On the Design of Forgiving Biometric Security Systems

  • Raphael C. -W. Phan
  • John N. Whitley
  • David J. Parish
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 309)


This work aims to highlight the fundamental issue surrounding biometric security systems: it’s all very nice until a biometric is forged, but what do we do after that? Granted, biometric systems are by physical nature supposedly much harder to forge than other factors of authentication since biometrics on a human body are by right unique to the particular human person. Yet it is also due to this physical nature that makes it much more catastrophic when a forgery does occur, because it implies that this uniqueness has been forged as well, threatening the human individuality; and since crime has by convention relied on identifying suspects by biometric characteristics, loss of this biometric uniqueness has devastating consequences on the freedom and basic human rights of the victimized individual. This uniqueness forgery implication also raises the motivation on the adversary to forge since a successful forgery leads to much more impersonation situations when biometric systems are used i.e. physical presence at crime scenes, identification and access to security systems and premises, access to financial accounts and hence the ability to use the victim’s finances. Depending on the gains, a desperate highly motivated adversary may even resort to directly obtaining the victim’s biometric parts by force e.g. severing the parts from the victim’s body; this poses a risk and threat not just to the individual’s uniqueness claim but also to personal safety and well being. One may then wonder if it is worth putting one’s assets, property and safety into the hands of biometrics based systems when the consequences of biometric forgery far outweigh the consequences of system compromises when no biometrics are used.


Crime Scene Biometric System Biometric Characteristic Forward Security Fingerprint Detection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abhyankar, A., Schukers, S.A.C.: Integrating a Wavelet based Perspiration Liveness Check with Fingerprint Recognition. Pattern Recognition 42(3), 452–464 (2009)CrossRefGoogle Scholar
  2. 2.
    Antonelli, A., Cappelli, R., Maio, D., Maltoni, D.: Fake Finger Detection by Skin Distortion Analysis. IEEE Trans. Information Forensics and Security 1(3), 360–373 (2006)CrossRefGoogle Scholar
  3. 3.
    Atchison, D.A., Maxwell, E.L., Kasthurirangnan, S., Pope, J.M., Smith, G., Swann, P.G.: Age-related Changes in Optical and Biometric Charateristics of Emmetropic Eyes. Journal of Vision 8(4), 1–20 (2008)CrossRefGoogle Scholar
  4. 4.
    Baldisserra, D., Franco, A., Maio, D., Maltoni, D.: Fake Fingerprint Detection by Odor Analysis. In: Zhang, D., Jain, A.K. (eds.) ICB 2005. LNCS, vol. 3832, pp. 265–272. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    BBC, Japanese Smokers to Face Age Test (last revised May 12, 2008), (accessed March 30, 2009)
  6. 6.
    Bellare, M., Miner, S.K.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Bellare, M., Yee, B.S.: Forward-Security in Private-Key Cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    BusinessWeek, Biometrics: Vein Scanners Show Promise (February 6, 2007), (accessed March 30, 2009)
  9. 9.
    Derakhshani, R., Schukers, S.A.C., Hornak, L.A., O’Gorman, L.: Determination of Vitality from a Non-invasive Biomedical Measurement for Use in Fingerprint Scanners. Pattern Recognition 36(2), 383–396 (2003)CrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Franklin, M.K., Katz, J., Yung, M.: Intrusion-Resilient Public-Key Encryption. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 19–32. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public-Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Gallager, A.C.: Determining the Age of a Human Subject in a Digital Image, US Patent Application, March 2, 2006. US Patent & Trademark Office (2006)Google Scholar
  13. 13.
    Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Karlof, C., Tygar, J.D., Wagner, D.: Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In: Proc. NDSS 2009 (to appear, 2009)Google Scholar
  15. 15.
    Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of Artificial Gummy Fingers on Fingerprint Systems. In: Proc. SPIE. Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 (2002)Google Scholar
  16. 16.
    New Scientist, Red-eye Age Checker (April 27, 2006), (accessed March 30, 2009)
  17. 17.
    Phan, R.C.-W., Choo, K.-K.R., Heng, S.-H.: Security of a Leakage-Resilient Protocol for Key Establishment and Mutual Authentication. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 169–177. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Pointcheval, D., Zimmer, S.: Multi-Factor Authenticated Key Exchange. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 277–295. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    RSA, RSA Security and i-Mature Partner on Next-Generation Biometric Technology to Further Protect Children on the Internet (February 7, 2005)Google Scholar
  20. 20.
    Sankei Sport, Magazine Bought Photos of ... Certain Loopholes in the Vending Machine (June 24, 2008) (in Japanese), (accessed March 30, 2009)
  21. 21.
    Shin, S., Kobara, K., Imai, H.: Leakage-Resilient Authenticated Key Establishment Protocols. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 155–172. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Tan, R., Osman, V., Tan, G.: Ear Size as a Predictor of Chronological Age. Archives of Gerontology and Geriatrics 25(2), 187–191 (1997)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Raphael C. -W. Phan
    • 1
  • John N. Whitley
    • 1
  • David J. Parish
    • 1
  1. 1.High Speed Networks Research Group, Department of Electronic and Electrical EngineeringLoughborough UniversityUK

Personalised recommendations