Keynote Paper: Biometric Encryption: Technology for Strong Authentication, Security and Privacy

  • Ann Cavoukian
  • Alex Stoianov
  • Fred Carter
Part of the The International Federation for Information Processing book series (IFIPAICT, volume 261)

This paper looks at privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of Biometric Encryption (BE). It considers the merits of Biometric Encryption for verifying identity, protecting privacy, and ensuring security. In doing so, it argues that BE technologies can help to overcome the prevailing “zero-sum” mentality, which posits that adding privacy to identification and information systems will necessarily weaken security and functionality. It explains how and why BE technology promises a “win-win” scenario for all stakeholders.


Smart Card Biometric System Fuzzy Identity False Acceptance Rate False Rejection Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. i.
    See list of resources in appendices of: Ann Cavoukian and Alex Stoianov, Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy(March2007) at, and: Organization for Economic Co-operation and Development(OECD), Directorate for Science, Technology and Industry(DSTI), Committee for Information, Computer and CommunicationsPolicy(ICCP):Biometric-BasedTechnologies DSTI/ICCP/REG(2003)2/FINAL (June 2004); and International Biometric Group BioPrivacy Initiative at
  2. ii.
    See the 27th International Conference of Data Protection and Privacy Commissioners, Montreux, Switzerland, Resolution on the use of biometrics in passports, identity cards and travel documents (16 Sept 2005).Google Scholar
  3. iii.
    See European Union Article 29 Working Party, Working document on biometrics (Aug 2003)Google Scholar
  4. iv.
    See: UK Information Commissioner, Data Protection Technical Guidance Note: Privacy enhancing technologies (Nov 2006); European Commission, Communication: Promoting Data Protection by Privacy Enhancing Technologies (PETs) (COM(2007) 228 final) (May 02, 2007); and Information and Privacy Commissioner of Ontario & Dutch Registratierkamer, Privacy-Enhancing Technologies: The Path to Anonymity (Vols I & II - August 1995)Google Scholar
  5. v.
    For excellent overviews and discussions of PETs, see: OECD DSTI/ICCP, Inventory of Privacy-Enhancing Technologies (PETs) (Jan 2003) Dutch Interior Ministry, Privacy-Enhancing Technologies. White paper for decision-makers (2004) R. Leenes, J. Schallaböck and M. Hansen, Privacy and Identity Management for Europe (PRIME) Project, PRIME White paper v2 (June 2007) Future of Identity in the Information Society (FIDIS) Project, D13.1: Identity and impact of privacy enhancing technologies (2007)Google Scholar
  6. vi.
    N. K. Ratha, J. H. Connell, R. M. Bolle. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, vol. 40, NO 3, p.p. 614 - 634, 2001CrossRefGoogle Scholar
  7. vii.
    C.J. Hill, “Risk of masquerade arising from the storage of biometrics,” B.S. Thesis, Australian National University, 2001 (supervisor Dr. Roger Clarke).Google Scholar
  8. viii.
    Cappelli, A. Lumini, D. Maio, and D. Maltoni, “Fingerprint Image Reconstruction from Standard Templates”. IEEE Transactions On Pattern Analysis And Machine Intelligence, v. 29, No. 9, pp. 1489 - 1503, 2007CrossRefGoogle Scholar
  9. ix.
    B. Schneier, “The Uses and Abuses of Biometrics,” Comm. ACM, vol. 42, no. 8, p. 136, Aug. 1999CrossRefGoogle Scholar
  10. x.
    There has been recent activity of International Organization for Standardization in order to support the confidentiality and integrity of the biometric template by using cryptographic means (ISO/IEC WD 24745, “Biometric Template Protection”).Google Scholar
  11. xi.
    FIDIS report, “D3.2: A study on PKI and biometrics,” 2005Google Scholar
  12. xii.
    K. Nandakumar, A. Nagar, and A. K. Jain, “Hardening Fingerprint Fuzzy Vault Using Password”, Proceedings of ICB 2007, Seoul, Korea, August 27-29, 2007. Lecture Notes in Computer Science, Springer, v. 4642, pp. 927-937, 2007Google Scholar
  13. xiii.
     See EDPS, Comments on the Communication of the Commission on interoperability of European Databases (10 March 2006)Google Scholar
  14. xiv.
    F. Hao, R. Anderson, and J. Daugman. “Combining Crypto with Biometrics Effectively”. IEEE Transactions on Computers, v. 55, No.9, pp. 1081-1088, 2006CrossRefGoogle Scholar
  15. xv.
  16. xvi.
    N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, “Generating Cancelable Fingerprint Templates”. IEEE Transactions On Pattern Analysis And Machine Intelligence, v. 29, No. 4, pp. 561-572, 2007; and the references cited there.Google Scholar
  17. xvii.
    A. Sahai and B. Waters,“Fuzzy identity based encryption,” in Proceedings of EUROCRYPT’05 on Advances in Cryptology, LNCS 3494, pp. 457-473, Springer-Verlag, 2005Google Scholar
  18. xviii.
    D. Nali, C. Adams, andA. Miri. Using Threshold Attribute-Based Encryption for Practical Biometric-Based Access Control. International Journal of Network Security, Vol.1, No.3, pp.173-182, Nov. 2005Google Scholar
  19. xix.
    X. Boyen, “Reusable cryptographic fuzzy extractors,” CCS 2004, pp. 82-91, ACM Press.Google Scholar
  20. xx.
    M. van der Veen, T. Kevenaar, G.-J. Schrijen, T. H. Akkermans, and Fei Zuo, “Face Biometrics with Renewable Templates”. Proceedings of SPIE, Volume 6072: Security, Steganography, and Watermarking of Multimedia Contents VIII, 2006.Google Scholar
  21. xxi.
    A. Adler, “Vulnerabilities in biometric encryption systems”. NATO RTA Workshop: Enhancing Information Systems Security - Biometrics (IST-044-RWS-007), 2004Google Scholar
  22. xxii.
    S. C. Draper, A. Khisti, E. Martinian, A. Vetro and J. S. Yedidia, “Using Distributed Source Coding to Secure Fingerprint Biometrics”. Proc. of IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), v. 2, pp. 129-132, April 2007Google Scholar

Copyright information

© International Federation for Information Processing 2008

Authors and Affiliations

  • Ann Cavoukian
    • 1
  • Alex Stoianov
    • 1
  • Fred Carter
    • 1
  1. 1.Office of the Information and Privacy CommissionerTorontoCanada

Personalised recommendations