Authentication Attacks on Projection-based Cancelable Biometric Schemes

TL;DR

This paper demonstrates that cancelable biometric schemes, designed for security and privacy, can be compromised through formalized attacks using optimization techniques, enabling impersonation and presentation attacks.

Contribution

It introduces formal attack methods using ILP and QCQP to demonstrate the vulnerability of cancelable biometric schemes to impersonation and presentation attacks.

Findings

Adversaries can alter fingerprint images to impersonate individuals.

Multiple impersonations are possible simultaneously.

Formal optimization techniques can break scheme security.

Abstract

Cancelable biometric schemes aim at generating secure biometric templates by combining user specific tokens, such as password, stored secret or salt, along with biometric data. This type of transformation is constructed as a composition of a biometric transformation with a feature extraction algorithm. The security requirements of cancelable biometric schemes concern the irreversibility, unlinkability and revocability of templates, without losing in accuracy of comparison. While several schemes were recently attacked regarding these requirements, full reversibility of such a composition in order to produce colliding biometric characteristics, and specifically presentation attacks, were never demonstrated to the best of our knowledge. In this paper, we formalize these attacks for a traditional cancelable scheme with the help of integer linear programming (ILP) and quadratically constrained quadratic programming (QCQP). Solving these optimization problems allows an adversary to slightly alter its fingerprint image in order to impersonate any individual. Moreover, in an even more severe scenario, it is possible to simultaneously impersonate several individuals.