Shinsuke Ohtsuka
, Satoshi Kawamoto
, Shigeru Takano
, Kensuke Baba
and Hiroto Yasuura
Graduate School/Faculty of Information Science and Electrical Engineering, Kyushu University
Motooka 744, Nishi-ku, Fukuoka, 819-0395, Japan
Biometrics, authentication, mobile system, spoofing.
Individual authentication technologies are essential for electronic systems as social infrastructures. Especially,
biometrics-based authentication has been receiving increasing attention and is expected to be implemented on
systems with portable devices such as mobile phones for realizing more useful services. The most important
problem in biometrics-based authentication is to prevent a leakage of biological information. This paper
focuses on the leakage which enables a spoofing and consider two cases, a leakage from data stored in a server
for verification of biological information and a leakage by a cheating detection. This paper proposes a solution
by applying a function to biological information and shows the properties required for the function to solve
the problem. Moreover, this paper proposes an idea of biometrics-based authentication system with portable
devices which is provided a function to capture biological information.
Personal authentication has been one of the most im-
portant and fundamental techniques in our life as per-
sonal identification has become more common be-
cause of the requirement of certification of ATM
cards, management of entering and leaving room or
buildings, airport security system, and so on. Espe-
cially, as one of the techniques for identifying a per-
son, biometrics-based authentication has attracted at-
tention among many researchers in cryptography and
computer security. This technique identifies a person
by analysis of his/her physical characteristics which
are called “biometric information” and is generally
considered to be able to develop robust system against
counterfeit attack thanks to their uniqueness and per-
manence. Furthermore, by introducing biometric au-
thentication to a system based on mobile terminal de-
vices and the internet, more useful and effective ser-
vices can be rendered to the users for mobile commu-
One of the most important problem in biometric
authentication is to prevent the leakage of biometric
information. To solve this problem, we have to pay
attention to privacy concerns. Moreover, we need to
be concerned that it is possible to create a counterfeit
of a part of a living body (Matsumoto et al., 2002).
In a certain authentication, a “prover” is the entity
which is to prove that s/he is a particular user and a
“verifier” is the entity which is to verify the proof.
Here we assume that secure communications includ-
ing destination certifications are available by proper
cryptographic technologies. And then, we do not con-
sider the leakage of biometric information in daily
life which is not concerned with procedure for per-
sonal authentication. And yet, under the above as-
sumptions, it is conceivable that we can easily pro-
duce the leakage of biological information by guess-
ing from verifier’s information or biometric observa-
tion by fake verifier.
We propose the following method for solving the
above problems. First, about the leakage of biometric
information by guessing from verifier’s information,
we can solve it by applying the idea of “cancellable
biometrics (Ratha et al., 2001)”. Now, we assume the
case that the prover registers biometric information,
which is observed in advance, as a “template” to the
verifier. The main idea of cancelable biometrics is
to apply a transformation, which is difficult to recon-
struct the original information, to the observed bio-
Ohtsuka S., Kawamoto S., Takanoâ
A ˛a S., Babaâ
A ˛a K. and Yasuuraâ
a H. (2008).
In Proceedings of the International Conference on Security and Cryptography, pages 99-102
DOI: 10.5220/0001927300990102
metric information so that the template can be can-
celled. In short, by the transformation, the original
biometric information remains secure even if there is
a leakage of the template by security attacks. How-
ever, by pretending to be the verifier and observing
the living body directly, one can obtain the original
biometric information before the transformation is ap-
plied. This problem can be solved by using a mobile
terminal with an ability for the biometric observation.
