{"title":"Measuring privacy and security of iris fuzzy commitment","authors":"Xuebing Zhou, C. Busch","doi":"10.1109/CCST.2012.6393553","DOIUrl":null,"url":null,"abstract":"Template protection techniques are important supplements to biometrics, which aim to improve system security and safeguard privacy of users. Their development brings a new challenge of privacy and security assessment especially for real systems. In the paper, we take a close look at fuzzy commitment, which is an efficient and widely used template protection algorithm and demonstrates rigorous assessment of an iris fuzzy commitment scheme using the information-theoretical metrics. For instance, a 56 bit long secret can be derived from iris codes. Instead of iris codes, its hash value is stored. However, due to the dependency of iris codes, the uncertainty of secrets reduces to 11.82 bits given protected templates. It confirms the empirical results that an adversary is able to retrieve the iris features from the protected templates with average number of attempts equal to 210.56 as shown in [1]. The poor security and privacy performance is caused by strong correlation of iris feature and unsuitable coding methods used in the algorithm. The quantitative measurement shown in this paper provides a reference guidance on evaluation of template protection in practice. It helps algorithm developers to show the security and privacy of template protection to end-users and to detect the weaknesses of the algorithms.","PeriodicalId":405531,"journal":{"name":"2012 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2012.6393553","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Template protection techniques are important supplements to biometrics, which aim to improve system security and safeguard privacy of users. Their development brings a new challenge of privacy and security assessment especially for real systems. In the paper, we take a close look at fuzzy commitment, which is an efficient and widely used template protection algorithm and demonstrates rigorous assessment of an iris fuzzy commitment scheme using the information-theoretical metrics. For instance, a 56 bit long secret can be derived from iris codes. Instead of iris codes, its hash value is stored. However, due to the dependency of iris codes, the uncertainty of secrets reduces to 11.82 bits given protected templates. It confirms the empirical results that an adversary is able to retrieve the iris features from the protected templates with average number of attempts equal to 210.56 as shown in [1]. The poor security and privacy performance is caused by strong correlation of iris feature and unsuitable coding methods used in the algorithm. The quantitative measurement shown in this paper provides a reference guidance on evaluation of template protection in practice. It helps algorithm developers to show the security and privacy of template protection to end-users and to detect the weaknesses of the algorithms.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
