template security in biometric systems yagiz sutcu
TRANSCRIPT
![Page 1: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/1.jpg)
Template Security inBiometric Systems
Yagiz Sutcu
![Page 2: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/2.jpg)
OutlineOutline
Introduction Biometrics and biometric systems Template security and user privacy Proposed solutions
Feature Transformation for ECC- based Biometric Template Protection Syndrome framework and its requirements for binary data Binarization of minutiae-based fingerprint templates
Protecting Biometric Templates with Secure Sketch Secure sketch framework, issues and limitations Quantization-based secure sketch Randomization Multi-factor setup
Conclusions, discussions and future directions
![Page 3: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/3.jpg)
BiometricsBiometrics
Biometrics is the science and technology of measuring and statistically analyzing biological data.
• Universality - do all people have it ?• Distinctiveness: can people be distinguished based on an identifier ?• Permanence : how permanent is the identifier ?• Collectability : how well can the identifier be captured and quantified ?• Performance : speed and accuracy• Acceptability : willingness of the people to use• Circumvention : foolproof
Adopted from: S. Prabhakar, S. Pankanti, and A. K. Jain, “Biometric Recognition: Security and Privacy Concerns”, IEEE SECURITY & PRIVACY, 2003.
![Page 4: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/4.jpg)
BiometricsBiometrics
![Page 5: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/5.jpg)
Biometric SystemsBiometric Systems
S. Prabhakar, S. Pankanti, and A. K. Jain, “Biometric Recognition: Security and Privacy Concerns”, IEEE SECURITY & PRIVACY, 2003.
![Page 6: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/6.jpg)
![Page 7: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/7.jpg)
Biometric authentication is attractive Closely related to the identity Cannot be forgotten Not easy to forge Have been successfully used for a long time
However … Cannot be exactly reproduced (intra-variability, noise) Once compromised cannot be revoked Entropy may not be sufficient
Objectives Authentication/verification without storing the original biometric Robustness to noisy measurements Best possible tradeoff between
Security (How many bits must an attacker guess?) Accuracy/performance (What is the false reject rate?)
Issues, Challenges and ObjectivesIssues, Challenges and Objectives
![Page 8: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/8.jpg)
Proposed Solutions – Proposed Solutions – Transformation-Based ApproachesTransformation-Based Approaches
Employ one-way transformation E.g., quantization, thresholding, random projections
Properties Non-invertible or hard-to-invert Similarity preserving Cancelable
Technique depends highly on the biometric considered Security not easy to analyze Ratha’01&’07, Savvides’04, Ang’05, Teoh’06, etc.
![Page 9: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/9.jpg)
Applied at the sensor level Signal level Feature level
Security If compromised, a new
distortion
Reusability Different distortions for
different databases
Performance What about false accept and
false reject rates? Requires alignment
RepeatableDistortion
RepeatableDistortion
Match Match
Do not Match
An Example: Cancelable BiometricsAn Example: Cancelable Biometrics
![Page 10: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/10.jpg)
Proposed Solutions – Proposed Solutions – Helper Data-Based ApproachesHelper Data-Based Approaches
Generate user-specific helper data E.g., syndrome, secure sketch
Helper data and generation method are public General ECC-based framework that is applicable to many biometrics
Techniques may vary to optimize performance for different modalities
Security analysis based on information-theory is possible Davida’98, Juels’99&’02, Dodis’04, Martinian’05, Draper’07, etc.
![Page 11: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/11.jpg)
An example: “Fuzzy Commitment”An example: “Fuzzy Commitment”
If the noisy biometric (X’) is close enough to the template (X), decoder successfully corrects the error.
