Skip to main content
SpringerLink
Log in

Security and Privacy in Biometrics: Towards a Holistic Approach

  • Chapter
Security and Privacy in Biometrics

Abstract

Security and privacy in biometric systems have been traditionally seen as two requirements hindering each other. Only in the recent past researchers have started investigating it as a joint optimization problem which needs to be tackled from both a legal, procedural, and a technological point of view. Therefore in this chapter we take a holistic approach and we introduce some basics about the privacy and the security issues which can affect a biometric system and some possible mitigation approaches, both procedural and technological, that can help in designing secure and privacy compliant biometric based recognition systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Privacy & biometrics building a conceptual foundation. NSTC, Committee on Technology, Committee on Homeland and National Security, Subcommittee on Biometrics. Tech rep, September 2006

    Google Scholar 

  2. Woodward JJD (2008) The law and use of biometrics. In: Jain AK, Flynn P, Ross AA (eds) Handbook of Biometrics. Springer, New York

    Google Scholar 

  3. Guidelines on the protection of privacy and transborder flows of personal data. OECD (Organisation for Economic Co-operation and Development), Paris, France. Tech rep, 1980 (accessed in December 2012). [Online]. Available: www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html

  4. Privacy technology implementation guide. Homeland security. Tech rep, 16 August 2007 (accessed in December 2012). [Online]. Available: http://www.dhs.gov/xlibrary/assets/privacy/privacy/guide/ptig.pdf

  5. Article 29—data protection working party 2003, working document on biometrics 12168/02/en. Tech rep

    Google Scholar 

  6. Mordini E (2008) Biometrics, human body and medicine: a controversial history. In: Duquenoy P, George C, Kimppa K (eds) Ethical, Legal and Social Issues in Medical Informatics. Idea Group Inc, Hershey

    Google Scholar 

  7. Biometric security concerns. UK biometric working group. Tech rep, September 2003

    Google Scholar 

  8. Ratha N, Connell J, Bolle R (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3):614–634

    Article  Google Scholar 

  9. Uludag U, Jain A (2003) Attacks on biometric systems: a case study in fingerprints. In: Proc SPIE-EI 2004, Security, Steganography and Watermarking of Multimedia Contents VI, 18–22 January 2003, pp 622–633

    Google Scholar 

  10. Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP Journal on Advances in Signal Processing 2008

    Google Scholar 

  11. Roberts C (2006) Biometric attack vectors and defences. Computers & Security 26(1)

    Google Scholar 

  12. INCITS-M1/07-0185rev, Study report on biometrics in e-authentication. InterNational Committee for Information Technology Standards, INCITS Secretariat, Information Technology Industry Council (ITI). Tech rep, 30 March 2007 (accessed in December 2012). [Online]. Available: http://standards.incits.org/apps/group_public/download.php/24528/m1070185rev.pdf

  13. Adler A (2003) Can images be regenerated from biometric templates? In: Proc Biometrics Consortium Conference, September 2003

    Google Scholar 

  14. Ross A, Nandakumar K, Jain AK (2006) Handbook of Multibiometrics. Springer, Berlin

    Google Scholar 

  15. Cavoukian BA, Stoianov A (2007) Biometric encryption: a positive-sum technology that achieves strong authentication, security and privacy, Toronto, Canada. Tech rep, 2007 (accessed in December 2012). [Online]. Available: www.ipc.on.ca

  16. Tuyls P, Skoric B, Kevenaar T (2007) Security with Noisy Data. Privacy Biometrics, Secure Key Storage and Anti-counterfeiting. Springer, Berlin

    Book  Google Scholar 

  17. Ross A, Shah J, Jain AK (2007) From template to image: reconstructing fingerprints from minutiae points. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):544–560

    Article  Google Scholar 

  18. Breebaart J, Busch C, Grave J, Kindt E (2008) A reference architecture for biometric template protection based on pseudo identities. In: BIOSIG, Darmstadt, Germany, September 2008

