Cryptanalysis is the art of deciphering encrypted communications without knowing the proper keys. Some of the more important cryptanalytic techniques are: Cipher text only attack: This is the situation where the attacker does not know anything about the contents of the ...

Users may be concerned that the use of biometric authentication will increase the danger that they will find themselves targeted by ruthless criminals who are intent on gaining entry to the assets protected by the biometric. With non-biometric authentication, cards, keys, and passwords could be stolen and used by criminals without the presence of ...

If details of countermeasures employed in biometric systems are publicised, it may help attackers to avoid or defeat them. Similarly, if attackers know what countermeasures are not employed, this will help them identify potential weaknesses in the system, and direct attacks towards those weak areas. The counter-argument is that public exposure of countermeasures and ...

Many encryption algorithms are publicly available to allow cryptographers to analyse and verify the strength of the encryption. Biometric algorithms are not readily available for review and are thus an unknown factor. Biometric algorithms do not generally fulfil the same purpose as cryptographic algorithms. Rather, they represent the encoding rules for the biometric feature ...

This is a sometimes heard expression of concern about the potential misuse of biometric data stored on central databases. It refers to the threat to privacy that such centralised collections of personal data could pose if compromised. Biometric data are regarded as personal data and hence subject to the controls appropriate to personal data. ...

A digital signature is a block of data that was created using a secret key, and for which a public key can be used to verify that the signature was generated using the corresponding private key. The algorithm used to generate the signature must be such that ...

There are two classes of key-based algorithms, symmetric (or secret-key) and asymmetric (or public-key). The difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key ...

Biometric systems may be initially adequately secure, but become less so with passing time. This could be because critical security parameters such as threshold settings become maladjusted, or sloppy enrolment procedures lead to poor enrolment quality. Some biometric systems are self-adaptive which means that the templates are updated each time a user accesses the ...

Elliptic curve key pairs must be generated during the operation of each of the schemes specified in this document. The key pair generation process requires a secure random or pseudorandom number generator. Design of secure random and pseudorandom number generators is notoriously difficult and implementers should therefore take care to pay attention to ...

This is related to the covert use of biometrics (see “Can my biometric be collected covertly?” previously), and to functional creep in applications. It is important to realise that authentication does not necessarily imply consent, and it is consent which is the issue of concern here. Any application could be affected though the ...

Valuable assets are traditionally protected by secrecy, typically secret passwords. Biometric features are often readily observed and do not possess equivalent secrecy. They may also be captured with varying degrees of difficulty. This is a variation on the spoofing concern. It is certainly true that the source biometric features are not secret, but the ...

Elliptic curve points should be converted to octet strings as described in this section. Informally, if point compression is being used, the idea is that the compressed y-coordinate is placed in the leftmost octet of the octet string along with an indication that point compression is on, and the x-coordinate is placed in ...