Outline Introduction and background How we got where we are today - - PDF document

1

Criteria Towards Metrics for Benchmarking Template Protection Algorithms

Koen Simoens K.U.Leuven – COSIC 3rd Edward van der Meulen Seminar Heverlee, 7 December 2011

Outline

• Introduction and background

– How we got where we are today How we got where we are today – ISO 24745, a generic model

• Performance categories

– Technical performance – Protection performance – Operational performance

• Conclusion
• K. Simoens

3rd Edward van der Meulen Seminar 2

2

Introduction

• K. Simoens

3 3rd Edward van der Meulen Seminar

Biometric System Security

• N. K. Ratha, J. H. Connell, and R. M. Bolle. 2001. Enhancing Security and Privacy

in Biometrics-Based Authentication Systems. IBM Syst. J. 40(3):614-634. 1. Present fake biometrics to the sensor; 2. Replay attack and sensor bypass; 3. Corrupt feature extraction 4. Tamper with the extracted features 5. Corrupt the matcher 6. Modify or replace stored templates 7. Manipulate template retrieval 8. Override match result

Stored Template(s) 6. 7.

• K. Simoens

3rd Edward van der Meulen Seminar 4

Sensor Feature Extractor Matcher 1. 2. 3. 4. 5. 8.

yes/no

3

Impersonation

• If you can read a password, you can use it
• Reference template allows constructing artificial prints

– Ross, A., J. Shah, and A.K. Jain. 2007. From Template to Image: Reconstructing Fingerprints from Minutiae Points. IEEE

• Trans. Pattern Anal. Mach. Intell. 29(4): 544-560.
• “Fig. 29. Reconstructing the ridge structure. (a) Original fingerprint and its

minutiae plot. (b) Estimated orientation map. (c) Enhanced ridge structure after application of the Verifinger software.”

• K. Simoens

3rd Edward van der Meulen Seminar 5

Sensitive Information

• Sensitive information in biometric data

– Sometimes speculative – Not sure how much remains in the “template”

Examples

• Brushfield spots (ring of iris speckles)

– Wallis Hugh R E. 1951. The Significance of Brushfield's Spots in the Diagnosis of Mongolism in Infancy. Arch Dis Child 26(130):495–500. – http://en.wikipedia.org/wiki/Brushfield_spots

• “Brushfield spots are small white or grayish/brown spots on the periphery of the iris in the human eye

(…) These spots are normal in children (Kunkmann-Wolffian bodies) but are also a feature of the chromosomal disorder Down syndrome. They occur in 35–78% of newborn infants with Down syndrome.[2] They are much more likely to occur in Down syndrome children of the Caucasian race than children of Asian heritage.[3]”

• Dermatoglyphic patterns

–

• R. Yousefi-Nooraie and S. Mortaz-Hedjri. 2008. Dermatoglyphic asymmetry and

hair whorl patterns in schizophrenic and bipolar patients. Psychiatry Research 157(1–3):247–250

• “Bipolar cases tended to present an excess of Ridge Dissocation (…) and a significant increase of

Abnormal Feature/aberrant pattern (…), both in palms and fingers… We found that subtle dermatoglyphic alterations (presented both in fingers and palms) were more frequent in patients with severe bipolar disorder than in controls.”

• K. Simoens

3rd Edward van der Meulen Seminar 6

4

Biometric Data Increasingly Shared

EU aims to stop 'visa shopping‘ : Schengen states to share visa data (2007-06-08)

• In the EU, supervised access to the biometric databases of the European Visa

Information System (VIS) is granted to policy and Europol.

• http://www.theregister.co.uk/2007/06/08/schengen_visa_data/

India to issue all 1.2 billion citizens with biometric ID cards (2009-07-15)

• Mr Nilekani, who left … to take up his new job, wants the cards to be linked to a

“ubiquitous online database” accessible from anywhere.

• http://www.telegraph.co.uk/news/worldnews/asia/india/5831929/India-to-issue-all-1.2-

billion-citizens-with-biometric-ID-cards.html DHS develops shared biometrics database with DOD (2011-03-08)

• In the USA, the Department of Homeland Security (DHS) is developing a joint database

with the Department of Defence (DOD) for the purpose of accessing current biometric data stored by DOD.

