More Biometrics Bad News

To the surprise of–I’m hoping–fewer and fewer people, Andy Adler at the University of Ottawa has published a paper showing how the digital template of biometric data can be reformed into a close approximation of the original biometric data. The example uses facial recognition but according to the paper, “While results are demonstrated for face recognition algorithms, the conceptual framework should be applicable to any biometric algorithm.”

Kim Cameron’s blog pointed me to this, though the paper’s header seems to indicate it was published in 2003. Late last year I revisited my thinking on Biometrics here; it all still applies. Any security system will have vulnerabilities of some sort or another. One of the considerations though, is what the impact is of any single vulnerability. With biometric systems, because the same biometric data can be used in multiple places, the impact could well extend beyond the exposed system. This makes the security of your biometric data only as strong as the weakest place that stores it. When that reality is coupled with the truism that you can’t revoke your biometric data, we wind up with a real problem.

Technorati Tags:

3 thoughts on “More Biometrics Bad News”

  1. The problem you get is what I call the “Biometric dilemma”, the more we use biometrics the more likely they will be compromised and hence become useless for security.

    That is older stuff you cited which did not include “commercial” systems (though it does apply) and only hints at fingerprints as being doable . A more recent work includes:

    A. Ross, J. Shah and A. K. Jain, “From Template to Image: Reconstructing Fingerprints From Minutiae Points,” IEEE Transactions on Pattern Analysis and Machine Intelligence, Special Issue on Biometrics, Vol. 29, No. 4, pp. 544-560, April 2007.

    Pranab Mohanty, Sudeep Sarkar, Rangachar Kasturi, “/From Scores to Face Template: A Model-based Approach/”, To appear in IEEE Journal of Pattern Analysis & Machine Intelligence (PAMI)

    Pranab Mohanty, Sudeep Sarkar, Rangachar Kasturi, “/Privacy &
    Security Issues Related to Match Scores/”, IEEE Workshop on
    Privacy Research In Vision, CVPRW, 2006. *(PDF)

    On a more positive note, there are many people working on cancelable or “revocable biometrics”

    E.g. or

    T. E. Boult, “Robust distance measures for face recognition supporting revocable biometric tokens”, IEEE Conf. on Face and Gesture, April 2006.

    T.E. Boult, W.J. Scheirer and R. Woodworth, “Revocable Fingerprint Biotokens: Accuracy and Security Analysis”, IEEE Conf. on Computer Vision and Pattern Recognition, June 2007.

    Cancelable biometric filters for face recognition
    Savvides, M.; Vijaya Kumar, B.V.K.; Khosla, P.K.
    ICPR 2004. 922 – 925 Vol.3

  2. Even more recent paper have amazing result. Check out the video at

    Which is the supplemental information associated with the paper:
    Fingerprint Image Reconstruction from Standard Templates
    Raffaele Cappelli, Alessandra Lumini, Dario Maio and Davide Maltoni
    September 2007 Issue of the IEEE Transaction on Pattern Analysis and Machine Vision (T-PAMI). See

    The details of how are in the paper, but the video alone is pretty convincing. The paper tested their reconstruction, using 100s of reconstructed prints, on 8 commercial and one government matchers and they were accepted 90% of the time on medium security settings and 81% of the highest security level at which they could test.

Leave a Reply