Cancellable biometrics and user-dependent multi-state discretization in BioHash

Although the use of biometrics for security access is convenient and easy to be implemented, it also introduced privacy and other security concerns when the original biometric templates are compromised. BioHash was introduced as a form of cancellable or replaceable biometrics through the integration of a set of user-specific random numbers with biometric features to address these concerns. However, the main drawback of the original form of BioHash is its inferior performance when an imposter obtains a legitimate token and uses it to claim as a genuine user (also known as the stolen-token scenario). In this paper, the problem is circumvented by a user-dependent multi-state discretization method. The experimental results on fingerprint database FVC2002 demonstrated a promising performance improvement on the stolen-token scenario when this discretization method was incorporated in the BioHash scheme. Moreover, the discretization method can render a long bit string, which is a useful feature to resist brute-force attacks. Some desired properties such as one-way transformation and diversity are also analyzed.