Controlling Leakage of Biometric Information using Dithering

I.R. Buhan; J.M. Doumen; Pieter H. Hartel

Controlling Leakage of Biometric Information using Dithering

I.R. Buhan, J.M. Doumen, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

8 Citations (Scopus)

64 Downloads (Pure)

Abstract

Fuzzy extractors allow cryptographic keys to be generated from noisy, non-uniform biometric data. Fuzzy extractors can be used to authenticate a user to a server without storing her biometric data directly. However, in the Information Theoretic sense fuzzy extractors will leak information about the biometric data. We propose as alternative to use a fuzzy embedder which fuses an independently generated cryptographic key with biometric data. As fuzzy extractors, a fuzzy embedder can be used to authenticate a user without storing her biometric information or the cryptographic key on a server. A fuzzy embedder will leak in the Information Theoretic sense information about both the biometrics and the cryptographic key. While both types of leakage are important, information leakage of the biometric data is critical since the cryptographic key as opposed to biometric data can be renewed. We show that constructing fuzzy embedders which leak no information about the biometrics is theoretically possible. We present a construction which allows controlling the leakage of biometric information, but which requires a weak secret at the decoder called dither. If this secret is compromised the security of the construction will degrade gracefully.

Original language	Undefined
Title of host publication	16th European Signal Processing Conference
Editors	I.R. Buhan, J.M. Doumen, P.H. Hartel
Place of Publication	Lausanne, Switerland
Publisher	EURASIP, European Association for Signal, Speech and Image Processing
Pages	1569105382
Number of pages	5
ISBN (Print)	978-2-8399-0450-6
Publication status	Published - Aug 2008
Event	16th European Signal Processing Conference - Lausanne, Switzerland Duration: 25 Aug 2008 → 29 Aug 2008 Conference number: 16th https://www.eurasip.org/Proceedings/Eusipco/Eusipco2008/index.html

Publication series

Name	EUSIPCO
Publisher	EURASIP, European Association for Signal, Speech and Image Processing
Number	274

Conference

Conference	16th European Signal Processing Conference
Abbreviated title	EUSIPCO 2008
Country/Territory	Switzerland
City	Lausanne
Period	25/08/08 → 29/08/08
Internet address	https://www.eurasip.org/Proceedings/Eusipco/Eusipco2008/index.html

Keywords

SCS-Cybersecurity
IR-59977
METIS-250978
EWI-12745

Access to Document

http://www.eurasip.org/Proceedings/Eusipco/Eusipco2008/papers/1569105382.pdf

Cite this

Buhan, I. R., Doumen, J. M., & Hartel, P. H. (2008). Controlling Leakage of Biometric Information using Dithering. In I. R. Buhan, J. M. Doumen, & P. H. Hartel (Eds.), 16th European Signal Processing Conference (pp. 1569105382). (EUSIPCO; No. 274). EURASIP, European Association for Signal, Speech and Image Processing. http://www.eurasip.org/Proceedings/Eusipco/Eusipco2008/papers/1569105382.pdf

@inproceedings{0ec59004c6f04afea082438148941182,

title = "Controlling Leakage of Biometric Information using Dithering",

abstract = "Fuzzy extractors allow cryptographic keys to be generated from noisy, non-uniform biometric data. Fuzzy extractors can be used to authenticate a user to a server without storing her biometric data directly. However, in the Information Theoretic sense fuzzy extractors will leak information about the biometric data. We propose as alternative to use a fuzzy embedder which fuses an independently generated cryptographic key with biometric data. As fuzzy extractors, a fuzzy embedder can be used to authenticate a user without storing her biometric information or the cryptographic key on a server. A fuzzy embedder will leak in the Information Theoretic sense information about both the biometrics and the cryptographic key. While both types of leakage are important, information leakage of the biometric data is critical since the cryptographic key as opposed to biometric data can be renewed. We show that constructing fuzzy embedders which leak no information about the biometrics is theoretically possible. We present a construction which allows controlling the leakage of biometric information, but which requires a weak secret at the decoder called dither. If this secret is compromised the security of the construction will degrade gracefully.",