• http://homelandsecuritynewswire com/dhs-develops-shared-biometrics-database-dod
• http://homelandsecuritynewswire.com/dhs-develops-shared-biometrics-database-dod

And increasingly…

• Captured (airports, ePassports)
• Intrusive (full body scanner)
• Covert (on the fly/move):

– face, fingerprint, iris, vein, …

• K. Simoens

3rd Edward van der Meulen Seminar 7

Images: http://en.wikipedia.org/wiki/Full_body_scanner , http://www.reuters.com/article/2008/03/25/us-security-fingerprints-idUSN2538685320080325

Observations

Privacy and

• Biometrics are a success
• Biometrics are no longer in your pocket

Biometrics for “Security” Privacy and Data Protection

• K. Simoens

3rd Edward van der Meulen Seminar 8

• Security and privacy issues stemming from the use of biometrics

– Impersonation, sensitive, linkability (unique identifiers) –

• S. Prabhakar, S. Pankanti, and A.K. Jain. 2003. Biometric Recognition:

Security and Privacy Concerns. IEEE Security and Privacy 1(2):33-42.

• Increasing but conflicting demands

5

Protecting Biometric Reference Data

• Biometric template protection to bridge the gap

– Simple objectives

• Biometric data should be protected (do not store reference data in the clear)
• Maintain capability to identify or verify identity
• Maintain capability to identify or verify identity
• Different approaches

– Template-level protection => BTP

• Fuzzy commitment, fuzzy vault, cancellable biometrics,…

– System-level protection

• Physical security, procedures, encryption, hardware-based/-assisted (smartcards,

TPM)

– Protocol-level

• Advanced protocols relying on crypto primitives (MPC, homomorphic encryption, PIR)
• Main challenges:

– Hide biometric data (irreversibility) – Prevent cross-matching of hidden data (unlinkability) – Maintain performance/accuracy without giving up functionality

• Performance loss in early solutions
• K. Simoens

3rd Edward van der Meulen Seminar 9

Examples

6

Biometric Authentication

I am Bob

• Bob claims and proves identity towards system

Id tit ifi ti f b’ i t f b – Identity verification = compare proof b’ against reference b

• Two prints of same finger never exactly the same

– Verification is similarity check (as opposed to passwords)

• K. Simoens

3rd Edward van der Meulen Seminar 11

Cryptographer’s Approaches

• Try to get rid of the noise

– Use error-correcting codes Store some additional data to help you – Store some additional data to help you – Then reliably reconstruct bits (biometric data, secret, …) – “I can still use my cryptographic hash function”

• Hurray!

– Example: fuzzy commitment

• Juels, A. and M. Wattenberg. 1999. A Fuzzy Commitment Scheme. CCS

‘99. Proc. 28-36.

• Do comparison in the encrypted domain or use multi-

party computation (MPC)

• Requirement: biometric data encoded as binary string
• K. Simoens

3rd Edward van der Meulen Seminar 12

7

Code-Offset Construction

• Introduced as the fuzzy commitment scheme

– Juels, A. and M. Wattenberg. 1999. A Fuzzy Commitment

• Scheme. CCS ‘99. Proc. 28-36.
• Enroll sample b

– Output and store v = c - b and H(c) – c is a codeword of an [n,k,d]-code chosen uniformly at random – H is a cryptographic hashing function – Entropy loss L= n L= n - k (redundancy bits)

V if f h l b’ i

• Verify fresh sample b’ using v

– Decoding: Dec(v + b’) = c’ – Verification by comparing H(c’) = H(c) – Allows reconstruction of enrolment data

• Dec(v + b’) - v = b

⇔ d (b,b’)  t

• K. Simoens

3rd Edward van der Meulen Seminar 13

Template Space

• Consider biometric templates as points in 2D plane
• K. Simoens

3rd Edward van der Meulen Seminar 14

Disclaimer: simplified visualization

8

Space Segmentation

• Special points in the plane: codewords (dots)
• Codewords divide the space in segments (squares)
• K. Simoens

3rd Edward van der Meulen Seminar 15

Error-correcting Code

• A binary linear error-correcting code C

– Denoted as an [n,k,d] code – Consists of 2k codewords of length n – Consists of 2 codewords of length n – Can correct up to t errors – The minimum distance d = 2t+1 – With encoding and decoding procedures <Enc,Dec>

• Example: [7,4,3] Hamming code (t=1)

– Set of 128 words of which 16 are code words – Corrects 1 bit-error – Corrects 1 bit-error – X = Enc(0011) = 0011010 – Dec(Y = 0111010) = 0011010 (actually 0011)

• K. Simoens

3rd Edward van der Meulen Seminar 16

9

Error-Correcting Codes

• Decoding = move points inside circle to center
• Points outside a circle are not decodable
• K. Simoens

3rd Edward van der Meulen Seminar 17

Enrolment

• Code offset (translation) v = c -

v = c - b is auxiliary data

• Codeword c is reference stored securely as H(c)

