The relation between the secrecy rate of biometric template protection and biometric recognition performance

The relation between the secrecy rate of biometric template protection and

biometric recognition performance

Raymond N.J. Veldhuis

University of Twente

PO Box 217, 7500AE Enschede, The Netherlands

r.n.j.veldhuis@utwente.nl

Abstract

A theoretical result relating the maximum achievable se-curity of the family of biometric template protection sys-tems known as key-binding syssys-tems to the recognition per-formance of a biometric recognition system that is optimal in Neyman-Pearson sense is derived. The relation allows for the computation of the maximum achievable key length from the Receiver Operating Characteristic (ROC) of the optimal biometric recognition system. Illustrative examples that demonstrate how the shape of the ROC impacts the se-curity of a template protection system are presented and dis-cussed.

1. Introduction

We will present a theoretical result that relates the max-imum achievable security of a family of biometric tem-plate protection systems to the recognition performance of an optimal biometric recognition system. Biometric tem-plate protection refers to a class of systems that store bio-metric features in a form that, ideally, does not reveal in-formation about the underlying biometric data. The prin-ciples of biometric template protection have been reviewed and discussed in [25, 12, 20]. Its concept and terminology have been standardised by ISO in [10]. An overview of this standard and of performance metrics related to biomet-ric template protection systems is given in [23]. Currently ISO is standardising the performance metrics of biometric template protection [11].

Encryption schemes such as fuzzy commitment [14] and fuzzy fault [13] have been embedded in biometric recogni-tion systems for the purpose of template protecrecogni-tion. These systems are also referred to as key-binding systems. A block diagram of a generic key-binding system is shown above the dashed line in Figure 1, e.g. [9, 30]. This block diagram, which is common in information theoretical pa-pers on biometric template protection, differs from the

rep-ENC DEC BIOMETRIC COMPARATOR S S ' x y s t s≥ t Biometric Key Binding Biometric Comparison w d∈ M,¬M

{

}

Figure 1. Block diagrams of a key-binding biometric system (above dashed line) and a biometric comparison system (below dashed line).

resentation that has been standardised in [10], but can eas-ily be mapped onto it. At enrolment, a secret binary key Sis combined with biometric features x – conveniently ar-ranged into a vector and denoted by a bold symbol – by an encoder ENC. This results in the helper data w. Ideally, the helper data does not reveal information about the bio-metric features, nor about the secret. Therefore, it can be stored in the clear. At verification, the decoder DEC com-bines the helper data with biometric features y in order to reconstruct the secret. The reconstructed secret S′_{can then} be compared with the original secret S and if and only if S = S′ _{it will be decided that features x and y originate} from the same biometric source, e.g. the same finger or iris of the same individual. Since biometric features from the same biometric source are likely to exhibit within subject variations, it cannot be guaranteed that x = y. Therefore, the encoder and decoder have error-correcting capabilities.

In order to protect the secret S it is hashed before storage and the comparison is done after hashing S′_{. Obviously, a} longer secret yields a better security.

A key-binding system can be seen as a noisy channel transmitting a secret S from an enrolment station to a ver-ification station, with the within-subject variability of the biometric features determining the quality of the channel. According to Shannon’s Channel Capacity Theorem, e.g. [22] or another textbook on information theory, errorless transmission is feasible if the length of the secret per pair of features (x, y), further denoted as the secrecy rate R, is be-low the channel capacity. In [11] the reciprocal of R, called Successful Attack Rate (SAR), is proposed as as standard performance metric for the secrecy of a biometric template protection system.

For key-binding systems it has been shown in [2] that the channel capacity, or equivalently the maximum achievable secrecy rate R∗_{, is equal to the mutual information between} the biometric features x and y, given that they originate from the same biometric source. Outside the context of bio-metric template protection, the mutual information between biometric features can be regarded as a quantifier for the information content of the biometric data. An alternative quantifier for this is the Kullback-Leibler distance between the population feature distribution and the feature distribu-tion of an individual proposed in [1].

The maximum achievable secrecy rate of a key-binding system is an information-theoretical asymptotic upper bound that depends solely on the joint probability density of the biometric input features. For all sorts of practical rea-sons the maximum achievable secrecy rate may be hard to achieve. It may even be hard to compute, for it requires that the joint probability density functions of x and y be known. Expressions for the maximum achievable secrecy rate have been derived for the case that the biometric features have Gaussian distributions in [6, 30].

