Abstract | ||
---|---|---|
Fuzzy extractors allow cryptographic keys to be generated from noisy, non-uniform biometric data. Fuzzy extractors can be used to authenticate a user to a server without stor- ing her biometric data directly. However, in the Informa- tion Theoretic sense fuzzy extractors will leak information about the biometric data. We propose as alternative to use a fuzzy embedder which fuses an independently generated cryptographic key with biometric data. As fuzzy extractors, a fuzzy embedder can be used to authenticate a user with- out storing her biometric information or the cryptographic key on a server. A fuzzy embedder will leak in the Informa- tion Theoretic sense information about both the biometrics and the cryptographic key. While both types of leakage are important, information leakage of the biometric data is criti- cal since the cryptographic key as opposed to biometric data can be renewed. We show that constructing fuzzy embed- ders which leak no information about the biometrics is the- oretically possible. We present a construction which allows controlling the leakage of biometric information, but which requires a weak secret at the decoder called dither. If this secret is compromised the security of the construction will degrade gracefully. (biometric data) x. Like a fuzzy extractor, a fuzzy embedder allows recovery of the binary key k, in the presence of x' (a corrupted version of x) at the decoder. Contribution. We show that it is possible for a fuzzy em- bedder to make the output p statistically independent from the biometric input x or x'. We propose to use dithering tech- niques to break the correlation between the secret biomet- ric information and the data that is made public. We give a practical construction based on quantization data-hiding codes (6) which requires a weak secret at the decoder. We show that if the secret is compromised, or if it is simply im- possible to store secret information at the decoder, the secu- rity of the construction will degrade gracefully. 2. FUNDAMENTALS Notation. By capital letters we denote random variables while small letters are used to denote realizations of random variables. A random variable X is endowed with a domain of definition, DX and a probability density function fX(x). We denote the characteristic function of X by |
Year | Venue | Keywords |
---|---|---|
2008 | EUSIPCO | biometrics (access control),cryptography,fuzzy set theory,biometric data,biometric information leakage control,cryptographic key,dithering,fuzzy embedder,information theoretic sense fuzzy extractor,user authentication |
DocType | ISSN | Citations |
Conference | 2219-5491 | 7 |
PageRank | References | Authors |
0.59 | 6 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ileana Buhan | 1 | 111 | 7.16 |
Jeroen Doumen | 2 | 326 | 21.84 |
Pieter Hartel | 3 | 1159 | 115.28 |