| | |
Summary: IST-044-RWS-007 - 1
Vulnerabilities in biometric encryption systems
Andy Adler
School of Information Technology and Engineering,
University of Ottawa
Ottawa, Ontario, Canada
adler@site.uOttawa.ca
ABSTRACT
Biometric encryption systems embed a secret code within a biometric image in a way that it can be
decrypted with an image from the enrolled individual. We describe a potential vulnerability in biometric
encryption systems that allows a less than brute force regeneration of both the secret code and an
estimate of the enrolled image. This vulnerability requires the biometric comparison to "leak" some
information from which an analogue for a match score may be calculated. Using this match score value,
a "hill-climbing" attack is performed against the algorithm to calculate an estimate of the enrolled
image, which is then used to decrypt the code. Results are shown against a simplified implementation of
the algorithm of Soutar et al. (1998). Possible extensions of this attack to other biometric encryption
algorithms are discussed.
1.0 INTRODUCTION
There have been significant recent advancements in algorithms for biometric encryption (Uludag et al,
2004). Biometric encryption systems embed a secret code into the template, in such a way that it can be
|
