Biometric Security – Threats and Vulnerabilities

S. Brindha

against the registered user either on a smart card or database

Abstract— Identified as one of the most important for verification.
technologies of the 21st century, Biometric security is a pivotal topic
in the areas of user authentication and cryptographic key generation.
Biometrics refers to identification of individuals based on their
distinctive physiological (finger print, face, iris, hand geometry, vein,
DNA, etc.,) and behavioural (voice, gait, signature, keystroke, etc.,)
characteristics. The fact that biometric data is not revocable and is
not secret pooled with the existence of various malicious threats
undermines the integrity of biometric authentication. Knowing the
vulnerabilities will be an eye opener to enhance this emerging
security trend. In this paper, the various threats that can be
encountered by a biometric system have been analysed. The different
strategies for attacks, the weaknesses of biometric systems are
highlighted and possible solutions are presented. Certain Issues like
Ergonomics, Performance Limitations, and Privacy concerns which
have not received focus have also been discussed. In order to protect
biometric data, Steganography using Least Significant Bit (LSB)
embedding algorithm is suggested, which embeds bits in the LSB’s in
a non linear fashion inside an image. As an improvement, prior to
embedding, the bits are encrypted and then embedded.
Steganography and Cryptography coined together will aid to protect Fig. 1 Biometric Authentication
the biometric data and thereby provide secrecy and avoid loss of
privacy. II. KINDS OF BIOMETRIC SYSTEMS

Keywords— Biometric Security, Security Attacks,

Steganography, Vulnerabilties.
I. INTRODUCTION
T raditional Security measures involve either the
use of passwords (knowledge-based security) or
ID cards (token-based security), which can be easily breached.
The emergence of Biometric authentication systems has
proven to be a viable practical alternative to address the
problems in conventional methods. Biometrics refers to the
automatic identification (or verification) of an individual (or a
claimed identity) by using certain physiological or behavioral
traits associated with the person. Biometric systems make use
of fingerprints, hand geometry, iris, retina, face, hand vein,
facial thermograms, signature, voiceprint, gait, palm print, etc.
to establish a person’s identity.
Biometrics relies on who you are—on one of any
number of unique characteristics that you can’t lose or
forget.A biometric system authenticates (Fig. 1) its users in
conjunction with a smart card, username or ID number. The
biometric template captured is compared with that stored
S.Brindha is with PSG Polytechnic College, India,
(hod@dcn.psgtech.ac.in).
Identifying an individual using genetic patterns, while quite
reliable and authoritative, remains a time-consuming scientific
process and is generally reserved for forensic purposes
because it is invasive and requires highly specialized
equipment and expertise. The rate of change in technology
guarantees that what seems impossibly complex today can
become practical, even a practical necessity in just a few short
years. The following technologies show mainstream promise:
1. Finger Print
Fingerprint recognition derives a unique template from the
attributes of the fingerprint without storing the image itself or
even allowing for its reconstruction. Fingerprints basically
consist of ridges (raised skin) and furrows (lowered skin) that
twist to form a distinct pattern. When an inked imprint of a
finger is made, the impression created is of the ridges while the
furrows are the uninked areas between the ridges. [1] Although
the manner in which the ridges flow is distinctive, other
characteristics of the fingerprint called ‘minutiae’ are what is
most unique to the individual (See Fig. 2 for minutiae
representation). These features are particular patterns
consisting of terminations or bifurcations of the
ridges. According to [1], there is a good possibility to
e-mail: reconstruct the fingerprints from minutiae and hence in this

1
widespread used trait, protective measures have to be
developed.
Fig. 2 Minutiae
2. Hand Geometry
The essence of hand geometry is the comparative
dimensions of fingers and the locations of joints. Some
systems perform simple, two-dimensional measurements of the
palm of the hand. Others attempt to construct a simple three-
dimensional image from which to extract template
characteristics.
