The Biometric Dilemma

Vision researcher Terrence E. Boult has identified what he calls the “Biometric dilemma” – the more we use biometrics the more likely they will be compromised and hence become useless for security.   

This is a hugely important observation – the necessary starting point for all thinking about biometrics.  I'd even call it a law.

Terrence was responding to a piece by Sean Convery that picked up on my post about reversing biometric templates.  Terrence went on to call our attention to more recent work, including some that details the reversibility of fingerprint templates.

On the very sober end of things, Terrence cites:

A. Ross, J. Shah and A. K. Jain, “From Template to Image: Reconstructing Fingerprints From Minutiae Points,” IEEE Transactions on Pattern Analysis and Machine Intelligence, Special Issue on Biometrics, Vol. 29, No. 4, pp. 544-560, April 2007.

Pranab Mohanty, Sudeep Sarkar, Rangachar Kasturi, “/From Scores to Face Template: A Model-based Approach/”, To appear in IEEE Journal of Pattern Analysis & Machine Intelligence (PAMI)

Pranab Mohanty, Sudeep Sarkar, Rangachar Kasturi, “/Privacy &
Security Issues Related to Match Scores/”, IEEE Workshop on
Privacy Research In Vision, CVPRW, 2006. *(PDF)

On what he calls “a more positive note”, he says there are many people working on cancelable or “revocable biometrics”, as discussed in:

 http://www.research.ibm.com/ecvg/biom/cancel.html or

T. E. Boult, “Robust distance measures for face recognition supporting revocable biometric tokens”, IEEE Conf. on Face and Gesture, April 2006. http://vast.uccs.edu/~tboult/vast.uccs.edu/~tboult/PAPERS/Boult-IEEEFG06-preprint.pdf

T.E. Boult, W.J. Scheirer and R. Woodworth, “Revocable Fingerprint Biotokens: Accuracy and Security Analysis”, IEEE Conf. on Computer Vision and Pattern Recognition, June 2007.

Cancelable biometric filters for face recognition
Savvides, M.; Vijaya Kumar, B.V.K.; Khosla, P.K.
ICPR 2004. 922 – 925 Vol.3
http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/9258/29387/01334679.pdf

Like Sean, I don't see how the techniques discussed in the IBM paper above can be immune to Andy Adler's attack, in which a large number of photos are put through the same transformation as a target photo and optimized for best match.  And if this is the case, how can a biometric really be revocable?  But I'm just starting to read this collection of new papers.

BTW, I suggest you check out Sean Convery's blog

Published by

Kim Cameron

Work on identity.

2 thoughts on “The Biometric Dilemma”

  1. I realize this is now a slightly old thread.. but when I posted references for it before before I was unaware of some very impressive work in the generation of fakeprints from templates. The September 2007 IEEE PAMI (Col 29, No 9, pp 1489–1503) has an excellent paper by

    Fingerprint Image Reconstruction from Standard Templates
    Raffaele Cappelli, Alessandra Lumini, Dario Maio, and Davide Maltoni,

    The images look very good, way better than the examples I cited before. Maybe more significantly, they did experiments with 100s of prints and measured how often they could masquerade and fool 8 leading commercial biometric systems. This is a must read for anyone really interested in the security of fingerprint templates. For those that want too “see first and read later”, check out the video from Cappelli's paper http://csdl.computer.org/comp/trans/tp/2007/09/i1489s.avi.

    Non-revocable biometric-based identity is only a temporary improvement in security. And in the words of Ben Franklin, “Those who would give Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.” (Emphasis his).

Comments are closed.