Skip to main content
SpringerLink
Log in

Biometric keys: suitable use cases and achievable information content

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

This article surveys use cases for cryptographic keys extracted from biometric templates (“biometric keys”). It lays out security considerations that favor uses for the protection of the confidentiality and privacy of biometric information itself. It is further argued that the cryptographic strength of a biometric key is determined by its true information content. I propose an idealized model of a biometric system as a Shannon channel. The information content that can be extracted from biometric templates in the presence of noise is determined within this model. The performance of state-of-the-art biometric technology to extract a key from a single biometric feature (like, e.g., one iris pattern or one fingerprint) is analyzed. Under reasonable operating conditions the channel capacity limits the maximal achievable information content k of biometric key to values smaller than about 30 bits. This upper length limit is too short to thwart “brute force” attacks on crypto systems employing biometric keys. The extraction of sufficiently long biometric keys requires either: (a) technological improvements that improve the recognition power of biometric systems considerably or (b) the employment of multimodal and/or multiinstance biometrics or (c) the use of novel biometric features, such as, e.g., the pattern DNA nucleotides in the human genome.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adler, A.: Vulnerabilities in biometric encryption systems. In: Proceedings Audio- and Video-based Biometric Person Authentication (AVBPA 2005), Rye Brook, New York. LNCS, vol. 3546, pp.1100–1109. Springer, Berlin (2005)

  2. BioP2: Untersuchung der Leistungsfähigkeit von biometrischen Verifikationssystemen—BioP2. BSI, BKA, Secunet. Available at http://www.bsi.bund.de/fachthem/biometrie/projekte/index.htm (2005)

  3. BioFinger: Evaluierung biometrischer Systeme Fingerabdrucktechnologien BioFinger. BSI, BKA, Fraunhofer IGD. Available athttp://www.bsi.bund.de/fachthem/biometrie/projekte/index.htm (2004)

  4. Bodo, A.: Verfahren zur Erzeugung einer digitalen Signatur mit Hilfe eines biometrischen Merkmals. Deutsches Patent DE 4243908 A1, Anmeldung (1992)

  5. Bruen A.A., Forcinito M.A.: Cryptography, Information Theory and Error Correction. Wiley Interscience, Hoboken (2005)

    MATH  Google Scholar 

  6. Burnett, A., Duffy, A., Towling, T.: A Biometric Identity Based Signature Scheme. eprint.iacr.org, number 176 (2004)

  7. Butler J.M.: Forensic DNA Typing. Elsevier, Amsterdam (2005)

    Google Scholar 

  8. Cappelli, R., Erol, A., Maio, D., Maltoni, D.: Synthetic fingerprint-image generation. In: Proceedings International Conference on Pattern Recognition (ICPR2000), vol. 3, pp.475–478. “Sfinge” tool is available for download at http://bias.csr.unibo.it/research/biolab/sfinge.html (2000)

  9. Clancy, T.C., Kiyavash, N., Lin, D.J.: Secure smartcardbased fingerprint authentication. In: Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, pp. 45–52. ACM Press, Berkeley (2003)

  10. Davida, G.I., Frankel, Y., Matt B.J.: On enabling secure applications through off-line biometric identification. In: 1998 IEEE Symposium on Security and Privacy, pp. 148–157 (1998)

  11. Daugman J.: The importance of being random: statistical principles of iris recognition. Pattern Recognit. 36, 279–291 (2003)

    Article  Google Scholar 

  12. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate String Keys from Biometrics and Other Noisy Data. eprint.iacr.org, number 235 (2003)

  13. Hao F., Chan C.W.: Private key generation from on-line handwritten signatures. Inf. Manag. Comput. Secur. 10(2), 159–164 (2002)

    Google Scholar 

  14. Hao F., Anderson R., Daugman J.: Combining crypto with biometrics effectively. IEEE Trans. Comp. 55, 1081–1088 (2006)

    Article  Google Scholar 

  15. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Tsudik, G (ed.) Sixth ACM Conference on Computer and Communiation Security, pp. 28–36 (1999)

  16. Juels A., Sudan M.A.: Fuzzy Vault Scheme. Des. Codes Cryptogr. 38, 237–257 (2006)

    Article  MathSciNet  Google Scholar 

  17. Kwon, T., Lee, J.: Practical digital signature generation using biometrics. In: Computational Science and its Applications. Lecture Notes in Computer Science, vol. 3043, pp.728–737. Springer, Berlin (2004)

  18. Linnartz, J.P., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Proceedings of 4th International Conference on Audio- and Video-Based Biometric Person Authentication (AVBPA 2003). LNCS, vol. 2688, pp.393–402. Springer, Berlin (2003)

  19. Martini, U., Beinlich, S.: Virtual PIN: Biometric Encryption Using Coding Theory. In: Brömme, A., Busch, C (eds.) Proceedings of BIOSIG 2003: Biometric and Electronic Signatures. Lecture Notes in Informatics (LNI P-31), pp. 91–99. GI edition (2003)

  20. Matyas V. Jr., Riha Z.: Toward reliable user authentication through biometrics. IEEE Secur. Priv. 33, 45–49 (2003)

    Article  Google Scholar 

  21. Nanavati S., Thieme M., Nanavati R.: Biometrics—Identity Verification in a Networked World. Wiley, New York (2002)

    Google Scholar 

  22. Rainbow: http://www.rainbowcrack-online.com/ (2005)

  23. Schneier B.: Applied Cryptography. Wiley, Hoboken (1996)

    Google Scholar 

  24. Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya Kumar, B.V.K.: Biometric EncryptionTM using image processing. In: Proceedings of SPIE, vol. 3314, pp. 178–188; see also Website of Bioscrypt Inc. http://www.bioscrypt.com (1998)

  25. Tuyls, T., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: 5th International Conference on Audio- and Video-Based Personal Authentication (AVBPA 2005), Rye Brook, New York. LNCS, vol. 3546, pp. 436–441. Springer, Berlin (2005)

  26. Uludag U., Pankanti S., Prabhakar S., Jain A.K.: Biometric Cryptosystems: Issues and Challenges. Proc. IEEE 92, 948–960 (2004)

    Article  Google Scholar 

  27. Uludag, U., Pankanti, S., Jain, A.: Fuzzy Vault for Fingerprints. In: Proceedings of Audio- and Video-based Biometric Person Authentication (AVBPA 2005), Rye Brook, New York. LNCS, vol. 3546, pp. 310–319. Springer, Berlin (2005)

  28. Vogel, K., Beinlich, S., Martini, U.: Verfahren zum Schutz von Daten. Deutsches Patent DE 19940341 A1, Anmeldung (1999)

  29. Wheeler, D.: Protocols using keys from faulty data. In: Security Protocols. LNCS, vol. 2467, pp. 170–179 (2002)

Download references

Author information

Authors and Affiliations

  1. Federal Office for Information Security (BSI), 53175, Bonn, Germany

    Rainer Plaga

Authors
  1. Rainer Plaga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rainer Plaga.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Plaga, R. Biometric keys: suitable use cases and achievable information content. Int. J. Inf. Secur. 8, 447–454 (2009). https://doi.org/10.1007/s10207-009-0090-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-009-0090-5

Keywords

Search

Navigation