Three Factor Scheme for

Biometric-Based
Cryptographic Key
Regeneration Using Iris
Sanjay KANADE, Danielle CAMARA, Emine KRICHEN,
Dijana PETROVSKA-DELACRÉTAZ, and Bernadette DORIZZI
TELECOM & Management SudParis
Evry, France
Last Updated 17th September, 2008

This work was funded by the

French Agence Nationale de la Recherche
project BIOTYFUL
 Outline
• Why Combine Biometrics with Cryptography
• State of the art
• Existing works based on iris
• Iris Code Matching as Error Correction Problem
• Iris Code Shuffling
• Increasing Error Correction Capability of Hadamard
Code
• Experimental Results
• Security Analysis
• Conclusions and Discussions
October 16, 2008 Biometrics Based Cryptographic 2
Key Regeneration using Iris
 Why Combine Biometrics with
Cryptography
• Shortcomings of Biometrics:
– Biometric data is noisy
– Lack of revocability: - Biometric templates once
stolen/compromised cannot be replaced and new
template cannot be issued
– No template diversity
• Shortcomings of Cryptography:
– Easy to guess and can be stolen
– No strong link between authenticator & user
identity
October 16, 2008 Biometrics Based Cryptographic 3
Key Regeneration using Iris
 State of the Art
Three main categories:
• Protecting biometrics and adding revocability
to biometrics – e.g. cancelable biometrics,
etc.
• Cryptographic key generation from biometrics
– e.g. Hardened password, Fuzzy extractors,
etc.
• Cryptographic key regeneration using
biometrics – e.g. fuzzy vault, fuzzy
commitment, etc.
October 16, 2008 Biometrics Based Cryptographic 4
Key Regeneration using Iris
 Existing Works on
Key Regeneration Using Iris
• Hao et al. scheme
– Uses Reed-Solomon and Hadamard codes for correcting
errors in iris codes
– 25% error correction is possible
– Cannot change error correction capability of Hadamard
codes
– For comparatively noisy databases (like ICE), this scheme
cannot work because many genuine comparisons have
Hamming distance greater than 25%
• Bringer et al. scheme
– Reed-Muller and Product codes are used
– The keys generated by this scheme are small (42 bits)
October 16, 2008 Biometrics Based Cryptographic 5
Key Regeneration using Iris
 Iris Code Matching as Error
Correction Problem
K K’
Noisy
Data Encoder Data Decoder
Communication Channel

Noise causing elements

Iris Code 1 Iris Code 2

• Variations in iris codes are treated as errors and are corrected by the
decoder.
• Error correcting capacity of the decoder should be such that it can
separate genuine users from impostors
• On successful error correction, K=K’ which is used as cryptographic key

October 16, 2008 Biometrics Based Cryptographic 6

Key Regeneration using Iris
 Schematic Diagram of the Key
Regeneration Scheme

October 16, 2008 Biometrics Based Cryptographic 7

Key Regeneration using Iris
 Iris Code Shuffling
• A shuffling key is generated using a password
• Iris code is divided into blocks;
number of blocks = number of bits in shuffling key
• If a bit in the key is 1, corresponding iris code block
is moved to the beginning; otherwise it is moved to
the end
• This scheme increases Hamming distance for
impostors, but for genuine users Hamming distance
is unchanged

October 16, 2008 Biometrics Based Cryptographic 8

Key Regeneration using Iris
 Iris Code Shuffling – Schematic
Diagram

October 16, 2008 Biometrics Based Cryptographic 9

Key Regeneration using Iris
 Hamming Distance Distributions –
Before and After Shuffling

Overlap between genuine and impostor users’ Hamming

distance is decreased because of shuffling
October 16, 2008 Biometrics Based Cryptographic 10
Key Regeneration using Iris
 Error Correcting Codes
• Iris codes have two types of errors:
– Background errors:- Due to camera noise, iris
distortion, image-capture effects, etc. These are
uniformly distributed
– Burst errors:- Due to eye-lids, eye-lashes, and
specular reflections. These occur as bursts.
• We use Hadamard code to correct
background errors and Reed-Solomon Codes
to correct burst errors
October 16, 2008 Biometrics Based Cryptographic 11
Key Regeneration using Iris
 Increasing Error Correction
Capability of Hadamard Code
• Hadamard code’s inherent error correction capacity is 25%
which cannot be changed. Large number of genuine users
comparisons where the hamming distance is more 25%.