3. Retina
Retinal recognition creates an "eye signature" from the
vascular configuration of the retina, an extremely consistent
and reliable attribute with the advantage of being protected
inside the eye itself. An image of the retina is captured by
having the individual look through a lens at an alignment
target. Diseases or injuries that would interfere with the retina
are comparatively rare in the general population, so the
attribute normally remains both consistent and consistently
available.
4. Voice
Voice recognition techniques are generally categorized
according to two approaches—Automatic Speaker Verification
(ASV) and Automatic Speaker Identification (ASI). Speaker
verification uses voice as the authenticating attribute in a two-
factor scenario. Speaker identification attempts to use voice to
identify who an individual actually is. Voice recognition
distinguishes an individual by matching particular voice traits
against templates stored in a database. Voice systems must be
trained to the individual's voice at enrollment time, and more
than one enrollment session is often necessary. Feature
extraction typically measures formats or sound characteristics
unique to each person's vocal tract. The pattern matching
algorithms used in voice recognition are similar to those used
in face recognition.
2
5. Iris
Iris scanning is less intrusive than retinal recognition
because the iris is easily visible from several feet away.
Responses of the iris to changes in light can provide secondary
verification that the iris presented as a biometric factor is
genuine. Though empirical tests with the technology will
improve its reliability, it appears quite promising and even
practical for many applications, especially two-factor
scenarios. While some of the technical issues of iris scanning
seem pedestrian, they present implementation challenges. A
careful balance of light, focus, resolution, and contrast is
necessary to extract the attributes or minutiae from the
localized image. While the iris seems to be consistent
throughout adulthood, it does vary somewhat up to
adolescence.
6. Face
Face recognition technology is still in its early stages, and
most tests and applications have been run against relatively
small databases. The similarity score produced by each
comparison determines the match—the highest score wins.
Acquisition for biometric identification purposes requires the
individual's face to be presented to a video camera. An evident
deficiency in some current schemes is the ability to fool or
confuse some systems with makeup. A facial thermogram [9]
works much like face recognition except that the image is
captured by way of an infrared camera, and the heat signature
of the face is used to create the biometric template used for
matching. This is more reliable than simple imaging.
7. Vein recognition
Hand vein recognition attempts to distinguish individuals by
measuring the differences in subcutaneous features of the hand
using infrared imaging. Like face recognition, it must deal with
the extra issues of three-dimensional space and the orientation
of the hand. Like retinal scanning, it relies on the pattern of the
veins in the hand to build a template with which to attempt
matches against templates stored in a database. The use of
infrared imaging offers some of the same advantages as hand
geometry over fingerprint recognition in manufacturing or
shop-floor applications where hands may not be clean enough
to scan properly using a conventional video or capacitance
technique.
8. Signature
While a signature is not strictly biometric, it is a simple,
concrete expression of the unique variations in human hand
geometry. Forensic experts have developed criteria over the
years for verifying the authenticity of a signature. Automating
this process allows computer automation to take the place of
an expert in looking for unique identifying attributes. In
addition to the general shape of the signed name, a signature
recognition system can also measure both the pressure and
velocity of the point of the stylus across the sensor pad.
(Keystroke dynamics is a variation on this technique that
measures the typing rates and intervals.) Signatures, however,
are difficult to model for variation, as is the reliability of these
systems, especially when compared with other simpler
alternatives.
III. THREATS
1. Spoofing
Spoofing is fooling a biometric system by means of an
artefact bearing a copy of the biometric features of an enrolled
user. It is a real concern because spoofing directly undermines
the principal strength of biometric authentication. If spoofing
[5] can be made to work relatively easily then a major
argument in favour of using biometrics disappears. The source
images for biometrics are not generally secret. The security of
a biometric system should therefore not depend on a
presumption of secrecy of the source; rather the application
should implement anti-spoofing measures. These could include
supervised operation, liveness checking or challenge/response
exchanges.The barrier can be raised higher through the use of
multi-mode biometrics [12] (e.g. face and voice), through
multi-factor authentication such as biometric and PIN, and
through challenge/response mechanisms which utilise
behavioural characteristics. A multimodal Biometric System is
shown in Fig. 3.
