This Article 
 Bibliographic References 
 Add to: 
Combining Crypto with Biometrics Effectively
September 2006 (vol. 55 no. 9)
pp. 1081-1088
We propose the first practical and secure way to integrate the iris biometric into cryptographic applications. A repeatable binary string, which we call a biometric key, is generated reliably from genuine iris codes. A well-known difficulty has been how to cope with the 10 to 20 percent of error bits within an iris code and derive an error-free key. To solve this problem, we carefully studied the error patterns within iris codes and devised a two-layer error correction technique that combines Hadamard and Reed-Solomon codes. The key is generated from a subject's iris image with the aid of auxiliary error-correction data, which do not reveal the key and can be saved in a tamper-resistant token, such as a smart card. The reproduction of the key depends on two factors: the iris biometric and the token. The attacker has to procure both of them to compromise the key. We evaluated our technique using iris samples from 70 different eyes, with 10 samples from each eye. We found that an error-free key can be reproduced reliably from genuine iris codes with a 99.5 percent success rate. We can generate up to 140 bits of biometric key, more than enough for 128-bit AES. The extraction of a repeatable binary string from biometrics opens new possible applications, where a strong binding is required between a person and cryptographic operations. For example, it is possible to identify individuals without maintaining a central database of biometric templates, to which privacy objections might be raised.

[1] R.J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. New York: Wiley, 2001.
[2] J. Daugman, “Biometric Decision Landscapes,” Technical Report UCAM-CL-TR-482, Computer Laboratory, Univ. of Cambridge, 2000.
[3] J. Daugman, “The Importance of Being Random: Statistical Principles of Iris Recognition,” Pattern Recognition, vol. 36, no. 2, pp. 279-291, 2003.
[4] D.G. Abraham, G.M. Dolan, G.P. Double, and J.V. Stevens, “Transaction Security System,” IBM Systems J., vol. 30, no. 2, pp.206-229, 1991.
[5] Y. Seto, “Development of Personal Authentication Systems Using Fingerprint with Smart Cards and Digital Signature Technologies,” Proc. Seventh Int'l Conf. Control, Automation, Robotics, and Vision, Dec. 2002.
[6] U. Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, “Biometric Cryptosystems: Issues and Challenges,” Proc. IEEE, vol. 92, no. 6, pp. 948-960, 2004.
[7] T.C. Clancy, N. Kiyavash, and D.J. Lin, “Secure Smart Card-Based Fingerprint Authentication,” Proc. 2003 ACM SIGMM Workshop Biometrics Methods and Application (WBMA), 2003.
[8] F. Monrose, M.K. Reiter, Q. Li, and S. Wetzel, “Cryptographic Key Generation from Voice,” Proc. 2001 IEEE Symp. Security and Privacy, May 2001.
[9] A. Goh and D.C. L. Ngo, “Computation of Cryptographic Keys from Face Biometrics,” Proc. Int'l Federation for Information Processing 2003, pp. 1-13, 2003.
[10] F. Hao and C.W. Chan, “Private Key Generation from On-Line Handwritten Signatures,” Information Management & Computer Security, vol. 10, no. 2, pp. 159-164, 2002.
[11] F. Monrose, M.K. Reiter, and R. Wetzel, “Password Hardening Based on Keystroke Dynamics,” Proc. Sixth ACM Conf. Computer and Comm. Security (CCCS), 1999.
[12] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B.V.K. Vijaya Kumar, “Biometric Encryption,” ICSA Guide to Cryptography, McGraw-Hill, 1999, .
[13] K.J. Pawan and M.Y. Siyal, “Novel Biometric Digital Signature for Internet Based Applications,” Information Management and Computer Security, vol. 9, no. 5, pp. 205-212, 2001.
[14] A. Juels and M. Wattenberg, “A Fuzzy Commitment Scheme,” Proc. Sixth ACM Conf. Computer and Comm. Security (CCCS), 1999.
[15] A. Juels and M. Sudan, “A Fuzzy Vault Scheme,” Proc. IEEE Int'l Symp. Information Theory, 2002.
[16] G.I. Davida, Y. Frankel, B.J. Matt, and R. Peralta, “On the Relation of Error Correction and Cryptography to an Off Line Biometrics Based Identification Scheme,” Proc. Workshop Coding and Cryptography, 1999.
[17] D. Wheeler, “Protocols Using Keys from Faulty Data,” Proc. Security Protocols Workshop, 2001.
[18] S.S. Agaian, Hadamard Matrix and Their Applications. Springer Verlag, 1985.
[19] F.J. MacWilliams and N.J.A. Sloane, The Theory of Error-Correcting Codes. North Holland, 1991.
[20] R.J. McEliece, The Theory of Information and Coding. Cambridge Univ. Press, 2002.
[21] Y. Dodis, L. Reyzin, A. Smith, “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data,” Proc. Eurocrypt 2004, pp. 523-540, 2004.
[22] X. Boyen, “Reusable Cryptographic Fuzzy Extractors,” Proc. CCS 2004, pp. 82-91, 2004.

Index Terms:
Biometrics, iris code, Hadamard code, Reed-Solomon code.
Feng Hao, Ross Anderson, John Daugman, "Combining Crypto with Biometrics Effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081-1088, Sept. 2006, doi:10.1109/TC.2006.138
Usage of this product signifies your acceptance of the Terms of Use.