Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Untargeted Near-collision Attacks on Biometrics: Real-world Bounds and Theoretical Limits (2304.01580v5)

Published 4 Apr 2023 in cs.CR and cs.CV

Abstract: A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (50)
  1. Towards a measure of biometric feature information. Pattern Analysis and Applications, 12(3):261–270, 2009.
  2. Formal accuracy analysis of a biometric data transformation and its application to secure template generation. In SECRYPT 2020, pages 485–496. ScitePress, 2020.
  3. Nonmalleable digital lockers and robust fuzzy extractors in the plain model. In Advances in Cryptology–ASIACRYPT 2022: 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2022, Proceedings, Part IV, pages 353–383. Springer, 2023.
  4. Apple. About face id advanced technology. https://support.apple.com/en-us/102381.
  5. Apple. About touch id advanced security technology. https://support.apple.com/en-us/HT204587.
  6. Secure biometric authentication with improved accuracy. In Australasian Conference on Information Security and Privacy, pages 21–36. Springer, 2008.
  7. Efficient function-hiding functional encryption: From inner-products to orthogonality. In Topics in Cryptology–CT-RSA 2019: The Cryptographers’ Track at the RSA Conference 2019, San Francisco, CA, USA, March 4–8, 2019, Proceedings, pages 127–148. Springer, 2019.
  8. Gshade: Faster privacy-preserving distance computation and biometric identification. In Proceedings of the 2nd ACM workshop on Information hiding and multimedia security, pages 187–198, 2014.
  9. An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication. In Information Security and Privacy, 12th Australasian Conference, ACISP 2007, Townsville, Australia, July 2-4, 2007, Proceedings, pages 96–106, 2007.
  10. Shade: Secure hamming distance computation from oblivious transfer. In International Conference on Financial Cryptography and Data Security, pages 164–176. Springer, 2013.
  11. Reusable Fuzzy Extractors for Low-Entropy Distributions. In Advances in Cryptology - EUROCRYPT 2016, pages 117–146, 2016.
  12. J. Daugman. Probing the uniqueness and randomness of iriscodes: Results from 200 billion iris pair comparisons. Proceedings of the IEEE, 94(11):1927–1935, 2006.
  13. J. Daugman. How iris recognition works. In The essential guide to image processing, pages 715–739. Elsevier, 2009.
  14. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, pages 523–540, 2004.
  15. Fingerprint and on-line signature verification competitions at icb 2009. In Advances in Biometrics: Third International Conference, ICB 2009, Alghero, Italy, June 2-5, 2009. Proceedings 3, pages 725–732. Springer, 2009.
  16. Near-collisions and their impact on biometric security. In S. D. C. di Vimercati and P. Samarati, editors, SECRYPT 2022, pages 382–389. SCITEPRESS, 2022.
  17. Do strong web passwords accomplish anything? HotSec, 7(6):159, 2007.
  18. FVC-onGoing. Published results. https://biolab.csr.unibo.it/fvcongoing/UI/Form/PublishedAlgs.aspx.
  19. Google. Measuring biometric unlock security. https://source.android.com/docs/security/features/biometric/measure.
  20. Comparative analysis of vessel segmentation techniques in retinal images. IEEE Access, 7:114862–114887, 2019.
  21. ISO/IEC24745:2011: Information technology – Security techniques – Biometric information protection. Standard, International Organization for Standardization, 2011.
  22. ISO/IEC30136:2018(E): Information technology – Performance testing of biometrictemplate protection scheme. Standard, International Organization for Standardization, 2018.
  23. Filterbank-based fingerprint matching. IEEE Transactions on Image Processing, 9(5):846–859, 2000.
  24. A. Jarrous and B. Pinkas. Secure hamming distance based computation and its applications. In International Conference on Applied Cryptography and Network Security, pages 107–124. Springer, 2009.
  25. Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11):2245–2255, 2004.
  26. A. Juels. A fuzzy vault scheme. Designs, Codes and Cryptography, 38:237–257, 02 2006.
  27. A. Juels and M. Wattenberg. A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security, CCS ’99, page 28–36, New York, NY, USA, 1999. Association for Computing Machinery.
  28. A. Lumini and L. Nanni. An improved BioHashing for human authentication. Pattern Recognition, 40(3):1057 – 1065, 2007.
  29. Texture features for browsing and retrieval of image data. IEEE Transactions on pattern analysis and machine intelligence, 18(8):837–842, 1996.
  30. K. Nandakumar and A. K. Jain. Biometric template protection: Bridging the performance gap between theory and practice. IEEE Signal Processing Magazine, 32:88–100, 2015.
  31. Protection of privacy in biometric data. IEEE Access, 4:880–892, 2016.
  32. Fast cross-correlation based wrist vein recognition algorithm with rotation and translation compensation. In 2018 International Workshop on Biometrics and Forensics (IWBF), pages 1–7. IEEE, 2018.
  33. On the leakage of information in biometric authentication. In INDOCRYPT 2014, pages 265–280, 2014.
  34. P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In International conference on the theory and applications of cryptographic techniques, pages 223–238. Springer, 1999.
  35. Cancelable biometrics: A review. IEEE Signal Processing Magazine, 32(5):54–65, 2015.
  36. L. Penrose. Dermatoglyphic topology. Nature, 205(4971):544–546, 1965.
  37. Sectored random projections for cancelable iris biometrics. In 2010 IEEE International Conference on Acoustics, Speech and Signal Processing, pages 1838–1841. IEEE, 2010.
  38. IREX IX part one: Performance of Iris recognition algorithms. US Department of Commerce, National Institute of Standards and Technology …, 2018.
  39. M. O. Rabin. How to exchange secrets with oblivious transfer. Cryptology ePrint Archive, 2005.
  40. An analysis of minutiae matching strength. In International Conference on Audio-and Video-Based Biometric Person Authentication, pages 223–228. Springer, 2001.
  41. An analysis of minutiae matching strength. In J. Bigun and F. Smeraldi, editors, Audio- and Video-Based Biometric Person Authentication, pages 223–228, Berlin, Heidelberg, 2001. Springer Berlin Heidelberg.
  42. Deducing health cues from biometric data. Computer Vision and Image Understanding, page 103438, 2022.
  43. M. Sandhya and M. V. Prasad. Biometric template protection: A systematic literature review of approaches and modalities. Biometric Security and Privacy: Opportunities & Challenges in The Big Data Era, pages 323–370, 2017.
  44. A framework for analyzing template security and privacy in biometric authentication systems. IEEE Transactions on Information forensics and security, 7(2):833–841, 2012.
  45. Security issues of biometric encryption. In 2009 IEEE Toronto International Conference Science and Technology for Humanity (TIC-STH), pages 34–39. IEEE, 2009.
  46. B. Tams. Unlinkable minutiae-based fuzzy vault for multiple fingerprints. Iet Biometrics, 5(3):170–180, 2016.
  47. M. Thomas and A. T. Joy. Elements of information theory. Wiley-Interscience, 2006.
  48. Targeted online password guessing: An underestimated threat. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 1242–1254, 2016.
  49. Dynamic random projection for biometric template protection. In 2010 Fourth IEEE international conference on biometrics: theory, applications and systems (BTAS), pages 1–7. IEEE, 2010.
  50. A. C.-C. Yao. How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science (sfcs 1986), pages 162–167. IEEE, 1986.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now