Cancelable biometric schemes generate secure biometric templates by combining user specific tokens and biometric data. The main objective is to create irreversible, unlinkable, and revocable templates, with high accuracy in matching. In this paper, we cryptanalyze two recent cancelable biometric schemes based on a particular locality sensitive hashing function, index-of-max (IoM): Gaussian Random Projection-IoM (GRP-IoM) and Uniformly Random Permutation-IoM (URP-IoM). As originally proposed, these schemes were claimed to be resistant against reversibility, authentication, and linkability attacks under the stolen token scenario. We propose several attacks against GRP-IoM and URP-IoM, and argue that both schemes are severely vulnerable against authentication and linkability attacks. We also propose better, but not yet practical, reversibility attacks against GRP-IoM. The correctness and practical impact of our attacks are verified over the same dataset provided by the authors of these two schemes.

中文翻译：

---

基于Index-of-Max Hashing的两种可取消生物识别方案的密码分析

可取消的生物识别方案通过结合用户特定的令牌和生物识别数据来生成安全的生物识别模板。主要目标是创建不可逆、不可链接和可撤销的模板，匹配精度高。在本文中，我们基于特定的局部敏感哈希函数，即最大索引 (IoM)：高斯随机投影-IoM (GRP-IoM) 和均匀随机排列-IoM (URP-IoM) 密码分析了最近的两个可取消生物识别方案. 正如最初提出的那样，这些方案声称可以在令牌被盗情况下抵抗可逆性、身份验证和可链接性攻击。我们提出了几种针对 GRP-IoM 和 URP-IoM 的攻击，并认为这两种方案都非常容易受到身份验证和可链接性攻击。我们还提出了更好但尚不实用的建议，针对 GRP-IoM 的可逆攻击。我们的攻击的正确性和实际影响在这两种方案的作者提供的相同数据集上得到验证。