    Google Scholar 

  19. Savvides M, Vijaya Kumar BVK, Khosla PK (2004) Cancelable biometric filters for face recognition. In: Proceedings of the 17th International Conference on Pattern Recognition, ICPR 2004, vol 3, Cambridge, UK, August 2004, pp 922–925

    Chapter  Google Scholar 

  20. Ang R, Safavi-Naini R, McAven L (2005) Cancelable key-based fingerprint templates. In: ACISP. Lecture Notes on Computer Science, vol 3574, pp 242–252

    Google Scholar 

  21. Ratha NK, Chikkerur S, Connell JH, Bolle RM (2007) Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(4):561–572

    Article  Google Scholar 

  22. Quan F, Fei S, Anni C, Feifei Z (2008) Cracking cancelable fingerprint template of Ratha. In: International Symposium on Computer Science and Computational Technology, ISCSCT’08, Shanghai, China, December 2008, pp 572–575

    Chapter  Google Scholar 

  23. Chikkerur S, Ratha N, Connell J, Bolle R (2008) Generating registration-free cancelable fingerprint templates. In: IEEE Second International Conference on Biometrics: Theory, Applications and Systems, BTAS’08, Washington, DC, USA, 28 September–1 October 2008

    Google Scholar 

  24. Xu W, He Q, Li Y, Li T (2008) Cancelable voiceprint templates based on knowledge signatures. In: Proceedings of the 2008 International Symposium on Electronic Commerce and Security, ISECS’08, Guangzhou, China, August 2008

    Google Scholar 

  25. Maiorana E, Martinez-Diaz M, Campisi P, Ortega-Garcia J, Neri A (2008) Template protection for hmm-based on-line signature authentication. In: IEEE Intl Conf on Computer Vision and Pattern Recognition, Anchorage, Alaska, USA, 23–28 June 2008

    Google Scholar 

  26. Maiorana E, Campisi P, Fierrez J, Ortega-Garcia J, Neri A (2010) Cancelable templates for sequence based biometrics with application to on-line signature recognition. IEEE Transactions on Systems, Man and Cybernetics. Part A 40(3):525–538

    Article  Google Scholar 

  27. Ballard L, Kamara S, Reiter M (2008) The practical subtleties of biometric key generation. In: 17th Annual USENIX Security Symposium, San Jose, CA, USA, 28 July–1 August 2008

    Google Scholar 

  28. Monrose F, Reiter M, Li Q, Wetzel S (2001) Cryptographic key generation from voice. In: IEEE Symp on Security and Privacy, Oakland, CA, USA, May 2001

    Google Scholar 

  29. Goh A, Ngo D (2003) Computation of cryptographic keys from face biometrics. In: International Federation for Information Processing. Lecture Notes on Computer Science, vol 2828

    Google Scholar 

  30. Vielhauer C, Steinmetz R, Mayerhoefer A (2002) Biometric hash based on statistical features of online signatures. In: 21st International Conference on Pattern Recognition, ICPR 2012, Tsukuba Science City, Japan, November 2012

    Google Scholar 

  31. Vielhauer C, Steinmetz R (2004) Handwriting: feature correlation analysis for biometric hashes. EURASIP Journal on Applied Signal Processing 4:542–558. Special issue on biometric signal processing

    Google Scholar 

  32. Feng H, Chan C (2002) Private key generation from on-line handwritten signatures. In: Information Management and Computer Security, pp 159–164

    Google Scholar 

  33. Kuan Y, Goh A, Ngo D, Teoh A (2005) Cryptographic keys from dynamic hand-signatures with biometric secrecy preservation and replaceability. In: Proc Fourth IEEE Workshop on Automatic Identification Advanced Technologies, AUTO ID 2005, Buffalo, New York, USA, October 2005, pp 27–32

    Chapter  Google Scholar 

  34. Freire M, Fierrez J, Galbally J, Ortega-Garcia J (2007) Biometric hashing based on genetic selection and its application to on-line signatures. In: Lecture Notes on Computer Science, vol 4642, pp 1134–1143

