Diagnostic category leakage in helper data schemes for biometric authentication

Abstract

A helper data scheme (HDS) is a cryptographic primitive that extracts a high-entropy noise-free secret string from noisy data, such as biometrics. A well-known problem is to ensure that the storage of a user-specific helper data string in a database does not reveal any information about the secret. Although Zero Leakage Systems (ZSL) have been proposed, an attacker with a priori knowledge about the enrolled user can still exploit the helper data. In this paper we introduce diagnostic category leakage (DCL), which quantifies what an attacker can infer from helper data about, for instance, a particular medical indication of the enrolled user, her gender, etc. The DCL often is non-zero. Though small per dimension, it can be problematic in high-dimensional biometric authentication systems. Furthermore, partial a priori knowledge on of medical diagnosis of the prover can leak about the secret.