An information theoretic framework is established to analyze the performance of biometric security systems. Two performance metrics, namely privacy, measured by the normalized equivocation rate of the biometric measurements, and security, measured by the rate of the key generated from the biometric measurements, are first defined. A fundamental tradeoff between these two metrics is then identified. The scenario in which a potential attacker does not have side information is considered first. The privacy-security region, which characterizes the above-noted tradeoff, is derived for this case. An important role of common information among random variables is revealed in perfect privacy biometric security systems. The scenario in which the attacker has side information is then considered. Inner and outer bounds on the privacy- security tradeoff are derived in this case.