Cancelable biometrics using hand geometry-based steganographic techniques
Abstract
Biometrics have long been used as an accepted user authentication method and have been implemented as a security measure in many real-world systems including personal computers, mobile devices, and physical access control. By encoding a person’s physical attributes the disadvantages of traditional password based security, like passwords being lost or stolen, can be overcome. One of the factors that hampers the acceptance of biometric authentication systems is that users have to submit private biometric data to the authentication systems and should these systems be compromised, a digital copy of their biometrics becomes available for exploitation. The concept of Cancelable Biometrics has to do with the obfuscating of biometric information that is used for biometric authentication, whether the information is in storage or in transit. This ensures that biometric information of a person cannot be reconstructed when it is observed by a third party. With the use of a cancelling technique, one can assure anonymity of users within the system and prevent unauthorised usage of digitised biometric information. The primary aim of this study was to develop a technique that ensures cancelability of biometrics based on hand geometry information from a Leap Motion Controller and steganographic storage techniques. To achieve the primary aim, the following secondary objectives were addressed: i) Perform a literature study to discuss the use and implementation
of cancelable biometrics, steganography, hand geometry authentication and the Leap Motion Controller. ii) Design and implementation of the system. iii) Evaluation of the created system using error-based metrics and iterative validation testing. Based on the recommendations from literature, a biometric authentication system was designed and implemented which uses latent hand geometry information from a Leap Motion Controller to construct biometric templates. The cancelability of the biometric templates were ensured by implementing user-specific transforms to the templates and employing steganography techniques for a novel storage solution. The system’s performance was evaluated both in terms of the various components that were integrated in the system, and in terms of its overall performance. Even though the Leap Motion Controller proved to be an effective an efficient biometric sensor, the use of hand geometry as the source of user biometrics in this context did not exhibit the required level of uniqueness. Given varying levels of tolerance that the system allows for, biometric authentication can still be performed, however, with a trade-off between the true acceptance and false acceptance rates. The negative effect of the tolerance levels were mitigated by introducing a user PIN as a second authentication factor.