Skip to main content
SpringerLink
Log in

On the Leakage of Information in Biometric Authentication

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2014 (INDOCRYPT 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8885))

Included in the following conference series:

Abstract

In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in \(\mathbb {Z}_q^n, (q\ge 2)\) after a number of authentication attempts linear in \(n\). Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Penrose, L.: Dermatoglyphic topology. Nature 205, 544–546 (1965)

    Article  Google Scholar 

  2. Bolling, J.: A window to your health. Jacksonville Medicine, Special Issue: Retinal Diseases 51 (2000)

    Google Scholar 

  3. Osadchy, M., Pinkas, B., Jarrous, A., Moskovich, B.: SCiFI - A System for Secure Face Identification. In: 2010 IEEE Symposium on Security and Privacy, pp. 239–254 (2010)

    Google Scholar 

  4. Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An application of the goldwasser-micali cryptosystem to biometric authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Daugman, J.: How iris recognition works. IEEE Transactions on Circuits and Systems for Video Technology 14, 21–30 (2004)

    Article  Google Scholar 

  6. Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognition. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Efficient Privacy-preserving face recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 229–244. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Huang, Y., Malka, L., Evans, D., Katz, J.: Efficient privacy-preserving biometric identification. In: NDSS 2011 (2011)

    Google Scholar 

  9. Barni, M., Bianchi, T., Catalano, D., Di Raimondo, M., Donida Labati, R., Failla, P., Fiore, D., Lazzeretti, R., Piuri, V., Scotti, F., Piva, A.: Privacy-preserving fingercode authentication. In: Proceedings of the 12th ACM Workshop on Multimedia and Security, pp. 231–240 (2010)

    Google Scholar 

  10. Simoens, K., Bringer, J., Chabanne, H., Seys, S.: A framework for analyzing template security and privacy in biometric authentication systems. IEEE Transactions on Information Forensics and Security 7(2), 833–841 (2012)

    Article  Google Scholar 

  11. Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP J. Adv. Signal Process 2008, 113:1–113:17 (2008)

    Article  Google Scholar 

  12. Bringer, J., Chabanne, H., Simoens, K.: Blackbox security of biometrics. In: Proceedings of the 6th International Conference on Intelligent Information Hiding and Multimenida Signal Processing, pp. 337–340 (2010)

    Google Scholar 

  13. Jarrous, A., Pinkas, B.: Secure hamming distance based computation and its applications. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 107–124. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Bringer, J., Chabanne, H., Patey, A.: SHADE: Secure hamming distance computation from oblivious transfer. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 164–176. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Bringer, J., Chabanne, H., Favre, M., Patey, A., Schneider, T., Zohner, M.: GSHADE: Faster Privacy-preserving Distance Computation and Biometric Identification. In: Proceedings of the 2nd ACM Workshop on Information Hiding and Multimedia Security, pp. 187–198. ACM (2014)

    Google Scholar 

  16. Biham, E., Shamir, A.: Power analysis of the key scheduling of the aes candidates. In: Proceedings of the 2nd AES Candidate Conference (1999)

    Google Scholar 

  17. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Barbosa, M., Brouard, T., Cauchie, S., de Sousa, S.M.: Secure biometric authentication with improved accuracy. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 21–36. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Stoianov, A.: Security issues of biometric encryption. In: Proceedings of the 2009 IEEE Toronto International Conference on Science and Technology for Humanity (TIC- STH), pp. 34–39 (2009)

    Google Scholar 

  20. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  21. Yao, A.C.C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE (1986)

    Google Scholar 

  22. Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive 2005, 187 (2005)

    Google Scholar 

  23. Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: Proceedings of the 14th Annual ACM Symposium on Theory of Computing, STOC 1982, pp. 365–377. ACM (1982)

    Google Scholar 

  24. Bringer, J., Chabanne, H., Cohen, G., Kindarji, B., Zémor, G.: Optimal iris fuzzy sketches. In: Proceedings of the 1st IEEE International Conference on Biometrics: Theory, Applications, and Systems (2007)

    Google Scholar 

  25. Chen, L.: New analysis of the sphere covering problems and optimal polytope approximation of convex bodies. Journal of Approximation Theory 133(1), 134–145 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  26. Chvatal, V.: A greedy heuristic for the set-covering problem. Mathematics of Operations Research 4(3), 233–235 (1979)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chalmers University of Technology, Gothenburg, Sweden

    Elena Pagnin, Christos Dimitrakakis, Aysajan Abidin & Aikaterini Mitrokotsa

Authors
  1. Elena Pagnin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christos Dimitrakakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aysajan Abidin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aikaterini Mitrokotsa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aikaterini Mitrokotsa .

Editor information

Editors and Affiliations

  1. Hochschule für Technik, Fachhochschule Nordwestschweiz, Windisch, Switzerland

    Willi Meier

  2. Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

    Debdeep Mukhopadhyay

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Pagnin, E., Dimitrakakis, C., Abidin, A., Mitrokotsa, A. (2014). On the Leakage of Information in Biometric Authentication. In: Meier, W., Mukhopadhyay, D. (eds) Progress in Cryptology -- INDOCRYPT 2014. INDOCRYPT 2014. Lecture Notes in Computer Science(), vol 8885. Springer, Cham. https://doi.org/10.1007/978-3-319-13039-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13039-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13038-5

  • Online ISBN: 978-3-319-13039-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation