TR2012-051

A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems


    •  Wang, Y.; Rane, S.; Draper, S.C.; Ishwar, P., "A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems", IEEE Transactions on Information Forensics and Security, ISSN: 1556-6013, Vol. 7, No. 6, pp. 1825-1840, July 2012.
      BibTeX Download PDF
      • @article{Wang2012jul,
      • author = {Wang, Y. and Rane, S. and Draper, S.C. and Ishwar, P.},
      • title = {A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems},
      • journal = {IEEE Transactions on Information Forensics and Security},
      • year = 2012,
      • volume = 7,
      • number = 6,
      • pages = {1825--1840},
      • month = jul,
      • issn = {1556-6013},
      • url = {http://www.merl.com/publications/TR2012-051}
      • }
  • MERL Contact:
  • Research Areas:

    Information Security, Multimedia


We present a theoretical framework for the analysis of privacy and security tradeoffs in secure biometric authentication systems. We use this framework to conduct a comparative information-theoretic analysis of two biometric systems that are based on linear error correction codes, namely fuzzy commitment and secure sketches. We derive upper bounds for the probability of false rejection (PFR) and false acceptance (PFA) for these systems. We use mutual information to quantify the information leaked about a user's biometric identity, in the scenario where one or multiple biometric enrollments of the user are fully or partially compromised. We also quantify the probability of successful attack (PSA) based on the compromised information. Our analysis reveals that fuzzy commitment and secure sketch systems have identical PFR; PFA; PSA and information leakage, but secure sketch systems have lower storage requirements. We analyze both single-factor (keyless) and two-factor (key-based) variants of secure biometrics, and consider the most general scenarios in which a single user may provide noisy biometric enrollments at several access control devices, some of which may be subsequently compromised by an attacker. Our analysis highlights the revocability and reusability properties of keybased systems and exposes a subtle design tradeoff between reducing information leakage from compromised systems and preventing successful attacks on systems whose data have not been compromised.