Biometric templates: Saving your privacy one fingerprint at a time
There are some really inspiring and really cool (with or without liquid nitrogen) lectures at a Heidelberg Laureate Forum, and this year is no exception. That is not all, of course. During the coffee breaks, you can see groups of young researchers in animated conversation with each other. But in addition, there are brief chance encounters, sometimes transmitting not much more than one idea that you’ve never thought about before.
Such as why modern technology should not require you having to cut off your own ear, and how computer science can help. I at least had never thought before this before a chance coffee break encounter with Olanike Akinduyite, a PhD student at Nigeria’s Federal University of Technology.
Chances are, neither have you. But may be you should. After all, what do you do if some online company has managed to accidentally leak your password data, or if you have other reasons to suspect your password may not be secure? Ideally (that is, neglecting the prevalent human inertia in such cases), you change your password.
But what when access control is via biometrics – using your fingerprint or, like a recent iPhone one could name, your face to determine whether or not to give you access? To be sure, duping a biometric system is much harder than just keying in a stolen password. But if you think your biometric data might have been compromised, you probably won’t want to take the chance of what kind of impersonation method those who have illicitly acquired your information might come up with. You certainly wouldn’t want to change your “biometric password” directly – enlarge one ear, say, or get a new fingerprint engraving.
This is where ideas like those Olanike is developing for her PhD research come into play. Ideas that apply cryptology to biometric template techniques. If the template itself is encrypted, and what is stored of your biometric information is comprised, all you need to change is the encryption (say, the key used for the encryption). A fundamental problem, of course, is that the biometric information you supply when putting your finger on a scanner, or your face in front of your iPhone, is not always exactly the same. The encryption scheme will need to reflect that – even with everything safely encrypted, it should allow access whenever your face, or fingerprint, is sufficiently similar to the stored template, even though it is not exactly the same. That is what Olanike and, with other specific projects, other researchers in other groups, are working on. In the process, if not saving us from plastic surgery, certainly helping to protect our privacy.