Toward Ubiquitous Acceptance of Biometric Authentication: Template Protection Techniques

  • Madalina Baltatu
  • Rosalia D’Alessandro
  • Roberta D’Amico
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3087)


The present paper provides a study of theoretical and practical security issues related to the deployment of generic reliable authentication mechanisms based on the use of biometrics and personal hardware tokens, like smart cards. The analysis covers various possible authentication infrastructures, but is mainly focused on the definition of basic requirements and constraints of a particular security scheme, namely client-side authentication. The deployment of such a scheme proves to be necessary when specific application deployment constraints are encountered, particularly when there is a conspicuous need to guarantee the privacy of the users. The paper suggests several solutions to this problem, and proposes a particular template protection technique based on a secure secret sharing scheme. The fundamental goal of this technique is to secure biometric systems sensitive to privacy issues and which rely, at some extent, on authentication performed at the client end of the application.


Smart Card Authentication Scheme Secret Share Scheme Authentication Server Biometric System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Jain, A.K., Bolle, R.M., Pankanti, S.: Biometrics: The Personal Identification in Networked Society, January 1999. Kluwer Academic, Norwell (1999)Google Scholar
  2. 2.
    Pankanti, S., Bolle, R.M., Jain, A.K.: Biometrics: The Future of Identification. IEEE Computer 21(2) (February 2000)Google Scholar
  3. 3.
    Liu, S., Silverman, M.: A Practical Guide to Biometric Security Technology. IEEE Computer Society, IT Pro - Security (January/February 2000)Google Scholar
  4. 4.
    Jain, A.K.: Who’s Who? Challenges in Biometric Authentication. LNCS. Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Schneier, B.: Biometrics: Uses and Abuses. Inside Risks 110, Communications of the ACM 42(8) (August 1999)Google Scholar
  6. 6.
    Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometric Perils and Patches. In: Pattern Recognition, vol. 35(2), Elsevier Science, B.V (2002)Google Scholar
  7. 7.
    International Biometric Group (IBG) BioPrivacy Initiative: Technology Assessment,
  8. 8.
    Penny, W.: Biometrics: A Double Edged Sword - Security and Privacy. SANS Institute (2002)Google Scholar
  9. 9.
    Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric Recognition: Security and Privacy Concerns. IEEE Security and Privacy Magazine 1(2) (March-April 2003)Google Scholar
  10. 10.
    Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometrics breaks-in and band-aids. Pattern Recognition Letters 24(13) (September 2003)Google Scholar
  11. 11.
    Adler, A.: Sample images can be independently restored from face recognition templates. School of Information Technology and Engineering, University of Ottawa (2003)Google Scholar
  12. 12.
    Hill, C.: The risk of masquerade arising from the storage of biometrics, B.S. Thesis, Australian National University (November 2001)Google Scholar
  13. 13.
    Schneier, B.: Applied Cryptography, 2nd edn. John Wiley and Sons, Inc., Chichester (1996)Google Scholar
  14. 14.
    Smart Card Alliance: Secure Personal Identification Systems - Policy, Process and Technology Choices foar a Privacy-Sensitive Solution. Smart Card Alliance White Paper (January 2002)Google Scholar
  15. 15.
    Smart Card Alliance: Smart Cards and Biometrics in a Privacy-Sensitive Secure Personal Identification System. Smart Card Alliance White Paper (May 2002) Google Scholar
  16. 16.
    GSAA Government Smart Card Group: Guidelines for Placing Biometrics in Smart Cards (September 1998) Google Scholar
  17. 17.
    Osborne, M., Ratha, N.K.: A JC-BioAPI Compliant Smart Card with Biometrics for Secure Access Control, January 2003. LNCS. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Sanchez-Reillo, R.: Including Biometric Authentication in a Smart Card Operating System, January 2001. LNCS. Springer, Heidelberg (2001)Google Scholar
  19. 19.
    Podio, F.L., Dunn, J.S., Reinert, L., Tilton, C.J., O’Gorman, L., Collier, M.P., Jerde, M., Wirtz, B.: Common Biometric Exchange File Format. NISTIR 6529 (January 2001)Google Scholar
  20. 20.
    Schneier, B.: Security pitfalls in cryptography. In: Proc. of CardTech/SecureTech, Washinton D.C. (April 1998)Google Scholar
  21. 21.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: A biometrics-based secure authentication system. IBM Thomas J. Watson Research CenterGoogle Scholar
  22. 22.
    Jee, H.K., Lee, K.H., Chung, Y.W.: Integrating the Face Verification Algorithm into the Smart Card System. Electronics and Telecommunication Research Institute, Daejeon (2001)Google Scholar
  23. 23.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis: Leaking secrets. Crypto. 1999, 388–397 (1999)Google Scholar
  24. 24.
    BioAPI Consortium,
  25. 25.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digitial signatures and public-key cryptosystems. Communications of the ACM 21, 2–120 (1978)CrossRefMathSciNetGoogle Scholar
  26. 26.
    NIST: Digital Signature Standard, National Institute of Standards and Technology (NIST). FIPS Publication 186 (May 1994)Google Scholar
  27. 27.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE trans, Inform. Theory, IT 22, 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Madalina Baltatu
    • 1
  • Rosalia D’Alessandro
    • 1
  • Roberta D’Amico
    • 1
  1. 1.Telecom Italia LAB,TILABTurinItaly

Personalised recommendations