%Aigaion2 BibTeX export from Idiap Publications
%Wednesday 16 October 2024 10:07:01 AM

@PHDTHESIS{OtroshiShahreza_THESIS_2024,
         author = {Otroshi Shahreza, Hatef},
       keywords = {biometric template protection, Biometrics, Face Recognition, face reconstruction, information leakage, linkability, presentation attack, speaker recognition, template inversion, vascular biometrics},
       projects = {TRESPASS-ETN},
          title = {On the Information in Deep Biometric Templates: from Vulnerability of Unprotected Templates to Leakage in Protected Templates},
           year = {2024},
         school = {EPFL},
            url = {https://infoscience.epfl.ch/entities/publication/a7828942-9cc6-42e8-af06-329503160beb},
            doi = {10.5075/epfl-thesis-10778},
       abstract = {Biometric recognition systems tend toward ubiquity and are widely being used in different applications for authentication purposes. Compared to conventional authentication tools, such as PIN or password, which are always in danger of being forgotten or stolen, biometric authentication offers excellent convenience for the user. In contrast, in addition to security threats, biometric systems are also in danger of privacy issues. This is because biometric data include privacy-sensitive information of enrolled subjects, which causes privacy concerns in the application of biometric systems. Generally, in biometric systems, some features (also known as templates) are often extracted from biometric data, and are stored in the database of the system. Then, during recognition, similar templates are extracted and compared to the ones stored in the database. In this thesis, we focus on templates stored in biometric systems and investigate the vulnerability of systems to different attacks based on templates stored in the database of a biometric system.

In the first part of the thesis, we consider the face recognition system as one of the popular biometric systems and show that if an adversary gains access to the database of a face recognition system, they may be able to reconstruct face images of underlying leaked facial templates. The reconstructed face images not only reveal privacy-sensitive information but also can be used to impersonate the systems that the user is enrolled in. We evaluate the adversary's successful attack rate in entering the system based on an injection attack by bypassing the camera. In addition, we consider the real-world scenario where the adversary may perform a practical presentation attack to impersonate and evaluate the attack rate.

In the second part of the thesis, we propose new methods to protect biometric templates. We present MLP-Hash, a new cancelable biometric scheme that works based on random multi-layer perceptrons (MLP). We also discuss a hybrid template protection mechanism that leverages cancelable biometric and homomorphic encryption. Using cancelable biometric and homomorphic encryption not only boosts for a higher security of the protected templates but also reduces the required computation compared to applying homomorphic encryption only. The proposed template protection schemes can be used in systems of different biometric modalities (face, voice, finger vein, etc.). Finally, we present a new method to protect and enhance vascular biometric recognition methods using BioHashing and an auto-encoder network.

The last part of this thesis is focused on the evaluation of template protection schemes. We first benchmark different template protection schemes based on the ISO/IEC 24745 standard requirements. We discuss the metrics to evaluate the leakage of information in the protected biometric templates. In particular, we investigate the invertibility of protected biometric templates and also propose a new measure to evaluate the linkability of protected templates. The proposed linkability metric is based on maximal leakage, which is a well-studied measure in information-theoretic literature. We show that the resulting linkability measure has a number of important theoretical properties and an operational interpretation in terms of statistical hypothesis testing. We further explore the application of our proposed method for the case that the adversary gains access to multiple protected templates.}
}