privacy preserving biometric identity...
TRANSCRIPT
Privacy Preserving Biometric Identity Verification
Gérard Chollet (IV & CNRS/IMT)Abelino Jiménez (CMU)
Dijana Petrovska-Delacrétaz (TSP/IMT)Bhiksha Raj (CMU)
1
www.intelligentvoice.com
De-identification for privacy protection
• Multimedia documents
• Biometric data
• Typical use cases :
– Access control
– Border control
– Home banking
– TeleCare
2© Chollet, Petrovska, Raj
New Yorker : July 5th, 1993
• “On the Internet nobody knows you’re a dog” P. Steiner
3
© Chollet, Petrovska, Raj
New Yorker - 22 years later : Feb. 2015
“Remember when, on the Internet, nobody knew who you were!”
4
Outline
• Introduction (Use cases)
• Privacy Issues with biometrics
• Some solutions
• Cryptographic solution to privacy
• Transform based solutions
• Combining Crypto and Transform methods
• Open problems and future work
5© Chollet, Petrovska, Raj
Table of Contents1. Intro
– Why biometrics– Types of biometrics– Ways of performing them
2. Problems with biometrics:– Points of attack– Privacy– Revocability– Privacy risk continues with conventional
encryption
3. Solution formalisms– Different settings– Cryptographic– Transform based– Combined
4. Cryptographic solution to privacy– Matching in crypto domain – intro– Basics of cryptography– Homomorphic encryption and matching
in the encrypted domain– Functional Encryption
6
5. Transform based solutions– Transform-domain matching– Revocability in transform-domain
matching– Standard methods for transform-
domain matching• Issues with standard methods
– Evaluation protocols
6. Combining Crypto and Transform methods– Shuffling– Converting signal to hashes..
• Hashing methods• Information theoretic security• Secure modular hashing
– Revocability in combination methods
7. Open problems and future work
© Chollet, Petrovska, Raj
Table of Contents
1. Introduction
– Identity verification (IV) in general
– Why should we use biometrics for IV ?
– Which biometric modalities ?
– Ways of performing them
7© Chollet, Petrovska, Raj
Identity Verification and Authentication
• Subject claims an identity
– “I am John Smith”
• System must verify if subject claim is authentic
• Authentication is the result of Verification
• Most common approach: Pass phrases (passwords)
– Demand information from claimant that only John Smith knows
8Intro© Chollet, Petrovska, Raj
The problem with passphrases
• Can be easily compromised– Forgotten, stolen, coerced or guessed
• Non-repudiation: No link between actual user and password
– Anyone who has your password can authenticate themselves as you
– You have no (formal) way of denying their claim10
From triangletrip.com
www.mobilisationlab.org
Intro© Chollet, Petrovska, Raj
A solution : Biometric Authentication
• Use a biometric to authenticate the subject– Fingerprint / Vein
– Iris
– Earshape
– Face
– Voice
– Gait
– Signature
– ...
• Combine them,…
11Intro© Chollet, Petrovska, Raj
Why Biometrics
• Based on what you permanently have– As opposed to something you remember
– Cannot be stolen
• Increasingly used by many services
• Paradoxically, increasingly risky as we will explain!!
12Intro© Chollet, Petrovska, Raj
Biometric Authentication: Settings
• Local– Authenticating yourself to your local device– E.g. fingerprint login to phone/laptop– E.g. biometric ID card
• Remote– Used to authenticate with remote server– E.g. voice/fingerprint authentication at banks
13Intro© Chollet, Petrovska, Raj
Terminology
• Terminology
– Identity claimant user
– Identity verifier system
• “User” records biometric
• “System” verifies biometric
14Intro
User System
User
System
© Chollet, Petrovska, Raj
Typical Biometric Procedure
• Step 1: Enrollment / Registration
– User “enrolls” with the system using a biometric identifier
• Step 2: Verification
– System “verifies” that the user is who he/she claims to be
• Step 3: Authentication
– If user is successfully verified, system declares the user to be “authentic” and permits him/her to use service/application
15Intro© Chollet, Petrovska, Raj
Enrollment
• “Training”: “Enroll” biometric of subject with the system
– Fingerprint, Iris, Facial image, Voice, …
• Enrollment
– “Template” one or more examples of biometric
– “Model” Statistical or discriminative model that represents the characteristics of the biometric
– Signature extraction can have multiple stages, including feature extraction and model training
16Intro
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Present Biometric
© Chollet, Petrovska, Raj
Verification
• Verification:
• User records instance of appropriate biometric
– And sends to system
• May transmit information extracted from biometric, rather than biometric itself
• System compares received biometric to stored template or model
– If match is good, accepts the subject
• Procedure identical for “local” and “remote” settings
17Intro
Capture Biometric Database
ExtractFeatures
Present Biometric
Compare
Match No match
© Chollet, Petrovska, Raj
Verification / Identification
• One-to-one (Verification)
– The user claims an identity which is verified using biometric data
• One-to-many (Identification)
– The user submits his biometric data which is compared to all Templates / Models known to the system. The user can be rejected if there is no match.
18Intro© Chollet, Petrovska, Raj
Biometric modalities
19
From Nandakumar et al., IEEE Signal Processing Mag, Sept 2015
Intro© Chollet, Petrovska, Raj
Typical Solution: Inexact Match
• Fingerprint: Count the number of minutiae in test fingerprint that match template
• Iris: Compute Hamming distance between Iris codes of test image and template
20Intro© Chollet, Petrovska, Raj
Table of Contents
2. Problems with biometrics:
– Biometrics are public
– Immutability of biometrics
– Classical user-side attacks
– System-side challenges
– Privacy
– Linkability
– Revocability
21© Chollet, Petrovska, Raj
Issues: Biometric data are public!!!
• Your face, voice, iris, gait etc. can easily be obtained from public data
– YouTube, public recordings
• Even your fingerprint!
• They are accessible to any adversary22
Problems with Biometrics© Chollet, Petrovska, Raj
Problems
• Your private biometrics can be linked to your public persona
– A system who has your biometrics can now find you on all public fora
• Your enrollment biometrics are accessible to anyone
– A hacker who wants to mimic you can grab your biometrics from a public place
23Problems with Biometrics© Chollet, Petrovska, Raj
Biometrics are permanent
• Your fingerprint is for life
– Biometric patterns in fingerprints may not change significantly with age
• Your IRIS is for life
– Biometric patterns in IRIS may not change significantly with age
• You voice is immutable
– Basic voice patterns are largely invariant
24Problems with Biometrics
NIST IRIS reportLongitudinal study of FP, Yoon and Jain
© Chollet, Petrovska, Raj
Problems with permanence
• Once compromised, can never be reused!
– Similar to passwords this way
– Unlike passwords, cannot be changed!
