Upload
kylan-macdonald
View
41
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Anonymous Biometrics: Privacy Protection of Biometric Templates. Pim Tuyls , E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko [email protected] Philips Research Eindhoven The Netherlands. Overview. Introduction Challenge Literature and Related Topic - PowerPoint PPT Presentation
Citation preview
Anonymous Biometrics:
Privacy Protection of Biometric Templates
Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko
[email protected] Research EindhovenThe Netherlands
2
Overview• Introduction• Challenge • Literature and Related Topic• Information-Theoretic model• Secrecy Extractor• Requirements• Bounds• Examples• “General” Theory• Experiments• Summary
3
IntroductionBiometric Identification (fingerprints, iris, speech) - is often used to identify people - is often part of a security system- uses databases containing Ref. Information (Templates)Advantages
• Convenience• can not be lost or forgotten
• easy to use• Uniqueness
• unique for a human being
Offers therefore a very attractive alternative to e.g. passwords
4
Risks- Forgeability
- Impersonation by Artificial Biometrics
- Once Compromised Compromised Forever-Theft of Identity (Stolen Biometrics)
- Sensitive Information - Fingerprints contain Genetic Information- Retina reveals susceptibility for Strokes and Diabetes
Additional Problem- Noisy: Biometric data are obtained through noisy measurements
PR
IVA
CY
5
ARCHITECTURE ASSUMPTIONS
• Database public• Channel public• Sensor trusted
ATTACKS
- Outside (on database) - Eavesdropping of Communications- Inside (on database): Malicious owner (Verifier)- Fingerprints left on glasses, door handles (not discussed today)
DatabaseSensor
Template
Channel
6
Possible Constructions:- Encryption (implies a decryption key at verifier site)- One-Way Function
Idea: Build a scheme similar to the one used for passwordprotection
Solution
• Secure Storage of Biometric Templates, • Against Outside and Inside Attacks
• Secure Communication over the Channel (prevent eavesdropping)
7
CHALLENGE: Integration of Cryptographic Techniques with Noisy Inputs
One-Way Functions are very sensitive to small changes in the input data
database
matching
F
F
8
Literature- Schneier - Davida, Frankel and Matt, (Private biometrics)- Juels and Wattenberg (Fuzzy Commitment)- Ratha, Connell, Bolle (Cancelable Biometrics)- Juels, Sudan (fuzzy vault)- Linnartz, Tuyls (Shielding functions, AVBPA 2003)- Verbitskiy, Tuyls, Denteneer and Linnartz (Benelux 2003)- Goseling, Tuyls submitted to ISIT2004
Related Topic- Biometric Key Generation (Soutar)
9
Information Theoretic Model• Biometrics Xn are modeled as random variables with distribution (enrollment)
• Authentication measurements Yn, modeled as observations through a noisy channel
10
• Generate Common Secret S from Xn and Yn (Common Randomness)
• Helper data W
Secrecy Extractor
Database: ID, W, F(S)
matching
F
F
G
G
EXACT MATCH: F(S)=F(S’)?’)?
En
rollm
en
t
Au
then
ticatio
n
F(S)
11
TerminologyA function is called a-contracting function: if for all X there exist a W s.t
• probabilistic • norm
Versatile function:for all S0,1k and all XRn, there exists avector WRm such that:-Revealing function:
12
Requirements
A reliable biometric authentication system thatprotects privacy has to satisfy the followingrequirements:
• -contracting• Versatile• -revealing:• Correctness:
Protection against a dishonest verifier who hasAccess to the database (compare with passwords)
13
Implications
Proposition 1: If W is constant, i.e. G(Y,W)=C(Y) then either=0, or G(Y,W) is a constant independent of Y.
Corollary: In order to have a robust, versatile function G=G(X,W), W must depend on X
14
ImplicationsProposition 2 :Let S be a binary string derived from X and Yby communicating helper data W as describedin the protocol:
Extends also to the continuous case!(Approximation argument)
15
EXAMPLES
Three kinds of proposed schemes:• Based on Quantized Index Modulation• Error Correcting Code-scheme• Significant Components
16
Example: Significant Components
Assumption:
Orthogonal Transformation (Fisher, PCA):Define:where i are orthonormal vectorsTheorem (Fisher, PCA): The i can be constructed such that they are independent, normally distributed random variableswith zero mean
17
The Scheme I: RobustnessIdea: Select -components with large absolute valuesto guarantee robustness to noise
Choose a small positive number and define
Theorem: Let be the fraction of average numberof large comps then, if there is a sufficient amountof energy in the system, is “large”, moreover
18
The Scheme II: Versatility
Versatility:Given si, search for index ij such that: (feasibility)
The set of feasible secrets:
Theorem:If k=1n with 1=/10, then with large probability is a large set
19
The Scheme III: Helper DataGiven a secret S=(s1,…,sk) the helper data W is determined. W picks up the correct components of X in -basis
Helper data: W(X) is a kn matrix, its j-th row isgiven by
-contracting function:
21
General Construction• SEC: Tuple of encoding regions (SEC: Secure Extraction
Code)
such that,
• is the collection of SECs s.t.
22
Secure Biometric Authentication Scheme (SBA)
1. Enrollment measurement Xn
2. Select a code in W indicates the selected code
3. The Secret S is index of that coding region where Xn
belongs to
4. A One-Way Function F is applied to S.
5. W and F(S) are stored in the database together with the Id.
ENC DEC
1
23
23
Authentication:
1. An individual makes an Id claim2. W and is sent to the decoder3. The SEC C(W) is used to derive the secret as follows,4.
5. F(S’) is computed6. Check: F(S’)=F(S)
This construction achieves the earlier mentioned capacities at the same time (Asymptotically)!
24
Experiments
- Biometric: Measuring the headphone-to-ear-canal-Transfer Functions- First dataset: 45 Individuals, 8 Measurements per person- Second dataset: 65 Individuals, 8 Measurements per person
- 6 Measurements for training, 2 for authentication- Tested scheme: significant components
- FRR decreases as increases- FAR decreases as secret length increases- Secret length decreases as increases