The only information stored are and hash(K)
![Page 12: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/12.jpg)
An Example for Helper Data-based An Example for Helper Data-based Biometric Template Protection: Biometric Template Protection:
Syndrome CodingSyndrome Coding
![Page 13: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/13.jpg)
Syndrome Coding FrameworkSyndrome Coding Framework
S cannot be uncompressed by itself and is therefore secure In combination with a noisy second reading Y the original X can be recovered
using a Slepian-Wolf decoder Compare hash of estimate with stored hash to permit access
Encode enrollment biometric
Syndrome Encoding
Store syndrome S and hash of X
Syndrome Decoding
Original enrollment biometric
Noisy biometric probe
Decode w/ probe biometric
BiometricAuthentication
FingerprintChannel
X S
Y
Authenticateonly if hash ofestimate matchesstored hash
![Page 14: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/14.jpg)
System ImplementationSystem Implementation
Alignment and
MinutiaeExtraction
EnrolmentFingerprint
Alignment and
MinutiaeExtraction
ProbeFingerprint
Extractbinary featurevectors
Extractbinary featurevectors
SyndromeEncoding
SyndromeDatabase
SyndromeDecoding
yes
yes
no
no
accessdenied
accessgranted
accessdenied
![Page 15: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/15.jpg)
Overview of Syndrome Encoding/DecodingOverview of Syndrome Encoding/Decoding
STORE
0
1
1
0
1
0
0
1
0
0
0
1
1
0
1
0
0
1
0
0
Original Biometric Feature
(1st Reading)
XOR selected inputs to produce syndrome(very low complexity operation)
Syndrome(Stored)
ACCESS
0
1
0
0
1
0
0
0
1
0
0
1
0
0
Noisy Biometric Feature
(2nd Reading)0 0 1 0
1 0 1 0
0 01
0 0 1 00 0 1 0
1 0 1 01 0 1 0
0 010 01
0
1
1
0
1
0
0
0
1
1
0
1
0
0
Recovered Biometric
Feature
1 0 01 0 0
Syndrome (Stored)
Syndrome Decodingbased on Belief Propagation
(iterative algorithm)
Security = number “missing” bits= original bits – syndrome bitsTranslates into number guessesto identify original biometric w.h.p.
Robustness = false-rejection rateRobustness to variations in biometric readings achieved by syndrome decoding process(syndrome + noisy biometric => original biometric)
Fewer syndrome bits = greater security, but less robustness
![Page 16: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/16.jpg)
Example: Distributed Coding with Joint DecodingExample: Distributed Coding with Joint Decoding
0
1
1
0
1
0
0
Source X Source Y
0
1
0
0
1
0
0
1
0
0
SyndromeBits
![Page 17: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/17.jpg)
Example: Syndrome DecodingExample: Syndrome Decoding
?
?
?
?
?
?
?
Source X Side Info Y
0
1
0
0
1
0
0
1
0
0
SyndromeBits
Use side info Y and syndrome bits toreconstruct X
![Page 18: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/18.jpg)
Example: Syndrome DecodingExample: Syndrome Decoding
0
1
1
0
1
0
0
Source X Guess X
1
0
0
SyndromeBits
1
1
0
0
1
0
0
Flipping 1st bit from 0 to 1 satisfies 1st syndrome butviolates 2nd syndrome
![Page 19: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/19.jpg)
Example: Syndrome DecodingExample: Syndrome Decoding
0
1
1
0
1
0
0
Source X
1
0
0
SyndromeBits
0
0
0
0
1
0
0
Flipping 2nd bit from 1 to 0 satisfies syndrome bits 1 and 2 but violates 3rd syndrome bit
Guess X
![Page 20: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/20.jpg)
Example: Syndrome DecodingExample: Syndrome Decoding
0
1
1
0
1
0
0
Flipping 3rd bit from 0 to 1 satisfies all syndrome bits and recovers X
0
1
1
0
1
0
0
Source X
1
0
0
SyndromeBits
Guess X
![Page 21: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/21.jpg)
Security of Syndrome ApproachSecurity of Syndrome Approach
list of biometrics satisfying linear
constraints
enrollmentbiometric X
secure biometric, S = evaluationof functions (syndrome vector)
F(X), set of linear functions specified by code C
F (F(X))-1 0
0000010
11110010
00010001
10010010
+
+
1
0
0
….
