1、 International Telecommunication Union ITU-T X.1091TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Telebiometrics A guideline for evaluating telebiometric template protection techniques Recomm
2、endation ITU-T X.1091 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTE
3、M ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099SECUR
4、E APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY C
5、ybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state
6、 exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec
7、. ITU-T X.1091 (04/2012) i Recommendation ITU-T X.1091 A guideline for evaluating telebiometric template protection techniques Summary Recommendation ITU-T X.1091 describes a general guideline for testing and reporting the performance of biometric template protection techniques based on biometric cr
8、yptosystem or cancellable biometrics. This guideline specifies two reference models for evaluation, which use biometric template protection techniques in telebiometric systems. It then defines the metrics, procedures and requirements for testing and evaluating the performance of the biometric templa
9、te protection techniques. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1091 2012-04-13 17 Keywords Biometric cryptosystem, biometric template protection techniques, cancellable biometrics, evaluation, telebiometrics. ii Rec. ITU-T X.1091 (04/2012) FOREWORD The International Teleco
10、mmunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tar
11、iff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recomm
12、endations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommen
13、dation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperabi
14、lity or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that comp
15、liance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validit
16、y or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be require
17、d to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced,
18、 by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1091 (04/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 3 4 Abbreviations and acronyms 5 5 Conventions 5 6 Overview
19、 of protection techniques for the biometric template on telecommunication systems 5 6.1 Biometric cryptosystem mechanism . 5 6.2 Cancellable biometrics mechanism 6 7 Reference models of protection techniques for a biometric template 7 7.1 Reference model of a biometric cryptosystem mechanism 7 7.2 R
20、eference model for a cancellable biometrics mechanism 8 7.3 Specific threats for reference models . 9 8 Evaluation items for biometric template protection techniques . 11 8.1 Introduction 11 8.2 Evaluation items for the biometric cryptosystem mechanism 11 8.3 Interdependent evaluation items for the
21、biometric cryptosystem mechanism 14 8.4 Evaluation items for the cancellable biometrics mechanism . 16 8.5 Interdependent evaluation items for the cancellable biometrics mechanism 18 9 Evaluation steps of protection techniques for the biometric template 20 9.1 General . 20 10 Requirements and proced
22、ures of protection performance testing 21 10.1 General . 21 10.2 Biometric cryptosystem 21 10.3 Cancellable biometrics . 24 Appendix I Algorithm list of template protection techniques . 27 Appendix II Evaluation example for a biometric cryptosystem mechanism using a fuzzy vault scheme . 29 II.1 Syst
23、em description (Step 1) 29 II.2 Vendor claim (Step 2) 29 II.3 Examination of vendor claim (Step 3) 30 II.4 Vendor test and evaluation of vendor test 32 iv Rec. ITU-T X.1091 (04/2012) Page Appendix III Evaluation example for cancellable biometrics using correlation-based matching . 40 III.1 Introduct
24、ion 40 III.2 Clarification of evaluation requirements 40 III.3 Requirements of evaluation tool . 43 III.4 Evaluation experiment 44 Bibliography. 47 Rec. ITU-T X.1091 (04/2012) v Introduction Various valuable applications using password authentication are currently in general use on the open network.
25、 However, knowledge-based authentication has some shortcomings; for example, anyone can input a leaked password. Therefore, a number of other authentication methods are considered for application on the open network. Biometrics technologies are considered as one of the methods of authentication tech
26、nology. However, they reveal some vulnerability in the open network environment. Once a biometric feature is compromised, it is unable to permanently utilize a secure authentication against the replay attack because of its unique and permanent characteristics. For these reasons, attention is focused
27、 on the biometric template protection technique. The biometric template protection technique has a specific renewal property. If a stored biometric reference has been compromised from the server, the administrator can renew the reference for a secure authentication. Recently, various protection tech
28、niques have been proposed and the following documents have provided standard specifications to protect biometric data, based on these techniques: ISO 24745: Biometric information protection, ITU-T X.1088: Telebiometrics digital key framework (TDK) and ITU-T X.1090: Authentication framework with one-
29、time telebiometric templates. This Recommendation standardizes the guideline for evaluating protection performance of these techniques. Rec. ITU-T X.1091 (04/2012) 1 Recommendation ITU-T X.1091 A guideline for evaluating telebiometric template protection techniques 1 Scope This Recommendation: estab
30、lishes a general guideline for testing and evaluating the performance of biometric template protection techniques based on biometric cryptosystem or cancellable biometrics; clarifies targets of two biometric template protection mechanisms for evaluation reference models in telebiometric systems; cla
31、rifies evaluation items of each biometric template protection technique; defines the protection performance metrics for each biometric template protection technique; specifies requirements and procedures of evaluation methods. 2 References The following ITU-T Recommendations and other references con
32、tain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate t
33、he possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a
34、 Recommendation. ITU-T X.1086 Recommendation ITU-T X.1086 (2008), Telebiometrics protection procedures A guideline to technical and managerial countermeasures for biometric data security. ITU-T X.1090 Recommendation ITU-T X.1090 (2011), Authentication framework with one-time telebiometric templates.