Fig. 3 Multimodal Biometrics
2. Enrolment Integrity and Quality
Ensuring enrolment integrity is a vital underlying
requirement for biometric authentication system. If the
enrolment integrity is compromised, all bets are off regarding
security. System implementers will need to determine what
credentials are necessary and sufficient to validate users prior
to enrolment, and then to ensure that the enrolment process
itself is secure. The performance of biometric systems is
dependent on the quality of the enrolled biometric. Enrolment
3
quality can be affected by accidental or deliberate events and
environmental conditions, and the result of low enrolment
quality is almost inevitably poor system performance. If the
performance is poor the security will be compromised, and
there may be excessive dependence on the fallback system.
Countermeasures include - good enrolment procedures and
trained administrators.
3. Mimicry (behavioural biometrics)
Mimicry is to behavioural biometrics what artefacts are to
physiological biometrics.
Through mimicry [5], an impostor attempts to “copy” the
relevant biometric features of an enrolled user in order to fool
the biometric authentication process. Because behavioural
biometrics is applicable to the recognition of acquired, rather
than inherited features, the features can also be acquired by an
impostor. Because mimicry may be perceived to be a low
technology form of attack requiring a lower level of expertise,
biometric systems employing behavioural biometrics may be
subject to a higher incidence of attacks from a wider range of
attackers. Counter-measures should focus on the ability to
distinguish between a genuine person and a mimicker. This
could include improved technical performance, supervised
operation and challenge/response features.
4. Latent/Residual images
Latency or residual images are a possible security concern
that could occur in two forms:
• Physical residual biometric image
• Latency in internal memory
This could occur through a combination of failure to clear
memory. Latency [10] or residual image problems can be
addressed by correct system software design, and system
maintenance (cleaning). This would form one subject for a
security evaluation process.
5. Template integrity/confidentiality
Template integrity and confidentiality [10] are distinctly
different issues related to template data though similar
solutions may be employed to deal with both problems.
Template integrity [6] is concerned with threats to the
authentication process caused by planted or modified
templates, whereas template confidentiality relates to the legal
and privacy issues around the template data and the way in
which the data could be misused. Untrustworthy templates
could occur for one or more of several different reasons:
• Accidental corruption due to a malfunction of the system
hardware or software
• Intentional modification of a bona-fide template by an
attacker
• The insertion of a biometric template corresponding to
the attacker to substitute for the reference template of an
authorised enrolee.
• The addition of a biometric template corresponding to the
attacker to create a bogus “enrolment” on the system.

Countermeasures to provide Template integrity could be
through access control, or through the use of cryptographic
techniques. Digital signing of template data may be sufficient
to protect the integrity, but not to protect confidentiality.
Cryptographic protection [2] may need to be combined with
other techniques (such as time stamping) to protect against the
reuse of stolen templates.
IV. VULNERABILITIES
1. Loss of Privacy
Valuable assets are traditionally protected by secrecy,
typically secret passwords. Biometric features are often readily
observed and do not possess equivalent secrecy. There is a
perceived fear that biometric data may be shared between
applications, perhaps without the knowledge or consent of the
subjects. This concern may be amplified if biometric images
are stored, rather than the coded template data only,
particularly for large-scale public applications. If the template
is stolen it may be used for any application without user
knowledge. As a counter measure Cancellable Biometrics as
proposed by [4] can be considered. It can avoid unwanted use
of template but cannot prevent loss of privacy. Cancellable
biometrics have been proposed, where the biometric image is
distorted in a repeatable but non-reversible manner before
template generation, If the biometric is compromised, the
distortion characteristics are changed, and the updated image
is mapped to a new template which is used subsequently.
