English

Exploit the Leak: Understanding Risks in Biometric Matchers

Cryptography and Security 2024-07-31 v5 Computer Vision and Pattern Recognition

Abstract

In a biometric authentication or identification system, the matcher compares a stored and a fresh template to determine whether there is a match. This assessment is based on both a similarity score and a predefined threshold. For better compliance with privacy legislation, the matcher can be built upon a privacy-preserving distance. Beyond the binary output (`yes' or `no'), most schemes may perform more precise computations, e.g., the value of the distance. Such precise information is prone to leakage even when not returned by the system. This can occur due to a malware infection or the use of a weakly privacy-preserving distance, exemplified by side channel attacks or partially obfuscated designs. This paper provides an analysis of information leakage during distance evaluation. We provide a catalog of information leakage scenarios with their impacts on data privacy. Each scenario gives rise to unique attacks with impacts quantified in terms of computational costs, thereby providing a better understanding of the security level.

Keywords

Cite

@article{arxiv.2307.13717,
  title  = {Exploit the Leak: Understanding Risks in Biometric Matchers},
  author = {Axel Durbet and Kevin Thiry-Atighehchi and Dorine Chagnon and Paul-Marie Grollemund},
  journal= {arXiv preprint arXiv:2307.13717},
  year   = {2024}
}

Comments

Minor corrections

R2 v1 2026-06-28T11:39:58.236Z