On the Leakage of Information in Biometric Authentication

Pagnin, Elena; Dimitrakakis, C.; Abidin, A.; Mitrokotsa, Aikaterini

On the Leakage of Information in Biometric Authentication

Mark

Pagnin, Elena ^LU

; Dimitrakakis, C. ; Abidin, A. and Mitrokotsa, Aikaterini (2014) 15th International Conference on Cryptology in India, INDOCRYPT 2014 In Lecture Notes in Computer Science 8885. p.265-280

Abstract: In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search... (More); In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/262be285-d77f-4cf2-b53a-7e8806eab7c0

author

Pagnin, Elena ^LU

; Dimitrakakis, C. ; Abidin, A. and Mitrokotsa, Aikaterini

publishing date

2014

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Other Computer and Information Science

host publication

Progress in Cryptology -- INDOCRYPT 2014 : 15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings - 15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings

series title

Lecture Notes in Computer Science

editor

Meier, Willi and Mukhopadhyay, Debdeep

volume

8885

pages

265 - 280

publisher

Springer

conference name

15th International Conference on Cryptology in India, INDOCRYPT 2014

conference location

New Delhi, India

conference dates

2014-12-14 - 2014-12-17

external identifiers

scopus:84911379097

ISSN

0302-9743

1611-3349

ISBN

978-3-319-13039-2

978-3-319-13038-5

DOI

10.1007/978-3-319-13039-2_16

language

English

LU publication?

no

id

262be285-d77f-4cf2-b53a-7e8806eab7c0

date added to LUP

2021-01-26 16:02:40

date last changed

2024-06-27 08:56:52

@inproceedings{262be285-d77f-4cf2-b53a-7e8806eab7c0,
  abstract     = {{In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in   Znq,(q≥2)  after a number of authentication attempts linear in   n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.}},
  author       = {{Pagnin, Elena and Dimitrakakis, C. and Abidin, A. and Mitrokotsa, Aikaterini}},
  booktitle    = {{Progress in Cryptology -- INDOCRYPT 2014 : 15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings}},
  editor       = {{Meier, Willi and Mukhopadhyay, Debdeep}},
  isbn         = {{978-3-319-13039-2}},
  issn         = {{0302-9743}},
  language     = {{eng}},
  pages        = {{265--280}},
  publisher    = {{Springer}},
  series       = {{Lecture Notes in Computer Science}},
  title        = {{On the Leakage of Information in Biometric Authentication}},
  url          = {{http://dx.doi.org/10.1007/978-3-319-13039-2_16}},
  doi          = {{10.1007/978-3-319-13039-2_16}},
  volume       = {{8885}},
  year         = {{2014}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

On the Leakage of Information in Biometric Authentication