Privacy-security tradeoffs in biometric security systems

Biometric security systems are studied from an information theoretic perspective. A fundamental tradeoff between privacy, measured by the normalized equivocation rate of the biometric measurements, and security, measured by the rate of the key generated from the biometric measurements, is identified. The scenario in which a potential attacker does not have side information is considered first. The privacy-security region, which characterizes the above-noted tradeoff, is derived for this case. The close relationship between common information among random variables and the biometric security system is also revealed. The scenario in which the attacker has side information is then considered. Inner and outer bounds on the privacy-security region are derived in this case.

[1]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[2]  Alfred C. Weaver,et al.  Biometric authentication , 2006, Computer.

[3]  Rudolf Ahlswede,et al.  Common Randomness in Information Theory and Cryptography - Part II: CR Capacity , 1998, IEEE Trans. Inf. Theory.

[4]  Arun Ross,et al.  From Template to Image: Reconstructing Fingerprints from Minutiae Points , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[5]  Frans M. J. Willems,et al.  On Privacy in Secure Biometric Authentication Systems , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[6]  Nasir D. Memon,et al.  Protecting Biometric Templates With Sketch: Theory and Practice , 2007, IEEE Transactions on Information Forensics and Security.

[7]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[8]  Gérard D. Cohen,et al.  The wiretap channel applied to biometrics , 2004 .

[9]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[10]  Stark C. Draper,et al.  Using Distributed Source Coding to Secure Fingerprint Biometrics , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[11]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[12]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[13]  H. Vincent Poor,et al.  Authentication Over Noisy Channels , 2008, IEEE Transactions on Information Theory.