Privacy Preserving Biometric Identity...

Privacy Preserving Biometric Identity Verification

Gérard Chollet (IV & CNRS/IMT)Abelino Jiménez (CMU)

Dijana Petrovska-Delacrétaz (TSP/IMT)Bhiksha Raj (CMU)

1

www.intelligentvoice.com

http://www.intelligentvoice.com

http://www.cmu.edu/index.shtml

De-identification for privacy protection

• Multimedia documents

• Biometric data

• Typical use cases :

– Access control

– Border control

– Home banking

– TeleCare

2© Chollet, Petrovska, Raj

New Yorker : July 5th, 1993

• “On the Internet nobody knows you’re a dog” P. Steiner

3

© Chollet, Petrovska, Raj

New Yorker - 22 years later : Feb. 2015

“Remember when, on the Internet, nobody knew who you were!”

4

Outline

• Introduction (Use cases)

• Privacy Issues with biometrics

• Some solutions

• Cryptographic solution to privacy

• Transform based solutions

• Combining Crypto and Transform methods

• Open problems and future work


Table of Contents1. Intro

– Why biometrics– Types of biometrics– Ways of performing them

2. Problems with biometrics:– Points of attack– Privacy– Revocability– Privacy risk continues with conventional

encryption

3. Solution formalisms– Different settings– Cryptographic– Transform based– Combined

4. Cryptographic solution to privacy– Matching in crypto domain – intro– Basics of cryptography– Homomorphic encryption and matching

in the encrypted domain– Functional Encryption

6

5. Transform based solutions– Transform-domain matching– Revocability in transform-domain

matching– Standard methods for transform-

domain matching• Issues with standard methods

– Evaluation protocols

6. Combining Crypto and Transform methods– Shuffling– Converting signal to hashes..

• Hashing methods• Information theoretic security• Secure modular hashing

– Revocability in combination methods

7. Open problems and future work


Table of Contents

1. Introduction

– Identity verification (IV) in general

– Why should we use biometrics for IV ?

– Which biometric modalities ?

– Ways of performing them


Identity Verification and Authentication

• Subject claims an identity

– “I am John Smith”

• System must verify if subject claim is authentic

• Authentication is the result of Verification

• Most common approach: Pass phrases (passwords)

– Demand information from claimant that only John Smith knows

8Intro© Chollet, Petrovska, Raj

A problem with passphrases and encryption

9www.mobilisationlab.org


The problem with passphrases

• Can be easily compromised– Forgotten, stolen, coerced or guessed

• Non-repudiation: No link between actual user and password

– Anyone who has your password can authenticate themselves as you

– You have no (formal) way of denying their claim10

From triangletrip.com

www.mobilisationlab.org

Intro© Chollet, Petrovska, Raj

A solution : Biometric Authentication

• Use a biometric to authenticate the subject– Fingerprint / Vein

– Iris

– Earshape

– Face

– Voice

– Gait

– Signature

– ...

• Combine them,…


Why Biometrics

• Based on what you permanently have– As opposed to something you remember

– Cannot be stolen

• Increasingly used by many services

• Paradoxically, increasingly risky as we will explain!!


Biometric Authentication: Settings

• Local– Authenticating yourself to your local device– E.g. fingerprint login to phone/laptop– E.g. biometric ID card

• Remote– Used to authenticate with remote server– E.g. voice/fingerprint authentication at banks


Terminology

• Terminology

– Identity claimant user

– Identity verifier system

• “User” records biometric

• “System” verifies biometric

14Intro

User System

User

System


Typical Biometric Procedure

• Step 1: Enrollment / Registration

– User “enrolls” with the system using a biometric identifier

• Step 2: Verification

– System “verifies” that the user is who he/she claims to be

• Step 3: Authentication

– If user is successfully verified, system declares the user to be “authentic” and permits him/her to use service/application


Enrollment

• “Training”: “Enroll” biometric of subject with the system

– Fingerprint, Iris, Facial image, Voice, …

• Enrollment

– “Template” one or more examples of biometric

– “Model” Statistical or discriminative model that represents the characteristics of the biometric

– Signature extraction can have multiple stages, including feature extraction and model training

16Intro

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Present Biometric


Verification

• Verification:

• User records instance of appropriate biometric

– And sends to system

• May transmit information extracted from biometric, rather than biometric itself

• System compares received biometric to stored template or model

– If match is good, accepts the subject

• Procedure identical for “local” and “remote” settings

17Intro

Capture Biometric Database

ExtractFeatures

Present Biometric

Compare

Match No match


Verification / Identification

• One-to-one (Verification)

– The user claims an identity which is verified using biometric data

• One-to-many (Identification)

– The user submits his biometric data which is compared to all Templates / Models known to the system. The user can be rejected if there is no match.


Biometric modalities

19

From Nandakumar et al., IEEE Signal Processing Mag, Sept 2015

Intro© Chollet, Petrovska, Raj

Typical Solution: Inexact Match

• Fingerprint: Count the number of minutiae in test fingerprint that match template

• Iris: Compute Hamming distance between Iris codes of test image and template


Table of Contents

2. Problems with biometrics:

– Biometrics are public

– Immutability of biometrics

– Classical user-side attacks

– System-side challenges

– Privacy

– Linkability

– Revocability


Issues: Biometric data are public!!!

• Your face, voice, iris, gait etc. can easily be obtained from public data

– YouTube, public recordings

• Even your fingerprint!

• They are accessible to any adversary22

Problems with Biometrics© Chollet, Petrovska, Raj

Problems

• Your private biometrics can be linked to your public persona

– A system who has your biometrics can now find you on all public fora

• Your enrollment biometrics are accessible to anyone

– A hacker who wants to mimic you can grab your biometrics from a public place

23Problems with Biometrics© Chollet, Petrovska, Raj

Biometrics are permanent

• Your fingerprint is for life

– Biometric patterns in fingerprints may not change significantly with age

• Your IRIS is for life

– Biometric patterns in IRIS may not change significantly with age

• You voice is immutable

– Basic voice patterns are largely invariant

24Problems with Biometrics

NIST IRIS reportLongitudinal study of FP, Yoon and Jain


Problems with permanence

• Once compromised, can never be reused!

