Abstract
Original language  English 

Qualification  Doctor of Philosophy 
Awarding Institution 

Supervisors/Advisors 

Award date  2 Jun 2009 
Place of Publication  Eindhoven 
Publisher  
Print ISBNs  9789038618326 
DOIs  
Publication status  Published  2009 
Fingerprint
Cite this
}
Secretkey rates and privacy leakage in biometric systems. / Ignatenko, T.
Eindhoven : Technische Universiteit Eindhoven, 2009. 162 p.Research output: Thesis › Phd Thesis 1 (Research TU/e / Graduation TU/e)
TY  THES
T1  Secretkey rates and privacy leakage in biometric systems
AU  Ignatenko, T.
PY  2009
Y1  2009
N2  In this thesis both the generation of secret keys from biometric data and the binding of secret keys to biometric data are investigated. These secret keys can be used to regulate access to sensitive data, services, and environments. In a biometric secrecy system a secret key is generated or chosen during an enrollment procedure in which biometric data are observed for the first time. This key is to be reconstructed after these biometric data are observed for the second time when authentication is required. Since biometric measurements are typically noisy, reliable biometric secrecy systems also extract socalled helper data from the biometric observation at the time of enrollment. These helper data facilitate reliable reconstruction of the secret key in the authentication process. Since the helper data are assumed to be public, they should not contain information about the secret key. We say that the secrecy leakage should be negligible. Important parameters of biometric keygeneration and keybinding systems include the size of the generated or chosen secret key and the information that the helper data contain (leak) about the biometric observation. This latter parameter is called privacy leakage. Ideally the privacy leakage should be small, to prevent the biometric data of an individual from being compromised. Moreover, the secretkey length (also characterized by the secretkey rate) should be large to minimize the probability that the secret key is guessed and unauthorized access is granted. The first part of this thesis mainly focuses on the fundamental tradeoff between the secretkey rate and the privacyleakage rate in biometric secretgeneration and secretbinding systems. This tradeoff is studied from an informationtheoretical perspective for four biometric settings. The first setting is the classical secretgeneration setting as proposed by Maurer [1993] and Ahlswede and Csiszár [1993]. For this setting the achievable secretkey vs. privacyleakage rate region is determined in this thesis. In the second setting the secret key is not generated by the terminals, but independently chosen during enrollment (key binding). Also for this setting the region of achievable secretkey vs. privacyleakage rate pairs is determined. In settings three and four zeroleakage systems are considered. In these systems the public message should contain only a negligible amount of information about both the secret key and the biometric enrollment sequence. To achieve this, a private key is needed, which can be observed only by the two terminals. Again both the secret generation setting and chosen secret setting are considered. For these two cases the regions of achievable secretkey vs. privatekey rate pairs are determined. For all four settings two notions of leakage are considered. Depending on whether one looks at secrecy and privacy leakage separately or in combination, unconditional or conditional privacy leakage is considered. Here unconditional leakage corresponds to the mutual information between the helper data and the biometric enrollment sequence, while the conditional leakage relates to the conditional version of this mutual information, given the secret. The second part of the thesis focuses on the privacy and secrecyleakage analysis of the fuzzy commitment scheme. Fuzzy commitment, proposed by Juels and Wattenberg [1999], is, in fact, a particular realization of a binary biometric secrecy system with a chosen secret key. In this scheme the helper data are constructed as a codeword from an errorcorrecting code, used to encode a chosen secret, masked with the biometric sequence that has been observed during enrollment. Since this scheme is not privacy preserving in the conditional privacyleakage sense, the unconditional privacyleakage case is investigated. Four cases of biometric sources are considered, i.e. memoryless and totallysymmetric biometric sources, memoryless and inputsymmetric biometric sources, memoryless biometric sources, and stationary and ergodic biometric sources. For the first two cases the achievable rateleakage regions are determined. In these cases the secrecy leakage rate need not be positive. For the other two cases only outer bounds on achievable rateleakage regions are found. These bounds, moreover, are sharpened for fuzzy commitment based on systematic paritycheck codes. Using the fundamental tradeoffs found in the first part of this thesis, it is shown that fuzzy commitment is only optimal for memoryless totallysymmetric biometric sources and only at the maximum secretkey rate. Moreover, it is demonstrated that for memoryless and stationary ergodic biometric sources, which are not inputsymmetric, the fuzzy commitment scheme leaks information on both the secret key and the biometric data. Biometric sequences have an often unknown statistical structure (model) that can be quite complex. The last part of this dissertation addresses the problem of finding the maximum a posteriori (MAP) model for a pair of observed biometric sequences and the problem of estimating the maximum secretkey rate from these sequences. A universal source coding procedure called the ContextTreeWeighting (CTW) method [1995] can be used to find this MAP model. In this thesis a procedure that determines the MAP model, based on the socalled betaimplementation of the CTW method, is proposed. Moreover, CTW methods are used to compress the biometric sequences and sequence pairs in order to estimate the mutual information between the sequences. However, CTW methods were primarily developed for compressing onedimensional sources, while biometric data are often modeled as twodimensional processes. Therefore it is proved here that the entropy of a stationary twodimensional source can be expressed as a limit of a series of conditional entropies. This result is also extended to the conditional entropy of one twodimensional source given another one. As a consequence entropy and mutual information estimates can be obtained from CTW methods using properlychosen templates. Using such techniques estimates of the maximum secretkey rate for physical unclonable functions (PUFs) are determined from a dataset of observed sequences. PUFs can be regarded as inanimate analogues of biometrics.
