Combining Crypto with Biometrics: A New Human-Security Interface

I present my research on combining cryptography and iris biometrics. This is work with Ross Anderson and John Daugman. It is a short talk so I will leave out the technical detail. The motivation of the research is to incorporate advanced biometric authentication features into cryptography. We find that cryptography lacks the involvement of a human factor. In authentication, you would use a password or a token, but there is no real human factor involved. We studied the iris biometric because it is one of the most reliable biometrics discovered so far. There are however certain issues with the iris biometric. First, it is fuzzy. Second, its storage is quite controversial for privacy reasons. And third, it cannot be kept secret by its very nature. These limitations apply to biometrics in general. In Unix, you don’t store the password in plain text. Instead, you apply a oneway hash function. But you cannot do the same with iris codes because they are fuzzy. If you hash an iris code, it would destroy all the information content. So in our research, we devised a method to map the 2048-bit fuzzy iris code into an exact 140-bit string. This mapping is repeatable with a 99.5% success rate. Our technique is based on error correction codes. First I will explain the error characteristics in the iris codes. There are two types of errors. First there are random errors – errors dispersed randomly across an iris code. Second there are burst errors – caused by undetected eyelashes and specular reflections. We devised an error correction scheme to deal with these two types of error. At the top level, we wanted to design an error correction scheme in such a way that it will have the error correction capability at a cutting point to correct errors just enough for authentic users, and not more than that. We segment the iris code into 32 blocks with 64 bits in each block, and we apply a Hadamard code to correct up to 25% of the bits in each block. This is roughly the cutting point to discriminate between the same eye and a different eye. However, certain errors are clustered in some blocks to give us error blocks. Hence, we have a second layer of error correction using a Reed-Solomon code which corrects these burst errors. Here is a basic scheme. It is a two-factor scheme. Key reproduction is based on two factors: iris and token. The token is something that we can keep secret, but the iris is not. On the left-hand side of this diagram is the registration part which is also the encoding part. We generate a 140-bit random string, and encode it to 2048 bits. Then we XOR this with an iris code, which is also 2048 bits. The