A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.

翻译：生物特征识别系统可运行于两种不同模式：身份识别或身份验证。在第一种模式下，系统通过搜索所有用户已注册模板中的匹配项来识别个体。在第二种模式下，系统通过比较新提供的模板与已注册模板来验证用户的身份声明。生物特征变换方案通常生成更适合密码学方案处理的二进制模板，其比较基于泄露两个生物特征模板相似度信息的距离度量。通过识别阈值调整实验确定的误匹配率与误不匹配率共同定义了识别精度，进而决定系统的安全性。据我们所知，少有研究在最小信息泄露（即与阈值比较的二元结果）情况下提供安全性的形式化分析。本文聚焦于可在在线与离线场景下执行的、同时适用于身份识别与身份验证模式的非针对性攻击。一方面，我们基于生物特征系统的精度指标展开分析，利用误匹配率（FMR）与误识别率（FPIR）给出非针对性攻击的复杂度，以评估系统的安全性。通过研究这些度量下的近碰撞行为，我们能够在给定FMR条件下估算数据库中保持安全性与精度的最大用户数量，并在文献中的系统上验证该结果。另一方面，我们基于概率建模评估生物特征系统的理论安全极限。通过分析该度量空间及系统参数（模板大小、阈值与数据库规模），我们得出非针对性攻击的复杂度与近碰撞发生概率。