Practical security and privacy attacks against biometric hashing using sparse recovery

Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdoğan, Hakan

doi:10.1186/s13634-016-0396-1

Cited by 26 publications

(13 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This could be achieved by exploiting security vulnerabilities specific to the cancelable transformation scheme or even by using brute-force attacks. Inversion attacks [18], [31], [32] are the most common type of attack against biometric template protection schemes. These attacks aim at reversing the CB transform, utilizing vulnerabilities specific to each CB scheme.…”

Section: A Related Workmentioning

confidence: 99%

On the Practicality of Local Ranking-Based Cancelable Iris Recognition

Ouda

2021

IEEE Access

View full text Add to dashboard Cite

Practical cancelable biometrics (CB) schemes should satisfy the requirements of revocability, non-invertibility, and non-linkability without deteriorating the matching accuracy of the underlying biometric recognition system. In order to bridge the gap between theory and practice, it is important to prove that new CB schemes can achieve a balance between the conflicting goals of security and matching accuracy. This paper investigates the security and accuracy trade-off of a recently proposed local ranking-based cancelable biometrics (LRCB) scheme for protecting iris-codes. First, the irreversibility of the LRCB is revisited and a new attack for reversing the LRCB transform is proposed. The proposed attack utilizes the distribution of order statistics for discrete random variables to reverse the protected rank values and obtain a close approximation of the original iris template. This ranking-inversion attack is then utilized to realize authentication, record multiplicity, and correlation attacks against the LRCB transform. Our theoretical analysis shows that the proposed reversibility attack can recover more than 95% of the original iris-code bits and the proposed correlation attack can correctly correlate two templates 100% of the time for the parameter settings that retain the recognition accuracy of the underlying iris recognition system. The validity of the proposed attacks is verified using the same iris dataset adopted by the authors of the LRCB scheme. Experimental results support our theoretical findings and demonstrate that the security properties of irreversibility and non-linkability can only be fulfilled at the expense of significant and impractical degradation of the matching accuracy.INDEX TERMS Cancelable biometrics, iris recognition, local ranking, order statistics, irreversibility, attacks via record multiplicity, linkability attack.

show abstract

Section: A Related Workmentioning

confidence: 99%

On the Practicality of Local Ranking-Based Cancelable Iris Recognition

Ouda

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…That is, they suffer from the same problems associated with traditional-based authentication systems. In other words, if these random keys are compromised, the False Acceptance Rate (FAR) would increase significantly [24]. Moreover, although the employed non-invertible transforms are much harder to be reversed compared to invertible transforms, it would be much simpler for a skilled attacker to invert the transform and disclose the original features if he/she could gain access to these userspecific factors.…”

Section: Related Workmentioning

confidence: 99%

Effective Combination of Iris-based Cancelable Biometrics and Biometric Cryptosystems

Ouda¹,

Tsumura²,

Nakaguchi³

2019

IJACSA

View full text Add to dashboard Cite

The fuzzy commitment scheme (FCS) is one of the most effective biometric cryptosystems (BCs) that provide secure management of cryptographic keys using biometric templates. In this scheme, error correcting codes (ECCs) are firstly employed to encode a cryptographic key into a codeword which is then secured via linking (committing) it with a biometric template of the same length. Unfortunately, the key length is constrained by the size of the adopted biometric template as well as the employed ECC(s). In this paper, we propose a secure iris template protection scheme that combines cancelable biometrics with the FCS in order to secure long cryptographic keys without sacrificing the recognition accuracy. First, we utilize cancelable biometrics to derive revocable templates of large sizes from the most reliable bits in iris codes. Then, the FCS is applied to the obtained cancelable iris templates to secure cryptographic keys of the desired length. The revocability of cryptographic keys as well as true iris templates is guaranteed due to the hybridization of both techniques. Experimental results show that the proposed hybrid system can achieve high recognition accuracy regardless of the key size.

show abstract

“…Feature extraction is an important step in speech retrieval, with most research making use of perceptual hashes [7][8][9] or audio fingerprints [10][11][12]. In addition, in order to improve system security, some good methods have been applied, such as zero-leakage biometric protection [13], cancelable biometrics [14,15], biometrics hashing [16,17], and secret key generation [18].…”

Section: Introductionmentioning

confidence: 99%

“…It has good security, but for the false acceptance rate (FAR), the matching efficiency needs to be promoted. Similarly, zeroleakage biometric protection [13] and biometric hashing [16,17] have good security but are affected by algorithm complexity for weak system efficiency.…”

Section: Introductionmentioning

confidence: 99%

An efficient retrieval algorithm of encrypted speech based on inverse fast Fouriertransform and measurement matrix

Zhang¹,

Ge²,

Zhou³

et al. 2019

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

In this paper, we present an efficient retrieval algorithm for encrypted speech based on an inverse fast Fourier transform and measurement matrix. Our approach improves query performance, as well as retrieval efficiency and accuracy, compared to existing content-based encrypted speech retrieval methods. Our proposed algorithm constructs a perceptual hash scheme using perceptual hash sequences from original speech files. By classifying the sequences and applying run-length compression, we decrease the cloud storage required for the hash index. We secure the speech database by encrypting it with Henon chaos scrambling, which offers excellent resistance to attacks. Experimental results show that the robustness, discrimination, and feature extraction efficiency of our proposed method are better than the existing alternatives, with good recall and precision ratios and with high retrieval efficiency and accuracy.

show abstract

Practical security and privacy attacks against biometric hashing using sparse recovery

Cited by 26 publications

References 32 publications

On the Practicality of Local Ranking-Based Cancelable Iris Recognition

On the Practicality of Local Ranking-Based Cancelable Iris Recognition

Effective Combination of Iris-based Cancelable Biometrics and Biometric Cryptosystems

An efficient retrieval algorithm of encrypted speech based on inverse fast Fouriertransform and measurement matrix

Contact Info

Product

Resources

About