+
![Page 22: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/22.jpg)
Previous Approach: Binary Grid RepresentationPrevious Approach: Binary Grid Representation
ProblemsRepresentation is sparse and difficult to modelStatistics of binary string are not well suited for existing codesPoor performance
Solution: Pre-processing!Pre-process fingerprint data to produce a binary string that is
statistically compatible with existing codesSyndrome coding on resulting binary string
0 0 0 1 00 0 0 1 0
1 0 0 1 10 0 0 0 0
0 0 0 0 00 0 0 0 0
0 1 0 0 10 0 0 1 0
0 0 0 0 01 1 0 0 0
0 0 0 0 00 1 0 0 0
0 1 0 1 11 1 0 0 0
0 0 0 0 00 0 0 0 0
0 0 1 0 00 0 1 0 0
0 0 0 0 00 0 1 0 0
0 1 0 1 10 0 0 0 0
1 1 0 0 10 1 1 0 1
0 1 1 1 00 1 1 0 1
0 0 0 1 00 0 0 1 0
1 0 0 1 10 0 0 0 0
0 0 0 0 00 0 0 0 0
0 1 0 0 10 0 0 1 0
0 0 0 0 01 1 0 0 0
0 0 0 0 00 1 0 0 0
0 1 0 1 11 1 0 0 0
0 0 0 0 00 0 0 0 0
0 0 1 0 00 0 1 0 0
0 0 0 0 00 0 1 0 0
0 1 0 1 10 0 0 0 0
1 1 0 0 10 1 1 0 1
0 1 1 1 00 1 1 0 1
![Page 23: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/23.jpg)
Desired Properties of Feature TransformationDesired Properties of Feature Transformation
.
.001011..
Zeros and onesequally likely
.
.001011..
Individual bitsindependent
.
.100110..
User A User B
Independentbit strings
.
.001011..
.
.011011..
User AReading 1
User AReading 2
BSC-p
1
2
34
![Page 24: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/24.jpg)
Extracting Robust Bits from BiometricsExtracting Robust Bits from Biometrics
X
Y
N random cuboids in
minutiae map
# minutiae Bit vector
6
7
9
0
1
1
+++++
+ +
+++
+ ++ + +
+ + +
++++
+
++++ + + ++ +
Medianthresholds
Each cuboid contributes a 0 or 1 bit to the feature vector, if it contains less or more minutia points than the median
![Page 25: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/25.jpg)
Elimination of Overlapping CuboidsElimination of Overlapping Cuboids
Large overlap similar bits easy for attacker to guess
400 cuboids Best 150 cuboids
![Page 26: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/26.jpg)
User-Specific CuboidsUser-Specific Cuboids
Different users have different set of cuboids
Requirements: For each user, choose the cuboids which Are most reliable
Result in equal number of zeros and ones
Have smallest possible pairwise correlation
What is a “reliable” cuboid? # minutiae points far away from the median
0 or 1 bit is likely to remain unchanged over repeated
noisy measurements of fingerprint.
![Page 27: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/27.jpg)
““Reliable” CuboidsReliable” Cuboids
E.g., median = 4
0 1
8 minutiae
9 minutiae
Measurement 1
Measurement 2
3 minutiae
5 minutiae
Measurement 1
Measurement 2
RELIABLEUNRELIABLE
Each user has a different set of reliable cuboids !
![Page 28: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/28.jpg)
User-Specific Reliable CuboidsUser-Specific Reliable Cuboids
0-List 1-List
… …
Sort by reliability
0-List 1-List
… …
N fair coin flips tochoose cuboids
from top of each list…
1 2
34
5
1 2 3 4 5
Unordered list
![Page 29: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/29.jpg)
Distribution of Zeros and OnesDistribution of Zeros and Ones
20 40 60 80 100 120 1400
50
100
150
200
250
Number of 1's in the transformed feature vectors
Nu
mb
er
of
fea
ture
ve
cto
rs
30 40 50 60 70 80 90 100 110 1200
50
100
150
200
250
300
350
400
450
Number of 1's in the transformed feature vectors
Nu
mb
er
of
fea
ture
ve
cto
rs
150 Common Cuboids 150 User-Specific Cuboids
Proprietary database of 1035 users, 15 pre-aligned samples per user
Desired 75 ones Desired 75 ones
![Page 30: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/30.jpg)
Intra-User and Inter-User SeparationIntra-User and Inter-User Separation
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.90
0.02
0.04
0.06
0.08
0.1
0.12
0.14
0.16
0.18
Dis
trib
utio
n o
f th
e N
HD
Normalized Hamming Distance (NHD)
intra-user variation inter-user orattacker variation
0 0.2 0.4 0.6 0.8 10
0.05
0.1
0.15
0.2
0.25
0.3
0.35
Normalized Hamming Distance (NHD)
Dis
trib
utio
n o
f th
e N
HD
attacker stealsuser’s cuboids
inter-user variation
intra-user variation
150 Common Cuboids 150 User-Specific Cuboids
![Page 31: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/31.jpg)
Equal Error RatesEqual Error Rates
0 0.05 0.1 0.15 0.2 0.250
0.05
0.1
0.15
0.2
0.25
Intra-user NHD
Inte
r-u
ser
NH
D
0 0.05 0.1 0.15 0.20
0.02
0.04
0.06
0.08
0.1
0.12
0.14
0.16
0.18
0.2
Intra-user NHD
Inte
r-u
ser
NH
D o
r a
tta
cke
r N
HD
inter-user scenarioattack scenario
0.05 0.027
≈ 0
Common Cuboids User-Specific Cuboids
User-specific cuboids provide lower equal error rate even if the attacker knows everybody’s cuboids.
