Biometrics and cryptography - a new level of security
 |
Arnold Zhao Zeng and Dr Paul Watters |
Having trouble remembering all your passwords and PINs? The solution may be staring you right in the face, in the reflection of your computer monitor.
Each time we buy something on the Internet, do some online banking, or send sensitive information to friends and colleagues, there's a risk that hackers could steal our most important asset - our password or PIN.
Passwords are a security risk for other reasons too - we get so many of them that sometimes we write them down, make them too simple and easy to guess, share them with other people, or even use the same ones for many different applications.
The most complicated cryptographic and security card systems in the world therefore cannot guarantee what's referred to as "known repudiation" - the certainty that the person logging on is actually the authorised user.
A new approach
PhD student in the Department of Computing at Macquarie University, Arnold Zhao Zeng, is hoping to improve this situation by developing a new authentication system that combines the traditional science of cryptography with the new research area of biometrics. Biometric systems authenticate the "who you are" (by using your fingerprints, face or voice) as opposed to "what you know" (PINs or passwords) or "what you have" (ID card), and are therefore a powerful tool for identity management.
"Biometrics can improve the information for known repudiation because the person needs to be present at the place and time of authentication," Zeng explains. "Also, because it uses your fingerprint or face image, biometric data cannot be forgotten.
"Unfortunately, biometric systems like those currently used in airports still have their drawbacks. For example, the authentication system needs to access biometric template data stored in a database system, which may still be open to attacks.
"Another issue is that people leave their fingerprints everywhere and their face image can be captured by a high-speed camera. This information can then be used for biometric information fakes. So all these security problems of the biometric systems led me to my research topic - 'how can we combine traditional cryptography technology with biometric authentication systems?'"
The solution
Zeng and supervisor Dr Paul Watters have come up with a proposed system whereby a person's whole face is captured in a series of images, and converted by a cryptographic key into stable binary form - making the data safe from hackers - before being stored on a database.
When the authorised user attempts to access the system from then on, images of just one part of their face (ie their mouth, eyebrow, nose or eyes) are taken, converted into binary using the same key and matched against the original template before access is granted. If the face data in an application is compromised or stolen, the biometric key itself will not be lost forever and a new face feature descriptor can easily be issued.
Although it's still early days in the project, Zeng is already well on the way to solving some of the technical challenges involved including how to ensure facial matches of the same user under varying conditions of pose, expression and illumination, and how to minimise the computational load of the system given that facial images require high resolution. So don't forget those passwords just yet!
For more information contact Dr Paul Watters at paul.watters@mq.edu.au