Secret key-based Identification and Authentication with a Privacy Constraint
This work addresses secure and private user authentication for systems like biometric databases, but it is incremental as it builds on existing information-theoretic frameworks.
The paper tackles the problem of identifying and authenticating users using secret keys derived from user-generated data, such as biometrics, while ensuring privacy of enrolled data and keys. It characterizes the optimal tradeoff between identification rate, compression rate, leakage rate, and secret key rate, and provides a coding strategy based on layered random binning that is shown to be optimal.
We consider the problem of identification and authentication based on secret key generation from some user-generated source data (e.g., a biometric source). The goal is to reliably identify users pre-enrolled in a database as well as authenticate them based on the estimated secret key while preserving the privacy of the enrolled data and of the generated keys. We characterize the optimal tradeoff between the identification rate, the compression rate of the users' source data, information leakage rate, and secret key rate. In particular, we provide a coding strategy based on layered random binning which is shown to be optimal. In addition, we study a related secure identification/authentication problem where an adversary tries to deceive the system using its own data. Here the optimal tradeoff between the identification rate, compression rate, leakage rate, and exponent of the maximum false acceptance probability is provided. The results reveal a close connection between the optimal secret key rate and the false acceptance exponent of the identification/authentication system.