Anonymous Biometrics:

Privacy Protection of Biometric Templates

Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko

Pim.Tuyls@philips.comPhilips Research EindhovenThe Netherlands

2

Overview• Introduction• Challenge • Literature and Related Topic• Information-Theoretic model• Secrecy Extractor• Requirements• Bounds• Examples• “General” Theory• Experiments• Summary

3

IntroductionBiometric Identification (fingerprints, iris, speech) - is often used to identify people - is often part of a security system- uses databases containing Ref. Information (Templates)Advantages

• Convenience• can not be lost or forgotten

• easy to use• Uniqueness

• unique for a human being

Offers therefore a very attractive alternative to e.g. passwords

4

Risks- Forgeability

- Impersonation by Artificial Biometrics

- Once Compromised Compromised Forever-Theft of Identity (Stolen Biometrics)

- Sensitive Information - Fingerprints contain Genetic Information- Retina reveals susceptibility for Strokes and Diabetes

Additional Problem- Noisy: Biometric data are obtained through noisy measurements

PR

IVA

CY

5

ARCHITECTURE ASSUMPTIONS

• Database public• Channel public• Sensor trusted

ATTACKS

- Outside (on database) - Eavesdropping of Communications- Inside (on database): Malicious owner (Verifier)- Fingerprints left on glasses, door handles (not discussed today)

DatabaseSensor

Template

Channel

6

Possible Constructions:- Encryption (implies a decryption key at verifier site)- One-Way Function

Idea: Build a scheme similar to the one used for passwordprotection

Solution

• Secure Storage of Biometric Templates, • Against Outside and Inside Attacks

• Secure Communication over the Channel (prevent eavesdropping)

7

CHALLENGE: Integration of Cryptographic Techniques with Noisy Inputs

One-Way Functions are very sensitive to small changes in the input data

database

matching

F

F

8

Literature- Schneier - Davida, Frankel and Matt, (Private biometrics)- Juels and Wattenberg (Fuzzy Commitment)- Ratha, Connell, Bolle (Cancelable Biometrics)- Juels, Sudan (fuzzy vault)- Linnartz, Tuyls (Shielding functions, AVBPA 2003)- Verbitskiy, Tuyls, Denteneer and Linnartz (Benelux 2003)- Goseling, Tuyls submitted to ISIT2004

Related Topic- Biometric Key Generation (Soutar)

9

Information Theoretic Model• Biometrics Xn are modeled as random variables with distribution (enrollment)

• Authentication measurements Yn, modeled as observations through a noisy channel

10

• Generate Common Secret S from Xn and Yn (Common Randomness)

• Helper data W

Secrecy Extractor

Database: ID, W, F(S)

matching

F

F

G

G

EXACT MATCH: F(S)=F(S’)?’)?

En

rollm

en

t

Au

then

ticatio

n

F(S)

11

TerminologyA function is called a-contracting function: if for all X there exist a W s.t

• probabilistic • norm

Versatile function:for all S0,1k and all XRn, there exists avector WRm such that:-Revealing function:

12

Requirements

A reliable biometric authentication system thatprotects privacy has to satisfy the followingrequirements:

• -contracting• Versatile• -revealing:• Correctness:

Protection against a dishonest verifier who hasAccess to the database (compare with passwords)

13

Implications

Proposition 1: If W is constant, i.e. G(Y,W)=C(Y) then either=0, or G(Y,W) is a constant independent of Y.

Corollary: In order to have a robust, versatile function G=G(X,W), W must depend on X

14

ImplicationsProposition 2 :Let S be a binary string derived from X and Yby communicating helper data W as describedin the protocol:

Extends also to the continuous case!(Approximation argument)

15

EXAMPLES

Three kinds of proposed schemes:• Based on Quantized Index Modulation• Error Correcting Code-scheme• Significant Components

16

Example: Significant Components

Assumption:

Orthogonal Transformation (Fisher, PCA):Define:where i are orthonormal vectorsTheorem (Fisher, PCA): The i can be constructed such that they are independent, normally distributed random variableswith zero mean

17

The Scheme I: RobustnessIdea: Select -components with large absolute valuesto guarantee robustness to noise

Choose a small positive number and define

Theorem: Let be the fraction of average numberof large comps then, if there is a sufficient amountof energy in the system, is “large”, moreover

18

The Scheme II: Versatility

Versatility:Given si, search for index ij such that: (feasibility)

The set of feasible secrets:

Theorem:If k=1n with 1=/10, then with large probability is a large set

19

The Scheme III: Helper DataGiven a secret S=(s1,…,sk) the helper data W is determined. W picks up the correct components of X in -basis

Helper data: W(X) is a kn matrix, its j-th row isgiven by

-contracting function:

20

Information RevealingTheorem:The proposed scheme is zero-revealing:

Moreover,

21

General Construction• SEC: Tuple of encoding regions (SEC: Secure Extraction

Code)

such that,

• is the collection of SECs s.t.

22

Secure Biometric Authentication Scheme (SBA)

1. Enrollment measurement Xn

2. Select a code in W indicates the selected code

3. The Secret S is index of that coding region where Xn

belongs to

4. A One-Way Function F is applied to S.

5. W and F(S) are stored in the database together with the Id.

ENC DEC

1

23

23

Authentication:

1. An individual makes an Id claim2. W and is sent to the decoder3. The SEC C(W) is used to derive the secret as follows,4.

5. F(S’) is computed6. Check: F(S’)=F(S)

This construction achieves the earlier mentioned capacities at the same time (Asymptotically)!

24

Experiments

- Biometric: Measuring the headphone-to-ear-canal-Transfer Functions- First dataset: 45 Individuals, 8 Measurements per person- Second dataset: 65 Individuals, 8 Measurements per person

- 6 Measurements for training, 2 for authentication- Tested scheme: significant components

- FRR decreases as increases- FAR decreases as secret length increases- Secret length decreases as increases

25

“Ear canal” Biometrics = Headphone-to-Ear Transfer Function

White noise Error

H(z)

W(z)

+

26

Headphone-to-Ear Transfer Function: 1 ear, population (45x8)

27

Results: Principal Component Transform

First dataset

28

Second dataset

Combination of schemes

29

Summary

We have described a general set-up and examples for biometric authentication/keygeneration schemes that satisfy the followingproperties:

- Robust to noise- Versatile- Zero-revealing- Privacy protection