9 research outputs found
On the Security Risk of Cancelable Biometrics
Over the years, a number of biometric template protection schemes, primarily
based on the notion of "cancelable biometrics" (CB) have been proposed. An
ideal cancelable biometric algorithm possesses four criteria, i.e.,
irreversibility, revocability, unlinkability, and performance preservation.
Cancelable biometrics employed an irreversible but distance preserving
transform to convert the original biometric templates to the protected
templates. Matching in the transformed domain can be accomplished due to the
property of distance preservation. However, the distance preservation property
invites security issues, which are often neglected. In this paper, we analyzed
the property of distance preservation in cancelable biometrics, and
subsequently, a pre-image attack is launched to break the security of
cancelable biometrics under the Kerckhoffs's assumption, where the cancelable
biometrics algorithm and parameters are known to the attackers. Furthermore, we
proposed a framework based on mutual information to measure the information
leakage incurred by the distance preserving transform, and demonstrated that
information leakage is theoretically inevitable. The results examined on face,
iris, and fingerprint revealed that the risks origin from the matching score
computed from the distance/similarity of two cancelable templates jeopardize
the security of cancelable biometrics schemes greatly. At the end, we discussed
the security and accuracy trade-off and made recommendations against pre-image
attacks in order to design a secure biometric system.Comment: Submit to P
A Cryptanalysis of Two Cancelable Biometric Schemes based on Index-of-Max Hashing
Cancelable biometric schemes generate secure biometric templates by combining
user specific tokens and biometric data. The main objective is to create
irreversible, unlinkable, and revocable templates, with high accuracy in
matching. In this paper, we cryptanalyze two recent cancelable biometric
schemes based on a particular locality sensitive hashing function, index-of-max
(IoM): Gaussian Random Projection-IoM (GRP-IoM) and Uniformly Random
Permutation-IoM (URP-IoM). As originally proposed, these schemes were claimed
to be resistant against reversibility, authentication, and linkability attacks
under the stolen token scenario. We propose several attacks against GRP-IoM and
URP-IoM, and argue that both schemes are severely vulnerable against
authentication and linkability attacks. We also propose better, but not yet
practical, reversibility attacks against GRP-IoM. The correctness and practical
impact of our attacks are verified over the same dataset provided by the
authors of these two schemes.Comment: Some revisions and addition of acknowledgement
Near-collisions and their Impact on Biometric Security
Biometric recognition encompasses two operating modes. The first one is
biometric identification which consists in determining the identity of an
individual based on her biometrics and requires browsing the entire database
(i.e., a 1:N search). The other one is biometric authentication which
corresponds to verifying claimed biometrics of an individual (i.e., a 1:1
search) to authenticate her, or grant her access to some services. The matching
process is based on the similarities between a fresh and an enrolled biometric
template. Considering the case of binary templates, we investigate how a highly
populated database yields near-collisions, impacting the security of both the
operating modes. Insight into the security of binary templates is given by
establishing a lower bound on the size of templates and an upper bound on the
size of a template database depending on security parameters. We provide
efficient algorithms for partitioning a leaked template database in order to
improve the generation of a master-template-set that can impersonates any
enrolled user and possibly some future users. Practical impacts of proposed
algorithms are finally emphasized with experimental studies
PBio: Enabling Cross-organizational Biometric Authentication Service through Secure Sharing of Biometric Templates
Prior works in privacy-preserving biometric authentication mostly focus on the following setting. An organization collects users\u27 biometric data during registration and later authorized access to the organization services after successful authentication. Each organization has to maintain its own biometric database. Similarly each user has to release her biometric information to multiple organizations; Independently, government authorities are making their extensive, nation-wide biometric database available to agencies and organizations, for countries that allow such access. This will enable organizations to provide authentication without maintaining biometric databases, while users only need to register once. However privacy remains a concern. We propose a privacy-preserving system, PBio, for this new setting. The core component of PBio is a new protocol comprising distance recoverable encryption and secure distance computation. We introduce an encrypt-then-split mechanism such that each of the organizations holds only an encrypted partial biometric database. This minimizes the risk of template reconstruction in the event that the encrypted partial database is recovered due to leak of the encryption key. PBio is also secure even when the organizations collude. A by-product benefit is that the use of encrypted partial templates allows quicker rejection for non-matching instances. We implemented a cloud-based prototype with desktop and Android applications. Our experiment results based on real remote users show that PBio is highly efficient. A round-trip authentication takes approximately 74ms (desktop) and 626ms (Android). The computation and communication overhead introduced by our new cryptographic protocol is only about 10ms (desktop) and 54ms (Android)