• Biometric is useless for life
• Biometric signatures are identical across services
– E.g . details of your fingerprint are identical in every use
– Every use is compromised
• An adversary who gets your fingerprint can break into every
service or application that authenticates you by your fingerprint
– Unlike passwords
25Problems with Biometrics© Chollet, Petrovska, Raj
Biometric Challenges
• Typical biometric verification procedure
– Assuming authentic enrollment for illustration
– Fraudulent enrollment must be dealt with using trusted authority
26Problems with Biometrics
Capture Biometric Database
ExtractFeatures
Present Biometric
Compare
Match No match
© Chollet, Petrovska, Raj
Some possible attacks
27
Theft, modify, abuse of database
Modify template date
7 Templates
6
SensorFeature
extractionMatcher2 4 8
1 3 5
Fake biometric Override Feature Extractor
Replay
Corrupting the Matcher
Tampering with Feature Vector
Override Final Decision
© Chollet, Petrovska, Raj Problems with Biometrics
From Ratha et al. (2001)
Challenge Points: User side
• User side: A spoofer or mimic can duplicate biometric– And can continue to compromise you for the rest of your life
• Biometrics are public: Adversary could easily obtain biometrics from public venues
• Risk identical for “local” and “remote” settings
28
SpoofingMimicry
Problems with Biometrics
Capture Biometric Database
ExtractFeatures
Present Biometric
Compare
Match No match
© Chollet, Petrovska, Raj
Challenge Points: System Side
29
HackerMalicious server
• System side: Hacker or a malicious server has your biometric
– Can use it to authenticate as you in other services/apps
– Can use it to create synthetic data to mimic/spoof you
– Can use it to track you in other places
• E.g. use voice/IRIS/fingerprint/face to find/track you on YouTube and public fora.
– And possibly use these data to spoof you!
Problems with Biometrics
Capture Biometric Database
ExtractFeatures
Present Biometric
Compare
Match No match
© Chollet, Petrovska, Raj
Challenge Points: System Side
30
HackerMalicious server
• System side: Hacker/Malicious server has biometric
– Can learn undesired information about you
• Fingerprints carry information about health, gender, age
• Voice carries information about health, ethnicity, gender, education, age, etc
• Iris carries information about gender, age, ethnicity
• Etc.
• Risks similar in local and remote settings
Problems with Biometrics
Capture Biometric Database
ExtractFeatures
Present Biometric
Compare
Match No match
© Chollet, Petrovska, Raj
Challenge: Linkability
• Biometric signatures stored by different accounts are very similar
– The fingerprint you store with the passport office is the same as your fingerprint at the bank is the same as your fingerprint in your biometric ID card
• They can be linked
– Agencies could collude to track you
– Big brother can watch you more carefully 31
Problems with Biometrics© Chollet, Petrovska, Raj
Challenge: Revocability
• A compromised password can be changed
– It is revocable
• A compromised biometric cannot be changed
– It is not revocable
• Combination of linkability and unrevocability: A compromised biometric cannot be used anywhere again
32Problems with Biometrics© Chollet, Petrovska, Raj
Challenges in a nutshell
• Privacy: Loss of biometric is permanent loss of privacy
– Adversary can learn about you
• Security: Loss of biometric is permanent loss of security
– Adversary can compromise you in many ways
• Linkability: Biometric signatures stored by different accounts can be cross-linked
– Accounts can be tracked!
• Irrevokability: Unlike passwords, cannot be revoked
– Cannot “withdraw” and “change” biometric!
33Problems with Biometrics© Chollet, Petrovska, Raj
Proposed solutions
34
BioHashing
BioKey
Cancelable Bio
Revocable Bio BioConvolving
Biotoken
BioConvolving
BioCode
Key Generation
BIO Hash
Hardened Passwords
BIO PKITemplate free BIO
Locked Bio Code
Key Re-Generation
Fuzzy Commitement
Key Binding
Fuzzy extractors
Privacy by designs
Security
Privacy Preserving
Crypto-Biometrics
Repudiation
Problems with Biometrics© Chollet, Petrovska, Raj
Table of Contents
3. Solution Formalisms
– Cryptographic
– Transform based
– Crypto-Transforms
– Cryptographic keys and key release
35© Chollet, Petrovska, Raj
Solution Requirements
• System must not be able to see or recover raw biometric
• System must not be able to see or recover templates/model
• If template/model is compromised, user must be able to replace them!
– Even though biometrics are permanent
• Adversary who has access to biometric must not be able to spoof user
36Solution Formalisms© Chollet, Petrovska, Raj
Typical Solution Assumption
• User has computation-capable device for recording biometric
• User performs some private (user-side) computation to secure biometric on user’s device
• We will indicate user-side and system-side computations using dotted lines
• In “local” settings, both are performed on the same device; in “remote” setting user performs user-side computation, system performs system-side computation
37
User
System
Solution Formalisms
By User By System
© Chollet, Petrovska, Raj
Solutions
38
• Solutions must consider both enrollment and
verification phases
– Both must be modified to some extent
Capture Biometric Database
ExtractFeaturesPresent
Biometric
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
FeaturesPresent Biometric
Enrollment
Verification
Solution Formalisms© Chollet, Petrovska, Raj
Solution 1: Simple Encryption
39
• Encrypt the signatures prior to storing
– Encryption key belongs to user
– System cannot decrypt without user’s permission
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Encrypt
Encryption Key
Decrypt Database
Decryption Key
Solution Formalisms
By User By System
By User By System
© Chollet, Petrovska, Raj
Encryption
• Encryption annihilates neighborhood information in the data
40Solution Formalisms© Chollet, Petrovska, Raj
Simple Encryption Scheme
• Problem: Template/model must be decrypted for matching
– System effectively possesses decrypted biometric template
– Hacker who seizes system possesses decrypted biometric
41
Capture Biometric
ExtractFeatures
Compare
Match No matchVerification
Present Biometric
Decrypt Database
Decryption Key
Solution Formalisms© Chollet, Petrovska, Raj
Simple Encryption Scheme• Not useful in remote setting
– System and user disconnected
– System may be malicious or under hacker control, while user is authentic
• User innocently provides decryption key
• Enables system/hacker to trap biometric
• Useful in “local” setting
– System under the control of person producing biometric
– Hacker who steals local device cannot decipher biometric without decryption key
• Which only actual user knows
– Weaker setting: The decryption key itself is derived from biometric
• Cryptographic key generation from biometric
– If compromised, can be revoked by changing encryption key42
Solution Formalisms© Chollet, Petrovska, Raj
Solution 2: Match in Encrypted Domain
43
• Encrypt the signatures prior to storing
• Encrypt the biometric during testing
• Perform comparison in encrypted domain
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Encrypt
Encryption Key
Encrypt Database
Encryption Key
Solution Formalisms
By User By System
© Chollet, Petrovska, Raj
Matching in Encrypted Domain
• Useful in both local and remote settings
• Revocable: If biometric signature is compromised, simply enroll a freshly encrypted biometric
• Unlinkable: If encryption key used in each service is different
• Accuracy: Performance identical to that obtained without encryption
• Challenge: How does one perform matching in encrypted domain
– Encryption only supports exact match
– Biometric comparison requires inexact match
44Solution Formalisms© Chollet, Petrovska, Raj
Solution 3: Transform Biometric
45
• Transform the biometric to distort it, before submitting
– With a transform that has a user-specified transform parameter
• Perform comparison over transformed biometric
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Transform
Transform Key
Transform Database
Transform Key
Solution Formalisms
By User By System
By User By System
© Chollet, Petrovska, Raj
Transform
• Distortions that retain some of the topological structure to enable distance computation
46Solution Formalisms© Chollet, Petrovska, Raj
Solution 3: Transform Biometric
47
• Transform the biometric to distort it, before submitting
– With a transform that has a user-specified transform parameter
• Perform comparison over transformed biometric
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Transform
Transform Key
Transform Database
Transform Key
TRANSFORM MAY APPLY TO EITHER BIOMETRIC OR FEATURES
Solution Formalisms
By User By System
© Chollet, Petrovska, Raj
Transforming Biometric
• Useful in both local and remote settings
• Revocable: Change transform to revoke biometric
• Unlinkable: If different transforms are used at each
service
• Challenges:
– Design: How to design a distortion that still permits
meaningful comparison?
