Vascular Pattern Recognition: And its Application in Privacy-Preserving Biometric Online-Banking Systems
MetadataVis full innførsel
Authentication is a key building block in security systems and many applications to prevent access to information, services, assets or locations for non-authorized persons or processes. Common methods based on knowledge or possession are however not scalable and practical in human-to-machine communication. Passwords are difficult to remember if chosen appropriately and distinct for the increasing number of different applications, they can be forgotten, spied-out and passed on to other persons. Tokens, like keys or cards, can be forwarded, stolen, lost or destroyed in a similar way. Biometric systems, as the third factor, use body properties to allow for convenient authentication. The main difference lies in a strong link between electronic identifier and physical identity which leads to desirable properties like non-repudiation, difficulty of replication, theft and loss. On the other hand this may challenge privacy and may lead to identity theft, disclosure of sensitive information and profiling if digital biometric identifiers are exposed. Vascular biometric systems use information about the blood vessel structures inside the hand area (finger, palm or wrist) and overcome problems of latent prints (as with fingerprints, DNA) or unnoticed acquisition on distance (as with face) and liveness issues. Still, the before mentioned problems of biometric systems exist and privacy enhancing technologies (PETs) were introduced to overcome them. Some PETs enable revocation of biometric references, unlimited references from the same biometric source and unlinkability between the generated templates. In addition the sensitive data is sealed. In order to utilize PETs like the helper data scheme (HDS) some requirements, like a fixed-length structure of the feature representation, have to be met. The goal of this thesis is to meet those requirements and to make use of the HDS. In addition we strive for the application in real-life scenarios. One of the main applications that we identified for such a system is online banking. Those systems, as of today, are secured with authentication systems based on knowledge or possession and constantly a vulnerable target of criminal activity. Since the recent systems are mostly broken, new alternatives are needed. So we designed a protocol based on the HDS that merges information about online transactions with secure biometric references to enable secure online banking with the desirable properties of biometric systems: hence the name BTAP – biometric transaction authentication protocol. The work on representing patterns compatible to the HDS has been achieved for fingerprint- based systems using spectral minutiae. Therefore we designed algorithms to extract minutiae to represent the topology of the blood vessel network with its branch and end points. Transforming the location and orientation information of the feature points into spectral vein minutiae leads to a translation invariant, fixed-length representation that allows for alignment-free scale and rotation corrections. Those properties are especially important for hygienic, contact-free sensors without guidance for the hand or finger. A performance evaluation revealed that the transformed spectral vein minutiae lead to low recognition errors for sub-modalities including palm, palm dorsal (back of hand) and wrist vein patterns. In a multi-reference scenario the performance for quantized spectral minutiae based on palm vein patterns and a simple Hamming distance could even be improved to a perfect separation between genuine and imposter attempts. The quantized, binary feature vectors are utilized in the first stages of the HDS, they are very compact and could also be used for extremely fast comparison systems or for biometric indexing. In conclusion our work shows that vascular patterns can be transformed into highi performance representations meeting the requirements of the privacy-enhancing HDS that is the core for the proposed online banking protocol BTAP. After solving issues with the reproducibility of feature vectors, we will be able to combine vein patterns with BTAP to overcome drawbacks of biometric systems to perform secure, convenient, affordable and user accepted biometric online banking transaction authentication. Bringing the work into a larger perspective, we can state that BTAP is an innovative instance where a biometric system is shifted from a binary authentication decision-making scheme to an integral part of an abstract security protocol. The combination of data from the application with keys released from biometric templates opens new possibilities and represents a recent paradigm shift in biometric systems. General digital biometric signature schemes and biometric message authentication primitives with a strong relation to a natural person are the next step.
SerieDoktorgradsavhandlinger ved Høgskolen i Gjøvik;2/2012
Doctoral dissertations at Gjøvik University College;2/2012