Abstract
Biometric information is regarded as highly sensitive information and therefore encryption techniques for biometric information are needed to address security and privacy requirements of biometric information. Most security analyses for these encryption techniques focus on the scenario of one user enrolled in a single biometric system. In practice, biometric systems are deployed at different places and the scenario of one user enrolled in many biometric systems is closer to reality. In this scenario, cross-matching (tracking users enrolled in multiple databases) becomes an important privacy threat. To prevent such cross-matching, various methods to create renewable and indistinguishable biometric references have been published. In this paper, we investigate the indistinguishability or the protection against cross-matching of a continuous-domain biometric cryptosystem, the QIM. In particular our contributions are as follows. Firstly, we present a technique, which allows an adversary to decide whether two protected biometric reference data come from the same person or not. Secondly, we quantify the probability of success of an adversary who plays the indistinguishability game and thirdly, we compare the probability of success of an adversary to the authentication performance of the biometric system for the MCYT fingerprint database. The results indicate that although biometric cryptosystems represent a step in the direction of privacy enhancement, we are not there yet.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Buhan, I.R., Doumen, J., Hartel, P.H., Veldhuis, R.N.J.: Fuzzy extractors for continuous distributions. In: Deng, R., Samarati, P. (eds.) Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Singapore, pp. 353–355. ACM, New York (2007)
Buhan, I.R., Doumen, J., Hartel, P.H., Veldhuis, R.N.J.: Embedding renewable cryptographic keys into continuous noisy data. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 294–310. Springer, Heidelberg (2008)
Chen, B., Wornell, G.W.: Quantization index modulation methods for digital watermarking and information embedding of multimedia. The Journal of VLSI Signal Processing 27(1-2), 7–33 (2001)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley-Interscience, Hoboken (2000)
Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. Journal on Advances in Signal Processing (EURASIP)Â 2008, 17 (2008)
Kelkboom, E., Garcia Molina, G., Breebaart, J., Kevenaar, T.A.M., Veldhuis, R.N.J., Jonker, W.: Binary biometrics: An analytic framework to estimate the performance curves under gaussian assumptions. IEEE Transactions on Systems, Man and Cybernetics (to appear, 2009)
Li, Q., Sutcu, Y., Memon, N.: Secure sketch for biometric templates. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 99–113. Springer, Heidelberg (2006)
Linnartz, J.P., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)
Ortega-Garcia, J., Fierrez-Aguillar, J., Simon, D., Gonzalez, J., Faundez-Zanuy, M., Espinosa, V., Satue, A., Hernaez, I., Igarza, J.-J., Vivaracho, C., Escudero, D., Moro, Q.-I.: Myct baseline corpus: a bimodal biometric database. In: IEEE Proceedings on Vision, Image and Signal Processing, Special Issue on Biometrics on the Internet, vol. 150, pp. 395–401. IEEE Computer Society Press, Los Alamitos (2003)
ISO/IECÂ JTC1 SC27. CD 24745 - information security - biometric template protection
Simoens, K., Tuyls, P., Preneel, B.: Privacy weakness in biometric sketches. In: IEEE Symposium on Security and Privacy, Oakland, California, USA (May 2009)
Tuyls, P., Akkermans, A., Kevenaar, T., Schrijen, G., Bazen, A., Veldhuis, R.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Buhan, I., Breebaart, J., Guajardo, J., de Groot, K., Kelkboom, E., Akkermans, T. (2010). A Quantitative Analysis of Indistinguishability for a Continuous Domain Biometric Cryptosystem. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2009 2009. Lecture Notes in Computer Science, vol 5939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11207-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-11207-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11206-5
Online ISBN: 978-3-642-11207-2
eBook Packages: Computer ScienceComputer Science (R0)