A survey on biometric cryptosystems and cancelable biometrics
© Rathgeb and Uhl; licensee Springer. 2011
Received: 18 February 2011
Accepted: 23 September 2011
Published: 23 September 2011
Skip to main content
© Rathgeb and Uhl; licensee Springer. 2011
Received: 18 February 2011
Accepted: 23 September 2011
Published: 23 September 2011
Form a privacy perspective most concerns against the common use of biometrics arise from the storage and misuse of biometric data. Biometric cryptosystems and cancelable biometrics represent emerging technologies of biometric template protection addressing these concerns and improving public confidence and acceptance of biometrics. In addition, biometric cryptosystems provide mechanisms for biometric-dependent key-release. In the last years a significant amount of approaches to both technologies have been published. A comprehensive survey of biometric cryptosystems and cancelable biometrics is presented. State-of-the-art approaches are reviewed based on which an in-depth discussion and an outlook to future prospects are given.
The term biometrics is defined as "automated recognition of individuals based on their behavioral and biological characteristics" (ISO/IEC JTC1 SC37). Physiological as well as behavioral biometric characteristics are acquired applying adequate sensors and distinctive features are extracted to form a biometric template in an enrollment process. At the time of verification or identification (identification can be handled as a sequence of verifications and screenings) the system processes another biometric input which is compared against the stored template, yielding acceptance or rejection . It is generally conceded that a substitute to biometrics for positive identification in integrated security applications is non-existent. While the industry has long claimed that one of the primary benefits of biometric templates is that original biometric signals acquired to enroll a data subject cannot be reconstructed from stored templates, several approaches [2, 3] have proven this claim wrong. Since biometric characteristics are largely immutable, a compromise of biometric templates results in permanent loss of a subject's biometrics. Standard encryption algorithms do not support a comparison of biometric templates in encrypted domain and, thus, leave biometric templates exposed during every authentication attempt  (homomorphic and asymmetric encryption, e.g., in [5–7], which enable a biometric comparison in encrypted domain represent exceptions). Conventional cryptosystems provide numerous algorithms to secure any kind of crucial information. While user authentication is based on possession of secret keys, key management is performed introducing a second layer of authentication (e.g., passwords) . As a consequence, encrypted data inherit the security of according passwords applied to release correct decrypting keys. Biometric template protection schemes which are commonly categorized as biometric cryptosystems (also referred to as helper data-based schemes) and cancelable biometrics (also referred to as feature transformation) are designed to meet two major requirements of biometric information protection (ISO/IEC FCD 24745):
Irreversibility: It should be computationally hard to reconstruct the original biometric template from the stored reference data, i.e., the protected template, while it should be easy to generate the protected biometric template.
Unlinkability: Different versions of protected biometric templates can be generated based on the same biometric data (renewability), while protected templates should not allow cross-matching (diversity).
"Cancelable biometrics (CB) consist of intentional, repeatable distortions of biometric signals based on transforms which provide a comparison of biometric templates in the transformed domain" . The inversion of such transformed biometric templates must not be feasible for potential imposters. In contrast to templates protected by standard encryption algorithms, transformed templates are never decrypted since the comparison of biometric templates is performed in transformed space which is the very essence of CB. The application of transforms provides irreversibility and unlinkability of biometric templates . Obviously, CB are closely related to BCSs.
As both technologies have emerged rather recently and corresponding literature is dispersed across different publication media, a systematic classification and in-depth discussion of approaches to BCS and CB is given. As opposed to existing literature [4, 8], which intends to review BCSs and CB at coarse level, this article provides the reader with detailed descriptions of all existing key concepts and follow-up developments. Emphasis is not only placed on biometric template protection but on cryptographic aspects. Covering the vast majority of published approaches up to and including the year 2010 this survey comprises a valuable collection of references based on which a detailed discussion (including performance rates, applied data sets, etc.) of the state-of-the-art technologies is presented and a critical analysis of open issues and challenges is given.
This survey is organized as follows: BCSs (Section 2) and CB (Section 3) are categorized and concerning literature is reviewed in detail. A comprehensive discussion including the current state-of-the-art approaches to both technologies, security risks, privacy aspects, and open issues and challenges is presented and concluding remarks are given (Section 4).
(1) Key-binding schemes: Helper data are obtained by binding a chosen key to a biometric template. As a result of the binding process a fusion of the secret key and the biometric template is stored as helper data. Applying an appropriate key retrieval algorithm, keys are obtained from the helper data at authentication . Since cryptographic keys are independent of biometric features these are revocable while an update of the key usually requires re-enrollment in order to generate new helper data.
(2) Key-generation schemes: Helper data are derived only from the biometric template. Keys are directly generated from the helper data and a given biometric sample . While the storage of helper data are not obligatory the majority of proposed key-generation schemes does store helper data (if key-generation schemes extract keys without the use of any helper data these are not updatable in case of compromise). Helper data-based key-generation schemes are also referred to as "fuzzy extractors" or "secure sketches", for both primitives formalisms (and further extensions) are defined in [13, 14]. A fuzzy extractor reliably extracts a uniformly random string from a biometric input while stored helper data assist the reconstruction. In contrast, in a secure sketch, helper data are applied to recover the original biometric template.
Several concepts of BCSs can be applied as both, key-generation and key-binding scheme [15, 16]. Hybrid approaches which make use of more basic concepts  have been proposed, too. Furthermore, schemes which declare different goals such as enhancing the security of an existing secret [18, 19] have been introduced. In contrast to BCSs based on key-binding or key-generation, key-release schemes represent a loose coupling of biometric authentication and key-release . In case of successful biometric authentication a key-release mechanism is initiated, i.e., a cryptographic key is released. The loose coupling of biometric and cryptographic systems allows to exchange both components easily. However, a great drawback emerges, since the separate plain storage of biometric templates and keys offers more vulnerabilities to conduct attacks. Key-release schemes do not meet requirements of biometric template protection and, thus, are hardly appropriate for high security applications and not usually considered a BCS. Another way to classify BCSs is to focus on how these systems deal with biometric variance. While some schemes apply error correction codes [15, 16], others introduce adjustable filter functions and correlation  or quantization [21, 22].
