Studying Leakages on an Embedded Biometric System Using Side Channel Analysis

  • Maël Berthier
  • Yves Bocktaels
  • Julien BringerEmail author
  • Hervé Chabanne
  • Taoufik Chouta
  • Jean-Luc Danger
  • Mélanie Favre
  • Tarik Graba
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8622)


This paper addresses the potential information leakages of a fingerprint comparison algorithm embedded as a hardware implementation. Such solution aims at comparing a reference fingerprint with a freshly acquired one completely inside an embedded system (e.g. ASIC, smart card, FPGA). The same way as for cryptographic operations within a cryptoprocessor, we consider the reference fingerprint template as a sensitive data that one may try to retrieve by attacking the chip. On one hand, we show that we can find relevant information by the means of Side Channel Analysis (SCA) that may help to retrieve the reference fingerprint. On the other hand, we illustrate that reconstructing the fingerprint remains not trivial and we give some simple countermeasures to protect further the comparison algorithm.


Side channel analysis Fingerprint Hardware biometric coprocessor Biometric comparison Hill climbing 



This work has been partially funded by the French ANR project BMOS and by the European FP7 BEAT project (SEC-2011-284989). The authors would like to thank the other BMOS partners, especially Thibault Porteboeuf from Secure-IC, for their help on the FPGA prototype.


  1. 1.
  2. 2.
    Fingerprint Verification Competition.
  3. 3.
    Fingerprint Verification Competition (2004).
  4. 4.
    Iso/iec 19794-2 information technology - biometric data interchange formats - part 2: Finger minutiae dataGoogle Scholar
  5. 5.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  6. 6.
    Barral, C., Vaudenay, S.: A protection scheme for moc-enabled smart cards. In: 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference, pp. 1–6. IEEE (2006)Google Scholar
  7. 7.
    Bistarelli, S., Santini, F., Vaccarelli, A.: An asymmetric fingerprint matching algorithm for java card \(^{\text{ TM }}\). Pattern Anal. Appl. 9(4), 359–376 (2006)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  9. 9.
    Chouta, T., Danger, J.-L., Sauvage, L., Graba, T.: A small and high-performance coprocessor for fingerprint match-on-card. In: DSD, pp. 915–922. IEEE (2012)Google Scholar
  10. 10.
    Cucinotta, T., Brigo, R., Di Natale, M.: Hybrid fingerprint matching on programmable smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 232–241. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  11. 11.
    Galbally, J., Carballo, S., Fierrez, J., Ortega-Garcia, J.: Vulnerability assessment of fingerprint matching based on time analysis. In: Fierrez, J., Ortega-Garcia, J., Esposito, A., Drygajlo, A., Faundez-Zanuy, M. (eds.) BioID MultiComm2009. LNCS, vol. 5707, pp. 285–292. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  12. 12.
    Govan, M., Buggy, T.: A computationally efficient fingerprint matching algorithm for implementation on smartcards. In: First IEEE International Conference on Biometrics: Theory, Applications, and Systems, 2007, BTAS 2007, pp. 1–6. IEEE (2007)Google Scholar
  13. 13.
    Jolliffe, I.: Principal Component Analysis. Wiley Online Library, New York (2005)Google Scholar
  14. 14.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  16. 16.
    Martinez-Diaz, M., Fierrez-Aguilar, J., Alonso-Fernandez, F., Ortega-Garcia, V., Siguenza, J.: Hill-climbing and brute-force attacks on biometric systems: a case study in match-on-card fingerprint verification. In: Proceedings 2006 40th Annual IEEE International Carnahan Conferences Security Technology, pp. 151–159. IEEE (2006)Google Scholar
  17. 17.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  18. 18.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: An analysis of minutiae matching strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  19. 19.
    Reisman, J., Uludag, U., Ross, A.: Secure fingerprint matching with external registration. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 720–729. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  20. 20.
    Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: AES-based cryptographic and biometric security coprocessor IC in 0.18- \(\upmu \)m CMOS resistant to side-channel power analysis attacks. In: 2005 Symposium on VLSI Circuits 2005. Digest of Technical Papers, pp. 216–219 (2005)Google Scholar
  21. 21.
    UCLA. Thumbpod: a next generation biometrically secure wireless embedded system.
  22. 22.
    Uludag, U., Jain, A.K.: Attacks on biometric systems: a case study in fingerprints. In: Delp, E.J., Wong, P.W. (eds.) Security, Steganography, and Watermarking of Multimedia Contents. Proceedings of SPIE, vol. 5306, pp. 622–633. SPIE (2004)Google Scholar
  23. 23.
    Yang, S., Sakiyama, K., Verbauwhede, I.: Efficient and secure fingerprint verification for embedded devices. EURASIP J. Adv. Signal Process. 2006(1), 058263 (2006)Google Scholar
  24. 24.
    Yang, S., Verbauwhede, I.: Automatic secure fingerprint verification system based on fuzzy vault scheme. In: IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP 2005), pp. 609–612 (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Maël Berthier
    • 1
  • Yves Bocktaels
    • 1
  • Julien Bringer
    • 1
    Email author
  • Hervé Chabanne
    • 1
    • 2
  • Taoufik Chouta
    • 2
  • Jean-Luc Danger
    • 2
  • Mélanie Favre
    • 1
  • Tarik Graba
    • 2
  1. 1.MorphoIssy-les-MoulineauxFrance
  2. 2.Télécom ParisTech Identity and Security Alliance (The Morpho and Télécom ParisTech Research Center)ParisFrance

Personalised recommendations