IMPROVED FUZZY VAULT SCHEME FOR FINGERPRINT VERIFICATION

C. Örencik, T. B. Pedersen, E. Savaș, M. Keskinoz

Abstract

Fuzzy vault is a well-known technique to address the privacy concerns in biometric identification applications. We revisit the fuzzy vault scheme to address implementation, efficiency, and security issues encountered in its realization. We use the fingerprint data as a case study. We compare the performances of two different methods used in the implementation of fuzzy vault, namely brute force and Reed Solomon decoding. We show that the locations of fake (chaff) points in the vault leak information on the genuine points and propose a new chaff point placement technique that makes distinguishing genuine points impossible. We also propose a novel method for creation of chaff points that decreases the success rate of the brute force attack from 100% to less than 3.5%. While this paper lays out a complete guideline as to how the fuzzy vault is implemented in an efficient and secure way, it also points out that more research is needed to thwart the proposed attacks by presenting ideas for future research.

References

  1. Clancy, C., Kiyavash, N., and Lin, D. (2003). Secure smartcard - based fingerprint authentication. In ACM Workshop on biometric methods and applications, (WBMA).
  2. Juels and Sudan, M. (2002). Fuzzy vault scheme. In IEEE International Symposium on Information Theory, page 408.
  3. Kholmatov, A. and Yanikoglu, B. (2008). Realization of correlation attack against fuzzy vault. In Security, Forensics, Steganography and Watermarking of Multimedia Contents X, Electronic Imaging, San Jose CA, USA.
  4. Kholmatov, A., Yanikoglu, B. A., Savas, E., and Levi, A. (2006). Secret sharing using biometric traits. In Biometric Technology For Human Identification III, volume 62022006, Orlando, Florida USA. In Proceedings of SPIE.
  5. Mihailescu, P. (2007). The fuzzy vault for fingerprints is vulnerable to brute force attack. http://arxiv.org/abs/0708.2974v1.
  6. Roth, R. M. (2006). Introduction to Coding Theory. Cambridge University Press.
  7. Shoup, V. (2008). Ntl: A library for doing number theory.
  8. Sutcu, Y., Sencar, H. T., and Memon, N. (2005). A secure biometric authentication scheme based on robost hashing. In Proceedings of the 7th workshop on multimedia and security, NY, USA.
  9. Uludag, U., Pankanti, S., and Jain, A. (2005). Fuzzy vault for fingerprints. In Proceeding of International Conference on Audio- and Video-Based Biometric Person Authentication, pages 310-319.
Download


Paper Citation


in Harvard Style

Örencik C., B. Pedersen T., Savaș E. and Keskinoz M. (2008). IMPROVED FUZZY VAULT SCHEME FOR FINGERPRINT VERIFICATION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 37-43. DOI: 10.5220/0001917600370043


in Bibtex Style

@conference{secrypt08,
author={C. Örencik and T. B. Pedersen and E. Savaș and M. Keskinoz},
title={IMPROVED FUZZY VAULT SCHEME FOR FINGERPRINT VERIFICATION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={37-43},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001917600370043},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - IMPROVED FUZZY VAULT SCHEME FOR FINGERPRINT VERIFICATION
SN - 978-989-8111-59-3
AU - Örencik C.
AU - B. Pedersen T.
AU - Savaș E.
AU - Keskinoz M.
PY - 2008
SP - 37
EP - 43
DO - 10.5220/0001917600370043