Feature Correlation Attack on Biometric Privacy Protection Schemes

Privacy protection techniques are an important supplementary of biometric systems. Their main purpose is to prevent security leakages in common biometric systems and to preserve the user's privacy. However, when cryptographic functions are used in the algorithms, randomness of biometric features is strictly required from the security point of view. This randomness is hard to achieve in many feature extraction algorithms, especially for those using the local information of biometric modality. In this paper we discuss privacy protection based on a fuzzy extractor. We show that the security of the algorithm is strongly reduced when statistical properties of biometric features as well as the details of the algorithm are known. An attack exploiting feature correlation is demonstrated.

[1]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[2]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[3]  Christoph Busch,et al.  A 3D Face Recognition Algorithm Using Histogram-based Features , 2008, 3DOR@Eurographics.

[4]  Daniel Willem Elisabeth Schobben,et al.  Privacy-protected biometric templates: acoustic ear identification , 2004, SPIE Defense + Commercial Sensing.

[5]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[6]  Evgeny Verbitskiy,et al.  RELIABLE BIOMETRIC AUTHENTICATION WITH PRIVACY PROTECTION , 2007 .

[7]  Fmj Frans Willems,et al.  On the security of XOR-method in biometric authentication systems , 2006 .

[8]  Arjan Kuijper,et al.  A Security Analysis of Biometric Template Protection Schemes , 2009, ICIAR.

[9]  Patrick J. Flynn,et al.  Overview of the face recognition grand challenge , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[10]  Anton H. M. Akkermans,et al.  Face biometrics with renewable templates , 2006, Electronic Imaging.

[11]  Ross J. Anderson,et al.  Combining cryptography with biometrics effectively , 2005 .

[12]  John Daugman,et al.  The importance of being random: statistical principles of iris recognition , 2003, Pattern Recognit..

[13]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[14]  Christoph Busch,et al.  A Reference Architecture for Biometric Template Protection based on Pseudo Identities , 2008, BIOSIG.

[15]  Christoph Busch,et al.  Privacy enhancing technology for a 3D-face recognition system , 2007, BIOSIG.