Even though definitions for "biometric keys" have been proposed (e.g., in [23, 24]), these terms have established as synonyms for any kind of key dependent upon biometrics, i.e., biometric features take influence on the constitution of keys (as opposed to key-binding schemes). Like conventional cryptographic keys, biometric keys have to fulfill several requirements, such as key-randomness, stability, or uniqueness [25, 26].
When measuring the performance of biometric systems widely used factors include False Rejection Rate (FRR), False Acceptance Rate (FAR), and Equal Error Rate (EER) [1, 27] (defined in ISO/IEC FDIS 19795-1). As score distributions overlap, FRR and FAR intersect at a certain point, defining the EER of the system (in general, decreasing the FRR increases the FAR and vice versa).
Compared to biometric systems, BCSs generally reveal a noticeable decrease in recognition performance . This is because within BCS in most cases the enrolled template is not seen and, therefore, cannot be aligned properly at comparison. In addition, the majority of BCSs introduce a higher degree of quantization at feature extraction, compared to conventional biometric systems, which are capable of setting more precise thresholds to adjust recognition rates.
The first sophisticated approach to biometric key-binding based on fingerprints was proposed by Soutar et al. [28–30]. The presented system was called Mytec2, a successor of Mytec1 , which was the first BCS but turned out to be impractical in terms of accuracy and security. Mytec1 and Mytec2 were originally called Biometric Encryption™, the trademark was abandoned in 2005. The basis of the Mytec2 (and Mytec1) algorithm is the mechanism of correlation.
The algorithm was summarized in a patent , which includes explanations of how to apply the algorithm to other biometric characteristics such as iris. In all the publications, performance measurements are omitted.
In 1999 Juels and Wattenberg  combined techniques from the area of error correcting codes and cryptography to achieve a type of cryptographic primitive referred to as fuzzy commitment scheme.
Experimental results of proposed fuzzy commitment schemes.
Hao et al. 
Bringer et al. 
Rathgeb and Uhl 
Teoh and Kim 
Tong et al. 
Van der Veen et al. 
>1 enroll. sam.
Ao and Li 
Lu et al. 
Maiorana and Ercole 
>1 enroll. sam.
Teoh and Kim  applied a randomized dynamic quantization transformation to binarize fingerprint features extracted from a multichannel Gabor filter. Feature vectors of 375 bits are extracted and Reed-Solomon codes are applied to construct the fuzzy commitment scheme. The transformation comprises a non-invertible projection based on a random matrix derived from a user-specific token. It is required that this token is stored on a secure device. Similar schemes based on the feature extraction of BioHashing  (discussed later) have been presented in [42, 43]. Tong et al.  proposed a fuzzy extractor scheme based on a stable and order invariant representation of biometric data called Fingercode reporting inapplicable performance rates. Nandakumar  applies a binary fixed-length minutiae representation obtained by quantizing the Fourier phase spectrum of a minutia set in a fuzzy commitment scheme, where alignment is achieved through focal point of high curvature regions. In  a fuzzy commitment scheme based on face biometrics is presented in which real-valued face features are binarized by simple thresholding followed by a reliable bit selection to detect most discriminative features. Lu et al.  binarized principal component analysis (PCA) based face features which they apply in a fuzzy commitment scheme.
A method based on user adaptive error correction codes was proposed by Maiorana et al.  where the error correction information is adaptively selected based on the intra-variability of a user's biometric data. Applying online signatures this seems to be the first approach of using behavioral biometrics in a fuzzy commitment scheme. In  another fuzzy commitment scheme based on online signatures is presented.
While in classic fuzzy commitment schemes [15, 32] biometric variance is eliminated applying error correction codes, Zheng et al.  employ error tolerant lattice functions. In experiments a FRR of ~3.3% and a FAR of ~0.6% are reported. Besides the formalism of fuzzy extractors and secure sketches, Dodis et al.  introduce the so-called syndrome construction. Here an error correction code syndrome is stored as part of the template and applied during authentication in order to reconstruct the original biometric input.
Tuyls et al.  introduced a concept which is referred to as shielding functions.
Buhan et al.  extend the ideas of the shielding functions approach by introducing a feature mapping based on hexagonal zones instead of square zones. No results in terms of FRR and FAR are given. Li et al.  suggest to apply fingerprint in a key-binding scheme based on shielding functions.
One of the most popular BCSs called fuzzy vault was introduced by Juels and Sudan  in 2002.
Experimental results of proposed fuzzy vault schemes.
Clancy et al. 
Nandakumar et al. 
Uludag et al. 
Li et al. 
Nagar et al. 
Lee et al. 
Wu et al. 
Reddy and Babu et al. 
Wu et al. 
Kumar and Kumar 
Wu et al. 
Kholmatov and Yanikoglu 
Numerous enhancements to the original concept of the fuzzy vault have been introduced. Moon et al.  suggest to use an adaptive degree of the polynomial. Nagar and Chaudhury  arrange encoded keys and biometric data of fingerprints in the same order into separate grids, which form the vault. Chaff values are inserted into these grids in appropriate range to hide information.
In other work, Nagar et al. [17, 65] introduce the idea of enhancing the security and accuracy of a fingerprint-based fuzzy vault by exploiting orientation information of minutiae points. Dodis et al.  suggest to use a high-degree polynomial instead of chaff points in order to create an improved fuzzy vault. Additionally, the authors propose another syndrome-based key-generating scheme which they refer to as PinSketch. This scheme is based on polynomial interpolation like the fuzzy vault but requires less storage space. Arakala  provides an implementation of the PinSketch scheme based on fingerprints.
