A biometric recognition system can operate in two distinct modes: identification or verification. In the first mode, the system recognizes an individual by searching the enrolled templates of all the users for a match. In the second mode, the system validates a user's identity claim by comparing the fresh provided template with the enrolled template. The biometric transformation schemes usually produce binary templates that are better handled by cryptographic schemes, and the comparison is based on a distance that leaks information about the similarities between two biometric templates. Both the experimentally determined false match rate and false non-match rate through recognition threshold adjustment define the recognition accuracy, and hence the security of the system. To our knowledge, few works provide a formal treatment of security in case of minimal information leakage, i.e., the binary outcome of a comparison with a threshold. In this paper, we focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes. On the first hand, we focus our analysis on the accuracy metrics of biometric systems. We provide the complexity of untargeted attacks using the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems. Studying near-collisions with these metrics allows us to estimate the maximum number of users in a database, given a chosen FMR, to preserve the security and the accuracy. These results are evaluated on systems from the literature. On the other hand, we rely on probabilistic modelling to assess the theoretical security limits of biometric systems. The study of this metric space, and system parameters (template size, threshold and database size), gives us the complexity of untargeted attacks and the probability of a near-collision.

翻译：生物特征识别系统可运行于两种不同模式：身份识别或身份验证。在第一种模式下，系统通过搜索所有用户已注册模板中的匹配项来识别个体。在第二种模式下，系统通过比较新提供的模板与已注册模板来验证用户的身份声称。生物特征变换方案通常生成更适合密码学方案处理的二进制模板，而比较则基于泄露两个生物特征模板相似性信息的距离度量。通过调整识别阈值实验确定的误匹配率与误非匹配率共同定义了识别精度，进而决定了系统的安全性。据我们所知，在最小信息泄露（即与阈值比较的二元结果）场景下，鲜有工作提供安全性的形式化处理。本文重点研究可在在线与离线环境下、以及识别与验证两种模式下实施的非目标攻击。首先，我们聚焦生物特征系统的精度指标分析。通过利用误匹配率（FMR）与误正识别率（FPIR）量化非目标攻击的复杂度，以评估此类系统的安全性。利用这些指标研究近碰撞现象，使我们能够针对给定的FMR值估算数据库中可容纳的最大用户数，从而保障系统安全性与精度。这些结果已在文献中的系统上进行了评估。其次，我们基于概率建模评估生物特征系统的理论安全极限。对该度量空间及系统参数（模板大小、阈值与数据库规模）的研究，给出了非目标攻击的复杂度及近碰撞概率。