TR2011-005
An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics
-
- "An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics", IEEE Information Theory and Applications Workshop (ITA), February 2011.BibTeX TR2011-005 PDF
- @inproceedings{Wang2011feb,
- author = {Wang, Y. and Rane, S. and Draper, S.C. and Ishwar, P.},
- title = {An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics},
- booktitle = {IEEE Information Theory and Applications Workshop (ITA)},
- year = 2011,
- month = feb,
- url = {https://www.merl.com/publications/TR2011-005}
- }
,
- "An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics", IEEE Information Theory and Applications Workshop (ITA), February 2011.
-
MERL Contact:
-
Research Area:
Information Security
Abstract:
Secure biometric systems are designed to allow authentication without requiring a reference biometric sample to be stored in the clear at the access control device. Instead, a template extracted from the reference biometric is stored on the device. An enrolled user can be authenticated by the template combined with a legitimate test biometric. However, an attacker who infiltrates the device only discovers the template, which reveals little or no information about the true biometric. We present a general framework for secure biometric authentication systems, and then provide a comparative information-theoretic analysis of two related realizations: (1) fuzzy commitment, in which authentication is framed as a problem of correcting errors between the reference and test biometrics, and (2) secure sketches, in which authentication is framed as a Slepian-Wolf decoding problem. We derive the false reject rates, false accept rates and successful attack rates for both realizations. We also consider the information leaked about a user's biometric identity when the database of biometric templates is compromised. Finally, we analyze a scenario in which the same biometric has been used to generate templates for several access control devices, some of which have been compromised by an adversary. It is shown that, two-factor versions of fuzzy commitment and secure sketch not only allow revocability, but also provide resistance to attacks in which the adversary compromises several databases at the same time.
Related News & Events
-
NEWS ITA 2011: 2 publications by Philip V. Orlik, Shantanu D. Rane and others Date: February 6, 2011
Where: IEEE Information Theory and Applications Workshop (ITA)
MERL Contact: Philip V. OrlikBrief- The papers "An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics" by Wang, Y., Rane, S., Draper, S.C. and Ishwar, P. and "Achieving Near-Exponential Diversity on Uncoded Low-Dimensional MIMO, Multi-User and Multi-Carrier Systems without Transmitter CSI" by Annavajjala, R. and Orlik, P.V. were presented at the IEEE Information Theory and Applications Workshop (ITA).