300 likes | 401 Views
Anonymous Biometrics: Privacy Protection of Biometric Templates. Pim Tuyls , E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Pim.Tuyls@philips.com Philips Research Eindhoven The Netherlands. Overview. Introduction Challenge Literature and Related Topic
E N D
Anonymous Biometrics:Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Pim.Tuyls@philips.com Philips Research Eindhoven The Netherlands
Overview • Introduction • Challenge • Literature and Related Topic • Information-Theoretic model • Secrecy Extractor • Requirements • Bounds • Examples • “General” Theory • Experiments • Summary
Introduction Biometric Identification (fingerprints, iris, speech) • is often used to identify people • is often part of a security system • uses databases containing Ref. Information • (Templates) Advantages • Convenience •can not be lost or forgotten • easy to use • Uniqueness •uniquefor a human being Offers therefore a very attractive alternative to e.g. passwords
Risks • Forgeability • Impersonation by Artificial Biometrics • Once CompromisedCompromised Forever • -Theft of Identity (Stolen Biometrics) • Sensitive Information • Fingerprints contain Genetic Information • Retina reveals susceptibility for Strokes and Diabetes • Additional Problem • - Noisy: Biometric data are obtained through noisy • measurements PRIVACY
ARCHITECTUREASSUMPTIONS Template • • Database public • Channel public • Sensor trusted Channel Sensor Database • ATTACKS • Outside (on database) • Eavesdropping of Communications • Inside (on database): Malicious owner (Verifier) • Fingerprints left on glasses, door handles (not discussed today)
Solution • Secure Storage of Biometric Templates, • Against Outside and Inside Attacks • Secure Communication over the Channel (prevent eavesdropping) • Possible Constructions: • - Encryption (implies a decryption key at verifier site) • - One-Way Function • Idea: • Build a scheme similar to the one used for password • protection
F database F matching CHALLENGE: Integration of Cryptographic Techniques with Noisy Inputs One-Way Functions are very sensitive to small changes in the input data
Literature • Schneier • Davida, Frankel and Matt, (Private biometrics) • Juels and Wattenberg (Fuzzy Commitment) • Ratha, Connell, Bolle (Cancelable Biometrics) • Juels, Sudan (fuzzy vault) • Linnartz, Tuyls (Shielding functions, AVBPA 2003) • Verbitskiy, Tuyls, Denteneer and Linnartz (Benelux 2003) • Goseling, Tuyls submitted to ISIT2004 Related Topic- Biometric Key Generation (Soutar)
Information Theoretic Model • Biometrics Xn are modeled as random variables with • distribution (enrollment) • Authentication measurements Yn, modeled as observations • through a noisy channel
Secrecy Extractor • Generate Common Secret S from Xn and Yn(Common Randomness) • Helper data W G Enrollment F Database: ID, W, F(S) F(S) Authentication matching G F EXACT MATCH: F(S)=F(S’)?
Terminology • A function is called a • -contracting function: if for all X there exist a W s.t • probabilistic • norm • Versatile function: • for all S0,1k and all XRn, there exists a • vector WRm such that: • -Revealing function:
Requirements • A reliable biometric authentication system that • protects privacy has to satisfy the following • requirements: • -contracting • Versatile • -revealing: • Correctness: • Protection against a dishonest verifier who has • Access to the database (compare with passwords)
Implications Proposition 1: If W is constant, i.e. G(Y,W)=C(Y) then either =0, or G(Y,W) is a constant independent of Y. Corollary: In order to have a robust, versatile function G=G(X,W), W must depend on X
Implications Proposition 2 : Let S be a binary string derived from X and Y by communicating helper data W as described in the protocol: Extends also to the continuous case! (Approximation argument)
EXAMPLES • Three kinds of proposed schemes: • Based on Quantized Index Modulation • Error Correcting Code-scheme • Significant Components
Example: Significant Components Assumption: Orthogonal Transformation (Fisher, PCA): Define: where i are orthonormal vectors Theorem (Fisher, PCA): The i can be constructed such that they are independent, normally distributed random variables with zero mean
The Scheme I: Robustness • Idea: • Select -components with large absolute values • to guarantee robustness to noise • Choose a small positive number and define • Theorem: Let be the fraction of average number • of large comps then, if there is a sufficient amount • of energy in the system, is “large”, moreover
The Scheme II: Versatility Versatility: Given si, search for index ij such that: (feasibility) The set of feasible secrets: Theorem: If k=1n with 1=/10, then with large probability is a large set
The Scheme III: Helper Data Given a secret S=(s1,…,sk) the helper data W is determined. W picks up the correct components of X in -basis Helper data:W(X) is a kn matrix, its j-th row is given by -contracting function:
Information Revealing Theorem: The proposed scheme is zero-revealing: Moreover,
General Construction • SEC: Tuple of encoding regions (SEC: Secure Extraction Code) such that, • is the collection of SECs s.t.
Secure Biometric Authentication Scheme (SBA) • Enrollment measurement Xn • Select a code in W indicates the selected code • The Secret S is index of that coding region where Xn belongs to • A One-Way Function F is applied to S. • W and F(S) are stored in the database together with the Id. 1 ENC DEC 3 2
Authentication: • An individual makes an Id claim • W and is sent to the decoder • The SEC C(W) is used to derive the secret as follows, • F(S’) is computed • Check: F(S’)=F(S) • This construction achieves the earlier mentioned capacities • at the same time (Asymptotically)!
Experiments • - Biometric: Measuring the headphone-to-ear-canal-Transfer • Functions • First dataset: 45 Individuals, 8 Measurements per person • Second dataset: 65 Individuals, 8 Measurements per person • 6 Measurements for training, 2 for authentication • Tested scheme: significant components • FRR decreases as increases • FAR decreases as secret length increases • Secret length decreases as increases
“Ear canal” Biometrics = Headphone-to-Ear Transfer Function White noise Error H(z) + W(z)
Headphone-to-Ear Transfer Function: 1 ear, population (45x8)
Results: Principal Component Transform First dataset
Combination of schemes Second dataset
Summary We have described a general set-up and examples for biometric authentication/key generation schemes that satisfy the following properties: - Robust to noise - Versatile - Zero-revealing - Privacy protection