This paper explores the design of biometric authentication in the context of a single user that has enrolled in multiple (distinct) authentication systems. The compromise of some subset of these systems will generally impact both the privacy of the user's biometric information and the security of the balance of the systems. In this work we consider how to design the systems jointly to minimize losses in privacy and security in the case of such compromise. It turns out that there is a tension between the two objectives, resulting in a privacy/security tradeoff.We introduce worst-case privacy and security measures, and consider the tradeoff between them, in the context of the “secure sketch” architecture. Secure sketch systems are based on error correction codes, and the considerations of joint design that we pose result in a novel code design problem. We first study the design problem algebraically and identify an equivalence with a type of subspace packing problem. While the packing problem fully characterizes the design space, it does not yield an explicit characterization. We then turn to a “fixed-basis” subspace of the general design space. We map a relaxed version of the fixed-basis design problem to a linear program which, after exploiting much symmetry, leads to an explicit tradeoff between security and privacy. While we show that fixed-basis designs are restrictive in terms of the achievable privacy/security tradeoffs, they have the advantage of being easily mapped to existing codes (e.g., low-density parity check codes), and thence to immediate deployment. Finally, we conjecture that the achievable privacy/security tradeoff of fixed-basis designs is characterized by an extremely simple analytic expression, one that matches our numerical results.
The goal of an authentication system is to ensure that only legitimate individuals gain access to a secured resource or area. Increasingly popular are methods of authentication that use biometric data – unique information present in a person's physical attributes. An example of such a biometric system is a laptop-mounted fingerprint scanner, or an iris scanner at an airport.