1 / 29

Anonymous Biometrics: Privacy Protection of Biometric Templates

Anonymous Biometrics: Privacy Protection of Biometric Templates. Pim Tuyls , E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Pim.Tuyls@philips.com Philips Research Eindhoven The Netherlands. Overview. Introduction Challenge Literature and Related Topic

Download Presentation

Anonymous Biometrics: Privacy Protection of Biometric Templates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Anonymous Biometrics:Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Pim.Tuyls@philips.com Philips Research Eindhoven The Netherlands

  2. Overview • Introduction • Challenge • Literature and Related Topic • Information-Theoretic model • Secrecy Extractor • Requirements • Bounds • Examples • “General” Theory • Experiments • Summary

  3. Introduction Biometric Identification (fingerprints, iris, speech) • is often used to identify people • is often part of a security system • uses databases containing Ref. Information • (Templates) Advantages • Convenience •can not be lost or forgotten • easy to use • Uniqueness •uniquefor a human being Offers therefore a very attractive alternative to e.g. passwords

  4. Risks • Forgeability • Impersonation by Artificial Biometrics • Once CompromisedCompromised Forever • -Theft of Identity (Stolen Biometrics) • Sensitive Information • Fingerprints contain Genetic Information • Retina reveals susceptibility for Strokes and Diabetes • Additional Problem • - Noisy: Biometric data are obtained through noisy • measurements PRIVACY

  5. ARCHITECTUREASSUMPTIONS Template • • Database public • Channel public • Sensor trusted Channel Sensor Database • ATTACKS • Outside (on database) • Eavesdropping of Communications • Inside (on database): Malicious owner (Verifier) • Fingerprints left on glasses, door handles (not discussed today)

  6. Solution • Secure Storage of Biometric Templates, • Against Outside and Inside Attacks • Secure Communication over the Channel (prevent eavesdropping) • Possible Constructions: • - Encryption (implies a decryption key at verifier site) • - One-Way Function • Idea: • Build a scheme similar to the one used for password • protection

  7. F database F matching CHALLENGE: Integration of Cryptographic Techniques with Noisy Inputs One-Way Functions are very sensitive to small changes in the input data

  8. Literature • Schneier • Davida, Frankel and Matt, (Private biometrics) • Juels and Wattenberg (Fuzzy Commitment) • Ratha, Connell, Bolle (Cancelable Biometrics) • Juels, Sudan (fuzzy vault) • Linnartz, Tuyls (Shielding functions, AVBPA 2003) • Verbitskiy, Tuyls, Denteneer and Linnartz (Benelux 2003) • Goseling, Tuyls submitted to ISIT2004 Related Topic- Biometric Key Generation (Soutar)

  9. Information Theoretic Model • Biometrics Xn are modeled as random variables with • distribution (enrollment) • Authentication measurements Yn, modeled as observations • through a noisy channel

  10. Secrecy Extractor • Generate Common Secret S from Xn and Yn(Common Randomness) • Helper data W G Enrollment F Database: ID, W, F(S) F(S) Authentication matching G F EXACT MATCH: F(S)=F(S’)?

  11. Terminology • A function is called a • -contracting function: if for all X there exist a W s.t • probabilistic • norm • Versatile function: • for all S0,1k and all XRn, there exists a • vector WRm such that: • -Revealing function: 

  12. Requirements • A reliable biometric authentication system that • protects privacy has to satisfy the following • requirements: • -contracting • Versatile • -revealing: • Correctness: • Protection against a dishonest verifier who has • Access to the database (compare with passwords)

  13. Implications Proposition 1: If W is constant, i.e. G(Y,W)=C(Y) then either =0, or G(Y,W) is a constant independent of Y. Corollary: In order to have a robust, versatile function G=G(X,W), W must depend on X

  14. Implications Proposition 2 : Let S be a binary string derived from X and Y by communicating helper data W as described in the protocol: Extends also to the continuous case! (Approximation argument)

  15. EXAMPLES • Three kinds of proposed schemes: • Based on Quantized Index Modulation • Error Correcting Code-scheme • Significant Components

  16. Example: Significant Components Assumption: Orthogonal Transformation (Fisher, PCA): Define: where i are orthonormal vectors Theorem (Fisher, PCA): The i can be constructed such that they are independent, normally distributed random variables with zero mean

  17. The Scheme I: Robustness • Idea: • Select -components with large absolute values • to guarantee robustness to noise • Choose a small positive number  and define • Theorem: Let  be the fraction of average number • of large comps then, if there is a sufficient amount • of energy in the system,  is “large”, moreover

  18. The Scheme II: Versatility Versatility: Given si, search for index ij such that: (feasibility) The set of feasible secrets: Theorem: If k=1n with 1=/10, then with large probability is a large set

  19. The Scheme III: Helper Data Given a secret S=(s1,…,sk) the helper data W is determined. W picks up the correct components of X in -basis Helper data:W(X) is a kn matrix, its j-th row is given by -contracting function:

  20. Information Revealing Theorem: The proposed scheme is zero-revealing: Moreover,

  21. General Construction • SEC: Tuple of encoding regions (SEC: Secure Extraction Code) such that, • is the collection of SECs s.t.

  22. Secure Biometric Authentication Scheme (SBA) • Enrollment measurement Xn • Select a code in W indicates the selected code • The Secret S is index of that coding region where Xn belongs to • A One-Way Function F is applied to S. • W and F(S) are stored in the database together with the Id. 1 ENC DEC 3 2

  23. Authentication: • An individual makes an Id claim • W and is sent to the decoder • The SEC C(W) is used to derive the secret as follows, • F(S’) is computed • Check: F(S’)=F(S) • This construction achieves the earlier mentioned capacities • at the same time (Asymptotically)!

  24. Experiments • - Biometric: Measuring the headphone-to-ear-canal-Transfer • Functions • First dataset: 45 Individuals, 8 Measurements per person • Second dataset: 65 Individuals, 8 Measurements per person • 6 Measurements for training, 2 for authentication • Tested scheme: significant components • FRR decreases as  increases • FAR decreases as secret length increases • Secret length decreases as  increases

  25. “Ear canal” Biometrics = Headphone-to-Ear Transfer Function White noise Error H(z) + W(z)

  26. Headphone-to-Ear Transfer Function: 1 ear, population (45x8)

  27. Results: Principal Component Transform First dataset

  28. Combination of schemes Second dataset

  29. Summary We have described a general set-up and examples for biometric authentication/key generation schemes that satisfy the following properties: - Robust to noise - Versatile - Zero-revealing - Privacy protection

More Related