Preimage attack on BioHashing

Biometric recognition is more and more employed in authentication and access control of various applications. Biometric data are strongly linked with the user and do not allow revocability nor diversity, without an adapted post-processing. Cancelable biometrics, including the very popular algorithm BioHashing, is used to cope with the underlying privacy and security issues. The principle is to transform a biometric template in a BioCode, in order to enhance user privacy and application security. These schemes are used for template protection of several biometric modalities, as fingerprints or face and the robustness is generally related to the hardness to recover the original biometric template by an impostor. In this paper, we propose to use genetic algorithms to approximate the original biometric feature and spoof the authentication system. We show through experimental results on fingerprints the efficiency of the proposed attack on the BioHashing algorithm, by approximating the original FingerCode, given the seed and the corresponding BioCode.

[1]  David Zhang,et al.  An Analysis on Invertibility of Cancelable Biometrics based on BioHashing , 2005, CISST.

[2]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[3]  Erkay Savas,et al.  Improved Fuzzy Vault Scheme for Fingerprint Verification , 2008, SECRYPT.

[4]  Ali Miri,et al.  A collusion attack on the fuzzy vault scheme , 2009, ISC Int. J. Inf. Secur..

[5]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[6]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[7]  Stelvio Cimato,et al.  Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[8]  B. S. Manjunath,et al.  Texture Features for Browsing and Retrieval of Image Data , 1996, IEEE Trans. Pattern Anal. Mach. Intell..

[9]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[10]  Sonali Patil,et al.  Enhancing Security and Privacy in Biometrics Based Authentication System Using Multiple Secret Sharing , 2015, 2015 International Conference on Computing Communication Control and Automation.

[11]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[12]  Bart Preneel,et al.  Criteria towards metrics for benchmarking template protection algorithms , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[13]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[14]  Darrell Whitley,et al.  A genetic algorithm tutorial , 1994, Statistics and Computing.

[15]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[16]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[17]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[18]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[19]  John Daugman,et al.  New Methods in Iris Recognition , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[20]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[21]  Arjan Kuijper,et al.  Retrieving secrets from iris fuzzy commitment , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[22]  Kiyoung Moon,et al.  Inverse operation and preimage attack on BioHashing , 2009, 2009 IEEE Workshop on Computational Intelligence in Biometrics: Theory, Algorithms, and Applications.

[23]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[24]  Woodie C. Flowers,et al.  A genetic algorithm for resource-constrained scheduling , 1996 .

[25]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[26]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[27]  Ross J. Anderson,et al.  Combining cryptography with biometrics effectively , 2005 .

[28]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[29]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[30]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[31]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[32]  Zhenhua Guo,et al.  Rotation invariant texture classification using adaptive LBP with directional statistical features , 2010, 2010 IEEE International Conference on Image Processing.

[33]  Marina Blanton,et al.  On the (non-)reusability of fuzzy sketches and extractors and security in the computational setting , 2011, Proceedings of the International Conference on Security and Cryptography.

[34]  Qiang Tang,et al.  Extended Private Information Retrieval and Its Application in Biometrics Authentications , 2007, CANS.

[35]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[36]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[37]  David Chek Ling Ngo,et al.  Computation of Cryptographic Keys from Face Biometrics , 2003, Communications and Multimedia Security.

[38]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..