On the Leakage of Fuzzy Matchers

In a biometric recognition system, the matcher compares an old and a fresh template to decide if it is a match or not. Beyond the binary output (`yes' or `no'), more information is computed. This paper provides an in-depth analysis of information leakage during distance evaluation, with an emphasis on threshold-based obfuscated distance (\textit{i.e.}, Fuzzy Matcher). Leakage can occur due to a malware infection or the use of a weakly privacy-preserving matcher, exemplified by side channel attacks or partially obfuscated designs. We provide an exhaustive catalog of information leakage scenarios as well as their impacts on the security concerning data privacy. Each of the scenarios leads to generic attacks whose impacts are expressed in terms of computational costs, hence allowing the establishment of upper bounds on the security level.Comment: Minor correction