research-article

Multi-factor biometrics for authentication: a false sense of security

Authors:

Hisham Al-Assam,

Harin Sellahewa,

Sabah JassimAuthors Info & Claims

MM&Sec '10: Proceedings of the 12th ACM workshop on Multimedia and security

Pages 81 - 88

https://doi.org/10.1145/1854229.1854246

Published: 09 September 2010 Publication History

Abstract

Multi-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply User-Based Transformations (UBTs) on biometric features. Typically, UBTs rely on generating user-based transformation keys from a password/PIN or retrieved from a token. One significant advantage of employing UBTs is its ability to achieve zero or near zero Equal Error Rate (EER) i.e. a clear separation of genuine and imposter distributions. However, the effect of compromised transformation keys on authentication accuracy has not been tested rigorously. In this paper, we challenge the myth that has been reported in the literature that in the case of stolen transformation key(s), accuracy drops but remains close to the accuracy of biometric only system. Moreover, we shall show that a multi-factor authentication system setup to operate at a zero EER has a serious security lapse in the event of stolen or compromised keys. In such a scenario, the False Acceptance Rate (FAR) of the system reaches unacceptable levels. We shall demonstrate this by experiments conducted on face and fingerprint biometrics, and show that an imposter with a stolen key needs no more than two attempts on average to be falsely accepted by the biometric system.

References

[1]

O'Gorman, Lawrence. 2003. Comparing Passwords, Tokens, and Biometrics for User Authentication. Proc. IEEE, vol. 91, no. 12, pp. 2021--2040.

[2]

Li, S.Z. 2009. Encyclopedia of Biometrics. Springer.

Digital Library

[3]

Nandakumar, K. 2008. Multibiometric Systems: Fusion Strategies and Template Security, PhD thesis, Michigan State University.

Digital Library

[4]

Adler, A. Vulnerabilities in biometric encryption systems. 2005. Proc. of the 5th Int Conference on Audio and Video-Based Biometric Person Authentication. Vol. 3546, pp. 1611--3349.

Digital Library

[5]

R. Cappelli, A. Lumini, D. Maio, and D. Maltoni. 2007. Fingerprint Image Reconstruction from Standard Templates. IEEE Trans on Pattern Analysis and Machine Intelligence. Vol. 29(7), pp. 1489--1503.

Digital Library

[6]

Teoh, A.B.J., Ngo, D.C.L, Goh, A. 2004. BioHashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition. Vol. 37(11), pp. 2245--2255.

[7]

Lumini Alessandra and Loris Nanni. 2006. Empirical tests on BioHashing. Neurocomputing. Vol. 69, pp. 2390--2395.

[8]

Anil K. Jain, Karthik Nandakumar and Abhishek Nagar. 2008. Biometric Template Security. EURASIP Journal on Advances in Signal Processing. pp. 1--17.

Digital Library

[9]

Andrew B. J. Teoh, Kar-Ann Toh, and Wai K. Yip. 2007, 2^N Discretisation of BioPhasor in Cancellable Biometrics. Advances in Biometrics. pp. 435--444.

Digital Library

[10]

Connie, T. and Teoh, A. and Goh, M. and D. Ngo. 2004, PalmHashing: a novel approach for dual-factor authentication. Pattern Analysis & Applications. Vol. 7(3), pp. 255--268.

Digital Library

[11]

Wang, Y. and Plataniotis, KN. 2007, Face Based Biometric Authentication with Changeable and Privacy Preservable Templates. Biometrics Symposium. pp. 1--6.

[12]

A. Konga, K. Cheung, D. Zhang, M. Kamel, and J. You. 2006, An analysis of BioHashing and its variants. Pattern Recognition, Vol. 39, pp. 1359--1368.

Digital Library

[13]

A. Konga, K. Cheung, D. Zhang, M. Kamel, J. You. 2006, Revealing the Secret of FaceHashing. Advances in Biometrics, pp. 106--112.

Digital Library

[14]

Y. C. Feng, Pong C. Yuen and Anil K. Jain .2008, A Hybrid Approach for Face Template Protection. Proc. of SPIE Conference of Biometric Technology for Human Identification, Vol. 6944, p.p. 694408.

[15]

H. Al-Assam, H. Sellahewa & S.A. Jassim. 2009, lightweight approach for biometric template protection. Proceedings of SPIE. Vol. 7351, p.p. 73510.

[16]

A. Jain, S. Prabhakar, L. Hong, and S. Pankanti. 2000, Filterbank-Based Fingerprint Matching. IEEE Trans. Image Processing. Vol. 9(5), pp. 846--859.

