Biometrics - Cancelable Biometrics


This is a method of enhancing the security and privacy of biometric authentication. Instead of enrolling with your true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used. If, for some reason, your old fingerprint is "stolen", an essentially "new" fingerprint can be issued by simply changing the parameters of the distortion process. This also results in enhanced privacy for the user since his true fingerprint is never used anywhere, and different distortions can be used for different types of accounts. The same technique can also be used with other biometrics (as shown below) to achieve similar benefits.

Selected publications:

Enhancing security and privacy in biometrics-based authentication systems
N. Ratha, J. Connell, R. Bolle
IBM Systems Journal, vol. 40, no. 3, 2001, pp. 614-634.

In recent years, there has been a significant surge in the use of biometrics for user authentication applications because biometrics-based authentication offers several advantages over knowledge and possession-based methods such as password/PIN-based systems. However, it is important that such biometrics-based authentication systems are designed to withstand different sources of attacks on the system when employed in security-critical applications, and more so in unattended remote applications such as e-commerce applications. In this paper we outline the inherent strengths of a biometrics-based authentication scheme and then discuss the security holes in these systems. Finally, we present new solutions for overcoming some of the remaining weak links in such systems.