access icon free Unlinkable minutiae-based fuzzy vault for multiple fingerprints

The ‘fuzzy vault scheme’ is a cryptographic primitive being considered for storing fingerprint minutiae protected. A well-known problem of the fuzzy vault scheme is its vulnerability against correlation attack-based cross-matching thereby conflicting with the ‘unlinkability requirement’ and ‘irreversibility requirement’ of effective biometric information protection. Yet, it has been demonstrated that in principle a minutiae-based fuzzy vault can be secured against the correlation attack by passing the to-be-protected minutiae through a quantisation scheme. Unfortunately, single fingerprints seem not to be capable of providing an acceptable security level against offline attacks. To overcome the aforementioned security issues, this study shows how an implementation for multiple fingerprints can be derived on basis of the implementation for single finger thereby making use of a Guruswami–Sudan algorithm-based decoder for verification. The implementation, for which public C++ source code can be downloaded, is evaluated for single and various multi-finger settings using the MCYT-Fingerprint-100 database and provides security-enhancing features such as the possibility of combination with password and a slow-down mechanism.

Inspec keywords: C++ language; source code (software); cryptography; fingerprint identification; fuzzy set theory

Other keywords: unlinkability requirement; slow-down mechanism; unlinkable minutiae-based fuzzy vault scheme; Guruswami-Sudan algorithm-based decoder; cryptographic primitive; biometric information protection; correlation attack; security issues; offline attacks; irreversibility requirement; public C++ source code; security-enhancing features; MCYT-fingerprint-100 database; correlation attack-based cross-matching

Subjects: Cryptography; Data security; Combinatorial mathematics; Computer vision and image processing techniques; Image recognition; Combinatorial mathematics

