Book contents
- Frontmatter
- Contents
- List of Contributors
- Preface
- Part I Theoretical Foundations
- Part II Secure Communication
- Part III Secret Key Generation and Authentication
- Part IV Data Systems and Related Applications
- 15 Information Theoretic Analysis of the Performance of Biometric Authentication Systems
- 16 Joint Privacy and Security of Multiple Biometric Systems
- 17 Information Theoretic Approaches to Privacy-Preserving Information Access and Dissemination
- 18 Privacy in the Smart Grid: Information, Control, and Games
- 19 Security in Distributed Storage Systems
- Index
- References
16 - Joint Privacy and Security of Multiple Biometric Systems
from Part IV - Data Systems and Related Applications
Published online by Cambridge University Press: 28 June 2017
- Frontmatter
- Contents
- List of Contributors
- Preface
- Part I Theoretical Foundations
- Part II Secure Communication
- Part III Secret Key Generation and Authentication
- Part IV Data Systems and Related Applications
- 15 Information Theoretic Analysis of the Performance of Biometric Authentication Systems
- 16 Joint Privacy and Security of Multiple Biometric Systems
- 17 Information Theoretic Approaches to Privacy-Preserving Information Access and Dissemination
- 18 Privacy in the Smart Grid: Information, Control, and Games
- 19 Security in Distributed Storage Systems
- Index
- References
Summary
This paper explores the design of biometric authentication in the context of a single user that has enrolled in multiple (distinct) authentication systems. The compromise of some subset of these systems will generally impact both the privacy of the user's biometric information and the security of the balance of the systems. In this work we consider how to design the systems jointly to minimize losses in privacy and security in the case of such compromise. It turns out that there is a tension between the two objectives, resulting in a privacy/security tradeoff.We introduce worst-case privacy and security measures, and consider the tradeoff between them, in the context of the “secure sketch” architecture. Secure sketch systems are based on error correction codes, and the considerations of joint design that we pose result in a novel code design problem. We first study the design problem algebraically and identify an equivalence with a type of subspace packing problem. While the packing problem fully characterizes the design space, it does not yield an explicit characterization. We then turn to a “fixed-basis” subspace of the general design space. We map a relaxed version of the fixed-basis design problem to a linear program which, after exploiting much symmetry, leads to an explicit tradeoff between security and privacy. While we show that fixed-basis designs are restrictive in terms of the achievable privacy/security tradeoffs, they have the advantage of being easily mapped to existing codes (e.g., low-density parity check codes), and thence to immediate deployment. Finally, we conjecture that the achievable privacy/security tradeoff of fixed-basis designs is characterized by an extremely simple analytic expression, one that matches our numerical results.
Introduction
The goal of an authentication system is to ensure that only legitimate individuals gain access to a secured resource or area. Increasingly popular are methods of authentication that use biometric data – unique information present in a person's physical attributes. An example of such a biometric system is a laptop-mounted fingerprint scanner, or an iris scanner at an airport.
- Type
- Chapter
- Information
- Publisher: Cambridge University PressPrint publication year: 2017