Interpretable security analysis of cancellable biometrics using constrained-optimized similarity-based attack

TL;DR

This paper introduces a constrained optimization attack on cancellable biometrics that significantly improves breach success rates by leveraging specific constraints, revealing vulnerabilities in existing schemes like IoM hashing and BioHashing.

Contribution

The paper proposes a novel constrained optimization similarity-based attack (CSA) that outperforms previous genetic algorithm-based methods and demonstrates its effectiveness against multiple cancellable biometric schemes.

Findings

CSA significantly outperforms GASA in breach success rate.

CSA effectively breaches IoM hashing and BioHashing security.

Attack performance correlates with hash code size.

Abstract

In cancellable biometrics (CB) schemes, template security is achieved by applying, mainly non-linear, transformations to the biometric template. The transformation is designed to preserve the template distance/similarity in the transformed domain. Despite its effectiveness, the security issues attributed to similarity preservation property of CB are underestimated. Dong et al. [BTAS'19], exploited the similarity preservation trait of CB and proposed a similarity-based attack with high successful attack rate. The similarity-based attack utilizes preimage that are generated from the protected biometric template for impersonation and perform cross matching. In this paper, we propose a constrained optimization similarity-based attack (CSA), which is improved upon Dong's genetic algorithm enabled similarity-based attack (GASA). The CSA applies algorithm-specific equality or inequality relations as constraints, to optimize preimage generation. We interpret the effectiveness of CSA from the supervised learning perspective. We identify such constraints then conduct extensive experiments to demonstrate CSA against CB with LFW face dataset. The results suggest that CSA is effective to breach IoM hashing and BioHashing security, and outperforms GASA significantly. Inferring from the above results, we further remark that, other than IoM and BioHashing, CSA is critical to other CB schemes as far as the constraints can be formulated. Furthermore, we reveal the correlation of hash code size and the attack performance of CSA.