The goal of a biometric encryption system is to embed a secret into a biometric template in a way that can only be decrypted with a biometric image from the enroled person. This paper describes a potential vulnerability in such systems that allows a less-than-brute force regeneration of the secret and an estimate of the enrolled image. This vulnerability requires the biometric comparison to “leak” some information from which an analogue for a match score may be calculated. Using this match score value, a “hill-climbing” attack is performed against the algorithm to calculate an estimate of the enrolled image, which is then used to decrypt the code. Results are shown against a simplified implementation of the algorithm of Soutar et al. (1998).


Face Recognition Face Image Equal Error Rate Biometric System Biometric Template 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adler, A.: Images can be regenerated from quantized biometric match score data. In: Proc. Can. Conf. Elec. Comp. Eng., pp. 469–472 (2004)Google Scholar
  2. 2.
    Adler, A.: Sample images can be independently restored from face recognition templates. In: Proc. Can. Conf. Elec. Comp. Eng., pp. 1163–1166 (2003)Google Scholar
  3. 3.
    BioAPI Consortium: BioAPI Specification, pp. 1163–1166 (2001),
  4. 4.
    Clancy, T.C., Kiyavash, N., Lin, D.J.: Secure smartcard-based fingerprint authentication. In: Proc. ACMSIGMM 2003 Multimedia, Biometrics Methods and Applications Workshop, pp. 45–52 (2003)Google Scholar
  5. 5.
    Davida, G.I., Frankel, Y., Matt, B.J.: On enabling secure applications through off-line biometric identification. In: Proc. IEEE Symp. Privacy and Security, pp. 148–157 (1998)Google Scholar
  6. 6.
    Davida, G.I., Frankel, Y., Matt, B.J., Peralta, R.: On the relation of error correction and cryptography to an offline biometric based identification scheme. In: Proc. Conf. Workshop Coding and Cryptography (WCC 1999), pp. 129–138 (1999)Google Scholar
  7. 7.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004), CrossRefGoogle Scholar
  8. 8.
    Grother, P.: Software Tools for an Eigenface Implementation. National Institute of Standards and Technology (2000),
  9. 9.
    Hill, C.J.: Risk of Masquerade Arising from the Storage of Biometrics B.S. Thesis, Australian National University (2001),
  10. 10.
    Kundur, D., Lin, C.-Y., Macq, B., Yu, H.: Special Issue on Enabling Security Technologies for Digital Rights Management. Proc. IEEE 92, 879–882 (2004)CrossRefGoogle Scholar
  11. 11.
    Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proc. IEEE Int. Symp. Information Theory, vol. 408 (2002)Google Scholar
  12. 12.
    National Institute of Standards and Technology (NIST): NIST Special Database 18: Mugshot Identification Database (MID),
  13. 13.
    Phillips, P.J., Moon, H., Rauss, P.J., Rizvi, S.: The FERET evaluation methodology for face recognition algorithms. IEEE Trans. Pat. Analysis Machine Int. 22, 1090–1104 (2000)CrossRefGoogle Scholar
  14. 14.
    Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya, B.: Biometric Encryption using image processing. In: Proc. SPIE Int. Soc. Opt. Eng., vol. 3314, pp. 178–188 (1998)Google Scholar
  15. 15.
    Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya, B.: Biometric Encryption: enrollment and verification procedures. In: Proc. SPIE Int. Soc. Opt. Eng., vol. 3386, pp. 24–35 (1998) Google Scholar
  16. 16.
    Soutar, C., Gilroy, R., Stoianov, A.: Biometric System Performance and Security. In: Conf. IEEE Auto. Identification Advanced Technol. (1999),
  17. 17.
    Tomko, G.: Privacy Implications of Biometrics - A Solution in Biometric Encryption. In: 8th Ann. Conf. Computers, Freedom and Privacy, Austin, TX, USA (1998)Google Scholar
  18. 18.
    Turk, M.A., Pentland, A.P.: Eigenfaces for recognition. J. Cognitive Neuroscience 3, 71–86 (1991)CrossRefGoogle Scholar
  19. 19.
    Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric Cryptosystems: Issues and Challenges. Proc. IEEE 92, 948–960 (2004)CrossRefGoogle Scholar
  20. 20.
    Uludag, U.: Finger minutiae attack system. In: Proc. Biometrics Conference, Washington, D.C., USA (September 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Andy Adler
    • 1
  1. 1.School of Information Technology and EngineeringUniversity of OttawaCanada

Personalised recommendations