Biometric encryption

This diagram from Cavoukian and Stoianov's recent paper on biometric encryption (introduced here) provides an overiew of the possible attacks on conventional biometric systems (Click to enlarge; consult the original paper, which discusses each of the attacks).

Click to enlarge

Having looked at how template-based biometric systems work, we're ready to consider biometric encyption.  The basic idea is that a function of the biometric is used to encrypt (bind to) an arbitrary key.  The key is stored in the database, rather than either the biometric or a template.  The authors explain,

Because of its variability, the biometric image or template itself cannot serve as a cryptographic key. However, the amount of information contained in a biometric image is quite large: for example, a typical image of 300×400 pixel size, encoded with eight bits per pixel has 300x400x8 = 960,000 bits of information. Of course, this information is highly redundant. One can ask a question: Is it possible to consistently extract a relatively small number of bits, say 128, out of these 960,000 bits? Or, is it possible to bind a 128 bit key to the biometric information, so that the key could be consistently regenerated? While the answer to the first question is problematic, the second question has given rise to the new area of research, called Biometric Encryption

Biometric Encryption is a process that securely binds a PIN or a cryptographic key to a biometric,so that neither the key nor the biometric can be retrieved from the stored template. The key is re-created only if the correct live biometric sample is presented on verification.

The process is represented visually as follows (click to enlarge):

Click to enlarge

Perhaps the most interesting aspect of this technology is that the identifier associated with an individual includes the entropy of an arbitrary key.  This is very different from using a template that will be more or less identical as long as the template algorithm remains constant.  With BE, I can delete an identifier from the database, and generate a new one by feeding a new random key into the biometric “binding” process.  The authors thus say the identifiers are “revokable”.

This is a step forward in terms of normal usage, but the technology still suffers from the “glass slipper” effect.  A given individual's biometric will be capable of revealing a given key forever, while other people's biometrics won't.  So I don't see that it offers any advantage in preventing future mining of databases for biometric matches.  Perhaps someone will explain what I'm missing.

The authors describe some of the practical difficulties in building real-world systems (although it appears that already Phillips has a commercial system).  It is argued that for technical reasons, fingerprints lend themselves less to this technology than iris and facial scans. 

Several case studies are included in the paper that demonstrate potential benefits of the system.  Reading them makes the ideas more comprehensible.

The authors conclude:

Biometric Encryption technology is a fruitful area for research and has become sufficiently mature for broader public policy consideration, prototype development, and consideration of applications.

Andy Adler at the University of Ottawa has a paper looking at some of the vulnerabilities of BE.

Certainly, Cavoukian and Stoianov's fine discussion of the problems with conventional biometrics leaves one more skeptical than ever about their use today in schools and pubs.