Apart from fingerprints, other biometric characteristics have been applied in fuzzy vault schemes. Lee et al.  proposed a fuzzy vault for iris biometrics. Since iris features are usually aligned, an unordered set of features is obtained through independent component analysis. Wu et al. [68, 69] proposed a fuzzy vault based on iris as well. After image acquisition and preprocessing, iris texture is divided into 64 blocks where for each block the mean gray scale value is calculated resulting in 256 features which are normalized to integers to reduce noise. At the same time, a Reed-Solomon code is generated and, subsequently, the feature vector is translated to a cipher key using a hash function. In further work, Wu et al.  propose a system based on palmprints in which 362 bit cryptographic keys are bound and retrieved. A similar approach based on face biometrics is presented in . PCA features are quantized to obtain a 128-bit feature vector from which 64 distinguishable bits are indexed in a look-up table while variance is overcome by Reed-Solomon codes. Reddy and Babu  enhance the security of a classic fuzzy vault scheme based on iris by adding a password with which the vault as well as the secret key is hardened. In case passwords are compromised the systems security decreases to that of a standard one, thus, according results were achieved under unrealistic preconditions. Kumar and Kumar [73, 74] present a fuzzy vault based on palmprints by employing real-valued DCT coefficients of palmprint images binding and retrieving 307 bit keys. Kholmatov and Yanikoglu  propose a fuzzy vault for online signatures.
The prior idea of generating keys directly out of biometric templates was presented in a patent by Bodo . An implementation of this scheme does not exist and it is expected that most biometric characteristics do not provide enough information to reliably extract a sufficiently long and updatable key without the use of any helper data.
The private template scheme, based on iris, was proposed by Davida et al. [77, 78] in which the biometric template itself (or a hash value of it) serves as a secret key. The storage of helper data which are error correction check bits are required to correct faulty bits of given iris-codes.
Within this group of schemes, helper data are constructed in a way that is assists in a quantization of biometric features in order to obtain stable keys.
Besides the so far described key concepts of BCSs, other approaches have been proposed. While some represent combinations of basic concepts, others serve different purposes. In addition, multi-BCSs have been suggested.
Monrose et al.  proposed a technique to improve the security of password-based applications by incorporating biometric information into the password (an existing password is "salted" with biometric data).
Proposed schemes: In several publications, Monrose et al. [18, 23, 88] apply their password-hardening scheme to voice biometrics where the representation of the utterance of a data subject is utilized to identify suitable features. A FRR of approximately 6% and a FAR below 20% was reported. In further work [25, 26] the authors analyze and mathematically formalize major requirements of biometric key generators, and a method to generate randomized biometric templates is proposed . Stable features are located during a single registration procedure in which several biometric inputs are measured. Chen and Chandran  proposed a key-generation scheme for face biometrics (for 128-bit keys), which operates like a password-hardening scheme , using Radon transform and an interactive chaotic bispectral one-way transform. Here, Reed-Solomon codes are used instead of shares. A FRR of 28% and a FAR of 1.22% are reported.
A technique applied to face biometrics called "BioHashing" was introduced by Teoh et al. [41, 91–93]. Basically, the BioHashing approach operates as key-binding scheme, however, to generate biometric hashes secret user-specific tokens (unlike public helper data) have to be presented at authentication. Prior to the key-binding step, secret tokens are blended with biometric data to derive a distorted biometric template, thus, BioHashing can be seen as an instance of "Biometric Salting" (see Section 3).
Proposed schemes: Generating FaceHashes, a FRR of 0.93% and a zero FAR are reported. In other approaches the same group adopts BioHashing to several biometric characteristics including fingerprints [94, 95], iris biometrics [96, 97] as well as palmprints  and show how to apply generated hashes in generic key-binding schemes [99, 100]. The authors reported zero EERs for several schemes.
Kong et al.  presented an implementation of FaceHashing and gave an explanation for the zero EER, reported in the first works on BioHashing. Zero EER were achieved due to the tokenized random numbers, which were assumed to be unique across subjects. In a more recent publication, Teoh et al.  address the so-called "stolen-token" issue evaluating a variant of BioHashing, known as multistage random projection (MRP). By applying a multi-state discretization the feature element space is divided into 2 N segments by adjusting the user-dependent standard deviation. By using this method, elements of the extracted feature vector can render multiple bits instead of 1 bit in the original BioHash. As a result, the extracted bitstreams exhibit higher entropy and recognition performance is increased even if impostors are in possession of valid tokens. However, zero EERs were not achieved under the stolen-token scenario. Different improvements to the BioHashing algorithm have been suggested [103, 104].
While multi-biometric systems  have been firmly established (e.g., combining iris and face in a single sensor scenario) a limited amount of approaches to BCSs utilize several different biometric traits to generate cryptographic keys. Nandakumar and Jain  proposed the best performing multibiometric cryptosystem in a fuzzy vault based on fingerprint and iris. The authors demonstrate that a combination of biometric modalities leads to increased accuracy and, thus, higher security. A FRR of 1.8% at a FAR of ~0.01% is obtained, while the corresponding FRR values of the iris and fingerprint fuzzy vaults are 12 and 21.2%, respectively. Several other ideas of using a set of multiple biometric characteristics within BCSs have been proposed [107–114].
Nagar et al. [17, 65] proposed a hybrid fingerprint-based BCS. Local minutiae descriptors, which comprise ridge orientations and frequency information, are bound to ordinate values of a fuzzy vault applying a fuzzy commitment scheme. In experiments FRR of 5% and a FAR of 0.01% is obtained, without minutiae descriptors the FAR increased to 0.7%. A similar scheme has been suggested in .
Chen et al.  extract keys from fingerprints and bind these to coefficients of n-variant linear equations. Any n (n < m) elements of a m-dimensional feature vector can retrieve a hidden key where the template consists of true data, the solution space of the equation, and chaff data (false solutions of the equation). A FRR of 7.2% and zero FAR are reported. Bui et al.  propose a key-binding scheme based on face applying quantization index modulation which is originally targeted for watermarking applications. In [118, 119], approaches of combining biometric templates with syndrome codes based on the Slepian-Wolf theorem are introduced. Boyen et al.  presented a technique for authenticated key exchange with the use of biometric data. In order to extract consistent bits from fingerprints a locality preserving hash is suggested in . Thereby minutiae are mapped to a vector space of real coefficients which are decorrelated using PCA. Kholmatov et al.  proposed a method for biometric-based secret sharing. A secret is shared upon several users and released if a sufficiently large number of the user's biometric traits is presented at authentication. Similar approaches have been proposed in [123, 124].
