On the Security of BioEncoding Based Cancelable Biometrics

Proving the security of cancelable biometrics and other template protection techniques is a key prerequisite for the widespread deployment of biometric technologies. BioEncoding is a cancelable biometrics scheme that has been proposed recently to protect biometric templates represented as binary strings like iris codes. Unlike other template protection schemes, BioEncoding does not require user-specific keys or tokens. Moreover, it satisfies the requirements of untraceable biometrics without sacrificing the matching accuracy. However, the security of BioEncoding against smart attacks, such as correlation and optimization-based attacks, has to be proved before recommending it for practical deployment. In this paper, the security of BioEncopding, in terms of both non-invertibility and privacy protection, is analyzed. First, resistance of protected templates generated using BioEncoding against brute-force search attacks is revisited rigorously. Then, vulnerabilities of BioEncoding with respect to correlation attacks and optimization based attacks are identified and explained. Furthermore, an important modification to the BioEncoding algorithm is proposed to enhance its security against correlation attacks. The effect of integrating this modification into BioEncoding is validated and its impact on the matching accuracy is investigated empirically using CASIA-IrisV3Interval dataset. Experimental results confirm the efficacy of the proposed modification and show that it has no negative impact on the matching accuracy. key words: template protection, cancelable biometrics, BioEncoding, correlation attacks, optimization based attacks

[1]  Norimichi Tsumura,et al.  BioEncoding: A Reliable Tokenless Cancelable Biometrics Scheme for Protecting IrisCodes , 2010, IEICE Trans. Inf. Syst..

[2]  Libor Masek,et al.  MATLAB Source Code for a Biometric Identification System Based on Iris Patterns , 2003 .

[3]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[4]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[5]  Alex Stoianov,et al.  Chapter 26. Biometric Encryption: The New Breed of Untraceable Biometrics , 2009 .

[6]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[7]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[8]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[10]  Ton Kalker,et al.  On the security of biohashing , 2010, Electronic Imaging.

[11]  Anil K. Jain,et al.  On the security of non-invertible fingerprint template transforms , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[12]  Andy Adler,et al.  Vulnerabilities in Biometric Encryption Systems , 2005, AVBPA.

[13]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[14]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[15]  Berrin A. Yanikoglu,et al.  Realization of correlation attack against the fuzzy vault scheme , 2008, Electronic Imaging.

[16]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[17]  Arjan Kuijper,et al.  Feature Correlation Attack on Biometric Privacy Protection Schemes , 2009, 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[18]  Ann Cavoukian,et al.  Biometric Encryption , 2011, Encyclopedia of Cryptography and Security.

[19]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[20]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[21]  Konstantinos N. Plataniotis,et al.  Biometric Encryption: The New Breed of Untraceable Biometrics , 2010 .