Information-theoretic Privacy and Secrecy in Biometric Identification and Authentication

Sammanfattning: Nowadays, biometrics are more and more deployed to reinforce traditional authentication or identification that uses keys, passwords, etc. Biometric identification and authentication have been studied from various information-theoretic perspectives, where privacy and secrecy are two important aspects. Due to the uniqueness of biometrics, the abuse of biometric information can invoke privacy issues. Moreover, for authentication based on secret keys, compromised secret keys can lead to compromised access to the system.  In this thesis, we deepen the study of the privacy and secrecy perspectives, characterize fundamental limits, and propose fundamental limits-achieving polar code designs.Based on the basic biometric identification and authentication system, we study five extensions: (i) noisy enrollment and privacy-preservation, where inevitable noise when enrolling in biometrics is incorporated; (ii) two-stage setting with privacy preservation, where both the enrollment phase and the identification phase are operated in two steps; (iii) multiple systems setting, where the biometric information of users is used in multiple systems; (iv) uncertainty setting, where two uncertainty aspects are considered, i.e., the probability mass function of users’ biometric information and the observation channel; (v) polar code designs, where fundamental limits-achieving polar code designs are derived. To preserve privacy, we propose to include additional private keys. The results reveal how the private keys can be efficiently utilized. For the two-stage setting, two layers of help data are produced in the enrollment phase. Then in the identification and authentication phase, the observed user is first processed with the first layer helper data and the system outputs a list. Then the system only processes the observation with part of the users in the system, thus the exhaustive search can be avoided. In the multiple systems setting, it is allowed to reuse the public data and thus achieves a more efficient design. Moreover, depending on whether the systems are built together at once or new systems are built based on the legacy system, we study both the joint design and the incremental design. For the polar code designs, we consider a setting where the privacy preservation level can be adapted by adapting the size of the private key. For both the uncertainty setting and the polar code designs, strong secrecy is achieved, which is more stringent than the weak secrecy requirement considered in the other settings. These five studied settings generalize the known setting studied in the literature. As corollaries or remarks, we provide the characterizations for related problems. The extensions reduce the gap between the models and real biometric systems. The obtained results provide a guideline for the design of biometric identification and authentication systems.