Entropy Measurement of Multiple-Acceptable-Input-based Biometric Systems

Biometric security has been a serious concern ever since biometrics began to be widely used as a means of identity verification. Ranging from computer networks to a single datum, access is granted to a biometric user only after the user is authenticated by a biometric recognition system. High biometric system security is desirable to prevent illegitimate access by imposters. Otherwise, a security compromise could be devastating to the users, causing financial loss, identity abuse or even worse consequences. Biometric systems are designed to accept multiple similar biometric measurements per user due to inherent intra-class variations in the biometric data. This is important to preserve the acceptance rate of genuine queries and the overall feasibility of the recognition system. Compared to systems that only accept the same representation as the enrolled representation, maintaining equivalent genuine acceptance rate for systems accepting multiple measurements increases the chance for an imposter to obtain a system-acceptable measurement. Such deteriorated security of the system has to be measurable to provide truthful assurance of security to the users. Reliable security measures for biometric systems are essential to ensure the robustness of a system to adversarial attack. Entropy is a standard measure of security. However, the entropy formula is only applicable when the system accepts exactly the enrolled measurement. Applying this formula to the case of multiple system-acceptable biometrics would lead to an over-estimation of system entropy. To date, there is no appropriate measurement technique to evaluate system entropy. Although a few approaches estimate biometric security based on the hardness of adversarial guessing, none are directed at solving the problem of system entropy measurement. In this project, we work towards developing the first entropy-measuring model for a biometric system when multiple similar measurements are acceptable. We develop an entropy-measuring approach based on the notion of guessing entropy to quantify biometric system security in terms of adversarial guessing effort. We analyse and differentiate between two different attack scenarios where the adversarial guessing strategy may vary. For each scenario, we aim to seek an optimal guessing strategy such that the reflected entropy measure corresponds to the actual hardness (actual number of required attempts) of adversarial guessing in the real world.