Anonymous Biometrics: Privacy Protection of Biometric Templates - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Anonymous Biometrics: Privacy Protection of Biometric Templates

Description:

Davida, Frankel and Matt, (Private biometrics) Juels and Wattenberg (Fuzzy Commitment) Ratha, Connell, Bolle (Cancelable Biometrics) Juels, Sudan (fuzzy vault) ... – PowerPoint PPT presentation

Number of Views:250
Avg rating:3.0/5.0
Slides: 36
Provided by: Verbi9
Category:

less

Transcript and Presenter's Notes

Title: Anonymous Biometrics: Privacy Protection of Biometric Templates


1
Anonymous BiometricsPrivacy Protection of
Biometric Templates
  • Pim Tuyls,
  • E. Verbitskiy, D. Denteneer, J.P. Linnartz, J.
    Goseling, T. Ignatenko
  • Pim.Tuyls_at_philips.com
  • Philips Research Eindhoven
  • The Netherlands

2
Overview
  • Introduction
  • Challenge
  • Literature and Related Topic
  • Information-Theoretic model
  • Secrecy Extractor
  • Requirements
  • Bounds
  • Examples
  • General Theory
  • Experiments
  • Summary

3
Introduction
  • Biometric Identification (fingerprints, iris,
    speech)
  • is often used to identify people
  • is often part of a security system
  • uses databases containing Ref. Information
  • (Templates)
  • Advantages
  • Convenience
  • can not be lost or forgotten
  • easy to use
  • Uniqueness
  • unique for a human being
  • Offers therefore a very attractive alternative to
    e.g. passwords

4
  • Risks
  • Forgeability
  • Impersonation by Artificial Biometrics
  • Once Compromised Compromised Forever
  • -Theft of Identity (Stolen Biometrics)
  • Sensitive Information
  • Fingerprints contain Genetic Information
  • Retina reveals susceptibility for Strokes and
    Diabetes
  • Additional Problem
  • - Noisy Biometric data are obtained through
    noisy
  • measurements

PRIVACY
5
ARCHITECTURE ASSUMPTIONS
Template
  • Database public
  • Channel public
  • Sensor trusted

Channel
Sensor
Database
  • ATTACKS
  • Outside (on database)
  • Eavesdropping of Communications
  • Inside (on database) Malicious owner (Verifier)
  • Fingerprints left on glasses, door handles (not
    discussed today)

6
  • Solution
  • Secure Storage of Biometric Templates,
  • Against Outside and Inside Attacks
  • Secure Communication over the Channel (prevent
    eavesdropping)
  • Possible Constructions
  • - Encryption (implies a decryption key at
    verifier site)
  • - One-Way Function
  • Idea
  • Build a scheme similar to the one used for
    password
  • protection

7
CHALLENGE Integration of Cryptographic
Techniques with Noisy Inputs One-Way Functions
are very sensitive to small changes in the input
data
8
Literature
  • Schneier
  • Davida, Frankel and Matt, (Private biometrics)
  • Juels and Wattenberg (Fuzzy Commitment)
  • Ratha, Connell, Bolle (Cancelable Biometrics)
  • Juels, Sudan (fuzzy vault)
  • Linnartz, Tuyls (Shielding functions, AVBPA
    2003)
  • Verbitskiy, Tuyls, Denteneer and Linnartz
    (Benelux 2003)
  • Goseling, Tuyls submitted to ISIT2004

Related Topic- Biometric Key Generation (Soutar)
9
Information Theoretic Model
  • Biometrics Xn are modeled as random variables
    with
  • distribution (enrollment)
  • Authentication measurements Yn, modeled as
    observations
  • through a noisy channel

10
Secrecy Extractor
  • Generate Common Secret S from Xn and Yn (Common
    Randomness)

Source
Alice
Bob
Eve
11
Secrecy Extractor
  • Helper data W

Enrollment
Authentication
EXACT MATCH F(S)F(S)?
12
Terminology
  • A function is called a
  • ?-contracting function if for all X there exist
    a W s.t
  • probabilistic
  • norm
  • Versatile function
  • for all S??0,1?k and all X?Rn, there exists a
  • vector W?Rm such that
  • ?-Revealing function

