Information Leakage of Continuous-Source Zero Secrecy Leakage Helper Data Schemes

A Helper Data Scheme is a cryptographic primitive that extracts a high-entropy noise-free string from noisy data. Helper Data Schemes are used for privacy-preserving databases and for Physical Unclonable Functions. We refine the theory of Helper Data schemes with Zero Secrecy Leakage (ZSL), i.e. the mutual information between the helper data and the extracted secret is zero. We prove that ZSL necessitates particular properties of the helper data generating function, which also allows us to show the existence of `Sibling Points'. In the special case that our generated secret is uniformly distributed (Fuzzy Extractors) our results coincide with the continuum limit of a recent construction by Verbiskiy et al. Yet our results cover secure sketches as well. Moreover we present an optimal reconstruction algorithm for this scheme, that not only provides the lowest possible reconstruction error rate but also yields an attractive, simple implementation of the verification. Further, we introduce Diagnostic Category Leakage (DCL), which quantifies what an attacker can infer from helper data about a particular medical indication of the enrolled user, or reversely what probabilistic knowledge of a diagnose can leak about the secret. If the attacker has a priori knowledge about the enrolled user (medical indications, race, gender), then the ZSL property does not guarantee that there is no secrecy leakage from the helper data. However, this effect is typically very small.

[1]  Anil K. Jain,et al.  Biometric Systems: Technology, Design and Performance Evaluation , 2004 .

[2]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[3]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[4]  R.N.J. Veldhuis,et al.  Multi-Bits Biometric String Generation based on the Likelihood Ratio , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[5]  Carlos D. Castillo,et al.  Fuzzy Vault , 2009, Encyclopedia of Biometrics.

[6]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[7]  Max H. M. Costa,et al.  Writing on dirty paper , 1983, IEEE Trans. Inf. Theory.

[8]  Jean-Paul M. G. Linnartz,et al.  Improved Privacy Protection in Authentication by Fingerprints , 2011 .

[9]  Raymond N. J. Veldhuis,et al.  Binary Biometrics: An Analytic Framework to Estimate the Performance Curves Under Gaussian Assumption , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[10]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[11]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[12]  Ton van der Putte,et al.  Biometrical Fingerprint Recognition: Don't Get Your Fingers Burned , 2001, CARDIS.

[13]  M. Abramowitz,et al.  Handbook of Mathematical Functions With Formulas, Graphs and Mathematical Tables (National Bureau of Standards Applied Mathematics Series No. 55) , 1965 .

[14]  Milton Abramowitz,et al.  Handbook of Mathematical Functions with Formulas, Graphs, and Mathematical Tables , 1964 .

[15]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[16]  E.J.C. Kelkboom,et al.  Pitfall of the Detection Rate Optimized Bit Allocation within template protection and a remedy , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[17]  Boris Skoric,et al.  Robust Key Extraction from Physical Uncloneable Functions , 2005, ACNS.

[18]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[19]  Josef Kittler,et al.  Audio- and Video-Based Biometric Person Authentication, 5th International Conference, AVBPA 2005, Hilton Rye Town, NY, USA, July 20-22, 2005, Proceedings , 2005, AVBPA.

[20]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[21]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[22]  Raymond N. J. Veldhuis,et al.  Likelihood-ratio-based biometric verification , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[23]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[24]  Boris Skoric,et al.  Key Extraction From General Nondiscrete Signals , 2010, IEEE Transactions on Information Forensics and Security.

[25]  Gregory W. Wornell,et al.  Quantization index modulation: A class of provably good methods for digital watermarking and information embedding , 2001, IEEE Trans. Inf. Theory.

[26]  Jpmg Jean-Paul Linnartz,et al.  Improved privacy rotection in authentication by fingerprints , 2011 .

[27]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[28]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[29]  Neil J. A. Sloane,et al.  The theory of error-correcting codes (north-holland , 1977 .