A Quantitative Analysis of Indistinguishability for a Continuous Domain Biometric Cryptosystem

Biometric information is regarded as highly sensitive information and therefore encryption techniques for biometric information are needed to address security and privacy requirements of biometric information. Most security analyses for these encryption techniques focus on the scenario of one user enrolled in a single biometric system. In practice, biometric systems are deployed at different places and the scenario of one user enrolled in many biometric systems is closer to reality. In this paper, cross-matching (tracking users enrolled in multiple databases) becomes an important privacy threat. To prevent such cross-matching, various methods to create renewable and indistinguishable biometric references have been published. In this paper, the authors investigate the indistinguishability or the protection against cross-matching of a continuous-domain biometric cryptosystem, the QIM.