Abstract
The goal of a biometric encryption system is to embed a secret into a biometric template in a way that can only be decrypted with a biometric image from the enroled person. This paper describes a potential vulnerability in such systems that allows a less-than-brute force regeneration of the secret and an estimate of the enrolled image. This vulnerability requires the biometric comparison to “leak” some information from which an analogue for a match score may be calculated. Using this match score value, a “hill-climbing” attack is performed against the algorithm to calculate an estimate of the enrolled image, which is then used to decrypt the code. Results are shown against a simplified implementation of the algorithm of Soutar et al. (1998).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adler, A.: Images can be regenerated from quantized biometric match score data. In: Proc. Can. Conf. Elec. Comp. Eng., pp. 469–472 (2004)
Adler, A.: Sample images can be independently restored from face recognition templates. In: Proc. Can. Conf. Elec. Comp. Eng., pp. 1163–1166 (2003)
BioAPI Consortium: BioAPI Specification, pp. 1163–1166 (2001), http://www.bioapi.org/BIOAPI1.1.pdf
Clancy, T.C., Kiyavash, N., Lin, D.J.: Secure smartcard-based fingerprint authentication. In: Proc. ACMSIGMM 2003 Multimedia, Biometrics Methods and Applications Workshop, pp. 45–52 (2003)
Davida, G.I., Frankel, Y., Matt, B.J.: On enabling secure applications through off-line biometric identification. In: Proc. IEEE Symp. Privacy and Security, pp. 148–157 (1998)
Davida, G.I., Frankel, Y., Matt, B.J., Peralta, R.: On the relation of error correction and cryptography to an offline biometric based identification scheme. In: Proc. Conf. Workshop Coding and Cryptography (WCC 1999), pp. 129–138 (1999)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004), http://eprint.iacr.org/2003/235/
Grother, P.: Software Tools for an Eigenface Implementation. National Institute of Standards and Technology (2000), http://www.nist.gov/humanid/feret/
Hill, C.J.: Risk of Masquerade Arising from the Storage of Biometrics B.S. Thesis, Australian National University (2001), http://chris.fornax.net/biometrics.html
Kundur, D., Lin, C.-Y., Macq, B., Yu, H.: Special Issue on Enabling Security Technologies for Digital Rights Management. Proc. IEEE 92, 879–882 (2004)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proc. IEEE Int. Symp. Information Theory, vol. 408 (2002)
National Institute of Standards and Technology (NIST): NIST Special Database 18: Mugshot Identification Database (MID), http://www.nist.gov/srd/nistsd18.htm
Phillips, P.J., Moon, H., Rauss, P.J., Rizvi, S.: The FERET evaluation methodology for face recognition algorithms. IEEE Trans. Pat. Analysis Machine Int. 22, 1090–1104 (2000)
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya, B.: Biometric Encryption using image processing. In: Proc. SPIE Int. Soc. Opt. Eng., vol. 3314, pp. 178–188 (1998)
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya, B.: Biometric Encryption: enrollment and verification procedures. In: Proc. SPIE Int. Soc. Opt. Eng., vol. 3386, pp. 24–35 (1998)
Soutar, C., Gilroy, R., Stoianov, A.: Biometric System Performance and Security. In: Conf. IEEE Auto. Identification Advanced Technol. (1999), http://www.bioscrypt.com/assets/security_soutar.pdf
Tomko, G.: Privacy Implications of Biometrics - A Solution in Biometric Encryption. In: 8th Ann. Conf. Computers, Freedom and Privacy, Austin, TX, USA (1998)
Turk, M.A., Pentland, A.P.: Eigenfaces for recognition. J. Cognitive Neuroscience 3, 71–86 (1991)
Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric Cryptosystems: Issues and Challenges. Proc. IEEE 92, 948–960 (2004)
Uludag, U.: Finger minutiae attack system. In: Proc. Biometrics Conference, Washington, D.C., USA (September 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Adler, A. (2005). Vulnerabilities in Biometric Encryption Systems. In: Kanade, T., Jain, A., Ratha, N.K. (eds) Audio- and Video-Based Biometric Person Authentication. AVBPA 2005. Lecture Notes in Computer Science, vol 3546. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11527923_114
Download citation
DOI: https://doi.org/10.1007/11527923_114
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-27887-0
Online ISBN: 978-3-540-31638-1
eBook Packages: Computer ScienceComputer Science (R0)