Biometric authentication is more secure than using regular passwords, as
biometrics cannot be "forgotten" and allegedly contain high entropy. Thus,
many constructions rely on biometric features for authentication, and use
them as a source for "good" cryptographic keys. At the same time,
biometric systems carry with them many privacy concerns. Unlike regular
passwords, which can be easily changed if compromised, changing biometric
traits is far from being easy. Hence, we need to protect the privacy of
the system's users in case of a leakage of the systems internal "password
file".

In this talk we describe a proof-of-concept (PoC) system which transforms
facial attributes from a single image into keys in a consistent,
discriminative, and privacy-aware manner. The outcome is a user-specific
string that cannot be guessed, and it reveals no information concerning
the users of the system, even when the system's secrets are revealed.

This is a joint work with Orr Dunkelman and Mahmood Sharif.