Zineb Maaref , Foudil Belhadj , Abdelouahab Attia , Zahid Akhtar , Muhammed Basheer Jasser , Athirah Mohd Ramly , Ali Wagdy Mohamed
{"title":"A comprehensive review of vulnerabilities and attack strategies in cancelable biometric systems","authors":"Zineb Maaref , Foudil Belhadj , Abdelouahab Attia , Zahid Akhtar , Muhammed Basheer Jasser , Athirah Mohd Ramly , Ali Wagdy Mohamed","doi":"10.1016/j.eij.2024.100511","DOIUrl":null,"url":null,"abstract":"<div><p>Cancelable biometrics (CB) has been principally proposed to solve some issues related to the security, privacy, and revocability of users’ stored templates in traditional biometric systems. Its basic idea is to design a transformation function that creates a pseudo identity starting from the original biometric template while respecting mainly two properties irreversibility and revocability. The first property seeks the protection of the user data by ensuring the impossibility of recovering the original template from the transformed one. The second property permits to issue multiple pseudo identities related to one biometric trait originated from the same user. Although great efforts have been made in the literature to ensure these two properties, most of the proposed transform functions are vulnerable to several attacks and their effectiveness is still under study. Thus, the purpose of this paper is to boost the security analysis of CB by reviewing existing attacks against cancelable biometric systems. We discuss the vulnerabilities of some protection schemes that attract multiple security issues and enable the attacker to penetrate the protection system. The robustness evaluation of such schemes against some known attacks has been outlined. Also, some taxonomies related to attack approaches are presented. Furthermore, we provide comparisons between multiple attacks on cancelable biometric systems in terms of many valuable factors, after which we build a rigorous framework to evaluate a protection scheme and mitigate these attacks. As a result, our study serves as a wake-up call for the research community focused on cancelable biometric template protection, drawing attention to the vulnerabilities in these protection systems and raising awareness in this area to mitigate serious attacks. By identifying weaknesses and assessing their impacts, we hope to stimulate further research and development to enhance the security of CB systems.</p></div>","PeriodicalId":56010,"journal":{"name":"Egyptian Informatics Journal","volume":null,"pages":null},"PeriodicalIF":5.0000,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1110866524000744/pdfft?md5=79c720e6a0f0ddd9d6796aeaadd6ad36&pid=1-s2.0-S1110866524000744-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Egyptian Informatics Journal","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1110866524000744","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Cancelable biometrics (CB) has been principally proposed to solve some issues related to the security, privacy, and revocability of users’ stored templates in traditional biometric systems. Its basic idea is to design a transformation function that creates a pseudo identity starting from the original biometric template while respecting mainly two properties irreversibility and revocability. The first property seeks the protection of the user data by ensuring the impossibility of recovering the original template from the transformed one. The second property permits to issue multiple pseudo identities related to one biometric trait originated from the same user. Although great efforts have been made in the literature to ensure these two properties, most of the proposed transform functions are vulnerable to several attacks and their effectiveness is still under study. Thus, the purpose of this paper is to boost the security analysis of CB by reviewing existing attacks against cancelable biometric systems. We discuss the vulnerabilities of some protection schemes that attract multiple security issues and enable the attacker to penetrate the protection system. The robustness evaluation of such schemes against some known attacks has been outlined. Also, some taxonomies related to attack approaches are presented. Furthermore, we provide comparisons between multiple attacks on cancelable biometric systems in terms of many valuable factors, after which we build a rigorous framework to evaluate a protection scheme and mitigate these attacks. As a result, our study serves as a wake-up call for the research community focused on cancelable biometric template protection, drawing attention to the vulnerabilities in these protection systems and raising awareness in this area to mitigate serious attacks. By identifying weaknesses and assessing their impacts, we hope to stimulate further research and development to enhance the security of CB systems.
期刊介绍:
The Egyptian Informatics Journal is published by the Faculty of Computers and Artificial Intelligence, Cairo University. This Journal provides a forum for the state-of-the-art research and development in the fields of computing, including computer sciences, information technologies, information systems, operations research and decision support. Innovative and not-previously-published work in subjects covered by the Journal is encouraged to be submitted, whether from academic, research or commercial sources.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