The helper data w should not reveal information about the secret nor about the enrolled biometric features x. How-ever, due to the presence of error correction, some of this information will leak. This can be quantified in terms of the mutual information between helper data and enrolled bio-metric features and the mutual information between helper data and secret. The trade-off between leakage and the suc-cessful attack rate is discussed in [17, 9, 30, 29]. In this pa-per we will not consider leakage nor any other of the desired properties of biometric template protection systems such as unlinkability and irreversibility [23, 11], but we will focus on the relation between the maximum achievable secrecy rate and the optimal biometric recognition performance.

The block diagram below the dashed line in Figure 1 shows a biometric comparator, which is the heart of any biometric recognition system. A biometric comparator pro-duces a comparison score s, which is compared to a

pre-defined threshold t. Without loss of generality we take the comparison score to be a similarity score. If it is above the threshold it is decided that the biometric features x and y re-sult from the same biometric source – this is called a match. Otherwise, the decision is that the biometric features result from different biometric sources – called a nonmatch. Be-cause of the inherent variability of biometric features, the biometric comparator can make two types of errors: a false match or a false nonmatch. The trade-off between the prob-abilities of these errors is controlled by varying the thresh-old t. The recognition performance of a biometric compara-tor is often expressed by the Receiver Operating Character-istic (ROC). The ROC plots the probability of a true match – the true-match rate, i.e. 1 minus the probability of a false nonmatch – as a function of the probability of a false match – the false-match rate. A biometric comparator that is op-timal in Neyman-Pearson sense maximises the true-match rate at a given false-match rate [27]. The ROC of the opti-mal biometric comparator will be denoted as the maximum achievable ROC. Taking the likelihood ratio, or any mono-tonic function of it, as the score value will result in a bio-metric comparator that is optimal in Neyman-Pearson sense [4, 6, 27].

Like the maximum achievable secrecy rate of a key-binding system, the maximum achievable ROC is also a the-oretical upper bound that depends solely on the joint prob-ability of the biometric input features. For the same rea-sons as mentioned for mutual information it may be hard to achieve or to compute.

The secrecy rate of template protection systems has been related to indicators for the biometrics recognition perfor-mance by, for instance [15, 16], but this was only done for a specific class of systems based on quantised feature vectors and under the assumption that the biometric features have a joint Gaussian probability density. To our best knowledge, no relation has been published that allows for the computa-tion of the maximum achievable secrecy rate from biometric performance characteristics. The main novelty of this paper is, therefore, the presentation of a simple relation between the maximum achievable secrecy rate R∗_{of a key-binding} system and the maximum achievable ROC τ∗_{(α), with α} denoting the false-match rate, given by

R∗ = ! 1 0 dτ∗(α) dα log2 " dτ∗(α) dα # dα. (1)

This relation can be used to compute R∗_{from τ}∗_{(α). As} a second result, it will be shown that (1) implies that the maximum achievable secrecy rate increases with the overal biometric performance.

In the remainder of this paper these results will be de-rived and discussed, and some illustrating examples based on realistic data will be presented. In Section 2 it will be shown that the mutual information equals the statistical

ex-pectation of the likelihood ratio. Section 3 will discuss a relevant property of the ROC that is needed to arrive at the main results. Then Section 4 will relate the maximum achievable ROC and the expected mutual information and present our main results. The result (1) is an expression for an information-theoretical performance bound. This means that it must be interpreted with some care, which will be discussed in Section 5. Section 6 will present and discuss examples that illustrate how the shape of the ROC affects the maximum achievable secrecy rate. Finally, Section 7 will present conclusions.

2. Mutual information and the likelihood ratio

The maximum achievable secrecy rate of a key-binding system is given by the mutual information between a pair of biometric features originating from the same biometric source [2]. It is given by I(x; y_{|S) =} (2) ! fx,y(x, y|S) log2 $ fx,y(x, y|S) fx(x)fy(y) % dxdy. The underlined symbols, e.g. x, denote random variables. The function fx,y(x, y|S) is the probability density of the feature pair (x, y) given that the features originate from the same biometric source. This condition is denoted by S. The product fx(x)fy(y) = fx,y(x, y|D) is the probability den-sity of (x, y) under the condition that the features originate from different sources, denoted by D. There are no condi-tions on the probability density funccondi-tions other than that the integral in (2) converges.

