Analysis of Reusability of Secure Sketches and Fuzzy Extractors

Secure sketches and fuzzy extractors enable the use of biometric data in cryptographic applications by correcting errors in noisy biometric readings and producing cryptographic materials suitable for authentication, encryption, and other purposes. Such constructions work by producing a public sketch, which is later used to reproduce the original biometric and all derived information exactly from a noisy biometric reading. It has been previously shown that release of multiple sketches associated with a single biometric presents security problems for certain constructions. We continue the analysis to demonstrate that all other constructions are also prone to similar problems and cannot be safely reused even in the presence of very weak adversaries.

[1]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[2]  Stark C. Draper,et al.  An information-theoretic analysis of revocability and reusability in secure biometrics , 2011, 2011 Information Theory and Applications Workshop.

[3]  Adam D. Smith,et al.  Maintaining secrecy when information leakage is unavoidable , 2004 .

[4]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[5]  Jintai Ding,et al.  Mutant Zhuang-Zi Algorithm , 2010, PQCrypto.

[6]  Anton H. M. Akkermans,et al.  A Quantitative Analysis of Indistinguishability for a Continuous Domain Biometric Cryptosystem , 2009, DPM/SETOP.

[7]  Sharath Pankanti,et al.  On the individuality fingerprints , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[8]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[9]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[10]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[11]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[12]  Julien Bringer,et al.  A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[14]  Berrin A. Yanikoglu,et al.  Realization of correlation attack against the fuzzy vault scheme , 2008, Electronic Imaging.

[15]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[16]  H. Vincent Poor,et al.  Privacy–Security Trade-Offs in Biometric Security Systems—Part I: Single Use Case , 2011, IEEE Transactions on Information Forensics and Security.

[17]  H. Vincent Poor,et al.  Privacy–Security Trade-Offs in Biometric Security Systems—Part II: Multiple Use Case , 2011, IEEE Transactions on Information Forensics and Security.

[18]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[19]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[20]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[21]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.

[22]  Ali Miri,et al.  A collusion attack on the fuzzy vault scheme , 2009, ISC Int. J. Inf. Secur..

[23]  Marina Blanton,et al.  On the (Non-)Reusability of Fuzzy Sketches and Extractors and Security Improvements in the Computational Setting , 2012, IACR Cryptol. ePrint Arch..