On the Leakage of Information in Biometric Authentication
Paper in proceeding, 2014

In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information” in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Z^n_q , (q >= 2) after a number of authentication attempts linear in n. Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.

Author

Elena Pagnin

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Christos Dimitrakakis

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Aysajan Abidin

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Aikaterini Mitrokotsa

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 8885 265-280

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

DOI

10.1007/978-3-319-13039-2_16

More information

Latest update

7/12/2024