The inability of humans to generate and remember strong

secrets makes it difficult for people to manage cryptographic

keys. To address this problem, numerous proposals

have been suggested to enable a human to repeatably

generate a cryptographic key from her biometrics,

where the strength of the key rests on the assumption

that the measured biometrics have high entropy across

the population. In this paper we show that, despite the

fact that several researchers have examined the security

of BKGs, the common techniques used to argue the security

of practical systems are lacking. To address this

issue we reexamine two well known, yet sometimes misunderstood,

security requirements. We also present another

that we believe has not received adequate attention

in the literature, but is essential for practical biometric

key generators. To demonstrate that each requirement

has significant importance, we analyze three published

schemes, and point out deficiencies in each. For example,

in one case we show that failing to meet a requirement

results in a construction where an attacker has a

22% chance of finding ostensibly 43-bit keys on her first

guess. In another we show how an attacker who compromises

a user’s cryptographic key can then infer that

user’s biometric, thus revealing any other key generated

using that biometric. We hope that by examining the pitfalls

that occur continuously in the literature, we enable

researchers and practitioners to more accurately analyze

proposed constructions.

PDF file

In: 17th Annual USENIX Security Symposium

Publisher: USENIX
All copyrights reserved by USENIX 2007

Details