Privacy Weaknesses in Biometric Sketches

2009 30th IEEE Symposium on Security and Privacy Pub Date : 2009-05-17 DOI:10.1109/SP.2009.24

K. Simoens, P. Tuyls, B. Preneel

{"title":"Privacy Weaknesses in Biometric Sketches","authors":"K. Simoens, P. Tuyls, B. Preneel","doi":"10.1109/SP.2009.24","DOIUrl":null,"url":null,"abstract":"The increasing use of biometrics has given rise to new privacy concerns. Biometric encryption systems have been proposed in order to alleviate such concerns: rather than comparing the biometric data directly, a key is derived from these data and subsequently knowledge of this key is proved. One specific application of biometric encryption is the use of biometric sketches: in this case biometric template data are protected with biometric encryption. We address the question whether one can undermine a user's privacy given access to biometrically encrypted documents, and more in particular, we examine if an attacker can determine whether two documents were encrypted using the same biometric. This is a particular concern for biometric sketches that are deployed in multiple locations: in one scenario the same biometric sketch is deployed everywhere; in a second scenario the same biometric data is protected with two different biometric sketches. We present attacks on template protection schemes that can be described as fuzzy sketches based on error-correcting codes. We demonstrate how to link and reverse protected templates produced by code-offset and bit-permutation sketches.","PeriodicalId":161757,"journal":{"name":"2009 30th IEEE Symposium on Security and Privacy","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"191","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 30th IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2009.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 191

Abstract

The increasing use of biometrics has given rise to new privacy concerns. Biometric encryption systems have been proposed in order to alleviate such concerns: rather than comparing the biometric data directly, a key is derived from these data and subsequently knowledge of this key is proved. One specific application of biometric encryption is the use of biometric sketches: in this case biometric template data are protected with biometric encryption. We address the question whether one can undermine a user's privacy given access to biometrically encrypted documents, and more in particular, we examine if an attacker can determine whether two documents were encrypted using the same biometric. This is a particular concern for biometric sketches that are deployed in multiple locations: in one scenario the same biometric sketch is deployed everywhere; in a second scenario the same biometric data is protected with two different biometric sketches. We present attacks on template protection schemes that can be described as fuzzy sketches based on error-correcting codes. We demonstrate how to link and reverse protected templates produced by code-offset and bit-permutation sketches.

查看原文本刊更多论文

生物识别草图中的隐私缺陷

生物识别技术的日益普及引发了新的隐私问题。生物特征加密系统的提出是为了减轻这种担忧:不是直接比较生物特征数据，而是从这些数据中获得密钥，然后证明该密钥的知识。生物特征加密的一个具体应用是使用生物特征草图:在这种情况下，生物特征模板数据受到生物特征加密的保护。我们解决的问题是，如果访问生物特征加密的文档，是否可以破坏用户的隐私，更具体地说，我们检查攻击者是否可以确定两个文档是否使用相同的生物特征加密。对于部署在多个地点的生物识别草图来说，这是一个特别值得关注的问题:在一个场景中，相同的生物识别草图部署在任何地方;在第二种情况下，相同的生物识别数据由两种不同的生物识别草图保护。我们提出了一种基于纠错码的模糊草图攻击模板保护方案。我们演示了如何链接和反转由代码偏移和位置换草图生成的受保护模板。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 30th IEEE Symposium on Security and Privacy

自引率

0.00%

发文量