A secure and private ensemble matcher using multi-vault obfuscated templates

Given the irrevocability of biometric samples and mounting privacy concerns, biometric template security and secure matching are among the essential features of any well-designed modern biometric system. In this paper, we propose an obfuscation method that hides the biometric template information with just enough chaff. The main idea is to reduce the number of chaff points to a practical level by creating n sub-templates from the original template and hiding each sub-template with m chaff points. During verification, s closest vectors to the biometric query are retrieved from each vault and then combined to generate hash values that are compared with the stored hash value. We demonstrate the effectiveness of synthetic facial images, generated by a Generative Adversarial Network (GAN), as ``random chaff points'' within a secure-vault authorization system. This approach safeguards user identities during training and deployment. We tested our protocol using the AT&T, GT, and LFW face datasets, with the ROC areas under the curve being 0.99, 0.99, and 0.90, respectively. These numbers were close to those of the unprotected templates, showing that our method does not adversely affect accuracy.