It is All in the System's Parameters: Privacy and Security Issues in Transforming Biometric Raw Data into Binary Strings

Biometrics traits such as faces, fingerprints, and irises, are becoming prevalent in computer security applications: from authentication systems to identification systems. Given the sensitive nature of biometrics, a great deal of effort is put into protecting the biometric data after it is acquired — from secure sketch and fuzzy extractors to the use of secure multiparty computations (in protocols such as SCiFI or GSHADE). While these solutions make sure that the extracted values (e.g., binary strings or vectors) that correspond to the biometrics are kept privately and securely, their practical implementations are not optimal with respect to privacy guarantees in the process of extracting the information from the raw biometric data. This paper analyses current solutions for protected systems and discusses the existing and potential problems in the security and privacy of their feature extraction and the binarization processes. As an illustrative example, we show a PoC of an attack on a feature extraction solution from facial images, used in several protected systems, and show that it reveals information which is very close to the training image of the user. As we argue in this paper, other solutions provide privacy for the system's users but make use of external set of biometric data which is often quite large, thus facing privacy and ownership issues associated with the external set of people. The take home message of this paper is: Many of the existing “privacy preserving” solutions neglect the privacy and security aspects of the feature extraction and binarization processes. Hence, we urge future research to close this gap in the security and privacy of biometric systems.

[1]  David J. Kriegman,et al.  Eigenfaces vs. Fisherfaces: Recognition Using Class Specific Linear Projection , 1996, ECCV.

[2]  Dejing Dou,et al.  Preserving differential privacy in convolutional deep belief networks , 2017, Machine Learning.

[3]  Xintao Wu,et al.  Regression Model Fitting under Differential Privacy and Model Inversion Attack , 2015, IJCAI.

[4]  Xi Zhang,et al.  Automated Inference on Criminality using Face Images , 2016, ArXiv.

[5]  H. Vincent Poor,et al.  Privacy–Security Trade-Offs in Biometric Security Systems—Part I: Single Use Case , 2011, IEEE Transactions on Information Forensics and Security.

[6]  Julien Bringer,et al.  Binary feature vector fingerprint representation from minutiae vicinities , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[7]  Pong C. Yuen,et al.  A Hybrid Approach for Generating Secure and Discriminating Face Template , 2010, IEEE Transactions on Information Forensics and Security.

[8]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[9]  Chun Chen,et al.  Binary Biometric Representation through Pairwise Polar Quantization , 2009, ICB.

[10]  Pieter H. Hartel,et al.  Embedding Renewable Cryptographic Keys into Continuous Noisy Data , 2008, ICICS.

[11]  Andrew Beng Jin Teoh,et al.  Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[12]  Chun Chen,et al.  Biometric binary string generation with detection rate optimized bit allocation , 2008, 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[13]  F.M.J. Willems,et al.  Privacy leakage in biometric secrecy systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[14]  Jeffrey F. Naughton,et al.  A Methodology for Formalizing Model-Inversion Attacks , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[15]  H. Vincent Poor,et al.  Privacy–Security Trade-Offs in Biometric Security Systems—Part II: Multiple Use Case , 2011, IEEE Transactions on Information Forensics and Security.

[16]  Rama Chellappa,et al.  Cancelable Biometrics: A review , 2015, IEEE Signal Processing Magazine.

[17]  Abhishek Kumar Gangwar,et al.  DeepIrisNet: Deep iris representation with applications in iris recognition and cross-sensor iris recognition , 2016, 2016 IEEE International Conference on Image Processing (ICIP).

[18]  Julien Bringer,et al.  The best of both worlds: Applying secure sketches to cancelable biometrics , 2008, Sci. Comput. Program..

[19]  Andrew Zisserman,et al.  Diagnostically relevant facial gestalt information from ordinary photos , 2014, eLife.

[20]  Julien Bringer,et al.  Boosting GSHADE Capabilities: New Applications and Security in Malicious Setting , 2016, SACMAT.

[21]  Anton H. M. Akkermans,et al.  Face recognition with renewable and privacy preserving binary templates , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[22]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[23]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[24]  Omer Paneth,et al.  Key Derivation From Noisy Sources With More Errors Than Entropy , 2014, IACR Cryptol. ePrint Arch..

