Exploit the Leak: Understanding Risks in Biometric Matchers

Dorine Chagnon; Axel Durbet; Paul-Marie Grollemund; Kevin Thiry-Atighehchi

doi:10.5220/0013250600003899

Exploit the Leak: Understanding Risks in Biometric Matchers

Dorine Chagnon, Axel Durbet, Paul-Marie Grollemund, Kevin Thiry-Atighehchi

2025

Abstract

In a biometric authentication or identification system, the matcher compares a stored and a fresh template to determine whether there is a match. This assessment is based on both a similarity score and a predefined threshold. For better compliance with privacy legislation, the matcher can be built upon a privacy-preserving distance. Beyond the binary output (‘yes’ or ‘no’), most schemes may perform more precise computations, e.g., the value of the distance. Such precise information is prone to leakage even when not returned by the system. This can occur due to a malware infection or the use of a weakly privacy-preserving distance, exemplified by side channel attacks or partially obfuscated designs. This paper provides an analysis of information leakage during distance evaluation. We provide a catalog of information leakage scenarios with their impacts on data privacy. Each scenario gives rise to unique attacks with impacts quantified in terms of computational costs, thereby providing a better understanding of the security level.

Download

Paper Citation

in Harvard Style

Chagnon D., Durbet A., Grollemund P. and Thiry-Atighehchi K. (2025). Exploit the Leak: Understanding Risks in Biometric Matchers. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 353-362. DOI: 10.5220/0013250600003899

in Bibtex Style

@conference{icissp25,
author={Dorine Chagnon and Axel Durbet and Paul-Marie Grollemund and Kevin Thiry-Atighehchi},
title={Exploit the Leak: Understanding Risks in Biometric Matchers},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={353-362},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013250600003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Exploit the Leak: Understanding Risks in Biometric Matchers
SN - 978-989-758-735-1
AU - Chagnon D.
AU - Durbet A.
AU - Grollemund P.
AU - Thiry-Atighehchi K.
PY - 2025
SP - 353
EP - 362
DO - 10.5220/0013250600003899
PB - SciTePress