The argument of the logarithm in (2) is identical to the likelihood ratio

l(x, y) = fx,y(x, y|S) fx(x)fy(y)

, (3)

which, when used as a similarity score, optimally discrimi-nates pairs (x, y) of biometric features originating from the same biometric source from pairs originating from different biometric sources in Neyman-Pearson sense [4, 6, 27].

The equations for the mutual information in (2) and for the likelihood ratio in (3) do not put restrictions on the na-ture of the feana-tures x and y. Each can be derived from a single biometric sample, but it is, for instance, also al-lowed that each vector contains the features of more bio-metric samples or that x and y originate from heterogenous biometric sources such as from a visible-light and a near-infrared facial image.

According to (2), the mutual information I(x; y|S) is by definition the statistical expectation of the log-likelihood ra-tio under the condira-tion S that the features originate from the

same biometric source. I.e.

I(x; y|S) = E{log2(l(x, y))|S}, (4) with E{·} denoting the statistical expectation. In what fol-lows, we will use this property to obtain a relation between I(x; y|S) – and thus the maximum achievable secrecy rate – to the maximum achievable ROC of a biometric compara-tor.

3. Interpreting the ROC as a probability

The similarity score s resulting from a biometric com-parison is a random variable because it depends on the ran-dom inputs x and y of the biometric comparator. The com-parator can operate under the two conditions: S – the inputs originate from the same biometric source – and D – the in-puts originate from different biometric sources. Let the set of possible score outcomes be S. The false-match rate an the true-match rate are, respectively, defined by

fmr(t) = Pr_{{s ≥ t|D}, t ∈ S,} (5) tmr(t) = Pr{s ≥ t|S}, t ∈ S, (6) with Pr{E} denoting the probability of an event E, and tthe decision threshold of the biometric comparator. The ROC is defined as the set of pairs {(fmr(t), tmr(t)|t ∈ S}, or equivalently as a function τ(α) = tmr(t) for t such that fmr(t) = α. For classifiers that are optimal in Neyman-Pearson sense, it ihas been shown, e.g. [27], that the ROC is a concave function of α. For fmr(t) = α we have

τ (α) = tmr(t) = Pr_{{s ≥ t|S}}

= Pr{fmr(s) ≤ fmr(t)|S}

= Pr_{{fmr(s) ≤ α|S}.} (7) The step between the second and the third line of the deriva-tion can be taken because fmr(t) is monotonically non-increasing with t. The result (7) implies that, if we use the false-match rate characteristic fmr to define a mapping of the score s to a random variable α, defined by

α = fmr(s), (8)

then

τ (α) = Pr_{{α ≤ α|S}.} (9) Therefore, the ROC is the probability distribution of α given that the input samples are from the same biometric source and its derivative dτ (α)

dα is the corresponding probability density function. A similar result was derived in [18]. Note that α computed by (8) is a dissimilarity score, whereas s is a similarity score.

4. The maximum achievable secrecy rate

The maximum achievable ROC will be denoted by τ∗(α). It is a well-known property of maximum achievable ROCs [27] that

l(x, y) = dτ ∗_(α)

dα , for α = fmr(l(x, y)), (10) which expresses the likelihood ratio as a function of the dis-similarity score α. This, with (4) and the result from Sec-tion 3 that dτ∗(α)

dα is the probability density of α in (10) given that the input samples are from the same biometric source leads to our first main result

R∗ = I(x; y_|S) = E_{log2(l(x, y))|S} = E & log2 $ dτ∗(α) dα ' ' ' '_α=α %''_' ' 'S ( = ! 1 0 dτ∗(α) dα log2 "_dτ∗_(α) dα # dα (11) = ₋ ! 1 0 log2 "_{dα∗(τ )} dτ # dτ, (12)

with α∗_{(τ )the inverse of τ}∗_{(α). Equations (11) and (12)} present two equivalent forms of the result. The first one is in terms of the maximum achievable ROC and the sec-ond, slightly more compact one, is in terms of its inverse, or quantile function. Cf. [28] for a derivation of the last step.