– Performance: may degrade due to the transformation
– Security: Generally does not have theoretical guarantees
of cryptography
48Solution Formalisms© Chollet, Petrovska, Raj
Solution 4: Cryptographic Transform
49
• Cryptographic transform
– With user-specified key
• Perform comparison over transformed biometric
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature Database
ExtractFeatures
Enrollment
Verification
Present Biometric
Present Biometric
Transform
Transform/Encryption Key
Transform Database
Transform/Encryption Key
Solution Formalisms
By User By System
© Chollet, Petrovska, Raj
Cryptographic Transform
• Security: Partial cryptographic guarantees
– While retaining inexact match ability
• Revocable: Change key to revoke biometric
• Unlinkable: If different keys used at each service
• Challenges:
– Design: How to design a distortion that still permits
meaningful comparison?
– Performance: Can be superior to purely transform-
based methods50
Solution Formalisms© Chollet, Petrovska, Raj
Table of Contents
4. Cryptographic solutions to privacy
– Matching in crypto domain – intro
• Revokability in crypto-domain matching
– Basics of cryptography
– Homomorphic encryption and matching in the encrypted domain
51© Chollet, Petrovska, Raj
Solution1: Simple Encryption
52
• Encrypt the signatures prior to store
• Problem: Must decrypt before matching
– Unacceptable risk!
cryptographic solutions
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Encrypt
Encryption Key
Decrypt Database
Decryption Key
By User By System
By User By System
© Chollet, Petrovska, Raj
Solution 2: Match in Encrypted Domain
53
• Encrypt the signatures prior storing
• Encrypt the biometric during testing
• Perform comparison in encrypted domain
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Encrypt
Encryption Key
Encrypt Database
Encryption Key
By User By System
cryptographic solutions© Chollet, Petrovska, Raj
Cryptography Basics
Encryption EK1(.)
Plaintext (M) Ciphertext (C)
Encryption
Key (K1)
EK1(M) = C
A Good Cryptosystem – all the security inherent in the knowledge of keys, and none in the knowledge of algorithms
54cryptographic solutions© Chollet, Petrovska, Raj
Decryption DK2(.)
Ciphertext (C)
Original
Plaintext (M)
Decryption
Key (K2)
DK2(C) = M Lossless transformation!
Cryptography Basics• Symmetric Cryptosystem
55cryptographic solutions© Chollet, Petrovska, Raj
EncryptHello! t4$We9 Decrypt Hello!
Client System
=In general
Cryptography Basics• Public-key (asymmetric) Cryptosystem
First described in
(Diffie and Hellman, 1976)
56cryptographic solutions© Chollet, Petrovska, Raj
EncryptHello! t4$We9 Decrypt Hello!
Client System
Public key exchange
Anybody can Encrypt!
57
Encryption Not Invertible (without key)
Semantic Security (without key)
Ciphertexts jointly uninformative
1 2 1 2
Properties of Ideal Cryptosystem
Jointly Uninformative: Mutual Information
• Mutual information between any pair/collection of ciphertext messages is 0
• Semantic security model: Mutual information between two separate encryptions of the same message is 0!!
58cryptographic solutions© Chollet, Petrovska, Raj
Mutual Information between ciphertexts
Distance between plaintexts
Comparing directly ciphertexts is
USELESS!!
Solution 2: Match in Encrypted Domain
59
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Encrypt
Encryption Key
Encrypt Database
Encryption Key
cryptographic solutions© Chollet, Petrovska, Raj
Homomorphic Encryption
Allows for operations to be performed onciphertexts without requiring knowledge ofcorresponding plaintexts
60cryptographic solutions© Chollet, Petrovska, Raj
Homomorphism Example: RSAPublic key encryption scheme (Rivest, Shamir, Adelman ‘77).
Homomorphic multiplication
• Cannot perform simple addition, however.
• It is not Semantically Secure61
gXXE ][
][)(][][ XYEXYYXYEXE ggg
cryptographic solutions© Chollet, Petrovska, Raj
Homomorphism Example: PaillierPublic key encryption scheme (Pascal Paillier, Eurocrypt 99).
• Homomorphic addition
– Encrypted numbers can be added together.
– Encrypted numbers can be added to non encrypted scalars.
• Homomorphic multiplication:
– Encrypted numbers can be multiplied by a non encrypted scalar.
• Cannot multiply two encrypted numbers (Partially homomorphic)
• It is Semantically Secure! 62
XgXE ][
][][][ YXEgggYEXE YXYX
][][ XYEggXE XYYXY
cryptographic solutions© Chollet, Petrovska, Raj
Fully Homomorphic Encryption (FHE)
63cryptographic solutions© Chollet, Petrovska, Raj
Craig Gentry (2009)
It is possible!!
• Now we know several FHE schemes.
• They are not very practical yet.Individual bit-level computations still take too much
time
Computations 100000x to 1000000000000x slower
than unencrypted computation
Homomorphic Encryption
x
f()
f(x) = ?? I can evaluate f(.) as a service
E [x]
E [f(x)]
64cryptographic solutions© Chollet, Petrovska, Raj
Public key exchange
f(x)
Homomorphic Encryption
65
• User sends encrypted biometrics. System learns an encrypted signature that it cannot decrypt
• User sends encrypted biometric for verification. System performs comparison in encrypted
domain and gets encrypted result
Capture Biometric
Compare
Match No match
Capture Biometric
GenerateSignature Database
Enrollment
Verification
Present Biometric
Present Biometric
Encrypt
Encryption Key
Encrypt Database
Encryption Key
cryptographic solutions
By User By System
© Chollet, Petrovska, Raj
Public key exchange
Zero Knowledge Proofs (ZKPs)
66© Chollet, Petrovska, Raj
DecisionDecision
Decision Decision
User must prove that the last message is the corresponding plaintext of the encrypted message sent by the system, without revealing his private key.
