Fundamental Limits for Privacy-Preserving Biometric Identification Systems That Support Authentication


In this paper, we analyze two types of biometric identification systems with protected templates that also support authentication. In the first system, two terminals observe biometric enrollment and identification sequences of a number of individuals. It is the goal of these terminals to form a common secret for the sequences belonging to the same individual by interchanging public (helper) messages of all individuals such that the information leakage about the secrets from these helper messages is negligible. These secret keys are used for authentication purposes. Moreover, the second terminal should be able to establish the identity of an individual based on the presented biometric identification sequence and helper messages. It is important to realize that biometric data are unique for individuals and cannot be replaced if compromised. Therefore, the helper messages should contain as little as possible information about the biometric data. In the second setting, we consider the first terminal does not generate secret keys from biometric sequences of individuals but chooses them uniformly at random. These keys are conveyed to the second terminal by communicating the corresponding helper messages. In this paper, we determine the fundamental tradeoffs between secret-key, identification, and privacy-leakage rates for both biometric settings.

IEEE Transactions on Information Theory