Feature Vector Binarization: A Quantization-Based Approach to a Secure Biometric System Maurício Ramalho, Paulo Lobato Correia Instituto de Telecomunicações, Instituto Superior Técnico Av. Rovisco Pais, 1, 1049-001, Lisboa, Portugal (+351)2185418461 mar@lx.it.pt, plc@lx.it.pt Tiago Marques Santos, Luís Ducla Soares Instituto de Telecomunicações, Av. Rovisco Pais, 1, 1049-001, Lisboa, Portugal (+351)2185418461 tms@lx.it.pt, lds@lx.it.pt ABSTRACT In this paper, a secure biometric template protection scheme using an error correcting code (ECC) is proposed. The usage of an ECC implies that a binary representation of the biometric template is required, thus the extraction of binary strings from real-valued templates is a fundamental issue in many biometric template protection schemes. The proposed Feature Vector Binarization (FVB) relies on a quantizer that is applied to each component of the real-valued biometric template, to convert into a binary representation. The bits extracted from every component are concatenated to form a fixed-length binary string that can be processed by an error correcting code and hashed to guarantee its privacy. A palmprint verification system is implemented for testing purposes, using the UST hand image database, with promising results. Categories and Subject Descriptors I.5.m [Pattern Recognition]: Miscellaneous – biometric recognition system. General Terms Algorithms, Performance, Security, Verification. Keywords Secure biometric system, binary feature vector, cryptographic hash function, error correcting code, low-density parity-check (LDPC), palmprint. 1. INTRODUCTION In modern societies, people are faced with many security and privacy related issues such as private data protection, time and attendance control, access to restricted areas, online banking and identity authentication. Traditionally, these issues are handled by something the individual knows (e.g., password, PIN code) or something the individual has (e.g., identifying document, smart card, badge). These types of identity authentication methods present serious disadvantages, as they become less reliable in a world where security threats are escalating (e.g., identify theft, terrorism). The increasing need for improved security systems has led to a continuous research effort and to the commercial growth of biometric-related technologies. The idea behind biometric systems is to successfully identify individuals using pattern recognition algorithms on one or more biometric traits. However, two measurements of the same individual taken at different times are almost never identical. For example, the biometric template stored at the time that an individual is enrolled into the system differs from the one generated at the time of verification. To deal with this measurement noise, a similarity score is computed between the two templates and a threshold t is used to make a decision. The need to store a biometric template on a database is considered to be, from a security point of view, the common weakest link amongst biometrics-based authentication systems [1]. In fact, one of the most potentially damaging attacks on a biometric system is against the biometric templates stored in the system database [2]. The storage of templates in an unencrypted form creates a security hole: an attacker who gains access to the device also gains access to the biometric [3]. A successful attack on the template database compromises more than the biometric system; it compromises the identity of registered individuals. Since biometric templates have information about the most important features of a biometric sample, they present a serious concern for the privacy and security of this type of systems [4]. The main properties that an ideal biometric template protection scheme should possess, according to Jain et al. [2], are:  Diversity – the secure template must not allow cross- matching across databases, thereby ensuring the user’s privacy.  Revocability – it should be simple to revoke a compromised template and reissue a new one based on the same biometric data.  Security – it must be computationally hard to obtain the original biometric template from the secure template, preventing an attacker from creating a physical spoof of the biometric trait using a stolen template.  Performance – the biometric template protection scheme should not degrade the recognition performance (measured in terms of false accept and false reject rates, FAR and FRR, respectively) of the biometric system. The major challenge in designing a biometric template protection scheme that satisfies all the above requirements is the need to handle intra-user variability in the acquired biometric data, due to the existence of measurement noise. Several schemes that provide secure template storage and deal with the acquired data variability have been proposed in the literature, typically using ECC to handle the intra-user variations. Teoh et al. [5][6] proposed a salting scheme, also known as biohashing, where the biometric features are transformed using a function defined by a user-specific key or password. This concept refers to an intentional distortion of a biometric template based on a chosen transform, to support cancellable biometrics.