Cryptanalysis of Cancelable Biometrics Vault

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-09-24 DOI:10.1016/j.jisa.2024.103883

{"title":"Cryptanalysis of Cancelable Biometrics Vault","authors":"","doi":"10.1016/j.jisa.2024.103883","DOIUrl":null,"url":null,"abstract":"<div><div>Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme’s revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8000,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001856","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme’s revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.

查看原文本刊更多论文

可取消生物识别保险箱的密码分析

可取消生物识别技术（CB）是一系列生物识别转换方案的缩写，它将生物识别技术与用户特定令牌相结合，生成安全模板。所需的特性是模板的不可逆转性、不相似性和识别准确性，同时使模板的撤销成为可能。在生物识别技术中，密钥绑定方案用于使用生物识别数据保护加密密钥。只有在认证过程中获取了正确的生物识别数据，密钥才能重新计算。密钥绑定方案的应用通常是磁盘加密，其中加密密钥用于磁盘的加密和解密。在本文中，我们对一种最新的密钥绑定方案进行了加密分析，该方案被称为基于可取消生物识别技术的可取消生物识别库（CBV）。更确切地说，我们从模板的可逆性和可链接性方面对用于实例化 CBV 框架的可取消转换（称为生物编码方案）进行了攻击。随后，我们的可链接性攻击无需额外假设即可恢复保险库中的密钥。我们的密码分析通过揭示 CBV 方案的可撤销性和可链接性漏洞引入了一个新的视角，这些漏洞以前在基于生物特征的类似密钥绑定方案中从未发现过。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.