Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Homomorphic Encryption Protects Biometric Templates
Similar to Homomorphic Encryption Protects Biometric Templates (20)
Recently uploaded
Recently uploaded (20)
Homomorphic Encryption Protects Biometric Templates
- 1. Homomorpic Encryption in Template Protection Tolun TOSUN
- 2. Motivation ● Biometric information is considered as sensitive data(EU General Data Protection Regulation 2016/679) ● Biometric templates should be protected to prevent any leakage of the underlying information ● ISO/IEC 24745 defines the international standard on biometric information protection
- 3. ISO/IEC 24745 2 main requirements ★ Irreversibility: Given a protected template, going back to the original sample should not be possible ★ Unlinkability: Two templates from different systems (protected under different keys) should not be linked
- 4. Template Protection 1. Cancelable biometrics: Biometric data is distorted or applied an irreversible transformation a. biohashing, bloom filters, biometric salting 2. Cryptobiometrics: Cryptographic key is whether extracted from the biometric data or bound with it 3. Biometrics in the encrypted domain: The templates are encrypted and processed in the encrypted domain with the help of Homomorphic Encryption and/or Garbled circuits.
- 5. Verification Architecture ➔ The authentication server should not learn Tr or Tp ➔ The database server should not learn Tr , Tp or trace subjects ➔ The client should not learn Tr ➔ Honest-but-curious adversary model
- 6. Homomorphic Encryption ● We should somehow compute distance from Tr to Tp ● Homomorphic encryption allows us to apply arithmetic operations on cipher texts. We can add and/or multiply ciphertexts if the encryption system is homomorphic! ○ RSA is multiplicative homomorphic. m1 e m2 e = (m1 m2 )e (mod n) ● (Semi) Homomorphic Encryption: add or multiply ciphertexts ○ we can add/multiply ciphertexts with plaintexts w.r.t. the algorithm ● Full Homomorphic Encryption: add and multiply ciphertexts ● Somewhat Homomorphic Encryption: add and multiply ciphertexts up to a limit
- 7. Pailler Crypto System ● Semi Homomorphic(HE) ● Public Key Encryption ○ two keys, public key PK and private key SK ○ ct=EPK (pt) ○ pt=DSK (ct) ● Probabilistic Encryption ○ EPK (pt)≠EPK (pt)’ ● Based on difficulty of existence of n-residue ○ given a composite n and an integer z , decide whether there exists y such that z = y n mod n 2 . ● pt ∈ Zn Homomorphic Properties ● Ciphertext addition ○ ct1 = EPK (pt1 ), ct2 = EPK (pt2 ) ○ ct1 ⊕ct2 = EPK (pt1 +pt2 ) ● Plaintext addition ○ ct1 = EPK (pt1 ), pt2 ○ ct1 ⊕pt2 = EPK (pt1 +pt2 ) ● Plaintext multiplication ○ ct1 = EPK (pt1 ), pt2 ○ ct1 ⨀ pt2 = EPK (pt1 .pt2 )
- 8. Encrypted Euclidian Distance Computation w/ Pailler
- 9. Encrypted Cosine Distance Computation w/ Pailler
- 10. Evaluation ● Gomez-Barrero et al.(2017) mentions the previous two functions in their paper and constructed a multi-biometric verification system on top of them. ● As we have a probabilistic encryption scheme, Irreversibility and unlinkability is met. ○ Irreversibility: Given a protected template, going back to the original sample should not be possible ○ Unlinkability: Two templates from different systems (protected under different keys) should not be linked ● Both distances perform the same in encrypted format in terms of accuracy. ● Length of their feature set is 140 (F=140), and number of enrolled samples is 4. ● They report the timing of a single verification process as 5.10-4 seconds.
- 11. R-LWE based SWHE ● Somewhat Homomorphic(SWHE) ● Public Key Encryption ○ two keys, public key PK and private key SK ○ ct=EPK (pt) ○ pt=DSK (ct) ● Probabilistic Encryption ○ EPK (pt)≠EPK (pt)’ ● Based on difficulty of Ring version of Learning with Errors Lattice Problem. ● Examples: BGV, FV ● pt ∈ Zp m [x] (polynomials) ○ example plaintext: am-1 xm-1 +am-2 xm-2 +..a1 x+a0 Basic Homomorphic Properties ● Ciphertext addition ○ ct1 = EPK (pt1 ), ct2 = EPK (pt2 ) ○ ct1 ⊕ct2 = EPK (pt1 +pt2 ) ● Plaintext addition ○ ct1 = EPK (pt1 ), pt2 ○ ct1 ⊕pt2 = EPK (pt1 +pt2 ) ● Ciphertext multiplication ○ ct1 = EPK (pt1 ), ct2 = EPK (pt2 ) ○ ct1 ⨀ct2 = EPK (pt1 .pt2 ) ● Plaintext multiplication ○ ct1 = EPK (pt1 ), pt2 ○ ct1 ⨀ pt2 = EPK (pt1 .pt2 ) ● And more.. But these operations can be performed up to a limit defined by the noise budget
- 12. Encrypted Dot Product Computation Using R-LWE based SWHE
- 13. Evaluation ● the previous secure dot product calculation function is a simplified version of the secure hamming distance computation algorithm taken from Yasuda (2017). The paper also explains an efficient way to decrypt only the constant term. Moreover, the secure tool is used to build a challenge-response based verification system. (a different protocol than the picture we have seen) ● Again, as we have a probabilistic encryption scheme, Irreversibility and unlinkability is met. ● No loss in accuracy. ● They report the timing of a single verification process as 5.10-3 seconds. It sounds worse than Gomez-Barrero et al.(2017). However their feature set F can be up to 2048 in the reported timing. (it was 140 in Gomez-Barrero et al.(2017))
- 14. REFERENCES Gomez-Barrero, M., Maiorana, E., Galbally, J., Campisi, P., & Fierrez, J. (2017). Multi-biometric template protection based on homomorphic encryption. Pattern Recognition, 67, 149-163. Yasuda, M. (2017). Secure Hamming distance computation for biometrics using ideal-lattice and ring-LWE homomorphic encryption. Information Security Journal: A Global Perspective, 26(2), 85-103. Gomez-Barrero, M., Galbally, J., Morales, A., & Fierrez, J. (2017). Privacy-preserving comparison of variable-length data with application to biometric template protection. IEEE Access, 5, 8606-8619. Nautsch, A., Isadskiy, S., Kolberg, J., Gomez-Barrero, M., & Busch, C. (2018). Homomorphic Encryption for Speaker Recognition: Protection of Biometric Templates and Vendor Model Parameters. arXiv preprint arXiv:1803.03559. Karabat, C., Kiraz, M. S., Erdogan, H., & Savas, E. (2015). THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system. EURASIP Journal on Advances in Signal Processing, 2015(1), 71.