换,一但被伪造这样就会比传统的验证方法更加麻烦。Prof. Kot简单地walk through了几个保护Biometric的解决方案,并说明Biometric信息是可以被利用被伪造的。

PPT中多次提到Minutiae的概念,一直没听明白啊!貌似是从原始的Biometric信息中提取出部分信息而作为用来验证的数据。Professor Kot论证常见的基于指纹的验证系统的弊端。论证中非常多的“valley”,"ridge",比较变换前后的差异。不明白啊,不明白!大概的结论是目前的技术可以做到从Minutiaereconstruct到原始的original fingerprint。后来想这时候论证的是为了支撑其后Prof. Kot提出的新的novel solution.

Kot提出的解决方案是在采集指纹信息时需要采集用户的两个不同的手指,然后综合这两个手指的信息计算出一个Minutiae。这个Minutiae与从采集单个手指得到的Minutiae几乎没有差别。因为这个Minutiae记载的是两个不同手指的信息,而且每个手指仅仅只记部分信息。这样的话,即使攻击者盗取了这个Minutiae,它就无法原始到原始的fingerprint。按我自己的理解,攻击者应该也不清楚它还原得到的指纹其实并不存在,因为Minutiae是两个指纹的信息合成的而且与由单个指纹得到的几乎一样,攻击者无法分辨。攻击者应该会沾沾自喜reconstruct到了被误导的original finger print

Kot还指出在他提出的这个解决方案中可以嵌入信息记到Minutiae里面。在后面的提问阶段。有同学问到这个解决方案可以存入多少信息。Kot补充目前可以存一千多个Bit位信息,足够存下重要的身份认证数据了。按我自已的理解,能存多少信息应该是可以根据需要调大和缩小的呀。比如把图形转成矢量图形后,就可以不失真的放大,于是就会有更多存储空间了。不确定是不是这样。

提问阶段Kot指出这个设计没有使用token或者key因此会运行的非常迅速。而如果采用复杂的加解密算法,则会有非常大的计算开销。运行速度对于一些嵌入式的电子系统是至关重要的。

有同学提问提到做Face Recognition,问Kot教授有什么看法。Kot认为Face Recognition is very difficult, very very difficult, few advancement has been achieved nowadays. It's a very tough problem.

At last, as a conclusion for this report, I must show my great respect to Alex Kot. He is a great scientist.

/////////////////

IEEE Distinguished Lecture Talk

TitleIs your biometric data safe?

SpeakerProf. Alex C Kot, 新加坡南洋理工大学教授、IEEE Fellow

  间:  12月16(本周五)下午300

  点:  信息科技学院大楼二楼207讲学厅

主持人:  黄继武 教授

主办单位:信息科学与技术学院、IEEE Signal Processing Society Guangzhou Chapter, IEEE Circuits and Systems Society Guangzhou Chapter

 

Abstract

Nowadays, biometrics is widely used in authentication systems. In general, biometrics needs to be stored in a database for subsequent authentication. However, templates stored in the database are at the risk of being stolen or modified. Once the template is stolen, it is difficult to be replaced like passwords and the private user information associated with the stolen template would also be exposed. Thus, biometrics templates should be stored in the database such that both the security of the template and the privacy of the user are not compromised under various attacks.

 

 We first propose a fingerprint authentication system for the privacy protection of the fingerprint template stored in a database. The considered fingerprint data is a binary thinned fingerprint image, which will be embedded with some private user information without causing obvious abnormality in the enrollment phase. In the authentication phase, these hidden user data can be extracted from the stored template for verifying the authenticity of the person who provides the query fingerprint. A novel data hiding scheme is proposed for the thinned fingerprint template. Compared with using existing binary image data hiding techniques, the proposed method causes the least abnormality for a thinned fingerprint without compromising the performance of the fingerprint identification.

 

The minutiae is another type of data stored in a fingerprint template. We investigate to what extreme a reconstructed fingerprint can be similar to the original fingerprint. A new scheme is proposed to reconstruct a full fingerprint image from the minutiae points.  Experimental results show that the successful match rate between our reconstructed fingerprint and the original fingerprint is over 99% at FAR=10-4. When matched against the different impressions of the original fingerprint, our reconstructed fingerprint has over 86% successful match rate at FAR=10-4. We consider the privacy issues of the fingerprint reconstruction. The analysis shows that our proposed technique is useful for protecting the fingerprint ridge frequency.

 

 As a reconstructed fingerprint can be so similar to the original fingerprint, it is also very important to protect the privacy of the minutiae template stored in a database. We propose a novel system for protecting the privacy of the fingerprint minutiae without using a token or key. In the enrollment, two fingerprints are captured from two different fingers of the same person. A combined minutiae template containing only a partial minutiae feature of each of the two fingerprints will be generated and stored in a database. In the authentication, the user needs to provide two query fingerprints from the same two fingers which are used in the enrollment. By storing the combined minutiae template, the complete minutiae feature of a single fingerprint will not be compromised when the database is stolen. Furthermore, because of the similarity in topology, it is also difficult for the attacker to distinguish our template from the minutiae of an original fingerprint. The experimental results show that our system can achieve a very low error rate.

Biography

Dr Kot has been with the Nanyang Technological University, Singapore since 1991. He headed the Division of Information Engineering at the School of Electrical and Electronic Engineering for eight years until 2005. The Divisions research focuses are on signal processing for image, video, speech and audio. He started serving as Vice-Dean (Research) for the School of EEE in 2005 and became Associate Dean for the College of Engineering in 2008. He is currently a Professor at the School of EEE and Associate Dean for the College of Engineering. He has published extensively with over 200 technical papers and 3 patents in the areas of signal processing for communication, biometrics recognition, data-hiding, authentication and media forensics. 

 

Dr. Kot served as Associate Editor for the IEEE Trans. on Signal Processing, IEEE Trans. on Multimedia, IEEE Trans. on Circuits and Systems for Video Technology; and IEEE Trans. on Circuits and Systems Part II as well as Part I. He also served as Guest Editor for the Special Issues for the IEEE Trans/ on CSVT and JASP. He is currently Associate Editor for the IEEE Trans. on Information, Forensics and Security, IEEE Trans. on Image Processing and IEEE Signal Processing Letter. He is also Editor for the EURASIP Journal of Advanced Signal Processing, the IEEE Signal Processing Magazine and the IEEE Journal of the Special Topics in Signal Processing. He is an Editorial Board member of the Journal of Fundamental and Theory in Signal Processing. He serves in the IEEE CAS Visual Signal Processing and Communication, the IEEE SPS Image and Video Multi-dimensional Signal Processing and IEEE SPS Information Forensic and Security technical committees. He has served the IEEE Society in various capacities such as the General Co-Chair for the 2004 IEEE International Conference on Image Processing (ICIP) and Chair of the worldwide SPS Chapter Chairs and the Distinguished Lecturer program. He serves as IEEE Fellow Evaluation Committee. He received the Best Teacher of the Year Award and is a co-author for several Best Paper Awards including ICPR, WIFS and IWDW. He was the IEEE Distinguished Lecturer in 2005 and 2006 and is a Fellow of IEEE and IES.

 

Leave a Reply

Your email address will not be published. Required fields are marked *