Blockchain secure biometric access systems (bsbas)
- 1. Proceeding: Asian Scholars Network International Conference 1 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved Blockchain Secure Biometric Access Systems (BSBAS) Maslan Mat Isa1*, Durairaj Anbarasan, Ahmad Zuhairi Ismail3 , Goon Wooi Kin4 1 Corporate Technology, MIMOS Berhad, Kuala Lumpur, Malaysia 2 Corporate Technology, MIMOS Berhad, Kuala Lumpur, Malaysia 3 Corporate Technology, MIMOS Berhad, Kuala Lumpur, Malaysia 4 Corporate Technology, MIMOS Berhad, Kuala Lumpur, Malaysia *Corresponding Author: maslan.isa@mimos.my ________________________________________________________________________________________ Abstract: Biometric data has widespread application in granting access to secured areas ranging from high security vaults in a bank to fingerprint ID access in offices. However, such methods of verification of identity to grant access could be prone to fraud. Such as fingerprints and even facial patterns could be stolen and perpetrated in many ways. In this study, the authors present a novel idea and practical methods to verify identity using biometrics verified against data stored in a blockchain. The system captures biometric data from the user such as facial and fingerprint data by the user physically registering this data via data capturing equipment. Upon the user wanting to access a particular area, depending on the level of security identification needed, the user will be prompted to provide the biometric data which will be verified against the previously stored biometric data in the blockchain. Once the data matches, the user will be granted access. This two-level verification for access provides two layers of verification leveraging on blockchain’s characteristics to enable immutable, irreversible and verified transactions through the RSA algorithm (Rivest-Shamir-Adleman). This is used to secure sensitive data in a network prior to granting access rather than solely relying on biometric data alone thus reducing the risk of fraud in terms of identity theft, fakes and forgery to gain unlawful access to secured systems or data. Keywords: Blockchain, biometric, fraud, forgery, fingerprints, facial, SHA-3, SHA-2, MD5, RSA, transactions, proof of identity _________________________________________________________________________ 1. Introduction Biometric data has been known for a long time to verify one’s identity. In Malaysia, an individual’s biometric identity is stored in a chip on a National Identity Card, MyKad. The biometric data is also used in various industries to gain access to secured areas ranging from high security vaults in a banks to fingerprint ID access in offices. The biometric data can be gathered using a high accuracy device that captures the biometric data. Many government agencies and government linked agencies, especially banks require a proof of identity in order to move forward with the task. This is due to the Know Your Customer (KYC) regulations made by Bank Negara Malaysia (Bank Negara Malaysia, 2017). However, the security of the biometric data cannot be accurately verified if it is not verified against a trusted source. A simple scenario would be when a smart thief gains a copy of the fingerprint of a target person. He can use it to access into systems that require fingerprint
- 2. Proceeding: Asian Scholars Network International Conference 2 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved authentication to proceed. He can then perform many wonders after gaining access. This can be applied to other biometric verification like retinal scan or a photo of the person. A fingerprint can be easily extracted from a sticky surface such as a sticky tape. This makes the biometric data used to access systems alone is not secure enough. The Blockchain Secured Biometric Access System (BSBAS), prevents the biometric fraud by securing the original biometric data into the blockchain. 2. Methodology This chapter first introduces the BSBAS then explains the system and components of Blockchain Secured Biometric Access System. The BSBAS is composed of 2 components: 1. An application that is able to read from a biometric device and create a binary data from the biometric data. The application will cross refer the biometric has data with the one within the blockchain before allowing access to any system 2. A blockchain technology where the secured hash is created using the binary data from the biometric data and stored within the blockchain. The hash in the blockchain will be contained in a block which contains its own hash for traceability. The overall system for BSBAS is as follows: Figure 1: BSBAS System Architecture 3. BSBAS Application (Biometric & Binary Engine) The BSBAS application is the top layer application that allows the reading of the biometric data. The application is also capable of converting the biometric data to binary data. This application is used on any device that is biometric-enabled. For an example, a smartphone with Android version 6 and above supports fingerprint detection (Google, n.d.). Later versions of Android support facial recognitions. The same can be applied to mainstream computers where a biometric reader is attached to read the biometric data.
