Outline Privacy Protection for Biometrics Personal Background Threats of biometrics template leakage Authentication Systems Methods of template protection Implementation of template protection Kazuhiko Sumi Problems to be solved Graduate School of Informatics Kyoto University Conclusion Background Effect of Common Template Pros : Popularization of biometrics applications Standardized template is stable Large-scale and multi-vendor Easy to design a new application Social ID systems (passport, driver's license, ...) Certified template can be trusted Enrolled and verified by different organizations Operational cost reduction (no enrollment) Existence of similar systems Global standard ( ISO19794 ) Social ID (passport, license, pension, insurance, ...) Cons : Physical access ( housing, office, membership, … ) IT security ( access, approval, transaction, … ) Possible template leakage Casual applications ( ticket, entertainment, … ) Easy reverse engineering Weak countermeasure against template leakage
Outline Reference Model A biometrics authentication system extracts Background features from scanned biometrics and pattern Threats of biometrics template leakage matches it with enrolled template. Methods of template protection Implementation of template protection It is only one of the many threats in biometrics authentication systems. Problems to be solved However, template leakage is special to biometrics authentication. It is similar to Conclusion secret key leakage but biometrics cannot be changed! Special treatment is required for biometrics template protection. Vulnerability Caused by Template Leakage Leakage Scenario 1 Leakage points If the scanner output is tapped, or, if a template contains raw biometrics, raw Raw sensor data biometrics data can be stolen. Tapping, Trojan horse Some systems have raw Template with raw biometrics Raw biometrics data is critical biometrics for human verifier. data. It should not be exposed (passport, driver's license, ...) Encoded template in a working system or stored in public space. Center database Device to center communication Template in a device Template in a token Encoded template in a abandoned system Template in a device
Leakage Scenario 2 Leakage Scenario 3 Even if a device has encrypted template, Template can be stolen easily from decrypted template can be tapped during interoperable systems with common template authentication process. format and access key. Coming IC Card passport has If the secret key to decrypt standardized template, which is the template is stolen, the readable anywhere. template can be stolen. Mobile Media Is An Encoded Template Safe? Template Recovery Examples From a set of image of different persons, a Even if an attacked target is a black box, an fake image, which is falsely accepted by a effective template or raw biometrics can be face authentication system, can be generated. generated by hill-climbing attack. ( Adler,2003 ) ( Adler,2003 ) Take the closest samples as a starting point. Then, add a principle component in proportion to the similarity gradient on the component. After several times of iterations, the result can fool the authentication system.
Possibility of Hill-climb Attack Outline Most of the biometrics authentication systems Background use a similarity score as an internal variable. Threats of biometrics template leakage If an enough number of starting points are given, it is possible to find the highest point Methods of template protection without being trapped by local minima. Implementation of template protection If the similarity score has a broad curve, it is Problems to be solved If the similarity score has a robust to sample steep curve, it is safer to variations. But hill- Conclusion hill-climbing attack. But it is climbing attack is easy. not robust against sample variations Method of Template Protection Template Encryption Technique Template access control Deformation / translation / block scramble Store a template in a safe place. Phase term in frequency domain Encrypted template storage Convolution / addition with random Store an encrypted template, decrypt it on pattern SAFER matching. Signal removal with error correction code Encrypted template Matching is done in encrypted space. Cancelable template Revoke the template if it is leaked.
Phase Term in Deformation / Scramble Frequency Domain Transform original biometric sample to Deform / transform an image or a frequency domain by FFT. template coordinate with a secret Split off power-spectrum term. Store only function. phase-term in the template. Apply the same deformation / Verification is done in frequency domain. transformation on verification. Pros: Very difficult to restore original signal. Pros: Matching function is backward Robust against hill-climb attack. compatible. Cons: Cons: Hill-climbing vulnerability remains. Less robust against small variation of a biometric sample. Convolution / Addition With Random Patterns Signal Removal Matching is done with convolved templates. In addition to encrypted template, generate Convolved template and their matching error correction code and remove the original scores are stored in template database. signal. If matching scores are similar to those of Removed signal is restored by error original templates, similarity is guaranteed. correction code. Pros: Pros: Very difficult to restore original signal. Difficult to restore original signal. Robust against hill-climb attack. Cons: Cons: Critical with error correction capability and actual Less robust against small variation of samples. recognition error. Critical with number of patterns and trials.