    Google Scholar 

  35. Ballard L, Kamara S, Monrose F, Reiter MK (2008) Towards practical biometric key generation with randomized biometric templates. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS’08, Alexandria, VA, USA, October 2008

    Google Scholar 

  36. Rathgeb C, Uhl A (2010) Privacy preserving key generation for iris biometrics. In: Proceedings of the 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security, CMS’10, Linz, Austria, 31 May–2 June 2010

    Google Scholar 

  37. Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: Proc ACM Conf on Computer and Communications Security, CCS99, Singapore, November 1999, pp 28–36

    Google Scholar 

  38. Davida G, Frankel Y, Matt B, Peralta R (1999) On the relation of error correction and cryptography to an off line biometric based identification scheme. In: Proceedings of WCC99, Workshop on coding and cryptography, Paris, France, January 1999

    Google Scholar 

  39. Juels A, Sudan M (2002) A fuzzy vault scheme. In: IEEE Intl Symp on Information Theory, ISIT 2002, Lausanne, Switzerland, 30 June–5 July 2002

    Google Scholar 

  40. Tuyls P, Verbitsky E, Ignatenko T, Schobben D, Akkermans A (2004) Privacy protected biometric templates: acoustic ear identification. In: Proceedings SPIE, Biometric Technology for Human Identification, vol 5404, Orlando, FL, USA, April 2004, pp 176–182

    Chapter  Google Scholar 

  41. Tuyls P, Akkermans A, Kevenaar T, Schrijen G, Bazen A, Veldhuis R (2005) Practical biometric authentication with template protection. In: AVBPA, Rye Brook, NY, USA, pp 436–446

    Google Scholar 

  42. Nandakumar K (2010) A fingerprint cryptosystem based on minutiae phase spectrum. In: IEEE International Workshop on Information Forensics and Security, WIFS10, Seattle, USA, December 2010

    Google Scholar 

  43. Van der Veen M, Kevenaar T, Schrijen G-J, Akkermans T, Zuo F (2006) Face biometrics Brazil, with renewable templates. In: SPIE Proc on Security, Steganography, and Watermarking of Multimedia Contents, vol 6072, San Jose, CA, USA, January 2005

    Google Scholar 

  44. Kelkboom E, Gökberk B, Kevenaar T, Akkermans AHM, Van der Veen M (2007) 3d face: biometrics template protection for 3d face recognition. In: Lecture Notes on Computer Science, vol 4642, pp 566–573

    Google Scholar 

  45. Hao F, Anderson R, Daugman J (2006) Combining crypto with biometrics effectively. IEEE Transactions on Computers 55:1081–1088

    Article  Google Scholar 

  46. Rathgeb C, Uhl A (2009) Systematic construction of iris-based fuzzy commitment schemes. In: Proceedings of the Third International Conference on Advances in Biometrics, ICB’09, Alghero, Italy, June 2009

    Google Scholar 

  47. Maiorana E, Campisi P, Neri A (2008) User adaptive fuzzy commitment for signature templates protection and renewability. SPIE Journal of Electronic Imaging 17(1), January–March. Special section on biometrics: advances in security, usability and interoperability

    Google Scholar 

  48. Maiorana E, Campisi P (2010) Fuzzy commitment for function based signature template protection. IEEE Signal Processing Letters 17(3):249–252

    Article  Google Scholar 

  49. Uludag U, Jain A (2004) Fuzzy fingerprint vault. In: Workshop on Biometrics: Challenges Arising from Theory to Practice, August 2004, pp 13–16

    Google Scholar 

  50. Yang S, Verbauwhede I (2005) Automatic secure fingerprint verification system based on fuzzy vault scheme. In: IEEE Intl Conf on Acoustics, Speech, and Signal Processing, ICASSP 2005, Philadelphia, PA, USA, March 2005, pp 609–612