T l ti t d d t f d di d b

• Translation to codeword to perform decoding around b
• Diversification: shift squares, any codeword can be ref.
• K. Simoens

3rd Edward van der Meulen Seminar 18

v b c

10

Verification

• A new sample b’ is presented by Bob

– Shift new sample b’ (translation preserves distance) Decode v + b’ to c’ and verify if H(c’) = H(c) – Decode v + b to c and verify if H(c ) = H(c)

• Cancel noise instead of similarity/distance score
• K. Simoens

3rd Edward van der Meulen Seminar 19

v+b’ b’ b t

Verification Failed

• Either the sample decodes to the wrong codeword,

H(c’) ≠ H(c), or it does not decode at all c’

• K. Simoens

3rd Edward van der Meulen Seminar 20

c

11

Data Representation

Fixed-Length Vector Fixed-Length Vector Variable-Length 3-tuple Binary Strings

[65 53 59 52 62 4747 45 255 333 253 287 243 149] [-315.91, -441.10, 212.35, -90.78,

• 840.12, 434.74]

[(35,150,10), (40,170,3), (45,142,34), (50,145,6), 0110100101001001 001001011001… 1101010100111101 (51,166,18), …] 001001010000… Hand feature set: Length and width of fingers, width of plam Face feature set: Eigen-coefficients Fingerprint featureset: Minutiae coordinates and local ridge

• rientation

Iris feature set: Encoded 2D wavelet demodulation phase sequence and mask Slide courtesy: A. Jain - http://www.cse.msu.edu/~cse891/Sect601/Lecture1-4.PDF

• K. Simoens

3rd Edward van der Meulen Seminar 21

Fuzzy Vault

• Juels, A. and M. Sudan. 2002. A Fuzzy Vault Scheme. ISIT 2002. Proc.

pp 408.

– Enrolment data is subset of some universe – Verification data must overlap substantially with enrolment data

• Based on Shamir secret sharing/Reed-Solomon codes

– Enroll unordered data set as points on polynomial – Biometric features as indices for points on p(x) – Add “chaff points” (not on the polynomial) – Verification = reconstruction of polynomial and secret

• K. Simoens

3rd Edward van der Meulen Seminar 22

Uludag, U., S. Pankanti, A.K. Jain. 2005. Fuzzy Vault for Fingerprints. AVBPA 2005. Proc. 310-319.

12

Fuzzy Extractor Framework

• Dodis Y. and L. Reyzin and A. Smith . 2004. Fuzzy Extractors: How to

Generate Strong Keys from Biometrics and Other Noisy Data. EUROCRYPT 2004, Proc. 523-540.

• Secure sketch

Rec Fsk

• K. Simoens

3rd Edward van der Meulen Seminar 23

– Let M be a (discrete) metric space with distance function d – Fsk: M → {0,1}* : w → P – Rec: M x {0,1}* → M : <w’,Fsk(w)> → w iff d(w,w’) ≤ t – Security property: min-entropy reduction yet hard to predict the biometic

• Fuzzy extractor:

– Output public part + secret, regenerate secret from noisy sample and public part – Secure sketch + randomness extractor (privacy amplification) = fuzzy extractor

Unavoidable Information Leakage

• Theoretically proven sketch must leak information

– Smith, A. D. 2004. Maintaining secrecy when information leakage is

• unavoidable. Ph.D. dissertation, MIT

– Ignatenko T and F M J Willems 2009 Biometric systems: privacy and Ignatenko, T. and F. M. J. Willems. 2009. Biometric systems: privacy and secrecy aspects. Trans. Info. For. Sec. 4(4):956-973.

• Inverse code-offset from any codeword

– Uncertainty is reduced (no actual bits leaked) – Position in square is revealed implicitly

• K. Simoens

3rd Edward van der Meulen Seminar 24

13

Biometric Researcher’s Approach

• Recall the cryptographer

– “I can still use my cryptographic hash function”

• “Leave the noise, I’m used to it”

,

– Some intentional repeatable distortion in the signal or feature domain

• One-way: easy to compute (poly time), hard to invert
• Hence, works for all biometric modalities

– “I can still use my favorite/existing comparison algorithm” : Brilliant! – “I can use my standardized data representation”

• Non-invertible transformation aka cancelable biometrics
• Ratha, N. K., J. H. Connell, and R. M. Bolle. 2001. Enhancing security and privacy in

biometrics-based authentication systems IBM Syst J 40(3): 614-634 biometrics-based authentication systems. IBM Syst. J. 40(3): 614-634.

