Hochschule Darmstadt,CRISP,da/secSecurityGroupFinse WinterSchool,May 2017Biometric RecognitionMartaGomez-Barrero

Ø IntroductionØ VulnerabilitiesofBiometricSystemsØ Biometrics&PrivacyFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 2/34

Outline

FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 3/34Introduction

Whybiometricrecognition?Ø WeneedtoidentifyourselvesinadailybasisØ Impossibletoremember100differentpasswordsØ Losingorforgettingourpassword/tokeniseasyFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 4/34

IntroductionWhy not useour body features or behavioural patterns?

BiometriccharacteristicsØ Classification:

o Physiologicalo Behavioural

Ø Properties:o Universality:everybodyshouldpossessito Distinctiveness:shouldhaveenoughintervariabilityo Permanence:shouldnotvarythroughtimeo Collectability:shouldbeeasytoacquireo Performance:shouldhavegooderrorrateso Acceptability:usershouldnotbereluctanttouseito Circumvention:difficulttobypassFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 5/34

Introduction

AdvantagesanddisadvantagesofbiometricsFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 6/34

IntroductionØ Noneed toremember passwords or carrytokensØ Impersonation canbedetectedØ Asinglecharacteristic canbeused inmultipleapplications,without security decreaseØ Spoofing /Presentation Attacks (PA)Ø RenewabilityØ Biometrics arenosecretsØ Sensitiveinformation

Howdoesitwork?FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 7/34

IntroductionEnrollmentSignal Proc.Subsyst. Storage VerificationComparison Signal Proc.Subsyst.Subsyst.Feat.Extractor Feat.ExtractorTr Tr TpComparatorDecision

Example:irisrecognitionFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 8/34

IntroductionSample Segmentation NormalizationTemplate:T FeatureExtraction

VerificationvsIdentificationØ Verification:IamJonDoe(1:1)Ø Identification:Iaminthelist(1:n)FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 9/34

IntroductionTrT1Tn… Yes/noIdentity i/not inthe list

ErrorratesØ Twokindsofcomparisons:Ø Twokindsoferrorrates:

o FalseMatchRate(FMR) – proportionoffalselyacceptednon-matedcomparisontrialso FalseNon-MatchRate(FNMR) – proportionoffalselyrejectedmatedcomparisontrialsFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 10/34

IntroductionMatedComparison Non-MatedComparison[ISO/IEC2382-37HarmonizedBiometrics Vocabulary (HBV)]

EvaluatingtheaccuracyØ Plotmatedandnon-matedscoredistributionsØ Establishaverificationthreshold:𝛿Ø 𝛿 determinestheFMRØ … andtheFNMRFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 11/34

Introduction[ISO/IEC19795 on Biometricperformancetesting andreporting]

ComparingsystemsØ ComparealloperatingpointswithaDetectionErrorTrade-off(DET)curveØ ThepointatwhichFMR=FNMRisdefinedasEqualErrorRate(EER) - thelower,thebetterØ ReportFNMRatfixedFMR– e.g.,FMR=0.1%FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 12/34

Introduction 0.1 0.2 0.5 1 2 5 10 20 40 False Match Rate (%) 0.1 0.2 0.5 1 2 5 10 20 40 False Non-Match Rate (%) DET CurvesIris, EER = 0.6%Face, EER = 6.3%FNMR=19.83%FMR=0.1% EERFNMR=0.58%[ISO/IEC19795 on Biometricperformancetesting andreporting]

Multi-BiometricsystemsØ Advantages

o Higher accuracyo Increased robustness toindividualsensoror subsystem failureso Decreased number ofcaseswhere the system is not able tomake adecisiono Different levels ofsecurityo …

Ø Fusionlevels:o Featurelevelo Scorelevelo Decisionlevel FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 13/34

IntroductionCanbeharder toachieve,butit’s preferred:reducedstorage andhigher security[ISO/IECTR24722on Multimodalandother multibiometric fusion]

FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 14/34VulnerabilitiesofBiometricSystems

ExternalAttacksØ Biometricsystemsarenotfreefromexternalattacks.

FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 15/34VulnerabilitiesFeatureExtractor ComparatorBiometriccharacteristic Sample Querytemplate DecisionReferencetemplatePRESENTATIONATTACKS SOFTWAREATTACKSSensor DB1 2 3 4 5 6 78

VulnerabilityAnalysisØ ProjectsØ CompetitionsØ Standards FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 16/34

Vulnerabilities

HillClimbingattacksFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 17/34

VulnerabilitiesSyntheticTemplates DB AccessGrantedModificationscheme >𝛿<ComparatorAttackedtemplate ScoreTemplate

HCbasedontheUphillSimplexalgorithmFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 18/34

VulnerabilitiesØ Newpoint:

o Computecentroid:o Tryreflection:o Tryexpansionorcontraction:

Ø Stoppingcriteria:o Oneofthepointsofthesimplexiscloseenough=>successo Maximumnumberofiterationsallowedreached=>failure

Example1:FaceFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 19/34

Vulnerabilities Target:EnrolledSampleVerificationThresholdIterationsScores A B C D E FA B C D E FThe attack wassuccessful,andweonly needed accesstothe scores

Example2:FaceandsignatureSuccessRates(SR)Ø Wecanevaluatehowdangeroustheattackisintermsofthesuccessrate:Ø AtdifferentoperationpointsintermsofFMRFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 20/34

VulnerabilitiesFMR(%) FaceSystem SignatureSystem0.05% 100% 92.69%0.01% 100% 87.84%HillClimbing attacks represent arealchallenge tothesecurity offered by biometric systems =>Quantized Scores

HCbasedongeneticalgorithms(I)FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 21/34

VulnerabilitiesØ WestartwitharandompopulationofbinaryindividualsØ Ateachiteration,wegenerateanewpopulationaccordingtofourrules:

o Elite:twoindividualso Selection:stochasticuniversalsamplingo Crossover:scatteredcrossovero Mutation:randomchanges

Ø OurfitnessfunctionisthesimilarityscoreØ Stoppingcriteria:

o Oneoftheindividualsexceedstheverificationthreshold=>successo Scoreincreaseinthelastgenerationsisverysmall=>failureo Maximumnumberofiterationsallowedreached=>failure

HCbasedongeneticalgorithms(II)FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 22/34

Vulnerabilities… … … …… …EliteParents ChildrenMutated children

Example:Iris FMR(%) IrisSystem0.05% 80.89%0.01% 62.36%FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 23/34VulnerabilitiesHillClimbing attacks represent arealchallenge tothesecurity offered by biometric systems =>Quantized Scores

HCAttacksonmulti-biometricsystemsØ Contrarytothebeliefthatitismoredifficulttoattackamulti-biometricsystems,wecancombinethesealgorithmsandsucceedinourattack

Finse WinterSchool ‘17– Biometric Recognition,9/5/17MartaGomez-Barrero 24/34VulnerabilitiesSub-Algorithm 1:Uphill SimplexSub-Algorithm 2:Genetic AlgorithmScore FullTemplateFaceTemplateIrisTemplateFMR(%) FaceSystem IrisSystem Multi-Biometric0.05% 100% 80.89% 100%0.01% 100% 62.36% 100%The multi-biometric system is asvulnerableasthe mostvulnerablecharacteristic

FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 25/34Biometrics&Privacy

Biometrics:sensitivedataØ Widedeploymentofbiometrics:

o Largescalenationalandinternationalprojectso Bankingapps,ATMso Smartphoneunlocking

Ø BiometricsareclassifiedassensitivedataØ AndwecannotpreventdatabasesleakageFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 26/34

Biometrics&Privacy[EU2016/679DataProtection Regulation][EU2016/680DataProtection Directive]

InversebiometricsattacksØ It was acommon belief that the stored templates revealed noinformationabout the biometric characteristics:Ø However,biometric samples canberecovered from the storedunprotected templatesFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 27/34

Biometrics&Privacy

Inversebiometricsattacks:Hill-ClimbingFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 28/34

Biometrics&Privacy[M.Gomez-Barrero etal.,Int.Conf.onBiometrics,2012][M.Gomez-Barrero etal.,InformationSciences,2014][J.Galbally,etal.,ComputerVision&ImageUnderstanding,2013]! ThandTface TirisØ BasedontheHCalgorithmspresentedbefore,wecanreconstructbiometricsamples:

Inversebiometricattacks:ResultsØ Canyoutellthemapart?

FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 29/34Biometrics&PrivacyBiometrics&Privacy

Inversebiometricattacks:anotherapproachFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 30/34

Biometrics&Privacy DBFeatureExtractor Accept/RejectComparatorSensor [Cappelli etal.,IEEETrans.PAMI,2007]ReconstructionProcess Stolen ISOTemplateReconstructedImage[Galbally etal.,PatternRecognitionLetters,2009] PresentationAttack!