    Chapter  Google Scholar 

  51. Nandakumar K, Jain A, Pankati S (2007) Fingerprint–based fuzzy vault: implementation and performance. IEEE Transactions on Information Forensics and Security 2(4):744–757

    Article  Google Scholar 

  52. Freire M, Fierrez J, Martinez-Diaz M, Ortega-Garcia J (2007) On the applicability of off-line signatures to the fuzzy vault construction. In: Proc Intl Conf on Document Analysis and Recognition, ICDAR 2007, Brazil, September 2007

    Google Scholar 

  53. Nyang D, Lee KH (2007) Fuzzy face vault: how to implement fuzzy vault with weighted features. In: Proceedings of the 4th International Conference on Universal Access in Human Computer Interaction: Coping with Diversity, UAHCI’07, Beijing, China

    Google Scholar 

  54. Lee Y, Bae K, Lee S, Park K, Kim J (2007) Biometric key binding: fuzzy vault based on iris images. In: Lecture Notes on Computer Science, vol 4642. Springer, Berlin, pp 800–808

    Google Scholar 

  55. Kumar A, Kumar A (2009) Development of a new cryptographic construct using palmprint-based fuzzy vault. EURASIP Journal on Advances in Signal Processing 2009

    Google Scholar 

  56. Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Eurocrypt. Lecture Notes on Computer Science, vol 3027. Springer, Berlin, pp 523–540

    Google Scholar 

  57. Sutcu Y, Li Q, Memon N (2007) Protecting biometric templates with sketch: theory and practice. IEEE Transactions on Information Forensics and Security 2(3):503–512

    Article  Google Scholar 

  58. Li Q, Guo M, Chang E-C (2008) Fuzzy extractors for asymmetric biometric representations. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, CVPRW’08, Anchorage, AK, USA, June 2008

    Google Scholar 

  59. Buhan I, Doumen J, Hartel P, Veldhuis R (2007) Fuzzy extractors for continuous distributions. In: 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Singapore, March 2007, pp 353–355

    Chapter  Google Scholar 

  60. Sutcu Y, Li Q, Memon N (2009) Design and analysis of fuzzy extractors for faces. In: Proc SPIE Optics and Photonics in Global Homeland Security V and Biometric Technology for Human Identification VI, vol 7306, Orlando, Florida, USA, April 2009

    Google Scholar 

  61. Ignatenko T, Willems F (2010) Information leakage in fuzzy commitment schemes. IEEE Transactions on Information Forensics and Security 5(2):337–348

    Article  Google Scholar 

  62. Zhou X, Kuijper A, Veldhuis R, Busch C (2011) Quantifying privacy and security of biometric fuzzy commitment. In: International Joint Conference on Biometrics, IJCB 11, Washington, DC, USA, October 2011

    Google Scholar 

  63. Kelkboom E, Breebaart J, Kevenaar T, Buhan I, Veldhuis R (2011) Preventing the decodability attack based cross-matching in a fuzzy commitment scheme. IEEE Transactions on Information Forensics and Security 6(1):107–121

    Article  Google Scholar 

  64. Zhou X, Kuijper A, Busch C (2012) Retrieving secrets from iris fuzzy commitment. In: International Conference on Biometrics, ICB 12, New Delhi, India, 29 March–1 April 2012

    Google Scholar 

  65. Chang E-C, Shen R, Teo FW (2006) Finding the original point set hidden among chaff. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS’06, Taipei, Taiwan, March 2006, pp 182–188

    Chapter  Google Scholar 

  66. Scheirer W, Boult T (2007) Cracking fuzzy vaults and biometric encryption. In: Biometrics Symposium, Baltimore, MD, USA, September 2007

    Google Scholar 

  67. Kholmatov A, Yanikoglu B (2008) Realization of correlation attack against the fuzzy vault scheme. In: SPIE Symp Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, vol 6819, San Jose, CA, USA, January 2008

    Google Scholar 

  68. Boyen X (2004) Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, October 2004, pp 82–91

    Google Scholar 

  69. Boyen X, Dodis Y, Katz J, Ostrovsky R, Smith A (2005) Secure remote authentication using biometric data. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494