• Ratha, N.K., S. Chikkerur, J.H. Connell, and R.M. Bolle. 2007. Generating Cancelable

Fingerprint Templates. IEEE Trans. Pattern Anal. Mach. Intell. 29(4): 561-572.

• Remark: it is always possible to find an “input/sample” that would

match the cancelable template

• K. Simoens

3rd Edward van der Meulen Seminar 25

Cancelable Biometrics

Simulate unconditional security: “surjective” functions Translation modeled as vector function (e.g. electrical potential field or mixture of Gaussian kernels) p )

3rd Edward van der Meulen Seminar 26

• K. Simoens

Image courtesy: N.K., S. Chikkerur, J.H. Connell, and R.M. Bolle. 2007. Generating Cancelable Fingerprint Templates. IEEE Trans. Pattern Anal. Mach. Intell. 29(4): 561-572.

14

Other

• Extension to continuous source biometrics

– Deal with noise (error-correction) using quantization

• Linnartz, J.P. and P. Tuyls. 2003. New shielding functions to enhance privacy

, y g p y and prevent misuse of biometric templates. AVBPA ‘03. Proc. 393-402.

• Buhan, I., J. Doumen, P. Hartel, and R. Veldhuis. 2007. Fuzzy extractors for

continuous distributions. ASIACCS '07, Proc. 353-355.

• Survey

– Jain, A.K., K. Nandakumar and A. Nagar. 2008. Biometric template

• security. EURASIP J. Adv. Signal. Process. 2008, Article 113.17

pages.

• High-level categorization of template protection

Feature transformation: – Feature transformation:

• Salting
• Noninvertible transform

– Biometric cryptosystems:

• Key-generation
• Key-binding system
• K. Simoens

3rd Edward van der Meulen Seminar 27

Evaluating BTP

• K. Simoens

28 3rd Edward van der Meulen Seminar

15

Challenges in Evaluating BTP

• Many different BTP schemes in literature

– Some aliases for BTP:

• Helper Data Scheme (Philips), Pseudo Identities (TURBINE), Fuzzy

p ( p ), ( ), y commitment (RSA Lab), Cancelable Biometrics (IBM), Biometric encryption, Fuzzy Vault (RSA Lab), ), Shielding functions (Philips), Fuzzy extractors (NYU), BIOCRYPTICS (GenKey), Random Projection (Yonsei Univ.), Secure sketch (Polytech. Univ. NY), Secure Syndrome (Mitsubishi), …

– Lack of well-established metrics for evaluating BTP methods

• BTP Metrics project

– Develop metrics for ranking and independent benchmarking

3rd Edward van der Meulen Seminar

p g p g – NIST Federal Funding Opportunity ($200k support) – Project Partners

• KUL : Katholieke Universiteit Leuven, COSIC – Belgium
• GUC : Gjøvik University College, NISlab – Norway

– Previous collaboration in TURBINE project (evaluators)

29

• K. Simoens

Main Objectives

• Identification and selection of criteria that are relevant for the

evaluation of BTP (key properties to assess)

• Harmonized definitions

– How to define them consistently w.r.t. some reference architecture?

• Focus on criteria directly related to BTP
• Target criteria that are quantifiable or measurable in a precise way
• Categorize in three performance groups:

– Technical, protection and operational

• Challenge

– Try to come up with universal metrics that can be empirically evaluated

3rd Edward van der Meulen Seminar 30

• Results to be presented at ICB 2012

– Simoens, K., B. Yang, X. Zhou, F. Beato, C. Busch, E.M. Newton, and B.

• Preneel. 2012. Criteria Towards Metrics for Benchmarking Template

Protection Algorithms. ICB 2012.

• K. Simoens

16

ISO 24745

• ISO/IEC JTC1 SC27 24745. (2011). Information technology -

Security techniques - Biometric information protection.

– Stage 60.60: International Standard published (June 2011) Stage 60.60: International Standard published (June 2011) – Heavily influenced by the TURBINE project

• http://www.turbine-project.eu
• Provides a reference architecture for BTP

– Definition of data units

• Pseudonymous Identifier (PI), Auxiliary Data (AD)
• Protected Template (PT) = PI and AD
• Synonym for renewable biometric template

Synonym for renewable biometric template

– And functional components

• Many schemes mapped on the architecture
• Comprehensive, yet high-level
• K. Simoens

3rd Edward van der Meulen Seminar 31

Functional Components

Enrolment

• Pseudonymous Identifier

Encoder (PIE) Verification

• Pseudonymous Identifier

Recoder (PIR)

• Pseudonymous Identifier

Comparator (PIC)