AB  In this thesis both the generation of secret keys from biometric data and the binding of secret keys to biometric data are investigated. These secret keys can be used to regulate access to sensitive data, services, and environments. In a biometric secrecy system a secret key is generated or chosen during an enrollment procedure in which biometric data are observed for the first time. This key is to be reconstructed after these biometric data are observed for the second time when authentication is required. Since biometric measurements are typically noisy, reliable biometric secrecy systems also extract socalled helper data from the biometric observation at the time of enrollment. These helper data facilitate reliable reconstruction of the secret key in the authentication process. Since the helper data are assumed to be public, they should not contain information about the secret key. We say that the secrecy leakage should be negligible. Important parameters of biometric keygeneration and keybinding systems include the size of the generated or chosen secret key and the information that the helper data contain (leak) about the biometric observation. This latter parameter is called privacy leakage. Ideally the privacy leakage should be small, to prevent the biometric data of an individual from being compromised. Moreover, the secretkey length (also characterized by the secretkey rate) should be large to minimize the probability that the secret key is guessed and unauthorized access is granted. The first part of this thesis mainly focuses on the fundamental tradeoff between the secretkey rate and the privacyleakage rate in biometric secretgeneration and secretbinding systems. This tradeoff is studied from an informationtheoretical perspective for four biometric settings. The first setting is the classical secretgeneration setting as proposed by Maurer [1993] and Ahlswede and Csiszár [1993]. For this setting the achievable secretkey vs. privacyleakage rate region is determined in this thesis. In the second setting the secret key is not generated by the terminals, but independently chosen during enrollment (key binding). Also for this setting the region of achievable secretkey vs. privacyleakage rate pairs is determined. In settings three and four zeroleakage systems are considered. In these systems the public message should contain only a negligible amount of information about both the secret key and the biometric enrollment sequence. To achieve this, a private key is needed, which can be observed only by the two terminals. Again both the secret generation setting and chosen secret setting are considered. For these two cases the regions of achievable secretkey vs. privatekey rate pairs are determined. For all four settings two notions of leakage are considered. Depending on whether one looks at secrecy and privacy leakage separately or in combination, unconditional or conditional privacy leakage is considered. Here unconditional leakage corresponds to the mutual information between the helper data and the biometric enrollment sequence, while the conditional leakage relates to the conditional version of this mutual information, given the secret. The second part of the thesis focuses on the privacy and secrecyleakage analysis of the fuzzy commitment scheme. Fuzzy commitment, proposed by Juels and Wattenberg [1999], is, in fact, a particular realization of a binary biometric secrecy system with a chosen secret key. In this scheme the helper data are constructed as a codeword from an errorcorrecting code, used to encode a chosen secret, masked with the biometric sequence that has been observed during enrollment. Since this scheme is not privacy preserving in the conditional privacyleakage sense, the unconditional privacyleakage case is investigated. Four cases of biometric sources are considered, i.e. memoryless and totallysymmetric biometric sources, memoryless and inputsymmetric biometric sources, memoryless biometric sources, and stationary and ergodic biometric sources. For the first two cases the achievable rateleakage regions are determined. In these cases the secrecy leakage rate need not be positive. For the other two cases only outer bounds on achievable rateleakage regions are found. These bounds, moreover, are sharpened for fuzzy commitment based on systematic paritycheck codes. Using the fundamental tradeoffs found in the first part of this thesis, it is shown that fuzzy commitment is only optimal for memoryless totallysymmetric biometric sources and only at the maximum secretkey rate. Moreover, it is demonstrated that for memoryless and stationary ergodic biometric sources, which are not inputsymmetric, the fuzzy commitment scheme leaks information on both the secret key and the biometric data. Biometric sequences have an often unknown statistical structure (model) that can be quite complex. The last part of this dissertation addresses the problem of finding the maximum a posteriori (MAP) model for a pair of observed biometric sequences and the problem of estimating the maximum secretkey rate from these sequences. A universal source coding procedure called the ContextTreeWeighting (CTW) method [1995] can be used to find this MAP model. In this thesis a procedure that determines the MAP model, based on the socalled betaimplementation of the CTW method, is proposed. Moreover, CTW methods are used to compress the biometric sequences and sequence pairs in order to estimate the mutual information between the sequences. However, CTW methods were primarily developed for compressing onedimensional sources, while biometric data are often modeled as twodimensional processes. Therefore it is proved here that the entropy of a stationary twodimensional source can be expressed as a limit of a series of conditional entropies. This result is also extended to the conditional entropy of one twodimensional source given another one. As a consequence entropy and mutual information estimates can be obtained from CTW methods using properlychosen templates. Using such techniques estimates of the maximum secretkey rate for physical unclonable functions (PUFs) are determined from a dataset of observed sequences. PUFs can be regarded as inanimate analogues of biometrics.
U2  10.6100/IR642839
DO  10.6100/IR642839
M3  Phd Thesis 1 (Research TU/e / Graduation TU/e)
SN  9789038618326
PB  Technische Universiteit Eindhoven
CY  Eindhoven
ER 