Biometrics are finding increased adoption over the past few years in a variety of applications including authentication and identification. However, there are widespread security and privacy concerns about the dangers of using biometric data in an ubiquitous and unchecked manner. Security concerns stem from the fact that biometric data cannot be easily revoked or replaced. Once some biometric data are compromised, they remain compromised forever. Privacy concerns arise from the fact that biometrics data are tightly bound to a person's identity such that they can be used to violate their privacy.
Despite that there has been a lot of research done over the past few decades on developing techniques for capturing and matching biometric data, security and privacy issues have received comparably less attention. Unfortunately, traditional cryptographic techniques (e.g., shadow passwords) cannot be easily adapted to protect biometric data. The main difficulty is that biometric samples cannot be exactly reproduced.
The main objective of this project is to develop simple, practical and provably effective cryptographic techniques for the security and privacy of biometric data.
Our approachs are two-fold. On one hand, we study hueristic-based techniques, which we call Robust Hash, where we design hash functions that are robust to small noise in the input, yet it is (hueristically) difficult to invert the hash functions. Some results appeared in [4,6].
On the other hand, we also employ rigorous methods based recently proposed cryptographic primitives called secure sketch (Dodis et al., Eurocrypt'04). We study how to construct secure sketch for continuous data (). It is tricky to measure the security in this case since ``entropy loss'' for continuous data could be very high or even meaningless. We propose to look at an additional security measure called relative entropy loss. We also study how to apply a theoretically sound scheme in practice ([2,3]). It is observed through experiments that there are various trade-offs among the performance and security parameters of the biometric authentication systems, which have to be examined carefully when designing such systems.
This material is based upon work partially supported by the National Science Foundation under Grant No. 0716490.
A bibliography on biometric security can be found here