Issue No.09 - September (2006 vol.55)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2006.138
We propose the first practical and secure way to integrate the iris biometric into cryptographic applications. A repeatable binary string, which we call a biometric key, is generated reliably from genuine iris codes. A well-known difficulty has been how to cope with the 10 to 20 percent of error bits within an iris code and derive an error-free key. To solve this problem, we carefully studied the error patterns within iris codes and devised a two-layer error correction technique that combines Hadamard and Reed-Solomon codes. The key is generated from a subject's iris image with the aid of auxiliary error-correction data, which do not reveal the key and can be saved in a tamper-resistant token, such as a smart card. The reproduction of the key depends on two factors: the iris biometric and the token. The attacker has to procure both of them to compromise the key. We evaluated our technique using iris samples from 70 different eyes, with 10 samples from each eye. We found that an error-free key can be reproduced reliably from genuine iris codes with a 99.5 percent success rate. We can generate up to 140 bits of biometric key, more than enough for 128-bit AES. The extraction of a repeatable binary string from biometrics opens new possible applications, where a strong binding is required between a person and cryptographic operations. For example, it is possible to identify individuals without maintaining a central database of biometric templates, to which privacy objections might be raised.
Biometrics, iris code, Hadamard code, Reed-Solomon code.
Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively", IEEE Transactions on Computers, vol.55, no. 9, pp. 1081-1088, September 2006, doi:10.1109/TC.2006.138