    Google Scholar 

  70. Dodis Y, Smith A (2005) Correcting errors without leaking partial information. In: STOC’05: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 2005, pp 654–663

    Google Scholar 

  71. Simoens K, Tuyls P, Preneel B (2009) Privacy weaknesses in biometric sketches. In: Proc IEEE Symp Security and Privacy, pp 188–203

    Google Scholar 

  72. Wang Y, Rane S, Draper SC, Ishwar P (2012) A theoretical analysis of authentication, privacy, and reusability across secure biometric systems. IEEE Transactions on Information Forensics and Security 7(6):1825–1840

    Article  Google Scholar 

  73. Sutcu Y, Li Q, Memon N (2007) Secure biometric templates from fingerprint-face features. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition. Workshop on biometrics, Minneapolis, MN, USA, June 2007

    Google Scholar 

  74. Nandakumar K, Jain AK (2008) Multibiometric template security using fuzzy vault. In: 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems, BTAS’08, Washington, DC, USA

    Google Scholar 

  75. Kelkboom E, Zhou X, Breebaart J, Veldhuis R, Busch C (2009) Multi-algorithm fusion with template protection. In: 3rd IEEE International Conference on Biometrics: Theory, Applications and Systems, BTAS’09, Washington, DC, USA

    Google Scholar 

  76. Kanade S, Petrovska-Delacretaz D, Dorizzi B (2010) Obtaining cryptographic keys using feature level fusion of iris and face biometrics for secure user authentication. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition. Workshop on biometrics, San Francisco, USA, June 2010

    Google Scholar 

  77. Nagar A, Nandakumar K, Jain AK (2012) Multibiometric cryptosystems based on feature level fusion. IEEE Transactions on Information Forensics and Security 7(1):255–268

    Article  Google Scholar 

  78. Biometric identification technology ethics (BITE). Tech rep (accessed in December 2012). [Online]. Available: http://www.biteproject.org

  79. Homeland security, biometric identification & personal detection ethics (HIDE). Tech rep (accessed in December 2012). [Online]. Available: http://www.hideproject.org

  80. IRISS (Increasing Resilience in Surveillance Societies) EU Project. [Online]. Available: http://irissproject.eu/

  81. SURPRISE (Surveillance, Privacy and Security) EU Project. [Online]. Available: surprise-project.eu/

  82. 3DFace, 3DFace EU Project. [Online]. Available: http://www.3dface.org/home/welcome

  83. TURBINE (TrUsted Revocable Biometric IdeNtitiEs) EU Project. [Online]. Available: http://www.turbine-project.eu/

  84. BEAT (Biometrics Evaluation and Testing) EU Project. [Online]. Available: http://www.beat-eu.org/

  85. TABULA RASA EU Project. [Online]. Available: http://www.tabularasa-euproject.org/project

  86. Simoens K, Yang B, Zhou X, Beato F, Busch C, Newton E, Preneel B (2012) Criteria towards metrics for benchmarking template protection algorithms. In: 5th IAPR International Conference on Biometrics, ICB 12, New Delhi, India, 29 March–1 April 2012

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Section of Applied Electronics, Department of Engineering, University of Roma Tre, Via Vito Volterra 62, 00146, Rome, Italy

    Patrizio Campisi

Authors
  1. Patrizio Campisi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patrizio Campisi .

Editor information

Editors and Affiliations

  1. Department of Applied Electronics, Roma Tre University, via della Vasca Navale 84, Rome, 00146, Italy

    Patrizio Campisi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag London

About this chapter

Cite this chapter

Campisi, P. (2013). Security and Privacy in Biometrics: Towards a Holistic Approach. In: Campisi, P. (eds) Security and Privacy in Biometrics. Springer, London. https://doi.org/10.1007/978-1-4471-5230-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-5230-9_1

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-5229-3

  • Online ISBN: 978-1-4471-5230-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation