More Biometrics Bad News

To the surprise of–I’m hoping–fewer and fewer people, Andy Adler at the University of Ottawa has published a paper showing how the digital template of biometric data can be reformed into a close approximation of the original biometric data. The example uses facial recognition but according to the paper, “While results are demonstrated for face recognition algorithms, the conceptual framework should be applicable to any biometric algorithm.”

Kim Cameron’s blog pointed me to this, though the paper’s header seems to indicate it was published in 2003. Late last year I revisited my thinking on Biometrics here; it all still applies. Any security system will have vulnerabilities of some sort or another. One of the considerations though, is what the impact is of any single vulnerability. With biometric systems, because the same biometric data can be used in multiple places, the impact could well extend beyond the exposed system. This makes the security of your biometric data only as strong as the weakest place that stores it. When that reality is coupled with the truism that you can’t revoke your biometric data, we wind up with a real problem.

Technorati Tags:

3 Responses to “More Biometrics Bad News”

  1. tboult says:

    The problem you get is what I call the “Biometric dilemma”, the more we use biometrics the more likely they will be compromised and hence become useless for security.

    That is older stuff you cited which did not include “commercial” systems (though it does apply) and only hints at fingerprints as being doable . A more recent work includes:

    A. Ross, J. Shah and A. K. Jain, “From Template to Image: Reconstructing Fingerprints From Minutiae Points,” IEEE Transactions on Pattern Analysis and Machine Intelligence, Special Issue on Biometrics, Vol. 29, No. 4, pp. 544-560, April 2007.

    Pranab Mohanty, Sudeep Sarkar, Rangachar Kasturi, “/From Scores to Face Template: A Model-based Approach/”, To appear in IEEE Journal of Pattern Analysis & Machine Intelligence (PAMI)

    Pranab Mohanty, Sudeep Sarkar, Rangachar Kasturi, “/Privacy &
    Security Issues Related to Match Scores/”, IEEE Workshop on
    Privacy Research In Vision, CVPRW, 2006. *(PDF)

    On a more positive note, there are many people working on cancelable or “revocable biometrics”

    E.g. http://www.research.ibm.com/ecvg/biom/cancel.html or

    T. E. Boult, “Robust distance measures for face recognition supporting revocable biometric tokens”, IEEE Conf. on Face and Gesture, April 2006. http://vast.uccs.edu/~tboult/vast.uccs.edu/~tboult/PAPERS/Boult-IEEEFG06-preprint.pdf

    T.E. Boult, W.J. Scheirer and R. Woodworth, “Revocable Fingerprint Biotokens: Accuracy and Security Analysis”, IEEE Conf. on Computer Vision and Pattern Recognition, June 2007.

    Cancelable biometric filters for face recognition
    Savvides, M.; Vijaya Kumar, B.V.K.; Khosla, P.K.
    ICPR 2004. 922 – 925 Vol.3
    http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/9258/29387/01334679.pdf

  2. [...] Dr. Terry Boult, of the University of Colorado Vision and Security Technology Lab, responded to my last post with some excellent research that is much more current than the paper I originally mentioned. I haven’t had time to drill into all of it but the first paper from Arun Ross, Jidnya Shah, and Anil Jain entitled From Template to Image: Reconstructing Fingerprints from Minutiae Points was very interesting. Based on my cursory examination, it seems to confirm the 2003 paper’s hypothesis that reconstructing biometric data is possible for other types of biometric systems beyond those employing facial recognition: The salient feature of this noniterative method to generate ridges is its ability to preserve the minutiae at specified locations in the reconstructed ridge map. Experiments using a commercial fingerprint matcher suggest that the reconstructed ridge structure bears close resemblance to the parent fingerprint. [...]

  3. Terry Boult says:

    Even more recent paper have amazing result. Check out the video at http://csdl.computer.org/comp/trans/tp/2007/09/i1489s.avi

    Which is the supplemental information associated with the paper:
    Fingerprint Image Reconstruction from Standard Templates
    Raffaele Cappelli, Alessandra Lumini, Dario Maio and Davide Maltoni
    September 2007 Issue of the IEEE Transaction on Pattern Analysis and Machine Vision (T-PAMI). See http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/trans/tp/&toc=comp/trans/tp/2007/09/i9toc.xml

    The details of how are in the paper, but the video alone is pretty convincing. The paper tested their reconstruction, using 100s of reconstructed prints, on 8 commercial and one government matchers and they were accepted 90% of the time on medium security settings and 81% of the highest security level at which they could test.

Leave a Reply

You must be logged in to post a comment.