Anonymous Biometrics: Privacy Protection of Biometric Templates

1
Anonymous BiometricsPrivacy Protection of
Biometric Templates

• Pim Tuyls,
• E. Verbitskiy, D. Denteneer, J.P. Linnartz, J.
  Goseling, T. Ignatenko
• Pim.Tuyls_at_philips.com
• Philips Research Eindhoven
• The Netherlands

2
Overview

• Introduction
• Challenge
• Literature and Related Topic
• Information-Theoretic model
• Secrecy Extractor
• Requirements
• Bounds
• Examples
• General Theory
• Experiments
• Summary

3
Introduction

• Biometric Identification (fingerprints, iris,
  speech)
• is often used to identify people
• is often part of a security system
• uses databases containing Ref. Information
• (Templates)
• Advantages
• Convenience
• can not be lost or forgotten
• easy to use
• Uniqueness
• unique for a human being
• Offers therefore a very attractive alternative to
  e.g. passwords

4

• Risks
• Forgeability
• Impersonation by Artificial Biometrics
• Once Compromised Compromised Forever
• -Theft of Identity (Stolen Biometrics)
• Sensitive Information
• Fingerprints contain Genetic Information
• Retina reveals susceptibility for Strokes and
  Diabetes
• Additional Problem
• - Noisy Biometric data are obtained through
  noisy
• measurements

PRIVACY
5
ARCHITECTURE ASSUMPTIONS
Template

• Database public
• Channel public
• Sensor trusted

Channel
Sensor
Database

• ATTACKS
• Outside (on database)
• Eavesdropping of Communications
• Inside (on database) Malicious owner (Verifier)
• Fingerprints left on glasses, door handles (not
  discussed today)

6

• Solution
• Secure Storage of Biometric Templates,
• Against Outside and Inside Attacks
• Secure Communication over the Channel (prevent
  eavesdropping)

• Possible Constructions
• - Encryption (implies a decryption key at
  verifier site)
• - One-Way Function
• Idea
• Build a scheme similar to the one used for
  password
• protection

7
CHALLENGE Integration of Cryptographic
Techniques with Noisy Inputs One-Way Functions
are very sensitive to small changes in the input
data
8
Literature

• Schneier
• Davida, Frankel and Matt, (Private biometrics)
• Juels and Wattenberg (Fuzzy Commitment)
• Ratha, Connell, Bolle (Cancelable Biometrics)
• Juels, Sudan (fuzzy vault)
• Linnartz, Tuyls (Shielding functions, AVBPA
  2003)
• Verbitskiy, Tuyls, Denteneer and Linnartz
  (Benelux 2003)
• Goseling, Tuyls submitted to ISIT2004

Related Topic- Biometric Key Generation (Soutar)
9
Information Theoretic Model

• Biometrics Xn are modeled as random variables
  with
• distribution (enrollment)
• Authentication measurements Yn, modeled as
  observations
• through a noisy channel

10
Secrecy Extractor

• Generate Common Secret S from Xn and Yn (Common
  Randomness)

Source
Alice
Bob
Eve
11
Secrecy Extractor

• Helper data W

Enrollment
Authentication
EXACT MATCH F(S)F(S)?
12
Terminology

• A function is called a
• ?-contracting function if for all X there exist
  a W s.t
• probabilistic
• norm
• Versatile function
• for all S??0,1?k and all X?Rn, there exists a
• vector W?Rm such that
• ?-Revealing function

?
13
Requirements

• A reliable biometric authentication system that
• protects privacy has to satisfy the following
• requirements
• ?-contracting
• Versatile
• ?-revealing
• Correctness
• Protection against a dishonest verifier who has
• Access to the database (compare with passwords)

14
Implications
Proposition 1 If W is constant, i.e.
G(Y,W)C(Y) then either ?0, or G(Y,W) is a
constant independent of Y. Corollary In
order to have a robust, versatile function
GG(X,W), W must depend on X
15
Implications
Proposition 2 Let S be a binary string derived
from X and Y by communicating helper data W as
described in the protocol Extends also to
the continuous case! (Approximation argument)
16
(No Transcript)
17
EXAMPLES

• Three kinds of proposed schemes
• Based on Quantized Index Modulation
• Error Correcting Code-scheme
• Significant Components

18
Example Quantized Key Extraction
X, N Zero mean Gaussian RVs with
19
Error Prob per dimension as a function of
I(WS) becomes fairly small (10-5) for
20
Example Significant Components
Assumption Orthogonal Transformation (Fisher,
PCA) Define where ?i are orthonormal
vectors Theorem (Fisher, PCA) The ?i can be
constructed such that they are independent,
normally distributed random variables with zero
mean
21
The Scheme I Robustness

• Idea
• Select ?-components with large absolute values
• to guarantee robustness to noise
• Choose a small positive number ? and define
• Theorem Let ? be the fraction of average number
• of large comps then, if there is a sufficient
  amount
• of energy in the system, ? is large, moreover

22
The Scheme II Versatility
Versatility Given si, search for index ij such
that
(feasibility) The set of feasible
secrets Theorem If k?1n with ?1?/10, then
with large probability is a large
set
23
The Scheme III Helper Data
Given a secret S(s1,,sk) the helper data W is
determined. W picks up the correct components
of X in ?-basis Helper data W(X) is a k?n
matrix, its j-th row is given by ?-contracting
function
24
Information Revealing
Theorem The proposed scheme is
zero-revealing Moreover,
25
Discrete Biometrics
1-p
0
0
p
1
1
26
(No Transcript)
27
General Construction

• SEC Tuple of encoding regions (SEC Secure
  Extraction Code)
• such that,
• is the collection of
• SECs s.t.

28
Secure Biometric Authentication Scheme (SBA)

• Enrollment measurement Xn
• Select a code in
• W indicates the selected code
• The Secret S is index of that coding region where
  Xn belongs to
• A One-Way Function F is applied to S.
• W and F(S) are stored in the database together
  with the Id.

1
ENC
DEC
3
2
29

• Authentication
• An individual makes an Id claim
• W and is sent to the decoder
• The SEC C(W) is used to derive the secret as
  follows,
• F(S) is computed
• Check F(S)F(S)
• This construction achieves the earlier mentioned
  capacities
• at the same time (Asymptotically)!

30
Experiments

• - Biometric Measuring the headphone-to-ear-canal-
  Transfer
• Functions
• First dataset 45 Individuals, 8 Measurements
  per person
• Second dataset 65 Individuals, 8 Measurements
  per person
• 6 Measurements for training, 2 for
  authentication
• Tested scheme significant components
• FRR decreases as ? increases
• FAR decreases as secret length increases
• Secret length decreases as ? increases

31
Ear canal Biometrics Headphone-to-Ear
Transfer Function
White noise
Error
H(z)

W(z)
32
Headphone-to-Ear Transfer Function 1
ear, population (45x8)
33
Results Principal Component Transform
First dataset
34
Combination of schemes
Second dataset
35
Summary
We have described a general set-up and examples
for biometric authentication/key generation
schemes that satisfy the following properties -
Robust to noise - Versatile - Zero-revealing -
Privacy protection