The user can use ZKPs to convince the System
Zero Knowledge Proofs (ZKPs)
• Peggy has a magic word to open a secret door in a cave.
• Victor wants to pay for the secret, but not until he’s sure she knows it
• Peggy will tell the secret but not until she receives the money
67© Chollet, Petrovska, Raj
Quisquater et al. ’89, figure from Wikipedia
Zero Knowledge Proofs (ZKPs)• Assume that Peggy’s information is a solution to a hard
problem
• Peggy converts her problem to an isomorphic one
• Peggy solves the new problem and commits answer
• Peggy reveals the new instance to Victor
• Victor asks Peggy either to
– prove the instances are isomorphic; or
– open the committed answer and prove it’s a solution
• Repeat n times
• Typical hard problems: finding graph isomorphisms or Hamiltonian cycles (NP-complete problems)
68© Chollet, Petrovska, Raj
ZKP and authentication
69© Chollet, Petrovska, Raj
DecisionDecision
Decision Decision
The user proves that the answer she sent is the decryption of the data that the System sent without revealing her secret key.
Functional Encryption
• Encryption is all or nothing
• Can we get something in between?
Given E(X) and E(Y),
we may get F(X,Y), in cleartext!!!
We may not need ZKP.
70
Functional Encryption
• Generate a public key pk and a master secret key msk.
• Given a value k, the algorithm Keygengenerates a secret key sk using (msk,k)
• Besides, we have an Encryption algorithm Encthat computes c from (pk, x), where x is a message.
• F(k,x) can be obtained using Dec from (sk, c)
71
Matching in Encrypted Domain: Conclusion
• Computable and feasible
• Computationally impractical
• Current Area of Research!
72cryptographic solutions© Chollet, Petrovska, Raj
Table of Contents
5. Transform based solutions
– Transform-domain matching
– Revocability in transform-domain matching
– Standard methods for transform-domain matching
• Issues with standard methods
– Evaluation protocols
73© Chollet, Petrovska, Raj
The Problem with Cryptographic Solutions
• Cryptographic techniques “hide” information by “shattering” the space
– All notion of “neighborhood” is destroyed
– Distance/neighborhood-based matching is impossible
74transform based solutions© Chollet, Petrovska, Raj
Alternate solution: Transforms
• Instead of shattering the data space, distort it more continuously
– Transforms that retain some measure of topological continuity
– Permits continued estimation of neighborhood in transform domain
75transform based solutions© Chollet, Petrovska, Raj
Requirement for Transforms
• Transform must have user-specified parameter/key
– Which controls the actual nature of the transform
76transform based solutions© Chollet, Petrovska, Raj
Transform-based approach
77
• Transform the biometric to distort it, before submitting
– With a transform that has a user-specified transform parameter
• Perform comparison over transformed biometric
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Transform
Transform Key
Transform Database
Transform Key
By User By System
By User By System
transform based solutions© Chollet, Petrovska, Raj
Transform-based approach
78
• Transform the biometric to distort it, before submitting
– With a transform that has a user-specified transform parameter
• Perform comparison over transformed biometric
Capture Biometric
ExtractFeatures
Compare
Match No match
Capture Biometric
GenerateSignature
(Template or Model)
DatabaseExtract
Features
Enrollment
Verification
Present Biometric
Present Biometric
Transform
Transform Key
Transform Database
Transform Key
TRANSFORM MAY APPLY TO EITHER BIOMETRIC OR FEATURES
By User By System
transform based solutions© Chollet, Petrovska, Raj
Transforms result in two-factor biometrics
• Factor 1: The biometric itself
• Factor 2: The transform parameter/key.
An adversary must be able to capture or replicate both factors for success
Revocability: Upon loss of either factor, it is sufficient to change the transform to revoke the biometric
79transform based solutions© Chollet, Petrovska, Raj
Transforms result in two-factor biometrics
• Revocability: Upon loss of either factor, revoke biometric by resubmitting it using a different transform key
80transform based solutions© Chollet, Petrovska, Raj
Evaluating Transforms
1) Nothing stolen: We should have good performance
2) Stolen key
3) Stolen Biometric
4) Everything stolen81
System
System
Criteria for a good transform
• Transformation should hide the biometric
– Transformed biometric should not inform about actual
biometric in any way
• Transformed biometrics should remain discriminative
– A user should not suffer increased false rejection due to
use of transformation
– False acceptances should not increase either
• Difficult to satisfy both criteria simultaneously
82transform based solutions© Chollet, Petrovska, Raj
Criteria for good transform
• For authentic user, match must be similar in original and transformed domains
• Similarly, for imposter, mismatch must persist in original and transformed domains
• Transformed and untransformed biometric must not match
• Different transforms of the same biometric must not match
83transform based solutions© Chollet, Petrovska, Raj
Face (with random filters)
• Theoretical claim: MACE (Minimum Average Correlation Energy) filter based recognition
– Does not degrade performance under stolen key scenario
– Improves under stolen biometrics scenario
84
Savvides et. al., 2004
transform based solutions© Chollet, Petrovska, Raj
Enrollment Verification
Random Projections
• Several authors have proposed the use of random projections
– X is true biometric
– F is a random projection matrix (Key)
– Y is transformed biometric
– g is typically a quantization of some kind
• Applicable to many different biometrics
• Can greatly increase false rejection or false alarm85
transform based solutions© Chollet, Petrovska, Raj
Are transforms sufficient ?
• Transform hides individual biometrics
• System never sees raw biometric
• Revocable: If template/model compromised replace by changing the transform
• Problem scenarios:
– System has your model/template: not possible by design
– System has your biometrics: not possible by design
– System has your transform: not possible by design
– System can guess your transform: it can happen
86transform based solutions© Chollet, Petrovska, Raj
Are transforms sufficient ?
• Given:
– The functional form of the transform
– A priori information about the distribution of the data
– A large enough sample of the transformed data
– The server can guess the transform
• Then it can find your biometrics in the public domain
– Search for biometric data that, when transformed, matches your model87transform based solutions© Chollet, Petrovska, Raj
Are transforms sufficient
• In mathematical terms:
– The mutual information between the transforms
of different data instances is high
– The transform of any point “informs” about the
transforms of the points close to it88
transform based solutions© Chollet, Petrovska, Raj
Challenge
• It is feasible for the adversarial system to guess your transform
– Not necessary for the transform to be invertible
– Most linear and many non-linear transforms fall under this category of “guessable” transforms
• Requirement: even if it is mathematically possible, make the estimation of transform computationally intractable!
89transform based solutions© Chollet, Petrovska, Raj
Table of Contents
6. Cryptographic Transforms
– Shuffling
– Converting signal to hashes..
