This document describes the security properties, threat model, and limitations of BioProt.
- Biometric Templates: Protected representations of face embeddings
- User Seeds: Cryptographic seeds used for transform generation
- KMS Storage: Encrypted file containing all user keys
We assume an adversary who may:
- Obtain template database: Access to stored protected templates
- Know the algorithm: Full knowledge of Ortho+Sign and Perm+LUT transforms
- Have computing resources: Can perform brute-force and ML-based attacks
- NOT have KMS access: Cannot decrypt the key management storage
| Attack | Description | Mitigation |
|---|---|---|
| Template inversion | Reconstruct embedding from template | Irreversible transforms (sign binarization, quantization) |
| Cross-matching | Link templates across databases | User-specific random seeds |
| Replay attack | Reuse stolen template | Key rotation revokes old templates |
| Brute-force seeds | Guess user seeds | 256-bit random seeds (2²⁵⁶ space) |
| Side-channel | Timing attacks on matching | Constant-time Hamming distance |
Definition: Given a protected template T = f(x, s), it should be computationally infeasible to recover the original embedding x.
Implementation:
- Ortho+Sign: Sign binarization destroys magnitude information
- Perm+LUT: Quantization loses precision, LUT is one-way
Verification: See evaluate.py::naive_inversion_test() and regressor_inversion_test()
Definition: If a template is compromised, the system can issue a new template that:
- Does not match the old template
- Works correctly for legitimate authentication
Implementation:
- Key rotation generates new random seed
- New seed produces uncorrelated template
- Old template becomes invalid (random similarity ~0.5)
Verification: See evaluate.py::test_revocation()
Definition: Templates generated with different seeds should be statistically independent, preventing cross-database linking.
Implementation:
- Each user has unique seed
- Same embedding + different seeds → uncorrelated templates
- No pattern leakage between templates
Analysis:
For seeds s₁ ≠ s₂ and embedding x:
- T₁ = f(x, s₁)
- T₂ = f(x, s₂)
- E[similarity(T₁, T₂)] ≈ 0.5 (random chance)
- Var[similarity(T₁, T₂)] → 0 as dim → ∞
Definition: Protected templates should maintain recognition accuracy comparable to raw embeddings.
Implementation:
- Ortho+Sign: Orthonormal projection approximately preserves distances
- Both methods: Proper threshold calibration
Metrics:
- AUC should be > 0.99 for good systems
- TAR @ FAR=0.1% should be > 95%
master_key = PBKDF2(
password=user_passphrase,
salt=random_16_bytes,
iterations=100000,
hash=SHA256
)
- Algorithm: Fernet (AES-128-CBC + HMAC-SHA256)
- Each user's seed encrypted separately
- Integrity protected (HMAC)
{
"user_id": {
"encrypted_seed": "base64...",
"version": 1,
"created_at": "2024-01-01T00:00:00Z",
"rotated_at": null
}
}This is a research prototype demonstrating concepts. For production:
- Use Hardware Security Module (HSM) for key storage
- Implement proper access control
- Add audit logging
- Use secure enclaves for matching
- Local KMS: File-based storage is not as secure as HSM
- Single passphrase: All users share KMS encryption key
- No liveness detection: Assumes genuine face presentation
- Fixed embedding model: Tied to 512-dimensional FaceNet
- HSM/TPM integration
- Per-user encryption keys
- Distributed key management
- Template update without re-enrollment
- Secure multi-party matching
- Biometric data is "special category" under GDPR
- Templates may still be considered biometric data
- Key rotation supports right to erasure
- Irreversibility supports data minimization
This implementation aligns with ISO/IEC 24745 principles:
- Irreversibility (Section 5.2)
- Renewability/Cancelability (Section 5.3)
- Unlinkability (Section 5.4)
- ISO/IEC 24745:2011 "Biometric template protection"
- NIST SP 800-76-2 "Biometric Specifications for PIV"
- Article 9 GDPR "Processing of special categories of data"