Security of Biometric Authentication Systems – Extended Version by Vashek Matyáš Zdeněk Říha

This technical report outlines our views of actual security of biometric authentica-tion and encryption systems. The attractiveness of some novel approaches like cryptographic key generation from biometric data is in some respect understandable, yet so far has lead to various shortcuts and compromises on security. The report starts with an introductory section that is followed by a section about variability of bio-metric characteristics, with a particular attention paid to biometrics used in large systems. The following sections then discuss the potential for biometric authentica-tion systems, and for the use of biometrics in support of cryptographic applications as they are typically used in computer systems.

[1]  Stephanie Schuckers,et al.  Determination of vitality from a non-invasive biomedical measurement for use in fingerprint scanners , 2003, Pattern Recognit..

[2]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[3]  Emanuele Maiorana,et al.  Biometric cryptosystem using function based on-line signature recognition , 2010, Expert Syst. Appl..

[4]  Richard Youmaran,et al.  Towards a Measure of Biometric Information , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[5]  Hao Feng,et al.  Private key generation from on-line handwritten signatures , 2002, Inf. Manag. Comput. Secur..

[6]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[7]  David Chek Ling Ngo,et al.  Computation of Cryptographic Keys from Face Biometrics , 2003, Communications and Multimedia Security.

[8]  Ton van der Putte,et al.  Biometrical Fingerprint Recognition: Don't Get Your Fingers Burned , 2001, CARDIS.

[9]  Alice J. O'Toole,et al.  FRVT 2006 and ICE 2006 large-scale results , 2007 .

[10]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[11]  Anil K. Jain,et al.  Attacks on biometric systems: a case study in fingerprints , 2004, IS&T/SPIE Electronic Imaging.

[12]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[13]  Matthew N. Dailey,et al.  Robust iris verification for key management , 2010, Pattern Recognit. Lett..

[14]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[15]  J. Daugman Phenotypic versus Genotypic Approaches to Face Recognition , 1998 .

[16]  Loeschner Jan,et al.  BIOPASS Study on Automated Biometric Border Crossing Systems for Registered Passenger at Four European Airports , 2007 .

[17]  Giovanni Di Crescenzo,et al.  Approximate Message Authentication and Biometric Entity Authentication , 2005, Financial Cryptography.

[18]  How to fake fingerprints ? , 2006 .

[19]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[20]  Julie Thorpe,et al.  Pass-thoughts: authenticating with our minds , 2005, NSPW '05.

[21]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[22]  Michael K. Reiter,et al.  Towards practical biometric key generation with randomized biometric templates , 2008, CCS.

[23]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[24]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[25]  Daniel P. Lopresti,et al.  Toward Speech-Generated Cryptographic Keys on Resource-Constrained Devices , 2002, USENIX Security Symposium.

[26]  Rainer Plaga,et al.  Biometric keys: suitable use cases and achievable information content , 2009, International Journal of Information Security.

[27]  David Wheeler Protocols Using Keys from Faulty Data , 2001, Security Protocols Workshop.

[28]  Andy Adler,et al.  Biometric System Security , 2008 .

[29]  Michael K. Reiter,et al.  The Practical Subtleties of Biometric Key Generation , 2008, USENIX Security Symposium.

[30]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[31]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[32]  Nalini K. Ratha,et al.  Privacy Enhancements for Inexact Biometric Templates , 2007 .

[33]  R. K. Rowe A Multispectral Sensor for Fingerprint Spoof Detection , 2005 .

[34]  P. Grother,et al.  MINEX Performance and Interoperability of the INCITS 378 Fingerprint Template Supplement F : Matching Same-image Templates , 2006 .

[35]  J. L. Wayman,et al.  Best practices in testing and reporting performance of biometric devices. , 2002 .