• K. Simoens

3rd Edward van der Meulen Seminar 32

Designed to produce different PTs for multiple applications

17

Evaluation Criteria

• Accuracy

A d d ti Technical performance

• Full-leakage irreversibility

A th i d l k i ibilit Protection performance

• Accuracy degradation
• Throughput
• PI encoding time
• PI recoding time
• PI comparison time
• Storage requirements
• Protected template size
• Code size
• Diversification capacity
• Authorized-leakage irreversibility
• Pseudo-authorized-leakage

irreversibility

• Unlinkability
• Modality independence
• Interoperability

Operational performance Interoperability

• Quality of performance (QoP)
• Granularity of performance
• Stability of performance
• K. Simoens

3rd Edward van der Meulen Seminar 33

Technical Performance

18

Accuracy and Accuracy Degradation

• Accuracy = recognition/classification performance

– Definition: Statistical reflection of trustworthiness of the decisions (match and non-match) made by a biometric system, represented by standardized error rates error rates.

• Not very different from conventional biometrics
• Error rates at different operating points:

– Curves not always smooth

• Accuracy degradation

– Definition: The accuracy performance decrease caused by biometric template protection algorithms. – Generally introduced by BTP – Generally introduced by BTP

• Basically compare error rates of protected with unprotected

– Relative degradation more important

• E.g. EER from 15% to 10% might be easier to achieve than 10% to 5%.
• K. Simoens

3rd Edward van der Meulen Seminar 35

Accuracy Degradation

NMR (%)

EER 0.1%

F

• K. Simoens

3rd Edward van der Meulen Seminar 36

FMR (%)

19

Accuracy Metrics

• Accuracy

– Fingerprint: EER ≈ 0.1% (FVC-

• n-going)

– Face: FRR ≈ 1~2.5% @ FAR = 0 1% (FRVT2006)

Performance metric Acronym Failure to capture rate FTC Failure to extract rate FTX F il i FTA

0.1% (FRVT2006) – Iris: FRR ≈ 1.1~1.4% @ FAR = 0.1% (ICE2006)

• Algorithm performance:

– FMR, FNMR

• System performance:

– FAR = FMR*(1-FTA) – FRR = FNMR*(1-FTA) + FTA

Failure to acquire rate FTA Failure to enroll rate FTE False match rate FMR False non‐match rate FNMR False accept(ance) rate FAR False reject(ion) rate FRR Genuine accept rate GAR Equal error rate EER

• Failure to acquire (FTA) :

– FTA = FTC+(1-FTC)*FTX

• Depending on the modality

– FTC: Failure to capture – FTX: Failure to extract

• K. Simoens

3rd Edward van der Meulen Seminar 37

qual error rate (FAR == FRR) R

Importance of Dissecting Error Rates

Plain feature extraction Plain feature extraction Testing protocols Testing protocols Error rate E Degradation Error rate Ep Testing database algorithm (PFE) Biometric template Biometric template protection algorithm (BTP) Testing protocols Testing protocols Degradation calculation and representation Testing parameters Feature extraction Feature extraction (FE) T ti t l T ti t l Error rate E D d ti

• K. Simoens

3rd Edward van der Meulen Seminar 38

Testing database component (FE) PI encoder / recoder PI encoder / recoder (PIE/PIR) Testing protocols Testing protocols Degradation calculation and representation Testing parameters Error rate Ep

20

Throughput

• Examples of processing rates:

– Fingerprint identification: 100,000,000 per second (MegaMatcher Accelerator by NeuroTechnology) – Automated Border Control: 17 seconds (vs. 45 secs by manually checking, Accenture report: miSense trial Heathrow airport)

• Throughput

– Definition: The number of biometric transactions processed continuously by an individual biometric processing unit (e.g., feature extractor, feature comparator, PI encoder, PI recoder, and PI comparator) in a defined time interval.

• Aggregate throughput is sum of individual throughputs

– PI encoding time, PI recoding time, PI comparison time – Ignore system and human factors – Comparison requires that same platform and data are used

• K. Simoens

3rd Edward van der Meulen Seminar 39

Storage Requirements

• Storage requirements

– Definition: Requirements imposed by biometric systems in different applications on si e of protected templates and BTP different applications on size of protected templates and BTP algorithm implementation codes. – Protected template size

• Both PI and AD

– Code size

• Protected templates tend to blow up

Protected templates tend to blow up…

• K. Simoens

3rd Edward van der Meulen Seminar 40

21

Diversification Capacity

• Definition: Maximum number of independent protected

templates that can be generated from the same biometric feature set by a BTP algorithm.

– Depends on random coins used by PIE (theoretical nb. of PTs) – Or what is imposed by application context

• What is independent?