Inversebiometricsattacks:SuccessRatesFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 31/34

Biometrics&PrivacyTemplates need tobeprotected,sothat we cannotrecover the biometric sampleFMR(%) Iris Fingerprint(indirect) Fingerprint(PA)0.05% 85.1% 98% 78%0.01% 83.6% 92% 68% Over85%oftheattacksaresuccessful=>Realchallenge!Lowersuccesschances,butmoredifficulttodetectInaddition,Presentation Attacks need tobedetected

Cross-matchingattacksØ We canenroll with asinglecharacteristic indifferent applications

FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 32/34Biometrics&Privacy Same person??Tmail TbankTjobTfacebookTlinkedinTemplates need tobeprotected,sothat noone canfind out on which applications we areenrolled

SummaryØ Dothestoredtemplatesrevealanyinformationabouttheoriginalbiometricsamples?Ø Aremyenrolledtemplatesindifferentrecognitionsystemssomehowrelatedtoeachother?Ø Whatifsomeonestealsatemplateextractedfrommyface?Hasitbeenpermanentlycompromised? FinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 33/34

Biometrics&Privacy IRREVERSIBILITYUNLINKABILITYRENEWABILITY[ISO/IECIS24745on Biometric Information Protection]

MMartaGomez-Barrero(marta.gomez-barrero@h-da.de)

FrominversebiometricsattacktoPAFinseWinterSchool‘17– BiometricRecognition,9/5/17MartaGomez-Barrero 35/34

Biometrics&Privacy

Hochschule Darmstadt,CRISP,da/secSecurityGroupFinse WinterSchool,May 2017Biometric Template ProtectionMartaGomez-Barrero

Ø IntroductionØ SecurityandPrivacyEvaluationØ CancelableBiometricsBasedonBloomFiltersØ BTPBasedonHomomorphicEncryptionØ Summary FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 2/47

Outline

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 3/47Introduction

Protectingthesubject’sprivacyØ Requirements ofBiometric Template Protection:

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 4/47Introduction=? K1KnMale,white,40s… IrreversibilityUnlinkability RenewabilityAtthe same time,accuracy,template size andverification speedmust bepreserved.[ISO/IECIS24745on BiometricInformation Protection]

BiometricTemplateProtectionArchitectureFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 5/47

IntroductionEnrollmentSignal Proc.Subsyst. Storage VerificationComparison Signal Proc.Subsyst.Subsyst.Feat.Extractor PIE PIC Feat.ExtractorPIRPIrAD ADPIr PIpTr TpPI:Pseudonimous IdentifierAD:Auxiliary Data PIE:PIEncoderPIR:PIRecorderPIC:PIComparatorDecision

BTPApproachesFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 6/47

Introduction [Barni etal.,SPM2015][Patel etal.,SPM2015]CancelableBiometricsØ Accuracy dropsØ Permanent irreversibilityØ Unlinkabilitynot analysedØ Computational Complexity PreservedCryptobiometricsØ Accuracy dropsØ Attacks on AD(irreversibility compromised)Ø Unlinkability not analysedØ Computational Complexity PreservedBiometrics inthe Encrypted DomainØ Accuracy preservedØ Permanent irreversibilityØ Unlinkability grantedØ Computational Complexity increased Template Protectionbased on BloomfiltersTemplate Protectionbased on HomomorphicEncryption[Campisi,Springer 2013]

Multi-BiometricsandBTPFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 7/47

IntroductionØ Multi-Biometrics:

o Higher accuracyo Different levels ofsecurityo Three fusion levels:feature,score,decision [ISO/IECTR24722]

Ø Multi-Biometric Template Protection [Rathgeb andBusch,InTech,2012]:o Alignment issueso Different BTPapproaches for different characteristics

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 8/47SecurityandPrivacyEvaluation

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 9/47EvaluationReproducibleResearchPublic DBsPublic BaselineSystems ISORequirements EvaluationAnalysis 1:Accuracy Analysis 2:Irreversibility Analysis 3:UnlinkabilityAnalysis 4a:Robustness toCross-Matching Attacks Analysis 4b:Computational LoadIncrease EvaluationProtocolKnowledgeAttacker

Cross-MatchingAttacksMartaGomez-Barrero 10/30

EvaluationØ We canenroll with asinglecharacteristic indifferent applicationsSame person??Tmail TbankTjobTfacebookTlinkedinFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 11/30EvaluationCross-Matching Attacks:How to?TbankTjobs =DS(Tjob, Tbank) s hereè tryagain!!Ls hereè success!!Js canbethe dissimilarity scoreofthe system or any other dissimilarityscore,such asvalues extracted from partial decoding infuzzy schemesFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

Ø Advantageoftheattackeroverarandomguessingintheindistinguishabilitygameo Problem1:assumesuniformityofdata– notvalidinbiometricso Problem 2:only analysed for fuzzy schemes – not straightforward toapply tocancelablebiometrics,since calculations rely on ECCpropertiesMartaGomez-Barrero 12/30[Simoens09]K.Simoens,P.Tuyls,B.Preneel,“PrivacyWeaknessesinBiometricSketches”,IEEESymp.OnSecurityandPrivacy,2009.[Buhan09]I.Buhan,J.Breebaart,M.Guajardoetal.,“AQuantitativeAnalysisofindistinguishabilityforacontinuousDomainBiometricCryptosystem”,Int.WorkshoponDataPrivacyandManagement,2009.[Buhan10]I.Buhan,E.Kelkboom,J.Guajardo,“EfficientStrategiesforPlayingtheIndistinguishabilityGameforFuzzySketches”,IEEEWorkshoponInformationForensicsandSecurity,2010.

EvaluationUnlinkability Analysis:CurrentStatus(I)Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

Ø Plot aDETcurveofgenuine andimpostorscores,comparingtemplates enrolled indifferent systemMartaGomez-Barrero 13/30 0.1 0.2 0.5 1 2 5 10 20 40 False Match Rate (%) 0.1 0.2 0.5 1 2 5 10 20 40 False Non-Match Rate (%) Unprotected SystemUnlinkability Analysis Wearenotthatgoodanymoreatclassifyingtemplates->Unlinkability achievedForallscoresover0.15,wecanlinkthetemplates->Unlinkability NOTachieved[Nagar10]A.Nagar,K.Nandakumar,A.K.Jain,“BiometricTemplateProtectionTransformation:ASecurityAnalysis”,SPIE,ElectronicImaging,MediaForensicsandSecurity,2010.[Kelkboom11]E.Kelkboom,J.Breebart,T.Kevenaar etal.,“PreventingtheDecodability AttackbasedCross-MatchinginaFuzzyCommitmentScheme”,IEEETIFS,2011.

EvaluationUnlinkability Analysis:CurrentStatus(II)Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

Ø PlotMated andNon-matedsamplesdistributions,fortemplatesprotectedwithdifferentkeys.Ø How toanalyse those distributions?⇒ Kullback-Leibler ()divergenceMartaGomez-Barrero 14/30=0.0 =0.0005 is onlydefined inatiny regionis not bounded:⇒ difficult tocomparesystemsWe need aquantitative,general,bounded measure,e.g.forbenchmarkingincompetitionsEvaluationUnlinkability Analysis:CurrentStatus(III)

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

Unlinkability Analysis:ProposalMartaGomez-Barrero 15/30

EvaluationØ Two measures:

o Localmeasure è for which scoresis the system vulnerable?o Globalmeasure è how canwe comparetwo systemsglobally?

Ø Both bounded in[0,1],anddefined for all dissimilarity scores.Ø Generalmeasures,valid for all BTPschemesFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

FullUnlinkabilityMartaGomez-Barrero 16/30

Evaluation Cannot ensureboth templatesbelong to thesame subjectènoriskNorisk,regardless ofsFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

FullLinkabilityMartaGomez-Barrero 17/30

EvaluationBoth templatesbelong to thesame subjectèhigh risk Both templatesbelong to differentsubjectsè noriskHighrisk,regardless ofs

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 18/30EvaluationSemi-Linkable Scenario AMorelikely bothtemplates belongto the samesubjectèhigh risk Morelikely bothtemplates belongto differentsubjectsè noriskHighrisk only forsome s

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 19/30EvaluationSemi-Linkable Scenario BMost likely bothtemplates belong tothe same subject

èhigh risk Most likely bothtemplates belongto differentsubjectsè noriskHighrisk,for largervalue range sFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 20/30EvaluationLocalmeasure:Background

Ø We areinterested inevaluating:Ø But we don’t know ,Ø HecanuseLRs:Ø Doing some tricks,we get:Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 21/30EvaluationLocalmeasure:finaldefinition

Ø If we know ,usethemtosetØ Otherwise,assumeand Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 22/30EvaluationGlobalmeasure

Ø GlobalmeasureFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

Linkability Scenarios:SummaryMartaGomez-Barrero 23/30

EvaluationFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 24/47CancelableBiometricsBasedonBloomFilters

WhyBloomfilters?FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 25/47

BloomFilters[Bloom,Comm.ofthe ACM 1970][Broder andMitzenmacher,InternetMathematics 2004]Ø BiometricTemplateProtectionbasedonBloomfilters:

o General:successfullyappliedtoiris,face,fingerprint,fingerveino Multimodal:featurelevelfusiono Irreversibility achievedo Accuracy,dependingontheconfiguration,preservedo Templatesize:similarorcompressedo Verificationspeed similar

Ø ButweneedtoaddunlinkabilityØ Andfindawaytofusetemplatesofdifferentsized(Multi-Biometrics)

GeneralarchitectureØ Addingunlinkability:

o Smallcomplexityo Smallimpactonaccuracy

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 26/47BloomfiltersFeatureExtraction BF TemplateProtection Comparison intheProtected DomainDFeatureRe-Arrangement Random shuffling ofbits⇒↑EER>40%

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 27/47Bloomfilters0 0 1 0 0 1 1 0 0 11 1 1 0 1 0 0 1 1 01 0 0 0 1 1 0 0 1 00 0 0 1 0 0 1 0 0 10 0 0 0 0 0 0 0 0 0 0 0 0 0 0 06 4 6 9Re-Arranged Block1 0 11 1 0… … … … … … … … … …0 0 1 Protected TemplatenBits nWords0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 00 0 0 0 1 0 1 0 0 0 0 0 0 0 0 00 1 0 0 1 0 1 0 0 0 1 0 1 0 0 00 1 0 0 1 0 1 0 0 1 1 0 1 0 0 0BloomFilter 2nBits1BFperblock,of2nBitsHow canwe select thisparameters?

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 28/47Bloomfilters|b|=2.4|b’|=1.6 |bfused|=3.2|b’,fused|=3.2To achieve aafusion weight α: Same sizeIf bitis activated here……itisalso activated hereORw XORK1w XORK2w bDifferent number ofkeys=>different α α1- α Setnumber ofkeys intermsof:|bfused|/|b’|MK-XOR pos

AccuracyAnalysisFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 29/47

BloomfiltersAccuracy is preserved atalloperating points 0.1 0.2 0.5 1 2 5 10 20 40 False Match Rate (%) 0.1 0.2 0.5 1 2 5 10 20 40 False Non-Match Rate (%) Accuracy Analysis Face + IrisUnprotected Score, EER = 0.1%BF Face, EER = 4.4%BF Iris, EER = 0.8%BF Score, EER = 0.3%BF Feature, EER = 0.1% 0.1 0.2 0.5 1 2 5 10 20 40 False Match Rate (%) 0.1 0.2 0.5 1 2 5 10 20 40 False Non-Match Rate (%) Accuracy Analysis FaceUnprotected System, EER = 7.0%BF System, EER = 4.3% For the fusion,best accuracyfor protected feature level

IrreversibilityanalysisØ Arethereconstructedunprotectedtemplatessimilartotheoriginalones?

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 30/47Bloomfilters Irreversible:HDbigger than impostorcomparisons[Bringer etal.,ICB2015]VerificationThreshold

MartaGomez-Barrero 31/30BloomfiltersUnlinkability analysis (I)Linkability hasdecreased!JXORSystem +HW,=0.33 NEWSystem +HW,=0.08

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17

MartaGomez-Barrero 32/30BloomfiltersUnlinkability analysis (II)Still room forimprovementLinkability hasbarely increasedJ

Only dissimilarity scoresareneeded tocomputethe metricsFinse WinterSchool ‘17– Biometric Template Protection,9/5/17

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 33/47BTPBasedonHomomorphicEncryption

WhyHomomorphicEncryption?FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 34/47

BTP&HEØ BTPbasedonHomomorphicEncryption:

o Generalo Accuracyfullypreservedo Permanentprotection:allcomputationsintheencrypteddomaino Irreversibility andunlinkability achievedo Renewability withnore-acquisition[Fontaine etal.,EURASIPJ.Inf.Sec. 2007][Lagendijk etal.,IEEESPMag. 2013]Ø Limitationonthenumberofoperationsintheencrypteddomain

