Improving the security of biometric template protection techniques is a key prerequisite for the widespread deployment
of biometric technologies. BioEncoding is a recently proposed template protection scheme, based on
the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as iris
codes. The main advantage of BioEncoding over other template protection schemes is that it does not require
user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable
biometrics construct without deteriorating the matching accuracy. However, although it has been shown that
BioEncoding is secure enough against simple brute-force search attacks, the security of BioEncoded templates
against more smart attacks, such as record multiplicity attacks, has not been sufficiently investigated. In this
paper, a rigorous security analysis of BioEncoding is presented. Firstly, resistance of BioEncoded templates
against brute-force attacks is revisited thoroughly. Secondly, we show that although the cancelable transformation
employed in BioEncoding might be non-invertible for a single protected template, the original iris code
could be inverted by correlating several templates used in different applications but created from the same iris.
Accordingly, we propose an important modification to the BioEncoding transformation process in order to hinder
attackers from exploiting this type of attacks. The effectiveness of adopting the suggested modification is validated
and its impact on the matching accuracy is investigated empirically using CASIA-IrisV3-Interval dataset.
Experimental results confirm the efficacy of the proposed approach and show that it preserves the matching
accuracy of the unprotected iris recognition system.