– Similar to passwords this way

– Unlike passwords, cannot be changed!

• Biometric is useless for life

• Biometric signatures are identical across services

– E.g . details of your fingerprint are identical in every use

– Every use is compromised

• An adversary who gets your fingerprint can break into every

service or application that authenticates you by your fingerprint

– Unlike passwords


Biometric Challenges

• Typical biometric verification procedure

– Assuming authentic enrollment for illustration

– Fraudulent enrollment must be dealt with using trusted authority

26Problems with Biometrics


ExtractFeatures

Present Biometric

Compare

Match No match


Some possible attacks

27

Theft, modify, abuse of database

Modify template date

7 Templates

6

SensorFeature

extractionMatcher2 4 8

1 3 5

Fake biometric Override Feature Extractor

Replay

Corrupting the Matcher

Tampering with Feature Vector

Override Final Decision

© Chollet, Petrovska, Raj Problems with Biometrics

From Ratha et al. (2001)

Challenge Points: User side

• User side: A spoofer or mimic can duplicate biometric– And can continue to compromise you for the rest of your life

• Biometrics are public: Adversary could easily obtain biometrics from public venues

• Risk identical for “local” and “remote” settings

28

SpoofingMimicry

Problems with Biometrics


ExtractFeatures

Present Biometric

Compare

Match No match


Challenge Points: System Side

29

HackerMalicious server

• System side: Hacker or a malicious server has your biometric

– Can use it to authenticate as you in other services/apps

– Can use it to create synthetic data to mimic/spoof you

– Can use it to track you in other places

• E.g. use voice/IRIS/fingerprint/face to find/track you on YouTube and public fora.

– And possibly use these data to spoof you!



ExtractFeatures

Present Biometric

Compare

Match No match


Challenge Points: System Side

30

HackerMalicious server

• System side: Hacker/Malicious server has biometric

– Can learn undesired information about you

• Fingerprints carry information about health, gender, age

• Voice carries information about health, ethnicity, gender, education, age, etc

• Iris carries information about gender, age, ethnicity

• Etc.

• Risks similar in local and remote settings



ExtractFeatures

Present Biometric

Compare

Match No match


Challenge: Linkability

• Biometric signatures stored by different accounts are very similar

– The fingerprint you store with the passport office is the same as your fingerprint at the bank is the same as your fingerprint in your biometric ID card

• They can be linked

– Agencies could collude to track you

– Big brother can watch you more carefully 31


Challenge: Revocability

• A compromised password can be changed

– It is revocable

• A compromised biometric cannot be changed

– It is not revocable

• Combination of linkability and unrevocability: A compromised biometric cannot be used anywhere again


Challenges in a nutshell

• Privacy: Loss of biometric is permanent loss of privacy

– Adversary can learn about you

• Security: Loss of biometric is permanent loss of security

– Adversary can compromise you in many ways

• Linkability: Biometric signatures stored by different accounts can be cross-linked

– Accounts can be tracked!

• Irrevokability: Unlike passwords, cannot be revoked

– Cannot “withdraw” and “change” biometric!


Proposed solutions

34

BioHashing

BioKey

Cancelable Bio

Revocable Bio BioConvolving

Biotoken

BioConvolving

BioCode

Key Generation

BIO Hash

Hardened Passwords

BIO PKITemplate free BIO

Locked Bio Code

Key Re-Generation

Fuzzy Commitement

Key Binding

Fuzzy extractors

Privacy by designs

Security

Privacy Preserving

Crypto-Biometrics

Repudiation


Table of Contents

3. Solution Formalisms

– Cryptographic

– Transform based

– Crypto-Transforms

– Cryptographic keys and key release


Solution Requirements

• System must not be able to see or recover raw biometric

• System must not be able to see or recover templates/model

• If template/model is compromised, user must be able to replace them!

– Even though biometrics are permanent

• Adversary who has access to biometric must not be able to spoof user

36Solution Formalisms© Chollet, Petrovska, Raj

Typical Solution Assumption

• User has computation-capable device for recording biometric

• User performs some private (user-side) computation to secure biometric on user’s device

• We will indicate user-side and system-side computations using dotted lines

• In “local” settings, both are performed on the same device; in “remote” setting user performs user-side computation, system performs system-side computation

37

User

System

Solution Formalisms

By User By System


Solutions

38

• Solutions must consider both enrollment and

verification phases

– Both must be modified to some extent


ExtractFeaturesPresent

Biometric

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

FeaturesPresent Biometric

Enrollment

Verification

Solution Formalisms© Chollet, Petrovska, Raj

Solution 1: Simple Encryption

39

• Encrypt the signatures prior to storing

– Encryption key belongs to user

– System cannot decrypt without user’s permission

Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Encrypt

Encryption Key

Decrypt Database

Decryption Key

Solution Formalisms

By User By System

By User By System


Encryption

• Encryption annihilates neighborhood information in the data


Simple Encryption Scheme

• Problem: Template/model must be decrypted for matching

– System effectively possesses decrypted biometric template

– Hacker who seizes system possesses decrypted biometric

41

Capture Biometric

ExtractFeatures

Compare

Match No matchVerification

Present Biometric

Decrypt Database

Decryption Key


Simple Encryption Scheme• Not useful in remote setting

– System and user disconnected

– System may be malicious or under hacker control, while user is authentic

• User innocently provides decryption key

• Enables system/hacker to trap biometric

• Useful in “local” setting

– System under the control of person producing biometric

– Hacker who steals local device cannot decipher biometric without decryption key

• Which only actual user knows

– Weaker setting: The decryption key itself is derived from biometric

• Cryptographic key generation from biometric

– If compromised, can be revoked by changing encryption key42


Solution 2: Match in Encrypted Domain

43

• Encrypt the signatures prior to storing

• Encrypt the biometric during testing

• Perform comparison in encrypted domain

Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Encrypt

Encryption Key

Encrypt Database

Encryption Key

Solution Formalisms

By User By System


Matching in Encrypted Domain

• Useful in both local and remote settings

• Revocable: If biometric signature is compromised, simply enroll a freshly encrypted biometric

