As biometric templates consist of highly correlated features, the real security level offered by biometric authentication systems remains an open research question. In this work we provide new approximations and a lower bound of the security offered by fuzzy commitment schemes. Fuzzy commitment cryptosystems and in general biometric template protection schemes play an important role in allowing for remote storage and processing of biometric data, as they mitigate the threat of biometric template leakage. The use of such schemes would alleviate some of the usability constraints imposed by the state-of-practice local use of biometrics. As such we conduct an in-depth security analysis for IMU based gait authentication systems, where we evaluate the effectiveness of attacks within the scope of two well-defined threat models that target both unprotected and protected systems. A pivotal enabler of our analysis is the development of nine different approaches to gait authentication, which allows us to perform intramodal fusion on these distinct, yet highly correlated biometric templates, and to protect them with a strengthened fuzzy commitment scheme. Our analysis clearly demonstrates the high correlation between the different biometric templates, which, among others, further showcases the threat of biometric template leakage. Furthermore, as our analysis incorporates a threat model that assumes biometric template leakage, it provides metrics for the security provided by the biometric modality itself.

中文翻译：

---

生物识别和模糊承诺密码系统的安全性：步态认证研究


由于生物识别模板由高度相关的特征组成，生物识别认证系统提供的真正安全级别仍然是一个开放的研究问题。在这项工作中，我们提供了新的近似值和模糊承诺方案提供的安全性下限。模糊承诺密码系统和一般生物识别模板保护方案在允许远程存储和处理生物识别数据方面发挥着重要作用，因为它们减轻了生物识别模板泄漏的威胁。此类方案的使用将减轻生物识别技术的本地实际使用所带来的一些可用性限制。因此，我们对基于 IMU 的步态身份验证系统进行了深入的安全分析，在两个明确定义的威胁模型范围内评估攻击的有效性，这两个模型分别针对未受保护和受保护的系统。我们分析的关键推动因素是九种不同步态认证方法的开发，这使我们能够对这些不同但高度相关的生物识别模板进行模式内融合，并通过强化的模糊承诺方案来保护它们。我们的分析清楚地表明了不同生物识别模板之间的高度相关性，其中进一步展示了生物识别模板泄漏的威胁。此外，由于我们的分析采用了假设生物识别模板泄漏的威胁模型，因此它提供了生物识别模态本身提供的安全性指标。