Biometric Template Protection

from Wikipedia, the free encyclopedia

Biometric Template Protection refers to a class of procedures for protecting feature data in biometric person recognition . In contrast to conventional biometric recognition processes, with Biometric Template Protection the biometric feature data ( templates ) determined in the enrollment phase are not saved as reference data. Instead, protected reference data ( Protected Templates ) are generated and saved from the features . These do not allow the features to be reconstructed, but nevertheless enable a check to be made as to whether a biometric feature ( comparison feature ) recorded for authentication is similar enough to the taught-in feature.

Goal setting

Biometric data are subject to the principles of data protection and must be protected against misuse . The protection of the biometric reference data can also be important for the security of the biometric recognition process if it can be overcome by facsimile . The storage of biometric reference data of large groups of people in databases poses a particular risk. Traditional protective mechanisms such as access control or encryption require organizational regulations for the management of access rights and cryptographic keys and can therefore be overcome by internal perpetrators. To counter these risks, biometric template protection processes should have the following properties:

  • The biometric feature data cannot be reconstructed from the stored reference data.
  • The reference data of a person are variable and can be changed so that different reference data of the same person cannot be assigned to one another.

The second property requires that the method for calculating the reference data from the biometric feature is randomized or uses parameters.

Most methods also have the property that no secret data (keys or parameters) have to be stored. This represents a significant advantage over traditional encryption of the stored reference data.

functionality

Since the recording of biometric characteristics - which is required for the calculation of the feature - is almost inevitably associated with inaccuracies and measurement errors, biometric template protection methods must be tolerant with regard to these errors. Cryptological hash functions have no fault tolerance whatsoever and deliver completely different outputs even with a single different bit. Therefore, the storage of hash values, as they are e.g. B. is common with password authentication , do not apply directly to biometric data.

Biometric template protection processes can be roughly divided into two classes according to their functionality:

Transformation process: With these, the biometric feature data is transformed depending on (mostly secret) parameters. The transformation is chosen so that similar input values ​​produce similar outputs. The checking of the biometric features determined during authentication takes place in the transformed domain, i. H. these feature data are also transformed and then compared with the stored reference data. There is no reverse transformation of the stored reference data.

Schematic representation of the functionality of a biometric cryptosystem with cryptological hash function H (x). If the features M and M 'are similar enough, S = S' and the hash value check is successful.

Biometric Cryptosystems: With these processes, non-secret auxiliary data are generated and stored from the biometric features during enrollment. With the help of this auxiliary data, a key is later calculated from the comparison feature presented for authentication and checked for correctness. During enrollment, the key can either be calculated from the feature data or generated randomly and linked with the feature data to the auxiliary data. The key itself is not stored and does not have to be available a priori for authentication. In order to be able to check the correctness of the key, its hash value is stored as a reference.

Biometric cryptosystems are mostly based on general mathematical procedures for fault-tolerant authentication, which can then be applied to various biometric characteristics. The best known of the underlying procedures are Fuzzy Commitment and Fuzzy Vault, both of which are based on error-correcting codes . In many biometric cryptosystems, fault tolerance is also or solely achieved through quantization . The suitable choice of the underlying mathematical method depends on the type and extent of the measurement errors when recording the feature data.

Different designations

Different terms are also used in the literature for biometric template protection, e.g. B. Private biometrics or private templates . Biometric cryptosystems are often referred to as Biometric Encryption or Helper Data System . The term biometric encryption is motivated by the fact that the (secret) key is recovered during authentication, and this method can therefore also be used for encryption and decryption with the aid of biometric data.

standardization

The international standard ISO / IEC 24745 defines requirements and a general model for biometric template protection procedures. In this model, all biometric template protection processes use pseudo identities (PI) as variable identification strings and auxiliary data (AD), which is required to check the features against the stored PIs. Such a standard-compliant system was developed and scientifically evaluated at.

literature

Jeroen Breebaart, Christoph Busch, Justine Grave, Els Kindt: A Reference Architecture for Biometric Template Protection based on Pseudo Identities . In Arslan Brömme, Christoph Busch, Detlef Hühnlein (eds.): BIOSIG 2008 , 2008, pp. 25–37, Lecture Notes in Informatics 137, Gesellschaft für Informatik ( PDF file; 0.2MB )

Ileana Buhan, Emile Kelkboom, Koen Simoens: A Survey of the Security and Privacy Measures for Anonymous Biometric Authentication Systems . International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2010), 2010, IEEE Computer Society ( PDF file; 0.3MB )

Ann Cavoukian, Alex Stoianov: Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security and Privacy . Discussion paper of the Office of the Information and Privacy Commissioner of Ontario, 2007 ( PDF file; 0.5MB ).

Ann Cavoukian, Alex Stoianov: Biometric Encryption: The New Breed of Untraceable Biometrics . In: Nikolaos V. Boulgouris, Konstantinos N. Plataniotis, Evangelia Micheli-Tzanakou (Ed.): Biometrics: Theory, Methods, and Applications , 2009, John Wiley & Sons, Inc., Hoboken, NJ, USA, p. 655– 710, ISBN 978-0470247822

Anil K. Jain, Karthik Nandakumar, Abishek Nagar: Biometric template security . EURASIP Journal on Advances in Signal Processing, Special Issue on Advanced Signal Processing and Pattern Recognition Methods for Biometrics, 2008, Hindawi Publishing Corp. ( PDF file; 2.4MB )

Ari Juels, Martin Wattenberg: A fuzzy commitment scheme . ACM Conference on Computer and Communications Security, 1999, pp. 28-36

Ari Juels, Madhu Sudan: A fuzzy vault scheme . Designs, Codes and Cryptography, Volume 38, Issue 2, 2006, Kluwer Academic Publishers Norwell, MA, USA ( PDF file; 0.2MB )

Johannes Merkle: Biometric data protection - functional principle and opportunities of biometric cryptosystems . <kes> 6/2008, 2008, SecuMedia-Verlags-GmbH ( online version )

Pim Tuyls, Boris Skoric, Tom Kevenaar (Eds.), Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting (Hardcover) , 2007, Springer Verlag, ISBN 978-1846289835

Stefan Billeb: Template Protection for Biometric Speaker Verification - Procedure for the Protection of Sensitive Speaker Models in Biometric Systems , 2015, Akademiker Verlag, ISBN 978-3-639-78994-2

Individual evidence

  1. Anil K. Jain, Karthik Nandakumar, Abishek Nagar: Biometric template security . EURASIP Journal on Advances in Signal Processing, Special Issue on Advanced Signal Processing and Pattern Recognition Methods for Biometrics, 2008
  2. Christoph Busch: ISO 24745 - Biometric Template Protection ( Memento of the original dated December 2, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF; 884 kB). Presentation at IBPC 2010 - Satellite Workshop II, 2010  @1@ 2Template: Webachiv / IABot / biometrics.nist.gov
  3. [ Stefan Billeb: Template Protection for Biometric Speaker Verification - Procedure for the Protection of Sensitive Speaker Models in Biometric Systems ]. ISBN 978-3-639-78994-2 .