• Unlinkable: If encryption key used in each service is different

• Accuracy: Performance identical to that obtained without encryption

• Challenge: How does one perform matching in encrypted domain

– Encryption only supports exact match

– Biometric comparison requires inexact match


Solution 3: Transform Biometric

45

• Transform the biometric to distort it, before submitting

– With a transform that has a user-specified transform parameter

• Perform comparison over transformed biometric

Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Transform

Transform Key

Transform Database

Transform Key

Solution Formalisms

By User By System

By User By System


Transform

• Distortions that retain some of the topological structure to enable distance computation


Solution 3: Transform Biometric

47




Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Transform

Transform Key

Transform Database

Transform Key

TRANSFORM MAY APPLY TO EITHER BIOMETRIC OR FEATURES

Solution Formalisms

By User By System


Transforming Biometric

• Useful in both local and remote settings

• Revocable: Change transform to revoke biometric

• Unlinkable: If different transforms are used at each

service

• Challenges:

– Design: How to design a distortion that still permits

meaningful comparison?

– Performance: may degrade due to the transformation

– Security: Generally does not have theoretical guarantees

of cryptography


Solution 4: Cryptographic Transform

49

• Cryptographic transform

– With user-specified key


Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature Database

ExtractFeatures

Enrollment

Verification

Present Biometric

Present Biometric

Transform

Transform/Encryption Key

Transform Database

Transform/Encryption Key

Solution Formalisms

By User By System


Cryptographic Transform

• Security: Partial cryptographic guarantees

– While retaining inexact match ability

• Revocable: Change key to revoke biometric

• Unlinkable: If different keys used at each service

• Challenges:

– Design: How to design a distortion that still permits

meaningful comparison?

– Performance: Can be superior to purely transform-

based methods50


Table of Contents

4. Cryptographic solutions to privacy

– Matching in crypto domain – intro

• Revokability in crypto-domain matching

– Basics of cryptography

– Homomorphic encryption and matching in the encrypted domain


Solution1: Simple Encryption

52

• Encrypt the signatures prior to store

• Problem: Must decrypt before matching

– Unacceptable risk!

cryptographic solutions

Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Encrypt

Encryption Key

Decrypt Database

Decryption Key

By User By System

By User By System



53

• Encrypt the signatures prior storing

• Encrypt the biometric during testing

• Perform comparison in encrypted domain

Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Encrypt

Encryption Key

Encrypt Database

Encryption Key

By User By System

cryptographic solutions© Chollet, Petrovska, Raj

Cryptography Basics

Encryption EK1(.)

Plaintext (M) Ciphertext (C)

Encryption

Key (K1)

EK1(M) = C

A Good Cryptosystem – all the security inherent in the knowledge of keys, and none in the knowledge of algorithms

54cryptographic solutions© Chollet, Petrovska, Raj

Decryption DK2(.)

Ciphertext (C)

Original

Plaintext (M)

Decryption

Key (K2)

DK2(C) = M Lossless transformation!

Cryptography Basics• Symmetric Cryptosystem


EncryptHello! t4$We9 Decrypt Hello!

Client System

=In general

Cryptography Basics• Public-key (asymmetric) Cryptosystem

First described in

(Diffie and Hellman, 1976)


EncryptHello! t4$We9 Decrypt Hello!

Client System

Public key exchange

Anybody can Encrypt!

57

Encryption Not Invertible (without key)

Semantic Security (without key)

Ciphertexts jointly uninformative

1 2 1 2

Properties of Ideal Cryptosystem

Jointly Uninformative: Mutual Information

• Mutual information between any pair/collection of ciphertext messages is 0

• Semantic security model: Mutual information between two separate encryptions of the same message is 0!!


Mutual Information between ciphertexts

Distance between plaintexts

Comparing directly ciphertexts is

USELESS!!


59

Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Encrypt

Encryption Key

Encrypt Database

Encryption Key


Homomorphic Encryption

Allows for operations to be performed onciphertexts without requiring knowledge ofcorresponding plaintexts


Homomorphism Example: RSAPublic key encryption scheme (Rivest, Shamir, Adelman ‘77).

Homomorphic multiplication

• Cannot perform simple addition, however.

• It is not Semantically Secure61

gXXE ][

][)(][][ XYEXYYXYEXE ggg


Homomorphism Example: PaillierPublic key encryption scheme (Pascal Paillier, Eurocrypt 99).

• Homomorphic addition

– Encrypted numbers can be added together.

– Encrypted numbers can be added to non encrypted scalars.

• Homomorphic multiplication:

– Encrypted numbers can be multiplied by a non encrypted scalar.

• Cannot multiply two encrypted numbers (Partially homomorphic)

• It is Semantically Secure! 62

XgXE ][

][][][ YXEgggYEXE YXYX

][][ XYEggXE XYYXY


Fully Homomorphic Encryption (FHE)


Craig Gentry (2009)

It is possible!!

• Now we know several FHE schemes.

• They are not very practical yet.Individual bit-level computations still take too much

time

Computations 100000x to 1000000000000x slower

than unencrypted computation


x

f()

f(x) = ?? I can evaluate f(.) as a service

E [x]

E [f(x)]


Public key exchange

f(x)


65

• User sends encrypted biometrics. System learns an encrypted signature that it cannot decrypt

• User sends encrypted biometric for verification. System performs comparison in encrypted

domain and gets encrypted result

Capture Biometric

Compare

Match No match

Capture Biometric

GenerateSignature Database

Enrollment

Verification

Present Biometric

Present Biometric

Encrypt

Encryption Key

Encrypt Database

Encryption Key

cryptographic solutions

By User By System


Public key exchange

Zero Knowledge Proofs (ZKPs)


DecisionDecision

Decision Decision

User must prove that the last message is the corresponding plaintext of the encrypted message sent by the system, without revealing his private key.

The user can use ZKPs to convince the System

Zero Knowledge Proofs (ZKPs)

• Peggy has a magic word to open a secret door in a cave.