Most BCSs aim at binding or generating keys, long enough to be applied in a generic cryptographic system (e.g., 128-bit keys for AES). To prevent biometric keys from being guessed, these need to exhibit sufficient size and entropy. System performance of BCSs is mostly reported in terms of FRR and FAR, since both metrics and key entropy depend on the tolerance levels allowed at comparison, these three quantities are highly inter-related.
Buhan et al. [53, 125] have shown that there is a direct relation between the maximum length k of cryptographic keys and the error rates of the biometric system. The authors define this relation as k ≤ - log2(FAR), which has established as one of the most common matrices used to estimate the entropy of biometric keys. This means that an ideal BCS would have to maintain an FAR ≤ 2 -k which appears to be a quite rigorous upper bound that may not be achievable in practice. Nevertheless, the authors pointed out the important fact that the recognition rates of a biometric system correlate with the amount of information which can be extracted, retaining maximum entropy. Based on their proposed quantization scheme, . Vielhauer et al.  describe the issue of choosing significant features of online signatures and introduce three measures for feature evaluation: intrapersonal feature deviation, interpersonal entropy of hash value components and the correlation between both. By analyzing the discriminativity of chosen features the authors show that the applied feature vector can be reduced by 45% maintaining error rates . This example underlines the fact that BCSs may generate arbitrary long keys while inter-class distances (= Hamming distance between keys) remain low. Ballard et al. [25, 26] propose a new measure to analyze the security of a BCS, termed guessing distance. The guessing distance defines the number of guesses a potential imposter has to perform in order to retrieve either the biometric data or the cryptographic key. Thus, the guessing distance directly relates to intra-class distances of biometric systems and, therefore, provides a more realistic measure of the entropy of biometric keys. Kelkboom et al.  analytically obtained a relationship between the maximum key size and a target system performance. A increase of maximum key size is achieved in various scenarios, e.g., when applying several biometric templates at enrollment and authentication or when increasing the desired false rejection rates. In theory-oriented work, Tuyls et al. [129, 130] estimate the capacity and entropy loss for fuzzy commitment schemes and shielding functions, respectively. Similar investigations have been done by Li et al. [131, 132] who provide a systematic approach of how to examine the relative entropy loss of any given scheme, which bounds the number of additional bits that could be extracted if optimal parameters were used. A method for arranging secret points and chaff points in fuzzy vaults such that entropy loss is minimized is presented in .
Obviously, key lengths have to be maximized in order to minimize the probability that secret keys are guessed . A second factor which affects the security of biometric cryptosystems is privacy leakage, i.e., the information that the helper data contain (leak) about biometric data . Ideally, privacy leakage should be minimized (for a given key length), to avoid identity fraud. The requirements on key size and privacy leakage define a fundamental trade-off within approaches to BCSs, which is rarely estimated. In  this trade-off is studied from in an information-theoretical prospective and achievable key length versus privacy leakage regions are determined. Additionally, stored helper data have to provide unlinkability.
(1) Non-invertible transforms: In these approaches, biometric data are transformed applying a noninvertible function (e.g., Figure 12b,c). In order to provide updatable templates, parameters of the applied transforms are modified. The advantage of applying non-invertible transforms is that potential impostors are not able to reconstruct the entire biometric data even if transforms are compromised. However, applying non-invertible transforms mostly implies a loss of accuracy. Performance decrease is caused by the fact that transformed biometric templates are difficult to align (like in BCSs) in order to perform a proper comparison and, in addition, information is reduced. For several approaches these effects have been observed [12, 136].
(2) Biometric salting: Biometric salting usually denotes transforms of biometric templates which are selected to be invertible. Any invertible transform of biometric feature vector elements represents an approach to biometric salting even if biometric templates have been extracted in a way that it is not feasible to reconstruct the original biometric signal . As a consequence, the parameters of the transform have to be kept secret. In case user-specific transforms are applied, the parameters of the transform (which can be seen as a secret seed  have to be presented at each authentication. Impostors may be able to recover the original biometric template in case transform parameters are compromised, causing a potential performance decrease of the system in case underlying biometric algorithms do not provide high accuracy without secret transforms. While approaches to biometric salting may maintain the recognition performance of biometric systems non-invertible transforms provide higher security .
Experimental results of proposed approaches to CB.
Ratha et al. 
Boult et al. 
Hammerle-Uhl et al. 
Zuo et al. 
Maiorana et al. 
Savvides et al. 
Teoh et al. 
2·10 - 3 EER
Wang et al. 
Zuo et al. 
0.005/<10 - 3
Ouda et al. 
Teoh et al. 
Jeong et al. 
Tulyakov et al. 
Ang et al. 
While in the majority of proposed approaches to CB template alignment is non-trivial and applied transforms are selected to be non-invertible, still some schemes (e.g., in [72, 102]), especially to biometric salting, report an increase in performance. In case user-specific transforms are applied at enrollment and authentication, by definition, two-factor authentication is yielded which may increase the security but does not effect the accuracy of biometric authentication.
Ratha et al.  were the first to introduce the concept of CB applying noninvertible transforms.