If the mobile terminal is managed by a prover and
the malware threat can be prevented, by applying an
irreversible transformation to the observed biometric
information on this terminal, one cannot reconstruct
the original information by using every output of the
Firstly, in this paper, we propose a model of
biometric-based authentication for the purpose of
clarifying the above problems. In our proposed
model, to consider the possibility of an unjust ob-
servation of biometric information, “scanner” is ex-
pressly formulated as an entity collecting biometric
information by analyzing human body. To prevent
the leakage of biometric information from the veri-
fier’s information, we have some requirements for the
transformation which is applied to the biometric in-
formation. These requirements are corresponding to
the property of the transformation to realize cance-
lable biometrics in the paper (Ratha et al., 2001). By
applying such a transformation to the biometric infor-
mation under the management of the prover,the effect
is useful clearly for an unjust biometric observation.
This paper shows clearly that our approach can
prevent the leakage of biometric information by using
cancelable biometrics. Then, applying our method to
a biometric-based authentication based on mobile ter-
minal, we also illustrate to have the effect to prevent
another possible type of leakage. Finally, we discuss
the implementation about our method and present the
problems of the biometric-based authentication using
mobile terminal.
In this section, a model of biometrics-based authen-
tication is introduced to bring out the problem we
tackle in this paper. Σ and N denote the alphabet and
the set of nonnegative integers, respectively.
2.1 A Model
In this paper, we consider identification of a user as
authentication. Each of the users who can be a tar-
get of authentication is denoted by u
, u
, . . . U. In
a trial of authentication, a prover is the entity which
is to prove that the prover is a particular user and a
verifier is the entity which is to verify the proof. We
consider a model with a single verifier in the rest of
this paper. The atomic procedure of authentication is
that the prover submits a string w to the verifier, and
the verifier decides who the prover is in U.
A key feature of our model is that biological infor-
mation as digital sequences is distinguished from the
living body of a target user, which enables us to ex-
amine leakage of biological information from a cheat-
ing scanner which detects biological information. The
following argument does not depend on a kind of the
part of a living body for biometrics-based authentica-
tion, therefore we regarda living body as the user who
has it. A piece of biological information is a string
over Σ and the set of the pieces of biological informa-
tion of u
U is B
. For R N, a scanner is a
function f :U × R Σ
which outputs a piece of bio-
logical information from a living body and a variable.
Intuitively, this is modeling the situation that several
kinds of biological information (in a sense of digital
sequences) can be detected from a single living body.
Then, the protocol of authentication is the following.
Protocol 1. (1) The prover puts u U on the scanner;
(2) the scanner computes f(u, r) for an r R;
(3) the scanner sends f (u, r) as w to the verifier;
(4) the verifier regards the prover as u
U if and only
if w B
In the previous protocol we are considering iden-
tification with no “ID”, that is, the verifier does not
know who the prover is (or insists) at the step (4). In
the case where the prover sends his ID first, u from
the step (1) to (3) are replaced to u
Now, we ignore a decline of an accuracy of au-
thentication which is caused by the obscurity of bio-
logical information.
Assumption 1. For any 1 i, j |U|, B
= { f(u
, r) |
r R} and B
0 if i 6= j.
In practical systems of biometrics-based authentica-
tion, biological information as purely scanned data is
usually large, and hence it is not practical that the ver-
ifier holds the B
to examine whether w B
. The
straightforward method to solve this problem is con-
sidering a function g which is defined by an idea of a
distance on strings and a threshold c with respect to
a string t
. t
is called a template of u
. Now, we ig-
nore a decline of an accuracy of authentication which
SECRYPT 2008 - International Conference on Security and Cryptography
is caused by definition of a template and a distance on
Assumption 2. There exist g : Σ
N and c N
such that {b| g(t
, b) c, b Σ
} = B
for any 1 i
2.2 Problems
The problem we consider is a spoofing which is
caused by leaked biological information. In fact, in
some practical systems, it is possible to make a fake
or artificial living-body from a piece of biological in-
formation (Matsumoto et al., 2002). Therefore, we as-
sume the following in terms of the model introduced
in the previous subsection.
Assumption 3. For any 1 i |U|, a single b B
enable to make u such that f(u, r) B
for r R.
