© The Institution of Engineering and Technology
The ‘fuzzy vault scheme’ is a cryptographic primitive being considered for storing fingerprint minutiae protected. A well-known problem of the fuzzy vault scheme is its vulnerability against correlation attack-based cross-matching thereby conflicting with the ‘unlinkability requirement’ and ‘irreversibility requirement’ of effective biometric information protection. Yet, it has been demonstrated that in principle a minutiae-based fuzzy vault can be secured against the correlation attack by passing the to-be-protected minutiae through a quantisation scheme. Unfortunately, single fingerprints seem not to be capable of providing an acceptable security level against offline attacks. To overcome the aforementioned security issues, this study shows how an implementation for multiple fingerprints can be derived on basis of the implementation for single finger thereby making use of a Guruswami–Sudan algorithm-based decoder for verification. The implementation, for which public C++ source code can be downloaded, is evaluated for single and various multi-finger settings using the MCYT-Fingerprint-100 database and provides security-enhancing features such as the possibility of combination with password and a slow-down mechanism.
References
-
-
1)
-
31. Trifonov, P.: ‘Efficient interpolation in the Guruswami–Sudan algorithm’, IEEE Trans. Inf. Theory, 2010, 56, (9), pp. 4341–4349 (doi: 10.1109/TIT.2010.2053901).
-
2)
-
43. Simoens, K., Tuyls, P., Preneel, B.: ‘Privacy weaknesses in biometric sketches’. Proc. IEEE Symp. on Security and Privacy, Oakland, USA, May 2009, pp. 188–203.
-
3)
-
12. Li, P., Yang, X., Cao, K., Tao, X., Wang, R., Tian, J.: ‘An alignment-free fingerprint cryptosystem based on fuzzy vault scheme’, J. Netw. Comput. Appl., 2010, 33, (3), pp. 207–220 (doi: 10.1016/j.jnca.2009.12.003).
-
4)
-
38. Blanton, M., Aliasgari, M.: ‘Analysis of reusability of secure sketches and fuzzy extractors’, IEEE Trans. Inf. Forensics Sec., 2013, 8, (9), pp. 1433–1445 (doi: 10.1109/TIFS.2013.2272786).
-
5)
-
29. Cohn, H., Heninger, N.: ‘Ideal forms of Coppersmith's theorem and Guruswami–Sudan list decoding’. Proc. Innovations in Computer Science, Beijing, China, January 2011, pp. 298–308.
-
6)
-
13. Merkle, J., Ihmor, H., Korte, U., Niesing, M., Schwaiger, M.: ‘Performance of the fuzzy vault for multiple fingerprints’. Proc. BIOSIG, Darmstadt, Germany, September 2011, pp. 57–72.
-
7)
-
28. Merkle, J., Kevenaar, T., Korte, U.: ‘Multi-modal and multi-instance fusion for biometric cryptosystems’. Proc. BIOSIG, Darmstadt, Germany, September 2012, pp. 51–62.
-
8)
-
39. Merkle, J., Tams, B.: , 2013.
-
9)
-
6. Clancy, T.C., Kiyavash, N., Lin, D.J.: ‘Secure smartcard-based fingerprint authentication’. Proc. ACM SIGMM Workshop on Biometrics Methods and Applications, Berkeley, USA, November 2003, pp. 45–52.
-
10)
-
30. Gao, S.: ‘A new algorithm for decoding Reed–Solomon codes’, in Bhargava, V.K., Poor, H.V., Tarokh, V., Yoon, S. (Eds.): ‘Communications, information and network security’ (Springer, 2002), pp. 55–68.
-
11)
-
25. Juels, A., Wattenberg, M.: ‘A fuzzy commitment scheme’. Proc. of ACM Conf. on Computer and Communications Security, Singapore, 1999, pp. 28–36.
-
12)
-
8. Uludag, U., Pankanti, A., Jain, A.K.: ‘Fuzzy vault for fingerprints’. Proc. Int. Conf. on Audio- and Video-based Biometric Person Authentication, Rye Brook, NY, USA, July 2005, pp. 310–319.
-
13)
-
41. Kelkboom, E.J.C., Breebaart, J., Kevenaar, T.A.M., Buhan, I., Veldhuis, R.N.: ‘Preventing the decodability attack based cross-matching in a fuzzy commitment scheme’, IEEE Trans. Inf. Forensics Sec., 2011, 6, (1), pp. 107–121 (doi: 10.1109/TIFS.2010.2091637).
-
14)
-
4. Juels, A., Sudan, M.: ‘A fuzzy vault scheme’. Proc. Int. Symp. Information Theory, Lausanne, Switzerland, June–July 2002, p. 408.
-
15)
-
5. Juels, A., Sudan, M.: ‘A fuzzy vault scheme’, Des. Codes Cryptogr., 2006, 38, (2), pp. 237–257 (doi: 10.1007/s10623-005-6343-z).
-
16)
-
26. Maio, D., Maltoni, D., Cappelli, R., Wayman, J., Jain, A.: ‘FVC2002: second fingerprint verification competition’. Proc. Int. Conf. on Pattern Recognition, Quebec City, Canada, August 2002, pp. 811–814.
-
17)
-
10. Nandakumar, K., Jain, A.K., Pankanti, S.: ‘Fingerprint-based fuzzy vault: implementation and performance’, IEEE Trans. Inf. Forensics Sec., 2007, 2, (4), pp. 744–757 (doi: 10.1109/TIFS.2007.908165).
