The Fuzzy Vault for Fingerprints is Vulnerable to Brute Force Attack
نویسندگان
چکیده
The fuzzy vault approach is one of the best studied and well accepted ideas for binding cryptographic security into biometric authentication. We present in this paper a brute force attack which improves upon the one described by Clancy et. al. [CKL] in an implementation of the vault for fingerprints. On base of this attack, we show that three implementations of the fingerprint vault are vulnerable and show that the vulnerability cannot be avoided by mere parameter selection in the actual frame of the procedure. We also give several suggestions which can improve the fingerprint vault to a cryptographically secure algorithm. In particular, we introduce the idea of fuzzy vault with quiz which draws upon information resources unused by the current version of the vault. This is work in progress, bringing important security improvements and which can be adapted to the other biometric applications of the vault.
منابع مشابه
A collusion attack on the fuzzy vault scheme
The Fuzzy Vault scheme is an encryption scheme, which can tolerate errors in the keys. This leads to the possibility of enhancing the security in environments where these errors can be common, such as biometrics storage systems. Although several researchers have provided implementations, we find that the scheme is vulnerable to attacks when not properly used. This paper describes an attack on t...
متن کاملImproved Fuzzy Vault Scheme for Fingerprint Verification
Fuzzy vault is a well-known technique to address the privacy concerns in biometric identification applications. We revisit the fuzzy vault scheme to address implementation, efficiency, and security issues encountered in its realization. We use the fingerprint data as a case study. We compare the performances of two different methods used in the implementation of fuzzy vault, namely brute force ...
متن کاملAttacks and Countermeasures in Fingerprint Based Biometric Cryptosystems
We investigate implementations of biometric cryptosystems protecting fingerprint templates (which are mostly based on the fuzzy vault scheme by Juels and Sudan in 2002) with respect to the security they provide. We show that attacks taking advantage of the system’s false acceptance rate, i.e. false-accept attacks, pose a very serious risk — even if brute-force attacks are impractical to perform...
متن کاملUnlinkable minutiae-based fuzzy vault for multiple fingerprints
The fuzzy vault scheme is a cryptographic primitive being considered for storing fingerprint minutiae protected. A well-known problem of the fuzzy vault scheme is its vulnerability against correlation attack -based cross-matching thereby conflicting with the unlinkability requirement and irreversibility requirement of effective biometric information protection. Yet, it has been demonstrated tha...
متن کامل