FB pixel

Some progress on protecting biometric templates, evaluating methods

EAB and CITeR review the state of the art
Categories Biometric R&D  |  Biometrics News
Some progress on protecting biometric templates, evaluating methods
 

As biometric templates are more widely enrolled, stored and used, and the methods used to attack the privacy of people and the security of systems advance, ways to protect those templates are evolving, and were discussed in the recent Biometrics Workshop in Martigny, Switzerland.

The European Association for Biometrics organized the hybrid event in collaboration with the Center for Identification Technology Research (CITeR), and it was held at the Idiap Research Institute.

Evaluating biometric template protection

Dr. Marta Gomez-Barrero of Hochschule Ansbach kicked off the topic with a keynote on the ‘Evaluation of Template Protection Schemes.’

Gomez-Barrero noted the importance of template privacy protection for GDPR compliance, a topic recently explored in some depth by the EAB, and other countries are following suit.

The belief that biometric data cannot be extracted from templates, commonly-held ten or more years ago, has been exploded, Gomez-Barrero says. Hill-Climbing is presented as an example of inverse biometrics attacks. Similarly, cross-matching attacks can theoretically break biometric security with stolen templates.

For templates to preserve privacy, they should reveal no information about the subject, be irreversible, unlinkable and renewable. These characteristics are reflected in the ISO/IEC 24745 standard. Gomez-Barrero also explained the difference between the latter two.

From there, the presentation explored how biometric templates can be protected, and what kinds of cryptography can help.

The pseudonymous identifier framework set out in the ISO standard describes a two-stage conversion to protect templates.

Evaluations of template security schemes should, like academic research in general, start with public baseline systems, according to Gomez-Barrero, along with public databases, what the attacker knows, and the evaluation protocol.

ISO requirements for accuracy, irreversibility, unlinkability, robustness to cross-matching attacks, and computational load increase. The latter, Gomez-Barrero says, is “especially important for approaches based, for instance, on homomorphic encryption.” Each analysis was explained in some detail, and several new concepts, such as “semi-linkable” biometrics introduced.

The importance of choosing “proper” keys is well known in cryptography, but must also be heeded in biometrics, Gomez-Barrero emphasized.

This part of the presentation catered to the large portion of the EAB, CITeR and Idiap audience comfortable with formulas for advanced metrics and the graphs that accompany them.

Innovations on offer

Ideas from the commercial developers, academia and research bodies to protect the privacy and security of biometric templates followed.

Tech5 Co-founder, Chairman and CTO Rahul Parthe presented the company’s printed cryptograph, Erik Guoqiang Li of Mobai spoke about homomorphic encryption, and Lennig Pedron of Trust Valley Switzerland initiative Tech4Trust introduced the public-private partnership’s development hubs. The Tech4Trust runs a 6-month acceleration program for technology projects to enhance trust, including with biometrics. Applications for the next cohort of startups are open now.

Christian Rathgeb of Hochschule Darmstadt discussed biometric cryptosystems, Johannes Ernst of University of St. Gallen presented the concept of “function-hiding inner-product functional encryption,” which allows the evaluation of the “inner-product of two encrypted or hidden vectors,” which can be used in biometric authentication. Hatef Otroshi of Idiap spoke about how deep facial templates can be inverted to reveal biometric data using face generation with StyleGAN, and Norman Poh of Trust Stamp gave a talk on the use of biometrically-bound credentials to perform transactions over the internet without exchanging biometric material.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics cycle from innovations to scale-up opportunities

Biometrics integrations range from the experimental to the everyday in the most-read articles of the week on Biometric Update. Yesterday’s…

 

US Justice developing AI use guidelines for law enforcement, civil rights

The US Department of Justice (DOJ) continues to advance draft guidelines for the use of AI and biometric tools like…

 

Airport authorities expand biometrics deployments with Thales, Idemia tech

Biometric deployments involving Thales, Idemia and Vision-Box, alongside agencies like the TSA,  highlight the aviation industry’s commitment to streamlining operations….

 

Age assurance laws for social media prove slippery

Age verification for social media remains a fluid issue across regions, as stakeholders argue their positions to courts and governments,…

 

ZeroBiometrics passes pioneering BixeLab biometric template protection test

ZeroBiometrics’ face biometrics software meets the specifications for template protection set out in the ISO/IEC 30136, according to a pioneering…

 

Apple patent filing aims for reuse of digital ID without sacrificing privacy

A patent filing from Apple for ensuring a presented reusable digital ID belongs to the person holding it via selfie…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events