Several types of transforms for constructing multiple CB from pre-aligned fingerprints and face biometrics have been introduced in [12, 140, 141] including cartesian transform and functional transform. In further work , different techniques to create cancelable iris biometrics have been proposed. The authors suggest four different transforms applied in image and feature domain where only small performance drops are reported. Hammerle-Uhl et al.  applied classic transformations suggested in  to iris biometrics. Furthermore, in  it is shown that applying both transforms to rectangular iris images, prior to preprocessing, does not work. Similar to  Rathgeb and Uhl  suggest to apply row permutations to iris-codes. Maiorana et al. [144–146] apply non-invertible transforms to obtain cancelable templates from online signatures. In their approach, biometric templates, which represent a set of temporal sequences, are split into non-overlapping sequences of signature features according to a random vector which provides revocability. Subsequently, the transformed template is generated through linear convolution of sequences. The complexity of reconstructing the original data from the transformed template is computationally as hard as random guessing.
Boult et al. [147, 148] proposed cryptographically secure biotokens which they applied to face and fingerprints. In order to enhance security in biometric systems, biotokens, which they refer to as Biotope™, are adopted to existing recognition schemes (e.g., PCA for face).
Savvides et al.  generate cancelable face biometrics by applying so-called minimum average correlation filters which provide non-invertibility. User-specific secret personal identification numbers (PINs) serve as seed for a random basis for the filters similar to . As previously mentioned, BioHashing  without key-binding provides cancelable biometric templates, too. Early proposals of the BioHashing algorithm did not consider the stolen-token scenario. In more recent work  it is demonstrated that the EER for the extraction of cancelable 180-bit fingercodes increases from 0% to 5.31% in the stolen-token scenario. The authors address this issue by proposing a new method which they refer to as MRP [152, 153]. It is claimed that MRP (which is applied to face and speech) retains recognition performance in the stolen-token scenario. Furthermore, the authors proposed a method to generate cancelable keys out of dynamic hand signatures [154, 155] based on the random mixing step of BioPhasor and user-specific 2 N discretization. To provide CB, extracted features are randomly mixed with a token T using a BioPhasor mixing method. Kim et al.  apply user-specific random projections to PCA-based face features followed by an error minimizing template transform. However, the authors do not consider a stolen-token scenario. Another approach to biometric salting was presented by Wang et al.  in which face features are transformed based on a secret key. Non-invertibility is achieved by means of quantization. Ouda et al. [158, 159] propose a technique to obtain cancelable iris-codes. Out of several enrollment templates a vector of consistent bits (BioCode) and their positions are extracted. Revocability is provided by encoding the BioCode according to a selected random seed. Pillai et al.  achieve cancelable iris templates by applying sector random projection to iris images. Recognition performance is only maintained if user-specific random matrices are applied.
Jeong et al.  combine two different feature extraction methods to achieve cancelable face biometrics. PCA and ICA (independent component analysis) coefficients are extracted and both feature vectors are randomly scrambled and added in order to create a transformed template. Tulyakov et al. [162, 163] propose a method for generating cancelable fingerprint hashes. Instead of aligning fingerprint minutiae, the authors apply order invariant hash functions, i.e., symmetric complex hash functions. Ang et al.  suggest to apply a key-dependent geometric transform to fingerprints. In the first step a core point is selected in the fingerprint image and a line is drawn through it where the secret key defines the angle of the line (0 ≤ key ≤ π). Secondly, all minutiae below the line are reflected above the line to achieve a transformed template. Yang et al.  apply random projections to minutiae quadruples to obtain cancelable fingerprint templates. In further work  the authors address the stolen-token scenario by selecting random projection matrices based on biometric features. Lee et al.  presented a method for generating alignment-free cancelable fingerprint templates. Similar to [59, 162, 163], orientation information is used for each minutiae point. Cancelability is provided by a user's PIN and the user-specific random vector is used to extract translation and rotation invariant values of minutiae points. Hirata and Takahashi  propose CB for finger-vain patterns where images are transformed applying a Fourier-like transform. The result is then multiplied with a random filter where the client stores the inverse filter on some token. At authentication the inverse filter is applied to regenerate the transformed enrollment data and correlation-based comparison is performed. A similar scheme is applied to fingerprints in . Bringer et al.  presented an idea of generating time-dependent CB to achieve untraceability among different identities across time.
While in the vast majority of approaches, security is put on a level with obtained recognition accuracy according to a reference system, analysis with respect to irreversibility and unlinkability is rarely done. According to irreversibility, i.e., the possibility of inverting applied transforms to obtain the original biometric template, applied feature transformations have to be analyzed in detail. For instance, if (invertible) block permutation of biometric data (e.g., fingerprints in  or iris in ) is utilized to generate cancelable templates the computational effort of reconstructing (parts of) the original biometric data has to be estimated. While for some approaches, analysis of irreversibility appear straight forward for others more sophisticated studies are required (e.g., in  irreversibility relies on the difficulty in solving a blind deconvolution problem).
In order to provide renewability of protected biometric templates, applied feature transformations are performed based on distinct parameters, i.e., employed parameters define a finite key space (which is rarely reported). In general, protected templates differ more as more distant the respective transformation parameters are . To satisfy the property of unlinkability, different transformed templates, generated from a single biometric template applying different parameters, have to appear random to themselves (like templates of different subjects), i.e., the amount of applicable parameters (key space) is limited by the requirement of unlinkability.
The demand for cancelable biometric keys results in a strong interrelation between the technologies of BCSs and CB . Within common key-binding schemes in which chosen keys are bound to biometric templates, keys are updatable by definition. In most cases, revoking keys require re-enrollment (original biometric templates are discarded after enrollment). In case a key-binding system can be run in secure sketch mode (e.g., [15, 16]), original biometric templates can be reconstructed from another biometric input. With respect to key-generation schemes, revoking extracted keys require more effort. If keys are extracted directly from biometric features without the application of any helper data (e.g., as suggested in ), an update of the key is not feasible. Within helper data-based key-generation schemes stored helper data has to be modified in a way that extracted keys are different from previous ones (e.g., changing the encoding of intervals in quantization schemes). Alternatively, the key-generation process could comprise an additional stage in which biometric salting performed prior to the key-generation process [171, 172]. In  it is suggested to combine a secure sketch with cancelable fingerprint templates. While CB protect the representation of the biometric data, the biometric template is reconstructed from the stored helper data. Several other approaches to generating cancelable biometric keys have been proposed in [174–177].