Outline Implementations Background Private template: Cancelable Biometrics Deformation / Transformation / Scramble Threats of biometrics template leakage Bioscript Methods of template protection Phase-term in frequency domain + encryption Implementation of template protection Key hiding Problems to be solved Biometric fuzzy vault Conclusion Encryption Key generation Private Template: Cancelable Biometrics Cancelable Biometrics (Ratha 2001) One-way hash is applied Hash functions: Feature points : to transform blocks, but, block scramble Image template : local relations are kept. morphing Use different hash Pros : Conventional algorithm works. between applications. (backward compatible) Cons : Possibility of hill-climb attack is left. H A S H WARP Cancelable Biometrics: Ratha, IBM 2001
Key Hiding and Retrieval Bioscript (Soutar 1998) The template is encoded with one-way hash Phase-term of Fourier transformed input function. If the matching is succeeded, fingerprint image and a random 2D pattern are secret key, which is transformed by hashed convolved and error correction pattern and template is retrieved. encoded secret key is stored in the template Pros: Cancelable, pattern shift tolerant. Cons: error-correction ability, hashed key exists. Hidden Key Hidden Key Enrollment Verification Bioscript: Soutar 1998 Bioscript: Soutar 1998 Secret Key Retrieved Key Key Generation: general idea Anonymous Biometrics (Linnartz, 2003) Hashed template F(S) and helper data W are Helper data W may be: stored. W restore the image Y, the they are Quantized Index Modulation matched in encrypted space. Matching result Error Correcting Code-scheme itself is the secret key. Significant Components Enrollment Verification Linnartz and Tulys, Anonymous Biometrics, Phillips, 2003
Fingerprint Vault (Clancy 2003) Fingerprint Vault (Uldag 2003) Add random fake minutiae (chaff) to the Use pair of minutiae (line) instead of original template. Bit width matching result is minutiae points used as secret key. Alignment capability Pros: Secret key is not in the template. Cons: Pre-alignment is required. / Not robust against minutiae misdetection. Clancy et al., UMD, 2003 Uldag et al., MSU, 2003 Comparison of Fingerprint Vault (Yang 2004) Key Generation Techniques Use triples of minutiae instead of Paper Title and Author Target Alignment Variation Safety × × ○ minutiae lines Fuzzy vault scheme, Theory only Juels, RSA, 2002 Better alignment capability × × △ Anonymous Biometrics, Theory and Linnartz, 2003 voice Fingerprint × △ ○ Fingerprint vault, Clancy, 2003 (minutiae) Fingerprint × △ ○ Fingerprint vault, Uldag, 2003 (minutiae line) Fingerprint ○ △ ○ Fingerprint vault, Yang, 2004 (minutiae triple) Yang, UCLA, 2004
Outline Remaining Problem Trade-off between safety and robustness. Background Private Template is backward compatible. But, it is Threats of biometrics template leakage not very safe against attack. Key hiding is safer, but, not as safe as key Methods of template protection generation. Robustness is unknown. Implementation of template protection Key generation is safest, but error recovery of minutiae detection requires a lot of computation to Problems to be solved find possible matches and it will result in reduced safety. (more false match) Conclusion Most of the methods are less robust against alignment error and burst error of minutiae templates. Conclusion Survey of template protection techniques. Private template: transform / scramble Key hiding: encrypted template and hidden secret key Thank You! Key generation: encrypted template and generation of secret key Key generation is most promising. Application level implementation is not done yet. Future direction Solve the trade-off between safety and robustness against positional error and unstable minutiae.
Recommend
More recommend
