Cryptographic protection of biometric templates: Chance, challenges and applications

In this contribution a survey is presented about the possibilities and difficulties of a cryptographic protection of biometric information for the purpose of authentication. The crucial role of sufficient information content of biometric templates will be presented. It will be shown how to use this approach of a cryptographic protection of biometric templates in connection with biometric databases. Finally, a proposal is given, how to combine it with centralised PIN verification procedures in online banking scenarios as a new application scenario. 1. Requirements for the protection of biometric information. Traditional biometric authentication systems store biometric templates together with the data identifying an individual in a database for later comparison. In order to authenticate an individual the biometric data presented is looked up in the database. If a record is found with biometric data that is sufficiently close to that presented, the person is identified. However, the storage of biometric data leads to considerable risks for the authentication system and raises serious concerns regarding data protection. This way of storing biometric data is often criticised as a mass storage of privacy sensitive personal data that is potentially threatened by internal or external attacks on the database. The following risks concerning security and privacy are to be prevented:

[1]  Waldemar Grudzien,et al.  Biometrie in der Kreditwirtschaft , 2007, Datenschutz und Datensicherheit - DuD.

[2]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[3]  Andy Adler,et al.  Vulnerabilities in Biometric Encryption Systems , 2005, AVBPA.

[4]  Michael J. Kelly,et al.  Common Cryptographic Architecture Cryptographic Application Programming Interface , 1991, IBM Syst. J..

[5]  S N Austad Forensic DNA typing. , 1992, Science.

[6]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[7]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[8]  Dario Maio,et al.  Synthetic fingerprint-image generation , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[9]  Omer Berkman,et al.  The Unbearable Lightness of PIN Cracking , 2007, Financial Cryptography.

[10]  Mike Bond,et al.  Phish and Chips Traditional and New Recipes for Attacking EMV , 2006 .

[11]  Mike Bond,et al.  Phish and Chips , 2009, Security Protocols Workshop.

[12]  Bhagavatula Vijaya Kumar,et al.  Biometric Encryption using image processing , 1998, Electronic Imaging.

[13]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[14]  H. Kahn,et al.  Fingerprint ridge-count difference between adjacent fingertips (dR45) predicts upper-body tissue distribution: evidence for early gestational programming. , 2001, American journal of epidemiology.