Iris Template Protection Based on Local Ranking
Biometrics have been widely studied in recent years, and they are increasingly employed in real-world applications. Meanwhile, a number of potential threats to the privacy of biometric data arise. Iris template protection demands that the privacy of iris data should be protected when performing iris recognition. According to the international standard ISO/IEC 24745, iris template protection should satisfy the irreversibility, revocability, and unlinkability. However, existing works about iris template protection demonstrate that it is difficult to satisfy the three privacy requirements simultaneously while supporting effective iris recognition. In this paper, we propose an iris template protection method based on local ranking. Specifically, the iris data are first XORed (Exclusive OR operation) with an application-specific string; next, we divide the results into blocks and then partition the blocks into groups. The blocks in each group are ranked according to their decimal values, and original blocks are transformed to their rank values for storage. We also extend the basic method to support the shifting strategy and masking strategy, which are two important strategies for iris recognition. We demonstrate that the proposed method satisfies the irreversibility, revocability, and unlinkability. Experimental results on typical iris datasets (i.e., CASIA-IrisV3-Interval, CASIA-IrisV4-Lamp, UBIRIS-V1-S1, and MMU-V1) show that the proposed method could maintain the recognition performance while protecting the privacy of iris data
Instant Privacy-Preserving Biometric Authentication for Hamming Distance
In recent years, there has been enormous research attention in privacy-preserving biometric authentication, which enables a user to verify him or herself to a server without disclosing raw biometric information. Since biometrics is irrevocable when exposed, it is very important to protect its privacy. In IEEE TIFS 2018, Zhou and Ren proposed a privacy-preserving user-centric biometric authentication scheme named PassBio, where the end-users encrypt their own templates, and the authentication server never sees the raw templates during the authentication phase. In their approach, it takes about 1 second to encrypt and compare 2000-bit templates based on Hamming distance on a laptop. However, this result is still far from practice because the size of templates used in commercialized products is much larger: according to NIST IREX IX report of 2018 which analyzed 46 iris recognition algorithms, size of their templates varies from 4,632-bit (579-byte) to 145,832-bit (18,229-byte).
In this paper, we propose a new privacy-preserving user-centric biometric authentication (HDM-PPBA) based on Hamming distance, which shows a big improvement in efficiency to the previous works. It is based on our new single-key function-hiding inner product encryption, which encrypts and computes the Hamming distance of 145,832-bit binary in about 0.3 seconds on Intel Core i5 2.9GHz CPU. We show that it satisfies simulation-based security under the hardness assumption of Learning with Errors (LWE) problem. The storage requirements, bandwidth and time complexity of HDM-PPBA depend linearly on the bit-length of biometrics, and it is applicable to any large templates used in NIST IREX IX report with high efficiency
Preimage Attack on BioHashing
International audienceBiometric recognition is more and more employed in authentication and access control of various applications. Biometric data are strongly linked with the user and do not allow revocability nor diversity, without an adapted post-processing. Cancelable biometrics, including the very popular algorithm BioHashing, is used to cope with the underlying privacy and security issues. The principle is to transform a biometric template in a BioCode, in order to enhance user privacy and application security. These schemes are used for template protection of several biometric modalities, as fingerprints or face and the robustness is generally related to the hardness to recover the original biometric template by an impostor. In this paper, we propose to use genetic algorithms to approximate the original biometric feature and spoof the authentication system. We show through experimental results on fingerprints the efficiency of the proposed attack on the BioHashing algorithm, by approximating the original FingerCode, given the seed and the corresponding BioCode