Based on the presented key concepts of BCSs and CB a concluding discussion is done, including advantages and applications, potential attacks to both technologies, the current state-of-the-art, commercial vendors, and open issues and challenges.
Major advantages of BCS and CB.
Within BCSs and CB the original biometric template is obscured such that a reconstruction is hardly feasible.
Secure key release
BCSs provide key release mechanisms based on biometrics.
Authentication is performed in the encrypted domain and, thus, is pseudonymous.
Revocability of templates
Several instances of secured templates can be generated.
BCSs and CB prevent from several traditional attacks against biometric systems.
More social acceptance
BCSs and CB are expected to increase the social acceptance of biometric applications.
The most apparent application of BCSs is biometric-dependent key-release within conventional cryptosystems, replacing insecure password- or PIN-based key-release . Eliminating this weak link within cryptosystems, biometric-dependent key-release results in substantial security benefits making cryptographic systems more suitable for high security applications.
BCSs and CB meet the requirements of launching pseudonymous biometric databases  since both technologies provide biometric comparisons in encrypted domain while stored helper data or transformed templates do not reveal significant information about original biometric templates.
Several other applications for the use of BCSs and CB have been suggested. In , biometric ticketing, consumer biometric payment systems and biometric boarding cards are suggested. VoIP packages are encrypted applying biometric keys in . A remote biometric authentication scheme on mobile devices based on biometric keys is proposed in  and a framework for an alternative PIN service based on CB is presented in . In , helper data-free key-generation is utilized for biometric database hashing. Privacy preserving video surveillance has been proposed in .
BCSs and CB do not prevent from classic spoofing attacks  (presenting fake physical biometrics). However, there are other possibilities to detect fake biometric inputs (e.g., liveness detection ) which can be integrated in both technologies, the same holds for replay attacks. Performing substitution attacks to BCSs is more difficult compared to conventional biometric systems since biometric templates are either bound to cryptographic keys or used to extract helper data (the original biometric template is discarded). Substitution attacks against BCSs require additional knowledge (e.g., of bound keys in case of key-binding schemes). In case of CB substitution, attacks are feasible if impostors are in possession of secret transform parameters or secret keys within approaches to biometric salting. Both technologies are more resilient to masquerade attacks [10, 186]. Since reconstruction of original biometric templates should not be feasible the synthetization of original biometric inputs is highly complicated (e.g., ). Performance rates of both technologies decrease compared to conventional biometric systems which makes BCSs and CB even more vulnerable to false acceptance attacks. In contrast to CB, overriding final yes/no responses in a tampering scenario is hardly feasible within BCSs as these return a key instead of binary decisions (intermediate score-based attacks could still be applied ).
Potential attacks against BCS and CB.
Blended substitution attack, attack via record multiplicity, masquerade attack (hill climbing)
Fuzzy commitment scheme 
Attacks on error correcting codes
Shielding functions 
Attack via record multiplicity
Fuzzy vault scheme 
Blended substitution attack, attack via record multiplicity, chaff elimination
False acceptance attack, masquerade attack, brute force attack
Biometric hardend passwords 
Power consumption observation
Non-invertible transforms 
Overwriting final decision, Attack via Record Multiplicity, Substitution Attack (known Transform)
Biometric salting 
Overwriting final decision, with Stolen Token: False Acceptance Attack, Substitution Attack, Masquerade Attack
Boyen  was the first to point out the vulnerability of secure sketches and fuzzy extractors in case an impostor is in possession of multiple invocations of the same secret which are combined to reconstruct secrets and, furthermore, retrieve biometric templates. This (rather realistic) scenario is considered as basis for several attacks against BCSs and CB. Similar observations have been made by Sceirer and Boult  which refer to this attack as "attack via record multiplicity". Moreover, the authors point out that if the attacker has knowledge of the secret, the template can be recovered. In addition, a blended substitution attack is introduced in which a subjects and the attackers template are merged into one single template used to authenticate with the system. The Biometric Encryption™algorithm  is highly impacted or even compromised by these attacks. Adler  proposed a "hill-climbing" attack against the Biometric Encryption™algorithm in which a sample biometric input is iteratively modified while the internal comparison score is observed. Nearest impostor attacks  in which distinct parts of a large set of biometric templates is combined to obtain high match scores could be applied even more effectively.
Keys bound in fuzzy commitment schemes  have been found to suffer from low entropy (e.g., 44 bits in ) reducing the complexity for brute force attacks . Attacks which utilize the fact that error correction codes underlie distinct structures have been suggested [10, 188]. Attacks based on error correction code histograms have been successfully conducted against iris-based fuzzy commitment schemes in . In , privacy and security leakages of fuzzy commitment schemes are investigated for several biometric data statistics. It is found that fuzzy commitment schemes leak information in bound keys and non-uniform templates. Suggestions to prevent from information leakage in fuzzy commitment schemes have been proposed in . In addition, attacks via record multiplicity could be applied to decode stored commitments [193, 194]. Kelkboom et al.  introduce a bit-permutation process to prevent from this attack in a fingerprint-based fuzzy commitment scheme. In addition, it has been found that a permutation of binary biometric feature vectors improves the performance of fuzzy commitment scheme , i.e., not only the entropy of the entire biometric template (which is commonly estimated in "degrees-of-freedom" ) but the distribution of entropy across feature vectors contributes to the security of the system. As a successive encoding of chunks of biometric templates is essential to bind sufficiently long keys distinct parts of the commitment may suffer from low entropy and, thus, are easily decoded , i.e., an adaption of biometric templates (e.g., ) or an improved use of error correction (e.g., ) is necessary.
Applying shielding functions to fingerprints, Buhan et al.  estimate the probability of identifying protected templates across databases. It is demonstrated that any kind of quantization approaches do not meet the requirement of unlinkability in general.
