Cryptanalysis of Cancelable Biometrics Vault

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Patrick Lacharme , Kevin Thiry-Atighehchi
{"title":"Cryptanalysis of Cancelable Biometrics Vault","authors":"Patrick Lacharme ,&nbsp;Kevin Thiry-Atighehchi","doi":"10.1016/j.jisa.2024.103883","DOIUrl":null,"url":null,"abstract":"<div><div>Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme’s revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103883"},"PeriodicalIF":3.8000,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001856","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme’s revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.
可取消生物识别保险箱的密码分析
可取消生物识别技术(CB)是一系列生物识别转换方案的缩写,它将生物识别技术与用户特定令牌相结合,生成安全模板。所需的特性是模板的不可逆转性、不相似性和识别准确性,同时使模板的撤销成为可能。在生物识别技术中,密钥绑定方案用于使用生物识别数据保护加密密钥。只有在认证过程中获取了正确的生物识别数据,密钥才能重新计算。密钥绑定方案的应用通常是磁盘加密,其中加密密钥用于磁盘的加密和解密。在本文中,我们对一种最新的密钥绑定方案进行了加密分析,该方案被称为基于可取消生物识别技术的可取消生物识别库(CBV)。更确切地说,我们从模板的可逆性和可链接性方面对用于实例化 CBV 框架的可取消转换(称为生物编码方案)进行了攻击。随后,我们的可链接性攻击无需额外假设即可恢复保险库中的密钥。我们的密码分析通过揭示 CBV 方案的可撤销性和可链接性漏洞引入了一个新的视角,这些漏洞以前在基于生物特征的类似密钥绑定方案中从未发现过。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信