We will show now that the maximum achievable secrecy rate increases with the overal biometric performance, which is our second main result. The result (11) can also be written as

R∗=−h(α|S), (13)

with h(α|S) the differential entropy of the dissimilarity score α computed by (8) given that the input samples are from the same biometric source. Note that, unlike the en-tropy of a discrete random variable, the differential enen-tropy can be negative. Equation (13) states that the maximum achievable secrecy rate decreases with increasing differen-tial entropy of α given that the input samples are from the same biometric source. Indeed, the ROC τ(α) = α of a fully random classifier has h(α|S) = 0 and cannot con-vey a secret, whereas a perfect classifier is characterised by

dτ (α)

dα = δ(α)and, therefore, h(α|S) = −∞, allowing for an infinitely long secret. We formalise our result as follows: If the maximum achievable ROCs of two types of biometric feature sets, denoted by A and B, are given by τ∗

A(α)and τ∗

B(α), respectively, and their maximum achievable secrecy rates by R∗

Aand RB∗, respectively, then

τB∗(α)≤ τA∗(α), α∈ [0, 1] ⇒ R∗B≤ R∗A. (14)

This indeed expresses that the maximum achievable secrecy rate increases with the overal biometric performance. The proof is as follows. On the interval α ∈ [α1, α2]we replace τA∗(α)by a chord that is a tangent of τB∗(α). Because a max-imum achievable ROC is concave, the probability density

dτA∗(α)

dα is monotonically non-increasing. Replacing τA∗(α) on α ∈ [α1, α2]by a chord is equivalent to replacingdτ

∗ A(α)

dα on α ∈ [α1, α2] by its average on that interval. The thus modified ROC is still concave. It can be shown that this replacement increases the differential entropy. This can be understood intuitively because a segment of dτA∗(α)

dα is re-placed by a uniform density, which has maximum differ-ential entropy. In subsequent steps, other segments of the modified τ∗

A(α)are replaced by chords that are also tangents of τ∗

B(α). After each step τB∗(α)is better approximated by the new modification of τ∗

A(α)and the differential entropy has increased. This procedure will converge to a situation where the modified τ∗

A(α)is identical to τB∗(α) while the differential entropy has increased. This implies that the dif-ferential entropy of τ∗

B(α)is higher than that of τA∗(α)and therefore the maximum achievable secrecy rate of feature type B must be below that of feature type A.

5. Discussion

As is true for all information theoretic bounds, the ex-pressions for R∗ _{as given in (11) and (12) must be} inter-preted with some care. In particular, estimating R∗_{form an} ROC τ(α) obtained in an evaluation experiment may lead to an incorrect result due to design choices, modelling er-rors, estimation erer-rors, and sensitivity of (11) to deviations of τ∗_{(α)as we will explain below.}

Design choices The ROC τ∗_{(α)in (11) and (12) reflects} the recognition performance of an optimal, i.e. likelihood-ratio based, classifier and is solely based on knowledge of the joint probability density functions of the input signals. For good pragmatic and practical reasons of complexity and robustness and because these probability functions are un-known, many biometric recognition systems are not based on the likelihood ratio, but on alternative classifiers based on, for instance, Euclidean distance, total absolute distance, or support vector machines. As a result, the ROC of such systems will be below the maximum achievable ROC and R∗_{will be underestimated, because of (14).}

Modelling errors Biometric recognition systems that are actually likelihood-ratio based have been proposed, e.g. [21, 4, 24], but it is questionable for two reasons whether their measured ROCs can be considered optimal, despite the good recognition results that have been reported for those systems. The first reason is that the design of these likelihood-ratio classifiers is based on (often Gaussian)

model assumptions for the biometric features, which may not be valid. The second reason is that the model param-eters are obtained in a training process and they may not be fully representative for the testing data. These reasons have as an effect that the measured ROC will also be be-low the maximum achievable one and R∗_{will again be} un-derestimated because of (14). The same two objections, in fact, also hold for estimating the R∗_{by computing I(x; y|S)} from estimated probability density functions.

Estimation errors Even when the biometric comparator has an ROC close to τ∗_{(α), care must be taken because a} measured ROC is noisy, due to the fact that the number of score values that it is computed from is necessarily finite. A large set of testing data is therefore recommended to ob-tain an accurate ROC. Moreover, a measured ROC conob-tains steps, because it is computed via empirical approximations [3] of fmr(t) and tmr(t), based on counting the scores ex-ceeding the threshold t. These steps will lead to infinite val-ues ofdτ (α)

dα and divergence of the integrals in (11) and (12). These steps, including the one at α = 0, can be avoided by a proper smoothing that guarantees the necessary concave character of an maximum achievable ROC, for example by taking the convex hull of the estimated ROC [8].