• Victor wants to pay for the secret, but not until he’s sure she knows it

• Peggy will tell the secret but not until she receives the money


Quisquater et al. ’89, figure from Wikipedia

Zero Knowledge Proofs (ZKPs)• Assume that Peggy’s information is a solution to a hard

problem

• Peggy converts her problem to an isomorphic one

• Peggy solves the new problem and commits answer

• Peggy reveals the new instance to Victor

• Victor asks Peggy either to

– prove the instances are isomorphic; or

– open the committed answer and prove it’s a solution

• Repeat n times

• Typical hard problems: finding graph isomorphisms or Hamiltonian cycles (NP-complete problems)


ZKP and authentication


DecisionDecision

Decision Decision

The user proves that the answer she sent is the decryption of the data that the System sent without revealing her secret key.

Functional Encryption

• Encryption is all or nothing

• Can we get something in between?

Given E(X) and E(Y),

we may get F(X,Y), in cleartext!!!

We may not need ZKP.

70

Functional Encryption

• Generate a public key pk and a master secret key msk.

• Given a value k, the algorithm Keygengenerates a secret key sk using (msk,k)

• Besides, we have an Encryption algorithm Encthat computes c from (pk, x), where x is a message.

• F(k,x) can be obtained using Dec from (sk, c)

71

Matching in Encrypted Domain: Conclusion

• Computable and feasible

• Computationally impractical

• Current Area of Research!


Table of Contents

5. Transform based solutions

– Transform-domain matching

– Revocability in transform-domain matching

– Standard methods for transform-domain matching

• Issues with standard methods

– Evaluation protocols


The Problem with Cryptographic Solutions

• Cryptographic techniques “hide” information by “shattering” the space

– All notion of “neighborhood” is destroyed

– Distance/neighborhood-based matching is impossible

74transform based solutions© Chollet, Petrovska, Raj

Alternate solution: Transforms

• Instead of shattering the data space, distort it more continuously

– Transforms that retain some measure of topological continuity

– Permits continued estimation of neighborhood in transform domain


Requirement for Transforms

• Transform must have user-specified parameter/key

– Which controls the actual nature of the transform


Transform-based approach

77




Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Transform

Transform Key

Transform Database

Transform Key

By User By System

By User By System

transform based solutions© Chollet, Petrovska, Raj

Transform-based approach

78




Capture Biometric

ExtractFeatures

Compare

Match No match

Capture Biometric

GenerateSignature

(Template or Model)

DatabaseExtract

Features

Enrollment

Verification

Present Biometric

Present Biometric

Transform

Transform Key

Transform Database

Transform Key

TRANSFORM MAY APPLY TO EITHER BIOMETRIC OR FEATURES

By User By System


Transforms result in two-factor biometrics

• Factor 1: The biometric itself

• Factor 2: The transform parameter/key.

An adversary must be able to capture or replicate both factors for success

Revocability: Upon loss of either factor, it is sufficient to change the transform to revoke the biometric


Transforms result in two-factor biometrics

• Revocability: Upon loss of either factor, revoke biometric by resubmitting it using a different transform key


Evaluating Transforms

1) Nothing stolen: We should have good performance

2) Stolen key

3) Stolen Biometric

4) Everything stolen81

System

System

Criteria for a good transform

• Transformation should hide the biometric

– Transformed biometric should not inform about actual

biometric in any way

• Transformed biometrics should remain discriminative

– A user should not suffer increased false rejection due to

use of transformation

– False acceptances should not increase either

• Difficult to satisfy both criteria simultaneously


Criteria for good transform

• For authentic user, match must be similar in original and transformed domains

• Similarly, for imposter, mismatch must persist in original and transformed domains

• Transformed and untransformed biometric must not match

• Different transforms of the same biometric must not match


Face (with random filters)

• Theoretical claim: MACE (Minimum Average Correlation Energy) filter based recognition

– Does not degrade performance under stolen key scenario

– Improves under stolen biometrics scenario

84

Savvides et. al., 2004


Enrollment Verification

Random Projections

• Several authors have proposed the use of random projections

– X is true biometric

– F is a random projection matrix (Key)

– Y is transformed biometric

– g is typically a quantization of some kind

• Applicable to many different biometrics

• Can greatly increase false rejection or false alarm85


Are transforms sufficient ?

• Transform hides individual biometrics

• System never sees raw biometric

• Revocable: If template/model compromised replace by changing the transform

• Problem scenarios:

– System has your model/template: not possible by design

– System has your biometrics: not possible by design

– System has your transform: not possible by design

– System can guess your transform: it can happen


Are transforms sufficient ?

• Given:

– The functional form of the transform

– A priori information about the distribution of the data

– A large enough sample of the transformed data

– The server can guess the transform

• Then it can find your biometrics in the public domain

– Search for biometric data that, when transformed, matches your model87transform based solutions© Chollet, Petrovska, Raj

Are transforms sufficient

• In mathematical terms:

– The mutual information between the transforms

of different data instances is high

– The transform of any point “informs” about the

transforms of the points close to it88


Challenge

• It is feasible for the adversarial system to guess your transform

– Not necessary for the transform to be invertible

– Most linear and many non-linear transforms fall under this category of “guessable” transforms

• Requirement: even if it is mathematically possible, make the estimation of transform computationally intractable!


Table of Contents

6. Cryptographic Transforms

– Shuffling

– Converting signal to hashes..

