Biometrics

Some consider biometrics as intrusive and as a violation of privacy. While you read, pay attention to how biometric systems authenticate and to the three main threats against biometric systems. What are these three threats and what are the cryptographic and non-cryptographic countermeasures?

4. Challenges and Countermeasures

4.4. Other Noncryptographic Approaches

Given that OT is a well-established countermeasure against user traceability and distinguishability attacks, most noncryptographic tools for privacy-preserving BAS focus on combating template and sample recovery attacks.

For instance, suggests to combat centre search attacks by using weighted distances to compare the fresh template with the stored one and to keep the weights secret and different for each user. This procedure is adopted by the biometric authentication protocols that employ the normalised Hamming distance or the weighted Euclidean distance. Even though the centre search attack might still be feasible also in these scenarios, it will only lead to the recovery of a subset of the components of the stored biometric template.

Another alternative is to generalise the comparison process to include multiple distances. More precisely, if the matching process relies on such a mechanism that, at each authentication attempt, a distance is randomly selected from a predefined set of distances, thus, the attacker could not gain any information about the stored template without knowing first which distance has been used.

Similarly, changing the value of the threshold \tau used for the matching process at each authentication attempt renders harder the implementation of the centre search attack. However, such approaches may have a negative impact on the accuracy of the biometric authentication and may increase the false acceptance and/or false rejection rates.

Finally, one could consider to combine Differential Privacy (DP) with biometric authentication, in order to achieve privacy-preservation. Intuitively, DP allows users to query a database and receive noisy answers, so that no information leaked about the data stored in the database. Although this combination of DP with biometric authentication could possibly give an end to template recovery attacks (i.e., centre search attacks), it could also have an impact on the accuracy of the authentication process and thus, a more detailed analysis of the achieved utility (accuracy) and privacy-preservation needs to be performed.