Biometrics

Some consider biometrics as intrusive and as a violation of privacy. While you read, pay attention to how biometric systems authenticate and to the three main threats against biometric systems. What are these three threats and what are the cryptographic and non-cryptographic countermeasures?

3. Main Threats against Privacy-Preserving Biometric Authentication Systems

3.1. Biometric Sample Recovery Attacks

Biometric sample recovery attacks are performed in two main ways: via template spoofing (e.g., extracting the fingerprint left on a glass) or via brute-force techniques. The most common way to bypass a BAS is by using a spoof of a biometric trait. A spoof refers to a fake or an artificial biometric template that does not correspond to a live person. These include, for instance, gummy fingers, residual fingerprint impressions of legitimate users, photographs of legitimate users, or voice recordings of legitimate users. The only alternative to these practical techniques is to estimate a valid biometric sample using brute-force strategies.

Below, we list the possible brute-force strategies that could be adopted in recovering a valid biometric template. Luckily, all the approaches run in exponential time and thus most of the current biometric authentication systems are secure.

In the following, we assume that the adversary can see the result of the authentication process

$OUT_{\mathscr{A}\mathcal{S}}$ at each trial and that the templates are binary vectors. Binary representation of biometric traits is not far from reality since this is the case for biometric authentication based on iris templates.

Blind Brute-Force. The easiest algorithm to find a matching template from scratch is the blind brute-force. In this case, the attacker picks biometric traits at random. This corresponds to randomly selecting and trying biometric templates from the available space (i.e.,

$b^{\prime} \stackrel{R}{\leftarrow} \mathbb{Z}_{q}^{n}$ ) until one template gets accepted by the system.

Set-Covering. This attack strategy represents the optimal brute-force solution: pick a random trial template from the set of potential candidates (which at the beginning is the whole space

$\mathbb{Z}_{q}^{n}$ ). If the trial template is rejected, remove from

$C$ all the points that are within

$\tau$ distance from it, and pick another point at random from the updated set

$C$ . Although this method possibly eliminates from

$C$ some of the matching points (if the trial templates are picked with a distance of

$2\tau$ one from the other) if such an algorithm exists and was efficient, it would be exponentially fast in finding a matching template. Such an algorithm could also be used to solve the set-covering problem, which is known to be NP-hard . An intuition of this geometrical challenge is given in Figure. The points on the plane are biometric templates, and the trial samplings are the centres of the green circles. The green circles delimit the acceptance region around the tried point and have radius equal to the threshold

$\tau$ of the system. Greedy approximations to the optimal solution of the set-covering problem are reachable in an efficient way, in which case the number of trials the adversary needs to perform is only a factor of

$O(\tau 1n(n+1))$ more than the optimal cover.

Figure 2

An intuitive example of what the set-covering problem is. The aim is to cover the largest possible area in the space

$\mathbb{Z}_{10}^{2}$ using 5 circles. On (a), the centres of the circles are chosen at random (the covered area is less than

$70%$ ), while on (b), we provide a better covering of the space (the covered area is about

$85%$ ). Finding the optimal covering corresponds to solving an NP-hard problem for large dimensions of the space.