Title: Anonymous Biometrics: Privacy Protection of Biometric Templates
1Anonymous BiometricsPrivacy Protection of
Biometric Templates
- Pim Tuyls,
- E. Verbitskiy, D. Denteneer, J.P. Linnartz, J.
Goseling, T. Ignatenko - Pim.Tuyls_at_philips.com
- Philips Research Eindhoven
- The Netherlands
2Overview
- Introduction
- Challenge
- Literature and Related Topic
- Information-Theoretic model
- Secrecy Extractor
- Requirements
- Bounds
- Examples
- General Theory
- Experiments
- Summary
3Introduction
- Biometric Identification (fingerprints, iris,
speech) - is often used to identify people
- is often part of a security system
- uses databases containing Ref. Information
- (Templates)
- Advantages
- Convenience
- can not be lost or forgotten
- easy to use
- Uniqueness
- unique for a human being
- Offers therefore a very attractive alternative to
e.g. passwords
4- Risks
- Forgeability
- Impersonation by Artificial Biometrics
- Once Compromised Compromised Forever
- -Theft of Identity (Stolen Biometrics)
- Sensitive Information
- Fingerprints contain Genetic Information
- Retina reveals susceptibility for Strokes and
Diabetes - Additional Problem
- - Noisy Biometric data are obtained through
noisy - measurements
PRIVACY
5ARCHITECTURE ASSUMPTIONS
Template
- Database public
- Channel public
- Sensor trusted
Channel
Sensor
Database
- ATTACKS
- Outside (on database)
- Eavesdropping of Communications
- Inside (on database) Malicious owner (Verifier)
- Fingerprints left on glasses, door handles (not
discussed today)
6- Solution
- Secure Storage of Biometric Templates,
- Against Outside and Inside Attacks
- Secure Communication over the Channel (prevent
eavesdropping)
- Possible Constructions
- - Encryption (implies a decryption key at
verifier site) - - One-Way Function
- Idea
- Build a scheme similar to the one used for
password - protection
7 CHALLENGE Integration of Cryptographic
Techniques with Noisy Inputs One-Way Functions
are very sensitive to small changes in the input
data
8Literature
- Schneier
- Davida, Frankel and Matt, (Private biometrics)
- Juels and Wattenberg (Fuzzy Commitment)
- Ratha, Connell, Bolle (Cancelable Biometrics)
- Juels, Sudan (fuzzy vault)
- Linnartz, Tuyls (Shielding functions, AVBPA
2003) - Verbitskiy, Tuyls, Denteneer and Linnartz
(Benelux 2003) - Goseling, Tuyls submitted to ISIT2004
Related Topic- Biometric Key Generation (Soutar)
9Information Theoretic Model
- Biometrics Xn are modeled as random variables
with - distribution (enrollment)
- Authentication measurements Yn, modeled as
observations - through a noisy channel
10Secrecy Extractor
- Generate Common Secret S from Xn and Yn (Common
Randomness)
Source
Alice
Bob
Eve
11Secrecy Extractor
Enrollment
Authentication
EXACT MATCH F(S)F(S)?
12Terminology
- A function is called a
- ?-contracting function if for all X there exist
a W s.t - probabilistic
- norm
- Versatile function
- for all S??0,1?k and all X?Rn, there exists a
- vector W?Rm such that
- ?-Revealing function
?
13Requirements
- A reliable biometric authentication system that
- protects privacy has to satisfy the following
- requirements
- ?-contracting
- Versatile
- ?-revealing
- Correctness
- Protection against a dishonest verifier who has
- Access to the database (compare with passwords)
-
-
-
14Implications
Proposition 1 If W is constant, i.e.
G(Y,W)C(Y) then either ?0, or G(Y,W) is a
constant independent of Y. Corollary In
order to have a robust, versatile function
GG(X,W), W must depend on X
15Implications
Proposition 2 Let S be a binary string derived
from X and Y by communicating helper data W as
described in the protocol Extends also to
the continuous case! (Approximation argument)
16(No Transcript)
17EXAMPLES
- Three kinds of proposed schemes
- Based on Quantized Index Modulation
- Error Correcting Code-scheme
- Significant Components
18Example Quantized Key Extraction
X, N Zero mean Gaussian RVs with
19Error Prob per dimension as a function of
I(WS) becomes fairly small (10-5) for
20Example Significant Components
Assumption Orthogonal Transformation (Fisher,
PCA) Define where ?i are orthonormal
vectors Theorem (Fisher, PCA) The ?i can be
constructed such that they are independent,
normally distributed random variables with zero
mean
21The Scheme I Robustness
- Idea
- Select ?-components with large absolute values
- to guarantee robustness to noise
- Choose a small positive number ? and define
- Theorem Let ? be the fraction of average number
- of large comps then, if there is a sufficient
amount - of energy in the system, ? is large, moreover
22The Scheme II Versatility
Versatility Given si, search for index ij such
that
(feasibility) The set of feasible
secrets Theorem If k?1n with ?1?/10, then
with large probability is a large
set
23The Scheme III Helper Data
Given a secret S(s1,,sk) the helper data W is
determined. W picks up the correct components
of X in ?-basis Helper data W(X) is a k?n
matrix, its j-th row is given by ?-contracting
function
24Information Revealing
Theorem The proposed scheme is
zero-revealing Moreover,
25Discrete Biometrics
1-p
0
0
p
1
1
26(No Transcript)
27General Construction
- SEC Tuple of encoding regions (SEC Secure
Extraction Code) - such that,
- is the collection of
-
- SECs s.t.
28Secure Biometric Authentication Scheme (SBA)
- Enrollment measurement Xn
- Select a code in
- W indicates the selected code
- The Secret S is index of that coding region where
Xn belongs to - A One-Way Function F is applied to S.
- W and F(S) are stored in the database together
with the Id.
1
ENC
DEC
3
2
29- Authentication
- An individual makes an Id claim
- W and is sent to the decoder
- The SEC C(W) is used to derive the secret as
follows, -
- F(S) is computed
- Check F(S)F(S)
- This construction achieves the earlier mentioned
capacities - at the same time (Asymptotically)!
30Experiments
- - Biometric Measuring the headphone-to-ear-canal-
Transfer - Functions
- First dataset 45 Individuals, 8 Measurements
per person - Second dataset 65 Individuals, 8 Measurements
per person - 6 Measurements for training, 2 for
authentication - Tested scheme significant components
- FRR decreases as ? increases
- FAR decreases as secret length increases
- Secret length decreases as ? increases
31Ear canal Biometrics Headphone-to-Ear
Transfer Function
White noise
Error
H(z)
W(z)
32Headphone-to-Ear Transfer Function 1
ear, population (45x8)
33Results Principal Component Transform
First dataset
34Combination of schemes
Second dataset
35Summary
We have described a general set-up and examples
for biometric authentication/key generation
schemes that satisfy the following properties -
Robust to noise - Versatile - Zero-revealing -
Privacy protection