Security analysis of cancellable biometrics using constrained-optimized similarity-based attack

Cancellable biometrics (CB) intentionally distorts biometric template for security protection, and simultaneously preserving the distance/similarity for matching in the transformed domain. Despite its effectiveness, the security issues attributed to similarity preservation property of CB is underestimated. Dong et al. [BTAS'19], exploited the similarity preservation trait of CB and proposed a similarity-based attack with high successful attack rate. The similarity-based attack utilizes preimage that generated from the protected biometric template for impersonation and perform cross matching. In this paper, we propose a constrained optimization similarity-based attack (CSA), which is improved upon Dong's genetic algorithm enabled similarity-based attack (GASA). The CSA applies algorithm-specific equality or inequality relations as constraints, to optimize preimage generation. We justify the effectiveness of CSA from the supervised learning perspective. We conduct extensive experiments to demonstrate CSA against Index-of-Max (IoM) hashing with LFW face dataset. The results suggest that CSA is effective to breach IoM hashing security, and outperforms GASA remarkably. Furthermore, we reveal the correlation of IoM hash code size and the attack performance of CSA.