Anonymous Biometrics: Privacy Protection of Biometric Templates

  • Published on

  • View

  • Download

Embed Size (px)


Anonymous Biometrics: Privacy Protection of Biometric Templates. Pim Tuyls , E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Philips Research Eindhoven The Netherlands. Overview. Introduction Challenge Literature and Related Topic - PowerPoint PPT Presentation


  • Anonymous Biometrics:

    Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Pim.Tuyls@philips.comPhilips Research EindhovenThe Netherlands



    Introduction Challenge Literature and Related Topic Information-Theoretic model Secrecy Extractor Requirements Bounds Examples General Theory Experiments Summary


    IntroductionBiometric Identification (fingerprints, iris, speech) is often used to identify people is often part of a security system uses databases containing Ref. Information (Templates)Advantages

    Convenience can not be lost or forgotten

    easy to use Uniqueness unique for a human being

    Offers therefore a very attractive alternative to e.g. passwords


    Risks Forgeability Impersonation by Artificial Biometrics

    Once Compromised Compromised Forever-Theft of Identity (Stolen Biometrics)

    Sensitive Information Fingerprints contain Genetic Information Retina reveals susceptibility for Strokes and Diabetes

    Additional Problem- Noisy: Biometric data are obtained through noisy measurements



    ARCHITECTURE ASSUMPTIONS Database public Channel public Sensor trusted ATTACKS

    Outside (on database) Eavesdropping of Communications Inside (on database): Malicious owner (Verifier) Fingerprints left on glasses, door handles (not discussed today)DatabaseSensorTemplateChannel


    Possible Constructions:- Encryption (implies a decryption key at verifier site)- One-Way Function

    Idea: Build a scheme similar to the one used for passwordprotection


    Secure Storage of Biometric Templates, Against Outside and Inside Attacks Secure Communication over the Channel (prevent eavesdropping)


    CHALLENGE: Integration of Cryptographic Techniques with Noisy Inputs

    One-Way Functions are very sensitive to small changes in the input data


    Literature Schneier Davida, Frankel and Matt, (Private biometrics) Juels and Wattenberg (Fuzzy Commitment) Ratha, Connell, Bolle (Cancelable Biometrics) Juels, Sudan (fuzzy vault) Linnartz, Tuyls (Shielding functions, AVBPA 2003) Verbitskiy, Tuyls, Denteneer and Linnartz (Benelux 2003) Goseling, Tuyls submitted to ISIT2004Related Topic- Biometric Key Generation (Soutar)


    Information Theoretic Model Biometrics Xn are modeled as random variables with distribution(enrollment)

    Authentication measurements Yn, modeled as observations through a noisy channel


    Secrecy ExtractorGenerate Common Secret S from Xn and Yn (Common Randomness)Helper data W

    Database: ID, W, F(S)matchingFFGGEXACT MATCH: F(S)=F(S)?EnrollmentAuthenticationF(S)


    TerminologyA functionis called a-contracting function: if for all X there exist a W s.t probabilistic


    Versatile function:for all S0,1k and all XRn, there exists avector WRm such that:-Revealing function:



    A reliable biometric authentication system thatprotects privacy has to satisfy the followingrequirements: -contracting Versatile -revealing: Correctness:

    Protection against a dishonest verifier who hasAccess to the database (compare with passwords)


    ImplicationsProposition 1: If W is constant, i.e. G(Y,W)=C(Y) then either=0, or G(Y,W) is a constant independent of Y.

    Corollary: In order to have a robust, versatile function G=G(X,W), W must depend on X


    ImplicationsProposition 2 :Let S be a binary string derived from X and Yby communicating helper data W as describedin the protocol:

    Extends also to the continuous case!(Approximation argument)


    EXAMPLESThree kinds of proposed schemes: Based on Quantized Index Modulation Error Correcting Code-scheme Significant Components


    Example: Significant ComponentsAssumption:

    Orthogonal Transformation (Fisher, PCA):Define:where i are orthonormal vectorsTheorem (Fisher, PCA): The i can be constructed such that they are independent, normally distributed random variableswith zero mean


    The Scheme I: RobustnessIdea: Select -components with large absolute valuesto guarantee robustness to noise

    Choose a small positive number and define

    Theorem: Let be the fraction of average numberof large comps then, if there is a sufficient amountof energy in the system, is large, moreover


    The Scheme II: VersatilityVersatility:Given si, search for index ij such that: (feasibility)

    The set of feasible secrets:

    Theorem:If k=1n with 1=/10, then with large probability is a large set


    The Scheme III: Helper DataGiven a secret S=(s1,,sk) the helper data W is determined. W picks up the correct components of X in -basis

    Helper data: W(X) is a kn matrix, its j-th row isgiven by

    -contracting function:


    Information RevealingTheorem:The proposed scheme is zero-revealing:



    General ConstructionSEC: Tuple of encoding regions (SEC: Secure Extraction Code)

    such that,

    is the collection of SECs s.t.


    Secure Biometric Authentication Scheme (SBA)Enrollment measurement XnSelect a code in W indicates the selected codeThe Secret S is index of that coding region where Xn belongs to

    A One-Way Function F is applied to S.W and F(S) are stored in the database together with the Id.ENCDEC123



    An individual makes an Id claim W and is sent to the decoder The SEC C(W) is used to derive the secret as follows,

    F(S) is computed Check: F(S)=F(S)

    This construction achieves the earlier mentioned capacities at the same time (Asymptotically)!


    Experiments- Biometric: Measuring the headphone-to-ear-canal-Transfer Functions First dataset: 45 Individuals, 8 Measurements per person Second dataset: 65 Individuals, 8 Measurements per person

    6 Measurements for training, 2 for authentication Tested scheme: significant components FRR decreases as increases FAR decreases as secret length increases Secret length decreases as increases


    Ear canal Biometrics = Headphone-to-Ear Transfer FunctionWhite noiseError H(z)W(z)+


    Headphone-to-Ear Transfer Function: 1 ear, population (45x8)


    Results: Principal Component TransformFirst dataset


    Second datasetCombination of schemes


    SummaryWe have described a general set-up and examples for biometric authentication/keygeneration schemes that satisfy the followingproperties:- Robust to noise- Versatile- Zero-revealing- Privacy protection


View more >