Cryptanalysis of Cancelable Biometrics Vault

TL;DR

This paper cryptanalyzes the Cancelable Biometrics Vault, revealing vulnerabilities in its BioEncoding scheme that compromise template privacy and key security, highlighting the need for more secure biometric key-binding methods.

Contribution

It provides the first cryptanalysis of the CBV scheme, exposing its reversibility and linkability flaws that threaten its security properties.

Findings

BioEncoding scheme is reversible and linkable.

Linkability attack can recover the cryptographic key.

Vulnerabilities undermine CBV's security assumptions.

Abstract

Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme's revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.