Securing Fingerprint Template: Fuzzy Vault with Helper Data

An important issue gaining attention in biometrics community is the security and privacy of biometric systems: How robust are these systems against attacks? What happens if the biometric template is lost or stolen? Can the privacy of the users be preserved even when a security breach occurs? Among the numerous attacks that can be launched against these systems, protecting the user template that is stored either locally (e.g., on a smart card) or centrally (e.g., on the server) is a major concern. As a possible solution to this problem, a new class of algorithms, termed biometric cryptosystems has been proposed. These systems do not store the original template but only a transformed version of the template within a cryptographic framework. An example of such systems is the fuzzy vault construct proposed by Juels and Sudan. In this construct, the biometric template is converted to a 2D point cloud, containing a secret such as a symmetric encryption key. The operation of the vault requires some "helper" data. In this paper, we present an implementation of the fuzzy fingerprint vault based on orientation field based helper data that is automatically extracted from the fingerprints. We further show that this helper data does not leak any information about fingerprint minutiae, hence complementing the increased user privacy afforded by the fuzzy fingerprint vault. We demonstrate the vault performance on a public domain fingerprint database.

[1]  Sang Wook Lee,et al.  ICP Registration Using Invariant Features , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[2]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[3]  Paul J. Besl,et al.  A Method for Registration of 3-D Shapes , 1992, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Nalini K. Ratha,et al.  An Analysis of Minutiae Matching Strength , 2001, AVBPA.

[5]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[6]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[7]  Anil K. Jain,et al.  Fingerprint Classification Using Orientation Field Flow Curves , 2004, ICVGIP.

[8]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[9]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[10]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[11]  Daesung Moon,et al.  Automatic Alignment of Fingerprint Features for Fuzzy Fingerprint Vault , 2005, CISC.

[12]  Shu Lin,et al.  Error Control Coding , 2004 .

[13]  William H. Press,et al.  Numerical recipes in C , 2002 .

[14]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[15]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[16]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[17]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[18]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[19]  Ingrid Verbauwhede,et al.  Automatic secure fingerprint verification system based on fuzzy vault scheme , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[20]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[21]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.