Comments on a recently proposed Privacy Preserving Lightweight Biometric Authentication System for IoT Security

In this paper, we show that a recently published lightweight adaptation of a Fingerprint matching algorithm called the Minutia Cylinder-Code may not be secure as intruders may be able to illegitimately yet successfully authenticate themselves to the system under consideration. We also show that the lightweight adaptation has other privacy related vulnerabilities that make it unsuitable for use in Biometrics. We make it clear that we are neither investigating nor commenting on the security of the original Minutia Cylinder-Code algorithm by itself, rather we highlight the vulnerabilities of the lightweight adaptation. In the process of doing this, we provide a high-level overview of the role of one-way functions in cryptography and biometrics to provide a context to the aforementioned lightweight algorithm and its deficiencies.