Unlinkable minutiae-based fuzzy vault for multiple fingerprints

The ‘fuzzy vault scheme’ is a cryptographic primitive being considered for storing fingerprint minutiae protected. A well-known problem of the fuzzy vault scheme is its vulnerability against correlation attack-based cross-matching thereby conflicting with the ‘unlinkability requirement’ and ‘irreversibility requirement’ of effective biometric information protection. Yet, it has been demonstrated that in principle a minutiae-based fuzzy vault can be secured against the correlation attack by passing the to-be-protected minutiae through a quantisation scheme. Unfortunately, single fingerprints seem not to be capable of providing an acceptable security level against offline attacks. To overcome the aforementioned security issues, this study shows how an implementation for multiple fingerprints can be derived on basis of the implementation for single finger thereby making use of a Guruswami–Sudan algorithm-based decoder for verification. The implementation, for which public C++ source code can be downloaded, is evaluated for single and various multi-finger settings using the MCYT-Fingerprint-100 database and provides security-enhancing features such as the possibility of combination with password and a slow-down mechanism.

[1]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[2]  Michael Alekhnovich Linear diophantine equations over polynomials and soft decoding of Reed-Solomon codes , 2005, IEEE Transactions on Information Theory.

[3]  Peter Trifonov Efficient Interpolation in the Guruswami–Sudan Algorithm , 2010, IEEE Transactions on Information Theory.

[4]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[5]  A. Rudra,et al.  Error correction up to the information-theoretic limit , 2009, CACM.

[6]  R. McEliece The Guruswami-Sudan Decoding Algorithm for Reed-Solomon Codes , 2003 .

[7]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[8]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  Benjamin Tams,et al.  Decodability Attack against the Fuzzy Commitment Scheme with Public Feature Transforms , 2014, ArXiv.

[10]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[11]  Mario Baum,et al.  Handbook Of Biometrics , 2016 .

[12]  Anil K. Jain,et al.  Securing Fingerprint Template: Fuzzy Vault with Helper Data , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[13]  Shuhong Gao,et al.  A New Algorithm for Decoding Reed-Solomon Codes , 2003 .

[14]  Raymond N. J. Veldhuis,et al.  Preventing the Decodability Attack Based Cross-Matching in a Fuzzy Commitment Scheme , 2011, IEEE Transactions on Information Forensics and Security.

[15]  Anil K. Jain,et al.  Multibiometric Cryptosystems Based on Feature-Level Fusion , 2012, IEEE Transactions on Information Forensics and Security.

[16]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[17]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[18]  Heinrich Ihmor,et al.  Performance of the Fuzzy Vault for Multiple Fingerprints , 2010, BIOSIG.

[19]  Axel Munk,et al.  Security Considerations in Minutiae-Based Fuzzy Vaults , 2015, IEEE Transactions on Information Forensics and Security.

[20]  Anil K. Jain,et al.  Hardening Fingerprint Fuzzy Vault Using Password , 2007, ICB.

[21]  Ingrid Verbauwhede,et al.  Automatic secure fingerprint verification system based on fuzzy vault scheme , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[22]  Nadia Heninger,et al.  Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding , 2010, Adv. Math. Commun..

[23]  Ron M. Roth,et al.  Efficient decoding of Reed-Solomon codes beyond half the minimum distance , 2000, IEEE Trans. Inf. Theory.

[24]  Marina Blanton,et al.  Analysis of Reusability of Secure Sketches and Fuzzy Extractors , 2013, IEEE Transactions on Information Forensics and Security.

[25]  Axel Munk,et al.  The Fuzzy Vault for Fingerprints is Vulnerable to Brute Force Attack , 2007, BIOSIG.

[26]  Berrin A. Yanikoglu,et al.  Realization of correlation attack against the fuzzy vault scheme , 2008, Electronic Imaging.

[27]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[28]  Anil K. Jain,et al.  FVC2000: Fingerprint Verification Competition , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[29]  Johannes Merkle,et al.  Security of the Improved Fuzzy Vault Scheme in the Presence of Record Multiplicity (Full Version) , 2013, ArXiv.

[30]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[31]  Juan J. Igarza,et al.  MCYT baseline corpus: a bimodal biometric database , 2003 .

[32]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[33]  Peng Li,et al.  An alignment-free fingerprint cryptosystem based on fuzzy vault scheme , 2010, J. Netw. Comput. Appl..

[34]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[35]  Arun Ross,et al.  Handbook of Multibiometrics , 2006, The Kluwer international series on biometrics.

[36]  J A Hanley,et al.  If nothing goes wrong, is everything all right? Interpreting zero numerators. , 1983, JAMA.

[37]  Anil K. Jain,et al.  A hybrid biometric cryptosystem for securing fingerprint minutiae templates , 2010, Pattern Recognit. Lett..

[38]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[39]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[40]  Tom A. M. Kevenaar,et al.  Multi-modal and multi-instance fusion for biometric cryptosystems , 2012, 2012 BIOSIG - Proceedings of the International Conference of Biometrics Special Interest Group (BIOSIG).

[41]  Madhu Sudan,et al.  Decoding of Reed Solomon Codes beyond the Error-Correction Bound , 1997, J. Complex..