– In the first place: unlinkability – Also irreversibility

• Take into account:

– Multiple PTs available to attacker

• Is an empirical test possible?

– Idea: Independence oracle = best known “cross-matcher” (see unlinkability)

• K. Simoens

3rd Edward van der Meulen Seminar 41

Protection Performance

22

On the Terms Security and Privacy

• Recommendation: stop using “security and privacy”!

– (at least without explaining what you mean) – System security

• Security = subverting the authentication process / low FAR
• Privacy = confidentiality of biometric data

– ISO 24745

• Security = system-level:

– Confidentiality, Integrity, Renewability and revokability

• Privacy = template-level

– Irreversibility (from the protected templates to their plaintexts) and – Unlinkability (among protected templates diversified from the same plaintext biometric feature)

• Security and privacy of templates

Security and privacy of templates

– Distinguish information-level aspect from system aspects:

• Spoofing, revocability, offline FAR-attack,… (not selected as criteria)
• Not dealt with by BTP

– Be specific:

• Irreversibility and unlinkability
• K. Simoens

3rd Edward van der Meulen Seminar 43

Irreversibility

• Recall our objective:

– Hiding biometric data… for whatever reason! – Key extraction/key binding systems

• Requested key size set by your application
• Irreversibility not always the same
• Three definitions

– Full-leakage, authorized leakage, pseudo-authorized … Consequence of the multitude of schemes available

3rd Edward van der Meulen Seminar 44

– Consequence of the multitude of schemes available – And inevitable information leakage through AD

• K. Simoens

23

Irreversibility

• Full-leakage irreversibility

– Definition: The difficulty of determining the generating biometric sample(s) or features, exactly or with negligible margin, from a pseudonymous identifier that has been stored as renewable biometric reference – Informal definition: Degree to which an attacker can recover enrolment data

• Authorized-leakage irreversibility

– Definition: The difficulty of determining a biometric sample(s) or features from a renewable biometric reference that would "match" that unprotected reference in a disjoint unprotected system – Informal definition: Degree to which an attacker can find a matching input impersonating an enrollee in an unprotected systems

• Pseudo-authorized-leakage irreversibility

– Definition: The difficulty of determining the generating biometric sample(s) or features exactly or to a high degree of similarity of a renewable biometric

3rd Edward van der Meulen Seminar

features, exactly or to a high degree of similarity, of a renewable biometric reference given knowledge of the reference and the subrange of the input range that would "match" with the reference – Informal definition: Degree to which an attacker can find a matching input impersonating an enrollee in the system under attack consisting of protected references

45

• K. Simoens

Irreversibility

Input space

Full-Leakage: Recover b exactly

Input space PIE

b

PT

• K. Simoens

3rd Edward van der Meulen Seminar 46

PI Verification

b

OK Pseudo- authorized t

24

Irreversibility

Input space

Authorized Leakage: Recover a point close to b, i.e., at most distance t

Input space PIE

b

PT

• K. Simoens

3rd Edward van der Meulen Seminar 47

PI Verification

b

OK Pseudo- authorized t

Irreversibility

Input space

Pseudo-authorized Leakage: Distinguish which part in the dashed rectangle is further than t from b

Input space PIE

b

PT

than t from b

• K. Simoens

3rd Edward van der Meulen Seminar 48

PI Verification

b

OK Pseudo- authorized t

25

Evaluating Irreversibility

• Most schemes do not achieve unconditional

irreversibility

– You have to store the PI (hash of …) somewhere!

• Butl it is good to rely on standard cryptographic primitives

– Irrespective of that…

• Many schemes feature some unconditional properties (e.g. on AD only)
• Depends further on the scheme

– Is there a pseudo-authorized region? – Is the (pseudo-authorized + authorized) region easy to determine

• Cancelable biometrics: yes

N t th t thi f ilit t fi ( t l l i )

3rd Edward van der Meulen Seminar 49

• Not that this facilitates spoofing (= system-level issue)
• Unfortunately: provable security quasi non-existent in

BTP

– Irreversible/unlinkable until proven otherwise

• K. Simoens

Evaluating Irreversibility

• Practical approach for transformation-based

schemes

– Nagar, A., and A.K. Jain. 2009. On the security of non-invertible fingerprint template transforms. WIFS 2009. Proc. pp.81-85. – Coverage and effort curve: relation between effort (nb. guesses) and fraction of template recovered (coverage)

erage 1 100% retrieval Saturation

• K. Simoens

3rd Edward van der Meulen Seminar 50

Effort (the number of attempts) Cove

26

Unlinkability

• Unlinkability

– Definition: The difficulty of classifying renewable biometric references references

