Abstract
Practical cancelable biometrics (CB) schemes should satisfy the requirements of revocability, non-invertibility, and non-linkability without deteriorating the matching accuracy of the underlying biometric recognition system. In order to bridge the gap between theory and practice, it is important to prove that new CB schemes can achieve a balance between the conflicting goals of security and matching accuracy. This paper investigates the security and accuracy trade-off of a recently proposed local ranking-based cancelable biometrics (LRCB) scheme for protecting iris-codes. First, the irreversibility of the LRCB is revisited and a new attack for reversing the LRCB transform is proposed. The proposed attack utilizes the distribution of order statistics for discrete random variables to reverse the protected rank values and obtain a close approximation of the original iris template. This ranking-inversion attack is then utilized to realize authentication, record multiplicity, and correlation attacks against the LRCB transform. Our theoretical analysis shows that the proposed reversibility attack can recover more than 95% of the original iris-code bits and the proposed correlation attack can correctly correlate two templates 100% of the time for the parameter setting that retain the recognition accuracy of the underlying iris recognition system. The validity of the proposed attacks is verified using the same iris dataset adopted by the authors of the LRCB scheme. Experimental results support our theoretical findings and demonstrate that the security properties of irreversibility and non-linkability can only be fulfilled at the expense of significant and impractical degradation of the matching accuracy.
Highlights
Biometric technologies are increasingly being used in a wide variety of applications such as authentication systems, healthcare applications, and border control, due to their usability, efficiency, and reliability [1]
AUTHENTICATION ATTACK the analysis described in section III showed that we cannot obtain the original iris template x in its entirety from a protected template generated using local ranking-based cancelable biometrics (LRCB), it is possible to obtain a close approximation of x that is sufficiently similar to spoof the authentication system
In this paper, we presented a security analysis of a local ranking based cancelable biometrics (LRCB) scheme recently proposed by Zhao et al [6]
Summary
Biometric technologies are increasingly being used in a wide variety of applications such as authentication systems, healthcare applications, and border control, due to their usability, efficiency, and reliability [1]. Biometrics-based authentication systems are preferred over conventional authentication systems based on passwords and/or tokens as they alleviate password/token management issues. Several security and privacy concerns have been raised as a result of the wide-spread deployment of biometrics in authentication systems [2]. This is mainly because, unlike passwords and token, biometrics cannot be canceled or revoked. If an attacker could manage to compromise a biometric template in one application, it will not be possible to use this biometric characteristic in any other application. If the same biometric characteristic is employed in several applications, users can be tracked by cross-matching biometric databases in these applications
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
