Skip to main content
Springer Nature Link
Log in

A Security Analysis of Biometric Template Protection Schemes

  • Conference paper
Image Analysis and Recognition (ICIAR 2009)

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 5627))

Included in the following conference series:

  • 2666 Accesses

Abstract

Biometric features provide considerable usability benefits. At the same time, the inability to revoke templates and likelihood of adversaries being able to capture features raise security concerns. Recently, several template protection mechanisms have been proposed, which provide a one-way mapping of templates onto multiple pseudo-identities.

While these proposed schemes make assumptions common for cryptographic algorithms, the entropy of the template data to be protected is considerably lower per bit of key material used than assumed owing to correlations arising from the biometric features.

We review several template protection schemes and existing attacks followed by a correlation analysis for a selected biometric feature set and demonstrate that these correlations leave the stream cipher mechanism employed vulnerable to, among others, known plaintext-type attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Breebaart, J., Busch, C., Grave, J., Kindt, E.: A reference architecture for biometric template protection based on pseudo identities. In: BIOSIG 2008: Biometrics and Electronic Signatures (2008)

    Google Scholar 

  2. Ratha, N.K., Chikkerur, S., Connell, J.H., Bolle, R.M.: Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence 29 (April 2007)

    Google Scholar 

  3. Roberge, C.S.D., Stoianov, A., Gilroy, R., Kumar, B.V.: Biometric encryption. ICSA Guide to Cryptography, ch. 2 (1999)

    Google Scholar 

  4. Jin, A.T.B., Ling, D.N.C., Goh, A.: Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition Issue 11(37), 2245–2255 (2004)

    Article  Google Scholar 

  5. Monrose, F., Reiter, M.K., Wetze, S.: Password hardening based on keystroke dynamics. International Journal on Information Security 1, 69–83 (2002)

    Article  MATH  Google Scholar 

  6. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: 6th ACM Conference on Computer and Communications Security, pp. 28–36 (1999)

    Google Scholar 

  7. Verbitskiy, E., Tuyls, P., Denteneer, D., Linnartz, J.P.: Reliable biometric authentication with privacy protection. In: 24th Benelux Symp. on Info. Theory (2003)

    Google Scholar 

  8. Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Uludag, U., Jain, A.: Fuzzy fingerprint vault. In: Workshop: Biometrics: Challenges Arising from Theory to Practice (August 2004), citeseer.ist.psu.edu/uludag04fuzzy.html

  10. Carter, F., Stoianov, A.: Implications of biometric encryption on wide spread use of biometrics. In: EBF Biometric Encryption Seminar (June 2008)

    Google Scholar 

  11. Scheirer, W.J., Boult, T.E.: Cracking fuzzy vaults and biometric encryption. In: Proceedings of the Biometrics Symposium, Baltimore, MD, USA (2007)

    Google Scholar 

  12. Adler, A.: Reconstruction of source images from quantized biometric match score data. In: Biometrics Conference, Washington, DC (September 2004)

    Google Scholar 

  13. Adler, A.: Vulnerabilities in biometric encryption systems. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 1100–1109. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Johansson, T.: Correlation attacks on stream ciphers and related decoding problems. In: Proceedings of the 1998 Information Theory Workshop, Killarney, Ireland, June 1998, pp. 156–157. IEEE Press, Los Alamitos (1998)

    Google Scholar 

  15. Turan, M.S., Donganaksoy, A., Calic, C.: Detailed statistical analysis of synchronous stream ciphers. Technical Report 2006/043, Institute of Applied Mathematics, Middle East Technical University, Ankara, Turkey (2006)

    Google Scholar 

  16. Biham, E., Dunkelman, O.: Differential cryptanalysis in stream ciphers. Technical Report CS-2007-10, Department of Computer Science, Technion Israel Institute of Technology, Haifa, Israel (2007)

    Google Scholar 

  17. Daugman, J.: The importance of being random: Statistical principles of iris recognition. Pattern Rec. 36, 279–291 (2003)

    Article  Google Scholar 

  18. Hao, F., Anderson, R., Daugman, J.: Combining cryptography with biometrics effectively. Technical Report 640, Univesity of Cambridge, Computer Laboratory (July 2005)

    Google Scholar 

  19. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. Zhou, X., Seibert, H., Busch, C., Funk, W.: A 3d face recognition algorithm using histogram-based features. In: Eurographics Workshop on 3D Object Retrieval, Crete, Greece, pp. 65–71 (2008)

    Google Scholar 

  21. Zhou, X., Busch, C., Wolthusen, S.: Feature correlation attacks on biometric privacy protection schemes, http://www.igd.fhg.de/~xzhou/

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institute for Computer Graphic Research IGD, Fraunhoferstr. 5, 64283, Darmstadt, Germany

    Xuebing Zhou & Arjan Kuijper

  2. Norwegian Information Security Laboratory, Gjøvik University College, P.O. Box 191, N-2802, Gjøvik, Norway

    Stephen D. Wolthusen & Christoph Busch

  3. Information Security Group, Department of Mathematics, Royal Holloway, University of London, Egham Hill, Egham, TW20 0EX, UK

    Stephen D. Wolthusen

Authors
  1. Xuebing Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christoph Busch
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Arjan Kuijper
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Waterloo, N2L 3G1, Waterloo, Ontario, Canada

    Mohamed Kamel

  2. Faculty of Engineering, Institute of Biomedical Engineering, University of Porto, Rua Dr. Roberto Frias, 4200-465, Porto, Portugal

    Aurélio Campilho

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhou, X., Wolthusen, S.D., Busch, C., Kuijper, A. (2009). A Security Analysis of Biometric Template Protection Schemes. In: Kamel, M., Campilho, A. (eds) Image Analysis and Recognition. ICIAR 2009. Lecture Notes in Computer Science, vol 5627. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02611-9_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02611-9_43

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02610-2

  • Online ISBN: 978-3-642-02611-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics