On the Risk of Cancelable Biometrics
This reveals critical security flaws in existing cancelable biometric systems, which are used for privacy protection in authentication.
The paper demonstrates that distance preservation in cancelable biometrics creates security vulnerabilities, specifically enabling pre-image attacks that can compromise biometric data. Experiments on six face, iris, and fingerprint schemes show these risks significantly undermine security.
Cancelable biometrics (CB) employs an irreversible transformation to convert the biometric features into transformed templates while preserving the relative distance between two templates for security and privacy protection. However, distance preservation invites unexpected security issues such as pre-image attacks, which are often neglected.This paper presents a generalized pre-image attack method and its extension version that operates on practical CB systems. We theoretically reveal that distance preservation property is a vulnerability source in the CB schemes. We then propose an empirical information leakage estimation algorithm to access the pre-image attack risk of the CB schemes. The experiments conducted with six CB schemes designed for the face, iris and fingerprint, demonstrate that the risks originating from the distance computed from two transformed templates significantly compromise the security of CB schemes. Our work reveals the potential risk of existing CB systems theoretically and experimentally.