Secret-Key Rates and Privacy Leakage in Biometric Systems

In this thesis both the generation of secret keys from biometric data and the binding of secret keys to biometric data are investigated. These secret keys can be used to regulate access to sensitive data, services, and environments. In a biometric secrecy system a secret key is generated or chosen during an enrollment procedure in which biometric data are observed for the first time. This key is to be reconstructed after these biometric data are observed for the second time when authentication is required. Since biometric measurements are typically noisy, reliable biometric secrecy systems also extract so-called helper data from the biometric observation at the time of enrollment. These helper data facilitate reliable reconstruction of the secret key in the authentication process. Since the helper data are assumed to be public, they should not contain information about the secret key. We say that the secrecy leakage should be negligible. Important parameters of biometric key-generation and key-binding systems include the size of the generated or chosen secret key and the information that the helper data contain (leak) about the biometric observation. This latter parameter is called privacy leakage. Ideally the privacy leakage should be small, to prevent the biometric data of an individual from being compromised. Moreover, the secret-key length (also characterized by the secret-key rate) should be large to minimize the probability that the secret key is guessed and unauthorized access is granted. The first part of this thesis mainly focuses on the fundamental trade-off between the secret-key rate and the privacy-leakage rate in biometric secret-generation and secretbinding systems. This trade-off is studied from an information-theoretical perspective for four biometric settings. The first setting is the classical secret-generation setting as proposed by Maurer [1993] and Ahlswede and Csiszar [1993]. For this setting the achievable secret-key vs. privacy-leakage rate region is determined in this thesis. In the second setting the secret key is not generated by the terminals, but independently chosen during enrollment (key binding). Also for this setting the region of achievable secret-key vs. privacy-leakage rate pairs is determined. In settings three and four zero-leakage systems are considered. In these systems the public message should contain only a negligible amount of information about both the secret key and the biometric enrollment sequence. To achieve this, a private key is needed, which can be observed only by the two terminals. Again both the secret generation setting and chosen secret setting are considered. For these two cases the regions of achievable secret-key vs. private-key rate pairs are determined. For all four settings two notions of leakage are considered. Depending on whether one looks at secrecy and privacy leakage separately or in combination, unconditional or conditional privacy leakage is considered. Here unconditional leakage corresponds to the mutual information between the helper data and the biometric enrollment sequence, while the conditional leakage relates to the conditional version of this mutual information, given the secret. The second part of the thesis focuses on the privacy- and secrecy-leakage analysis of the fuzzy commitment scheme. Fuzzy commitment, proposed by Juels and Wattenberg [1999], is, in fact, a particular realization of a binary biometric secrecy system with a chosen secret key. In this scheme the helper data are constructed as a codeword from an error-correcting code, used to encode a chosen secret, masked with the biometric sequence that has been observed during enrollment. Since this scheme is not privacy preserving in the conditional privacy-leakage sense, the unconditional privacy-leakage case is investigated. Four cases of biometric sources are considered, i.e. memoryless and totally-symmetric biometric sources, memoryless and input-symmetric biometric sources, memoryless biometric sources, and stationary and ergodic biometric sources. For the first two cases the achievable rate-leakage regions are determined. In these cases the secrecy leakage rate need not be positive. For the other two cases only outer bounds on achievable rate-leakage regions are found. These bounds, moreover, are sharpened for fuzzy commitment based on systematic parity-check codes. Using the fundamental trade-offs found in the first part of this thesis, it is shown that fuzzy commitment is only optimal for memoryless totally-symmetric biometric sources and only at the maximum secret-key rate. Moreover, it is demonstrated that for memoryless and stationary ergodic biometric sources, which are not input-symmetric, the fuzzy commitment scheme leaks information on both the secret key and the biometric data. Biometric sequences have an often unknown statistical structure (model) that can be quite complex. The last part of this dissertation addresses the problem of finding the maximum a posteriori (MAP) model for a pair of observed biometric sequences and the problem of estimating the maximum secret-key rate from these sequences. A universal source coding procedure called the Context-TreeWeighting (CTW) method [1995] can be used to find this MAP model. In this thesis a procedure that determines the MAP model, based on the so-called beta-implementation of the CTW method, is proposed. Moreover, CTW methods are used to compress the biometric sequences and sequence pairs in order to estimate the mutual information between the sequences. However, CTW methods were primarily developed for compressing onedimensional sources, while biometric data are often modeled as two-dimensional processes. Therefore it is proved here that the entropy of a stationary two-dimensional source can be expressed as a limit of a series of conditional entropies. This result is also extended to the conditional entropy of one two-dimensional source given another one. As a consequence entropy and mutual information estimates can be obtained from CTW methods using properly-chosen templates. Using such techniques estimates of the maximum secret-key rate for physical unclonable functions (PUFs) are determined from a data-set of observed sequences. PUFs can be regarded as inanimate analogues of biometrics.

