Abstract
This article surveys use cases for cryptographic keys extracted from biometric templates (“biometric keys”). It lays out security considerations that favor uses for the protection of the confidentiality and privacy of biometric information itself. It is further argued that the cryptographic strength of a biometric key is determined by its true information content. I propose an idealized model of a biometric system as a Shannon channel. The information content that can be extracted from biometric templates in the presence of noise is determined within this model. The performance of state-of-the-art biometric technology to extract a key from a single biometric feature (like, e.g., one iris pattern or one fingerprint) is analyzed. Under reasonable operating conditions the channel capacity limits the maximal achievable information content k of biometric key to values smaller than about 30 bits. This upper length limit is too short to thwart “brute force” attacks on crypto systems employing biometric keys. The extraction of sufficiently long biometric keys requires either: (a) technological improvements that improve the recognition power of biometric systems considerably or (b) the employment of multimodal and/or multiinstance biometrics or (c) the use of novel biometric features, such as, e.g., the pattern DNA nucleotides in the human genome.
Similar content being viewed by others
References
Adler, A.: Vulnerabilities in biometric encryption systems. In: Proceedings Audio- and Video-based Biometric Person Authentication (AVBPA 2005), Rye Brook, New York. LNCS, vol. 3546, pp.1100–1109. Springer, Berlin (2005)
BioP2: Untersuchung der Leistungsfähigkeit von biometrischen Verifikationssystemen—BioP2. BSI, BKA, Secunet. Available at http://www.bsi.bund.de/fachthem/biometrie/projekte/index.htm (2005)
BioFinger: Evaluierung biometrischer Systeme Fingerabdrucktechnologien BioFinger. BSI, BKA, Fraunhofer IGD. Available athttp://www.bsi.bund.de/fachthem/biometrie/projekte/index.htm (2004)
Bodo, A.: Verfahren zur Erzeugung einer digitalen Signatur mit Hilfe eines biometrischen Merkmals. Deutsches Patent DE 4243908 A1, Anmeldung (1992)
Bruen A.A., Forcinito M.A.: Cryptography, Information Theory and Error Correction. Wiley Interscience, Hoboken (2005)
Burnett, A., Duffy, A., Towling, T.: A Biometric Identity Based Signature Scheme. eprint.iacr.org, number 176 (2004)
Butler J.M.: Forensic DNA Typing. Elsevier, Amsterdam (2005)
Cappelli, R., Erol, A., Maio, D., Maltoni, D.: Synthetic fingerprint-image generation. In: Proceedings International Conference on Pattern Recognition (ICPR2000), vol. 3, pp.475–478. “Sfinge” tool is available for download at http://bias.csr.unibo.it/research/biolab/sfinge.html (2000)
Clancy, T.C., Kiyavash, N., Lin, D.J.: Secure smartcardbased fingerprint authentication. In: Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, pp. 45–52. ACM Press, Berkeley (2003)
Davida, G.I., Frankel, Y., Matt B.J.: On enabling secure applications through off-line biometric identification. In: 1998 IEEE Symposium on Security and Privacy, pp. 148–157 (1998)
Daugman J.: The importance of being random: statistical principles of iris recognition. Pattern Recognit. 36, 279–291 (2003)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate String Keys from Biometrics and Other Noisy Data. eprint.iacr.org, number 235 (2003)
Hao F., Chan C.W.: Private key generation from on-line handwritten signatures. Inf. Manag. Comput. Secur. 10(2), 159–164 (2002)
Hao F., Anderson R., Daugman J.: Combining crypto with biometrics effectively. IEEE Trans. Comp. 55, 1081–1088 (2006)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Tsudik, G (ed.) Sixth ACM Conference on Computer and Communiation Security, pp. 28–36 (1999)
Juels A., Sudan M.A.: Fuzzy Vault Scheme. Des. Codes Cryptogr. 38, 237–257 (2006)
Kwon, T., Lee, J.: Practical digital signature generation using biometrics. In: Computational Science and its Applications. Lecture Notes in Computer Science, vol. 3043, pp.728–737. Springer, Berlin (2004)
Linnartz, J.P., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Proceedings of 4th International Conference on Audio- and Video-Based Biometric Person Authentication (AVBPA 2003). LNCS, vol. 2688, pp.393–402. Springer, Berlin (2003)
Martini, U., Beinlich, S.: Virtual PIN: Biometric Encryption Using Coding Theory. In: Brömme, A., Busch, C (eds.) Proceedings of BIOSIG 2003: Biometric and Electronic Signatures. Lecture Notes in Informatics (LNI P-31), pp. 91–99. GI edition (2003)
Matyas V. Jr., Riha Z.: Toward reliable user authentication through biometrics. IEEE Secur. Priv. 33, 45–49 (2003)
Nanavati S., Thieme M., Nanavati R.: Biometrics—Identity Verification in a Networked World. Wiley, New York (2002)
Rainbow: http://www.rainbowcrack-online.com/ (2005)
Schneier B.: Applied Cryptography. Wiley, Hoboken (1996)
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya Kumar, B.V.K.: Biometric EncryptionTM using image processing. In: Proceedings of SPIE, vol. 3314, pp. 178–188; see also Website of Bioscrypt Inc. http://www.bioscrypt.com (1998)
Tuyls, T., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: 5th International Conference on Audio- and Video-Based Personal Authentication (AVBPA 2005), Rye Brook, New York. LNCS, vol. 3546, pp. 436–441. Springer, Berlin (2005)
Uludag U., Pankanti S., Prabhakar S., Jain A.K.: Biometric Cryptosystems: Issues and Challenges. Proc. IEEE 92, 948–960 (2004)
Uludag, U., Pankanti, S., Jain, A.: Fuzzy Vault for Fingerprints. In: Proceedings of Audio- and Video-based Biometric Person Authentication (AVBPA 2005), Rye Brook, New York. LNCS, vol. 3546, pp. 310–319. Springer, Berlin (2005)
Vogel, K., Beinlich, S., Martini, U.: Verfahren zum Schutz von Daten. Deutsches Patent DE 19940341 A1, Anmeldung (1999)
Wheeler, D.: Protocols using keys from faulty data. In: Security Protocols. LNCS, vol. 2467, pp. 170–179 (2002)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Plaga, R. Biometric keys: suitable use cases and achievable information content. Int. J. Inf. Secur. 8, 447–454 (2009). https://doi.org/10.1007/s10207-009-0090-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-009-0090-5