Statistical attack against fuzzy commitment scheme

Statistical attack against fuzzy commitment scheme

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Biometrics — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

In this study a statistical attack against fuzzy commitment schemes is presented. Comparisons of different pairs of binary biometric feature vectors yield binomial distributions, the standard deviations of which are bounded by the entropy of biometric templates. In case error correction consists of a series of chunks, like in the vast majority of approaches, helper data become vulnerable to statistical attacks. Error-correction codewords are bound to separate parts of a binary template among which biometric entropy is dispersed. As a consequence, chunks of the helper data are prone to statistical significant false acceptance. In experimental evaluations the proposed attack is applied to different iris-biometric fuzzy commitment schemes retrieving cryptographic keys at alarming low effort.


    1. 1)
    2. 2)
    3. 3)
    4. 4)
      • Juels, A., Wattenberg, M.: `A fuzzy commitment scheme', Sixth ACM Conf. on Computer and Communications Security, 1999, p. 28–36.
    5. 5)
      • Delvaux, N., Chabanne, H., Bringer, J.: `Pseudo identities based on fingerprint characteristics', IIH-MSP'08: Proc. 2008 Int. Conf. on Intelligent Information Hiding and Multimedia Signal Processing, 2008, Washington, DC, USA, p. 1063–1068.
    6. 6)
    7. 7)
      • Nandakumar, K.: `A fingerprint cryptosystem based on minutiae phase spectrum', Proc. IEEE Workshop on Information Forensics and Security (WIFS), 2010.
    8. 8)
      • Stoianov, A., Kevenaar, T., van der Veen, M.: `Security issues of biometric encryption', Proc. Toronto Int. Conf. on Science and Technology for Humanity (TIC-STH), 2009, p. 34–39.
    9. 9)
    10. 10)
      • Rathgeb, C., Uhl, A.: `Adaptive fuzzy commitment scheme based on iris-code error analysis', Proc. Second European Workshop on Visual Information Processing (EUVIP'10), 2010, p. 41–44.
    11. 11)
    12. 12)
      • Tong, V., Sibert, H., Lecoeur, J., Girault, M.: `Biometric fuzzy extractors made practical: a proposal based on fingercodes', Int. Conf. on Biometrics, 2007, (LNCS, 4642).
    13. 13)
      • Ao, M., Li, S.Z.: `Near infrared face based biometric key binding', Proc. Third Int. Conf. on Biometrics, (ICB'09), 2009, p. 376–385, (LNCS, 5558).
    14. 14)
      • Lu, H., Martin, K., Bui, F., Plataniotis, K., Hatzinakos, D.: `Face recognition with biometric encryption for privacy-enhancing self-exclusion', Proc. 16th Int. Conf. on Digital Signal Processing (DSP 2009), 2009.
    15. 15)
      • Rathgeb, C., Uhl, A.: `Systematic construction of iris-based fuzzy commitment schemes', Proc. Third Int. Conf. on Biometrics, 2009 (ICB'09), 2009, p. 947–956, (LNCS, 5558).
    16. 16)
      • Zhang, L., Sun, Z., Tan, T., Hu, S.: `Robust biometric key extraction based on iris cryptosystem', Proc. Third Int. Conf. on Biometrics, (ICB'09), 2009, p. 1060–1070, (LNCS, 5558).
    17. 17)
      • Ignatenko, T., Willems, F.M.J.: `Achieving secure fuzzy commitment scheme for optical pufs', Int. Conf. on Intelligent Information Hiding and Multimedia Signal Processing, 2009, Los Alamitos, CA, USA, p. 1185–1188.
    18. 18)
      • A. Cavoukian , A. Stoianov . (2009) Biometric encryption: the new breed of untraceable biometrics.
    19. 19)
      • Rathgeb, C., Uhl, A.: `Statistical attack against iris-biometric fuzzy commitment schemes', Proc. IEEE Computer Society and IEEE Biometrics Council Workshop on Biometrics (CVPRW'11), 2011, p. 25–32.
    20. 20)
    21. 21)
      • Failla, P., Sutcu, Y., Barni, M.: `Esketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics', Proc. 12th ACM workshop on Multimedia and security, ser. MMSec'10, 2010, p. 241–246.
    22. 22)
      • Simoens, K., Tuyls, P., Preneel, B.: `Privacy weaknesses in biometric sketches', Proc. 30th IEEE Symp. on Security and Privacy, 2009, p. 188–203.
    23. 23)
      • Buhan-Dulman, I., Merchan, J.G., Kelkboom, E.: `Efficient strategies for playing the indistinguishability game for fuzzy sketches', Proc. IEEE Workshop on Information Forensics and Security (WIFS), 2010.
    24. 24)
    25. 25)
      • Rathgeb, C., Uhl, A., Wild, P.: `Reliability-balanced feature level fusion for fuzzy commitment scheme', Proc. Int. Joint Conf. on Biometrics (IJCB'11), October 2011, Washington, DC, USA, p. 1–7.
    26. 26)
    27. 27)
      • Juels, A., Sudan, M.: `A fuzzy vault scheme', Proc. 2002 IEEE Int. Symp. on Information Theory, 2002, p. 408.
    28. 28)
      • Xu, H., Veldhuis, R.N.: `Binary representations of fingerprint spectral minutiae features', Proc. 20th Int. Conf. on Pattern Recognition (ICPR'10), 2010, p. 1212–1216.
    29. 29)
      • Bringer, J., Despiegel, V.: `Binary feature vector fingerprint representation from minutiae vicinities', Proc. Fourth IEEE Int. Conf. on Biometrics: Theory, Applications and Systems (BTAS'10), 2010, p. 1–6.
    30. 30)
    31. 31)
    32. 32)
      • Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.J., Bazen, A.M., Veldhuis, R.N.J.: `Practical biometric authentication with template protection', Proc. Audio- and Video-Based Biometric Person Authentication, 2005, 3546, p. 436–446.
    33. 33)
    34. 34)
      • Rathgeb, C., Uhl, A.: `Two-factor authentication or how to potentially counterfeit experimental results in biometric systems', Proc. Int. Conf. on Image Analysis and Recognition (ICIAR'10), Part II, 2010, p. 296–305, (LNCS 6112).
    35. 35)
      • Masek, L.: `Recognition of human iris patterns for biometric identification', 2003, Master's, University of Western Australia.
    36. 36)
    37. 37)
      • A. Cavoukian , A. Stoianov . (2009) Biometric encryption.
    38. 38)
    39. 39)
      • Zuo, J., Ratha, N.K., Connel, J.H.: `Cancelable iris biometric', Proc. 19th Int. Conf. on Pattern Recognition, (ICPR'08), 2008, p. 1–4.

Related content

This is a required field
Please enter a valid email address