CRII: SaTC: Physical Side-Channel Attacks in Biometric System

Biometric traits are permanent and difficult to revoke if compromised, unlike keys or passwords. By requiring the storage of biometric trait measurements (templates) for subjects, biometric systems are vulnerable to violation of user privacy. Unprotected storage of biometric reference data poses severe privacy threats such as identity theft.

Despite recent research in the security of biometric systems, research on physical side-channel attacks in biometric systems are still nascent, especially when compared to cryptographic and information technologies. Although side-channel attacks are well-developed techniques in the information technology security and cryptography fields, they have been understudied in the context of biometric systems.

The project’s novel aspects are developing methodologies such as metrics, deep learning algorithms, protocols, and tools for physical side-channel attacks and countermeasures in biometric systems. This project intends to be a first step towards bridging the knowledge gap between seemingly isolated research field on hardware security and biometric security.

The project's broader significance and importance are improvement of security and privacy of biometric systems against physical side channel attacks followed by protection schemes and involvement in the ongoing biometric evaluation and standardization efforts led by the National Institute of Standards and Technology.

This project offers insights for future biometric designers on how to efficiently take advantage of physical side-channel attack frameworks to recognize vulnerabilities in biometric systems. The project outcomes advance both attack (physical side-channel) and defense mechanism (domain-specific architecture) in biometric systems. The biometric protection scheme is evaluated according to International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) Standard 24745.

Due to the wide adoption of biometric systems in society, this project can have a positive impact on a broad range of activities involving identity cards, border identity checkpoints, and patient authentication in healthcare.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.