[25]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[26]  Karthik Nandakumar,et al.  A fingerprint cryptosystem based on minutiae phase spectrum , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[27]  Narishige Abe,et al.  Irreversible fingerprint template using Minutiae Relation Code with Bloom Filter , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[28]  Jeffrey F. Naughton,et al.  Revisiting Differentially Private Regression: Lessons From Learning Theory and their Consequences , 2015, ArXiv.

[29]  Frans M. J. Willems,et al.  Secret rate - Privacy leakage in biometric systems , 2009, 2009 IEEE International Symposium on Information Theory.

[30]  Philip Ogunbona,et al.  Private Fingerprint Matching , 2012, ACISP.

[31]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[32]  Julien Bringer,et al.  Security analysis and improvement of some biometric protected templates based on Bloom filters , 2017, Image Vis. Comput..

[33]  Christoph Busch,et al.  Towards generating protected fingerprint templates based on bloom filters , 2015, 3rd International Workshop on Biometrics and Forensics (IWBF 2015).

[34]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[35]  Susmita Sur-Kolay,et al.  Physiological Information Leakage: A New Frontier in Health Information Security , 2016, IEEE Transactions on Emerging Topics in Computing.

[36]  B. Chen,et al.  Biometric Based Cryptographic Key Generation from Faces , 2007, 9th Biennial Conference of the Australian Pattern Recognition Society on Digital Image Computing Techniques and Applications (DICTA 2007).

[37]  Antonio Torralba,et al.  Face-to-BMI: Using Computer Vision to Infer Body Mass Index on Social Media , 2017, ICWSM.

[38]  Julien Bringer,et al.  Privacy-Preserving Biometric Identification Using Secure Multiparty Computation: An Overview and Recent Trends , 2013, IEEE Signal Processing Magazine.

[39]  Xiaogang Wang,et al.  Deep Learning Face Representation by Joint Identification-Verification , 2014, NIPS.

[40]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[41]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[42]  Raffaele Cappelli,et al.  SFinGe : an Approach to Synthetic Fingerprint Generation , 2004 .

[43]  Julian Fiérrez,et al.  Protected Facial Biometric Templates Based on Local Gabor Patterns and Adaptive Bloom Filters , 2014, 2014 22nd International Conference on Pattern Recognition.

[44]  Vincenzo Piuri,et al.  Privacy-preserving fingercode authentication , 2010, MM&Sec '10.

[45]  Nasir D. Memon,et al.  Protecting Biometric Templates With Sketch: Theory and Practice , 2007, IEEE Transactions on Information Forensics and Security.

[46]  Yan Wang,et al.  GenFace: Improving Cyber Security Using Realistic Synthetic Face Generation , 2017, CSCML.

[47]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[48]  Stark C. Draper,et al.  Feature extraction for a Slepian-Wolf biometric system using LDPC codes , 2008, 2008 IEEE International Symposium on Information Theory.

[49]  Yin Yang,et al.  Functional Mechanism: Regression Analysis under Differential Privacy , 2012, Proc. VLDB Endow..

[50]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[51]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[52]  David J. Kriegman,et al.  Eigenfaces vs. Fisherfaces: Recognition Using Class Specific Linear Projection , 1996, ECCV.

[53]  Chang Huang,et al.  Targeting Ultimate Accuracy: Face Recognition via Deep Embedding , 2015, ArXiv.

[54]  Jonathan Katz,et al.  Efficient Privacy-Preserving Biometric Identification , 2011, NDSS.

[55]  Marina Blanton,et al.  Oblivious Maximum Bipartite Matching Size Algorithm with Applications to Secure Fingerprint Identification , 2015, ESORICS.

[56]  Asker M. Bazen,et al.  Detection of Cores in Fingerprints with Improved Dimension Reduction , 2004 .

[57]  Margarita Osadchy,et al.  POSTER: Secure authentication from facial attributeswith no privacy loss , 2013, CCS.

[58]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[59]  Ming Yang,et al.  Web-scale training for face identification , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[60]  Pieter H. Hartel,et al.  Fuzzy extractors for continuous distributions , 2006, ASIACCS '07.

[61]  Julien Bringer,et al.  GSHADE: faster privacy-preserving distance computation and biometric identification , 2014, IH&MMSec '14.

[62]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[63]  Erik Learned-Miller,et al.  Labeled Faces in the Wild : Updates and New Reporting Procedures , 2014 .

[64]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.