When a bloom filter is a doom filter: security assessment of a novel iris biometric template protection system
ISSN der Zeitschrift
Gesellschaft für Informatik e.V.
Biometric template protection systems are expected to meet two major security requirements: irreversibility and unlinkability. We analyze the Bloom filter based iris biometric template protection system recently introduced by Rathgeb et al. at ICB 2013 and IET Biometrics 2014. We demonstrate that the scheme does not achieve unlinkability, presenting a simple attack that in the worst case succeeds with probability at least 96\%. We also present a security analysis on generating false positives or recovering the key, both leading to undesirably low attack complexities: 225 for generating false positives for the smaller versions of the scheme, and a complexity between 22 and 28 for recovering the secret key.