Sensitivity The region where dτ (α)

dα ≫ 1 , i.e. α close to 0, largely determines the outcome of (11). Because of the differentiation and the steepness of a good ROC, the result is very sensitive to deviations of the estimated τ(α) from τ∗_{(α)in this area, whether they be due to design choices,} modelling errors, or measurement errors. Unfortunately, this is the most inaccurate part of an estimated ROC due to the limited numbers of scores exceeding high thresholds. In Section 6 we will demonstrate how a small change in τ(α) in this range can lead to a large change in the estimated se-crecy rate.

6. Examples

In this section we will study the effect of the shape of τ∗_{(α)on R}∗_{by computing R}∗ _{for two prototypical types} of ROCs. We will also discuss to what extent these types of ROCs can model the behaviour of good biometric systems and be used to estimate their secrecy rate.

The first type of ROC lies close to the line τ = 1 and is tangential to it for low similarity score values, but it is not tangential to the line α = 0 for high similarity scores. This type is further denoted as TT (Top Tangential). The second type lies close to the line α = 0 and is tangential to it for high similarity score values, but it is not tangential to the line τ = 1. This type is further denoted as LT (Left Tangential). We choose a simple parametrisation for each

, 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 = $ TT (, ;m ), = $ LT (, ;m ) 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Figure 2. Examples of a top tangential ROC τ∗

TT(α; m)(solid)

de-fined in (15) and left tangential ROC τ∗

LT(α; m)(dashed) defined

in (16), both with m = 20.

of the ROCs. For the top tangential ROCs we define τTT∗ (α; m) = 1− (1 − α)m, (15) and for the left tangential ROCs

τLT∗ (α; m) = α

1

m. (16)

Figure 2 shows examples of each type, for m = 20. Note that one type of ROC can be obtained from the other by mirroring it about the line α + τ = 1. Consequently, for the same m τ∗

TT(α; m)and τLT∗ (α; m)have the same area under curve AUC and the same Equal-Error Rate (EER), which are common indicators of biometric recognition per-formance.

The performances at a few points of operations of four biometrics systems that have been evaluated in large-scale tests have been plotted in Figure 3, together with plots of τ∗

TT(α; m)and τLT∗ (α; m). The top graph shows τTT∗ (α; m) and τ∗

LT(α; m)for m = 4500 together with the EER points and the true-match rates at false-match rates 10−2_{, 10}−3_, and 10−4 _{of two methods that perform well in the} one-to-one comparison of the FVC Ongoing [7] fingerprint verifi-cation context. The discs represent the performance of the method EMB9300 that gives the highest true-match rate at a false-match rate of 10−4_{. The filled squares represent the} performance of the method TigerAFIS that gives the highest true-match rate at a false-match rate of 10−2_{. These figures} have been derived from the ones published on https:// biolab.csr.unibo.it/fvcongoing/ on Novem-ber 20, 2014. The performance of the method EMB9300 in the range α ∈ [10−4_{, 10}−2_{] seems well modelled by} τ∗

, 0 0.001 0.002 0.003 0.004 0.005 0.006 0.007 0.008 0.009 0.01 = $ TT (, ;m ), = $ LT (, ;m ) 0.995 0.996 0.997 0.998 0.999 1 FVC Ongoing , 0 0.001 0.002 0.003 0.004 0.005 0.006 0.007 0.008 0.009 0.01 = $ TT (, ;m ), = $ LT (, ;m ) 0.9 0.92 0.94 0.96 0.98 1 FRVT2006

Figure 3.Top graph: A top tangential ROC τ∗

TT(α; m)(solid) and

left tangential ROC τ∗

LT(α; m)(dashed), both with m = 4500 and

4 points of operation of the algorithms EMB9300 (discs) and Tig-erAFIS (filled squares) derived from https://biolab.csr. unibo.it/fvcongoing/, Cf. [7].Bottom graph: A left tan-gential ROC τ∗

LT(α; m)(dashed), with m = 215 and 3 points of

operation of the algorithms NV1–1to1 (discs) and V–1to1 (filled squares) derived from [19, page 43].

might be better modelled by a mixture of τ∗

TT(α; m) and τ∗

LT(α; m).

