An analysis of BioHashing and its variants
Pattern Recognition
EURASIP Journal on Advances in Signal Processing
Multibiometric systems: fusion strategies and template security
Multibiometric systems: fusion strategies and template security
Handbook of Fingerprint Recognition
Handbook of Fingerprint Recognition
Encyclopedia of Biometrics
Revealing the secret of facehashing
ICB'06 Proceedings of the 2006 international conference on Advances in Biometrics
Vulnerabilities in biometric encryption systems
AVBPA'05 Proceedings of the 5th international conference on Audio- and Video-Based Biometric Person Authentication
Fingerprint Image Reconstruction from Standard Templates
IEEE Transactions on Pattern Analysis and Machine Intelligence
Filterbank-based fingerprint matching
IEEE Transactions on Image Processing
2^N discretisation of biophasor in cancellable biometrics
ICB'07 Proceedings of the 2007 international conference on Advances in Biometrics
Hi-index | 0.00 |
Multi-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply User-Based Transformations (UBTs) on biometric features. Typically, UBTs rely on generating user-based transformation keys from a password/PIN or retrieved from a token. One significant advantage of employing UBTs is its ability to achieve zero or near zero Equal Error Rate (EER) i.e. a clear separation of genuine and imposter distributions. However, the effect of compromised transformation keys on authentication accuracy has not been tested rigorously. In this paper, we challenge the myth that has been reported in the literature that in the case of stolen transformation key(s), accuracy drops but remains close to the accuracy of biometric only system. Moreover, we shall show that a multi-factor authentication system setup to operate at a zero EER has a serious security lapse in the event of stolen or compromised keys. In such a scenario, the False Acceptance Rate (FAR) of the system reaches unacceptable levels. We shall demonstrate this by experiments conducted on face and fingerprint biometrics, and show that an imposter with a stolen key needs no more than two attempts on average to be falsely accepted by the biometric system.