An information-theoretic analysis of revocability and reusability in secure biometrics

Abstract

Secure biometric systems are designed to allow authentication without requiring a reference biometric sample to be stored in the clear at the access control device. Instead, a template extracted from the reference biometric is stored on the device. An enrolled user can be authenticated by the template combined with a legitimate test biometric. However, an attacker who infiltrates the device only discovers the template, which reveals little or no information about the true biometric. We present a general framework for secure biometric authentication systems, and then provide a comparative information-theoretic analysis of two related realizations: (1) fuzzy commitment, in which authentication is framed as a problem of correcting errors between the reference and test biometrics, and (2) secure sketches, in which authentication is framed as a Slepian-Wolf decoding problem. We derive the false reject rates, false accept rates and successful attack rates for both realizations. We also consider the information leaked about a user's biometric identity when the database of biometric templates is compromised. Finally, we analyze a scenario in which the same biometric has been used to generate templates for several access control devices, some of which have been compromised by an adversary. It is shown that, two-factor versions of fuzzy commitment and secure sketch not only allow revocability, but also provide resistance to attacks in which the adversary compromises several databases at the same time.