- 3. Proceeding: Asian Scholars Network International Conference 3 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved Biometric Engine The application consists of a Biometric Engine (BE) which reads the biometric data with high accuracy. Biometric data images that are captured by the biometric device are enhanced according to the biometric device support. Certain biometric device has an accuracy of up to 500 dots per inch (dpi), while some others offer up to 700 dpi. Smartphones usually have capacitive scanners or optical scanner to scan the fingerprint (Robert Triggs, 2019). Instead of creating a traditional image of a fingerprint, capacitive fingerprint scanners use arrays tiny capacitor circuits to collect data about a fingerprint (Robert Triggs, 2019). The BE reads the data from the biometric device and verifies it twice from different angles. This increases the accuracy of biometric readings. Figure 2 shows the flow of the BE Figure 1: Biometric Engine Flow The BE performs scans from different angle to ensure biometric integrity and verify identity better. In Figure 3, there are two images of partial fingerprint, both of the same owner. Notice the circled area in black has a slight difference compared to the other fingerprint. This may happen if the user places his/her finger in different positions. To avoid this problem, the BE performs multiple scan to grab the biometric data from different angles. Figure 2: Same Partial Fingerprint Differences 4. BSBAS Blockchain (Biometric Verification) The BSBAS utilizes Hyperledger Fabric as its blockchain core to enable the verification of biometric hash data. Hyperledger Fabric is a permissioned blockchain technology which disallows public nodes or connections. Due to the nature of blockchain, data stored in blockchain is distributed among the nodes and immutable, which means, the data cannot be
- 4. Proceeding: Asian Scholars Network International Conference 4 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved changed. The data entered has to be agreed in a consensus before storing in the blockchain, which creates trusted data. Even if a third party wants to change data, the data will be changed in their own node. This, however, will fail to add because the blockchain technology will always cross-refer with other nodes if the data is the same and it will check if the block hash is the same as the previous block, which explain immutability. Blockchain Network and Architecture Figure 4: Representation of a blockchain network Figure 5: Block containing transactions Node 1 Node 2 Node 3 Node 4 Node 8 Node 5 Node 6 Node 7
- 5. Proceeding: Asian Scholars Network International Conference 5 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved Figure 6: Links of blocks Referring to the diagram above, the data hash is linked to each block. This happens when a block is added upon an agreed consensus. Due to this nature of blockchain, if a person tried to edit their data, the block has will change and will not be linked to the previous hash. Then the nodes will cross-refer and check if the data is legitimate or otherwise. If it is otherwise, it will pull the latest correct block from the other nodes. Biometric Verification using Chaincode Chaincode is business logic of blockchain itself. This is where the main functions and the use case of it lies. Chaincode can be coded in Go, Java and Node JS languages. The best will be using Go language because Hyperledger Fabric core uses Go language. This will affect in faster transaction invocation. Using chaincode, the hash is created using Secured Hash Algorithm 3 (SHA3-512). The algorithm to produce the hash from the binary data of the biometric data is as shown in the figure below. Figure 3: SHA3-512 Hash Generator Algorithm
- 6. Proceeding: Asian Scholars Network International Conference 6 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved This function will then produce a hash and will be stored in the blockchain. The following figure will show the flow of the blockchain implementation during registration of biometric data. Figure 8: Blockchain Implementation Flow for Registration Once the hash is stored in the blockchain, the hash and the block data cannot be changed. After registration, the user can then use BSBAS to access a system using their secured biometrics. For an example, once a user scans their fingerprint, the application grabs the fingerprint and send to the blockchain API to cross refer the data. If the data hash matches, access is allowed. The following figure explains the flow of data hash checking in the blockchain. Since the hash data is securely stored in a blockchain, the likeliness of data tamper will fail. This is most effective in government agencies and they require proof of identity most of the time. Figure 9: Biometric Data Hash Checking Flow Data storing and encryption Entire functionality of the present invention is divided into two sections: 1) User registration, and 2) User authentication. Each section is explained in detail with an example in the forthcoming paragraphs. In an embodiment, the user is registered by using an iris of the user as the registration data, as shown in Figure 10. An imaging device captures an image of an eye of the user and extracts the iris from the eye image. The extracted iris is parsed into four equal portions to form a 2X2 matrix and each iris portion is hashed using a hashing algorithm at a digital contract to generate four hashed templates #I, #II, #III and #IV. Each of the hashed templates #I, #II, #III and #IV
