Egyptian Informatics Journal (Sep 2024)
A comprehensive review of vulnerabilities and attack strategies in cancelable biometric systems
Abstract
Cancelable biometrics (CB) has been principally proposed to solve some issues related to the security, privacy, and revocability of users’ stored templates in traditional biometric systems. Its basic idea is to design a transformation function that creates a pseudo identity starting from the original biometric template while respecting mainly two properties irreversibility and revocability. The first property seeks the protection of the user data by ensuring the impossibility of recovering the original template from the transformed one. The second property permits to issue multiple pseudo identities related to one biometric trait originated from the same user. Although great efforts have been made in the literature to ensure these two properties, most of the proposed transform functions are vulnerable to several attacks and their effectiveness is still under study. Thus, the purpose of this paper is to boost the security analysis of CB by reviewing existing attacks against cancelable biometric systems. We discuss the vulnerabilities of some protection schemes that attract multiple security issues and enable the attacker to penetrate the protection system. The robustness evaluation of such schemes against some known attacks has been outlined. Also, some taxonomies related to attack approaches are presented. Furthermore, we provide comparisons between multiple attacks on cancelable biometric systems in terms of many valuable factors, after which we build a rigorous framework to evaluate a protection scheme and mitigate these attacks. As a result, our study serves as a wake-up call for the research community focused on cancelable biometric template protection, drawing attention to the vulnerabilities in these protection systems and raising awareness in this area to mitigate serious attacks. By identifying weaknesses and assessing their impacts, we hope to stimulate further research and development to enhance the security of CB systems.