ChapterPDF Available

Biometrics Security



Biometrics security deals with the technologies and practice around evaluating the impact of attacks to biometrics systems and ways to countermeasure such attacks.
Biometrics Security
Julian Fierrez, Aythami Morales, and Javier
Universidad Autonoma de Madrid, Madrid,
Biometrics attacks;Biometrics vulnerabilities
Biometrics security deals with the technologies
and practice around evaluating the impact of
attacks to biometrics systems and ways to coun-
termeasure such attacks.
Biometric systems can offer several advantages
over classical security methods based on some-
thing that you know (e.g., PIN, password) or
something that you have (e.g., key, card, ID).
Traditional authentication systems are not pre-
pared to discriminate between impostors who
have illegally acquired the privileges to access
a system and the genuine user. Furthermore, in
biometric systems, there is no need for the user
to remember difficult PIN codes that could be
easily forgotten or to carry a key that could be
lost or stolen. However, despite these advantages,
biometric systems have some drawbacks (Jain
et al. 2016), including (1) the lack of secrecy
(e.g., everybody knows our face or could get our
fingerprints) and (2) the fact that a biometric trait
cannot be replaced (if we forget a password, we
can easily generate a new one, but no new finger-
print can be generated if an impostor steals it).
Furthermore, biometric systems are vulnerable to
external attacks which could decrease their level
of security. Basically, there are eight different
points of attack on biometric recognition systems,
which are depicted in Fig. 1. These vulnerability
points can broadly be divided into two main
groups (Galbally et al. 2007):
Direct attacks (also known as presentation
attacks or spoofing attacks (Hadid et al. 2015;
Marcel et al. 2019).) One can generate syn-
thetic biometric samples (for instance, speech,
fingerprints, or face images) in order to fraud-
ulently access a system. This is the first vul-
nerability point in a biometric security system
(see attack point 1 in Fig. 1). These attacks
at the sensor level are referred to as direct
attacks. It is worth noting that in this type of
attacks, no specific knowledge about the sys-
tem operation is needed (e.g., matching algo-
rithm used, feature extraction, feature vector
format). Furthermore, the attack is carried out
in the analog domain, outside the digital limits
of the system, so the digital protection mech-
© Springer Science+Business Media LLC 2021
S. Jajodia et al. (eds.), Encyclopedia of Cryptography, Security and Privacy,
2Biometrics Security
Biometrics Security, Fig. 1 Architecture of an automated biometric verification system. Possible attack points are
numbered from 1 to 8
anisms (e.g., digital signature, watermarking)
cannot be directly used.
Indirect attacks. This group includes all the
remaining seven points of attack identified
in Fig. 1. Attacks 3 and 5 might be carried
out using a Trojan horse that bypasses the
feature extractor and the matcher, respectively.
In attack 6, the system database is manipulated
(a template is changed, added, or deleted) in
order to gain access to the application. The
remaining points of attack (2, 4, 7, and 8)
are thought to exploit possible weak points
in the communication channels of the system,
extracting, adding, or changing information
from them. In opposition to direct attacks,
in this case the intruder needs to have some
information about the inner working of the
recognition system, and, in most cases, phys-
ical access to some of the application compo-
nents (feature extractor, matcher, or database)
is required.
In order to improve the performance and
robustness of biometric systems against the
mentioned potential attacks, it is of great
importance to study the behavior of existing
systems against those potential attacks. This has
been an intense research effort in the last decade
(Marcel et al. 2019).
On the other hand, several countermeasures
have been developed for securing biometric sys-
tems against those potential attacks. The counter-
measures can be classified as follows:
Presentation attack detection (also known
as biometric anti-spoofing or biometric fake
detection (Hadid et al. 2015; Marcel et al.
2019).) Against attacking point 1 in Fig. 1,
there are several techniques specifically
developed for biometric systems to detect
the naturalness of the input biometric in order
to detect fake or manipulated biometric inputs
(Galbally et al. 2014).
Template protection. In order to protect attack-
ing points 6 and 7 in Fig. 1, there are several
techniques developed specifically for biomet-
ric systems that protect the biometric tem-
plates generated in the enrollment and opera-
tion of the systems. These techniques are com-
monly known as biometric template protection
(Rathgeb and Uhl 2011; Gomez-Barrero et al.
General computer security schemes. For
attacking points related to communication
channels and manipulation of the processing
modules in Fig. 1, one can use general
computer security schemes.
