Anonymous Biometrics Privacy Protection of Biometric Templates

Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko Pim.Tuyls@philips.com Philips Research Eindhoven The Netherlands Overview • Introduction • Challenge • Literature and Related Topic • Information-Theoretic model • Secrecy Extractor • Requirements • Bounds • Examples • “General” Theory • Experiments • Summary 2 Introduction Biometric Identification (fingerprints, iris, speech) - is often used to identify people - is often part of a security system - uses databases containing Ref. Information (Templates) Advantages • Convenience • can not be lost or forgotten • easy to use • Uniqueness • unique for a human being Offers therefore a very attractive alternative to e.g. passwords 3 Risks - Forgeability - Impersonation by Artificial Biometrics PRIVACY - Once Compromised Compromised Forever -Theft of Identity (Stolen Biometrics) - Sensitive Information - Fingerprints contain Genetic Information - Retina reveals susceptibility for Strokes and Diabetes Additional Problem - Noisy: Biometric data are obtained through noisy measurements 4 ARCHITECTURE ASSUMPTIONS Channel Sensor Template • Database public • Channel public • Sensor trusted Database ATTACKS - Outside (on database) - Eavesdropping of Communications - Inside (on database): Malicious owner (Verifier) - Fingerprints left on glasses, door handles (not discussed today) 5 Solution • Secure Storage of Biometric Templates, • Against Outside and Inside Attacks • Secure Communication over the Channel (prevent eavesdropping) Possible Constructions: - Encryption (implies a decryption key at verifier site) - One-Way Function Idea: Build a scheme similar to the one used for password protection 6 CHALLENGE: Integration of Cryptographic Techniques with Noisy Inputs One-Way Functions are very sensitive to small changes in the input data F database F matching 7 Literature - Schneier - Davida, Frankel and Matt, (Private biometrics) - Juels and Wattenberg (Fuzzy Commitment) - Ratha, Connell, Bolle (Cancelable Biometrics) - Juels, Sudan (fuzzy vault) - Linnartz, Tuyls (Shielding functions, AVBPA 2003) - Verbitskiy, Tuyls, Denteneer and Linnartz (Benelux 2003) - Goseling, Tuyls submitted to ISIT2004 Related Topic - Biometric Key Generation (Soutar) 8 Information Theoretic Model • Biometrics Xn are modeled as random variables with distribution (enrollment) • Authentication measurements Yn, modeled as observations through a noisy channel 9 Secrecy Extractor • Generate Common Secret S from Xn and Yn Randomness) (Common • Helper data W G F Database: ID, W, F(S) F(S) G F matching EXACT MATCH: F(S)=F(S’)? 10 Terminology A function is called a -contracting function: if for all X there exist a W s.t • probabilistic • norm  Versatile function: for all S0,1k and all XRn, there exists a vector WRm such that: -Revealing function: 11 Requirements A reliable biometric authentication system that protects privacy has to satisfy the following requirements: • -contracting • Versatile • -revealing: • Correctness: Protection against a dishonest verifier who has Access to the database (compare with passwords) 12 Implications Proposition 1: If W is constant, i.e. G(Y,W)=C(Y) then either =0, or G(Y,W) is a constant independent of Y. Corollary: In order to have a robust, versatile function G=G(X,W), W must depend on X 13 Implications Proposition 2 : Let S be a binary string derived from X and Y by communicating helper data W as described in the protocol: Extends also to the continuous case! (Approximation argument) 14 EXAMPLES Three kinds of proposed schemes: • Based on Quantized Index Modulation • Error Correcting Code-scheme • Significant Components 15 Example: Significant Components Assumption: Orthogonal Transformation (Fisher, PCA): Define: where i are orthonormal vectors Theorem (Fisher, PCA): The i can be constructed such that they are independent, normally distributed random variables with zero mean 16 Idea: The Scheme I: Robustness Select -components with large absolute values to guarantee robustness to noise Choose a small positive number  and define Theorem: Let  be the fraction of average number of large comps then, if there is a sufficient amount of energy in the system,  is “large”, moreover 17 The Scheme II: Versatility Versatility: Given si, search for index ij such that: (feasibility) The set of feasible secrets: Theorem: If k=1n with 1=/10, then with large probability is a large set 18 The Scheme III: Helper Data Given a secret S=(s1,…,sk) the helper data W is determined. W picks up the correct components of X in -basis Helper data: W(X) is a kn matrix, its j-th row is given by -contracting function: 19 Information Revealing Theorem: The proposed scheme is zero-revealing: Moreover, 20 General Construction • SEC: Tuple of encoding regions (SEC: Secure Extraction Code) such that, • is the collection of SECs s.t. 21 Secure Biometric Authentication Scheme (SBA) 1. 2. 3. Enrollment measurement Xn Select a code in W indicates the selected code The Secret S is index of that coding region where Xn belongs to 1 ENC DEC 2 3 4. 5. A One-Way Function F is applied to S. W and F(S) are stored in the database together with the Id. 22 Authentication: 1. An individual makes an Id claim 2. W and is sent to the decoder 3. The SEC C(W) is used to derive the secret as follows, 4. 5. 6. F(S’) is computed Check: F(S’)=F(S) This construction achieves the earlier mentioned capacities at the same time (Asymptotically)! 23 Experiments - Biometric: Measuring the headphone-to-ear-canal-Transfer Functions - First dataset: 45 Individuals, 8 Measurements per person - Second dataset: 65 Individuals, 8 Measurements per person - 6 Measurements for training, 2 for authentication - Tested scheme: significant components - FRR decreases as  increases - FAR decreases as secret length increases - Secret length decreases as  increases 24 “Ear canal” Biometrics = Headphone-to-Ear Transfer Function White noise H(z) Error + W(z) 25 Headphone-to-Ear Transfer Function: 1 ear, population (45x8) 26 Results: Principal Component Transform First dataset 27 Combination of schemes Second dataset 28 Summary We have described a general set-up and examples for biometric authentication/key generation schemes that satisfy the following properties: - Robust to noise - Versatile - Zero-revealing - Privacy protection 29