![Page 32: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/32.jpg)
Syndrome Coding ResultsSyndrome Coding Results
![Page 33: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/33.jpg)
Conclusions/DiscussionsConclusions/Discussions
Random cuboids enable robust bit extraction with desired
properties User-specific (reliable) features require more computation and storage,
but give better separation between intra-user and inter-user feature vectors and provide higher security than common feature vectors
However… Fast method for eliminating correlated bit-pairs from user-specific
cuboids Extending feature transformation to use ridge data which is provided
along with minutiae mapObserving effect of alignment inconsistencies on overall performance
![Page 34: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/34.jpg)
Protecting Biometric TemplatesProtecting Biometric Templateswith Secure Sketch:with Secure Sketch:Theory and PracticeTheory and Practice
![Page 35: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/35.jpg)
Secure SketchSecure Sketch
Noise
Sketch
Generate password/key
Sketch should not reveal too much information about the original biometric
Enrollment Verification
ENCODER DECODER
randomness
P
![Page 36: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/36.jpg)
Entropy-loss(min-entropy of X)
(average min-entropy of X given P)
Secure SketchSecure Sketch
![Page 37: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/37.jpg)
Secure SketchSecure Sketch
Security of secure sketch is defined in terms of entropy loss, L Suppose original biometric data X have min-entropy H(X)
The strength of the key we can extract from X given sketch P is at least H(X) – L
L can be easily bounded by the size of the sketch P
L is an upper bound of information leakage for all distributions of X
![Page 38: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/38.jpg)
However…However…
Known secure sketch schemes have limitationsOnly deal with discrete dataBut real world biometric features are mostly in continuous domain
One general solutionQuantize/discretize the data and apply known schemes in the
quantized domain
![Page 39: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/39.jpg)
Quantization-based Secure SketchQuantization-based Secure Sketch
![Page 40: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/40.jpg)
X is original data, 0 < X < 1 and under noise, X can be shifted by at most 0.1
A Simple ExampleA Simple Example
1 1
![Page 41: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/41.jpg)
Problems Remain...Problems Remain...
For different quantization methods Min-entropy of quantized data could be different Entropy loss could also be different
How to define the security? Using entropy loss in the quantized domain? Could be misleading
![Page 42: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/42.jpg)
Using scalar quantizer: Case 1:
step size 0.1 entropy loss = log 3
Case 2: step size 0.01 entropy loss = log 11
Which one is better? It depends on distribution of X
If X is uniform:Case 1: H(X) = log(100), H(X) – L = log (100/3) = 5.06Case 2: H(X) = log(1000), H(X) – L = log(1000/11) = 6.51Case 2 yields a stronger key
However, there exists a distribution of X such that for both case 1 and 2:H(X) is the sameL is the actual information leakageCase 1 yields a stronger key
Different QuantizersDifferent Quantizers
![Page 43: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/43.jpg)
How to Compare?How to Compare?
Or, how to define the ``optimal'' quantization for all distributions of X?
It is difficult
Might be impossible
Instead, we propose to look at relative entropy loss, in addition to entropy loss
Essentially, we ask questions differently:
Given a family of quantizers (say, scalar quantizers with different quantization steps), for any one of them (say, Q), how many bits more that we could extract from X if another quantizer Q' was used?
How to bound the number of additional bits that can be extracted for any Q' (compared with Q)?