Some cases of leakage of biological information
caused by man-made factor (such as, carelessness of
a verifier or a cheating verifier) are out of the scope
of cryptographic technologies. On the assumption of
the secure path by suitable cryptographic technolo-
gies, we focus on the following cases of the leakage:
leakage of a template at the verifier,
leakage of a piece of biological information at the
In usual systems, a template is obtained by a rea-
sonable feature-extraction based on biology from
scanned biological information or is exactly the infor-
mation. In this situation, biological information can
be estimated from a leaked template and it enables a
spoofing as the user of the template.
On our model, the naive method to decide a tem-
plate is expressed by the condition that any element
in B
can be t
. Moreover, a straightforward feature-
extraction enables an estimation of the definition of
the distance, that is, we should assume g to be open.
Therefore, the essential point of the former case of the
leakage is that an element of B
can be estimated from
by Assumption 2 even if B
cannot be obtained ex-
actly. The latter case is exactly the leakage of b B
Thus, by Assumption 3 these cases enable the spoof-
To solve the problems in the previous section, we pro-
pose solutions by modifying biological information.
The modification is expressed on the proposed model
as a function from a string to a string with some prop-
erties. Moreover,we consider the entity which should
apply the function to biological information.
3.1 Leakage of Template at Verifier
The problem of a spoofing by a leakage of a tem-
plate from the verifier is expressed on the proposed
model as that an element of B
can be estimated from
. In conclusion, this problem is solved by applying
a generalized idea of “cancelable biometrics (Ratha
et al., 2001)”, although the original idea is proposed
to enable changing a template rather than to prevent
a spoofing by a template. In fact, the results of this
subsection are obtained by interpreting the argument
in (Ratha et al., 2001) into our model.
We consider to prevent a spoofing using t
by ap-
plying a function φ : Σ
to biological informa-
tion. Let t
= φ(b) for a b B
. The prover (who has
a living body) u
submits φ(b
) for b
as w to the
verifier. Then, on Assumption 1 and 2, the condition
for realizing identification is described as the follow-
ing property of φ.
Condition 1. There exists g
such that, for any p, q
, g
(φ(p), φ(q)) c if and only if g(p, q) c.
If we consider to add a step for applying φ into
Protocol 1, the possibility is only between the step (2)
and (3). Therefore, we assume that the scanner has a
suitable function for it, that is, the scanner is redefined
to be another function f φ and whether f (u, r) B
is examined by φ(f(u, r)) on the previous condition.
Protocol 2. (1) The prover puts u U on the scanner;
(2) the scanner computes φ( f(u, r)) for an r R;
(3) the scanner sends φ( f(u, r)) as w to the verifier;
(4) the verifier regards the prover as u
U if and only
if φ
(w) B
Now, we do not assume any confidentiality of g
for preventing the spoofing. Then, a spoofing using t
can be prevented if φ has the following property.
Condition 2. For any p Σ
, it is difficult to find q
such that p = φ(q) for p.
On the previous condition, the verifier does not al-
ways have the result of φ
(w) at the step (4) in Pro-
tocol 2. Formally, we have to refer the idea of “com-
putational indistinguishability (Goldreich, 2001)” for
the definition of the word “difficult”. However, in
some practical systems the properties of Condition 1
and 2 are not required strictly. The former guaran-
tees the property of a kind of “collision-free” and the
latter is the property of “one-way”. On Condition 1,
if a simple idea of distance is used as g
, then an at-
tack based on “hill-climbing successes. Namely, in a
search of q such that p = φ(q) for a given p Σ
, it is
possible to have an r such that g(q, r) < g(q, r
) by
considering whether g
(φ(q), φ(r)) < g
(φ(q), φ(r
recursively. This situation contradicts to Condition 2
in a strict sense. One of the solutions for this problem
is to use a complex function as g
. To find a suitable φ
with g
is one of the difficulties for realizing a practi-
cal system based on the idea of cancelable biometrics.
3.2 Leakage of Biological Information
at Scanner
As mentioned in Subsection 2.2, the same problem as
the case of a leakage of a template is caused by a leak-
age of a piece of biological information at the scanner.
Applying a function which has the properties of Con-
dition 1 and 2 can preventa spoofing using a template.
However, if we consider a leakage of a piece of bio-
logical information at the scanner, we can not have
the effect of this solution in systems of a naive imple-
mentation of this idea. We have to analyze the pro-
tocol from the viewpoint of the entity which should
apply the function to biological information.
In practical systems with biometrics-based au-
thentication such as a door access control system or
an ATM, the scanner is usually managed by the prover
as a part of the system. The prover cannot avoid a risk
of the leakage of his biological information as long as
he has to put his living body on a scanner which is not
A simple solution is that the prover manages the
scanner and the function. In this case, the prover out-
puts only the result of φ( f(u, r)) and hence f(u, r)
cannot be obtained from it by Condition 2. Therefore,
a system based on this idea can prevent a leakage of
b B
which enables a spoofing as u
. A difficulty of
this solution is how to implement a system with this
idea. It is natural to consider a PDA or a mobile phone
as the scanner which is managed by the prover since
the devices have suitable functions for the computa-
tion of the functions, the scan of biological informa-
tion, and the communication with other entity. Thus,
it is useful in preventing spoofing in biometrics-based
authentication systems to implement the functions to
scan some kinds of living bodies on portable devices
besides a camera and a microphone.
The assumption that the prover manages f and φ
yields another problem by “duplicated packet” or a
kind of “replay attack”. Namely, in the step (3) in Pro-
tocol 2, the private scanner can send an old φ(f(u, r))
as w. A simple solution for this problem is that the
verifier adds w which was accepted once into a neg-
ative list for the examination of w B
. The essen-
tial solution is to recognize information which is in-
trinsic to living bodies, which is realized by using
a special part of biological information such as in-
formation of a reflex action or applying the idea of
“zero-knowledge (Goldreich, 2001) into the detec-
tion at a scanner. To realize a function to recognize
living bodies is one of the most important problems
for biometrics-based authentication. Besides to find
a part of a living body which contains information to
enable the recognition of living body, it is also useful
to apply the idea of “challenge and response (Delfs
and Kneble, 2002)” into scanners on portable devices,
for example, a camera with a special kind of flash.
Note that this realizes authentication by the verifier of
the prover instead of his portable device.
We introduced a model of biometrics-based authen-
tication and made the problem of spoofing by using
leaked biological information clear. We proposed a
solution to apply a function to biological information
and showed the properties required for the function to
solve the problem. Moreover, we proposed an idea
of biometrics-based authentication system with a mo-
bile device which has a function to detect biological
By the analysis of an implementation of the sys-
tem, we can extract the following results: biometrics-
based authentication which is secure against a spoof-
ing can be realized by applying the idea of cancelable
biometrics into a system with portable devices; and
therefore, it is meaningful to implement functions to
capture biological information on portable devices.
This work has been supported by the Grant-in-Aid for
Scientific Research (A) No. 19200004 of the Ministry
of Education, Culture, Sports, Science and Technol-
ogy (MEXT) from 2007 to 2009.
Delfs, H. and Kneble, H. (2002). Introduction to Cryptog-
raphy - Principles and Applications. Springer.
Goldreich, O. (2001). Foundation of Cryptography - Basic
Tools. Cambridge University Press.
Matsumoto, T., Matsumoto, H., Yamada, K., and Hoshino,
S. (2002). Impact of artificial ”gummy” fingers on fin-
gerprint systems. In Proc. SPIE, Optical Security and
Counterfeit Deterrence Techniques IV, volume 4677,
pages 275–289.
Ratha, N. K., Connell, J. H., and Bolle, R. M. (2001). En-
hancing security and privacy in biometrics-based au-
thentication system. IBM System Journal, 40(3).
SECRYPT 2008 - International Conference on Security and Cryptography