Quantifying privacy and security of biometric fuzzy commitment

2011 International Joint Conference on Biometrics (IJCB) Pub Date : 2011-10-11 DOI:10.1109/IJCB.2011.6117543

Xuebing Zhou, Arjan Kuijper, R. Veldhuis, C. Busch

{"title":"Quantifying privacy and security of biometric fuzzy commitment","authors":"Xuebing Zhou, Arjan Kuijper, R. Veldhuis, C. Busch","doi":"10.1109/IJCB.2011.6117543","DOIUrl":null,"url":null,"abstract":"Fuzzy commitment is an efficient template protection algorithm that can improve security and safeguard privacy of biometrics. Existing theoretical security analysis has proved that although privacy leakage is unavoidable, perfect security from information-theoretical points of view is possible when bits extracted from biometric features are uniformly and independently distributed. Unfortunately, this strict condition is difficult to fulfill in practice. In many applications, dependency of binary features is ignored and security is thus suspected to be highly overestimated. This paper gives a comprehensive analysis on security and privacy of fuzzy commitment regarding empirical evaluation. The criteria representing requirements in practical applications are investigated and measured quantitatively in an existing protection system for 3D face recognition. The evaluation results show that a very significant reduction of security and enlargement of privacy leakage occur due to the dependency of biometric features. This work shows that in practice, one has to explicitly measure the security and privacy instead of trusting results under non-realistic assumptions.","PeriodicalId":103913,"journal":{"name":"2011 International Joint Conference on Biometrics (IJCB)","volume":"94 11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"49","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 International Joint Conference on Biometrics (IJCB)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IJCB.2011.6117543","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 49

Abstract

Fuzzy commitment is an efficient template protection algorithm that can improve security and safeguard privacy of biometrics. Existing theoretical security analysis has proved that although privacy leakage is unavoidable, perfect security from information-theoretical points of view is possible when bits extracted from biometric features are uniformly and independently distributed. Unfortunately, this strict condition is difficult to fulfill in practice. In many applications, dependency of binary features is ignored and security is thus suspected to be highly overestimated. This paper gives a comprehensive analysis on security and privacy of fuzzy commitment regarding empirical evaluation. The criteria representing requirements in practical applications are investigated and measured quantitatively in an existing protection system for 3D face recognition. The evaluation results show that a very significant reduction of security and enlargement of privacy leakage occur due to the dependency of biometric features. This work shows that in practice, one has to explicitly measure the security and privacy instead of trusting results under non-realistic assumptions.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

量化生物识别模糊承诺的隐私性和安全性

模糊承诺是一种有效的模板保护算法，可以提高生物特征识别的安全性，保护生物特征识别的隐私性。现有的理论安全性分析证明，虽然隐私泄露是不可避免的，但从信息理论的角度来看，当从生物特征中提取的比特均匀独立分布时，就有可能实现完美的安全性。不幸的是，这种严格的条件在实践中很难实现。在许多应用程序中，忽略了二进制特征的依赖性，因此怀疑安全性被高估了。本文从实证评价的角度对模糊承诺的安全性和保密性进行了综合分析。在现有的三维人脸识别保护系统中，对代表实际应用要求的标准进行了研究和定量测量。评价结果表明，由于生物特征的依赖性，安全性显著降低，隐私泄露增大。这项工作表明，在实践中，人们必须明确地衡量安全性和隐私性，而不是相信非现实假设下的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2011 International Joint Conference on Biometrics (IJCB)

自引率

0.00%

发文量