On the Leakage of Information in Biometric Authentication
(2014) 15th International Conference on Cryptology in India, INDOCRYPT 2014 In Lecture Notes in Computer Science 8885. p.265-280- Abstract
- In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search... (More)
- In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/262be285-d77f-4cf2-b53a-7e8806eab7c0
- author
- Pagnin, Elena LU ; Dimitrakakis, C. ; Abidin, A. and Mitrokotsa, Aikaterini
- publishing date
- 2014
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- Progress in Cryptology -- INDOCRYPT 2014 : 15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings - 15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings
- series title
- Lecture Notes in Computer Science
- editor
- Meier, Willi and Mukhopadhyay, Debdeep
- volume
- 8885
- pages
- 265 - 280
- publisher
- Springer
- conference name
- 15th International Conference on Cryptology in India, INDOCRYPT 2014
- conference location
- New Delhi, India
- conference dates
- 2014-12-14 - 2014-12-17
- external identifiers
-
- scopus:84911379097
- ISSN
- 0302-9743
- 1611-3349
- ISBN
- 978-3-319-13039-2
- 978-3-319-13038-5
- DOI
- 10.1007/978-3-319-13039-2_16
- language
- English
- LU publication?
- no
- id
- 262be285-d77f-4cf2-b53a-7e8806eab7c0
- date added to LUP
- 2021-01-26 16:02:40
- date last changed
- 2024-06-27 08:56:52
@inproceedings{262be285-d77f-4cf2-b53a-7e8806eab7c0, abstract = {{In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This matching process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we prove that, when the matching process is performed using a specific family of distances (which includes distances such as the Hamming and the Euclidean distance), then information about the reference template is leaked. This leakage of information enables a hill-climbing attack that, given a sample that matches the template, could lead to the full recovery of the biometric template (i.e. centre search attack) even if it is stored encrypted. We formalise this “leakage of information" in a mathematical framework and we prove that centre search attacks are feasible for any biometric template defined in Znq,(q≥2) after a number of authentication attempts linear in n . Furthermore, we investigate brute force attacks to find a biometric template that matches a reference template, and hence can be used to run a centre search attack. We do this in the binary case and identify connections with the set-covering problem and sampling without replacement.}}, author = {{Pagnin, Elena and Dimitrakakis, C. and Abidin, A. and Mitrokotsa, Aikaterini}}, booktitle = {{Progress in Cryptology -- INDOCRYPT 2014 : 15th International Conference on Cryptology in India, New Delhi, India, December 14-17, 2014, Proceedings}}, editor = {{Meier, Willi and Mukhopadhyay, Debdeep}}, isbn = {{978-3-319-13039-2}}, issn = {{0302-9743}}, language = {{eng}}, pages = {{265--280}}, publisher = {{Springer}}, series = {{Lecture Notes in Computer Science}}, title = {{On the Leakage of Information in Biometric Authentication}}, url = {{http://dx.doi.org/10.1007/978-3-319-13039-2_16}}, doi = {{10.1007/978-3-319-13039-2_16}}, volume = {{8885}}, year = {{2014}}, }