C - MMSP 2014
advertisement
MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy February 17, 2014 A communication paradigm for biometrics security and privacy Emanuele Maiorana, Patrizio Campisi emanuele.maiorana@uniroma3.it Department of Engineering, University Roma Tre Via Volterra 62, 00146, Rome, Italy Biometric Recognition Systems MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● • Automatic systems performing people recognition using their physical or behavioral characteristics – applications law enforcement o criminal identification access control o physical or logical – advantages cannot be lost or stolen improved security – desired properties performance circumvention acceptability E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Security and Privacy Issues • Main concerns affecting users’ acceptability MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● – security if compromised, biometrics cannot be replaced – privacy misuse of data (function creep) • Need for securing the employed biometric templates – cryptography templates vulnerable during authentication – hashing not error-tolerant, biometrics can vary – template protection schemes templates modified for o providing protection o providing renewability o guaranteeing performance E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Fuzzy Commitment x MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Binarization b c Encoding m Enrollment Authentication ~ x Hash ~ Binarization b v ~ c Decoding Hash Decision Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● • Most employed biometric protection scheme – binarization of 𝐱 binary template 𝐛 – error correcting code 𝐜 XORed with 𝐛 to manage variability – storage of helper data 𝐯 • Issues – binding process biometrics/keys limited to the XOR – binary block codes have low error correction capability (ECC) high False Rejection Rates (FRRs) due to biometrics variability low security, limited by the lenght k of the binary key 𝐦 A. Juels, M. Wattenberg, "A fuzzy commitment scheme", ACM CCS, 1999 E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Code-Offset Sketch v MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing x code C ~ x-x Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● -x~ c c~ • General construction – c: codeword selected from a code C – x: biometric template – v = f(x,c): code-offset example: v = f(x,c) = x + c should not reveal information on neither x nor c – 𝐜 = g(𝐱,v): revert binding operation user recognized iff 𝐱 ≃ 𝐱 𝐜 ≃ 𝐜 E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Modulation Similarity MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing c Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● n c~ • Modulation – c: symbol selected from a constellation (ex.: QAM, PSK) – n: noise added by the channel 𝐧 = 𝐱 − 𝐱 in the code-offset scheme – 𝐜: received corrupted symbol to be demodulated • Proposed approach – use of a modulation-like scheme for FC generalization improvement in both verification rates and security E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Proposed Scheme x MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy Hash m m Turbo Encoding Modulation c f(x,c) Enrollment Authentication Decision Hash ~ m February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● Message Generator Channel Joint Turbo Decoding and Demodulation ~ v g(𝐱,v) c x~ • Characteristics – use of turbo-codes for managing intra-class variability – codes modulated into s symbols of an L-points constellation – binding expressed through a generic function f () values in x may belong to an alphabet different than c’s one added noise characterized as n = c − c= g(x, f(x, c)) − f(x, c) – joint demodulation and decoding of 𝐜 = g(𝐱,v) use of turbo-codes in soft-decoding modality ECC improved without user-specific information (privacy leakage) E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Practical Implementation • Constellation MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● – Phase Shift Keying (PSK) modulation symbols in c as L possible points in a complex circle • Binding function hard to say which symbols may generate a given value in v o quantization of each element of x in D possible values (D > L) o linear mapping of the values to the interval [- ; ] o binding v = f(x,c) = c · eix 𝐜 = g(𝐱, v) = v · e-i ̃x c~ c v E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Security evaluation MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing • Measured through the entropy H(x/v) – knowing v, having m directly provides x: H(m/v) = H(x/v) using a (n, k) turbo code, if v is known 𝐱 can be recovered from 𝑘 𝑛 only 𝑧 = log 𝐿 symbols (instead of 𝑠 = log 𝐿) 2 2 𝐻 𝐱 𝑧 |𝐯 estimated with second-order dependency approximation Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● 𝑃 𝐱𝑧 = 𝑧 𝑖=1 𝑃 𝐱 𝑢𝑖 𝑧 |𝐱 𝑡(𝑢𝑖 ) 𝑧 , 1𝑡 𝑢𝑖 <𝑢𝑖 , 𝐮 = 𝑢𝑖 , 1 𝑖 z 𝑧 𝐻 𝐱 𝑧 |𝐯 = min min 𝑧∈𝑍 𝐮 𝐻 𝐱 𝑢𝑖 𝑧 , 𝐱 𝑡(𝑢𝑖) 𝑧 |𝐯 − 𝐻 𝐱 𝑡(𝑢𝑖 ) 𝑧 |𝐯 𝑖=1 – ideal biometric representations 𝐱 should possess low intra-class variability, for managing it with feasible ECCs a large number of features, for using codes with large k independent features, for the 𝑧 most-correlated ones determine the security E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Application: On-line Signatures • Biometric representation MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing – use of Universal Background Models (UBMs) users’ templates obtained adapting a person-independent model o use of Hidden Markov Models (HMMs) as global model adaptation of the Gaussians mean values with a user-independent matrix P mu = mUBM + P·xu Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● – characteristics theoretically uncorrelated features possible large feature number: 4800 o significant intra-class variability s most stable features selected in a training phase • no information-leakage • Database – samples taken from the MCYT on-line signature DB 25 genuine and 25 skilled forgeries for each of 100 users E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Experimental results • Fuzzy commitment MMSP 2014 – BCH codes unacceptable performance s FRR FAR 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● 511 50.0 0.3 8.7 H(xZ|v) 1023 61.5 0.2 9.6 2047 77.8 0.0 10.4 4095 93.6 0.0 11.3 – turbo codes on binary data (L=D=2) still high FRR no soft-decoding s 511 4.6 8.5 22.9 FRR FAR H(xZ|v) 1023 7.4 3.9 50.7 2047 15.0 1.6 108.1 4095 32.4 0.4 221.5 • Proposed approach s L D=4 D=8 2047 FRR FAR H(xZ|v) FRR FAR H(xZ|v) 2 2.1 22.3 79.8 1.3 67.2 61.0 4 6.1 8.7 184.1 0.5 74.5 126.2 4095 2 6.0 7.8 166.7 4.1 44.2 127.9 4 13.2 2.2 378.1 1.8 54.3 274.2 – increasing L improves FAR and security, worsening FRR – increasing D improves FRR, worsening FAR and security E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Application: Iris • Biometric representation MMSP 2014 – use of Daugman’s rubber sheet model iris segmented and normalized to create a rectangular template o phase information of the Gabor filtering retained as features 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● – characteristics highly correlated features (severe issue for security) possible large feature number: I x J = 240 x 20 = 4800 features significant intra-class variability o intra-class variability reduction with a user-independent mask keeps regions where occlusions (eyelids) are not encountered (s = 2048) • Database – samples taken from the CASIA-v4 iris DB 2251 images taken from 395 irises, from 249 subjects E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Experimental results • Fuzzy commitment vs Proposed approach MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing BCH Codes Fuzzy Commitment Turbo Codes Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● Proposed Approach L=2 L=4 D=2 D=4 D=8 D=2 D=4 D=8 FRR 48.8 53.7 60.4 71.3 13.7 13.8 13.9 14.3 FAR 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 13 31 47 71 268 310 368 450 H(xZ|v) 5.7 13.9 20.7 31.2 117.7 140.4 163.5 200.4 13.4 4.84 3.00 13.6 8.92 0.0 0.1 0.3 0.0 0.0 132 132 132 268 268 67.4 18.6 11.6 117.7 46.7 k • Recognition accuracy comparison E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Conclusions MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing • Proposal of a template protection scheme inspired by the digital communication paradigm – modulation constellations for symbol representation – turbo-decoding employed in soft-modality generalization of the fuzzy commitment scheme Forni di Sopra, Italy February 17, 2014 ● ● ● ● ● ● ● ● ● ● ● ● ● • Tests with on-line signatures and iris biometrics – great flexibility in selecting the operating conditions – improved performance in verification rates and security achieving low FRR and high security are conflicting requisites o proper selection of parameters L and D • Future developments – applications to other biometrics – analysis of multi-biometrics systems E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy Bibliography MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy • E. Maiorana, P. Campisi, “Fuzzy Commitment for Function based Signature Template Protection”, IEEE Signal Processing Letters, Vol. 17, No. 3, pp. 249 - 252, March 2010 • E. Maiorana, “Biometric cryptosystem using function based online signature recognition”, Expert Systems with Application, Elsevier, Vol. 37, No. 5, pp. 3676 - 3684, May 2010 February 17, 2014 • E. Argones, E. Maiorana, J. A. Castro, and P. Campisi, “Biometric template protection using universal background models: An application to online signature,” IEEE Transactions on Information Forensics and Security, 7(1), pp. 269–282, January 2012 • E. Maiorana, D. Blasi, P. Campisi, “Biometric Template Protection using Turbo Codes and Modulation Constellations,” IEEE WIFS, December 2012 • E. Maiorana, P. Campisi, A. Neri, “Iris Template Protection Using A Digital Modulation Paradigm”, IEEE ICASSP, May 2014 E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy MMSP 2014 4th Thematic Meeting on Multimedia Signal Processing Forni di Sopra, Italy Thanks for your attention! February 17, 2014 Questions? emanuele.maiorana@uniroma3.it E. Maiorana, P. Campisi - A communication paradigm for biometrics security and privacy
