BioLeak: Side-Channel Analysis of Fingerprint Matching Algorithms

School of Computer Science
University of Birmingham


The use of biometry and in particular fingerprint matching for authenticating users has been repeatedly put forward in the past, but only recently has the idea found widespread application (outside niche use cases) due to the integration in smart phones and tablets. With the increasing use of biometric algorithms,potential attack vectors have been studied in the past years. Most attacks focus on duplicating the user’s features (e.g. fingerprints) from physical traces, photographs, and so on. Since fingerprint matching traditionally was often used in controlled environments (e.g. at a border control point), attacks that require the adversary to have (temporary) physical access to the device that performs the matching were deemed unrealistic. However, with the integration into mobile devices, this assumption no longer holds. In contrast to classical authentication methods (e.g. password or PIN code), biometric authentication faces the issue that, once obtained by an attacker, a biometric feature cannot be replaced (since it is a characteristic of the user’s body). Hence, biometric features in principle need higher protection than e.g. passwords. However, while it is well-studied how to prevent the disclosure of a password if an attacker obtains the password database by using proper hash functions, this is not true for biometric authentication, and fingerprint templates are nowadays often stored as clear text: In 2015, 5.5M fingerprints of US federal employees were stolen, and in 2016, the Philippine voter’s database was breached, resulting in the leak of more than 15M fingerprints. The project therefore has the following goals:

Vacancy: Fully funded PhD studentship in Cyber Security


The School of Computer Science at Birmingham is one of the UK's leading computer science departments. We have a very active security research group and is a GCHQ/ESPRC centre of excellence in cyber security. The project will provide a tax free annual stipend of £22.000 per annum for 3.5 years. The project will additionally cover the college fees, provision for a laptop, equipment, software and travel to attend conferences and summer schools.

Requirements:

How to Apply:

To apply in the first instance you should send: to Garfield Benjamin <g.r.benjamin@cs.bham.ac.uk> including the reference [BIOLEAK] in the subject of the email. Applications will be processed on a rolling basis.

People Involved: