Security Evaluation of Negative Iris Recognition

Abstract

Biometric template protection techniques have been proposed to address security and privacy issues inherent to biometric-based authentication systems. However, it has been shown that the robustness of most of such techniques against reversibility and linkability attacks are overestimated. Thus, a thorough security analysis of recently proposed template protection schemes has to be carried out. Negative iris recognition is an interesting iris template protection scheme based on the concept of negative databases. In this paper, we present a comprehensive security analysis of this scheme in order to validate its practical usefulness. Although the authors of negative iris recognition claim that their scheme possesses both irreversibility and unlinkability, we demonstrate that more than 75% of the original iris-code bits can be recovered using a single protected template. Moreover, we show that the negative iris recognition scheme is vulnerable to attacks via record multiplicity where an adversary can combine several transformed templates to recover more proportion of the original iris-code. Finally, we demonstrate that the scheme does not possess unlinkability. The experimental results, on the CASIA-IrisV3 Interval public database, support our theory and confirm that the negative iris recognition scheme is susceptible to reversibility, linkability, and record multiplicity attacks.