• Hashing methods

• Information theoretic security

• Secure modular hashing

– Revocability in combined methods


A more formal approach

• Explicitly shuffle the data– De-shuffling, even with a priori information, is an NP

problem

91crypto- transforms© Chollet, Petrovska, Raj

Bit-block Shuffling

• The biometric feature vector is divided into blocks

• These blocks are aligned with the shuffling key bits

• If a bit in the key is 1, the corresponding block is copied into Part-1; otherwise in Part-2

• The concatenation of Part-1 and Part-2 gives the shuffled biometric data

Block1 Block2 Block3 Block4 Block5 Block6 Block7

Shuffling key

Data to be shuffled (feature vector)

Block1 Block3 Block2Block4 Block7 Block5 Block6Shuffled

data

Concatenate

1 0 1 1 0 0 1

crypto- transforms© Chollet, Petrovska, Raj

Shuffling

• The Hamming distance is not affected by shuffling

– Does not affect match for authentic user

– Does not affect mismatch for imposter who has stolen the user’s shuffling key

• “Stolen key” scenario


Overall properties of the Shuffling Scheme

• Shuffled data is revocable

• Template diversity: different templates for different applications; no cross database matching, tracking

• Improvement in verification performance

– Increases only impostor Hamming distances; genuine Hamming distances remain unchanged

• Protection against stolen biometric data

• Privacy protection

– Biometric data cannot be recovered from the template; so no misuse by reconstruction, e.g., fake fingers


Evaluation Strategy

• Development and test datasets have zero overlap

• Verification performance in terms of FAR, FRR, EER

• Additionally for crypto-biometric systems:

– Important: Verification performance comparison with the underlying baseline biometric system

– Performance in stolen biometric scenario

– Performance in stolen key scenario


Experimental Results

Experiment ICE-Exp1 FRGC-Exp1* FRGC-Exp4*

Baseline 1.71 [±0.11] 7.65 [±0.40] 35.00 [±0.68]

Cancelable 0.23 [±0.04] 0 0

• Baseline – baseline biometric system

• Cancelable – baseline biometric system+shuffling

• Stolen biometric – security scenario when biometric data is stolen

• Stolen key – security scenario when shuffling key is stolen

• Results are in terms of EER in %

Stolen biometric 0.27 [±0.08] 0 0

Stolen key 1.71 [±0.11] 7.65 [±0.40] 35.00 [±0.68]


Hamming distance distributions – before and after shuffling

Better separation between genuine and impostors

ICE-Exp1 FRGC-Exp4*

Before shuffling(baseline)

After shuffling(baseline)


Explicitly considering entropy

• Security of methods presented depends on the entropy of the biometric data itself

– Greater entropy => greater security

– Entropy of stored biometric relates to entropy of biometric

• Required for distance-based inexact matching

• Can we maximize the entropy of the biometric itself

– Without losing ability to perform comparisons


Entropy: Passwords are safe and efficient

• Text passwords are safe and efficient

– Highly secure

– Near instantaneous response

• Reason: Based on exact match

– System stores text password encrypted by a one-way hash function

• E.g. SHA-*

• Even the system cannot decrypt

– Incoming passwords are encrypted identically

– Encrypted incoming password is matched to stored encrypted password

• Cryptographic hash functions are extremely fast to compute

– They also maximize the entropy of the stored password

– Can we use a similar process?


Cryptography: Basics

• A cryptographic hash has function maps variable length

clear text messages to a fixed length cipher text

• Collision Resistant

• The bit pattern of the hash is random

– And uninformative about the underlying cleartext

• Ex:. MD5, SHA-1, SHA-3


Biometric Verification as String Matching

Convert biometric into a “password”

Uninformative fixed-length bit string

Similar to password systems

Simple approach:


Biometric verification by comparing bit strings

Check forExact match

enrollment

Verification• Problems:

– How do we convert biometric to fixed length bit string?

– Must work with real-valued biometrics as well

– How to work with exact match?103

Biometric Verification as String Matching


Locality Sensitive Hashing

[Indyk & Motwani, 1998]104


Euclidean LSH

• A 2-D example• To calculate the first component in the hash key: h1(X)• Generate random vector V1 and bias b1

– (V1, b1) are the user’s private parameter

V1

105

b1


Euclidean LSH

• A 2-D example

• “Stripe” the space orthogonal to the vector V1

• Count stripes starting from bias location

• The first component in the hash key ID of its stripe : h1(X) = 1

V1

0 1 2 3 4 5-5 -4 -3 -2 -1

106

b1


Euclidean LSH

• A 2-D example

• The second component in the hash key : h2(X) = -2– (V2, b2) are also user’s private parameter

V1

V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6

107

b2


Euclidean LSH

• The two-component hash:H(X) = [h1(X) h2(X)] = [1 -2]

– [(V1, b1), (V2, b2)] are the user’s private parameter

V1

0 1 2 3 4 5-5 -4 -3 -2 -1

V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6


Euclidean LSH

• H(X) = [1 -2]

• All vectors in the highlighted cell will have the same LSH key

V1

0 1 2 3 4 5-5 -4 -3 -2 -1

V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6


Verification with Euclidean LSH

• Enrollment: Assume one enrollment recording

– Convert the feature vector for the enrollment utterance to a hash key

• Find a random cell in which it resides


Verification with Euclidean LSH

• Test: Find the hash key for the test vector

– Find the cell it resides in

• If its identical to the enrollment key, accept

– Test and enrollment measurements are in the same cell

• Else reject

– They are in different cells

RejectAccept


Securing the Key

• LSH keys are informative

• But : Two vectors in the same cell have exactly the same key

– Even if the key is cryptographically hashed!

• Apply a cryptographic hash to the LSH key

– User retains the private key to cryptographic hash

– Hashed keys are uninformative

• We can still look for exact match112


The size of the cell

• Increasing the number of components in H(X)

makes the cell smaller

• H(X) = [h1(X) h2(X)]

= [ 1 -2]


• Increasing the number of components in H(X)

makes the cell smaller

• H(X) = [h1(X) h2(X) h3(X) h4(X)]

= [ 1 -2 7 0]

114




• Increasing key length reduced cell size

• Reduced cell size more likely that two vectors that fall in the same cell (have same LSH key) belong to the same speaker

– Very Good!

• Also makes it more likely to miss valid vectors

– Which may fall outside the cell simply because of the vagaries of its shape


Solution: Use many LSH keys• Use multiple LSH Hash functions to produce multiple LSH keys

– Each with k entries

• Each key represents a cell of a different shape and size

116

H1(X): X

H2(X): X

H3(X): X


Using multiple LSH functionsm keys derived from

the same vector

Check if any key matches

Recall: mPrecision: k

117

Each color representsa different key

H1(X) H2(X) H3(X) H4(X) H5(X) H6(X) H7(X) H8(X)


LSH and Authentication

• Enrollment:

– User generates random projections for LSHs

– User generates multiple LSH from enrollment recording, encrypts and sends them to the system

• Projection vectors and biases, and SHA-1 key are all user key

• Evaluation:

– Subject generates random projections for LSHs using the same keys as in training

– System counts number of LSHs that match exactly

• Converted computation of distance between vectors to counting exact matches of LSH hashes


Overall LSH-based Procedure

• The User obtains a set of (vector) Hash functions

H1(.), H2(.), …

– From the system

• Enrollment:

– User records a set of enrollment recordings X1, X2, ..

