View in EDS

Mitigate authentication attack risk on cancelable biometrics by leveraging attacker knowledge.

Saved in:
Bibliographic Details
Title: Mitigate authentication attack risk on cancelable biometrics by leveraging attacker knowledge.
Authors: Belguechi, Rima Ouidad, Rosenberger, Chistophe
Source: EURASIP Journal on Information Security; 4/1/2025, Vol. 2025 Issue 1, p1-15, 15p
Subject Terms: GENERAL Data Protection Regulation, 2016, PARTICLE swarm optimization, BIOMETRY, HUMAN fingerprints
Abstract: According to the EU's General Data Protection Regulation, cancelable biometrics (CB) are essential for protecting biometric templates by combining three important criteria: irreversibility, revocability, and unlinkability. Unfortunately, many works have demonstrated that the distance preserving property, inherent to CB transforms, has permitted to initiate similarity-based attack (SA). Similarity-based attack takes the information leakage between the original distance and the transformed distance and aims at reconstructing a nearby biometric feature, used to gain illegal access to the system. In this paper, we propose to mitigate the SA by mastering the attacker's knowledge that can lead to its success. For the sake of generality, we reformulate SA for unordered set templates and propose a generalized particle swarm optimization strategy to launch the attack. We pointed out that the weak point allowing the SA to operate is the distance score provided by the matching module. To limit the amount of attacker's knowledge, we propose a new matching strategy adapted to all template formats based on similarity ratio score. We have performed experiments and different comparisons on two common databases, from fingerprints and faces, and have proved at each time, the efficiency of the given countermeasure to the threatening SA. Furthermore, the security is discussed when the attacker's knowledge is expanded by additional information as synthetic biometric features, which meant to approximate the initial research space. Recommendations are then given to alleviate such risks at the design level. [ABSTRACT FROM AUTHOR]
Copyright of EURASIP Journal on Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
Description
Abstract:According to the EU's General Data Protection Regulation, cancelable biometrics (CB) are essential for protecting biometric templates by combining three important criteria: irreversibility, revocability, and unlinkability. Unfortunately, many works have demonstrated that the distance preserving property, inherent to CB transforms, has permitted to initiate similarity-based attack (SA). Similarity-based attack takes the information leakage between the original distance and the transformed distance and aims at reconstructing a nearby biometric feature, used to gain illegal access to the system. In this paper, we propose to mitigate the SA by mastering the attacker's knowledge that can lead to its success. For the sake of generality, we reformulate SA for unordered set templates and propose a generalized particle swarm optimization strategy to launch the attack. We pointed out that the weak point allowing the SA to operate is the distance score provided by the matching module. To limit the amount of attacker's knowledge, we propose a new matching strategy adapted to all template formats based on similarity ratio score. We have performed experiments and different comparisons on two common databases, from fingerprints and faces, and have proved at each time, the efficiency of the given countermeasure to the threatening SA. Furthermore, the security is discussed when the attacker's knowledge is expanded by additional information as synthetic biometric features, which meant to approximate the initial research space. Recommendations are then given to alleviate such risks at the design level. [ABSTRACT FROM AUTHOR]
ISSN:16874161
DOI:10.1186/s13635-025-00198-3