Security evaluation of biometric keys

Biometric cryptosystems combine biometrics with cryptography by producing Biometric Cryptographic Keys (BCKs) to provide stronger security mechanisms while protecting against identity theft. The process of generating/binding biometric keys consists of a number of steps starting with a feature extraction procedure, the complexity of which depends on the specific biometric trait/scheme, followed often by user selected transformation to allow for revocability, and an error correction scheme to tolerate reasonable amount of intra-class variation. Each of these steps has its own effect on the security of the generated/bound key. Proper security evaluation must include thorough analysis of the security effect of each of these steps. We propose a comprehensive approach to BCK's security evaluation that takes into consideration each of the steps involved in their construction. We first review existing BCKs and highlight that the analysis of their security is either insufficient or not provided. In addition to evaluating the correctness (i.e. error rates), and the generated/bound key size, we evaluate the randomness of biometric features employed in the process of key generation. Our proposal combines the Kullback-Leibler divergence and the discrimination entropy to formulate a new measure of the Entropy of Biometric Features (EBF), defined as the average number of bits that distinguishes a user from a given population. Then we rigorously evaluate the impact of using error correcting scheme on the security of BCKs to calculate the Effective Entropy of Biometric Features (EEBF). Finally, inherent individual differences of the EBFs will be discussed. Here, we focus on face-based BCKs, but this does not restrict the use of the proposed evaluation. This paper argues that current face-based BCKs are not secure enough for high level security applications, and demonstrates that the average EEBF of BCKs using PCA-based facial features is less than 20-bit even when applying a user-based randomization on biometric features. (c) 2012 Elsevier Ltd. All rights reserved.