– User computes keys H1(X1) H1(X2) .. H2(X1) H2(X2)…

• Apply Crypto Hash and sends them to the system

– The system stores all keys


Overall LSH-based Procedure

• Verification:

– User records test recording Y

– User computes H1(Y) H2(Y) …

– Encrypts and sends to system

– System counts

• Score = Si SJ Hj(Y) == Hj(Xi)

– If Score > threshold : Accept

– Else reject


Simplifying

• LSH-based schemes are popular for cancellable biometrics

– Compromised biometric reregister with fresh LSH key

– Complex

• Template/models can get quite large

• Can we simplify?


Information Theoretic Security

• The mutual information between the encryption of any two messages is 0

– Regardless of the distance between them

– The MI between the encryption of any group of messages is 0

• This ensures that you cannot learn about the data simply by viewing large numbers of encrypted messages and studying their patterns



• Encryption techniques that only reveal

information if vectors are very close?

– Still an exponentially hard problem to extract

geometry of high-dimensional data123

Leaky region



• Encryption techniques that only reveal information if vectors are very close?

– Still an exponentially hard problem to extract geometry of high-dimensional data

• With user-selected leakage?124

Leaky region


Information Leakage

• Fully secure: Will not know anything about X unless Y = X

• Leaky: Will get some information about X if Y is within D of X

125

XY

XY


Modifying the Hashing function

• Conventional LSH

V1

0 1 2 3 4 5-5 -4 -3 -2 -1

V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6


Secure Modular Hashes

• Solution: Banded Hashing

– Euclidean LSH with binary output

V1

V20 1 0 1 0 11 0 1 0 10 1 0 0 1

0 1 0 1 0 11 0 1 0 1 0 1


Secure Modular Hashing

• Modular quantization of randomly shifted random projections of data


Obligatory Math


SMH

• Plot of Hamming(Q(X),Q(Y)) vs Euclidean d(X,Y) for different

values of D, and different numbers of bits in Q(X)

Simulations: L-dimensional vectors, M bit hashes


Information Leakage

132

• Only provides information about other vectors that lie within small ball

• Gives you true distance, but only within a cell• How do we use it?


Enrollment• Store hash vectors from user registration data and

imposters

• No further encryption required (naturally immune to information –theoretic leakage)

user

imposter


Verification

Validate if hash of test recording is closer to user templates than imposter templates

claimant

imposter

134

Test recording


Performance on Speech

• YOHO data set– 138 speakers– Spoken sequence of three two-digit numbers

• Stolen key scenario:– Conventional verification using unencrypted data

• Equal Error Rate = 0.33%

– Classification with SMH• Equal Error Rate = 0.5%

• Stolen biometric scenario:– FAR ~ 0%


Crypto-transforms Conclusions

• Best of both worlds

– Simplicity of transform methods

– Some of guarantees of cryptographic methods

– Minimal extra computation

• Revocable and Secure


Table of Contents7. Open problems and future work

– Evaluation of cancelable crypto-biometric systems

– How many times can a BioCode be canceled ?

– Size, entropy

– Private personal templates and models

– Multi-modal biometrics

– Semantic security

– ECC

– Blockchain


Bibliography

The following list is a short list of papers referred to, but not necessarily cited in the presentation by the presenters.


Bibliography• [Aguilar, 2013] Aguilar-Melchor C., Fau S., Fontaine C., Gogniat G. & Sirdey R.. “Recent

Advances in Homomorphic Encryption: a Possible Future for Signal Processing in the Encrypted Domain”, IEEE Signal Processing Magazine Vol 30:2.

• [Ambalakat, 2005] Ambalakat P. “Security of Biometric Authentication Systems”, Computer, 2005

• [Antonijevic, 2010] Antonijevic F. S-J. “Implementation and Evaluation of Privacy Preserving Protocols”, PhD, Yale University.

• [Ballard, 2008] Ballard L., Kamara S. & Reiter M.K. “The practical subtleties of Biometric Key Generation”, Usenix, 2008.

• [Belguechi, 2011] Belguechi R., Alimi V., Cherrier E., Lacharme P. & Rosengerger C. “An overview on Privacy Preserving Biometrics”, in Recent Applications in Biometrics, INTECH, 2011.

• [Bhargav, 2006] Bhargav-Spantzel A., Squicciarini A., Modi S., Young M., Bertino E. & Elliott S. “Privacy Preserving Multi-Factor Authentication with Biometrics”, Proc. 2nd ACM Workshop on DAM, pp 63-72, 2006.

• [Blanton, 2012] Blanton, M. & Aliasgari, M. “Secure Outsourced Computation of Iris Matching”, Journal of Computer Security Vol 20:2-3, pp 259-305, 2012

• [Boufounos, 2011] Boufounos, P. & Rane, S. “Secure Binary Embeddings for Privacy Preserving Nearest Neighbors”, in Proc. IEEE Workshop on Information Forensics and Security, Brazil, Dec. 2011. MERL TR2011-077 139

Bibliography

• [Boyen, 2005] Boyen X., Dodis Y., Katz J., Ostrovsky R. & Smith A. “Secure Remote Authentication using Biometric Data”, Eurocrypt, 2005

• [Bringer, 2007] Bringer J., Chabanne H., Cohen G., Kindarji B.& Zémor G “Optimal Iris Fuzzy Sketches”, arXiv: 0705.3740v1, 2007

• [Bringer, 2008] Bringer J., Chabanne H. & Kindarji B. “The best of both worlds : AppliyingSecure Sketches to Cancelable Biometrics”, Elsevier Science of Computer Programming 74, pp 43-51, 2008

