Privacy Weaknesses in Biometric Sketches
- 1 May 2009
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 188-203
- https://doi.org/10.1109/sp.2009.24
Abstract
The increasing use of biometrics has given rise to new privacy concerns. Biometric encryption systems have been proposed in order to alleviate such concerns: rather than comparing the biometric data directly, a key is derived from these data and subsequently knowledge of this key is proved. One specific application of biometric encryption is the use of biometric sketches: in this case biometric template data are protected with biometric encryption. We address the question whether one can undermine a user's privacy given access to biometrically encrypted documents, and more in particular, we examine if an attacker can determine whether two documents were encrypted using the same biometric. This is a particular concern for biometric sketches that are deployed in multiple locations: in one scenario the same biometric sketch is deployed everywhere; in a second scenario the same biometric data is protected with two different biometric sketches. We present attacks on template protection schemes that can be described as fuzzy sketches based on error-correcting codes. We demonstrate how to link and reverse protected templates produced by code-offset and bit-permutation sketches.Keywords
This publication has 17 references indexed in Scilit:
- Dermatoglyphic asymmetry and hair whorl patterns in schizophrenic and bipolar patientsPsychiatry Research, 2008
- Correcting errors without leaking partial informationPublished by Association for Computing Machinery (ACM) ,2005
- Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy DataLecture Notes in Computer Science, 2004
- Biometric recognition: security and privacy concernsIEEE Security & Privacy, 2003
- On enabling secure applications through off-line biometric identificationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- List decodingACM SIGACT News, 2000
- A fuzzy commitment schemePublished by Association for Computing Machinery (ACM) ,1999
- New upper bounds on the rate of a code via the Delsarte-MacWilliams inequalitiesIEEE Transactions on Information Theory, 1977
- On the Nonexistence of Perfect Codes over Finite FieldsSIAM Journal on Applied Mathematics, 1973
- A Comparison of Signalling AlphabetsBell System Technical Journal, 1952