- 7. Proceeding: Asian Scholars Network International Conference 7 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved is stored at a different block in a blockchain database, wherein no two blocks storing the hashed templates #I, #II, #III and #IV are adjacent to one another. Figure 10: Registration and authentication. During the user authentication, the imaging device captures an image of the eye and extracts the iris form the eye image. The extracted iris is parsed into four equal portions to form a 2X2 matrix same as the 2X2 matrix generated during the user registration. Each iris portion is hashed at the digital contract to generate four hashed input data #i, #ii, #iii and #iv using the same hashing algorithm that is used during the user registration to generate the four hashed templates #I, #II, #III and #IV. The hashed templates #I, #II, #III and #IV stored in the blocks are retrieved and compared with the corresponding hashed input data #i, #ii, #iii and #iv to generate a comparison score. To be precise, the hashed template #I is compared with the hashed input #i to generate a first comparison score and the hashed template #II is compared with the hashed input #ii to generate a second comparison score. Likewise the hashed templates #III and #IV are compared with the corresponding hashed inputs #iii and #iv to generate a third comparison score and a fourth comparison score, respectively. An average of the four comparison scores is computed, and if
- 8. Proceeding: Asian Scholars Network International Conference 8 Copyright © 2020 ASIAN SCHOLARS NETWORK - All rights reserved the average reaches a threshold, an authentication signal is outputted for authenticating the user. 5. Conclusion This paper presents a system to address the gaps of flaw where fraud may be present in spoofing one’s identity. The biometric data of the person is captured using biometric enabled devices and enhanced using the Biometric Engine. The input is then sent to the blockchain API. The chaincode receives the biometric data as binary data and proceeds to create a secured hash using SHA3-512 as it is proven to be more secure from its previous generations. The secured hash is stored in the blockchain to ensure traceability in terms of update of such records and the records, due to the immutable nature of blockchain, cannot be easily tampered by malicious parties. Through the enablement of such a system, this ensures agencies or places that require authentic proof of identity care applied and are able to be utilized. References Nakamoto, S.(2009).Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf. Christidis, K, & Devetsikiotis, M, Blockchains and Smart Contracts for the Internet of Things. IEEE Access, 4, 2292–2303. Jiang, Li, X. Chen, P. Luo, T. & Wen, X. Q. (2007) A survey on the security of blockchain systems. Future Generation Computer System. Heilman, E. Kendler, A. Zohar,and A. Goldberg, Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, In Proceedings of the USENIX Security Symposium, Washington, DC, USA, 129–144. Kiayias, A. G.P. (2017). On Trees, Chains and Fast Transactions in the Blockchain, In Proceedings of the International Conference on Cryptology and Information Security in Latin America, Havana, Cuba. Wayman , Jain, J. Maltoni, A. & Maio, D.(2005) Biometric Systems Technology, Design and Performance Evaluation, Springer: London, UK, pp. 1–369 Hammudoglu, J.S. Sparreboom, J. Rauhamaa, J.I. Faber, J.K. Guerchi, L.C. Samiotis, I.P. Rao, S.P. and Pouwelse, J.A. (2017).Portable Trust: biometric-based authentication and blockchain storage for self-sovereign identity systems, Cryptography and Security. Garcia, P. (2018).Biometrics on the blockchain, Biometric Technology Today Volume 2018, Issue 5, 5-7. Goel, A. Agarwal, A. Vatsa, M. Singh, R. & Ratna. N. (2019).Securing CNN Model and Biometric Template using Blockchain, Biometrics: Theory, Applications and Systems (BTAS). Xu, B. Agbele, T. & Jiang, R. (2019). Biometric Blockchain: Better Solution for the Security and Trust of Food Logistics,” IOP Conference Series: Material Science and Engineering 646. Xia, Q. Sifah, E. B. Smahi, A. Amofa, S. & Zhang, X. (2017).BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments, Information, vol. 8, no. 2.