Information Theoretic Analysis of the Performance of Biometric Authentication Systems

doi:10.1017/9781316450840.016

15 - Information Theoretic Analysis of the Performance of Biometric Authentication Systems

from Part IV - Data Systems and Related Applications

Published online by Cambridge University Press: 28 June 2017

T. Ignatenko and

Edited by

Ashish Khisti and

T. Ignatenko: Affiliation:
Electrical Engineering Department, Eindhoven University of Technology
F. M. J. Willems: Affiliation:
Electrical Engineering Department, Eindhoven University of Technology
Rafael F. Schaefer: Affiliation:
Technische Universität Berlin
Holger Boche: Affiliation:
Technische Universität München
Ashish Khisti: Affiliation:
University of Toronto
H. Vincent Poor: Affiliation:
Princeton University, New Jersey

Book contents

Get access

Summary

In this chapter we analyze the performance of biometric authentication systems in terms of their typical performance measures, i.e., false rejection rate (FRR) and false acceptance rate (FAR). In biometric authentication systems the goal is to reliably authenticate individuals based on their biometric information. Recently, however, it was also concluded that biometric information itself has to be protected in these systems, due to privacy concerns. This gave rise to the development of biometric systems with template protection. In this work we analyze four types of biometric systems, i.e., traditional authentication systems, authentication systems with storage constraints, secret-based authentication systems, and secret-based authentication systems with privacy protection. For all these systems we present the fundamental limits on the false acceptance exponent. Moreover, for the last system we determine the tradeoff between the false acceptance exponent and the amount of information that the exchanged message leaks about the biometric sequence (privacy leakage).

Introduction

Nowadays, securing and regulating access to various systems and services relies heavily on passwords. However, password-based access control systems have a number of drawbacks. From the usability perspective, these systems are not user friendly, since users have to remember a large number of passwords. The latter, in its turn, results in weak security guarantees, since users tend to choose passwords that are easy to remember, and thus also easy to guess, as well as to reuse them in different applications.With the recent advances in biometric technologies, biometric information that uniquely characterizes individuals is a promising alternative to passwords. Biometric authentication is the process of establishing the identity of an individual using measurements of his/her biological characteristics, such as irises, fingerprints, face, etc.

The attractive property of uniqueness of biometrics also introduces privacy concerns related to their use in various access control systems. Unlike passwords, biometric data cannot be easily canceled and substituted with new biometrics, as they are unique for individuals and, moreover, individuals have limited resources of biometric information. Therefore secure storage and communication of biometric information in the corresponding access control systems becomes crucial. The corresponding biometric systems are called systems with template protection.

Type: Chapter
Information: Information Theoretic Security and Privacy of Information Systems , pp. 421 - 444

DOI: https://doi.org/10.1017/9781316450840.016 [Opens in a new window]

Publisher: Cambridge University Press

Print publication year: 2017

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Book purchase

Temporarily unavailable

References

[1] R., Ahlswede and I., Csiszár, “Common randomness in information theory and cryptography – Part I: Secret sharing,” IEEE Trans. Inf. Theory, vol. 39, no. 4, pp. 1121–1132, Jul. 1993.Google Scholar

[2] A., Juels and M., Wattenberg, “A fuzzy commitment scheme,” in Proc. 6th ACM Conf. on Computer and Communications Security, Singapore: ACM Press, Nov. 1999, pp. 26–36.

[3] T., Ignatenko and F. M. J., Willems, “Biometric systems: Privacy and secrecy aspects,” IEEE Trans. Inf. Forensics Security, vol. 4, no. 4, pp. 956–973, Dec. 2009.Google Scholar

[4] S., Wang, S., Rane, S. C., Draper, and P., Ishwar, “An information-theoretic analysis of revocability and reusability in secure biometrics,” in Proc. Inf. Theory Applications Workshop, La Jolla, CA, USA, Feb. 2011, pp. 1–10.

[5] J., Wayman, A., Jain, and D., Maltoni, Eds., Biometric Systems: Technology, Design and Performance Evaluation. London: Springer-Verlag, 2005.

[6] N., Ratha, J., Connell, and R., Bolle, “Enhancing security and privacy in biometrics-based authentication systems,” IBM Syst. J., vol. 40, no. 3, pp. 614–634, 2001.Google Scholar

[7] T. M., Cover and J. A., Thomas, Elements of Information Theory, 2nd edn. Chichester:Wiley & Sons, 2006.

[8] I., Csiszár and J., Körner, Information Theory – Coding Theorems for Discrete Memoryless Systems, 1st edn. Waltham, MA: Academic Press, 1981.

[9] R., Ahlswede and J., Körner, “Source coding with side information and a converse for degraded broadcast channels,” IEEE Trans. Inf. Theory, vol. 21, no. 6, pp. 629–637, Nov. 1975.Google Scholar

[10] R., Ahlswede and I., Csiszár, “Hypothesis testing with communication constraints,” IEEE Trans. Inf. Theory, vol. 32, no. 4, pp. 533–542, Jul. 1986.Google Scholar

[11] S.-W., Ho, “On the interplay between Shannon's information measures and reliability criteria,” in Proc. IEEE Int. Symp. Inf. Theory, Seoul, Korea, Jun. 2009, pp. 154–158.

[12] S.-W., Ho and S., Verdú, “On the interplay between conditional entropy and error probability,” IEEE Trans. Inf. Theory, vol. 56, no. 12, pp. 5930–5942, Dec. 2010.Google Scholar

[13] L., Lai, S.-W., Ho, and H. V., Poor, “Privacy–security trade-offs in biometric security systems – Part I: Single use case,” IEEE Trans. Inf. Forensics Security, vol. 6, no. 1, pp. 122–139, Mar. 2011.Google Scholar

[14] I., Csiszár and P., Narayan, “Common randomness and secret key generation with a helper,” IEEE Trans. Inf. Theory, vol. 46, no. 2, pp. 344–366, Mar. 2000.Google Scholar

[15] R. G., Gallager, Information Theory and Reliable Communication. Chichester: Wiley & Sons, 1968.

[16] A. D., Wyner and J., Ziv, “The rate–distortion function for source coding with side information at the decoder,” IEEE Trans. Inf. Theory, vol. 22, no. 1, pp. 1–10, Jan. 1976.Google Scholar