Cracking Fuzzy Vaults and Biometric Encryption
- 1 September 2007
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various "proven" security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have "proven" security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address the privacy and security requirements.Keywords
This publication has 13 references indexed in Scilit:
- Securing Fingerprint Template: Fuzzy Vault with Helper DataPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Finding the original point set hidden among chaffPublished by Association for Computing Machinery (ACM) ,2006
- Cancellable biometerics featuring with tokenised random numberPattern Recognition Letters, 2005
- Practical Biometric Authentication with Template ProtectionLecture Notes in Computer Science, 2005
- Reusable cryptographic fuzzy extractorsPublished by Association for Computing Machinery (ACM) ,2004
- Cancelable biometric filters for face recognitionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Capacity and Examples of Template-Protecting Biometric Authentication SystemsLecture Notes in Computer Science, 2004
- A fuzzy vault schemePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Signal reconstruction from phase only information and application to blind system estimationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- A fuzzy commitment schemePublished by Association for Computing Machinery (ACM) ,1999