• Hashing methods
• Information theoretic security
• Secure modular hashing
– Revocability in combined methods
90© Chollet, Petrovska, Raj
A more formal approach
• Explicitly shuffle the data– De-shuffling, even with a priori information, is an NP
problem
91crypto- transforms© Chollet, Petrovska, Raj
Bit-block Shuffling
• The biometric feature vector is divided into blocks
• These blocks are aligned with the shuffling key bits
• If a bit in the key is 1, the corresponding block is copied into Part-1; otherwise in Part-2
• The concatenation of Part-1 and Part-2 gives the shuffled biometric data
Block1 Block2 Block3 Block4 Block5 Block6 Block7
Shuffling key
Data to be shuffled (feature vector)
Block1 Block3 Block2Block4 Block7 Block5 Block6Shuffled
data
Concatenate
1 0 1 1 0 0 1
crypto- transforms© Chollet, Petrovska, Raj
Shuffling
• The Hamming distance is not affected by shuffling
– Does not affect match for authentic user
– Does not affect mismatch for imposter who has stolen the user’s shuffling key
• “Stolen key” scenario
93crypto- transforms© Chollet, Petrovska, Raj
Overall properties of the Shuffling Scheme
• Shuffled data is revocable
• Template diversity: different templates for different applications; no cross database matching, tracking
• Improvement in verification performance
– Increases only impostor Hamming distances; genuine Hamming distances remain unchanged
• Protection against stolen biometric data
• Privacy protection
– Biometric data cannot be recovered from the template; so no misuse by reconstruction, e.g., fake fingers
crypto- transforms© Chollet, Petrovska, Raj
Evaluation Strategy
• Development and test datasets have zero overlap
• Verification performance in terms of FAR, FRR, EER
• Additionally for crypto-biometric systems:
– Important: Verification performance comparison with the underlying baseline biometric system
– Performance in stolen biometric scenario
– Performance in stolen key scenario
crypto- transforms© Chollet, Petrovska, Raj
Experimental Results
Experiment ICE-Exp1 FRGC-Exp1* FRGC-Exp4*
Baseline 1.71 [±0.11] 7.65 [±0.40] 35.00 [±0.68]
Cancelable 0.23 [±0.04] 0 0
• Baseline – baseline biometric system
• Cancelable – baseline biometric system+shuffling
• Stolen biometric – security scenario when biometric data is stolen
• Stolen key – security scenario when shuffling key is stolen
• Results are in terms of EER in %
Stolen biometric 0.27 [±0.08] 0 0
Stolen key 1.71 [±0.11] 7.65 [±0.40] 35.00 [±0.68]
crypto- transforms© Chollet, Petrovska, Raj
Hamming distance distributions – before and after shuffling
Better separation between genuine and impostors
ICE-Exp1 FRGC-Exp4*
Before shuffling(baseline)
After shuffling(baseline)
crypto- transforms© Chollet, Petrovska, Raj
Explicitly considering entropy
• Security of methods presented depends on the entropy of the biometric data itself
– Greater entropy => greater security
– Entropy of stored biometric relates to entropy of biometric
• Required for distance-based inexact matching
• Can we maximize the entropy of the biometric itself
– Without losing ability to perform comparisons
99crypto- transforms© Chollet, Petrovska, Raj
Entropy: Passwords are safe and efficient
• Text passwords are safe and efficient
– Highly secure
– Near instantaneous response
• Reason: Based on exact match
– System stores text password encrypted by a one-way hash function
• E.g. SHA-*
• Even the system cannot decrypt
– Incoming passwords are encrypted identically
– Encrypted incoming password is matched to stored encrypted password
• Cryptographic hash functions are extremely fast to compute
– They also maximize the entropy of the stored password
– Can we use a similar process?
100crypto- transforms© Chollet, Petrovska, Raj
Cryptography: Basics
• A cryptographic hash has function maps variable length
clear text messages to a fixed length cipher text
• Collision Resistant
• The bit pattern of the hash is random
– And uninformative about the underlying cleartext
• Ex:. MD5, SHA-1, SHA-3
101crypto- transforms© Chollet, Petrovska, Raj
Biometric Verification as String Matching
Convert biometric into a “password”
Uninformative fixed-length bit string
Similar to password systems
Simple approach:
102crypto- transforms© Chollet, Petrovska, Raj
Biometric verification by comparing bit strings
Check forExact match
enrollment
Verification• Problems:
– How do we convert biometric to fixed length bit string?
– Must work with real-valued biometrics as well
– How to work with exact match?103
Biometric Verification as String Matching
crypto- transforms© Chollet, Petrovska, Raj
Euclidean LSH
• A 2-D example• To calculate the first component in the hash key: h1(X)• Generate random vector V1 and bias b1
– (V1, b1) are the user’s private parameter
V1
105
b1
crypto- transforms© Chollet, Petrovska, Raj
Euclidean LSH
• A 2-D example
• “Stripe” the space orthogonal to the vector V1
• Count stripes starting from bias location
• The first component in the hash key ID of its stripe : h1(X) = 1
V1
0 1 2 3 4 5-5 -4 -3 -2 -1
106
b1
crypto- transforms© Chollet, Petrovska, Raj
Euclidean LSH
• A 2-D example
• The second component in the hash key : h2(X) = -2– (V2, b2) are also user’s private parameter
V1
V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6
107
b2
crypto- transforms© Chollet, Petrovska, Raj
Euclidean LSH
• The two-component hash:H(X) = [h1(X) h2(X)] = [1 -2]
– [(V1, b1), (V2, b2)] are the user’s private parameter
V1
0 1 2 3 4 5-5 -4 -3 -2 -1
V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6
108crypto- transforms© Chollet, Petrovska, Raj
Euclidean LSH
• H(X) = [1 -2]
• All vectors in the highlighted cell will have the same LSH key
V1
0 1 2 3 4 5-5 -4 -3 -2 -1
V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6
109crypto- transforms© Chollet, Petrovska, Raj
Verification with Euclidean LSH
• Enrollment: Assume one enrollment recording
– Convert the feature vector for the enrollment utterance to a hash key
• Find a random cell in which it resides
110crypto- transforms© Chollet, Petrovska, Raj
Verification with Euclidean LSH
• Test: Find the hash key for the test vector
– Find the cell it resides in
• If its identical to the enrollment key, accept
– Test and enrollment measurements are in the same cell
• Else reject
– They are in different cells
RejectAccept
111crypto- transforms© Chollet, Petrovska, Raj
Securing the Key
• LSH keys are informative
• But : Two vectors in the same cell have exactly the same key
– Even if the key is cryptographically hashed!
• Apply a cryptographic hash to the LSH key
– User retains the private key to cryptographic hash
– Hashed keys are uninformative
• We can still look for exact match112
crypto- transforms© Chollet, Petrovska, Raj
The size of the cell
• Increasing the number of components in H(X)
makes the cell smaller
• H(X) = [h1(X) h2(X)]
= [ 1 -2]
113crypto- transforms© Chollet, Petrovska, Raj
• Increasing the number of components in H(X)
makes the cell smaller
• H(X) = [h1(X) h2(X) h3(X) h4(X)]
= [ 1 -2 7 0]
114
The size of the cell
crypto- transforms© Chollet, Petrovska, Raj
The size of the cell
• Increasing key length reduced cell size
• Reduced cell size more likely that two vectors that fall in the same cell (have same LSH key) belong to the same speaker
– Very Good!
