A Quantitative Analysis of Indistinguishability for a Continuous Domain Biometric Cryptosystem
Biometric information is regarded as highly sensitive information and therefore encryption techniques for biometric information are needed to address security and privacy requirements of biometric information. Most security analyses for these encryption techniques focus on the scenario of one user enrolled in a single biometric system. In practice, biometric systems are deployed at different places and the scenario of one user enrolled in many biometric systems is closer to reality. In this scenario, cross-matching (tracking users enrolled in multiple databases) becomes an important privacy threat. To prevent such cross-matching, various methods to create renewable and indistinguishable biometric references have been published. In this paper, we investigate the indistinguishability or the protection against cross-matching of a continuous-domain biometric cryptosystem, the QIM. In particular our contributions are as follows. Firstly, we present a technique, which allows an adversary to decide whether two protected biometric reference data come from the same person or not. Secondly, we quantify the probability of success of an adversary who plays the indistinguishability game and thirdly, we compare the probability of success of an adversary to the authentication performance of the biometric system for the MCYT fingerprint database. The results indicate that although biometric cryptosystems represent a step in the direction of privacy enhancement, we are not there yet.
KeywordsEqual Error Rate Quantization Step Biometric Data Biometric System False Acceptance Rate
Unable to display preview. Download preview PDF.
- 1.Buhan, I.R., Doumen, J., Hartel, P.H., Veldhuis, R.N.J.: Fuzzy extractors for continuous distributions. In: Deng, R., Samarati, P. (eds.) Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Singapore, pp. 353–355. ACM, New York (2007)CrossRefGoogle Scholar
- 4.Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)Google Scholar
- 5.Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley-Interscience, Hoboken (2000)Google Scholar
- 6.Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. Journal on Advances in Signal Processing (EURASIP) 2008, 17 (2008)Google Scholar
- 7.Kelkboom, E., Garcia Molina, G., Breebaart, J., Kevenaar, T.A.M., Veldhuis, R.N.J., Jonker, W.: Binary biometrics: An analytic framework to estimate the performance curves under gaussian assumptions. IEEE Transactions on Systems, Man and Cybernetics (to appear, 2009)Google Scholar
- 10.Ortega-Garcia, J., Fierrez-Aguillar, J., Simon, D., Gonzalez, J., Faundez-Zanuy, M., Espinosa, V., Satue, A., Hernaez, I., Igarza, J.-J., Vivaracho, C., Escudero, D., Moro, Q.-I.: Myct baseline corpus: a bimodal biometric database. In: IEEE Proceedings on Vision, Image and Signal Processing, Special Issue on Biometrics on the Internet, vol. 150, pp. 395–401. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
- 11.ISO/IEC JTC1 SC27. CD 24745 - information security - biometric template protectionGoogle Scholar
- 12.Simoens, K., Tuyls, P., Preneel, B.: Privacy weakness in biometric sketches. In: IEEE Symposium on Security and Privacy, Oakland, California, USA (May 2009)Google Scholar
- 13.Tuyls, P., Akkermans, A., Kevenaar, T., Schrijen, G., Bazen, A., Veldhuis, R.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005)Google Scholar