What is BioHASH®?
GenKey’s BioHASH® is a Privacy Enhancing Technology (PET) that allows for storage and matching of biometric information using an irreversible cryptographic hash function. The original biometrics are immediately discarded after the BioHASH® value is derived, so they are never stored in the system. Only the hash value is used in storage and matching.
BioHASH® complies with the ISO/IEC 24745 standard for Biometric Information Protection. This international standard provides guidance for the protection of biometric information under various requirements for confidentiality, integrity and renewability/revocability during storage and transfer. In addition, this standard provides requirements and guidelines for the secure and privacy-compliant management and processing of biometric information.
GenKey’s BioHASH® SDK is a software development kit that supports the main processes in biometric deployment: enrollment and verification. It contains functionality to transform fingerprint images into anonymous templates and to compare an image with such a template. The advanced signal processing guarantees robustness against low quality images as well as rotated input images.
Why use BioHASH®?
BioHASH® ensures the highest privacy and security standards for biometric database and biometric card deployments, avoiding the need for complex Public Key Infrastructures (PKI). BioHASH® allows for fast matching and secure storage on-line and off-line. The standardized interfaces ensure a seamless integration in any biometric solution.
Benefits of BioHASH®
- Anonymous storage of biometric information in small and secured templates
- Keyless solution: no need for public or symmetric encryption and key management
- For use in secure off-line (barcode) verification
- For use in secure on-line verification
- Fast matching for (large) database identification purposes
- ISO/IEC 24745 compliant
- Renewable templates: possibility to create uncorrelated templates from the same biometrics
- Prevention of function creep: an application ID can be included in the hash value to make it impossible to cross-couple databases
- Easy integration: supports all major operating platforms and programming languages
Why not simply encrypt traditional biometric templates?
Encryption is a great technology to protect valuable or sensitive content, but when encrypting biometric templates they have to be routinely decrypted again, whenever a match needs to be performed. This decryption is required because the “fuzzy” matching that is needed for biometrics can only be done in the plaintext domain. It also introduces a second vulnerability: the need for a cryptographic key that is stored in the biometric system. This leads to protocols and access rights that are limited to trusted operators only. As these systems scale up, they become vulnerable to “incidents” by sloppy execution, change in regulations or legislation, human mistakes or intentional misuse. In biometrics, you only have two eyes and ten fingers, and in case of a security breach, these biometrics are compromised forever. The answer to this is matching using templates that are intrinsically anonymous, and that is what GenKey delivers.
BioHASH® makes use of a cryptographic hash to protect biometric information
For the protection of biometric information, BioHASH® is based on identical security techniques that are used to protect PIN codes and passwords. PIN codes are used to authorize payment transactions. The valuable PIN information is protected using a cryptographic one-way hash technique. The PIN itself is never stored in the system, only the hash that acts as a verification code. The “one-way”-ness guarantees that the original PIN cannot be retrieved from the hash, not even by bank IT staff. A “live” PIN entry is hashed again and compared with the verification code, and if these two values are identical, the PIN is accepted as being correct.
BioHASH® works in the same manner. Instead of storing fingerprint images or minutiae templates, like in traditional biometric deployments, the fingerprint image is first processed and then put through a cryptographic hash function (SHA-256). The resulting anonymous template can be stored in a database or on an ID-card. Additional random information (also known as “salting”) is used to produce renewable anonymous templates from the same finger. This makes it impossible to link biometric information across applications.
BioHASH® enrollment and verification
During the enrollment or registration phase of a biometric system, the BioHASH® SDK is used to determine the most optimum anonymous biometric template from two fingerprint images.
In the verification mode, the software compares the image of a fingerprint with a given anonymous template to produce a similarity measure or matching score. Given a matching threshold, the application can then produce a ‘Match’ or ‘No Match’ decision.
ISO/IEC 24745 compliant biometric information protection
GenKey’s BioHASH® solution is fully compliant with the ISO/IEC 24745 standard for Biometric Information Protection, which is the most advanced standardization guideline to address the privacy and security requirements for biometric deployments. It specifies amongst others:
- Irreversibility and confidentiality: prevent identity theft by protecting the biometric information in an irreversible way using the highest key-less cryptographic security standards.
- Renewability: allow for a widespread usage of the same fingerprint by using renewable and revocable biometric templates.
- Unlinkability: prevent “function creep” by making it impossible to link biometric data across different applications.
The following figure shows the ISO reference architecture for Biometric Information Protection.
Biometric system architecture proposed by ISO/IEC 24745 (Source: ISO/IEC 24745:2011 Information technology -- Security techniques -- Biometric information protection)
The BioHASH® architecture conforms to the architecture proposed by ISO/IEC 24745:
- During enrollment, a BioHASH® template is generated from a biometric sample (a fingerprint image or a minutiae template), resulting in two components; a Pseudonymous Identifier (PI) and Auxiliary Data (AD). The PI information is protected with a SHA-256 cryptographic hash function, whereas the AD contains random salting information to allow for renewable anonymous templates. In addition to the biometric information, also other information like biographic information, application identifiers, terminal identifiers etc. may be included in the hash-protected version of PI.
- In the verification process, the live fingerprint measurement is combined with the Auxiliary Data to derive a candidate PI*, again protected with a SHA-256 (possibly combined with other information that is included in the hash). If the PI from the enrollment and the PI* in the verification are identical, there is a positive match.
ISO 19794 – Template Format
ISO 19794 is a standard that describes data exchange formats for fingerprints. BioHASH® can work with standardized Image data (ISO 19794-4), as well as with minutiae templates (ISO 19794-2) in Fingerprint Minutiae Record (FMR), Fingerprint Minutiae Card (FMC), or Fingerprint Compact Card (FCC) format. BioHASH® also complies with MINEX II, which is a subset of the ISO minutiae template format.