TR2011-005

An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics


    •  Wang, Y., Rane, S., Draper, S.C., Ishwar, P., "An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics", IEEE Information Theory and Applications Workshop (ITA), February 2011.
      BibTeX TR2011-005 PDF
      • @inproceedings{Wang2011feb,
      • author = {Wang, Y. and Rane, S. and Draper, S.C. and Ishwar, P.},
      • title = {An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics},
      • booktitle = {IEEE Information Theory and Applications Workshop (ITA)},
      • year = 2011,
      • month = feb,
      • url = {https://www.merl.com/publications/TR2011-005}
      • }
  • MERL Contact:
  • Research Area:

    Information Security

Abstract:

Secure biometric systems are designed to allow authentication without requiring a reference biometric sample to be stored in the clear at the access control device. Instead, a template extracted from the reference biometric is stored on the device. An enrolled user can be authenticated by the template combined with a legitimate test biometric. However, an attacker who infiltrates the device only discovers the template, which reveals little or no information about the true biometric. We present a general framework for secure biometric authentication systems, and then provide a comparative information-theoretic analysis of two related realizations: (1) fuzzy commitment, in which authentication is framed as a problem of correcting errors between the reference and test biometrics, and (2) secure sketches, in which authentication is framed as a Slepian-Wolf decoding problem. We derive the false reject rates, false accept rates and successful attack rates for both realizations. We also consider the information leaked about a user's biometric identity when the database of biometric templates is compromised. Finally, we analyze a scenario in which the same biometric has been used to generate templates for several access control devices, some of which have been compromised by an adversary. It is shown that, two-factor versions of fuzzy commitment and secure sketch not only allow revocability, but also provide resistance to attacks in which the adversary compromises several databases at the same time.

 

  • Related News & Events

    •  NEWS   ITA 2011: 2 publications by Philip V. Orlik, Shantanu D. Rane and others
      Date: February 6, 2011
      Where: IEEE Information Theory and Applications Workshop (ITA)
      MERL Contact: Philip Orlik
      Brief
      • The papers "An Information-Theoretic Analysis of Revocability and Reusability in Secure Biometrics" by Wang, Y., Rane, S., Draper, S.C. and Ishwar, P. and "Achieving Near-Exponential Diversity on Uncoded Low-Dimensional MIMO, Multi-User and Multi-Carrier Systems without Transmitter CSI" by Annavajjala, R. and Orlik, P.V. were presented at the IEEE Information Theory and Applications Workshop (ITA).
    •