35、 ISO 19792 ISO/IEC 19792:2009, Information technology Security techniques Security evaluation of biometrics. ISO 19795-1 ISO/IEC 19795-1:2006, Information technology Biometric performance testing and reporting Part 1: Principles and framework. ISO 19795-2 ISO/IEC 19795-2:2007, Information technology
36、 Biometric performance testing and reporting Part 2: Testing methodologies for technology and scenario evaluation. ISO 19795-3 ISO/IEC TR 19795-3:2007, Information technology Biometric performance testing and reporting Part 3: Modality-specific testing. ISO 24745 ISO/IEC 24745:2011, Information tech
37、nology Security techniques Biometric information protection. 2 Rec. ITU-T X.1091 (04/2012) 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 attacker ISO 19792: Person seeking to exploit potential vulnerabilities of a biometric system. 3.
38、1.2 biometric (adjective) b-ITU-T X.1084: Of or having to do with the field of biometrics. 3.1.3 biometric data ISO 24745: Biometric sample or aggregation of biometric samples at any stage of processing, biometric reference, biometric probe, biometric feature or biometric property. NOTE Biometric da
39、ta need not be attributable to a specific individual, i.e., Universal Background Models. 3.1.4 biometric reference ISO 24745: One or more stored biometric samples, biometric templates, or biometric models attributed to a biometric data subject and used for comparison. 3.1.5 biometric sample ISO 2474
40、5: Analogue or digital representation of biometric characteristics prior to biometric features being extracted and obtained from a biometric capture device or biometric capture subsystem. 3.1.6 biometrics (noun) b-ITU-T X.1084: An automated recognition of individuals based on their behavioural and b
41、iological characteristics. 3.1.7 challenge response b-ITU-T X.1124: A method of protecting against replay attack. For example, if entity A wants to obtain a new message from entity B, it can first send a challenge in the form of a nonce (e.g., a cryptographic value that is used only once) to B. A th
42、en receives a response from B, based on the nonce that proves B was the intended recipient. 3.1.8 evaluator ISO 19792: Person or party responsible for performing a security evaluation of a biometric product. 3.1.9 false match rate (FMR) ISO 19795-1: Proportion of zero-effort impostor attempt samples
43、 falsely declared to match the compared non-self template. NOTE The measured/observed false match rate is distinct from the predicted/expected false match rate (the former may be used to estimate the latter). 3.1.10 false non-match rate (FNMR) ISO 19795-1: Proportion of genuine attempt falsely decla
44、red not to match the template of the same characteristic from the same user supplying the sample. NOTE The measured/observed false non-match rate is distinct from the predicted/expected false non-match rate (the former may be used to estimate the latter). 3.1.11 key b-ITU-T X.800: A sequence of symb
45、ols that controls the operations of encipherment and decipherment. 3.1.12 one-way function b-ITU-T X.509: A (mathematical) function f which is easy to compute, but which for a general value y in the range, it is computationally difficult to find a value x in the domain such that f(x) = y. There may
46、be a few values y for which finding x is not computationally difficult. 3.1.13 renewability ISO 24745: Generic ability to allow the creation of multiple, independent transformed biometric references from one or more biometric samples obtained from the same data subject for the purposes of enhancing
47、security and privacy. 3.1.14 revocability ISO 24745: Ability to prevent future successful verification of a specific biometric reference and the corresponding identity reference. 3.1.15 user ISO 19792: Person interacting with a biometric system. Rec. ITU-T X.1091 (04/2012) 3 3.2 Terms defined in thi
48、s Recommendation This Recommendation defines the following terms: 3.2.1 Biometric cryptosystem mechanisms 3.2.1.1 biometric cryptosystem mechanism: A mechanism for authentication with a conventional cryptographic protocol using a cryptographic key generated from secret data. The secret data are extr
49、acted from helper data that are created from the biometric reference of the user. 3.2.1.2 helper data: Information that depends on biometric reference that enables the restoration of keys in a biometric cryptosystem. If a key is exposed, it can be cancelled and renewed. NOTE Synonyms are auxiliary data (AD) in ISO 24745, help data and other information and data. 3.2.1.3 key control: A part of the key output process that is a method of enabl
