Security Analysis of Key Binding Biometric Cryptosystems

  • Maryam Lafkih
  • Mounia Mikram
  • Sanaa Ghouzali
  • Mohamed El Haziti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7340)


The use of biometric systems is becoming an important solution to replace traditional authentication. However, biometric systems are vulnerable to attacks. When biometric data is compromised, unlike a password, it can’t be changed. Therefore, the security of biometrics models is essential in designing an authentication system. To achieve this protection of biometric models, two categories of approaches are proposed in the literature, namely, methods based on transformation of characteristics and biometric cryptosystems. For the first type of approaches, a study is made to assess the security of biometric systems. In biometric cryptosystems the realized works are hampered by the lack of formal security analysis. Hence the purpose of this paper is to propose standard criteria for a formal security analysis of biometric cryptosystems. The proposed measures take into account the specific effect of key binding cryptosystems. The security analysis is illustrated by experiments on the techniques of Fuzzy Commitment and Fuzzy Vault which we use in this work for the protection of biometric face recognition system. Our analysis indicates that both techniques are vulnerable to intrusion and binding attacks because of the ease of obtaining the user’s model using the elements known to the attacker.


Security analysis Biometric cryptosystems Performance evaluation Models transformation 


  1. 1.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: An Analysis of Minutiae Matching Strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Nagar, A.: Secure Biometric Recognition. In: PRIP Seminar (2008)Google Scholar
  3. 3.
    Nagar, A., Nandakumar, K., Jain, A.K.: A hybrid biometric cryptosystem for securing fingerprint minutiae models. Elsevier Pattern Recognition Letters (2010)Google Scholar
  4. 4.
    Nagar, A., Nandakumar, K., Jain, A.K.: Biometric Model Transformation: A Security analysis. SPIE (2010)Google Scholar
  5. 5.
    Jain, A.K., Nandakumar, K., Nagar, A.: Biometric Model Security. Eurasip Journal (2008) Google Scholar
  6. 6.
    Uludag, U., Pankanti, S., Prabhakar, S., Jain A.: Biometric cryptosystems: Issues and challenges, pp. 948–960. IEEE (2004)Google Scholar
  7. 7.
    Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput., 1081–1088 (2006)Google Scholar
  8. 8.
    Li, Q., Sutcu, Y., Memon, N.: Secure Sketch for Biometric Templates. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 99–113. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, pp. 523–540. Springer (2004)Google Scholar
  10. 10.
    Juels, A., Wattenberg, M.: A Fuzzy Commitment Scheme. In: Sixth ACM Conference on Computer and Communications Security, Singapore, pp. 28–36 (1999)Google Scholar
  11. 11.
    Juels, A., Sudan, M.: A Fuzzy Vault Scheme. In: IEEE International Symposium on Information Theory, Lausanne, Switzerland (2002)Google Scholar
  12. 12.
    Adair, K.L., Parthasaradhi, S.T.V., Kennedy., J.: Real World Evaluation: Avoiding Pitfalls of Fingerprint System Deployments. BiometricsIndia Expo. (2008)Google Scholar
  13. 13.
    Gu, S., Tan, Y., He, X.: Laplacian Smoothing Transform for Face Recognition, pp. 2415–2428. Springer (2010)Google Scholar
  14. 14.
    Khan, A., Farooq, H.: Principal Component Analysis-Linear Discriminant Analysis Feature Extractor for Pattern Recognition. International Journal of Computer Science Issues (IJCSI) 8(6) (2011)Google Scholar
  15. 15.
    Moujahdi, C., Ghouzali, S., Mikram, M., Abdul, W., Rziza, M.: Inter-communication classification for Multi-view Face Recognition. In: The 4th International Conference on Multimedia Computing and Systems (ICMCS), Tangier, Morocco (2012)Google Scholar
  16. 16.
    Gu, S., Tan, Y., He, X.: Discriminant Analysis via Support Vectors. Neurocomputing (2010)Google Scholar
  17. 17.
    Bellhumer, P.N., Hespanha, J., Kriegman, D.: Eigenfaces vs. fisherfaces: Recognition using class specific linear projection. IEEE Trans. Patt. Anal. and Mach. Intel. Special Issue on Face Recognition, 711–720 (1997)Google Scholar
  18. 18.
    MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes. North Holland (1977) Google Scholar
  19. 19.
    Schneider, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. Wiley, New York (1996)Google Scholar
  20. 20.
    Fawcet, T.: ROC Graphs: Notes and Practical Considerations for Researchers. HP Laboratories, 1143–1501 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Maryam Lafkih
    • 1
  • Mounia Mikram
    • 1
    • 2
  • Sanaa Ghouzali
    • 1
    • 3
  • Mohamed El Haziti
    • 4
  1. 1.LRIT, Faculty of SciencesMohammed V UniversityRabatMorocco
  2. 2.The School of Information SciencesRabatMorocco
  3. 3.College of Computer and Information SciencesKing Saud UniversityRiyadhSaudi Arabia
  4. 4.Higher School of TechnologySaleMorocco

Personalised recommendations