Tutorial at IJCB 2011
Biometrics: Practical Issues in Privacy and Security

October 10, 2011
Doubletree Hotel Crystal City, Washington D.C.
13:30 - 17:00, Potomac View Room
Terrance Boult and Walter Scheirer
Securics, Inc. and the University of Colorado at Colorado Springs

Course Description
This half-day tutorial will cover recent advances in privacy and security research for biometrics. While we might consider biometrics to be just another useful application of computer vision, the concept of personal identity is important from several perspectives. From a cultural perspective, the more the world converges, the more individual cultures wish to maintain their separate identities. From an individual perspective, the greater the population and the tendency to reduce people to stereotypes, the greater the desire to establish an individual identity. There is, however, another level where identity and the verification of identity, is becoming increasingly important in relation to all manner of transactions, from those related to mobility, to those related to legal, and political, rights and obligations, finally to financial and economical transactions. The intrusion of technology into these areas is not new, but their heightened visibility and ubiquity can create anxiety. This holds particularly true for biometrics.

The first half of this tutorial will present an overview security and privacy issues with traditional biometrics, introduce the Biometrics Dilemma, various threats it poses and a model for biometric database risk, highlighting the problem with standard large-scale biometrics. The tutorial will explain why standard encryption does not solve the template protection problem, but also explores best practices in using standard encryption that can improve security. Moving to security, the tutorial will examine security system architectures, the role of authentication in such systems and the standard architectures for authentication using biometrics. It will examine the advantages that biometrics bring, how biometrics can improve security and even privacy in such systems, and then discuss their weakness in both security and privacy. The tutorial will briefly discusses the Nobel prize winning Economic theory of asymmetric information, Akerlof's market for lemons and Kerckhoffs' principles for security, and their implications for biometrics systems, especially large scale deployments.

The second half of this tutorial is an in-depth review of the state of the art in what is sometimes called privacy preserving biometric technologies including biometric encryption, fuzzy vaults, fuzzy extractors, biometric hashing, cancelable biometrics, and revocable biotokens. Face, fingerprint, and iris systems will be covered in detail. The tutorial will then walk through a security analysis of these technologies including the published attacks. We will also highlight the potential for these emerging privacy enhancing technologies to protect data in "the cloud," as we move toward the routine use of large-scale computing power where the security of data cannot be assured as well as in a local computing site. Finally, we will conclude with practical issues related to actual deployments of privacy preserving biometric technologies, including the development of large-scale biocryptographic infrastructures.

The tutorial is intended to be relatively interactive with the opportunity discussion of some of the more subtle issues and a few "exercises" given out during the day with a discussion of the answers later in the day.

Part I: An Overview of Issues Related to Biometric Privacy and Security
Part II: A Survey of Template Protection Technologies