The bottom graph in Figure 3 shows τ∗

LT(α; m)for m = 215together with the true-match rates at false-match rates 10−2, 10−3, and 10−4of two methods that performed well in the controlled experiment on the high-resolution dataset for one-to-one algorithms in the face recognition vendor test (FRVT) 2006 [19]. The discs represent the performance of the method NV1–1to1 that gives the highest true-match rate at a false-match rate of 10−4_{. The filled squares represent} the performance of the method V–1to1 that gives the highest true-match rate at a false-match rate of 10−2_{. These figures} have been derived from [19, page 43]. The performance of the method V–1to1 in the range α ∈ [10−4_{, 10}−2_{] seems} well modelled by τ∗

LT(α; 215). The true-match rates for the four methods that are plotted in Figure 3 are listed in the first four data rows of Table 1.

The explicit expressions for τ∗

TT(α; m)and τLT∗ (α; m) allow for an analytic computation of the corresponding se-crecy rates as a function of m. For the top tangential ROCs in (15) we obtain

R∗TT(m) = log2(m)−

m_{− 1}

m log(2), (17) and for the left tangential ROCs in (16)

R∗LT(m) = m_{− 1}

log 2 − log2(m). (18)

Table 1. True-match rates at various points of operation and es-timated secrecy rates of four biometrics systems that have been evaluated in large-scale tests.

EMB9300 TigerAFIS NV1–1to1 V–1to1 TMR@EER 0.9986 0.9989 TMR@10−2 _{0.9991 0.9997 0.9774 0.9785} TMR@10−3 _{0.9984 0.9989 0.9763 0.9683} TMR@10−4 _{0.9978 0.9976 0.9737 0.9521} RLT[#bits] 6479 301 RPW[#bits] 13.2 13.2 12.5 12.7

Although the EER and AUC of these types of ROC depend on m in the same way, this is not the case for their respec-tive maximum secrecy rates. The maximum secrecy rate of the left tangential ROC increases much faster with increas-ing m than that of the top tangential ROC. Figure 4 plots the maximum secrecy rates resulting from the top tangen-tial (top graph) and the left tangentangen-tial (bottom graph) ROCs as a function of equal error rate. The figure is obtained by computing the EER and maximum secrecy rates for various values of the parameter m. It is clear from these graphs that at realistic EERs in the range [10−3_{, 10}−2_{]orders of} magni-tude higher secrecy rates can be obtained if the ROC is left tangential than if it is top tangential. In fact, the maximum achievable secrecy rate are much higher than anything that has been reported to be obtained by a real system.

EER

10-3 10-2 10-1 100

Secrecy rate (#bits) ₀ 2 4 6 8 10 12 Top tangential EER 10-3 10-2 10-1 100

Secrecy rate (#bits)₁₀-2

100 102

104 Left tangential

Figure 4.Top graph: The maximum achievable secrecy rate R∗

as a function of EER for top tangential rocs τ∗

TT(α; m). Bottom

graph: The maximum achievable secrecy rate R∗_{as a function}

of EER for left tangential rocs τ∗

LT(α; m). The disc and filled

squares show R∗_{for the methods EMB9300 and V1–1to1 under}

the assumption that their ROCs can be modelled by τ∗ LT(α; m)

from (16). The (open) circle and square show R∗_{of these}

respec-tive methods under the more modest assumption that their ROCs can be modelled piece wise linearly.

From Figure 3 is seems that the methods EMB93000 and V–1to1 have true-match rates that seem well-modeled by a left tangential ROC in the range α ∈ [10−3_{, 10}−2_{]. If that} behaviour could be extrapolated towards α = 0, then these methods would have the high maximum secrecy rates RLT given in the fifth row of Table 1 and that are plotted in Fig-ure 4. The disc in this figFig-ure indicates the true-match rate for EMB9300 and the filled square that for V–1to1. How-ever, these high secrecy rates are mostly a consequence of the steep departure from α = 0 by the model ROC τ∗_(α). A slight change of the ROC near α = 0 may lead to much more pessimistic results. If, for instance, the ROCs are ap-proximated piece-wise linearly by straight lines connecting the measured points, then the maximum achievable secrecy rate would drop to the mere 12–13 bits presented in the last row of Table 1 and in Figure 4 by the open symbols. This drop is mostly caused by the change of behaviour for the ROCs at low false-match rates, which confirms the obser-vation made in Section 5 that R∗_{is sensitive to the shape of} the ROC near α = 0.