• [Bringer, 2009] Bringer J., Chabanne H. & Kindarji B. “Identification with Encrypted Biometric Data”, arXiv: 0901.1062v2, Sept. 2009

• [Couteau, 2016] Couteau G., Peters T. & Pointcheval D. “Secure Distributed Computation on Private Inputs”, in Foundations and Practice of Security, Springer Vol 9482, pp 14-26, 2016

• [Deswarte, 2010] Deswarte, Y. & Gambs, S. “A proposal for a Privacy Preserving National Id Card”, 4th Int. Workshop on Data Privacy Management, Saint Malo, 2009 Trans on Data Privacy 3, pp 253-276, 2010

• [Devi, 2014] Devi, M. “Secure Crypto Multimodal Biometric System for the Privacy Protection of User Identification”, Int. Journal of Innovative Res. In Computer & Com. Eng. Vol 2:1, March 2014

140

Bibliography

• [Fan, 2009] Fan, C.I. & Lin, Y-H. “Probably Secure Remote Truly Three-factor authentication scheme with privacy protection on biometrics”, IEEE Trans on Info. Forensics and Security, Vol 4:4, pp 933-945, Dec. 2009

• [Fontaine, 2007] Fontaine, C. & Galand, F. “A survey of Homomorphic Encryption for Non specialists”, EURASIP Journal on Information Security

• [Gentry, 2009] Gentry, C. “A fully homomorphic encryption scheme”, PhD thesis, Stanford

• [Gomez, 2016] Gomez-Barrero, M., Fierrez J. & Galbally, J. “Variable-length Template Protection based on Homomorphic Encryption with Application to Signature Biometrics”, 4th International Workshop on Biometrics and Forensics.

• [Goseling, 2004] Goseling, J. & Tyyls, P. “Information-Theoretic Approach to Privacy Protection of Biometric Templates”, ISIT, Chicago, 2004.

• [Gunasinghe, 2014] Gunasinghe, H. & Bertino, E. “Privacy Preserving Biometrics-based and User Centric Authentication Protocol”, in Network and System Security, LNCS Vol 8792, Springer, pp 389-408, 2014

• [Hao, 2005] Hao F., Anderson R. & Daugman, J. “Combining Cryptography with Biometrics effectively”, UCAM Report, July 2005.

141

Bibliography

• [Hirano, 2012] Hirano T., Hattori M., Ito T., Matsuda N. & Mori, T. “HE based cancellable Biometrics secure against Replay and its related attcks”, ISITA, 2012.

• [Hirano, 2013] Hirano T., Hattori M., Ito T.& Matsuda N. “Cryptographically Secure and Efficient Remote Cancelable Biometics based on Public Key Homomorphic Encryption”, in Advances in Info. & Comp. Security Vol 8231 LNCS, Springer, pp 183-200, 2013

• [Huang, 2011] Huang Y., Malka L., Evans D.& Katz, J. “Efficient Privacy-Preserving Biometric Identification”, 18th Network and Distributed System Security Conference, 2011.

• [Jagadesan, 2010]Jagadesan, A. & Duraiswamy, K. “Secured Cryptographic Key Generation from Multimodal Biometrics : Feature Level Fusion of Fingerprint and Iris”, Int. Journal of Comp. Sci. & Info. Security Vol 7:1, 2010.

• [Jain, 2012] Jain, A.K. & Nandakumar, K. “Biometric Authentication : System Security and User Privacy”, IEEE Computer Society, Nov. 2012.

• [Jimenez, 2015] Jimenez A., Raj B., Portelo J. & Trancoso I. “Secure Modular Hashing”. Proc WIFS 2015. Dic 2015.

• [Jimenez, 2017] Jimenez A. & Raj B. “PRIVACY PRESERVING DISTANCE COMPUTATION USING SOMEWHAT-TRUSTED THIRD PARTIES” ICASSP 2017.

• [Johnson, 2012] Johnson R.C., Scheirer W.J. & Boult, T.E. “Secure voice based authentication for mobile devices : Vaulted Voice Verification”, arxiv.org/pdf/1212.0042.pdf, Proc SPIE 8712, 2012

142

Bibliography

• [Kanade, 2009] Kanade S., Petrovska-Delacretaz D. & Dorizzi, B. “Multi-Biometric based cryptographic Key regeneration scheme”, 3rd IEEE Int. Conf. on BTAS, pp 1-7, 2009

• [Kanade, 2012] Kanade S., Petrovska-Delacretaz D. & Dorizzi, B. “Enhancing Information Security and Privacy by Combining Biometrics and Cryptography”, Morgan & Claypool 2012

• [Lagendijk, 2013] Lagendijk, R.L., Erkin, Z. & Barni, M. “Encrypted Signal Processing for Privacy Protection”, IEEE Signal Processing Magazine, pp 82-105, January 2013.

• [Luo, 2009] Luo Y., Cheung S-C. & Ye, S. “Anonymous Biometric Access Control based on HE”, ICME 2009

• [Malallah, 2013] Malallah F.L., Ahmad S.M.S., Adnan W.A.W., Iranmanesh W. & Yussok, S. “Online signature template protection by shuffling and One time pad Schemes with NN verification”, ICCSCM, 2013

• [Naehrig, 2011] Naehrig, M., Lauter, K. & Vaikuntanathan, V. “Can Homomorphic Encryption be Practical ?”, Proc. Of the 3rd ACM Workshop on Cloud Computing Security, pp 113-124

• [Nandakumar, 2015] Nandakumar, K. & Jain, A.K. “Biometric Template Protection : Bridging the Performance Gap between Theory and Practice”, IEEE Signal Processing Mag., Sept. 2015

• [Pathak, 2012] Pathak, M.A., Portêlo, J., Raj, B. & Trancoso, I. “Privacy Preserving Speaker Authentication”, 15th Information Security Conference, pp 1-22

143

Bibliography

• [Pathak, 2013a] Pathak, M.A. “Privacy Preserving Machine Learning for Speech Processing”, PhD Thesis, CMU

• [Pathak, 2013b] Pathak, M.A. & Raj B. “Privacy Preserving Speaker Verification and Identification using GMMs”, IEEE Trans ASLP 21:2, Feb. 2013

• [Petrovska, 2015] Petrovska-Delacretaz D. “Combining Biometrics with Cryptography : Reviews, Difficulties and Solutions”, presented at ATSIP, Monastir, 2015.

• [Pinkas, 2009] Pinkas, B., Schneider T., Smart N. & Williams, S.C. “Secure Two-Party Computation is Practical”, in Advances in Cryptology, ASIACRYPT, LNCS 5912, pp. 250-267.

• [Portêlo, 2013] Portêlo, J., Raj, B., Boufounos P., Trancoso, I. & Abad A. “Speaker Verification using Secure Binary Embeddings”, EUSIPCO, 2013.

• [Portêlo, 2015] Portêlo, J., Raj, B. & Trancoso, I. “Logsum using Garbled Circuits”, PLOS one 10(3), March 2015.

• [Quisquater, 1989] Quisquater, J.-J., Guillou L. C., Berson T. A., “How to explain zero-knoweldge proofs to your children”, Advances in Cryptology – CRYPTO '89: Proceedings 435: 628–631.

• [Rane, 2013] Rane, S & Boufounos, P-T. “Privacy-preserving Nearest Neighbor Methods: Comparing Signals without revealing them”, MERL, TR 2013-004, IEEE Signal Processing Mag. Vol 30:2, pp. 18-28, Feb 2013.

144

Bibliography

• [Rathgeb, 2011] Rathgeb C. & Uhl A. “A survey on Biometric Cryptosystems and Cancelable Biometrics”, EURASIP Journal on Info. Security, 2011

• [Rathgeb, 2012] Rathgeb C. & Busch C. “Multi-biometrics Template Protection : Issues and Challenges”, INTECH, 2012

• [Sarier, 2010] Sarier, N.D. “Practical Multi-factor Biometric Remote Authentication”, 4th IEEE Int. Conf. on BTAS, pp 1-6, 2010

• [Scheidat, 2008] Scheidat, T. & Vielhauer C. “Biometric Hashing for Handwriting : Entropy based Feature Selection and Semantic fusion”, Proc SPIE Conf on Security, Steganography and Watermarking of Multimedia Contents, 2008

• [Scheidat, 2009] Scheidat, T., Vielhauer C. & Dittmann J. “Biometric Hash Generation and User Authentication based on Handwriting using Secure Sketches”, Proc 6th Image and Signal Proc and Analysis Conf, ISPA, 2009

• [Sen, 2013] Sen, J. “Homomorphic Encryption: Theory and Application”, in : Theory and Practice of Cryptography and Network Security Protocols and Technologies, INTECH Publisher

• [Smaragdis, 2007]Smaragdis, P. & Shashanka, M. “A framework for Secure Speech Recognition”, IEEE Trans. ASLP Vol 15:4, pp 1404-1413.

• [Sutcu, 2005] Sutcu Y., Sencar H.T. & Menon, N. “A secure Biometric Authentication Scheme based on Robust Hashing”, Proc. 7th Worshop on Multimedia & Security, pp 111-116, 2005.

145

Bibliography

• [Tang, 2008] Tang Q., Bringer J., Chabanne H. & Pointcheval, D. “A formal study of the Privacy Concerns in Biometric-based Remote Authentication Schemes”, Proc. 4th Inf. Security and exPErience Conf., 2008

• [Toli, 2015] Toli C-A. & Preneel, B. “Biometric Solutions as Privacy Enhancing Technologies”, ADPPCP, 2015

• [Tuyls, 2004a] Tuyls P. & Goseling, J. “Capacity and Examples of Template-Protecting Biometrics Authentification System”, in Biometric Authentication, LNCS 3087, 2004

• [Tuyls, 2004b] Tuyls P., Verbitskiy E., Gosling, J. & Denteneer D. “Privacy Protecting Biometric Authentication Systems : an Overview”, EUSIPCO, 2004

• [Tuyls, 2005] Tuyls P., Akkermans A.H.M., Kevenaar T.A.M., Schrijen G-J., Bazen A.M. & Veldhuis, R.N.J. “Practical Biometric Authentication with Template Protection”, in AVBPA, LNCS Vol. 3546, Springer, pp 436-446, 2005

• [Upmanyu, 2010] Upmanyu M., Namboodiri A.M., Srinathan K. & Jawahar, C.V. “Blind Authentication: A Secure Crypto-Biometric Verification Protocol”, IEEE Trans. Info. Forensics and Security 5:2, 2010

• [Vaikuntanathan, 2011] Vaikuntanathan, V. “Computing Blindfolded: New developments in Fully Homomorphic Encryption”, IEEE 52nd Annual Symposium on FOCS, pp 5-16

• [vanDijk, 2010] Van Dijk, M. & Juels, A., “On the impossibility of cryptography alone for Privacy Preserving Cloud Computing”, Proc. Of HotSec.

• [Verbitskiy, 2003] Verbitskiy E., Tuyls P., Denteneer D. & Linnartz, J.P., “Reliable Biometric Authentication with Binary Protection”, 24th Benelux Symp. On Info. Theory, 2003

146

Bibliography

• [Vielhauer, 2013] Vielhauer C., Dittmann J. & Katzenbeisser, S., “Design Aspects of Secure Biometrics Systems and Biometrics in the Encrypted Domain”, in “Security and privacy in Biometrics”, P. Campisi (Ed.), Springer, pp 25-43, 2013

• [Xie, 2015] Xie, P., Bilenko, M., Finley, T., Gilad-Bachrach, R., Lauter, K. & Naehrig, M., “Crypto-Nets: Neural Networks over Encrypted Data”, ICLR, arXiv: 1412.6181

• [Yi, 2014] Yi, X., Paulet, R. & Bertino, E. (Eds), “Homomorphic Encryption and Applications”, Springer ISBN 978-3-319-12228-1

147

Privacy Preserving Biometric Identity...

Documents

Transcript of Privacy Preserving Biometric Identity...