• Universal metric: empirical evaluation

– Cross-matching (linking) = classification problem – Empirical evaluation on database of accuracy evaluation – Heuristic-Based Classification

• Heuristic relies on information leaked by PT
• To be determined/quantified through theoretical analysis
• Must be implemented to validate

p

– Result expressed in error rates

• False cross-match rate
• False non-cross-match rate
• Equal error cross-matching rate
• K. Simoens

3rd Edward van der Meulen Seminar 51

b t0 t1 Time PT3 PT4 Application 2 PT1 Application 1

Bad Unlinkability Good Unlinkability

Unlinkability

• K. Simoens

3rd Edward van der Meulen Seminar 52

27

Attack Strategy on Code Offsets

• Relative positions in square revealed
• Implicit comparison of relative positions

– Subtract offsets and decode

• v1 - v2 = c1 - b1 - c2 + b2 = (c1 - c2) + (b2 - b1)
• Linear code : sum of codewords is again codeword

– Mate (from the same characteristic, e.g., the same finger of a particular person) templates

• Always decodable offset difference (b2~b1)

– Non-mate templates

• Sometimes, sometimes not

,

• Attack = classification problem

– Attacker’s decision based on decodability – Simoens, K., P. Tuyls, and B. Preneel. 2009. Privacy Weaknesses in Biometric Sketches. IEEE S&P 2009. Proc. pp. 188-203.

• K. Simoens

3rd Edward van der Meulen Seminar 53

Mate Protected Templates

• Completely different codewords and offsets
• Relative positions are close
• Always correctly identified as related

v2 c2

• K. Simoens

3rd Edward van der Meulen Seminar 54

b’ b v1 c1

28

Non-mate Protected Templates

• Correctly identified as unrelated
• K. Simoens

3rd Edward van der Meulen Seminar 55

Unrelated Templates

• Incorrectly identified as related

– Only case where attacker misses – Probability decreases with increasing noise-tolerance

• K. Simoens

3rd Edward van der Meulen Seminar 56

29

Decodeability Heuristic

• Related

– Always correct

• Unrelated

– Sometimes correct – Sometimes wrong Sometimes wrong

• Probability?
• K. Simoens

3rd Edward van der Meulen Seminar 57

Decodeability Probability

• Assuming uniform input

– Rudimentary assumption – Difference of two unrelated inputs is just a random point Difference of two unrelated inputs is just a random point

• Decodeability probability of random input

– Take the number of points in a decoding “circle” Vq(n,t) – Take the number of codewords qk – Divide by total number of points qn – qk.Vq(n,t) / qn

• Define distinguishing information leakage

– Λ = n - k - logq Vq (n,t) – Quality measure for indistinguishability of a particular code-offset construction

• K. Simoens

3rd Edward van der Meulen Seminar 58

30

What is the best we can do?

• Good code-offset sketch has good Λ

– Interested in scheme with smallest Λ for a given n and t

• Direct relation with coding problem

– Given code-length n and minimum distance d ≥ 2*t+1 – Find code with greatest dimension k – Bounds on maximum size Aq (n,d) well known

• To deal with Vq(n,t)

– Work with relative distinguishing information leakage λ Work with relative distinguishing information leakage λ

• Λ  n * λ = n * (1 – α(δ) – h(δ/2) )

– V2 (n,t)  2n*h(t/n)

– Apply asymptotic bounds from coding theory

• K. Simoens

3rd Edward van der Meulen Seminar 59

Bounds

• Coding theory bounds tell us what the best is we can do

– Code-offsets cannot be made completely unlinkable – In practice: FAR

• Given the best code

– If 12.5% noise-tolerance – At least 10% of the bits distinguishing information leakage

guishing information leakage

g

• Actual linkability depends
• n the biometric
• K. Simoens

3rd Edward van der Meulen Seminar 60

___ lower bound

• - - upper bound

Relative disting

Relative distance

31

Other Results

• Confirmed for quantization schemes

– Buhan, I., J. Breebaart, J. Guajardo Merchan, K.T. de Groot, E. Kelkboom, and T. Akkermans. 2009. A quantitative analysis of , q y indistinguishability for a continuous domain biometric

• cryptosystem. DPM’09. Proc. 78-92.
• Extended

– Buhan, I., J. Guajardo, and E. Kelkboom. 2010. Efficient strategies to play the indistinguishability game for fuzzy sketches. WIFS

• 2010. Proc. pp. 1-6.
• Empirical approach confirmed for transformation-based schemes

– Nagar, A., K. Nandakumar and A.K. Jain. 2010. Biometric template transformation: a security analysis. Proc. SPIE 7541, 75410O.

