Abstract
Biometric features provide considerable usability benefits. At the same time, the inability to revoke templates and likelihood of adversaries being able to capture features raise security concerns. Recently, several template protection mechanisms have been proposed, which provide a one-way mapping of templates onto multiple pseudo-identities.
While these proposed schemes make assumptions common for cryptographic algorithms, the entropy of the template data to be protected is considerably lower per bit of key material used than assumed owing to correlations arising from the biometric features.
We review several template protection schemes and existing attacks followed by a correlation analysis for a selected biometric feature set and demonstrate that these correlations leave the stream cipher mechanism employed vulnerable to, among others, known plaintext-type attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Breebaart, J., Busch, C., Grave, J., Kindt, E.: A reference architecture for biometric template protection based on pseudo identities. In: BIOSIG 2008: Biometrics and Electronic Signatures (2008)
Ratha, N.K., Chikkerur, S., Connell, J.H., Bolle, R.M.: Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29 (April 2007)
Roberge, C.S.D., Stoianov, A., Gilroy, R., Kumar, B.V.: Biometric encryption. ICSA Guide to Cryptography, ch. 2 (1999)
Jin, A.T.B., Ling, D.N.C., Goh, A.: Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition Issue 11(37), 2245–2255 (2004)
Monrose, F., Reiter, M.K., Wetze, S.: Password hardening based on keystroke dynamics. International Journal on Information Security 1, 69–83 (2002)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: 6th ACM Conference on Computer and Communications Security, pp. 28–36 (1999)
Verbitskiy, E., Tuyls, P., Denteneer, D., Linnartz, J.P.: Reliable biometric authentication with privacy protection. In: 24th Benelux Symp. on Info. Theory (2003)
Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)
Uludag, U., Jain, A.: Fuzzy fingerprint vault. In: Workshop: Biometrics: Challenges Arising from Theory to Practice (August 2004), citeseer.ist.psu.edu/uludag04fuzzy.html
Carter, F., Stoianov, A.: Implications of biometric encryption on wide spread use of biometrics. In: EBF Biometric Encryption Seminar (June 2008)
Scheirer, W.J., Boult, T.E.: Cracking fuzzy vaults and biometric encryption. In: Proceedings of the Biometrics Symposium, Baltimore, MD, USA (2007)
Adler, A.: Reconstruction of source images from quantized biometric match score data. In: Biometrics Conference, Washington, DC (September 2004)
Adler, A.: Vulnerabilities in biometric encryption systems. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 1100–1109. Springer, Heidelberg (2005)
Johansson, T.: Correlation attacks on stream ciphers and related decoding problems. In: Proceedings of the 1998 Information Theory Workshop, Killarney, Ireland, June 1998, pp. 156–157. IEEE Press, Los Alamitos (1998)
Turan, M.S., Donganaksoy, A., Calic, C.: Detailed statistical analysis of synchronous stream ciphers. Technical Report 2006/043, Institute of Applied Mathematics, Middle East Technical University, Ankara, Turkey (2006)
Biham, E., Dunkelman, O.: Differential cryptanalysis in stream ciphers. Technical Report CS-2007-10, Department of Computer Science, Technion Israel Institute of Technology, Haifa, Israel (2007)
Daugman, J.: The importance of being random: Statistical principles of iris recognition. Pattern Rec. 36, 279–291 (2003)
Hao, F., Anderson, R., Daugman, J.: Combining cryptography with biometrics effectively. Technical Report 640, Univesity of Cambridge, Computer Laboratory (July 2005)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Zhou, X., Seibert, H., Busch, C., Funk, W.: A 3d face recognition algorithm using histogram-based features. In: Eurographics Workshop on 3D Object Retrieval, Crete, Greece, pp. 65–71 (2008)
Zhou, X., Busch, C., Wolthusen, S.: Feature correlation attacks on biometric privacy protection schemes, http://www.igd.fhg.de/~xzhou/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, X., Wolthusen, S.D., Busch, C., Kuijper, A. (2009). A Security Analysis of Biometric Template Protection Schemes. In: Kamel, M., Campilho, A. (eds) Image Analysis and Recognition. ICIAR 2009. Lecture Notes in Computer Science, vol 5627. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02611-9_43
Download citation
DOI: https://doi.org/10.1007/978-3-642-02611-9_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02610-2
Online ISBN: 978-3-642-02611-9
eBook Packages: Computer ScienceComputer Science (R0)