From the examples presented in this section it can be concluded that for a high R∗_{, if possible, features should be} selected that result in an ROC with a left-tangential charac-ter that is steep for low α. At the same time, a measured ROC must be interpreted with care, because of the sensitiv-ity of R∗ _{to (errors in) the shape of the ROC at low values} of α.

7. Conclusions

A new relation between the maximum achievable se-crecy rate of a key-binding biometric template protection system and the maximum achievable ROC of a biometric comparator has been presented. This relation allows for the computation of the maximum achievable secrecy rate from the maximum achievable ROC.

Both the maximum achievable secrecy rate and the max-imum achievable ROC are functions of the probability den-sity functions of pairs of biometric features. Practical bio-metric template protection systems and practical biomet-ric comparators may not be able to achieve those bounds. Moreover, the underlying probability densities may be un-known and estimated ROCs may be inaccurate, in particular in the critical range of low false-match rates. Therefore, an estimate of the secrecy rate based on a measured ROC must be interpreted with care.

We have shown that the shape of the ROC, in particular the steepness for low false-match rates, has a great impact on the maximum achievable bit rate. If possible, the de-signer of a key-binding template protection system should try to use features that result in an ROC that is steep at low false-match rates. Other characteristics, such as equal-error rate, area under curve or false-nonmatch rate at a certain false-match rate are less relevant.

The fact that the maximum achievable secrecy rate, and thus the protection of the biometric data, depends on the recognition performance of the biometric may be undesir-able, because privacy reasons may demand that biometric modalities with a weaker recognition performance need a strong protection as well. A solution to this problem is to perform the complete biometric recognition in the crypted domain, for instance by applying homomorphic en-cryption. Results following this approach have been pre-sented in [26, 5].

References

[1] A. Adler, R. Youmaran, and S. Loyka. Towards a measure of biometric information. In Electrical and Computer Engi-neering, 2006. CCECE ’06. Canadian Conference on, pages 210–213, May 2006.

[2] R. Ahlswede and I. Csiszar. Common randomness in in-formation theory and cryptography. I. secret sharing. Infor-mation Theory, IEEE Transactions on, 39(4):1121–1132, Jul 1993.

[3] M. Ayer, H. Brunk, G. Ewing, W. Reid, and E. Silverman. An empirical distribution function for sampling with incom-plete information. The Annals of Mathematical Statistics, 26(4):641–647, 12 1955.

[4] A. Bazen and R. Veldhuis. Likelihood-ratio-based biometric verification. IEEE Transactions on Circuits and Systems for Video Technology, 14(1):86–94, January 2004.

[5] J. Bringer, H. Chabanne, M. Favre, A. Patey, T. Schneider, and M. Zohner. GSHADE: faster privacy-preserving dis-tance computation and biometric identification. In ACM Information Hiding and Multimedia Security Workshop, IH&MMSec ’14, Salzburg, Austria, June 11-13, 2014, pages 187–198. ACM, 2014.

[6] J. de Groot. Biometric Security on Body Sensor Networks. PhD thesis, Technical University of Eindhoven, June 2014. [7] B. Dorizzi, R. Cappelli, M. Ferrara, D. Maio, D. Maltoni,

N. Houmani, S. Garcia-Salicetti, and A. Mayoue. Finger-print and on-line signature verification competitions at icb 2009. In M. Tistarelli and M. Nixon, editors, Advances in Biometrics, volume 5558 of Lecture Notes in Computer Sci-ence, pages 725–732. Springer Berlin Heidelberg, 2009. [8] T. Fawcett and A. Niculescu-Mizil. PAV and the ROC convex

hull. Machine Learning, 68(1):97–106, July 2007.

[9] T. Ignatenko and F. Willems. Biometric systems: Privacy and secrecy aspects. Information Forensics and Security, IEEE Transactions on, 4(4):956–973, Dec 2009.

