Privacy–Security Trade-Offs in Biometric Security Systems—Part II: Multiple Use Case

This is the second part of a two-part paper on the information theoretic study of biometric security systems. In this paper, the performance of reusable biometric security systems, in which the same biometric information is reused in multiple locations, is analyzed. The scenario in which the subsystems are jointly designed is first considered. An outer bound on the achievable trade-off between the privacy leakage of the biometric measurements and rates of keys generated at the subsystems is derived. A scheme that achieves the derived outer bound is then presented. Next, an incremental design approach is studied, in which the biometric measurements are reused while keeping the existing system intact. An achievable privacy-security trade-off region for this design approach is derived. It is shown that under certain conditions, the incremental design approach can achieve the performance of the joint design approach. Finally, examples are given to illustrate the results derived.

[1]  H.V. Poor,et al.  Privacy-security tradeoffs in biometric security systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[2]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[3]  Stark C. Draper,et al.  Using Distributed Source Coding to Secure Fingerprint Biometrics , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[4]  K. Srinathan,et al.  Efficient Biometric Verification in Encrypted Domain , 2009, ICB.

[5]  Kannan Ramchandran,et al.  Distributed source coding using syndromes (DISCUS): design and construction , 2003, IEEE Trans. Inf. Theory.

[6]  Julien Bringer,et al.  The best of both worlds: Applying secure sketches to cancelable biometrics , 2008, Sci. Comput. Program..

[7]  Zixiang Xiong,et al.  Design of Slepian-Wolf codes by channel code partitioning , 2004, Data Compression Conference, 2004. Proceedings. DCC 2004.

[8]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[9]  Imre Csiszár,et al.  Information Theory - Coding Theorems for Discrete Memoryless Systems, Second Edition , 2011 .

[10]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[11]  Aaron D. Wyner,et al.  A theorem on the entropy of certain binary sequences and applications-I , 1973, IEEE Trans. Inf. Theory.

[12]  Arun Ross,et al.  From Template to Image: Reconstructing Fingerprints from Minutiae Points , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[13]  Anil K. Jain,et al.  Securing Fingerprint Template: Fuzzy Vault with Helper Data , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[14]  F.M.J. Willems,et al.  Privacy leakage in biometric secrecy systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[15]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[16]  H. Vincent Poor,et al.  Privacy–Security Trade-Offs in Biometric Security Systems—Part I: Single Use Case , 2011, IEEE Transactions on Information Forensics and Security.

[17]  H. Vincent Poor,et al.  Privacy-security tradeoffs in reusable biometric security systems , 2010, 2010 IEEE International Conference on Acoustics, Speech and Signal Processing.

[18]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[19]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[20]  Frans M. J. Willems,et al.  Biometric Systems: Privacy and Secrecy Aspects , 2009, IEEE Transactions on Information Forensics and Security.

[21]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[22]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[23]  Ahmad Hussein SECURING BIOMETRIC DATA , 2010 .

[24]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[25]  Gérard D. Cohen,et al.  The wiretap channel applied to biometrics , 2004 .

[26]  Nasir D. Memon,et al.  Protecting Biometric Templates With Sketch: Theory and Practice , 2007, IEEE Transactions on Information Forensics and Security.

[27]  Nasir D. Memon,et al.  Secure Biometric Templates from Fingerprint-Face Features , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[28]  Shaogang Gong,et al.  Audio- and Video-based Biometric Person Authentication , 1997, Lecture Notes in Computer Science.

[29]  Stark C. Draper,et al.  Feature transformation of biometric templates for secure biometric systems based on error correcting codes , 2008, 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[30]  H. Vincent Poor,et al.  An Information Theoretic Framework for Biometric Security Systems , 2009, ICB.

[31]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[32]  Nasir D. Memon,et al.  Secure Sketch for Biometric Templates , 2006, ASIACRYPT.

[33]  Rudolf Ahlswede,et al.  Source coding with side information and a converse for degraded broadcast channels , 1975, IEEE Trans. Inf. Theory.

[34]  Stark C. Draper,et al.  Feature extraction for a Slepian-Wolf biometric system using LDPC codes , 2008, 2008 IEEE International Symposium on Information Theory.

[35]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.