?
13
Requirements
  • A reliable biometric authentication system that
  • protects privacy has to satisfy the following
  • requirements
  • ?-contracting
  • Versatile
  • ?-revealing
  • Correctness
  • Protection against a dishonest verifier who has
  • Access to the database (compare with passwords)

14
Implications
Proposition 1 If W is constant, i.e.
G(Y,W)C(Y) then either ?0, or G(Y,W) is a
constant independent of Y. Corollary In
order to have a robust, versatile function
GG(X,W), W must depend on X
15
Implications
Proposition 2 Let S be a binary string derived
from X and Y by communicating helper data W as
described in the protocol Extends also to
the continuous case! (Approximation argument)
16
(No Transcript)
17
EXAMPLES
  • Three kinds of proposed schemes
  • Based on Quantized Index Modulation
  • Error Correcting Code-scheme
  • Significant Components

18
Example Quantized Key Extraction
X, N Zero mean Gaussian RVs with
19
Error Prob per dimension as a function of
I(WS) becomes fairly small (10-5) for
20
Example Significant Components
Assumption Orthogonal Transformation (Fisher,
PCA) Define where ?i are orthonormal
vectors Theorem (Fisher, PCA) The ?i can be
constructed such that they are independent,
normally distributed random variables with zero
mean
21
The Scheme I Robustness
  • Idea
  • Select ?-components with large absolute values
  • to guarantee robustness to noise
  • Choose a small positive number ? and define
  • Theorem Let ? be the fraction of average number
  • of large comps then, if there is a sufficient
    amount
  • of energy in the system, ? is large, moreover

22
The Scheme II Versatility
Versatility Given si, search for index ij such
that
(feasibility) The set of feasible
secrets Theorem If k?1n with ?1?/10, then
with large probability is a large
set
23
The Scheme III Helper Data
Given a secret S(s1,,sk) the helper data W is
determined. W picks up the correct components
of X in ?-basis Helper data W(X) is a k?n
matrix, its j-th row is given by ?-contracting
function
24
Information Revealing
Theorem The proposed scheme is
zero-revealing Moreover,
25
Discrete Biometrics
1-p
0
0
p
1
1
26
(No Transcript)
27
General Construction
  • SEC Tuple of encoding regions (SEC Secure
    Extraction Code)
  • such that,
  • is the collection of
  • SECs s.t.

28
Secure Biometric Authentication Scheme (SBA)
  • Enrollment measurement Xn
  • Select a code in
  • W indicates the selected code
  • The Secret S is index of that coding region where
    Xn belongs to
  • A One-Way Function F is applied to S.
  • W and F(S) are stored in the database together
    with the Id.

1
ENC
DEC
3
2
29
  • Authentication
  • An individual makes an Id claim
  • W and is sent to the decoder
  • The SEC C(W) is used to derive the secret as
    follows,
  • F(S) is computed
  • Check F(S)F(S)
  • This construction achieves the earlier mentioned
    capacities
  • at the same time (Asymptotically)!

30
Experiments
  • - Biometric Measuring the headphone-to-ear-canal-
    Transfer
  • Functions
  • First dataset 45 Individuals, 8 Measurements
    per person
  • Second dataset 65 Individuals, 8 Measurements
    per person
  • 6 Measurements for training, 2 for
    authentication
  • Tested scheme significant components
  • FRR decreases as ? increases
  • FAR decreases as secret length increases
  • Secret length decreases as ? increases

31
Ear canal Biometrics Headphone-to-Ear
Transfer Function
White noise
Error
H(z)

W(z)
32
Headphone-to-Ear Transfer Function 1
ear, population (45x8)
33
Results Principal Component Transform
First dataset
34
Combination of schemes
Second dataset
35
Summary
We have described a general set-up and examples
for biometric authentication/key generation
schemes that satisfy the following properties -
Robust to noise - Versatile - Zero-revealing -
Privacy protection
Write a Comment
User Comments (0)
About PowerShow.com