There exists chance of potential misuse of biometric data
stored on central databases. It refers to the threat to privacy
that such centralised collections of personal data could pose if
compromised. A potential solution is seen in the storing of
personal data on secure tokens or smart cards that are held by
the users themselves. The assumption is that this will obviate
the need for a central database of biometric data, and therefore
negate any privacy concerns. This is attractive because it
promotes the idea of anonymous authentication.
However, anonymous authentication has its limits and may
not be tenable in many circumstances. For example in
government applications, it will typically not be sufficient to
know that the person applying for the benefit
payment/passport/driving licence is who they claim to be. It
will also be necessary to check that they are entitled to the
service or payment requested and not enrolled multiple times
under different identities. To do this a central database of
claimants will almost certainly be needed, even if a token or
smart card is used as part of the authentication process. In
these cases, the privacy protection advantage ascribed to user-
held tokens or smart cards will be largely illusory. To mitigate
the risk of functional creep, the biometric data can be bound to
the application through the use of cryptographic signature
techniques.
4
2. Ergonomics
Ergonomics, also known as human factors, is the scientific
discipline that seeks to understand and improve human
interactions with products, equipment, environments and
systems. It aims to develop and apply knowledge and
techniques to optimise system performance, whilst protecting
the health, safety and well-being of individuals involved.
There are many situations which pose a severe hazard to the
users. Everyone may not have the required biometric traits. For
example in hand geometry, an individual might be missing a
digit which might prevent the individual from using it.
Physically challenged persons may be inhibited in using the
Biometric Authentication systems. Environment and physical
design vary and due to that users may be requested to undergo
multiple scans as indicated in Fig.4 [12]. As Biometrics are
deployed in multiple locations the positioning of the sensor or
accessibility relative to the individual and its surrounding
environment can have important effects on the system’s
performance. In Iris Recognition systems the user is expected
to be in close contact with the sensor which is installed in
different heights for the user. Since it is used by everyone, and
frequent scans are required, if they are used in a common place
like airports, health issues have to be addressed.
Fig. 4 Multiple scans requirement
Behavioural biometrics require a user to perform a
particular trait which will be a concern if it is to be placed in
such common places where users will access them frequently.
3. Performance Limitations
Biometrics does not provide unique identification. The
matching process is probabilistic and is subject to statistical
error. A mistaken identification or verification where the
wrong person is matched against an enrolled user is termed a
False Acceptance and the rate at which these occur is the False
Acceptance Rate (FAR). Conversely, an error that occurs
where a legitimate user fails to be recognised is termed a False
Rejection and the corresponding rate is the False Rejection
Rate (FRR). These errors are dependent not only on the
technology but also on the application and the environment of
use. FAR and FRR errors [3] are influenced by numerous
factors including:
• Uniqueness of biometric features
• Capture device
• Algorithm
• Environmental interference (lighting, noise etc.)
• User population (demographics, employment, etc.)
• User behaviour (attitude, cooperation etc.)
FAR and FRR are dependent on the adjustable adopted
threshold. If we increase the value of threshold, the proportion
FAR will increase, while FRR will decrease. (see Fig.5)
Fig.5 FAR-FRR
When we decrease the value of threshold, the proportion
FAR will decreases, while FRR increases. This dependence is
illustrated in Figure 2.2.3.False Accept errors represent a
direct security threat that is roughly analogous with chance
attacks against password/PIN systems. Suggested
interpretation of security strength in terms of FAR are as
shown in Table 1:
TABLE I
FAR LEVELS
FAR Strength
1 in 100 Basic
1 in 10000 Medium
1 in 1000000 High
False Reject errors are not a direct security threat though
they may cause the system to be unusable if they are excessive.
