Realization of correlation attack against fuzzy vault scheme
Kholmatov, Alisher Anatolyevich and Yanıkoğlu, Berrin (2008) Realization of correlation attack against fuzzy vault scheme. In: Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, San Jose, CA, USA
This is the latest version of this item.
Official URL: http://dx.doi.org/10.1117/12.766861
User privacy and template security are major concerns in the use of biometric systems. These are serious concerns based on the fact that once compromised, biometric traits can not be canceled or reissued. The Fuzzy Vault scheme has emerged as a promising method to alleviate the template security problem. The scheme is based on binding the biometric template with a secret key and scrambling it with a large amount of redundant data, such that it is computationally infeasible to extract the secret key without possession of the biometric trait. It was recently claimed that the scheme is susceptible to correlation based attacks which assume the availability of two fuzzy vaults created using the same biometric data (e.g. two impressions of the same fingerprint) and suggests that correlating them would reveal the biometric data hidden inside. In this work, we implemented the fuzzy vault scheme using fingerprints and performed correlation attacks against a database of 400 fuzzy vaults (200 matching pairs). Given two matching vaults, we could successfully unlock 59% of them within a short time. Furthermore, it was possible to link an unknown vault to a short list containing its matching pair, for 41% of all vaults. These results prove the claim that the fuzzy vault scheme without additional security measures is indeed vulnerable to correlation attacks.
Available Versions of this Item
Repository Staff Only: item control page