• Adding similarity to the data can change the error distribution

by decreasing the number of errors in a block
– Let there be p errors in n bits
– Adding q zeros uniformly to n will change the error ratio to
R=p/(q+n); if R < 25%, p errors can be corrected
– Thus by changing q we can change (increase) the error
correction capacity of Hadamard code

October 16, 2008 Biometrics Based Cryptographic 12

Key Regeneration using Iris
 Database Used for System
Evaluation
• NIST-ICE Database

– Exp-1 - 1,425 images of right irises of 124 users

• 12,214 genuine and 1,002,386 impostor comparisons

– Exp-2 - 1,528 images of left irises of 120 users

• 14,653 genuine and 1,151,975 impostor comparisons

October 16, 2008 Biometrics Based Cryptographic 13

Key Regeneration using Iris
 Experimental Results
• Experimental parameters
• m = 6, Number of bits in each Reed-Solomon code block
• ns = 61, Number of blocks after Reed-Solomon encoding
• 8 zeros added to every 12 bits in the iris code; modified iris code
length = 1,980, which is truncated to 1,952 bits.
• ts Error correction capability of Reed-Solomon Code

Key ICE-Exp-1 ICE-Exp-2

ts
Length FAR FRR FAR FRR
11 234 0.0008 2.48 0.003 3.49
14 198 0.055 1.04 0.124 1.41
15 186 0.096 0.76 0.21 1.09

• ts acts as threshold by adjusting which we can fine tune the

system performance
October 16, 2008 Biometrics Based Cryptographic 14
Key Regeneration using Iris
 Security Analysis
2N
Entropy H = log 2
⎛N⎞
⎜ ⎟
⎝w ⎠
N is the number of degrees of freedom which can be calculated as
N = p (1 − p ) / σ 2
where p = mean of the binomial distribution, and
σ = standard deviation of the distribution
w = number of bits corresponding to the error correction capacity (which is 35%)

In our experiments, N = 1,172,

w = 410 corresponding to 35% error correction capacity, thus
Entropy of the key, H ≈ 83 bits

October 16, 2008 Biometrics Based Cryptographic 15

Key Regeneration using Iris
 Comparison With Other Iris
Based Systems
Authors ECC Key Bits FRR in % FAR in % Entropy Database
in bits
Hao et al.[2] RSH 140 0.47 0 44 proprietary
Bringer et al.[1] RMP 42 5.62 10-5 - ICE
- RSH 186 0.76 0.096 83 ICE-Exp-1
- RSH 234 2.48 0.0008 83 ICE-Exp-1

• RSH – Reed-Solomon and Hadamard codes

• RMP – Reed-Muller and Product codes
[1] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zémor, "Optimal iris fuzzy sketches," in IEEE
Conference on Biometrics: Theory, Applications and Systems, 2007.

[2] F. Hao, R. Anderson, and J. Daugman, "Combining crypto with biometrics effectively," IEEE Transactions
on Computers, vol. 55, no. 9, pp. 1081-1088, 2006.

October 16, 2008 Biometrics Based Cryptographic 16

Key Regeneration using Iris
 Conclusions and Discussions
• Shuffling makes the iris codes more random, which helps in increasing the entropy; also it
acts as interleaver and helps in error correction by distributing the error bursts

• The zero insertion scheme increases the error correction capability of Hadamard code which
is otherwise fixed

• Longer keys compared to other schemes can be obtained with the proposed scheme which
will have nearly 83 bit entropy

• The keys obtained with this scheme can be used in cryptographic systems; otherwise Hash
values of the original and regenerated keys can be compared to securely verify the user

• The locked iris template does not reveal any biometric information thereby protecting the
biometric data

• In case of compromise detection, the cryptographic key, smart card, and password can be
changed and a new template can be issued; thus the templates are revocable

October 16, 2008 Biometrics Based Cryptographic 17

Key Regeneration using Iris
 Contacts
For further questions, please contact –
Sanjay.Kanade@it-sudparis.eu
Dijana.Petrovska@it-sudparis.eu
Danielle.Camara@it-sudparis.eu

October 16, 2008 Biometrics Based Cryptographic 18

Key Regeneration using Iris
Thank You !