Against fuzzy vaults , several attacks have been discovered. Chang et al.  present an observation to distinguish minutiae from chaff points attacking fuzzy vaults based on fingerprints. Since chaff points are created one-by-one, those created later tend reveal smaller empty surrounding areas which is verified experimentally, i.e., the security of a fuzzy vault highly relies on the methodology of generating chaff points. Scheirer and Boult  introduce an attack via record multiplicity. If more instances of a fuzzy vault (generated using different keys) are obtained minutiae are likely recoverable, i.e., unlinkability represents a major issue constructing fuzzy vaults. A method for inserting chaff points with a minimal entropy loss has been proposed in . A brute force attack against fuzzy vaults was proposed in . A collusion attack where the attacker is assumed to be in possession of multiple vaults locked by the same key is presented in . It is demonstrated how to effectively identify chaff points which are subsequently remove to unlock the vault. In , vulnerabilities within the concept of a hardened fuzzy vaults are pointed out. In contrast to other concepts (e.g., the fuzzy commitment scheme) the fuzzy vault scheme does not obscure the original biometric template but hides it by adding chaff points, i.e., helper data comprise original biometric features (e.g., minutiae) in plain form. Even if practical key retrieval rates are provided by proposed systems, impostors may still be able to unlock vaults in case the helper data does not hide the original biometric template properly, especially if attackers are in possession of several instances of a single vault.
Helper data-based key-generation schemes [77, 126] appear to be vulnerable to attack via record multiplicity. If an attacker is in possession of several different types of helper data and valid secret keys of the same user, a correlation of these can be utilized to reconstruct an approximation of biometric templates acquired at enrollment. In addition, key-generation schemes tend to extract short keys which makes them easier to be guessed in brute force attacks within a realistic feature space. Methods to reconstruct raw biometric data from biometric hashes have been proposed in . Since key-generation schemes tend to reveal worse accuracy compared to key-binding approaches (unless a large number of enrollment samples are applied) these are expected to be highly vulnerable to false acceptance attacks.
The password-hardening scheme  has been exposed to be vulnerable to power consumption observations. Side channel attacks to a key generator for voice [18, 23] were performed in . Demonstrating another way of attacking biometric key generators, tolerance functions were identified, which either decide to authorize or reject a user. Another side channel attack to a BCS based on keystroke dynamics was presented in . It is suggested to add noise and random bit-masks to stored parts of the template in order to reduce the correlation between the original biometric template and the applied key. A similar attack to initial steps of error correction decoding in BCSs is proposed in .
The aim of attacking CB systems is to expose the secret transform (and parameters) applied to biometric templates. Thereby potential attackers are able to apply substitution attacks. If transforms are considered invertible, original biometric templates may be reconstructed. In case of non-invertible transforms, attackers may reconstruct an approximation of the original biometric template. Comparison scores, calculated in encrypted domain, could be overwritten  and hill-climbing attacks  could be performed. In [206, 207], attacks against the block re-mapping and surface-folding algorithm of  based on fingerprints are proposed.
Since most approaches to biometric salting become highly vulnerable in case secret tokens are stolen , false accept attacks could be effectively applied. If the salting process is invertible, templates may be reconstructed and applied in masquerade attacks. Approaches to biometric salting which do not comprise a key-binding step are vulnerable to overwriting final decisions. Several vulnerabilities in the original concept of the BioHashing algorithm  have been encountered in . The main drawback of BioHashing (and other instances of biometric salting) resides in exhibiting low performance in case attackers are in possession of secret tokens.
Subjects can no longer be trusted based on credentials; however, credentials can be revoked and reissued. In order to abolish credential-based authentication, biometrics are increasingly applied for authentication purposes in a broad variety of commercial (e.g., fingerprint door locks) and institutional applications (e.g., border control). Therefore, biometric authentication requires more stringent techniques to identify registered subjects . Besides the fact that subjects share biometric traits rather reluctantly, the common use of biometrics is often considered as a threat to privacy . Most common concerns include abuse of biometric data (e.g., intrusion by creating physical spoofs) as well as permanent tracking and observation of activities (e.g., function creep by cross-matching).
BCSs and CB are expected to increase the confidence in biometric authentication systems (trusted identification). Both technologies permanently protect biometric templates against unauthorized access or disclosure by providing biometric comparisons in the encrypted domain, preserving the privacy of biometric characteristics [8, 27]. BCSs and CB keep biometric templates confidential meeting security requirements of irreversibility, and unlinkability.
The state-of-the-art of BCSs and CB is estimated according to several magnitudes, i.e., reported performance rates, biometric modalities, applied test sets, etc., and the best performing and evaluated approaches are compared and summarized.
In early approaches to BCSs [31, 77], performance rates were omitted. Moreover, most of these schemes have been found to suffer from serious security vulnerabilities [8, 190]. Representing one of the simplest key-binding approaches the fuzzy commitment scheme  has been successfully applied to iris  (and other biometrics). Iris-codes appear to exhibit sufficient information to bind and retrieve long cryptographic keys. Shielding functions  and quantization scheme [22, 82] have been applied to several physiological and behavioral biometrics, while focusing on reported performance rates, these schemes require further studies. The fuzzy vault scheme  which represents one of the most popular BCS has frequently been applied to fingerprints. Early approaches , which required a pre-alignment of biometric templates, have demonstrated the potential of this concept. Recently, several techniques [56, 57] to overcome the shortcoming of pre-alignment have been proposed. In addition, the feature of order-invariance offers solutions to implement applications such as biometric-based secret sharing in a secure manner . Within the BioHashing approach , biometric features are projected onto secret domains applying user-specific tokens prior to a key-binding process. Variants of the BioHashing approach have been exposed to reveal unpractical performance rates under the non-stolen-token scenario . While generic BCSs are designed to extract or bind keys from or to a biometric the password-hardening scheme  aims at "salting" an existing password with biometric features.
Summarized experimental results of key approaches to BCSs.
Hao et al. 
Bringer et al. 
ICE 2005 (244 subjects)
Clancy et al. 
>1 enroll sam.
