Efficient known-sample attack for distance-preserving hashing biometric template protection schemes

Yenlung Lai; Zhe Jin; Koksheik Wong; Massimo Tistarelli

doi:10.1109/TIFS.2021.3073802

Efficient known-sample attack for distance-preserving hashing biometric template protection schemes

Yenlung Lai, Zhe Jin, Koksheik Wong, Massimo Tistarelli

Malaysia Sch of Information Technology

Research output: Contribution to journal › Article › Research › peer-review

7 Citations (Scopus)

Abstract

The rapid deployment of biometric authentication systems raises concern over user privacy and security. A biometric template protection scheme emerges as a solution to protect individual biometric templates stored in a database. Among all available protection schemes, a template protection scheme that relies on distance-preserving hashing has received much attention due to its simplicity and efficiency in offering privacy protection while archiving decent authentication performance. In this work, we introduce an efficient attack called known sample attack and demonstrate that most state-of-art template protection schemes that utilize distance-preserving hashing can be compromised in practice (within few seconds), especially when the output is significantly smaller than the original input sample size. These findings further motivated our subsequent work in proposing a secure authentication mechanism to resist such an attack with proper study over the distribution of the input samples. Furthermore, we conducted revocability, unlinkability analysis to demonstrate the satisfactory of general biometric template protection requirements; and showed the resistance of various security and privacy attacks, i.e., false acceptance attack, and attack via record multiplicity.

Original language	English
Pages (from-to)	3170-3185
Number of pages	16
Journal	IEEE Transactions on Information Forensics and Security
Volume	16
DOIs	https://doi.org/10.1109/TIFS.2021.3073802
Publication status	Published - 2021

Keywords

Biometric
known-Sample attack
secure authentication

Access to Document

10.1109/TIFS.2021.3073802

Cite this

@article{b0040fd2c2004420ace6d13cd75a54fa,

title = "Efficient known-sample attack for distance-preserving hashing biometric template protection schemes",

abstract = "The rapid deployment of biometric authentication systems raises concern over user privacy and security. A biometric template protection scheme emerges as a solution to protect individual biometric templates stored in a database. Among all available protection schemes, a template protection scheme that relies on distance-preserving hashing has received much attention due to its simplicity and efficiency in offering privacy protection while archiving decent authentication performance. In this work, we introduce an efficient attack called known sample attack and demonstrate that most state-of-art template protection schemes that utilize distance-preserving hashing can be compromised in practice (within few seconds), especially when the output is significantly smaller than the original input sample size. These findings further motivated our subsequent work in proposing a secure authentication mechanism to resist such an attack with proper study over the distribution of the input samples. Furthermore, we conducted revocability, unlinkability analysis to demonstrate the satisfactory of general biometric template protection requirements; and showed the resistance of various security and privacy attacks, i.e., false acceptance attack, and attack via record multiplicity. ",

keywords = "Biometric, known-Sample attack, secure authentication",

author = "Yenlung Lai and Zhe Jin and Koksheik Wong and Massimo Tistarelli",

note = "Funding Information: Manuscript received January 4, 2020; revised September 20, 2020 and January 13, 2021; accepted April 8, 2021. Date of publication April 16, 2021; date of current version May 21, 2021. This work was supported in part by the grants from the MSCA-Rise EU Project IDENTITY and the Italian Ministry for Economic Development Project SPADA and in part by the Ministry of Higher Education (MOHE) Malaysia through Fundamental Research Grant Scheme under Grant FRGS/1/2018/ICT02/MUSM/03/3. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Shantanu D. Rane. (Corresponding author: Zhe Jin.) Yenlung Lai, Zhe Jin, and KokSheik Wong are with the School of Information Technology, Monash University Malaysia, Subang Jaya 47500, Malaysia (e-mail: yenlung.lai@monash.edu; jin.zhe@monash.edu; wong.koksheik@monash.edu). Publisher Copyright: {\textcopyright} 2005-2012 IEEE. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.",

year = "2021",

doi = "10.1109/TIFS.2021.3073802",

language = "English",

volume = "16",

pages = "3170--3185",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

}

TY - JOUR

T1 - Efficient known-sample attack for distance-preserving hashing biometric template protection schemes

