Abstract
The goal of a biometric encryption system is to embed a secret into a biometric template in a way that can only be decrypted with a biometric image from the enroled person. This paper describes a potential vulnerability in such systems that allows a less-than-brute force regeneration of the secret and an estimate of the enrolled image. This vulnerability requires the biometric comparison to “leak” some information from which an analogue for a match score may be calculated. Using this match score value, a “hill-climbing” attack is performed against the algorithm to calculate an estimate of the enrolled image, which is then used to decrypt the code. Results are shown against a simplified implementation of the algorithm of Soutar et al. (1998).
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adler, A.: Images can be regenerated from quantized biometric match score data. In: Proc. Can. Conf. Elec. Comp. Eng., pp. 469–472 (2004)
Adler, A.: Sample images can be independently restored from face recognition templates. In: Proc. Can. Conf. Elec. Comp. Eng., pp. 1163–1166 (2003)
BioAPI Consortium: BioAPI Specification, pp. 1163–1166 (2001), http://www.bioapi.org/BIOAPI1.1.pdf
Clancy, T.C., Kiyavash, N., Lin, D.J.: Secure smartcard-based fingerprint authentication. In: Proc. ACMSIGMM 2003 Multimedia, Biometrics Methods and Applications Workshop, pp. 45–52 (2003)
Davida, G.I., Frankel, Y., Matt, B.J.: On enabling secure applications through off-line biometric identification. In: Proc. IEEE Symp. Privacy and Security, pp. 148–157 (1998)
Davida, G.I., Frankel, Y., Matt, B.J., Peralta, R.: On the relation of error correction and cryptography to an offline biometric based identification scheme. In: Proc. Conf. Workshop Coding and Cryptography (WCC 1999), pp. 129–138 (1999)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004), http://eprint.iacr.org/2003/235/
Grother, P.: Software Tools for an Eigenface Implementation. National Institute of Standards and Technology (2000), http://www.nist.gov/humanid/feret/
Hill, C.J.: Risk of Masquerade Arising from the Storage of Biometrics B.S. Thesis, Australian National University (2001), http://chris.fornax.net/biometrics.html
Kundur, D., Lin, C.-Y., Macq, B., Yu, H.: Special Issue on Enabling Security Technologies for Digital Rights Management. Proc. IEEE 92, 879–882 (2004)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proc. IEEE Int. Symp. Information Theory, vol. 408 (2002)
National Institute of Standards and Technology (NIST): NIST Special Database 18: Mugshot Identification Database (MID), http://www.nist.gov/srd/nistsd18.htm
Phillips, P.J., Moon, H., Rauss, P.J., Rizvi, S.: The FERET evaluation methodology for face recognition algorithms. IEEE Trans. Pat. Analysis Machine Int. 22, 1090–1104 (2000)
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya, B.: Biometric Encryption using image processing. In: Proc. SPIE Int. Soc. Opt. Eng., vol. 3314, pp. 178–188 (1998)
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya, B.: Biometric Encryption: enrollment and verification procedures. In: Proc. SPIE Int. Soc. Opt. Eng., vol. 3386, pp. 24–35 (1998)
Soutar, C., Gilroy, R., Stoianov, A.: Biometric System Performance and Security. In: Conf. IEEE Auto. Identification Advanced Technol. (1999), http://www.bioscrypt.com/assets/security_soutar.pdf
Tomko, G.: Privacy Implications of Biometrics - A Solution in Biometric Encryption. In: 8th Ann. Conf. Computers, Freedom and Privacy, Austin, TX, USA (1998)
Turk, M.A., Pentland, A.P.: Eigenfaces for recognition. J. Cognitive Neuroscience 3, 71–86 (1991)
Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric Cryptosystems: Issues and Challenges. Proc. IEEE 92, 948–960 (2004)
Uludag, U.: Finger minutiae attack system. In: Proc. Biometrics Conference, Washington, D.C., USA (September 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Adler, A. (2005). Vulnerabilities in Biometric Encryption Systems. In: Kanade, T., Jain, A., Ratha, N.K. (eds) Audio- and Video-Based Biometric Person Authentication. AVBPA 2005. Lecture Notes in Computer Science, vol 3546. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11527923_114
Download citation
DOI: https://doi.org/10.1007/11527923_114
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-27887-0
Online ISBN: 978-3-540-31638-1
eBook Packages: Computer ScienceComputer Science (R0)