References

    1. 1)
    2. 2)
      • 43. Simoens, K., Tuyls, P., Preneel, B.: ‘Privacy weaknesses in biometric sketches’. Proc. IEEE Symp. on Security and Privacy, Oakland, USA, May 2009, pp. 188203.
    3. 3)
    4. 4)
    5. 5)
      • 29. Cohn, H., Heninger, N.: ‘Ideal forms of Coppersmith's theorem and Guruswami–Sudan list decoding’. Proc. Innovations in Computer Science, Beijing, China, January 2011, pp. 298308.
    6. 6)
      • 13. Merkle, J., Ihmor, H., Korte, U., Niesing, M., Schwaiger, M.: ‘Performance of the fuzzy vault for multiple fingerprints’. Proc. BIOSIG, Darmstadt, Germany, September 2011, pp. 5772.
    7. 7)
      • 28. Merkle, J., Kevenaar, T., Korte, U.: ‘Multi-modal and multi-instance fusion for biometric cryptosystems’. Proc. BIOSIG, Darmstadt, Germany, September 2012, pp. 5162.
    8. 8)
      • 39. Merkle, J., Tams, B.: ‘Security of the improved fuzzy vault scheme in the presence of record multiplicity’. Available at http://www.arxiv.org/abs/1312.5225arXiv:1312.5225, 2013.
    9. 9)
      • 6. Clancy, T.C., Kiyavash, N., Lin, D.J.: ‘Secure smartcard-based fingerprint authentication’. Proc. ACM SIGMM Workshop on Biometrics Methods and Applications, Berkeley, USA, November 2003, pp. 4552.
    10. 10)
      • 30. Gao, S.: ‘A new algorithm for decoding Reed–Solomon codes’, in Bhargava, V.K., Poor, H.V., Tarokh, V., Yoon, S. (Eds.): ‘Communications, information and network security’ (Springer, 2002), pp. 5568.
    11. 11)
      • 25. Juels, A., Wattenberg, M.: ‘A fuzzy commitment scheme’. Proc. of ACM Conf. on Computer and Communications Security, Singapore, 1999, pp. 2836.
    12. 12)
      • 8. Uludag, U., Pankanti, A., Jain, A.K.: ‘Fuzzy vault for fingerprints’. Proc. Int. Conf. on Audio- and Video-based Biometric Person Authentication, Rye Brook, NY, USA, July 2005, pp. 310319.
    13. 13)
    14. 14)
      • 4. Juels, A., Sudan, M.: ‘A fuzzy vault scheme’. Proc. Int. Symp. Information Theory, Lausanne, Switzerland, June–July 2002, p. 408.
    15. 15)
    16. 16)
      • 26. Maio, D., Maltoni, D., Cappelli, R., Wayman, J., Jain, A.: ‘FVC2002: second fingerprint verification competition’. Proc. Int. Conf. on Pattern Recognition, Quebec City, Canada, August 2002, pp. 811814.
    17. 17)
    18. 18)
    19. 19)
      • 16. Mihăilescu, P., Munk, A., Tams, B.: ‘The fuzzy vault for fingerprints is vulnerable to brute force attack’. Proc. BIOSIG, Darmstadt, Germany, September 2009, pp. 4354.
    20. 20)
      • 1. ISO/IEC 24745:2011: ‘Information technology – security techniques – biometric information protection’, 2011.
    21. 21)
      • 42. Tams, B.: ‘Decodability attack against the fuzzy commitment scheme with public feature transforms’. Available at http://www.arxiv.org/abs/1406.1154arXiv:1406.1154, 2014.
    22. 22)
      • 14. Scheirer, W.J., Boult, T.E.: ‘Cracking fuzzy vaults and biometric encryption’. Proc. Biometrics Symp., Baltimore, USA, September 2007, pp. 16.
    23. 23)
      • 2. Jain, A.K., Flynn, P., Ross, A.: ‘Handbook of biometrics’ (Springer, New York, NY, 2007).
    24. 24)
      • 9. Uludag, U., Jain, A.K.: ‘Securing fingerprint template: fuzzy vault with helper data’. Proc. Workshop on Privacy Research in Vision, NY, USA, June 2006, pp. 163169.
    25. 25)
      • 15. Nandakumar, K., Nagar, A., Jain, A.: ‘Hardening fingerprint fuzzy vault using password’. Proc. Int. Conf. on Biometrics, Seoul, Korea, August 2007, pp. 927937.
    26. 26)
    27. 27)
      • 7. Yang, S., Verbaudwhede, I.: ‘Automatic secure fingerprint verification system based on fuzzy vault scheme’. Proc. Int. Conf. on Acoustics, Speech and Signal Processing, Philadelphia, USA, March 2005, pp. 609612.
    28. 28)
    29. 29)
    30. 30)
    31. 31)
      • 3. Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: ‘Handbook of fingerprint recognition’ (Springer, 2007, 2nd edn.), 2009.
    32. 32)
      • 21. Dodis, Y., Reyzin, L., Smith, A.: ‘Fuzzy extractors: how to generate strong keys from biometrics and other noisy data’. Proc. Int. Conf. Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2004, pp. 523540.
    33. 33)
    34. 34)
      • 32. Alekhnovich, M.: ‘Linear diophantine equations over polynomials and soft decoding of Reed–Solomon codes’. Proc. Symp. on Foundations of Computer Science, Vancouver, Canada, November 2002, pp. 439448.
    35. 35)
      • 18. Kholmatov, A., Yanikoglu, B.: ‘Realization of correlation attack against the fuzzy vault scheme’. Proc. SPIE, San Jose, USA, February 2008, vol. 6819, pp. 17.
    36. 36)
    37. 37)
    38. 38)
      • 34. ‘The Guruswami–Sudan decoding algorithm for Reed–Solomon codes’. Available at http://www.ee.caltech.edu/EE/Faculty/rjm/papers/RSD-JPL.pdf, accessed January 2015.
    39. 39)
    40. 40)
      • 27. Ross, A., Nandakumar, K., Jain, A.K.: ‘Handbook of multibiometrics’ (Springer, New York, NY, 2006).
    41. 41)
      • 40. FIPS PUB 197: ‘Announcing the advanced encryption standard (AES)’, 2001.
    42. 42)
    43. 43)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-bmt.2014.0093
Loading

Related content

content/journals/10.1049/iet-bmt.2014.0093
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading