The Two Types of Template Protection Schemes

The two major types of template protection schemes are Feature transformation approach and Biometric Cryptosystems approach. In feature transformation, a transformation function is applied to an original template and only the transformed template is stored in the database. The transformation function parameters are usually derived from a password or a random key. When the query template arrives the same transformation function is applied to the template and it is transformed. Now the transformed template is checked for a match in the database. Depending on the characteristics of the transformation function they are further divided into two types namely, salting and non-invertible transforms.

In salting the transformation function is invertible, that is , if the adversary is able to get hold of the key and the transformed template then they can get the original template. Therefore the security of the salting process depends on the protection of the key or the password used in the transformation, whereas in the case of Non-Invertible transforms the transformation function is a one-way process and it is computationally very hard to get back the original template from the transformed template even if the key is sacrificed.

Initially, Biometric cryptosystems were created in order to secure a cryptographic key using the biometric traits or creating cryptographic keys from the biometric templates. Further the same techniques were used to protect even the biometric templates. In biometric cryptosystems usually some public information regarding the template is being stored which is called the helper-data. Therefore Biometric cryptosystems are also called helper-data based methods. The helper data cannot be used to revoke back the original template or does not reveal any significant information about the original template but it is used during matching process to extract the cryptographic key from the query template. Here, matching is an indirect process which is done by verifying the correctness of the extracted cryptographic key.

Biometric cryptosystems are further classified into Key-Binding and Key-Generation approaches which depends on how the helper-data is obtained. When the helper data is obtained by binding a key ( that is independent of the biometric template ) to the original biometric template, then it is called Key Binding biometric cryptosystem. It should be noted that given only the helper data it is very difficult to obtain the original template. In a Key-Binding system, matching is done by recovering the key from the helper data along with the help of the biometric template. On the other hand, if the helper data is obtained only from the biometric template and even the cryptographic key is derived from the helper data and also the query biometric template then it is called Key-Generation Biometric Cryptosystem.

Both Biometric cryptosystems and template transformation systems have their own advantages and disadvantages. Templates that are being transformed can be easily revoked by changing the password or key. It is possible to design sophisticated matching algorithms and matchers that can handle intra-user variations in the transformer biometric template robustly, because of the fewer restrictions that are applied ion to the matching algorithms that can be used in the transformed domain. This also reduces the error rates of the biometric system. However it is difficult to measure the security of the template transformation techniques.

Biometric cryptosystems mostly depend on the error correcting codes. This helps in evaluating and analysing the security of the biometric cryptosystems in theoretic terms and it also restricts the use of sophisticated matching algorithms. One way to improve the matching performance is to extract invariant features and discriminative features from the biometric template in specific formats like fixed-length binary strings otherwise the matching performance is dependent only on the capability of the error correcting code. On the contrary,some biometric cryptosystems are exposed to correlation attacks,here auxiliary data is extracted from the same biometric trait and is matched with the original biometric template, this will affect the revocation capability.Some template protection schemes makes use of more than one basic approach. These systems are called Hybrid systems.

In this type of cryptosystem the biometric template is secured by binding it with a cryptographic key monolithically with a framework that is cryptographic. The biometric cryptosystems maintain helper data which does not reveal much information about the key or the biometric template and it makes computationally hard for decoding the key or the template without any knowledge about the user’s biometric trait or data. The helper data is a single entity that combines both the key and the biometric template

Usually the helper data is an association of the error correcting code which is selected using the key and the biometric template. Whenever a biometric query template within certain error tolerance comes,the codeword associated with a similar amount of error can be decoded in order to obtain the exact code and thereby recover the embedded cryptographic key. Now, recovery of the correct key implies a successful match during matching process.

This approach shows tolerance to intra-user variations in biometric data and this tolerance can be determined using the error correcting capability of the codeword associated.

Matching can only be done using error correcting schemes and this avoids sophisticated matchers which leads to the reduction in matching accuracy. The Biometric cryptosystems are not designed for diversity and revocability but further research is being done to introduce these two features into biometric cryptosystems especially by using them with other approaches like salting. The designing of the helper is tedious and should be done with utmost care as it is based on the specific biometric features used.