Securing Face and Fingerprint Templates in Humanitarian Biometric Systems

Functional:

1. Recognition Accuracy: Does not degrade recognition accuracy of biometric system.
2. Modality-Independence: Applicable to all biometric modalities.
3. Feature Extractor-Independence: Can be combined with different biometric feature extractors.
4. On-device Recognition: Allows for enrolment, verification and identification of subjects on offline devices.
5. Easy New Enrolment: Easy to enrol new subjects.
6. Template Revocability and Renewability: Can revoke and renew compromised protected templates.
7. Open-Source: Relies on open-source solutions.

Operational:

1. Computational Efficiency: Lightweight, due to mobile environment resource constraints (e.g., low-cost smartphones).
2. Time Efficiency: Fast (e.g., can perform identification against a large enrolment database stored locally).
3. Offline Processing: Does not rely on any remote resources.

Security and Privacy:

1. Irreversibility: Satisfies the irreversibility criterion.
2. Unlinkability: Satisfies the unlinkability criterion.

PolyProtect was selected due to its ability to satisfy the desired functional, operational, and security and privacy requirements.

It works as follows.

Let V = [v₁, v₂, ..., v_n] be an n-dimensional embedding extracted by a neural network.

Map V → P = [p₁, p₂, ..., p_k] (where k < n), which is the protected version of V.

V → P maps sets of m (where m << n) consecutive elements from V to single elements in P via multivariate polynomials.

Each polynomial is defined by a set of m subject-specific coefficients, C = [c₁, c₂, ..., c_m], and exponents, E = [e₁, e₂, ..., e_m].

The first m consecutive elements of V (i.e., v₁, v₂, ..., v_m) are mapped to the first element in P (i.e., p₁) as follows:

The elements of V used to generate p₂ depend on the value of overlap o between successive sets of elements. The minimum o is 0, in which case the elements of V in each set would be unique. The maximum o is m − 1, in which case successive element sets would share m − 1 elements. For overlap o the mapping from V to p₂ would be achieved as follows:

The remaining elements in P (i.e., p₃, ..., p_k) are generated in a similar way, until all the elements in V have been used up. If the last set in V is incomplete because the dimensionality of V is not divisible by the required number of element sets (defined by m and o), V is padded by a sufficient number of zeros to complete the last set.

The figure below shows PolyProtect applied to a 512-dimensional embedding (V), when m = 7 and o = {0, 2}. The larger the overlap, the greater the dimensionality of the PolyProtected template (P).

Step 1: Data acquisition

Face and fingerprint images were acquired from two real-world datasets:

• Face dataset: Face images obtained within the framework of a project currently being carried out in Ethiopia. It consists of 942 subjects (57% females, 43% males) with 2 captures per subject. All subjects have East African origins. Low-end smartphones, with 8-12MP resolution, were used for the data collection.
• Fingerprint dataset: Fingerprint images collected in a field project in Ghana, consisting of 119 subjects with 2 samples each. Images were mostly acquired outdoors, using dedicated scanners with a resolution of 500DPI. Dirt and dust often accumulated on the scanner surface, making the capture challenging.

The datasets cannot be made public due to participant privacy agreements. Interested researchers can perform evaluations on their own datasets of interest, using our open-source code.

Step 2: Embedding extraction

512-dimensional face and fingerprint embeddings were extracted from the dataset images, using neural-network-based feature extractors: EdgeFace-XS for face, and DeepPrint for fingerprints.

Step 3: Template protection via PolyProtect

PolyProtect was applied to the extracted face and fingerprint embeddings, to create the corresponding protected templates. PolyProtect's parameters were set as follows:

• m = 7
• o = {0, 1, 2, 3, 4, 5, 6}
• C range = [-100, 100].

Step 4: Evaluation of PolyProtect

The PolyProtected face and fingerprint biometric systems were evaluated in terms of 3 criteria:

1. Recognition accuracy: Does PolyProtect affect the biometric system's recognition accuracy?
2. Irreversibility: Is it possible to invert the PolyProtected templates to recover the original biometric templates?
3. Unlinkability: Can we link two different PolyProtected templates generated from the same biometric template?

Verification: In the Normal (N) scenario, where the C and E parameters are subject-specific, PolyProtect generally improves the verification accuracy w.r.t. the baseline (unprotected system) performance. In the Stolen Coefficients and Exponents (SCE) scenario, where an impostor uses a genuine subject's Cs and Es, the accuracy is usually worse. For the face system, PolyProtect's accuracy improves with a larger o, while this trend is not as evident for the fingerprint system. However, the impact of PolyProtect on the fingerprint system (N scenario) is much greater, reducing the EER from the baseline accuracy of 40.21% to 7.13% or less when PolyProtect is integrated. This accuracy boost would be hugely beneficial in humanitarian field operations with harsh conditions, where baseline performance tends to be lower than in laboratory evaluations.

Identification: In the absence of an identity claim, the probe embedding must be transformed by PolyProtect using all sets of C and E parameters registered in the database. All the protected probe templates are then compared to the corresponding protected reference template, i.e., the one transformed with the same Cs and Es during enrolment. So, only pairs of templates transformed in exactly the same way are compared (i.e., we do not exploit the additional discriminative power of subject-specific information), which is comparable to the SCE verification scenario. The table below shows our identification accuracy results in terms of TPIR-n, which is the percentage of identification attempts for which the probe subject appears in the ranked list of the n most similar candidates after searching a reference database. For TPIR-3 and TPIR-10 at intermediate overlap values (e.g., 2 or 3), the decrease in identification accuracy for the face system when PolyProtect is employed is ≈ 1%, which would be considered acceptable. For the stricter TPIR-1, the decrease is greater (≈ 2.5%). For fingerprints, the adopted dataset proves very challenging in the identification task as well, but the negative impact of PolyProtect is limited.

Inverting a single template: Inversion Success Rate (ISR) is the proportion of successful attempts to reconstruct an unprotected template (embedding) from a protected template. A successful inversion is when the inverted template matches the original template, which is enrolled in the biometric system's database. The ISR is, in general, lower when the systems operate at a stricter match threshold (lower FMR), since a stricter threshold would require a better approximation of the template. The ISR is also lower for smaller overlaps, since they generate smaller protected templates that are harder to invert.

Attack via Record Multiplicity (ARM): Occurs when an attacker combines the information from multiple protected templates originating from the same unprotected template, to try to recover the unprotected template. The plot below shows the results of an ARM experiment on our face dataset. We see that the chances of a successful template inversion improve as the number of protected templates increases. Also, the smaller the overlap, the more templates are needed for a successful attack.

The adopted metric lies in the range [0, 1], where 0 represents full unlinkability and 1 full linkability. So, 0 would indicate that two protected templates, generated from the same embedding but using different C and E parameters, are different enough that they cannot be linked to the same identity. The table below shows that PolyProtected templates are significantly less linkable (i.e., their linkability is closer to 0) than the unprotected templates (e.g., two embedding instances from the same subject) in our baseline biometric systems, particularly for the face system. The unlinkability further improves if we use Strict (S) rather than Naive (N) parameter selection, which involves an additional check to ensure that the selected C and E parameters produce sufficiently different protected templates.