Digital Library

[17]

D Maltoni, D Maio, AK Jain, S Prabhakar. 2009. Handbook of fingerprint recognitionun 2ed Edition.

Digital Library

[18]

Harter, F.S. Samaria and A.C. 1994, Parameterisation of a stochastic model for human face identification. Proceedings of the 2nd IEEE workshop on Applications of Computer Vision.

[19]

S Jassim, H Al-Assam, H Sellahewa. 2009, Improving performance and security of biometrics using efficient and stable random projection techniques, Proc. 6th International Symposium on Image and Signal Processing and Analysis (ISPA).

Cited By

Guntrum L(2024)Keyboard Fighters: The Use of ICTs by Activists in Times of Military Coup in MyanmarProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642279(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642279
Pöhn DGruschka NZiegler LBüttner A(2023)A framework for analyzing authentication risks in account networksComputers and Security10.1016/j.cose.2023.103515135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103515
Singh PSamuel HJaafar FAmeyed D(2022)Enhancing Biometric Security with Combinatorial and Permutational Multi-Fingerprint Authentication Strategies2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927942(1-7)Online publication date: 12-Sep-2022
https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927942
Show More Cited By

Index Terms

Multi-factor biometrics for authentication: a false sense of security
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Cancellable biometrics and annotations on BioHash

Lately, the once powerful one-factor authentication which is based solely on either password, token or biometric approach, appears to be insufficient in addressing the challenges of identity frauds. For example, the sole biometric approach suffers from ...
Cancellable biometrics and user-dependent multi-state discretization in BioHash

Although the use of biometrics for security access is convenient and easy to be implemented, it also introduced privacy and other security concerns when the original biometric templates are compromised. BioHash was introduced as a form of cancellable or ...
Multi-instance cancellable biometrics schemes based on generative adversarial network
Abstract
The main role of cancellable biometric schemes is to protect the privacy of the enrolled users. The protected biometric data are generated by applying a parametrized transformation function to the original biometric data. Although cancellable ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MM&Sec '10: Proceedings of the 12th ACM workshop on Multimedia and security

September 2010

264 pages

ISBN:9781450302869

DOI:10.1145/1854229

General Chair:
Patrizio Campisi
Università degli Studi Roma TRE, Rome, Italy
,
Program Chairs:
Jana Dittmann
Otto-von-Guericke University Magdeburg, Germany
,
Scott Craver
SUNY Binghamton, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMM: ACM Special Interest Group on Multimedia

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 September 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MM&Sec '10

Sponsor:

SIGMM

MM&Sec '10: Multimedia and Security Workshop

September 9 - 10, 2010

Roma, Italy

Acceptance Rates

Overall Acceptance Rate 128 of 318 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
1,064
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)3

Reflects downloads up to 01 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Guntrum L(2024)Keyboard Fighters: The Use of ICTs by Activists in Times of Military Coup in MyanmarProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642279(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642279
Pöhn DGruschka NZiegler LBüttner A(2023)A framework for analyzing authentication risks in account networksComputers and Security10.1016/j.cose.2023.103515135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103515
Singh PSamuel HJaafar FAmeyed D(2022)Enhancing Biometric Security with Combinatorial and Permutational Multi-Fingerprint Authentication Strategies2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927942(1-7)Online publication date: 12-Sep-2022
https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927942
Al-Assam HJassim S(2019)Security evaluation of biometric keysComputers and Security10.1016/j.cose.2012.01.00231:2(151-163)Online publication date: 25-Nov-2019
https://dl.acm.org/doi/10.1016/j.cose.2012.01.002
Al-Assam HRashid RJassim S(2013)Combining steganography and biometric cryptosystems for secure mutual authentication and key exchange8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)10.1109/ICITST.2013.6750224(369-374)Online publication date: Dec-2013
https://doi.org/10.1109/ICITST.2013.6750224
Al-Assam HJassim S(2012)Robust Biometric Based Key Agreement and Remote Mutual AuthenticationProceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2012.248(59-65)Online publication date: 25-Jun-2012
https://dl.acm.org/doi/10.1109/TrustCom.2012.248
Kabuya CPhiri JZhao T(2012)Metric Based Technique in Multi-factor Authentication System with Artificial Intelligence TechnologiesFuture Wireless Networks and Information Systems10.1007/978-3-642-27323-0_12(89-97)Online publication date: 2012
https://doi.org/10.1007/978-3-642-27323-0_12

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents