Biometric Masterkeys
This exposes a security flaw in biometric authentication systems, potentially affecting users and system designers, but is incremental as it builds on known vulnerabilities.
The paper tackles the vulnerability of cancelable biometric databases by introducing biometric masterkeys, which are feature vectors that can match many stored templates, and demonstrates their effectiveness on fingerprint and face databases.
Biometric authentication is used to secure digital or physical access. Such an authentication system uses a biometric database, where data are sometimes protected by cancelable transformations. This paper introduces the notion of biometric masterkeys. A masterkey is a feature vector such that the corresponding template matches with a significant number of templates stored in a cancelable biometric database. Such a masterkey is directly researched from a cancelable biometric database, but we also investigate another scenario in which the masterkey is fixed before the creation of the cancelable biometric database, providing additional access rights in the system for the masterkey's owner. Experimental results on the fingerprint database FVC and the face image database LFW show the effectiveness and the efficiency of such masterkeys in both scenarios. In particular, from any given feature vector, we are able to construct a cancelable database, for which the biometric template matches with all the templates of the database.