Nandakumar et al. 
FVC2002-DB2 (110 subjects)
>1 enroll sam.
CASIA v1 (108 subjects)
PolyU DB (386 subjects)
Feng and Wah 
>1 enroll sam.
Vielhauer et al. 
Monrose et al. 
Teoh et al. 
ORL-DB/Faces94 (194 subjects)
Nandakumar et al. 
CASIA v1 (108 subjects)
Summarized experimental results of key approaches to CB.
FRRs: ~35, ~15, ~15
Ratha et al. 
Radial transform, surface folding
Boult et al. 
~ 0.08 EER
FVC 2004 (200 subjects)
Maiorana et al. 
MYCT (330 subjects)
Teoh et al. 
ORL-DB/Faces94 (194 subjects)
BioHashing  (without key-binding) represents the most popular instance of biometric salting which represents a two-factor authentication scheme . Since additional tokens have to be kept secret [137, 157] result reporting turns out to be problematic. Perfect recognition rates have been reported (e.g., in ) while the opposite is true .
Though BCSs and CB are still in statu nascendi, first deployments are already available.
priv-IDa, an independent company that was once part of Philips specializes in biometric encryption. By applying a one-way function, which is referred to as BioHASH®, to biometric data pseudonymous codes are obtained. PerSayb, a company that provides voice biometric speaker verification collaborates with priv-ID to integrate priv-ID engine to voice biometrics. Genkeyc, a Norway company (which has a large deployment in New Delhi), offers solutions to fingerprint-based key-generation. The company utilized a concept, which is referred to as FlexKey, where several enrollment samples are applied to select only the most discriminating features in order to extract longer keys. Precise BiometricsTMd is a Swedish company which offers solutions to secure match-on-card fingerprint verification. Securics: The science of securityTMe, founded by T. Boult, provide revocable biometric tokens based on the BioToken approach .
The EU project TURBINE  which aims to transform a description of fingerprints through cryptobiometrics techniques received a EU funding of over $9 million.
With respect to the design goals, BCSs and CB offer significant advantages to enhance the privacy and security of biometric systems, providing reliable biometric authentication at an high security level. Techniques which provide provable security/privacy, while achieving practical recognition rates, have remained elusive (even on small datasets). Additionally, several new issues and challenges arise deploying these technologies . One fundamental challenge, regarding both technologies, represents the issue of alignment, which significantly effects recognition performance. Biometric templates are obscured within both technologies, i.e., alignment of obscured templates without leakage is highly non-trivial. While for some biometric characteristics (e.g., iris) alignment is still feasible, for others (e.g., fingerprints) additional information, which must not lead to template reconstruction, has to be stored. Within conventional biometric systems, align-invariant approaches have been proposed for several biometric characteristics. So far, hardly any suggestions have been made to construct align-invariant BCSs or CB. Feature adaptation schemes that preserve accuracy have to be utilized in order to obtain common representations of arbitrary biometric characteristics (several approaches to extract binary fingerprint templates have been proposed, e.g., [211, 212]) allowing biometric fusion in a form suitable for distinct template protection schemes. In addition, several suggestions for protocols providing provable secure biometric authentication based on template protection schemes have been made [150, 192, 213, 214].
Focusing on BCSs it is not actually clear which biometric characteristics to apply in which type of application. In fact it has been shown that iris or fingerprints exhibit enough reliable information to bind or extract sufficiently long keys providing acceptable trade-offs between accuracy and security, where the best performing schemes are based on fuzzy commitment and fuzzy vault. However, practical error correction codes are designed for communication and data storage purposes such that a perfect error correction code for a desired code length has remained evasive (optimal codes exist only theoretically under certain assumptions ). In addition, a technique to generate chaff points that are indistinguishable from genuine points has not yet been proposed. The fact that false rejection rates are lower bounded by error correction capacities  emerges a great challenge since unbounded use of error correction (if applicable) makes the system even more vulnerable . Other characteristics such as voice or keystroke dynamics (especially behavioral characteristics) were found to reveal only a small amount of stable information [18, 19], but can still be applied to improve the security of an existing secret. In addition, several characteristics can be combined to construct multi-BCSs , which have received only little consideration so far. Thereby security is enhanced and feature vectors can be merged to extract enough reliable data. While for some characteristics, extracting of a sufficient amount of reliable features seems to be feasible it still remains questionable if these features exhibit enough entropy. In case extracted features do not meet requirements of discriminativity, systems become vulnerable to several attacks (e.g., false acceptance attacks). In addition, stability of biometric features is required to limit information leakage of stored helper data. Besides, several specific attacks to BCSs have been proposed. While key approaches have already been exposed to fail high security demands, more sophisticated security studies for all approaches are required since claimed security of these technologies remains unclear due to a lack formal security proofs and rigorous security formulations . Due to the sensitivity of BCSs, more user-cooperation (compared to conventional biometric systems) or multiple enrollment samples  are demanded in order to decrease intra-class variation, while sensoring and preprocessing require improvement as well.
Cancelable biometrics require further investigations as well. Transformations and alignment of transformed templates have to be optimized in order to maintain the recognition performance of biometric systems. Additionally, result reporting remains an issue since unrealistic preconditions distort performance rates.
As plenty different approaches to BCSs and CB have been proposed a large number of pseudonyms and acronyms have been dispersed across literature such that attempts to represented biometric template protection schemes in unified architectures have been made . In addition, a standardization on biometric template protection is currently under work in ISO/IEC FCD 24745.
apriv-ID B.V., The Netherlands, http://www.priv-id.com/.
bPerSay Ltd., Israel, http://www.persay.com/.
cGenkey AS, Norway (BioCryptics), http://genkeycorp.com/.
dPrecise Biometrics AB, Sweden, http://www.precisebiometrics.com/.
eSecurics Inc., Colorado Springs, CO, http://www.securics.com/.
This work has been funded by the Austrian Science Fund, project no. L554-N15. We thank all the reviewers who significantly helped to improve this work.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.