Security for Biometric Data

摘要

Biometric authentication, i.e. verifying the claimed identity of a person based on physiological characteristics or behavioral traits, has the potential to contribute to both privacy protection and user convenience. From a security point of view, biometric authentication offers the possibility to establish physical presence and unequivocal identification. However from a privacy point of view, the use of biometric authentication also introduces new problems and user concerns. Namely, when used for privacy-sensitive applications, biometric data are a highly valuable asset. When such data are available to unauthorized persons, these data can potentially be used for impersonation purposes, defeating the security aspects that are supposed to be associated with biometric authentication. In this paper, we will systematically unveil critical sections based on the two generic biometric flow models for enrolment and authentication respectively. Based on these critical sections for biometric data in authentication systems, we will point out measures to protect biometric systems. It will be shown that especially techniques using non-reversible representations are needed to disallow malicious use of template information and we will discuss a variant of the Linnartz-Tuyls model for securing biometric templates in detail.