[1]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[2]  Nasir D. Memon,et al.  How to protect biometric templates , 2007, Electronic Imaging.

[3]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[4]  Boris Skoric,et al.  Robust Key Extraction from Physical Uncloneable Functions , 2005, ACNS.

[5]  Dimitris Anastassiou,et al.  Some results regarding the entropy rate of random fields , 1982, IEEE Trans. Inf. Theory.

[6]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[7]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[8]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[9]  Stark C. Draper,et al.  Using Distributed Source Coding to Secure Fingerprint Biometrics , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[10]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[11]  F. Willems,et al.  A study of the context tree maximizing method , 1995 .

[12]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[13]  F.M.J. Willems,et al.  Privacy leakage in biometric secrecy systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[14]  Fmj Frans Willems,et al.  Complexity reduction of the context-tree weighting method , 1997 .

[15]  G. S. Vernam,et al.  Cipher Printing Telegraph Systems For Secret Wire and Radio Telegraphic Communications , 1926, Transactions of the American Institute of Electrical Engineers.

[16]  Richard Clark Pasco,et al.  Source coding algorithms for fast data compression , 1976 .

[17]  Ari Juels,et al.  Error-tolerant password recovery , 2001, CCS '01.

[18]  Frans M. J. Willems,et al.  Context weighting for general finite-context sources , 1996, IEEE Trans. Inf. Theory.

[19]  A. Glavieux,et al.  Near Shannon limit error-correcting coding and decoding: Turbo-codes. 1 , 1993, Proceedings of ICC '93 - IEEE International Conference on Communications.

[20]  Roger Clarke,et al.  Human Identification in Information Systems , 1994 .

[21]  Boris Skoric,et al.  Entropy Estimation for Optical PUFs Based on Context-Tree Weighting Methods , 2007 .

[22]  Aaron D. Wyner,et al.  A theorem on the entropy of certain binary sequences and applications-II , 1973, IEEE Trans. Inf. Theory.

[23]  J. Dainty Laser speckle and related phenomena , 1975 .

[24]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[25]  Aaron D. Wyner,et al.  A theorem on the entropy of certain binary sequences and applications-I , 1973, IEEE Trans. Inf. Theory.

[26]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[27]  Ton Kalker,et al.  Reference point detection for improved fingerprint matching , 2006, Electronic Imaging.

[28]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[29]  Shlomo Shamai,et al.  A binary analog to the entropy-power inequality , 1990, IEEE Trans. Inf. Theory.

[30]  Ertem Tuncel Capacity/Storage Tradeoff in High-Dimensional Identification Systems , 2006, IEEE Transactions on Information Theory.

[31]  P.A.J. Volf,et al.  Maximum a posteriori probability tree models , 2002 .

[32]  Boris Skoric On the entropy of keys derived from laser speckle; statistical properties of Gabor-transformed speckle , 2008 .

[33]  Frans M. J. Willems,et al.  The context-tree weighting method: basic properties , 1995, IEEE Trans. Inf. Theory.

[34]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[35]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[36]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[37]  Alessandro Neri,et al.  Template protection for HMM-based on-line signature authentication , 2008, 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[38]  H.V. Poor,et al.  Privacy-security tradeoffs in biometric security systems , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[39]  Anton H. M. Akkermans,et al.  Face recognition with renewable and privacy preserving binary templates , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[40]  Feng,et al.  Correlations and fluctuations of coherent wave transmission through disordered media. , 1988, Physical review letters.

[41]  Sergio Verdú,et al.  A general formula for channel capacity , 1994, IEEE Trans. Inf. Theory.

[42]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[43]  V. Prabhakaran,et al.  On Secure Distributed Source Coding , 2007, 2007 IEEE Information Theory Workshop.

[44]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[45]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[46]  Frans M. J. Willems,et al.  Context-tree maximizing , 2000 .