There are two more metrics for evaluating the performance
of Biometrics. They are: 1) mistaking biometric measurements
from two different persons to be from the same person (called
false match) and 2) mistaking two biometric measurements
from the same person to be from two different persons (called
false non match).These two types of errors are often Termed
as false accept and false reject, respectively. There is a
tradeoff between false match rate (FMR) and false Non match
rate (FNMR) in every biometric system. In fact, Both FMR
and FNMR are functions of the system threshold; if is
5
decreased to make the system more tolerant to input variations
and noise, then FMR increases.
The accuracy requirements of a biometric system are
Application dependent. Consider the following example: In a
Digital Rights Management (DRM) application [8] involving
high-security top secret Documents (e.g., in a nuclear reactor),
the administration may want to ensure that all such documents
are accessed only by authorized users. Further, unauthorized
users should have a very little chance of accessing the
documents. The requirement here translates to small FMR that
may typically mean a large FNMR. In a less secure
environment, the primary objective of the DRM system design
may be user convenience and user-friendly interface. That is, a
user does not want to use engineered authentication systems
(e.g., requiring badges or RFID tags) and would like to have
reliable pervasive access to the documents. In this application,
since user convenience is the primary criterion, the FNMR at
the chosen operating point should be small, which may result
in a large FMR.
V. DATA HIDING AND ENCRYPTION
The minutiae template residing in the database is one of the
focal point of attack. One method proposed to protect the
template is Steganography, wherein the template is embedded
in another image. Each steganographic communication system
consists of an embedding algorithm [11] and an extraction
algorithm. To accommodate a secret message, the original
image, also called the cover-image, is slightly modified by the
embedding algorithm. As a result, the stego-image is obtained.
In order to illustrate how image embedding works, a very
simple method, known as least significant bit (LSB)
substitution is used. It consists of the extraction of the LSB
and its replacement by the information that you want to hide. It
is interesting to observe the noisy aspect of the lower bits, and
their small contribution to the final luminance. For gray-scale
images encoded at 8 bits per pixel, the luminance (I), of each
pixel can be represented in terms of bits (b) as in (1) :
I = b7 * 2 7 + b6 * 2 6 + b5 * 2 5 + b 4 * 2 4
(1)
+ b 3 * 2 3 + b 2 * 2 2 + b1 * 2 1 + b 0
and the LSB ‘b0’ can be replaced without altering significantly
the image quality. The difference between the new values and
the old ones is very small, so it is difficult, if not impossible,
for the human eye to identify any difference from the original
picture.
The choice of cover-images is important because it
significantly influences the design of the stego system and its
security. Images with a low number of colors, computer art,
images with a unique semantic content, such as fonts, should
be avoided. Aura [7] recommends grayscale images as the
best cover-images. He also recommends uncompressed scans
of photographs or images obtained with a digital camera
containing a high number of colors, and considers them safest
for steganography.
In order to enhance this method, two techniques have been
used:
1. The header (containing information for the hidden file,
such as its size and filename) and the file to be hidden are
encrypted with an encryption algorithm [2], using the
password given, before being written in the picture.
2. The minutiae image bits [4] are not written in a linear
fashion; Instead, a pseudo-random number generator (PRNG)
is used to choose the place to write each bit. The values given
by the pseudo-random number generator depend on the
password, so it is not possible for someone trying to read the
secret data to get the hidden file (not even the encrypted
version) without knowing the password.
Fig 6. The minutiae (b) is embedded in the input cover image
(a) using LSB embedding. The minutiae is encrypted and then written
in input cover image in pseudorandom fashion. The final stego image
(c) is shown.
This final image as shown in Fig. 6 can be stored in smart
cards and during authentication, the minutiae will be extracted
from the cover image. The cover image can be the photo of the
person, so it will provide visual authentication also.
VI. CONCLUSION
Biometric systems provide better and stronger
authentication than conventional passwords. But there are
many threats and vulnerabilities to Biometric systems which
have been discussed in this paper. With the wide spread
utilization of biometric identification systems, establishing the
authenticity of biometric data itself has emerged as an
important research issue. In this paper, a method based on
Steganography has been suggested to protect the template.