[10] ISO/IEC JTC1 SC27 Security Techniques. International iso/iec standard 24745:2011. Information Technology - Se-curity Techniques - Biometric Information Protection, 2011. [11] ISO/IEC JTC1 SC37 Biometrics. International iso/iec 4th working draft. Performance testing of template protection schemes, 2015.

[12] A. Jain, K. Nandakumar, and A. Nagar. Biometric template security. EURASIP Journal on Advances in Signal Process-ing, 2008(1):579416, 2008.

[13] A. Juels and M. Sudan. A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2):237–257, 2006.

[14] A. Juels and M. Wattenberg. A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security, CCS ’99, pages 28–36, New York, NY, USA, 1999. ACM.

[15] E. Kelkboom, J. Breebaart, I. Buhan, and R. Veldhuis. Ana-lytical template protection performance and maximum key size given a gaussian-modeled biometric source. In Bio-metric Technology for Human Identification VII, Orlando, Florida, volume 7667 of Proceedings of SPIE, pages 1–12, Bellingham, WA, USA, April 2010. SPIE–The International Society for Optical Engineering.

[16] E. Kelkboom, J. Breebaart, I. Buhan, and R. Veldhuis. Max-imum key size and classification performance of fuzzy com-mitment for gaussian modeled biometric sources. Informa-tion Forensics and Security, IEEE TransacInforma-tions on, PP(99):1, 2012.

[17] L. Lai, S.-W. Ho, and H. Poor. Privacy-security tradeoffs in biometric security systems. In Communication, Control, and Computing, 2008 46th Annual Allerton Conference on, pages 268–273, Sept 2008.

[18] M. Pepe. An interpretation for the ROC curve and infer-ence using GLM procedures. Biometrics, 56(2):pp. 352–359, 2000.

[19] P. Phillips, W. Scruggs, A. O’Toole, P. Flynn, K. Bowyer, C. Schott, and M. Sharpe. NISTIR 7408: Frvt 2006 and ice 2006 large-scale results. NIST internal report, National Institute of Standards and Technology, March 2007. [20] C. Rathgeb and A. Uhl. A survey on biometric

cryptosys-tems and cancelable biometrics. EURASIP Journal on Infor-mation Security, 2011(1), 2011.

[21] D. Reynolds, T. Quatieri, and R. Dunn. Speaker verifica-tion using adapted gaussian mixture models. Digital Signal Processing, 10(13):19 – 41, 2000.

[22] C. Shannon and W. Weaver. Mathematical theory of commu-nication. University Illinois Press, 1963.

[23] K. Simoens, B. Yang, X. Zhou, F. Beato, C. Busch, E. New-ton, and B. Preneel. Criteria towards metrics for benchmark-ing template protection algorithms. In Biometrics (ICB), 2012 5th IAPR International Conference on, pages 498–505, March 2012.

[24] S. Srihari and H. Srinivasan. Comparison of roc and likeli-hood decision methods in automatic fingerprint verification. International Journal of Pattern Recognition and Artificial Intelligence, 22(03):535–553, 2008.

[25] U. Uludag, S. Pankanti, S. Prabhakar, and A. Jain. Biometric cryptosystems: issues and challenges. Proceedings of the IEEE, 92(6):948–960, June 2004.

[26] M. Upmanyu, A. Namboodiri, K. Srinathan, and C. Jawahar. Efficient biometric verification in encrypted domain. In Ad-vances in Biometrics, Third International Conference, ICB 2009, Alghero, Italy, June 2-5, 2009. Proceedings, volume 5558 of Lecture Notes in Computer Science, pages 899–908. Springer, 2009.

[27] H. van Trees. Detection, Estimation and Modulation Theory, Part I. John Wiley and Sons, New York, 1968.

[28] O. Vasicek. A test for normality based on sample entropy. Journal of the Royal Statistical Society. Series B (Method-ological), 38(1):pp. 54–59, 1976.

[29] Y. Wang, S. Rane, S. Draper, and P. Ishwar. A theoretical analysis of authentication, privacy, and reusability across se-cure biometric systems. Information Forensics and Security, IEEE Transactions on, 7(6):1825–1840, Dec 2012. [30] F. Willems and T. Ignatenko. Quantization effects in

biomet-ric systems. In Information Theory and Applications Work-shop, 2009, pages 372–379, Feb 2009.