www.elsevier.com/locate/pr Cancellable biometrics and annotations on BioHash

Lately, the once powerful one-factor authentication which is based solely on either password, token or biometric approach, appears to be insufficient in addressing the challenges of identity frauds. For example, the sole biometric approach suffers from the privacy invasion and non-revocable issues. Passwords and tokens are easily forgotten and lost. To address these issues, the notion of cancellable biometrics was introduced to denote biometric templates that can be cancelled and replaced with the inclusion of another independent authentication factor. BioHash is a form of cancellable biometrics which mixes a set of user-specific random vectors with biometric features. In verification setting, BioHash is able to deliver extremely low error rates as compared to the sole biometric approach when a genuine token is used. However, this raises the possibility of two identity theft scenarios: (i) stolen-biometrics, in which an impostor possesses intercepted biometric data of sufficient high quality to be considered genuine and (ii) stolen-token, in which an impostor has access to the genuine token and used by the impostor to claim as the genuine user. We found that the recognition rate for the latter case is poorer. In this paper, the quantised random projection ensemble based on the Johnson–Lindenstrauss Lemma is used to establish the mathematical foundation of BioHash. Based on this model, we elucidate the characteristics of BioHash in pattern recognition as well as security view points and propose new methods to rectify the stolen-token problem