TY - GEN
T1 - On the Leakage of Information in Biometric Authentication
AU - Pagnin, Elena
AU - Dimitrakakis, C.
AU - Abidin, A.
AU - Mitrokotsa, Aikaterini
PY - 2014
Y1 - 2014
N2 - In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.
AB - In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.
U2 - 10.1007/978-3-319-13039-2_16
DO - 10.1007/978-3-319-13039-2_16
M3 - Paper in conference proceeding
SN - 978-3-319-13038-5
T3 - Lecture Notes in Computer Science
SP - 265
EP - 280
BT - Progress in Cryptology -- INDOCRYPT 2014
A2 - Meier, Willi
A2 - Mukhopadhyay, Debdeep
PB - Springer
T2 - 15th International Conference on Cryptology in India, INDOCRYPT 2014
Y2 - 14 December 2014 through 17 December 2014
ER -