Ø Secretkey+protectedtemplate=unprotectedtemplatecompromised

HomomorphicEncryptionØ Practicalimplementation:Paillier Cryptosystem[P.Paillier,EUROCRYPT,1999]Ø HE- Paillier:basedontheDECISIONALCOMPOSITERESIDUOSITYASSUMPTION FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 35/47

BTP&HEDCRA:given acomposite n andand integer z,it is (very)hard todecidewhether there exists y such that:z=yn (mod n2)

AdditiveHomomorphicEncryptionFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 36/47

BTP&HEProduct ofciphertexts Sumofplain textsExponentiation ofciphertext andplain text Product ofplain texts

GeneralarchitectureFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 37/47

BTP&HEFeatureExtraction Distance Computation inthe Encrypted DomainEncryptedTemplatesDProblem 1:what dowestore inthe database?Problem 2:given Tp andE(Tr),how canwecomputeE(d(Tp,Tr))? Additionally,only integervalues canbehandled

Multi-BiometricsFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 38/47

BTP&HE DBServerSTEP1Feature ExtractorExtract TpSTEP3Encrypted DistanceComputeE(S) STEP5ComparatorDecrypt E(S),decideEncryptedTemplatesKey(pk,sk)Client Auth.ServerCommunicationChannelSTEP2:Serversends E(Tr)STEP4:Client sends E(S)CommunicationChannel

EncrypteddistancecomputationFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 39/47

BTP&HEEncrypted Euclidean distance:Given two vectors Tp andE(Tr),oflength FEuclidean distance:Given two vectors Tp andE(Tr),oflength FProbe templateEncrypted referencetemplate stored inDB

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 40/47BTP&HEEncrypted Cosine similarity:Given two vectors Tp andE(Tr),oflength FCosine similarity:Given two vectors Tp andTr,oflength FProbe templateEncrypted referencetemplate stored inDB

AccuracyEvaluationFinse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 41/47

BTP&HE 0.1 0.2 0.5 1 2 5 10 20 40 False Match Rate (%) 0.1 0.2 0.5 1 2 5 10 20 40 False Non-Match Rate (%) Feature Level FusionUnprotected Euc, EER = 0.1Protected Euc, EER = 0.1Unprotected Cos, EER = 3.0Protected Cos, EER = 3.0BioSecurID DB[Fierrez etal.,PAA2009]GlobalFeatures Sign.[Martinez-Diaz etal.,IETBio 2014]Fingercodes [Jain etal.,CVPR1999]4,200mated +17,500non-mated scoresAccuracy is fully preserved atall operating points

Unlinkability AnalysisFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 42/47

BTP&HEFullunlinkability,aslong asthe secret key is not compromised

ComputationalOverheadØ 1realvalue(16bits)è 2,048bitsencryptedè x128increasefactorØ Dependingondistance,morevaluesneedtobestored

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 43/47BTP&HEEuclidean distance template:2F +1encrypted valuesè 70.25KB Cosine distance template:F encrypted valuesè 35KBUnprotected template:F realvaluesè 0.27KBStoragerequirements andcommunication bandwidth multiplied by128- 256However,templates arestill small enough for realtimeapps

Finse WinterSchool ‘17– Biometric Template Protection,9/5/17MartaGomez-Barrero 44/47Summary

Ø MethodologyforastandardizedsecurityandprivacyevaluationofBTPschemesØ BTPschemesbasedonBloomfiltersorHomomorphicEncryptioncomplywithISO/IECIS24745,providingirreversibility,unlinkability,renewabilityandaccuracypreservationØ MBTPschemesbasedonBloomfiltersorHomomorphicEncryptionachievehigheraccuracyandprivacyprotectionFinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 45/47

Summary

FinseWinterSchool‘17– BiometricTemplateProtection,9/5/17MartaGomez-Barrero 46/47Summary

Ø HEadvantages:o Full accuracy preservationo Revocabilitywithnore-acquisitiono Higherdegreeof unlinkabilityØ Bloomfiltersadvantages:

o Compressed templateso Irreversibility evenifkeyiscompromisedo Low computationalload

Ø Bloomfilterslimitations:o Someaccuracydegradationdependingonfeatureextractorso SomeaccuracydegradationatlowFMRs Ø HElimitations:

o Keycompromisedè reversibleo Storagerequirements x128

MMartaGomez-Barrero(marta.gomez-barrero@h-da.de)