Open Problems and Future Directions
Biometric template protection technologies are
now evolving to improve the security of bio-
metric systems while not harming operational
aspects of those systems. Future directions in this
way include incorporating into biometric systems
recent advances in cryptography and distributed
security like homomorphic encryption (Gomez-
Barrero et al. 2017b) and blockchain technologies
(Delgado-Mohatar et al. 2019).
On the other hand, the easiness to generate
high-quality biometric fake and manipulated
content is growing significantly nowadays with
Biometrics Security 3
the explosion of deep learning technologies.
DeepFakes can now be created in several
biometric modalities (facial images and video,
voice, etc.) imitating natural biometric content in
a way almost undistinguishable to the human eye
(Tolosana et al. 2020). New techniques are being
developed specifically to countermeasure such
high-quality biometric fakes generated with deep
learning technologies (Neves et al. 2020).
Acknowledgments This work has been supported by
projects BIBECA (RTI2018-101248-B-I00 MINECO/
and PRIMA (MSCA-ITN-2019-860315).
Delgado-Mohatar O, Fierrez J, Tolosana R, Vera-
Rodriguez R (2019) Biometric template storage with
blockchain: a first look into cost and performance
tradeoffs. In: Proceedings of IEEE/CVF Conference on
Computer Vision and Pattern Recognition Workshops,
Galbally J, Fierrez J, Ortega-Garcia J (2007) Vulnerabili-
ties in biometric systems: attacks and recent advances
in liveness detection. In: Proceedings of Spanish Work-
shop on Biometrics
Galbally J, Marcel S, Fierrez J (2014) Image quality
assessment for fake biometric detection: application to
iris, fingerprint and face recognition. IEEE Trans Image
Process 23(2):710–724
Gomez-Barrero M, Galbally J, Morales A, Fierrez J
(2017a) Privacy-preserving comparison of variable-
length data with application to biometric template pro-
tection. IEEE Access 5:8606–8619
Gomez-Barrero M, Maiorana E, Galbally J, Campisi P,
Fierrez J (2017b) Multi-biometric template protection
based on homomorphic encryption. Pattern Recogn
Hadid A, Evans N, Marcel S, Fierrez J (2015) Biometrics
systems under spoofing attack: an evaluation method-
ology and lessons learned. IEEE Signal Process Mag
Jain AK, Nandakumar K, Ross A (2016) 50 years of
biometric research: accomplishments, challenges, and
opportunities. Pattern Recogn Lett 79:80–105
Marcel S, Nixon M, Fierrez J, Evans N (2019) Handbook
of biometric anti-spoofing, 2nd edn. Springer, Cham
Neves JC, Tolosana R, Vera-Rodriguez R, Lopes V,
Proenca H, Fierrez J (2020) GANprintR: improved
fakes and evaluation of the state of the art in face
manipulation detection. IEEE J Sel Topics Signal Pro-
cess 14(5):1038–1048
Rathgeb C, Uhl A (2011) A survey on biometric cryp-
tosystems and cancelable biometrics. EURASIP J Inf
Secur 2011:3
Tolosana R, Vera-Rodriguez R, Fierrez J, Morales A,
Ortega-Garcia J (2020) Deepfakes and beyond: a sur-
vey of face manipulation and fake detection. Inf Fusion
Full-text available
Machine learning methods are growing in relevance for biometrics and personal information processing in domains such as forensics, e-health, recruitment, and e-learning. In these domains, white-box (human-readable) explanations of systems built on machine learning methods become crucial. Inductive logic programming (ILP) is a subfield of symbolic AI aimed to automatically learn declarative theories about the processing of data. Learning from interpretation transition (LFIT) is an ILP technique that can learn a propositional logic theory equivalent to a given black-box system (under certain conditions). The present work takes a first step to a general methodology to incorporate accurate declarative explanations to classic machine learning by checking the viability of LFIT in a specific AI application scenario: fair recruitment based on an automatic tool generated with machine learning methods for ranking Curricula Vitae that incorporates soft biometric information (gender and ethnicity). We show the expressiveness of LFIT for this specific problem and propose a scheme that can be applicable to other domains. In order to check the ability to cope with other domains no matter the machine learning paradigm used, we have done a preliminary test of the expressiveness of LFIT, feeding it with a real dataset about adult incomes taken from the US census, in which we consider the income level as a function of the rest of attributes to verify if LFIT can provide logical theory to support and explain to what extent higher incomes are biased by gender and ethnicity.
