On the Leakage of Fuzzy Matchers

In a biometric authentication or identification system, the matcher compares a stored and a fresh template to determine whether there is a match. This assessment is based on both a similarity score and a predefined threshold. For better compliance with privacy legislation, the matcher can be built upon a threshold-based obfuscated distance (i.e., Fuzzy Matcher). Beyond the binary output ("yes" or "no"), most algorithms perform more precise computations, e.g., the value of the distance. Such precise information is prone to leakage even when not returned by the matcher. This can occur due to a malware infection or the use of a weakly privacy-preserving matcher, exemplified by side channel attacks or partially obfuscated designs. This paper provides an analysis of information leakage during distance evaluation, with an emphasis on threshold-based obfuscated distance. We provide a catalog of information leakage scenarios with their impacts on data privacy. Each scenario gives rise to unique attacks with impacts quantified in terms of computational costs, thereby providing a better understanding of the security level.