On the Leakage of Information in Biometric Authentication

Elena Pagnin, C. Dimitrakakis, A. Abidin, Aikaterini Mitrokotsa

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKonferenspaper i proceedingForskningPeer review

17 Citeringar (SciVal)

Sammanfattning

In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.
Originalspråkengelska
Titel på gästpublikationProgress in Cryptology -- INDOCRYPT 2014
Undertitel på gästpublikation15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings
RedaktörerWilli Meier, Debdeep Mukhopadhyay
FörlagSpringer
Sidor265-280
ISBN (elektroniskt)978-3-319-13039-2
ISBN (tryckt)978-3-319-13038-5
DOI
StatusPublished - 2014
Externt publiceradJa
Evenemang15th International Conference on Cryptology in India, INDOCRYPT 2014 - New Delhi, Indien
Varaktighet: 2014 dec 142014 dec 17

Publikationsserier

NamnLecture Notes in Computer Science
FörlagSpringer
Volym8885
ISSN (tryckt)0302-9743
ISSN (elektroniskt)1611-3349

Konferens

Konferens15th International Conference on Cryptology in India, INDOCRYPT 2014
Land/TerritoriumIndien
OrtNew Delhi
Period2014/12/142014/12/17

Ämnesklassifikation (UKÄ)

  • Annan data- och informationsvetenskap

Fingeravtryck

Utforska forskningsämnen för ”On the Leakage of Information in Biometric Authentication”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här