Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Reversing the Irreversible: A Survey on Inverse Biometrics

Marta Gomez-Barrero, Javier Galbally

TL;DR

This survey addresses the problem that biometric templates are not inherently irreversible, detailing how inverse biometrics enables reconstruction of bona fide-like samples from templates and poses impersonation and privacy risks. It categorizes inverse methods by attacker knowledge, reviews synthesis and reconstruction techniques across modalities, and introduces a standardized evaluation framework using Inversion Attack Match Rate (IAMR) to quantify reversibility under varied development/validation setups. The paper further discusses mitigation through score quantization and biometric template protection schemes (cancelable biometrics, cryptobiometrics, encrypted-domain recognition), and argues for irreversibility and unlinkability as essential properties, aligned with GDPR and ISO 24745. Overall, it provides a comprehensive, structured panorama of methods, evaluation strategies, countermeasures, and policy implications to guide secure and privacy-preserving biometric systems.

Abstract

With the widespread use of biometric recognition, several issues related to the privacy and security provided by this technology have been recently raised and analysed. As a result, the early common belief among the biometrics community of templates irreversibility has been proven wrong. It is now an accepted fact that it is possible to reconstruct from an unprotected template a synthetic sample that matches the bona fide one. This reverse engineering process, commonly referred to as \textit{inverse biometrics}, constitutes a severe threat for biometric systems from two different angles: on the one hand, sensitive personal data (i.e., biometric data) can be derived from compromised unprotected templates; on the other hand, other powerful attacks can be launched building upon these reconstructed samples. Given its important implications, biometric stakeholders have produced over the last fifteen years numerous works analysing the different aspects related to inverse biometrics: development of reconstruction algorithms for different characteristics; proposal of methodologies to assess the vulnerabilities of biometric systems to the aforementioned algorithms; development of countermeasures to reduce the possible effects of attacks. The present article is an effort to condense all this information in one comprehensive review of: the problem itself, the evaluation of the problem, and the mitigation of the problem. The present article is an effort to condense all this information in one comprehensive review of: the problem itself, the evaluation of the problem, and the mitigation of the problem.

Reversing the Irreversible: A Survey on Inverse Biometrics

TL;DR

This survey addresses the problem that biometric templates are not inherently irreversible, detailing how inverse biometrics enables reconstruction of bona fide-like samples from templates and poses impersonation and privacy risks. It categorizes inverse methods by attacker knowledge, reviews synthesis and reconstruction techniques across modalities, and introduces a standardized evaluation framework using Inversion Attack Match Rate (IAMR) to quantify reversibility under varied development/validation setups. The paper further discusses mitigation through score quantization and biometric template protection schemes (cancelable biometrics, cryptobiometrics, encrypted-domain recognition), and argues for irreversibility and unlinkability as essential properties, aligned with GDPR and ISO 24745. Overall, it provides a comprehensive, structured panorama of methods, evaluation strategies, countermeasures, and policy implications to guide secure and privacy-preserving biometric systems.

Abstract

With the widespread use of biometric recognition, several issues related to the privacy and security provided by this technology have been recently raised and analysed. As a result, the early common belief among the biometrics community of templates irreversibility has been proven wrong. It is now an accepted fact that it is possible to reconstruct from an unprotected template a synthetic sample that matches the bona fide one. This reverse engineering process, commonly referred to as \textit{inverse biometrics}, constitutes a severe threat for biometric systems from two different angles: on the one hand, sensitive personal data (i.e., biometric data) can be derived from compromised unprotected templates; on the other hand, other powerful attacks can be launched building upon these reconstructed samples. Given its important implications, biometric stakeholders have produced over the last fifteen years numerous works analysing the different aspects related to inverse biometrics: development of reconstruction algorithms for different characteristics; proposal of methodologies to assess the vulnerabilities of biometric systems to the aforementioned algorithms; development of countermeasures to reduce the possible effects of attacks. The present article is an effort to condense all this information in one comprehensive review of: the problem itself, the evaluation of the problem, and the mitigation of the problem. The present article is an effort to condense all this information in one comprehensive review of: the problem itself, the evaluation of the problem, and the mitigation of the problem.
Paper Structure (17 sections, 1 equation, 4 figures, 3 tables)

This paper contains 17 sections, 1 equation, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Synthetic Biometric Samples Generation
  3. The Threat: Inverse Biometrics Methods
  4. Knowledge Required: Template Format
  5. Knowledge Required: Similarity Scores
  6. Knowledge Required: Similarity Score and Comparison Function
  7. Knowledge Required: Feature Extraction
  8. Evaluating the Threat: Assessment of Inverse Biometric Methods
  9. The Evaluation Methodology
  10. Selection of the samples
  11. Selection of the systems
  12. Inversion metric
  13. Notes on the Evaluation Methodology
  14. Case Study on Iris Templates
  15. Mitigating the Threat: Countermeasures to Inversion Attacks
  16. ...and 2 more sections

Figures (4)

  • Figure 1: Classification of the methods for synthetic biometric samples generation. The methods that are the main focus of the present review (i.e., inverse biometrics) are highlighted in blue and classified according to the knowledge required to be carried out. Images have been taken from mori00handwritinglin07SyntheticHWcappelli2004sfingeGalbally2013.
  • Figure 2: General classification of attacks on biometric recognition systems, which can be broadly divided into presentation and software attacks.
  • Figure 3: Example of how a compromised template is used to reconstruct, through an inversion algorithm, a biometric sample which can lead to other type of stronger threats such as presentation attacks. Images extracted from galbally09FPsPRLdaGalbally2008_ICPR.
  • Figure 4: Two-stage experimental protocol proposed for the evaluation of the threat posed by inverse biometric algorithms: 1) in the development stage, the reconstructed database is generated from the templates produced using a development system, and 2) in the validation stage, the privacy threat posed by the reconstructed samples is evaluated launching attacks on one or more validation systems. In the figure, bona fide databases are depicted in green, and synthetic databases in red.