Full-text available
The free access to large-scale public databases, together with the fast progress of deep learning techniques, in particular Generative Adversarial Networks, have led to the generation of very realistic fake content with its corresponding implications towards society in this era of fake news. This survey provides a thorough review of techniques for manipulating face images including DeepFake methods, and methods to detect such manipulations. In particular, four types of facial manipulation are reviewed: i) entire face synthesis, ii) identity swap (DeepFakes), iii) attribute manipulation, and iv) expression swap. For each manipulation group, we provide details regarding manipulation techniques, existing public databases, and key benchmarks for technology evaluation of fake detection methods, including a summary of results from those evaluations. Among all the aspects discussed in the survey, we pay special attention to the latest generation of DeepFakes, highlighting its improvements and challenges for fake detection. In addition to the survey information, we also discuss open issues and future trends that should be considered to advance in the field.
Conference Paper
Full-text available
We explore practical tradeoffs in blockchain-based biometric template storage. We first discuss opportunities and challenges in the integration of blockchain and biometrics, with emphasis in biometric template storage and protection, a key problem in biometrics still largely unsolved. Blockchain technologies provide excellent architectures and practical tools for securing and managing the sensitive and private data stored in biometric templates, but at a cost. We explore experimentally the key tradeoffs involved in that integration, namely: latency, processing time, economic cost, and biometric performance. We experimentally study those factors by implementing a smart contract on Ethereum for biometric template storage, whose cost-performance is evaluated by varying the complexity of state-of-the-art schemes for face and handwritten signature biometrics. We report our experiments using popular benchmarks in biometrics research, including deep learning approaches and databases captured in the wild. As a result, we experimentally show that straightforward schemes for data storage in blockchain (i.e., direct and hash-based) may be prohibitive for biometric template storage using state-of-the-art biometric methods. A good cost-performance tradeoff is shown by using a blockchain approach based on Merkle trees.
Full-text available
The establishment of cloud computing and Big Data in a wide variety of daily applications has raised some privacy concerns due to the sensitive nature of some of the processed data. This has promoted the need to develop data protection techniques where the storage and all operations are carried out without disclosing any information. Following this trend, this article presents a new approach to efficiently compare variable-length data in the encrypted domain using Homomorphic Encryption, where only encrypted data is stored or exchanged. The new variable-length based algorithm is fused with existing fixed-length techniques in order to obtain increased comparison accuracy. To assess the soundness of the proposed approach, we evaluate its performance on a particular application: a multi-algorithm biometric template protection system based on dynamic signatures, which complies with the requirements described in the ISO/IEC 24745 standard on biometric information protection. Experiments have been carried out on a publicly available database and a free implementation of the Paillier cryptosystem to ensure reproducibility and comparability to other schemes.
Full-text available
Biometric recognition refers to the automated recognition of individuals based on their biological and behavioral characteristics such as fingerprint, face, iris, and voice. The first scientific paper on automated fingerprint matching was published by Mitchell Trauring in the journal Nature in 1963. The first objective of this paper is to document the significant progress that has been achieved in the field of biometric recognition in the past 50 years since Trauring’s landmark paper. This progress has enabled current state-of-the-art biometric systems to accurately recognize individuals based on biometric trait(s) acquired under controlled environmental conditions from cooperative users.
Full-text available
Form a privacy perspective most concerns against the common use of biometrics arise from the storage and misuse of biometric data. Biometric cryptosystems and cancelable biometrics represent emerging technologies of biometric template protection addressing these concerns and improving public confidence and acceptance of biometrics. In addition, biometric cryptosystems provide mechanisms for biometric-dependent key-release. In the last years a significant amount of approaches to both technologies have been published. A comprehensive survey of biometric cryptosystems and cancelable biometrics is presented. State-of-the-art approaches are reviewed based on which an in-depth discussion and an outlook to future prospects are given.
In spite of the advantages of biometrics as an identity verification technology, some concerns have been raised due to the high sensitivity of biometric data: any information leakage poses a severe privacy threat. To solve those issues only protected templates should be stored or exchanged for recognition purposes. In order to improve the performance and achieve more secure and privacy-preserving systems, we propose a general framework for multi-biometric template protection based on homomorphic probabilistic encryption, where only encrypted data is handled. Three fusion levels are thoroughly analysed, showing that all requirements described in the ISO/IEC 24745 standard on biometric data protection are met with no accuracy degradation. Furthermore, even if all the process is carried out in the encrypted domain, no encryptions are necessary during verification, thereby allowing an efficient verification which can be deployed for real-time applications. Finally, experiments are carried out on a reproducible research framework. The results obtained show high accuracy rates, reaching EERs as low as 0.12%, and requiring protected templates comprising 200 KB.