Untargeted Near-collision Attacks in Biometric Recognition

A biometric recognition system can operate in two distinct modes, identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a claimed identity by comparing the fresh template with the enrolled template for this identity. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes. One of the requirements for these transformation schemes is their irreversibility. In this work, we rely on probabilistic modelling to quantify the security strength of binary templates. We investigate the influence of template size, database size and threshold on the probability of having a near-collision, and we highlight two attacks on biometric systems. We discuss the choice of parameters through the generic presented attacks.