It is All in the System's Parameters: Privacy and Security Issues in Transforming Biometric Raw Data into Binary Strings

Research output: Contribution to journalArticlepeer-review


Biometrics traits such as faces, fingerprints, and irises, are becoming prevalent in computer security applications: from authentication systems to identification systems. Given the sensitive nature of biometrics, a great deal of effort is put into protecting the biometric data after it is acquired — from secure sketch and fuzzy extractors to the use of secure multiparty computations (in protocols such as SCiFI or GSHADE). While these solutions make sure that the extracted values (e.g., binary strings or vectors) that correspond to the biometrics are kept privately and securely, their practical implementations are not optimal with respect to privacy guarantees in the process of extracting the information from the raw biometric data. This paper analyses current solutions for protected systems and discusses the existing and potential problems in the security and privacy of their feature extraction and the binarization processes. As an illustrative example, we show a PoC of an attack on a feature extraction solution from facial images, used in several protected systems, and show that it reveals information which is very close to the training image of the user. As we argue in this paper, other solutions provide privacy for the system’s users but make use of external set of biometric data which is often quite large, thus facing privacy and ownership issues associated with the external set of people. The take home message of this paper is: Many of the existing “privacy preserving” solutions neglect the privacy and security aspects of the feature extraction and binarization processes. Hence, we urge future research to close this gap in the security and privacy of biometric systems.

Original languageEnglish
Number of pages9
JournalIEEE Transactions on Dependable and Secure Computing
StatePublished - 2018

Bibliographical note

Publisher Copyright:


  • Binarization
  • Bioinformatics
  • Biometric Systems
  • Biometrics (access control)
  • Data privacy
  • Feature Extraction
  • Feature extraction
  • Privacy
  • Security
  • Training

ASJC Scopus subject areas

  • Electrical and Electronic Engineering


Dive into the research topics of 'It is All in the System's Parameters: Privacy and Security Issues in Transforming Biometric Raw Data into Binary Strings'. Together they form a unique fingerprint.

Cite this