Skip to main content Accessibility help
  • Print publication year: 2017
  • Online publication date: June 2017

16 - Joint Privacy and Security of Multiple Biometric Systems

from Part IV - Data Systems and Related Applications


This paper explores the design of biometric authentication in the context of a single user that has enrolled in multiple (distinct) authentication systems. The compromise of some subset of these systems will generally impact both the privacy of the user's biometric information and the security of the balance of the systems. In this work we consider how to design the systems jointly to minimize losses in privacy and security in the case of such compromise. It turns out that there is a tension between the two objectives, resulting in a privacy/security tradeoff.We introduce worst-case privacy and security measures, and consider the tradeoff between them, in the context of the “secure sketch” architecture. Secure sketch systems are based on error correction codes, and the considerations of joint design that we pose result in a novel code design problem. We first study the design problem algebraically and identify an equivalence with a type of subspace packing problem. While the packing problem fully characterizes the design space, it does not yield an explicit characterization. We then turn to a “fixed-basis” subspace of the general design space. We map a relaxed version of the fixed-basis design problem to a linear program which, after exploiting much symmetry, leads to an explicit tradeoff between security and privacy. While we show that fixed-basis designs are restrictive in terms of the achievable privacy/security tradeoffs, they have the advantage of being easily mapped to existing codes (e.g., low-density parity check codes), and thence to immediate deployment. Finally, we conjecture that the achievable privacy/security tradeoff of fixed-basis designs is characterized by an extremely simple analytic expression, one that matches our numerical results.


The goal of an authentication system is to ensure that only legitimate individuals gain access to a secured resource or area. Increasingly popular are methods of authentication that use biometric data – unique information present in a person's physical attributes. An example of such a biometric system is a laptop-mounted fingerprint scanner, or an iris scanner at an airport.

[1] A., Jain, P., Flynn, and A., Ross, Handbook of Biometrics. New York: Springer, 2008.
[2] P., Reid, Biometrics and Network Security. Upper Saddle River, NJ: Prentice Hall, 2003.
[3] N., Ratha, J., Connell, and R., Bolle, “Enhancing security and privacy in biometrics-based authentication systems,” IBM Syst. J., vol. 40, no. 3, pp. 614–634, 2001.
[4] P., Campisi, Security and Privacy in Biometrics. New York: Springer, 2013.
[5] T., Ignatenko and F. M. J., Willems, Privacy Leakage in Binary Biometric Systems: From Gaussian to Binary Data. London: Springer, 2013, pp. 105–122.
[6] Y., Wang, S., Rane, S. C., Draper, and P., Ishwar, “A theoretical analysis of authentication, privacy and reusability across secure biometric systems,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 6, pp. 1825–1840, Dec. 2012.
[7] L., Lai, S.-W., Ho, and H. V., Poor, “Privacy–security trade-offs in biometric security systems – Part II: Multiple use case,” IEEE Trans. Inf. Forensics Security, vol. 6, no. 1, pp. 140–151, Mar. 2011.
[8] R., Koetter and F., Kschischang, “Coding for errors and erasures in random network coding,” IEEE Trans. Inf. Theory, vol. 54, no. 8, pp. 3579–3591, Aug. 2008.
[9] A., Khaleghi, D., Silva, and F., Kschischang, Subspace Codes, ser. Lecture Notes in Computer Science, vol. 5921, pp. 1–21. Berlin, Heidelberg: Springer, 2009.
[10] A., Dimakis, P., Godfrey, Y., Wu, M., Wainwright, and K., Ramchandran, “Network coding for distributed storage systems,” IEEE Trans. Inf. Theory, vol. 56, no. 9, pp. 4539–4551, Sep. 2010.
[11] P., Sobe and K., Peter, “Comparison of redundancy schemes for distributed storage systems,” in IEEE Int. Symp. Network Computing and Apps., Cambridge, MA, USA, Jul. 2006, pp. 196–203.
[12] A., Shamir, “How to share a secret,” Commun. ACM, vol. 22, no. 11, pp. 612–613, Nov. 1979.
[13] Y., Sutcu, S., Rane, J. S., Yedidia, S., Draper, and A., Vetro, “Feature extraction for a Slepian–Wolf biometric system using LDPC codes,” in Proc. IEEE Int. Symp. Inf. Theory, Toronto, ON, Canada, Jul. 2008, pp. 2297–2301.
[14] D., Silva and F., Kschischang, “On metrics for error correction in network coding,” IEEE Trans. Inf. Theory, vol. 55, no. 12, pp. 5479–5490, Dec. 2009.
[15] E., Erkut, “The discrete p-dispersion problem,” European J. Operational Research, vol. 46, no. 1, pp. 48–60, May 1990.
[16] A., Goldberg and S. C., Draper, “The privacy/security tradeoff across jointly designed linear authentication systems,” in Proc. 52nd Annual Allerton Conf. Commun., Control, Computing, Monticello, IL, USA, Sep. 2014, pp. 1279–1286.
[17] K., Metsch, “A characterization of Grassmann graphs,” Eur. J. Combinatorics, vol. 16, no. 6, pp. 639–644, Nov. 1995.
[18] J., Kosiorek, A., Matras, and M., Pankov, “Distance preserving mappings of Grassmann graphs,” Beitr. Algebra Geom., vol. 49, no. 1, pp. 233–242, Jan. 2008.
[19] R., Bailey and K., Meagher, “On the metric dimension of Grassmann graphs,” Discrete Math. & Theoretical Computer Science, no. 4, pp. 97–104, Jan. 2011.
[20] D., Djokovic, “Distance-preserving subgraphs of hypercubes,” J. Comb. Theory B, vol. 14, no. 3, pp. 263–267, Jun. 1973.
[21] H., Cheung, T., Kwok, and L., Lau, “Fast matrix rank algorithms and applications,” in ACM Symp. Theory Computing, New York, NY, USA, May 2012, pp. 549–562.
[22] A., Goldberg, “The privacy/security tradeoff for multiple secure sketch biometric authentication systems,” Master's thesis, Univ. of Toronto, 2015.