[47]  Rudolf Ahlswede,et al.  Common Randomness in Information Theory and Cryptography - Part II: CR Capacity , 1998, IEEE Trans. Inf. Theory.

[48]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[49]  Alessandro Neri,et al.  Adaptive and distributed cryptography for signature biometrics protection , 2007, Electronic Imaging.

[50]  H. Vincent Poor,et al.  Secure lossless compression with side information , 2008, 2008 IEEE Information Theory Workshop.

[51]  Imre Csiszár,et al.  Secrecy capacities for multiple terminals , 2004, IEEE Transactions on Information Theory.

[52]  Adam D. Smith,et al.  Maintaining secrecy when information leakage is unavoidable , 2004 .

[53]  Natalia A. Schmid,et al.  Performance prediction methodology for biometric systems using a large deviations approach , 2004, IEEE Transactions on Signal Processing.

[54]  Aaron D. Wyner,et al.  The rate-distortion function for source coding with side information at the decoder , 1976, IEEE Trans. Inf. Theory.

[55]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[56]  Anil K. Jain,et al.  Hardening Fingerprint Fuzzy Vault Using Password , 2007, ICB.

[57]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[58]  Frederick Jelinek,et al.  Probabilistic Information Theory: Discrete and Memoryless Models , 1968 .

[59]  B. Frieden,et al.  Laser speckle and related phenomena , 1984, IEEE Journal of Quantum Electronics.

[60]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[61]  Ton Kalker,et al.  On the capacity of a biometrical identification system , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[62]  Frans M. J. Willems,et al.  Biometric Systems: Privacy and Secrecy Aspects , 2009, IEEE Transactions on Information Forensics and Security.

[63]  Imre Csiszár,et al.  Common randomness and secret key generation with a helper , 2000, IEEE Trans. Inf. Theory.

[64]  Pieter H. Hartel,et al.  Embedding Renewable Cryptographic Keys into Continuous Noisy Data , 2008, ICICS.

[65]  Andrew Beng Jin Teoh,et al.  Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[66]  Pieter H. Hartel,et al.  Controlling leakage of biometric information using dithering , 2008, 2008 16th European Signal Processing Conference.

[67]  Jorma Rissanen,et al.  Generalized Kraft Inequality and Arithmetic Coding , 1976, IBM J. Res. Dev..

[68]  Natalia A. Schmid,et al.  On Empirical Recognition Capacity of Biometric Systems Under Global PCA and ICA Encoding , 2008, IEEE Transactions on Information Forensics and Security.

[69]  Frans M. J. Willems,et al.  On Privacy in Secure Biometric Authentication Systems , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[70]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[71]  Raphail E. Krichevsky,et al.  The performance of universal encoding , 1981, IEEE Trans. Inf. Theory.

[72]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[73]  Bernadette Dorizzi,et al.  Biometrics at the frontiers, assessing the impact on Society Technical impact of Biometrics , 2005 .

[74]  Reihaneh Safavi-Naini,et al.  Cancelable Key-Based Fingerprint Templates , 2005, ACISP.

[75]  Srinivas Devadas,et al.  Controlled physical random functions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[76]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[77]  Daniel Willem Elisabeth Schobben,et al.  Privacy-protected biometric templates: acoustic ear identification , 2004, SPIE Defense + Commercial Sensing.

[78]  Jorma Rissanen,et al.  Universal coding, information, prediction, and estimation , 1984, IEEE Trans. Inf. Theory.

[79]  Frans M. J. Willems,et al.  The Context-Tree Weighting Method : Extensions , 1998, IEEE Trans. Inf. Theory.

[80]  Tanya Ignatenko,et al.  Context-Tree Weighting and Maximizing : Processing Betas , 2006 .

[81]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[82]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[83]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[84]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[85]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[86]  Boris Skoric,et al.  Estimating the Secrecy-Rate of Physical Unclonable Functions with the Context-Tree Weighting Method , 2006, 2006 IEEE International Symposium on Information Theory.

[87]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[88]  Ingrid Verbauwhede,et al.  Secure IRIS Verification , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[89]  Fmj Frans Willems,et al.  On the security of XOR-method in biometric authentication systems , 2006 .

[90]  Rudolf Ahlswede,et al.  Source coding with side information and a converse for degraded broadcast channels , 1975, IEEE Trans. Inf. Theory.