Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Untargeted Near-collision Attacks on Biometrics: Real-world Bounds and Theoretical Limits

Axel Durbet, Paul-Marie Grollemund, Kevin Thiry-Atighehchi

TL;DR

This work analyzes untargeted attacks on binary biometric templates under minimal information leakage, bridging accuracy-based security bounds (via ${\tt FMR}$ and ${\tt FPIR}$) with metric-space insights (near-collisions). It develops both outsider and insider attack models, derives median-run bounds for successful impersonation, and quantifies near-collision probabilities to bound database size. The authors also provide a theoretical framework for matching attacks, including naive, adaptive, and multi-insider scenarios, complemented by extensive numerical evaluations on real-world systems. The results reveal that current biometric systems offer limited security under untargeted attacks and offer parameter-guidance to achieve higher security, while introducing adaptive metrics and master-template concepts to assess and mitigate risks in large-scale deployments.

Abstract

A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.

Untargeted Near-collision Attacks on Biometrics: Real-world Bounds and Theoretical Limits

TL;DR

This work analyzes untargeted attacks on binary biometric templates under minimal information leakage, bridging accuracy-based security bounds (via and ) with metric-space insights (near-collisions). It develops both outsider and insider attack models, derives median-run bounds for successful impersonation, and quantifies near-collision probabilities to bound database size. The authors also provide a theoretical framework for matching attacks, including naive, adaptive, and multi-insider scenarios, complemented by extensive numerical evaluations on real-world systems. The results reveal that current biometric systems offer limited security under untargeted attacks and offer parameter-guidance to achieve higher security, while introducing adaptive metrics and master-template concepts to assess and mitigate risks in large-scale deployments.

Abstract

A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.
Paper Structure (30 sections, 34 theorems, 40 equations, 4 tables)

This paper contains 30 sections, 34 theorems, 40 equations, 4 tables.

Table of Contents

  1. Introduction
  2. Scope of our results
  3. Preliminaries
  4. Notations
  5. Biometric Template Protection Schemes and Operating Recognition Modes
  6. Security Metrics in Biometrics
  7. Adversarial Model
  8. Resources of the Attacker
  9. Offline and Online Attacks
  10. From Untargeted Sample Recovery to Untargeted Reference Recovery
  11. Relations with Near-collisions
  12. Bounds with Respect to the ${\tt FMR}$, ${\tt FPIR}$ and Near-Collisions
  13. ${\tt FMR}$-based Attack Complexities
  14. ${\tt FPIR}$-based Attack Complexities
  15. Probability of a Near-Collision with Respect to Both the ${\tt FMR}$ and the Database Size
  16. ...and 15 more sections

Key Result

lemma 1

Let $N$, $n$ and $({\tt FMR}_i)_{i=1}^N$ be fixed parameters as above. Then, the median number $m_{out}$ of trials for an outsider attacker to successfully impersonate a user is

Theorems & Definitions (43)

  • definition 1: Cancellable Biometric transformation scheme
  • definition 2: Strong $\varepsilon$-near-collision for $t$
  • definition 3: Weak $\varepsilon$-near-collision
  • definition 4: Weak $(m,\varepsilon)$-near-collision
  • definition 5: Strong $\varepsilon$-nearby-template preimage
  • definition 6: Weak $\varepsilon$-nearby-template preimages
  • lemma 1
  • theorem 1
  • proposition 1
  • theorem 2
  • ...and 33 more