On the Security of Biometrics and Fuzzy Commitment Cryptosystems: A Study on Gait Authentication

Abstract

As biometric templates consist of highly correlated features, the real security level offered by biometric authentication systems remains an open research question. In this work we provide new approximations and a lower bound of the security offered by fuzzy commitment schemes. Fuzzy commitment cryptosystems and in general biometric template protection schemes play an important role in allowing for remote storage and processing of biometric data, as they mitigate the threat of biometric template leakage. The use of such schemes would alleviate some of the usability constraints imposed by the state-of-practice local use of biometrics. As such we conduct an in-depth security analysis for IMU based gait authentication systems, where we evaluate the effectiveness of attacks within the scope of two well-defined threat models that target both unprotected and protected systems. A pivotal enabler of our analysis is the development of nine different approaches to gait authentication, which allows us to perform intramodal fusion on these distinct, yet highly correlated biometric templates, and to protect them with a strengthened fuzzy commitment scheme. Our analysis clearly demonstrates the high correlation between the different biometric templates, which, among others, further showcases the threat of biometric template leakage. Furthermore, as our analysis incorporates a threat model that assumes biometric template leakage, it provides metrics for the security provided by the biometric modality itself.