Homomorphic Encryption for Speaker Recognition: Protection of Biometric Templates and Vendor Model Parameters

Nautsch, Andreas; Isadskiy, Sergey; Kolberg, Jascha; Gomez‐Barrero, Marta; Busch, Christoph

doi:10.21437/odyssey.2018-3

Cited by 19 publications

(35 citation statements)

References 43 publications

(72 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our architecture is based on the outsourced STPC construction of Kamara & Raykova (2011) and is similar to the one of Blanton & Aliasgari (2012) while making no additional assumptions compared to the previous work of Nautsch et al (2018). We show that it achieves biometric information protection according to the ISO/IEC IS 24745 standard (ISO/IEC JTC1 SC27 Security Techniques, 2011).…”

Section: Irreversibilitymentioning

confidence: 99%

See 1 more Smart Citation

Privacy-preserving PLDA speaker verification using outsourced secure computation

Treiber

Nautsch

Kolberg

et al. 2019

Speech Communication

Self Cite

View full text Add to dashboard Cite

The usage of biometric recognition has become prevalent in various verification processes, ranging from unlocking mobile devices to verifying bank transactions. Automatic speaker verification (ASV) allows an individual to verify its identity towards an online service provider by comparing freshly sampled speech data to reference information stored on the service provider's server. Due to the sensitive nature of biometric data, the storage and usage thereof is subject to recent EU regulations introduced as means to protect the privacy of individuals enrolled in an automatic biometric verification system. Stored biometric data need to be unlinkable, irreversible, and renewable to satisfy international standards. Preserving privacy in ASV is also important because, contrary to other biometric characteristics such as fingerprints, speech data can be used to infer a lot of sensitive information about the data subject. As a result, some architectures have been proposed to enable privacy-preserving ASV in the encrypted domain. Recently, homomorphic encryption (HE) was proposed to protect both subject features and vendor models in an embedding-based ASV. This architecture improves on previous privacy-preserving ASV by using (probabilistic) embeddings (i-vectors) and by additionally protecting the vendor's model. However, the usage of HE comes with a rather heavy overhead and significantly slows down the verification process. In this work, we align the cryptographic notion of outsourced secure two-party computation to embedding-based ASV. Our architecture protects biometric information in ASV and can also be used for any automatic biometric verification task. We show that unlinkability, irreversibility, and renewability are granted. Compared to the HE solution, our architecture results in considerably lower communication and computation overhead. Our architecture has been implemented and is experimentally evaluated on the NIST i-vector challenge 2014 using the cosine distance and log-likelihood ratio (LLR) scores from probabilistic linear discriminant analysis (PLDA) and two-covariance (2Cov) comparators. The results show that verification accuracy is retained while e ciency is improved. For instance, a PLDA verification with an embedding dimension of 200 takes about 77 milliseconds over a LAN. This is an improvement of more than 3000⇥ over the HE-based solution and shows that privacy of subject and vendor data can be preserved in ASV while retaining practical verification times. Moreover, our system is secure against malicious client devices.

show abstract

Section: Irreversibilitymentioning

confidence: 99%

“…An Architecture using HE for privacy-preserving embedding-based ASV with PLDA/2Cov comparisons in the encrypted domain was recently proposed in the speech community by Nautsch et al (2018). This architecture not only protects the speaker's embedding, but also the vendor's model used during verification.…”

Section: Irreversibilitymentioning

confidence: 99%

Privacy-preserving PLDA speaker verification using outsourced secure computation

Treiber

Nautsch

Kolberg

et al. 2019

Speech Communication

Self Cite

View full text Add to dashboard Cite

show abstract

“…Recently, in [4], an HE-based solution to privacy preservation in the form of the Paillier cryptosystem has been applied to state-of-the-art speaker recognition architectures including i-vector systems using PLDA. This work shows that a oneto-one PLDA comparison can be computed in a few hundred milliseconds, depending on whether the speaker model is also protected.…”

Section: Preliminaries and Related Workmentioning

confidence: 99%

“…By using [4], privacy-preserving score normalisation can be performed using reference, probe, and cohort embeddings, all processed in the encrypted domain via HE-based PLDA (HE-PLDA) [4]. The resulting, encrypted scores R, S, and P, none of which reveal any sensitive information, can then be decrypted by an authentication server in order that normalised scores S can be computed in the plaintext domain.…”

Section: Privacy Preservationmentioning

confidence: 99%

See 1 more Smart Citation

Privacy-Preserving Speaker Recognition with Cohort Score Normalisation

Nautsch¹,

Patino²,

Treiber³

et al. 2019

Interspeech 2019

Self Cite

View full text Add to dashboard Cite

In many voice biometrics applications there is a requirement to preserve privacy, not least because of the recently enforced General Data Protection Regulation (GDPR). Though progress in bringing privacy preservation to voice biometrics is lagging behind developments in other biometrics communities, recent years have seen rapid progress, with secure computation mechanisms such as homomorphic encryption being applied successfully to speaker recognition. Even so, the computational overhead incurred by processing speech data in the encrypted domain is substantial. While still tolerable for single biometric comparisons, most state-of-the-art systems perform some form of cohort-based score normalisation, requiring many thousands of biometric comparisons. The computational overhead is then prohibitive, meaning that one must accept either degraded performance (no score normalisation) or potential for privacy violations. This paper proposes the first computationally feasible approach to privacy-preserving cohort score normalisation. Our solution is a cohort pruning scheme based on secure multi-party computation which enables privacy-preserving score normalisation using probabilistic linear discriminant analysis (PLDA) comparisons. The solution operates upon binary voice representations. While the binarisation is lossy in biometric rank-1 performance, it supports computationally-feasible biometric rank-n comparisons in the encrypted domain.

show abstract

Treating Speech as Personally Identifiable Information and Its Impact in Machine Translation

Trancoso

Teixeira

Botelho

et al. 2023

Machine Translation: Technologies and Applications

View full text Add to dashboard Cite

Homomorphic Encryption for Speaker Recognition: Protection of Biometric Templates and Vendor Model Parameters

Cited by 19 publications

References 43 publications

Privacy-preserving PLDA speaker verification using outsourced secure computation

Privacy-preserving PLDA speaker verification using outsourced secure computation

Privacy-Preserving Speaker Recognition with Cohort Score Normalisation

Treating Speech as Personally Identifiable Information and Its Impact in Machine Translation

Contact Info

Product

Resources

About