Cancelable Biometric Systems from Research to Reality
Biometric systems have become the most convenient and useful means of providing secure access and authentication. The evolution in the artificial intelligence and Internet of Things (IoT) has inflicted the biometric authentication technology to become an integral part of common mans’ life where he is able to imply controlled access over anything and everything ranging from mobile phone to bank locker all with the help of single touch. As this technology is soon gaining the status of ‘implied security’ with various commercial products and solutions entering the market, biometrics are soon becoming a kind of definitive identity credentials. It therefore becomes imperative to analyse the security loopholes and privacy concerns that come along with its widespread usage. Like any other system, biometric systems are also prone to attacks at various levels where an intruder is able to gain illegitimate access . The implications arising from the loss of a biometric identity are more serious and far fetching as compared to the loss of a PIN/password . Biometric identity once comprised cannot be used to safeguard another application. Storage of biometric information over centralised platform (server/cloud) makes them most vulnerable to hacking and other malicious activities. Covert tracing and tracking of individuals by cross-matching their biometric database is another privacy invading issue. The effect of biometric loss at some common and less secure application may affect its usability at some other security critical application.
Biometric template protection suggests use of some auxiliary/helper data to transform the reference biometric into a new format to curb unintended use of biometric templates. At the same time, these transformed templates must not compromise the ability to identify/verify individuals, maintain discriminability as well as inter-user variability, and address various attack scenarios. Among biometric template protection techniques proposed in this regard, the most popular ones being, Biometric Cryptosystems (1996-1998) [3,4], Fuzzy Commitment and Fuzzy Vaults (1998-2004) [5,6], and Cancelable Biometrics (2001) . While all the other techniques successfully imparted template protection, cancelable biometrics also imparted biometric templates with revocability, i.e., the ability to be cancelled and revoked like passwords. Apart from template protection, the concept of cancelable biometrics provides a useful mechanism of enhancing biometric data privacy. In biometrics, privacy refers to an individual’s personal control over the collection, use, and disclosure of recorded information about them, as well as an organisation’s responsibility for data protection and safeguarding of personally identifiable information in its custody or control. By enforcing use of only pseudo-biometric identity (PI) during authentication, cancelable biometrics prevents any unintended use, cross-matching, or learning any important personal information linked with a biometric template of a user such as gender, ethnicity, race, or medical information. Moreover, it links the template generation process with a user-specific token which adds as an extra security factor and provides more user control over the collection and use of his personal information. In spite of these very inspiring features which allow one to conveniently regenerate a new biometric template and enhance privacy and security, the technology has still not come into potential usage among masses. There has been tremendous research in this regard ever since 2001 to shape the design paradigms and address template protection requirements of the cancelable biometric system, yet its public interaction is still awaited.
This work aims to provide a situation awareness and preparedness for biometrics and deep learning application which are gaining significant public outreach in almost all applications requiring authentication . This extension to smart technologies and applications expects to impact numerous other applications in near future. Section 7.2 presents an overview of the concept of biometric privacy offered by the cancelable biometric system. Various schemes proposed in the cancelable biometric domain are mentioned here. Recent advances of deep neural networks (DNN) in biometrics and biometric template protection are discussed in Section 7.3 with research alignments of DNN and cancelable biometrics followed by reporting of experimental outcomes of the discussed techniques in Section 7.4. Section 7.5 systematically outlines the implementation challenges for cancelable systems that prevent its practical usage in real life. Some design issues can be addressed if these two technologies can be merged for a greater experience, as concluded in Section 7.6.