On the Leakage of Information in Biometric Authentication

Elena Pagnin, C. Dimitrakakis, A. Abidin, Aikaterini Mitrokotsa

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingpeer-review

Abstract

In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.
Original languageEnglish
Title of host publicationProgress in Cryptology -- INDOCRYPT 2014
Subtitle of host publication15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings
EditorsWilli Meier, Debdeep Mukhopadhyay
PublisherSpringer
Pages265-280
ISBN (Electronic)978-3-319-13039-2
ISBN (Print)978-3-319-13038-5
DOIs
Publication statusPublished - 2014
Externally publishedYes
Event15th International Conference on Cryptology in India, INDOCRYPT 2014 - New Delhi, India
Duration: 2014 Dec 142014 Dec 17

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8885
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Cryptology in India, INDOCRYPT 2014
Country/TerritoryIndia
CityNew Delhi
Period2014/12/142014/12/17

Subject classification (UKÄ)

  • Other Computer and Information Science

Fingerprint

Dive into the research topics of 'On the Leakage of Information in Biometric Authentication'. Together they form a unique fingerprint.

Cite this