Privacy protection of biometric templates...Technology used in 2011 only: ! Encrypted fingerprint...
Transcript of Privacy protection of biometric templates...Technology used in 2011 only: ! Encrypted fingerprint...
Welcome
Privacy protection of biometric templates
Fraunhofer Forum, Berlin 27. November 2012 Moazzam Butt, Olaf Henniger, Alexander Nouak [email protected] www.igd.fraunhofer.de/idb
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Overview
! Introduction to biometrics
! Risks in biometric systems
! Biometric template protection
! ISO/IEC 24745 – Biometric information protection
! Example of biometric system
! Software demonstration
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Introduction to Biometrics
! Biometrics are techniques that can automatically recognize a person with his/her physiological or behavioral information.
! In comparison with the token or password based authentication, biometrics are strongly linked to persons, cannot be forgotten or handed on.
! Userfriendliness
http://www.brighthub.com http://www.iconnica.com
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Risks in Biometric Systems Sensitive Private Information
! Disease:
! Free floating cyst of iris*
! About 75% transverse palmar crease in case of trisomy 21 or trisomy 13 syndrome**
! The information is irrelevant to authentication
! Genetic information, gender, race …
! Hill climbing attack
*www.eyecancerinfo.com/photogallery/8_47.jpg
** Julia Seidel, �Zusatzinformationen in Fingerbildern�, Hochschule Darmstadt, 2006
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Risks in Biometric Systems Cross Matching
International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt © 2012 Fraunhofer IGD
Risks in Biometric Systems Identity Theft
International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt © 2012 Fraunhofer IGD
Risks in Biometric Systems Invariability
International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt © 2012 Fraunhofer IGD
! The biometric characteristics are not replaceable
Template Protection Protection of Biometric References
International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt © 2012 Fraunhofer IGD
Template Protection
! Similar to UNIX-Password authentication
! Plaintext: etc/password
! id:<login_name>:hash(password)
! Authentication
! hash(input) =?= hash(password)
h(*) x h(x)
easy to encrypt
hard to reverse
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Template Protection Challenge
! Difference between Passwords and biometric data
! Biometric acquisition is subject to variations (intra-class variation + noise)
! Cryptographic one-way function is highly sensitive to small changes in input data,
! Error Correction Coding – ECC
h(01000101) ≠ h(01010101)
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Template Protection An Overview ! It converts biometric data into multiple independent references, from which it is
infeasible and hard to retrieve the original information.
! Biometric template protection is a very important supplement to improve security and enhance privacy protection of biometric systems.
! Irreversibility
! Diversity
! Unlinkability
! Revocability
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Solution Privacy enhancing authentication systems
Fuzzy Commitment Scheme
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Template Protection Techniques
! Template Protection: generates different and independent secure reference templates from a biometric sample
Template Protection
Biometric Crypto Systems
Feature Transformation
Biometric Salting non-invertible Transformation
Biometric Encryption
Biohashing
Cancelable Biometrics
Ordered Features: Fuzzy
Commitment, Shielding Function
Non-ordered
Features: Fuzzy Vault
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Template Protection Framework Unified Architecture
! Standard
! ISO/IEC 24745 (SC27)
! Information technology – Security techniques – Biometric information protection
! Published in 2011
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Template Protection Framework Architecture for renewable biometric references
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Renewable Biometric References Elements in the architecture
! Auxiliary Data – AD ! subject-dependent data, that is part of a renewable biometric reference and may be
required to reconstruct pseudonymous identifiers during verification, or for verification in general
! Pseudonymous Identifier – PI ! part of a renewable biometric reference that represents an individual or data subject
within a certain domain by means of a protected identity that can be verified by means of a captured biometric sample and the auxiliary data (if any)
! Renewable biometric reference ! revocable / renewable identifier that represents an individual or data subject within a
certain domain by means of a protected binary identity (re)constructed from the captured biometric sample
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Biometric Crypto Systems Review
! Biometric Crypto Systems combine Cryptography with error correcting codes
! PI is the secret hash,
! Auxiliary data must be saved additionally
! Comparison on basis of exact match
! Suitable for all biometric modalities
! 2D- and 3D-Face recognition
! Iris recognition
! Fingerprint recognition
! Hand palm vein recognition
! Ear recognition
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Access control to public outdoor pool in Bad Orb (Germany)
! Technology used in 2011 only:
! Encrypted fingerprint template stored in RFID chip card (Mifare)
! Fingerprint comparison in access control terminal
! Purpose:
! To save access-control staff and
! To bind season tickets to their holder
! Voluntary participation: Users signed declaration of consent.
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Access control to public outdoor pool in Bad Orb (Germany)
! Complaint of provincial data protection authority
! after petitions from citizens who do not accept fingerprinting
! Use of fingerprints considered objectionable because of
! Lack of equivalent alternative: Holders of season tickets without fingerprint had to wait for the pool attendant to open the entrance door.
! “Disproportionality” of using fingerprints in local-government services for the public
! Alternative solution:
! No more season tickets (allowing any number of entries during a season),
! RFID chip cards used as rechargeable payment cards at unstaffed access-control terminal instead.
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Access control to public outdoor pool in Bad Orb (Germany)
! Lessons learnt:
! Local-government services for the public:
! Fingerprints will probably not be used.
! Private-sector recreation facilities (fitness clubs etc.):
! On a voluntary basis, fingerprints may be used, with properly protected templates.
! There should be an equivalent alternative for people who do not accept fingerprinting.
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
© 2012 Fraunhofer IGD International Conference of the PRESCIENT Project – 27. November 2012 – Moazzam Butt
Thank You