• Also makes it more likely to miss valid vectors
– Which may fall outside the cell simply because of the vagaries of its shape
115crypto- transforms© Chollet, Petrovska, Raj
Solution: Use many LSH keys• Use multiple LSH Hash functions to produce multiple LSH keys
– Each with k entries
• Each key represents a cell of a different shape and size
116
H1(X): X
H2(X): X
H3(X): X
crypto- transforms© Chollet, Petrovska, Raj
Using multiple LSH functionsm keys derived from
the same vector
Check if any key matches
Recall: mPrecision: k
117
Each color representsa different key
H1(X) H2(X) H3(X) H4(X) H5(X) H6(X) H7(X) H8(X)
crypto- transforms© Chollet, Petrovska, Raj
LSH and Authentication
• Enrollment:
– User generates random projections for LSHs
– User generates multiple LSH from enrollment recording, encrypts and sends them to the system
• Projection vectors and biases, and SHA-1 key are all user key
• Evaluation:
– Subject generates random projections for LSHs using the same keys as in training
– System counts number of LSHs that match exactly
• Converted computation of distance between vectors to counting exact matches of LSH hashes
118crypto- transforms© Chollet, Petrovska, Raj
Overall LSH-based Procedure
• The User obtains a set of (vector) Hash functions
H1(.), H2(.), …
– From the system
• Enrollment:
– User records a set of enrollment recordings X1, X2, ..
– User computes keys H1(X1) H1(X2) .. H2(X1) H2(X2)…
• Apply Crypto Hash and sends them to the system
– The system stores all keys
119crypto- transforms© Chollet, Petrovska, Raj
Overall LSH-based Procedure
• Verification:
– User records test recording Y
– User computes H1(Y) H2(Y) …
– Encrypts and sends to system
– System counts
• Score = Si SJ Hj(Y) == Hj(Xi)
– If Score > threshold : Accept
– Else reject
120crypto- transforms© Chollet, Petrovska, Raj
Simplifying
• LSH-based schemes are popular for cancellable biometrics
– Compromised biometric reregister with fresh LSH key
– Complex
• Template/models can get quite large
• Can we simplify?
121crypto- transforms© Chollet, Petrovska, Raj
Information Theoretic Security
• The mutual information between the encryption of any two messages is 0
– Regardless of the distance between them
– The MI between the encryption of any group of messages is 0
• This ensures that you cannot learn about the data simply by viewing large numbers of encrypted messages and studying their patterns
122crypto- transforms© Chollet, Petrovska, Raj
Information Theoretic Security
• Encryption techniques that only reveal
information if vectors are very close?
– Still an exponentially hard problem to extract
geometry of high-dimensional data123
Leaky region
crypto- transforms© Chollet, Petrovska, Raj
Information Theoretic Security
• Encryption techniques that only reveal information if vectors are very close?
– Still an exponentially hard problem to extract geometry of high-dimensional data
• With user-selected leakage?124
Leaky region
crypto- transforms© Chollet, Petrovska, Raj
Information Leakage
• Fully secure: Will not know anything about X unless Y = X
• Leaky: Will get some information about X if Y is within D of X
125
XY
XY
crypto- transforms© Chollet, Petrovska, Raj
Modifying the Hashing function
• Conventional LSH
V1
0 1 2 3 4 5-5 -4 -3 -2 -1
V20 1 2 3 4 5-5 -4 -3 -2 -1-8 -7 -6
126crypto- transforms© Chollet, Petrovska, Raj
Secure Modular Hashes
• Solution: Banded Hashing
– Euclidean LSH with binary output
V1
V20 1 0 1 0 11 0 1 0 10 1 0 0 1
0 1 0 1 0 11 0 1 0 1 0 1
127crypto- transforms© Chollet, Petrovska, Raj
Secure Modular Hashes
• Solution: Banded Hashing
– Euclidean LSH with binary output
V1
V20 1 0 1 0 11 0 1 0 10 1 0 0 1
0 1 0 1 0 11 0 1 0 1 0 1
128crypto- transforms© Chollet, Petrovska, Raj
Secure Modular Hashing
• Modular quantization of randomly shifted random projections of data
129crypto- transforms© Chollet, Petrovska, Raj
SMH
• Plot of Hamming(Q(X),Q(Y)) vs Euclidean d(X,Y) for different
values of D, and different numbers of bits in Q(X)
Simulations: L-dimensional vectors, M bit hashes
131crypto- transforms© Chollet, Petrovska, Raj
Information Leakage
132
• Only provides information about other vectors that lie within small ball
• Gives you true distance, but only within a cell• How do we use it?
crypto- transforms© Chollet, Petrovska, Raj
Enrollment• Store hash vectors from user registration data and
imposters
• No further encryption required (naturally immune to information –theoretic leakage)
user
imposter
133crypto- transforms© Chollet, Petrovska, Raj
Verification
Validate if hash of test recording is closer to user templates than imposter templates
claimant
imposter
134
Test recording
crypto- transforms© Chollet, Petrovska, Raj
Performance on Speech
• YOHO data set– 138 speakers– Spoken sequence of three two-digit numbers
• Stolen key scenario:– Conventional verification using unencrypted data
• Equal Error Rate = 0.33%
– Classification with SMH• Equal Error Rate = 0.5%
• Stolen biometric scenario:– FAR ~ 0%
135crypto- transforms© Chollet, Petrovska, Raj
Crypto-transforms Conclusions
• Best of both worlds
– Simplicity of transform methods
– Some of guarantees of cryptographic methods
– Minimal extra computation
• Revocable and Secure
136crypto- transforms© Chollet, Petrovska, Raj
Table of Contents7. Open problems and future work
– Evaluation of cancelable crypto-biometric systems
– How many times can a BioCode be canceled ?
– Size, entropy
– Private personal templates and models
– Multi-modal biometrics
– Semantic security
– ECC
– Blockchain
137© Chollet, Petrovska, Raj
Bibliography
The following list is a short list of papers referred to, but not necessarily cited in the presentation by the presenters.
138© Chollet, Petrovska, Raj
Bibliography• [Aguilar, 2013] Aguilar-Melchor C., Fau S., Fontaine C., Gogniat G. & Sirdey R.. “Recent
Advances in Homomorphic Encryption: a Possible Future for Signal Processing in the Encrypted Domain”, IEEE Signal Processing Magazine Vol 30:2.
• [Ambalakat, 2005] Ambalakat P. “Security of Biometric Authentication Systems”, Computer, 2005
• [Antonijevic, 2010] Antonijevic F. S-J. “Implementation and Evaluation of Privacy Preserving Protocols”, PhD, Yale University.
• [Ballard, 2008] Ballard L., Kamara S. & Reiter M.K. “The practical subtleties of Biometric Key Generation”, Usenix, 2008.
• [Belguechi, 2011] Belguechi R., Alimi V., Cherrier E., Lacharme P. & Rosengerger C. “An overview on Privacy Preserving Biometrics”, in Recent Applications in Biometrics, INTECH, 2011.
• [Bhargav, 2006] Bhargav-Spantzel A., Squicciarini A., Modi S., Young M., Bertino E. & Elliott S. “Privacy Preserving Multi-Factor Authentication with Biometrics”, Proc. 2nd ACM Workshop on DAM, pp 63-72, 2006.
• [Blanton, 2012] Blanton, M. & Aliasgari, M. “Secure Outsourced Computation of Iris Matching”, Journal of Computer Security Vol 20:2-3, pp 259-305, 2012
• [Boufounos, 2011] Boufounos, P. & Rane, S. “Secure Binary Embeddings for Privacy Preserving Nearest Neighbors”, in Proc. IEEE Workshop on Information Forensics and Security, Brazil, Dec. 2011. MERL TR2011-077 139
Bibliography
• [Boyen, 2005] Boyen X., Dodis Y., Katz J., Ostrovsky R. & Smith A. “Secure Remote Authentication using Biometric Data”, Eurocrypt, 2005
• [Bringer, 2007] Bringer J., Chabanne H., Cohen G., Kindarji B.& Zémor G “Optimal Iris Fuzzy Sketches”, arXiv: 0705.3740v1, 2007
• [Bringer, 2008] Bringer J., Chabanne H. & Kindarji B. “The best of both worlds : AppliyingSecure Sketches to Cancelable Biometrics”, Elsevier Science of Computer Programming 74, pp 43-51, 2008
• [Bringer, 2009] Bringer J., Chabanne H. & Kindarji B. “Identification with Encrypted Biometric Data”, arXiv: 0901.1062v2, Sept. 2009
• [Couteau, 2016] Couteau G., Peters T. & Pointcheval D. “Secure Distributed Computation on Private Inputs”, in Foundations and Practice of Security, Springer Vol 9482, pp 14-26, 2016
• [Deswarte, 2010] Deswarte, Y. & Gambs, S. “A proposal for a Privacy Preserving National Id Card”, 4th Int. Workshop on Data Privacy Management, Saint Malo, 2009 Trans on Data Privacy 3, pp 253-276, 2010
• [Devi, 2014] Devi, M. “Secure Crypto Multimodal Biometric System for the Privacy Protection of User Identification”, Int. Journal of Innovative Res. In Computer & Com. Eng. Vol 2:1, March 2014
140
Bibliography
• [Fan, 2009] Fan, C.I. & Lin, Y-H. “Probably Secure Remote Truly Three-factor authentication scheme with privacy protection on biometrics”, IEEE Trans on Info. Forensics and Security, Vol 4:4, pp 933-945, Dec. 2009
• [Fontaine, 2007] Fontaine, C. & Galand, F. “A survey of Homomorphic Encryption for Non specialists”, EURASIP Journal on Information Security
• [Gentry, 2009] Gentry, C. “A fully homomorphic encryption scheme”, PhD thesis, Stanford
• [Gomez, 2016] Gomez-Barrero, M., Fierrez J. & Galbally, J. “Variable-length Template Protection based on Homomorphic Encryption with Application to Signature Biometrics”, 4th International Workshop on Biometrics and Forensics.
• [Goseling, 2004] Goseling, J. & Tyyls, P. “Information-Theoretic Approach to Privacy Protection of Biometric Templates”, ISIT, Chicago, 2004.
• [Gunasinghe, 2014] Gunasinghe, H. & Bertino, E. “Privacy Preserving Biometrics-based and User Centric Authentication Protocol”, in Network and System Security, LNCS Vol 8792, Springer, pp 389-408, 2014
• [Hao, 2005] Hao F., Anderson R. & Daugman, J. “Combining Cryptography with Biometrics effectively”, UCAM Report, July 2005.
141
Bibliography
• [Hirano, 2012] Hirano T., Hattori M., Ito T., Matsuda N. & Mori, T. “HE based cancellable Biometrics secure against Replay and its related attcks”, ISITA, 2012.
• [Hirano, 2013] Hirano T., Hattori M., Ito T.& Matsuda N. “Cryptographically Secure and Efficient Remote Cancelable Biometics based on Public Key Homomorphic Encryption”, in Advances in Info. & Comp. Security Vol 8231 LNCS, Springer, pp 183-200, 2013
• [Huang, 2011] Huang Y., Malka L., Evans D.& Katz, J. “Efficient Privacy-Preserving Biometric Identification”, 18th Network and Distributed System Security Conference, 2011.
• [Jagadesan, 2010]Jagadesan, A. & Duraiswamy, K. “Secured Cryptographic Key Generation from Multimodal Biometrics : Feature Level Fusion of Fingerprint and Iris”, Int. Journal of Comp. Sci. & Info. Security Vol 7:1, 2010.
• [Jain, 2012] Jain, A.K. & Nandakumar, K. “Biometric Authentication : System Security and User Privacy”, IEEE Computer Society, Nov. 2012.
• [Jimenez, 2015] Jimenez A., Raj B., Portelo J. & Trancoso I. “Secure Modular Hashing”. Proc WIFS 2015. Dic 2015.
• [Jimenez, 2017] Jimenez A. & Raj B. “PRIVACY PRESERVING DISTANCE COMPUTATION USING SOMEWHAT-TRUSTED THIRD PARTIES” ICASSP 2017.
• [Johnson, 2012] Johnson R.C., Scheirer W.J. & Boult, T.E. “Secure voice based authentication for mobile devices : Vaulted Voice Verification”, arxiv.org/pdf/1212.0042.pdf, Proc SPIE 8712, 2012
142
Bibliography
• [Kanade, 2009] Kanade S., Petrovska-Delacretaz D. & Dorizzi, B. “Multi-Biometric based cryptographic Key regeneration scheme”, 3rd IEEE Int. Conf. on BTAS, pp 1-7, 2009
• [Kanade, 2012] Kanade S., Petrovska-Delacretaz D. & Dorizzi, B. “Enhancing Information Security and Privacy by Combining Biometrics and Cryptography”, Morgan & Claypool 2012
• [Lagendijk, 2013] Lagendijk, R.L., Erkin, Z. & Barni, M. “Encrypted Signal Processing for Privacy Protection”, IEEE Signal Processing Magazine, pp 82-105, January 2013.
• [Luo, 2009] Luo Y., Cheung S-C. & Ye, S. “Anonymous Biometric Access Control based on HE”, ICME 2009
• [Malallah, 2013] Malallah F.L., Ahmad S.M.S., Adnan W.A.W., Iranmanesh W. & Yussok, S. “Online signature template protection by shuffling and One time pad Schemes with NN verification”, ICCSCM, 2013
• [Naehrig, 2011] Naehrig, M., Lauter, K. & Vaikuntanathan, V. “Can Homomorphic Encryption be Practical ?”, Proc. Of the 3rd ACM Workshop on Cloud Computing Security, pp 113-124
• [Nandakumar, 2015] Nandakumar, K. & Jain, A.K. “Biometric Template Protection : Bridging the Performance Gap between Theory and Practice”, IEEE Signal Processing Mag., Sept. 2015
• [Pathak, 2012] Pathak, M.A., Portêlo, J., Raj, B. & Trancoso, I. “Privacy Preserving Speaker Authentication”, 15th Information Security Conference, pp 1-22
143
Bibliography
• [Pathak, 2013a] Pathak, M.A. “Privacy Preserving Machine Learning for Speech Processing”, PhD Thesis, CMU
• [Pathak, 2013b] Pathak, M.A. & Raj B. “Privacy Preserving Speaker Verification and Identification using GMMs”, IEEE Trans ASLP 21:2, Feb. 2013
• [Petrovska, 2015] Petrovska-Delacretaz D. “Combining Biometrics with Cryptography : Reviews, Difficulties and Solutions”, presented at ATSIP, Monastir, 2015.
• [Pinkas, 2009] Pinkas, B., Schneider T., Smart N. & Williams, S.C. “Secure Two-Party Computation is Practical”, in Advances in Cryptology, ASIACRYPT, LNCS 5912, pp. 250-267.
• [Portêlo, 2013] Portêlo, J., Raj, B., Boufounos P., Trancoso, I. & Abad A. “Speaker Verification using Secure Binary Embeddings”, EUSIPCO, 2013.
• [Portêlo, 2015] Portêlo, J., Raj, B. & Trancoso, I. “Logsum using Garbled Circuits”, PLOS one 10(3), March 2015.
• [Quisquater, 1989] Quisquater, J.-J., Guillou L. C., Berson T. A., “How to explain zero-knoweldge proofs to your children”, Advances in Cryptology – CRYPTO '89: Proceedings 435: 628–631.
• [Rane, 2013] Rane, S & Boufounos, P-T. “Privacy-preserving Nearest Neighbor Methods: Comparing Signals without revealing them”, MERL, TR 2013-004, IEEE Signal Processing Mag. Vol 30:2, pp. 18-28, Feb 2013.
144
Bibliography
• [Rathgeb, 2011] Rathgeb C. & Uhl A. “A survey on Biometric Cryptosystems and Cancelable Biometrics”, EURASIP Journal on Info. Security, 2011
• [Rathgeb, 2012] Rathgeb C. & Busch C. “Multi-biometrics Template Protection : Issues and Challenges”, INTECH, 2012
• [Sarier, 2010] Sarier, N.D. “Practical Multi-factor Biometric Remote Authentication”, 4th IEEE Int. Conf. on BTAS, pp 1-6, 2010
• [Scheidat, 2008] Scheidat, T. & Vielhauer C. “Biometric Hashing for Handwriting : Entropy based Feature Selection and Semantic fusion”, Proc SPIE Conf on Security, Steganography and Watermarking of Multimedia Contents, 2008
• [Scheidat, 2009] Scheidat, T., Vielhauer C. & Dittmann J. “Biometric Hash Generation and User Authentication based on Handwriting using Secure Sketches”, Proc 6th Image and Signal Proc and Analysis Conf, ISPA, 2009
• [Sen, 2013] Sen, J. “Homomorphic Encryption: Theory and Application”, in : Theory and Practice of Cryptography and Network Security Protocols and Technologies, INTECH Publisher
• [Smaragdis, 2007]Smaragdis, P. & Shashanka, M. “A framework for Secure Speech Recognition”, IEEE Trans. ASLP Vol 15:4, pp 1404-1413.
• [Sutcu, 2005] Sutcu Y., Sencar H.T. & Menon, N. “A secure Biometric Authentication Scheme based on Robust Hashing”, Proc. 7th Worshop on Multimedia & Security, pp 111-116, 2005.
145
Bibliography
• [Tang, 2008] Tang Q., Bringer J., Chabanne H. & Pointcheval, D. “A formal study of the Privacy Concerns in Biometric-based Remote Authentication Schemes”, Proc. 4th Inf. Security and exPErience Conf., 2008
• [Toli, 2015] Toli C-A. & Preneel, B. “Biometric Solutions as Privacy Enhancing Technologies”, ADPPCP, 2015
• [Tuyls, 2004a] Tuyls P. & Goseling, J. “Capacity and Examples of Template-Protecting Biometrics Authentification System”, in Biometric Authentication, LNCS 3087, 2004
• [Tuyls, 2004b] Tuyls P., Verbitskiy E., Gosling, J. & Denteneer D. “Privacy Protecting Biometric Authentication Systems : an Overview”, EUSIPCO, 2004
• [Tuyls, 2005] Tuyls P., Akkermans A.H.M., Kevenaar T.A.M., Schrijen G-J., Bazen A.M. & Veldhuis, R.N.J. “Practical Biometric Authentication with Template Protection”, in AVBPA, LNCS Vol. 3546, Springer, pp 436-446, 2005
• [Upmanyu, 2010] Upmanyu M., Namboodiri A.M., Srinathan K. & Jawahar, C.V. “Blind Authentication: A Secure Crypto-Biometric Verification Protocol”, IEEE Trans. Info. Forensics and Security 5:2, 2010
• [Vaikuntanathan, 2011] Vaikuntanathan, V. “Computing Blindfolded: New developments in Fully Homomorphic Encryption”, IEEE 52nd Annual Symposium on FOCS, pp 5-16
• [vanDijk, 2010] Van Dijk, M. & Juels, A., “On the impossibility of cryptography alone for Privacy Preserving Cloud Computing”, Proc. Of HotSec.
• [Verbitskiy, 2003] Verbitskiy E., Tuyls P., Denteneer D. & Linnartz, J.P., “Reliable Biometric Authentication with Binary Protection”, 24th Benelux Symp. On Info. Theory, 2003
146
Bibliography
• [Vielhauer, 2013] Vielhauer C., Dittmann J. & Katzenbeisser, S., “Design Aspects of Secure Biometrics Systems and Biometrics in the Encrypted Domain”, in “Security and privacy in Biometrics”, P. Campisi (Ed.), Springer, pp 25-43, 2013
• [Xie, 2015] Xie, P., Bilenko, M., Finley, T., Gilad-Bachrach, R., Lauter, K. & Naehrig, M., “Crypto-Nets: Neural Networks over Encrypted Data”, ICLR, arXiv: 1412.6181
• [Yi, 2014] Yi, X., Paulet, R. & Bertino, E. (Eds), “Homomorphic Encryption and Applications”, Springer ISBN 978-3-319-12228-1
147