Abstract
Biometric Hash algorithms, also called BioHash, are mainly designed to ensure template protection to its biometric raw data. To assure reproducibility, BioHash algorithms provide a certain level of robustness against input variability to ensure high reproduction rates by compensating for intra-class variation of the biometric raw data. This concept can be a potential vulnerability. In this paper, we want to reflect such vulnerability of a specific Biometric Hash algorithm for handwriting, which was introduced in [1], consider and discuss possible attempts to exploit these flaws. We introduce a new reconstruction approach, which exploits this vulnerability; to generate artificial raw data out of a reference BioHash. Motivated by work from Cappelli et al. for fingerprint modality in [6] further studied in [3], where such an artificially generated raw data has the property of producing false positive recognitions, although they may not necessarily be visually similar. Our new approach for handwriting is based on genetic algorithms combined with user interaction in using a design vulnerability of the BioHash with an attack corresponding to cipher-text-only attack with side information as system parameters from BioHash. To show the general validity of our concept, in first experiments we evaluate using 60 raw data sets (5 individuals overall) consisting of two different handwritten semantics (arbitrary Symbol and fixed PIN). Experimental results demonstrate that reconstructed raw data produces an EERreconstr. in the range from 30% to 75%, as compared to non-attacked inter-class EERinter-class of 5% to 10% and handwritten PIN semantic can be better reconstructed than the Symbol semantic using this new technique. The security flaws of the Biometric Hash algorithm are pointed out and possible countermeasures are proposed.
Chapter PDF
Similar content being viewed by others
References
Vielhauer, C.: Biometric User Authentication for IT Security: From Fundamentals to Handwriting. Springer, New York (2006)
Vielhauer, C., Steinmetz, R., Mayerhoefer, A.: Biometric Hash based on Statistical Features of Online Signatures. In: Proceedings of the IEEE International Conference on Pattern Recognition (ICPR), vol. 1, pp. 123–126 (2002)
Galbally, J., Cappelli, R., Lumini, A., Maltoni, D., Fierrez, J.: Fake Fingertip Generation from a Minutiae Template. In: Proc. Intl. Conf. on Pattern Recognition, ICPR, Tampa, USA (2008)
Holland, J.H.: Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology. In: Control and Artificial Intelligence. MIT Press, Cambridge (1995), First Published by University of Michigan Press (1975)
Bishop, M.: Computer Security. Addison-Wesley, Boston (2003)
Cappelli, R., Erol, A., Maio, D., Maltoni, D.: Synthetic Fingerprint-image Generation. In: Proceedings 15th International Conference on Pattern Recognition (ICPR2000), Barcelona, vol. 3, pp. 475–478 (2000)
Al-saggaf, A.A., Acharya, H.S.: A Fuzzy Commitment Scheme. In: Proc. IEEE International Conference on Advances in Computer Vision and Information Technology, India (2007)
Galbally, J., Fierrez, J., Martinez-Diaz, M., Ortega-Garcia, J.: Synthetic Generation of Handwritten Signatures Based on Spectral Analysis. In: Defense and Security Symposium, Biometric Technologies for Human Identification, BTHI, Proc. SPIE, Orlando, USA (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kümmel, K., Vielhauer, C., Scheidat, T., Franke, D., Dittmann, J. (2010). Handwriting Biometric Hash Attack: A Genetic Algorithm with User Interaction for Raw Data Reconstruction. In: De Decker, B., Schaumüller-Bichl, I. (eds) Communications and Multimedia Security. CMS 2010. Lecture Notes in Computer Science, vol 6109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13241-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-13241-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13240-7
Online ISBN: 978-3-642-13241-4
eBook Packages: Computer ScienceComputer Science (R0)