Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cryptanalysis of Cancelable Biometrics Vault

Patrick Lacharme, Kevin Thiry-Atighehchi

TL;DR

This work analyzes the CBV biometric-key binding scheme, showing that its BioEncoding cancelable transform is vulnerable to reversibility and linkability, enabling recovery of the cryptographic key $κ$ from the biometric key $k_{bio}$. The authors formalize attack models, present a parity-based key-recovery attack, and validate it with small-scale numerical examples, achieving successful recovery of a 128-bit key with minimal assumptions. They also examine a modified CBV variant whose apparent security gains do not withstand the same analysis, underscoring the absence of formal security proofs. The results highlight critical security gaps in CBV-like designs and emphasize the need for provable security and robust alternatives in biometric template protection.

Abstract

Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme's revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.

Cryptanalysis of Cancelable Biometrics Vault

TL;DR

This work analyzes the CBV biometric-key binding scheme, showing that its BioEncoding cancelable transform is vulnerable to reversibility and linkability, enabling recovery of the cryptographic key from the biometric key . The authors formalize attack models, present a parity-based key-recovery attack, and validate it with small-scale numerical examples, achieving successful recovery of a 128-bit key with minimal assumptions. They also examine a modified CBV variant whose apparent security gains do not withstand the same analysis, underscoring the absence of formal security proofs. The results highlight critical security gaps in CBV-like designs and emphasize the need for provable security and robust alternatives in biometric template protection.

Abstract

Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme's revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.
Paper Structure (20 sections, 4 equations, 4 figures, 7 algorithms)

This paper contains 20 sections, 4 equations, 4 figures, 7 algorithms.

Table of Contents

  1. Introduction
  2. Related works
  3. Cancelable transformations
  4. Cryptographic approaches
  5. Preliminaries
  6. Biometric Transformations and Key-Binding
  7. The Cancelable Biometrics Vault Scheme
  8. The Key-Binding Scheme in CBV
  9. The Cancelable Transformation in CBV
  10. Attack Models
  11. Reversibility Attacks on CB Schemes
  12. Linkability Attacks on CB Schemes
  13. Key-Recovery Attacks on KB schemes
  14. Key-Recovery Attack on CBV
  15. Preimage Forgeries
  16. ...and 5 more sections

Figures (4)

  • Figure 1: The chaffing process of the $\mathcal{KB}$ operation, where $\mathcal{C}h$ denotes the Chaff selector. Depending on the value of the selector bit $\kappa_i$, $\mathcal{C}h$ returns either the genuine template $x^e$ (if the selector bit is 1) or the fake template $x^f$ (if the selector bit is 0).
  • Figure 2: The winnowing process in the $\mathcal{KR}$ operation involves distinct transformations of the fresh template, which separate the genuine transformations (represented by a bit 1 in the unlocked key) from the fake transformations (represented by a bit 0 in the unlocked key).
  • Figure 3: Cancelable Transformation of CBV
  • Figure 4: Flowchart for retreiving the key based on the first template word.

Theorems & Definitions (7)

  • Definition 1
  • Definition 2
  • Definition 3
  • Definition 4
  • Definition 5
  • Definition 6
  • Definition 7