Two techniques, namely encryption and PRNG based
embedding are used in LSB embedding to enhance its security.
Additional focus has been given to Performance Evaluation,
Ergonomics and Loss of Privacy, the issues of concern in
future. These issues have to be addressed to make the
Biometric authentication a secure and convenient one.
VII. ACKNOWLEDGMENT
I am grateful to my respected guide Dr. Ila Vennila,
Assitant Professor, Department of Electrical and Electronics
Engineering, PSG College of Technology and all the authors
in the references in the list on their valuable work given in
their respective papers.
VIII. REFERENCES
[1] A. Ross, J. Shah and A. K. Jain, "From Template to Image:
Reconstructing Fingerprints From Minutiae Points," IEEE Transactions
on Pattern Analysis and Machine Intelligence, Special Issue on
Biometrics, Vol. 29, No. 4, pp. 544-560, April 2007.
[2] U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, "Biometric
Cryptosystems: Issues and Challenges", Proceedings of the IEEE,
Special Issue on Enabling Security Technologies for Digital Rights
Management, Vol. 92, No. 6, June 2004.
[3] P. J. Phillips, P. Grother, R. J. Micheals, D. M. Blackburn, E. Tabassi,
and J.M. Bone, "FRVT 2002: Evaluation Report", March 2003
Available: http://www.frvt.org/DLs/ FRVT_2002_ Evaluation_Report
.pdf.
[4] N. Ratha, J. H. Connell, and R. M. Bolle, “An analysis of minutiae
matching strength,” in Proc. Audio and Video-based Biometric Person
Authentication(AVBPA), pp.223– 228, (Halmstad, Sweden), June2001.
[5] U.K. Biometric Working Group, “Biometric security concerns,”
Technical Report, CESG, September 2003. Available:
http://www.cesg.gov.uk/site/ast/ biometrics/media/ Biometric Security
Concerns.pdf.
[6] S. Pankanti, S. Prabhakar, and A. K. Jain, "On the Individuality of
Fingerprints", IEEE Transactions on Pattern Analysis and Machine
Intelligence, Vol. 24, No. 8, pp. 1010-1025, August 2002.
[7] Aura, T.: Practical Invisibility in Digital Communication. In: Anderson,
R.J. (eds.): Information Hiding: 1st International Workshop. Lecture
Notes in Computer Science, Vol.1174. Springer-Verlag, Berlin
Heidelberg New York (1996) 265 278
[8] Lee Gomes, "Can Facial Recognition Help Snag Terrorists?” The Wall
Street Journal, September 27, 2001.
[9] U.Uludag and A.K.Jain .Attacks on biometric b systems : A case study
in fingerprints. In Proc.of SPIE, Security, Steganography and
Watermarking Of Multimedia Contents VI, volume 5306, pages 622–
633, 2004.
[10] K. I. Chang, K. W. Bowyer, and P. J. Flynn. An Evaluation of
Multimodal 2D+3D Face Biometrics. IEEE Transactions on Pattern
Analysis and Machine Intelligence,27(4):619–624,April 2005
[11] Johnson, N.F., Duric, Z., and Jajodia, S.: Information Hiding:
Steganography and Watermarking - Attacks and Countermeasures.
Kluwer Academic Publishers, Boston Dodrecht London (2000)
[12] Arun Ross An introduction to Multibiometrics,15th European signal
Processing Conference (EUSIPCO), Poland, September 2007
About the Author -- S.Brindha received M.E degree in Applied
Electronics in the year 2006 from PSG College of Technology, Coimbatore,
Tamilnadu, India. She is a Life Member of ISTE and Advanced Computing
Society (ACS). Her areas of interest include Biometric Security and Mobile
Adhoc Networks. She is currently Lecturer and Head In-charge of Computer
Networking Department at PSG Polytechnic College.