FB pixel

Some progress on protecting biometric templates, evaluating methods

EAB and CITeR review the state of the art
Categories Biometric R&D  |  Biometrics News
Some progress on protecting biometric templates, evaluating methods

As biometric templates are more widely enrolled, stored and used, and the methods used to attack the privacy of people and the security of systems advance, ways to protect those templates are evolving, and were discussed in the recent Biometrics Workshop in Martigny, Switzerland.

The European Association for Biometrics organized the hybrid event in collaboration with the Center for Identification Technology Research (CITeR), and it was held at the Idiap Research Institute.

Evaluating biometric template protection

Dr. Marta Gomez-Barrero of Hochschule Ansbach kicked off the topic with a keynote on the ‘Evaluation of Template Protection Schemes.’

Gomez-Barrero noted the importance of template privacy protection for GDPR compliance, a topic recently explored in some depth by the EAB, and other countries are following suit.

The belief that biometric data cannot be extracted from templates, commonly-held ten or more years ago, has been exploded, Gomez-Barrero says. Hill-Climbing is presented as an example of inverse biometrics attacks. Similarly, cross-matching attacks can theoretically break biometric security with stolen templates.

For templates to preserve privacy, they should reveal no information about the subject, be irreversible, unlinkable and renewable. These characteristics are reflected in the ISO/IEC 24745 standard. Gomez-Barrero also explained the difference between the latter two.

From there, the presentation explored how biometric templates can be protected, and what kinds of cryptography can help.

The pseudonymous identifier framework set out in the ISO standard describes a two-stage conversion to protect templates.

Evaluations of template security schemes should, like academic research in general, start with public baseline systems, according to Gomez-Barrero, along with public databases, what the attacker knows, and the evaluation protocol.

ISO requirements for accuracy, irreversibility, unlinkability, robustness to cross-matching attacks, and computational load increase. The latter, Gomez-Barrero says, is “especially important for approaches based, for instance, on homomorphic encryption.” Each analysis was explained in some detail, and several new concepts, such as “semi-linkable” biometrics introduced.

The importance of choosing “proper” keys is well known in cryptography, but must also be heeded in biometrics, Gomez-Barrero emphasized.

This part of the presentation catered to the large portion of the EAB, CITeR and Idiap audience comfortable with formulas for advanced metrics and the graphs that accompany them.

Innovations on offer

Ideas from the commercial developers, academia and research bodies to protect the privacy and security of biometric templates followed.

Tech5 Co-founder, Chairman and CTO Rahul Parthe presented the company’s printed cryptograph, Erik Guoqiang Li of Mobai spoke about homomorphic encryption, and Lennig Pedron of Trust Valley Switzerland initiative Tech4Trust introduced the public-private partnership’s development hubs. The Tech4Trust runs a 6-month acceleration program for technology projects to enhance trust, including with biometrics. Applications for the next cohort of startups are open now.

Christian Rathgeb of Hochschule Darmstadt discussed biometric cryptosystems, Johannes Ernst of University of St. Gallen presented the concept of “function-hiding inner-product functional encryption,” which allows the evaluation of the “inner-product of two encrypted or hidden vectors,” which can be used in biometric authentication. Hatef Otroshi of Idiap spoke about how deep facial templates can be inverted to reveal biometric data using face generation with StyleGAN, and Norman Poh of Trust Stamp gave a talk on the use of biometrically-bound credentials to perform transactions over the internet without exchanging biometric material.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


Biometric ID cards remain foundational, but don’t count out fingerprint smart cards

Biometric national ID cards top the most-read news of the week on Biometric Update, between a contract in Cameroon for…


DHS and TSA adjust digital strategies with biometrics, facial recognition

U.S. government agencies are adapting in real time to a digital landscape transformed by AI, identity fraud, deepfakes and biometric…


Finger vein biometrics from Global ID deployed in Namibia’s fight against HIV

A new application of Global ID’s finger vein biometrics to help reduce HIV Infections among vulnerable young people is launching…


Bill allowing biometric age verification for booze sales moves to Missouri Senate

The Maryville Forum reports that Missouri retailers could soon perform age verification using biometric methods such as facial recognition or…


Victorians sign up for mobile driving licenses in droves but let down at the pub

Victoria reports 200,000 people signing up for mobile driving licenses (mDLs) within the first 48 hours of their introduction this…


Retail biometrics queues up from shopping malls to quick serve restaurants

Despite skepticism among American consumers, biometric payments in retail are about to have a moment, according to some experts. These…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events