Biometric and Physical Identifiers with Correlated Noise for Controllable Private Authentication

The problem of secret-key based authentication under privacy and storage constraints on the source sequence is considered. The identifier measurement channels during authentication are assumed to be controllable via a cost-constrained action sequence. Single-letter inner and outer bounds for the key-leakage-storage-cost regions are derived for a generalization of a classic two-terminal key agreement model with an eavesdropper that observes a sequence that is correlated with the sequences observed by the legitimate terminals. The additions to the model are that the encoder observes a noisy version of a remote source, and the noisy output and the remote source output together with an action sequence are given as inputs to the measurement channel at the decoder. Thus, correlation is introduced between the noise components on the encoder and decoder measurements. The model with a secret key generated by an encoder is extended to the randomized models, where a secret-key is embedded to the encoder. The results are relevant for several user and device authentication scenarios including physical and biometric identifiers with multiple measurements that provide diversity and multiplexing gains. To illustrate the behavior of the rate region, achievable (secret-key rate, storage-rate, cost) tuples are given for binary identifiers and measurement channels that can be represented as a mixture of binary symmetric subchannels. The gains from using an action sequence such as a large secret-key rate at a significantly small hardware cost, are illustrated to motivate the use of low-complexity transform-coding algorithms with cost-constrained actions.

💡 Research Summary

This paper investigates secret‑key based authentication when the underlying identifier (biometric or physical) is noisy, privacy‑constrained, and storage‑constrained, and when the measurement channel during authentication can be actively shaped by a cost‑limited action sequence. The authors extend the classic two‑terminal key‑agreement model in three significant ways. First, the encoder does not observe the remote source X directly; instead it observes a noisy version ẽX generated by a memoryless channel P_{ẽX|X}. Second, the decoder’s measurement channel P_{Y,Z|X,ẽX,A} depends on an action sequence A that the encoder selects based on the public helper data W; the action incurs a cost Γ(A) and the average cost must not exceed a budget C. Third, the noise affecting the encoder’s observation ẽX and the decoder’s observation Y is correlated because both stem from the same physical circuitry (e.g., ring oscillators, SRAM start‑up values). This correlation is modeled as a broadcast channel with two outputs (Y for the legitimate decoder, Z for an eavesdropper) that share the same underlying noise source.

Two authentication scenarios are considered. In the Generated‑Secret (GS) model, the encoder generates a secret key S and public helper data W from ẽX. During authentication the encoder computes an action sequence A = f_a(W); the decoder, given (X,ẽX,A) and the public W, observes Yⁿ and reconstructs the key ˆS. In the Chosen‑Secret (CS) model the secret key S is predetermined (e.g., by a manufacturer) and is embedded into the helper data W; the rest of the protocol mirrors the GS case. Both models require (i) reliability (Pr