If we can bound it by B, then the ``best'' quantizer in the family cannot be better than Q by more than B bits
![Page 44: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/44.jpg)
Main ResultsMain Results
For any well-formed quantizer family, we can always bound the relative entropy losswell-formed: no quantizer in the family loses too much
information (say, having too large a quantization step) The safest way to quantize data is to use a quantization
step same as the error ratesafest: relative entropy loss is the smallest
This result is consistent with intuitionuseful to guide practical designs
![Page 45: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/45.jpg)
However…However…
Known secure sketch schemes have limitations Only deal with discrete data But real world biometric features are mostly in continuous domain
One general solution Quantize/discretize the data and apply known schemes in the quantized domain Measure security using entropy loss in the quantized domain
For different quantization methods Min-entropy/entropy could be different
How to define the security? Using min-entropy alone could be misleading
Improve performance?How about cancelability/reusability?Better feature selection?
![Page 46: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/46.jpg)
Enrollment Verification
X
XR
Q(XR)
ENCODER
randomization
quantization
Y
YR
Q(YR)
DECODERPX
sketch
templatenoisy
biometric
Q(XR)
Randomized Quantization-based Secure SketchRandomized Quantization-based Secure Sketch
![Page 47: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/47.jpg)
ResultsResults
ORL Face database - 40 different individual and 10 samples per individual 7 for training and 3 for testing PCA features (eigenfaces) considered Range-based similarity measure User-specific random (uniform) matrices
0 50 100 150 200 2500.06
0.08
0.1
0.12
0.14
0.16
0.18
0.2
0.22
Dimensionality after PCA
Equ
al E
rror
Rat
e (E
ER
)
EER w/o randomization
EER with randomization
![Page 48: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/48.jpg)
0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 2.20
0.05
0.1
0.15
0.2
0.25
EE
R
EER of non-randomized secure sketch
EER of randomized secure sketch
0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.40
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
FAR
FR
R
ROC of non-randomized secure sketch
ROC of randomized secure sketch
ResultsResults
randomization quantization
![Page 49: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/49.jpg)
0 50 100 150 200 250 300 350 4000
0.02
0.04
0.06
0.08
0.1
0.12
0.14
0.16
0.18
0.2
Principal Components (PCs) of PCA
% v
aria
nce
expl
aine
d
0 50 100 150 200 250 300 350 400
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Principal Components (PCs) of PCA
Bits
min-entropy
entropy
ResultsResults
Min-entropyAverage
sketch-sizeLeft-over entropy
PCA-based selection 59.91 40.35 19.56
Min-entropy
based
selection61.95 43.46 18.49
PCA-based selection 132.52 98.88 33.64
Min-entropy
based
selection139.95 106.55 33.40
n=20
n=50
![Page 50: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/50.jpg)
Conclusions/DiscussionsConclusions/Discussions
Randomization Improve performanceCancelability/reusability
Feature selectionSimilar security with better average sketch-size estimation
However… How to measure biometric information?
Entropy estimationMatching algorithm
How to define/find the “Optimal” quantization?Given the input distributionGiven practical constraints (size of sketch and/or templates)Different quantization strategies
![Page 51: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/51.jpg)
Overview of Future DirectionsOverview of Future Directions
![Page 52: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/52.jpg)
Threats/Attack VectorsThreats/Attack Vectors
Chris Roberts, “Biometric attack vectors and defences”, Computers & Security 26(1): 14-25 (2007)
![Page 53: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/53.jpg)
Feature extraction/matching with robustness to noise and other variations; Finding new/better features
Pattern RecognitionPattern Recognition
CryptographyCryptographySignal ProcessingSignal Processing
Secure BiometricSystems
Secure BiometricSystems
Recovery of original data from noisy or corrupt data; Better transformations
Protect/scramble biometricdata against malicious attacks;Analysis of security levelsoffered by various techniques.
Secure Biometric Systems: Secure Biometric Systems: A Blend of Multiple DisciplinesA Blend of Multiple Disciplines
![Page 54: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/54.jpg)
Open Issues/Research OpportunitiesOpen Issues/Research Opportunities
Improving robustness vs. security trade-off Reliable measurements of biometric information
Inherent entropy of biometrics
Connection between template security and system security Remote vs. local Two-party vs. multi-party Multi-biometrics Multi-factor
User privacy Standardization
Terminology Format
![Page 55: Template Security in Biometric Systems Yagiz Sutcu](https://reader038.vdocuments.site/reader038/viewer/2022103102/5697bf721a28abf838c7e866/html5/thumbnails/55.jpg)
ThanksThanks