AU - Lai, Yenlung

AU - Jin, Zhe

AU - Wong, Koksheik

AU - Tistarelli, Massimo

N1 - Funding Information: Manuscript received January 4, 2020; revised September 20, 2020 and January 13, 2021; accepted April 8, 2021. Date of publication April 16, 2021; date of current version May 21, 2021. This work was supported in part by the grants from the MSCA-Rise EU Project IDENTITY and the Italian Ministry for Economic Development Project SPADA and in part by the Ministry of Higher Education (MOHE) Malaysia through Fundamental Research Grant Scheme under Grant FRGS/1/2018/ICT02/MUSM/03/3. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Shantanu D. Rane. (Corresponding author: Zhe Jin.) Yenlung Lai, Zhe Jin, and KokSheik Wong are with the School of Information Technology, Monash University Malaysia, Subang Jaya 47500, Malaysia (e-mail: yenlung.lai@monash.edu; jin.zhe@monash.edu; wong.koksheik@monash.edu). Publisher Copyright: © 2005-2012 IEEE. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.

PY - 2021

Y1 - 2021

N2 - The rapid deployment of biometric authentication systems raises concern over user privacy and security. A biometric template protection scheme emerges as a solution to protect individual biometric templates stored in a database. Among all available protection schemes, a template protection scheme that relies on distance-preserving hashing has received much attention due to its simplicity and efficiency in offering privacy protection while archiving decent authentication performance. In this work, we introduce an efficient attack called known sample attack and demonstrate that most state-of-art template protection schemes that utilize distance-preserving hashing can be compromised in practice (within few seconds), especially when the output is significantly smaller than the original input sample size. These findings further motivated our subsequent work in proposing a secure authentication mechanism to resist such an attack with proper study over the distribution of the input samples. Furthermore, we conducted revocability, unlinkability analysis to demonstrate the satisfactory of general biometric template protection requirements; and showed the resistance of various security and privacy attacks, i.e., false acceptance attack, and attack via record multiplicity.

AB - The rapid deployment of biometric authentication systems raises concern over user privacy and security. A biometric template protection scheme emerges as a solution to protect individual biometric templates stored in a database. Among all available protection schemes, a template protection scheme that relies on distance-preserving hashing has received much attention due to its simplicity and efficiency in offering privacy protection while archiving decent authentication performance. In this work, we introduce an efficient attack called known sample attack and demonstrate that most state-of-art template protection schemes that utilize distance-preserving hashing can be compromised in practice (within few seconds), especially when the output is significantly smaller than the original input sample size. These findings further motivated our subsequent work in proposing a secure authentication mechanism to resist such an attack with proper study over the distribution of the input samples. Furthermore, we conducted revocability, unlinkability analysis to demonstrate the satisfactory of general biometric template protection requirements; and showed the resistance of various security and privacy attacks, i.e., false acceptance attack, and attack via record multiplicity.

KW - Biometric

KW - known-Sample attack

KW - secure authentication

UR - http://www.scopus.com/inward/record.url?scp=85104629749&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2021.3073802

DO - 10.1109/TIFS.2021.3073802

M3 - Article

AN - SCOPUS:85104629749

VL - 16

SP - 3170

EP - 3185

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

ER -

Efficient known-sample attack for distance-preserving hashing biometric template protection schemes

Abstract

Keywords

Access to Document

Other files and links

Biometric Cryptosystems: A New Fuzzy Symmetric Encryption Scheme (FSE) for Security and Privacy Protection

Cite this

Efficient known-sample attack for distance-preserving hashing biometric template protection schemes

Abstract

Keywords

Access to Document

Other files and links

Projects

Biometric Cryptosystems: A New Fuzzy Symmetric Encryption Scheme (FSE) for Security and Privacy Protection

Cite this