By Topic

A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Ye Wang ; Dept. of Electr. & Comput. Eng., Boston Univ., Boston, MA, USA ; Rane, S. ; Draper, S.C. ; Ishwar, P.

We present a theoretical framework for the analysis of privacy and security trade-offs in secure biometric authentication systems. We use this framework to conduct a comparative information-theoretic analysis of two biometric systems that are based on linear error correction codes, namely fuzzy commitment and secure sketches. We derive upper bounds for the probability of false rejection (PFR) and false acceptance (PFA) for these systems. We use mutual information to quantify the information leaked about a user's biometric identity, in the scenario where one or multiple biometric enrollments of the user are fully or partially compromised. We also quantify the probability of successful attack (PSA) based on the compromised information. Our analysis reveals that fuzzy commitment and secure sketch systems have identical PFR, PFA, PSA, and information leakage, but secure sketch systems have lower storage requirements. We analyze both single-factor (keyless) and two-factor (key-based) variants of secure biometrics, and consider the most general scenarios in which a single user may provide noisy biometric enrollments at several access control devices, some of which may be subsequently compromised by an attacker. Our analysis highlights the revocability and reusability properties of key-based systems and exposes a subtle design trade-off between reducing information leakage from compromised systems and preventing successful attacks on systems whose data have not been compromised.

Published in:

Information Forensics and Security, IEEE Transactions on  (Volume:7 ,  Issue: 6 )
Biometrics Compendium, IEEE
RFIC Virtual Journal, IEEE
RFID Virtual Journal, IEEE