• Cross-matching based on partially inverted PTs
• K. Simoens

3rd Edward van der Meulen Seminar 61

Remarks

• Additional dimensions

– Data separation (although both PI and AD are supposed to be known to attacker) known to attacker) – Strong and weak irreversibility variants – Multi-template irreversibility!

• Not selected as criteria

– Confidentiality and integrity of PTs – Revocability “Renewability” (ISO 24745): – Renewability (ISO 24745):

• The property of a transform or process to create multiple, independent

transformed biometric references derived from one or more biometric samples obtained from the same data subject and which can be used to recognize the individual while not revealing information about the original reference

• K. Simoens

3rd Edward van der Meulen Seminar 62

32

Multi-Template Irreversibility

• Attack works because code allows subtracting offsets

– Sum of two codewords of linear code is again codeword

• Solution: add additional input permutation

– Kelkboom, E.J.C., J. Breebaart, T.A.M. Kevenaar, I. Buhan, R.N.J. Veldhuis. 2011. Preventing the Decodability Attack Based Cross-Matching in a Fuzzy Commitment Scheme. IEEE

• Trans. on Inf. For. and Sec. 6(1): 107-121.
• PIE(b) : v = c – b * P

– P is a permutation matrix chosen uniformly at random

• PIR(b’, v , P): Dec(v + b’ * P) == c iff dis(b,b’)  t

– Decodability no longer possible due to permutations

• v1 - v2 = c1 - b1*P1 - c2 + b2*P2 = (c1 - c2) + (b2*P2 - b1*P1)

– Equivalent to offsets produced by different codes

• v1*P1
• 1 - v2*P2
• 1 = (c1*P1
• 1 - c2*P2
• 1 ) + (b2 - b1) <= not decodeable!
• K. Simoens

3rd Edward van der Meulen Seminar 63

Multi-Template Irreversibility

• Assume exactly same input b used

– v = v1*P1

• 1 - v2*P2
• 1 = (c1*P1
• 1 - c2*P2
• 1 ) = c – d

– Codewords c and d are from different codes Codewords c and d are from different codes

• Solve linear system of equations

– Linear codes C and D generated by GC and GD – Find x and y such that x*GC - y*GD = v – If codes not properly chosen there is exactly one solution! – Reversed completely : b = x*GC - v1 = y*GD - v2

• In practice inputs are not the same

v = v v = c d + b b = c d + e – v = v1 - v2 = c - d + b2 - b1 = c - d + e – Guess e and try to solve x*GC - y*GD = v - e – #{ e : ||e|| ≤ t }  2n*h(t/n) – Practically infeasible for realistic parameters – Related to the noisy parity problem

• K. Simoens

3rd Edward van der Meulen Seminar 64

b v1 v2 d c v1 - v2

33

Operational Performance

Modality Independence and Interoperability

• Modality Independence

– Definition: flexibility of dealing with different biometric modalities

• r data representations
• r data representations
• Measured as “checklist” with references to

implementation proofs

• Interoperability

– Definition: The degree to which standardized biometric data interchange formats are supported by the BTP algorithm interchange formats are supported by the BTP algorithm

• Measured binary (supporting or not)
• K. Simoens

3rd Edward van der Meulen Seminar 66

34

Quality of performance (QoP)

• Granularity of performance

– Definition: Density of the points in a performance curve in a defined dynamic range of an algorithm parameter or influential factor, with the y g g p , continuous curve as the finest case

• Stability of performance

– Definition: Degree to which a performance curve varies in a defined dynamic range of an algorithm parameter or influential factor

• .

. BTP2 SoP high

O BTP1 SoP low

EER

• .

O BTP1 GoP = 2

EER

• K. Simoens

3rd Edward van der Meulen Seminar 67

• .

. .... ..........

R p

• .

. . .... .......... . BTP2 GoP = 6

R p

Conclusion

68 3rd Edward van der Meulen Seminar

• K. Simoens

35

Conclusion

• Some criteria can be measured precisely
• Others cannot:

– Each protection mechanisms has to be analyzed differently

• Some metrics provide values but do not necessarily indicate utility

– Interpretation of values only has meaning within application context – Benchmarking will requires specific targets (mostly) – Application profile should be established

• Different biometrics and different protection methods

– To a large extent determined by the application – Data representation has an impact p p

• Biometric template protection has yet to mature

– More secure techniques are needed – Performance is an issue (not discussed in this talk) – So far provable security in biometrics is non-existing

• K. Simoens

3rd Edward van der Meulen Seminar 69

Thank you

koen.simoens@esat.kuleuven.be