Shuffling is not sufficient: Security analysis of cancelable iriscodes based on a secret permutation

Since the seminal paper of Ratha et al. in 2001 that introduced cancelable biometrics, inner permutation of biometric templates has been widely suggested as one of the basic components to protect biometric data against compromised or cross-checking between two databases. In this paper, we study the case of iris biometrics where an inner permutation corresponds to shuffling the bits of a template in order to diversify the stored data. We analyze the security brought by a permutation and underline the impact of non-uniformity of templates on the robustness of cancelable biometrics: we introduce new attack strategies on permuted biometric databases that enable to reconstruct part of the permutation, leading to a potential privacy leakage. We finally suggest ways to improve efficiently the protection, by designing specific countermeasures, with no impact on accuracy and a low impact on the overall architecture of the system.