keywords = "SCS-Cybersecurity, IR-59977, METIS-250978, EWI-12745",

author = "I.R. Buhan and J.M. Doumen and Hartel, {Pieter H.}",

year = "2008",

month = aug,

language = "Undefined",

isbn = "978-2-8399-0450-6",

series = "EUSIPCO",

publisher = "EURASIP, European Association for Signal, Speech and Image Processing",

number = "274",

pages = "1569105382",

editor = "I.R. Buhan and J.M. Doumen and P.H. Hartel",

booktitle = "16th European Signal Processing Conference",

note = "null ; Conference date: 25-08-2008 Through 29-08-2008",

url = "https://www.eurasip.org/Proceedings/Eusipco/Eusipco2008/index.html",

}

Buhan, IR, Doumen, JM & Hartel, PH 2008, Controlling Leakage of Biometric Information using Dithering. in IR Buhan, JM Doumen & PH Hartel (eds), 16th European Signal Processing Conference. EUSIPCO, no. 274, EURASIP, European Association for Signal, Speech and Image Processing, Lausanne, Switerland, pp. 1569105382, 16th European Signal Processing Conference, Lausanne, Switzerland, 25/08/08. <http://www.eurasip.org/Proceedings/Eusipco/Eusipco2008/papers/1569105382.pdf>

Controlling Leakage of Biometric Information using Dithering. / Buhan, I.R.; Doumen, J.M.; Hartel, Pieter H.

16th European Signal Processing Conference. ed. / I.R. Buhan; J.M. Doumen; P.H. Hartel. Lausanne, Switerland : EURASIP, European Association for Signal, Speech and Image Processing, 2008. p. 1569105382 (EUSIPCO; No. 274).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Controlling Leakage of Biometric Information using Dithering

AU - Buhan, I.R.

AU - Doumen, J.M.

AU - Hartel, Pieter H.

N1 - Conference code: 16th

PY - 2008/8

Y1 - 2008/8

N2 - Fuzzy extractors allow cryptographic keys to be generated from noisy, non-uniform biometric data. Fuzzy extractors can be used to authenticate a user to a server without storing her biometric data directly. However, in the Information Theoretic sense fuzzy extractors will leak information about the biometric data. We propose as alternative to use a fuzzy embedder which fuses an independently generated cryptographic key with biometric data. As fuzzy extractors, a fuzzy embedder can be used to authenticate a user without storing her biometric information or the cryptographic key on a server. A fuzzy embedder will leak in the Information Theoretic sense information about both the biometrics and the cryptographic key. While both types of leakage are important, information leakage of the biometric data is critical since the cryptographic key as opposed to biometric data can be renewed. We show that constructing fuzzy embedders which leak no information about the biometrics is theoretically possible. We present a construction which allows controlling the leakage of biometric information, but which requires a weak secret at the decoder called dither. If this secret is compromised the security of the construction will degrade gracefully.

AB - Fuzzy extractors allow cryptographic keys to be generated from noisy, non-uniform biometric data. Fuzzy extractors can be used to authenticate a user to a server without storing her biometric data directly. However, in the Information Theoretic sense fuzzy extractors will leak information about the biometric data. We propose as alternative to use a fuzzy embedder which fuses an independently generated cryptographic key with biometric data. As fuzzy extractors, a fuzzy embedder can be used to authenticate a user without storing her biometric information or the cryptographic key on a server. A fuzzy embedder will leak in the Information Theoretic sense information about both the biometrics and the cryptographic key. While both types of leakage are important, information leakage of the biometric data is critical since the cryptographic key as opposed to biometric data can be renewed. We show that constructing fuzzy embedders which leak no information about the biometrics is theoretically possible. We present a construction which allows controlling the leakage of biometric information, but which requires a weak secret at the decoder called dither. If this secret is compromised the security of the construction will degrade gracefully.

KW - SCS-Cybersecurity

KW - IR-59977

KW - METIS-250978

KW - EWI-12745

M3 - Conference contribution

SN - 978-2-8399-0450-6

T3 - EUSIPCO

SP - 1569105382

BT - 16th European Signal Processing Conference

A2 - Buhan, I.R.

A2 - Doumen, J.M.

A2 - Hartel, P.H.

PB - EURASIP, European Association for Signal, Speech and Image Processing

CY - Lausanne, Switerland

Y2 - 25 August 2008 through 29 August 2008

ER -