-
18)
-
33. Roth, R.M., Ruckenstein, G.: ‘Efficient decoding of Reed–Solomon codes beyond half the minimum distance’, IEEE Trans. Inf. Theory, 2000, 46, (1), pp. 246–257 (doi: 10.1109/18.817522).
-
19)
-
16. Mihăilescu, P., Munk, A., Tams, B.: ‘The fuzzy vault for fingerprints is vulnerable to brute force attack’. Proc. BIOSIG, Darmstadt, Germany, September 2009, pp. 43–54.
-
20)
-
1. ISO/IEC 24745:2011: , 2011.
-
21)
-
22)
-
14. Scheirer, W.J., Boult, T.E.: ‘Cracking fuzzy vaults and biometric encryption’. Proc. Biometrics Symp., Baltimore, USA, September 2007, pp. 1–6.
-
23)
-
2. Jain, A.K., Flynn, P., Ross, A.: ‘Handbook of biometrics’ (Springer, New York, NY, 2007).
-
24)
-
9. Uludag, U., Jain, A.K.: ‘Securing fingerprint template: fuzzy vault with helper data’. Proc. Workshop on Privacy Research in Vision, NY, USA, June 2006, pp. 163–169.
-
25)
-
15. Nandakumar, K., Nagar, A., Jain, A.: ‘Hardening fingerprint fuzzy vault using password’. Proc. Int. Conf. on Biometrics, Seoul, Korea, August 2007, pp. 927–937.
-
26)
-
22. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: ‘Fuzzy extractors: how to generate strong keys from biometrics and other noisy data’, SIAM J. Comput., 2008, 38, (1), pp. 97–139 (doi: 10.1137/060651380).
-
27)
-
7. Yang, S., Verbaudwhede, I.: ‘Automatic secure fingerprint verification system based on fuzzy vault scheme’. Proc. Int. Conf. on Acoustics, Speech and Signal Processing, Philadelphia, USA, March 2005, pp. 609–612.
-
28)
-
20. Guruswami, V., Sudan, M.: ‘Improved decoding of Reed–Solomon and algebraic-geometric codes’, IEEE Trans. Inf. Theory, 1998, 45, (6), pp. 1757–1767 (doi: 10.1109/18.782097).
-
29)
-
23. Ortega-Garcia, J., Fierrez-Aguilar, J., Simon, D., et al: ‘MCYT baseline corpus: a bimodal biometric database’, IEE Proc. Vis. Image Signal Process., 2003, 150, (6), pp. 395–401 (doi: 10.1049/ip-vis:20031078).
-
30)
-
36. Guruswami, V., Rudra, A.: ‘Error correction up to the information-theoretic limit’, Commun. ACM, 2009, 52, (3), pp. 87–95 (doi: 10.1145/1467247.1467269).
-
31)
-
3. Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: ‘Handbook of fingerprint recognition’ (Springer, 2007, 2nd edn.), .
-
32)
-
21. Dodis, Y., Reyzin, L., Smith, A.: ‘Fuzzy extractors: how to generate strong keys from biometrics and other noisy data’. Proc. Int. Conf. Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2004, pp. 523–540.
-
33)
-
35. Sudan, M.: ‘Decoding of Reed–Solomon codes beyond the error-correction bound’, J. Complex., 1997, 13, (1), pp. 180–193 (doi: 10.1006/jcom.1997.0439).
-
34)
-
32. Alekhnovich, M.: ‘Linear diophantine equations over polynomials and soft decoding of Reed–Solomon codes’. Proc. Symp. on Foundations of Computer Science, Vancouver, Canada, November 2002, pp. 439–448.
-
35)
-
18. Kholmatov, A., Yanikoglu, B.: ‘Realization of correlation attack against the fuzzy vault scheme’. Proc. SPIE, San Jose, USA, February 2008, vol. 6819, pp. 1–7.
-
36)
-
37. Maio, D., Maltoni, D., Cappelli, R., Wayman, J., Jain, A.: ‘FVC2000: fingerprint verification competition’, IEEE Trans. Pattern Anal. Mach. Intell., 2000, 24, (3), pp. 402–412 (doi: 10.1109/34.990140).
-
37)
-
17. Hanley, J.A., Lippman-Hand, A.: ‘If nothing goes wrong, is everything allright? Interpreting zero numerators’, J. Am. Med. Assoc., 1983, 249, (13), pp. 1743–1745 (doi: 10.1001/jama.1983.03330370053031).
-
38)
-
39)
-
24. Nagar, A., Nandakumar, K., Jain, A.K.: ‘Multibiometric cryptosystems based on feature-level fusion’, IEEE Trans. Inf. Forensics Sec., 2012, 7, (1), pp. 255–268 (doi: 10.1109/TIFS.2011.2166545).
-
40)
-
27. Ross, A., Nandakumar, K., Jain, A.K.: ‘Handbook of multibiometrics’ (Springer, New York, NY, 2006).
-
41)
-
40. FIPS PUB 197: , 2001.
-
42)
-
19. Tams, B., Mihăilescu, P., Munk, A.: ‘Security considerations in minutiae-based fuzzy vaults’, IEEE Trans. Inf. Forensics Sec., 2015, 10, (5), pp. 985–998 (doi: 10.1109/TIFS.2015.2392559).
-
43)
-
11. Nagar, A., Nandakumar, K., Jain, A.K.: ‘A hybrid biometric cryptosystem for securing fingerprint minutiae templates’, Pattern Recognit. Lett., 2010, 31, (8), pp. 733–741 (doi: 10.1016/j.patrec.2009.07.003).
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-bmt.2014.0093
Related content
content/journals/10.1049/iet-bmt.2014.0093
pub_keyword,iet_inspecKeyword,pub_concept
6
6