ANONYMOUS BIOMETRICS

Abstract

In this thesis, we developed techniques that enable to use biometric traits for authentication in an anonymous manner. At first glance, the concept of anonymous biometrics seems quite odd since biometric traits are closely linked to our identity. Moreover, the widespread adoption of biometrics in forensics, border control, surveillance applications have biased the general vision that users have if asked to show their biometrics. The basic idea behind anonymous biometrics is to do not use biometrics themselves as identifiers, but rather bind the biometric trait with a secret key that acts as the authenticator. The biometric trait becomes a factor of the authentication protocol that let the user reproduce the identifier that has been previously assigned to him. In this way, the authentication service provider does not need to know the biometric sample itself, or any representation of it. Because of the intrinsic noisiness of biometrics, classical cryptographic techniques are not suitable, and specific techniques, known as biometric cryptosystems, have been developed. In this context, we present a novel biometric cryptosystem obtaining perfect security, that is not leaking any information about the employed secret key from the knowledge of the data stored in the database. While similar methods have already been sought in the literature, the approaches proposed so far have been evaluated in terms of recognition performance under the unrealistic assumption of ideal statistical distributions for the considered biometric data. Conversely, in this thesis, we investigate the applicability of the proposed framework to practical scenarios while managing a trade-off between privacy and recognition performance. This goal has been achieved by introducing a class of transformation functions enforcing zero leakage secrecy, by designing an adaptive strategy for embedding the secret key bits into the selected features, and by developing a system parameters optimization strategy with respect to security, recognition performance, and privacy. Experimental tests conducted on real fingerprint data prove the effectiveness of the proposed scheme. Another important aspect is to ensure the untraceability along different services. That means that we should be able to produce different identifiers starting from the same biometric trait, but these should be indistinguishable from identifiers originated by independent users. The vulnerability of our system to the linkability attack has been analysed and an enhanced system is proposed in order to counteract it. A frequently neglected aspect in cryptosystem design proposals and analysis is the impossibility to synchronise signals once they are encrypted. Any kind of biometric should be aligned before doing any comparison. That means that further auxiliary data must be stored as a reference. This could leak too much information making the cryptosystem design useless. In this context, we propose a novel translation-invariant representation for fingerprint minutiae.