Department of Computer Science and Technology

Technical reports

Combining cryptography with biometrics effectively

Feng Hao, Ross Anderson, John Daugman

July 2005, 17 pages

DOI: 10.48456/tr-640

Abstract

We propose the first practical and secure way to integrate the iris biometric into cryptographic applications. A repeatable binary string, which we call a biometric key, is generated reliably from genuine iris codes. A well-known difficulty has been how to cope with the 10 to 20% of error bits within an iris code and derive an error-free key. To solve this problem, we carefully studied the error patterns within iris codes, and devised a two-layer error correction technique that combines Hadamard and Reed-Solomon codes. The key is generated from a subject’s iris image with the aid of auxiliary error-correction data, which do not reveal the key, and can be saved in a tamper-resistant token such as a smart card. The reproduction of the key depends on two factors: the iris biometric and the token. The attacker has to procure both of them to compromise the key. We evaluated our technique using iris samples from 70 different eyes, with 10 samples from each eye. We found that an error-free key can be reproduced reliably from genuine iris codes with a 99.5% success rate. We can generate up to 140 bits of biometric key, more than enough for 128-bit AES. The extraction of a repeatable binary string from biometrics opens new possible applications, where a strong binding is required between a person and cryptographic operations. For example, it is possible to identify individuals without maintaining a central database of biometric templates, to which privacy objections might be raised.

Full text

PDF (0.2 MB)

BibTeX record

@TechReport{UCAM-CL-TR-640,
  author =	 {Hao, Feng and Anderson, Ross and Daugman, John},
  title = 	 {{Combining cryptography with biometrics effectively}},
  year = 	 2005,
  month = 	 jul,
  url = 	 {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-640.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-640},
  number = 	 {UCAM-CL-TR-640}
}