5 research outputs found
Secret rate - Privacy leakage in biometric systems
Ahlswede and Csiszár [1993] introduced the concept of secret sharing. In their source model two terminals observe two correlated sequences. It is the objective of the terminals to form a common secret by interchanging a public message (helper data) in such a way that the secrecy leakage is negligible. In a biometric setting, where the sequences correspond to the enrollment and authentication data, respectively, it is crucial that the public message leaks as little information as possible about the biometric data, since compromised biometric data cannot be replaced. We investigated the fundamental trade-offs for four biometric settings. The first one is the standard (Ahlswede Csiszár) secret generation setting, for which we determined the secret-key vs, privacy-leakage rate region. Here leakage corresponds to the mutual information between helper data and biometric enrollment sequence. In the second setting the secret is not generated by the terminals but independently chosen, and transmitted using a public message. Again we determined the region of achievable rate-leakage pairs. In setting three and four we consider zero-leakage, i.e. the public message contains only a negligible amount of information about the secret and about the biometric enrollment sequence. To achieve this a private key is needed, which can be observed only by the terminals. We considered again both secret generation and secret transmission and determined for both cases the region of achievable secret-key vs. private-key rate pairs. © 2009 IEEE
THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system
In this paper, we propose a new biometric verification and template
protection system which we call the THRIVE system. The system includes novel
enrollment and authentication protocols based on threshold homomorphic
cryptosystem where the private key is shared between a user and the verifier.
In the THRIVE system, only encrypted binary biometric templates are stored in
the database and verification is performed via homomorphically randomized
templates, thus, original templates are never revealed during the
authentication stage. The THRIVE system is designed for the malicious model
where the cheating party may arbitrarily deviate from the protocol
specification. Since threshold homomorphic encryption scheme is used, a
malicious database owner cannot perform decryption on encrypted templates of
the users in the database. Therefore, security of the THRIVE system is enhanced
using a two-factor authentication scheme involving the user's private key and
the biometric data. We prove security and privacy preservation capability of
the proposed system in the simulation-based model with no assumption. The
proposed system is suitable for applications where the user does not want to
reveal her biometrics to the verifier in plain form but she needs to proof her
physical presence by using biometrics. The system can be used with any
biometric modality and biometric feature extraction scheme whose output
templates can be binarized. The overall connection time for the proposed THRIVE
system is estimated to be 336 ms on average for 256-bit biohash vectors on a
desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link
connection speed. Consequently, the proposed system can be efficiently used in
real life applications
Privacy leakage in fuzzy commitment schemes
Abstract In 1999 Juels and Wattenberg introduced the fuzzy commitment scheme. Fuzzy commitment is a particular realization of a binary biometric secrecy system with a chosen secret key. Three cases of biometric sources are considered, i.e. memoryless and totally-symmetric biometric sources, memoryless and input-symmetric biometric sources, and memoryless biometric sources. It is shown that fuzzy commitment is only optimal for memoryless totally-symmetric biometric sources and only at the maximum secret-key rate. Moreover, it is demonstrated that for memoryless biometric sources, which are not input-symmetric, the fuzzy commitment scheme leaks information on both the secret key and the biometric data
Improved security and privacy preservation for biometric hashing
We address improving verification performance, as well as security and privacy aspects of biohashing methods in this thesis. We propose various methods to increase the verification performance of the random projection based biohashing systems. First, we introduce a new biohashing method based on optimal linear transform which seeks to find a better projection matrix. Second, we propose another biohashing method based on a discriminative projection selection technique that selects the rows of the random projection matrix by using the Fisher criterion. Third, we introduce a new quantization method that attempts to optimize biohashes using the ideas from diversification of error-correcting output codes classifiers. Simulation results show that introduced methods improve the verification performance of biohashing. We consider various security and privacy attack scenarios for biohashing methods. We propose new attack methods based on minimum l1 and l2 norm reconstructions. The results of these attacks show that biohashing is vulnerable to such attacks and better template protection methods are necessary. Therefore, we propose an identity verification system which has new enrollment and authentication protocols based on threshold homomorphic encryption. The system can be used with any biometric modality and feature extraction method whose output templates can be binarized, therefore it is not limited to biohashing. Our analysis shows that the introduced system is robust against most security and privacy attacks conceived in the literature. In addition, a straightforward implementation of its authentication protocol is su ciently fast enough to be used in real applications
Secret rate - Privacy leakage in biometric systems
Ahlswede and Csiszár [1993] introduced the concept of secret sharing. In their source model two terminals observe two correlated sequences. It is the objective of the terminals to form a common secret by interchanging a public message (helper data) in such a way that the secrecy leakage is negligible. In a biometric setting, where the sequences correspond to the enrollment and authentication data, respectively, it is crucial that the public message leaks as little information as possible about the biometric data, since compromised biometric data cannot be replaced. We investigated the fundamental trade-offs for four biometric settings. The first one is the standard (Ahlswede Csiszár) secret generation setting, for which we determined the secret-key vs, privacy-leakage rate region. Here leakage corresponds to the mutual information between helper data and biometric enrollment sequence. In the second setting the secret is not generated by the terminals but independently chosen, and transmitted using a public message. Again we determined the region of achievable rate-leakage pairs. In setting three and four we consider zero-leakage, i.e. the public message contains only a negligible amount of information about the secret and about the biometric enrollment sequence. To achieve this a private key is needed, which can be observed only by the terminals. We considered again both secret generation and secret transmission and determined for both cases the region of achievable secret-key vs. private-key rate pairs. © 2009 IEEE