Statistical attack against fuzzy commitment scheme

In this study a statistical attack against fuzzy commitment schemes is presented. Comparisons of different pairs of binary biometric feature vectors yield binomial distributions, the standard deviations of which are bounded by the entropy of biometric templates. In case error correction consists of a series of chunks, like in the vast majority of approaches, helper data become vulnerable to statistical attacks. Error-correction codewords are bound to separate parts of a binary template among which biometric entropy is dispersed. As a consequence, chunks of the helper data are prone to statistical significant false acceptance. In experimental evaluations the proposed attack is applied to different iris-biometric fuzzy commitment schemes retrieving cryptographic keys at alarming low effort.

[1]  Ann Cavoukian,et al.  Biometric Encryption , 2011, Encyclopedia of Cryptography and Security.

[2]  Andreas Uhl,et al.  Statistical attack against iris-biometric fuzzy commitment schemes , 2011, CVPR 2011 WORKSHOPS.

[3]  Julien Bringer,et al.  Binary feature vector fingerprint representation from minutiae vicinities , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[4]  K.W. Bowyer,et al.  The Best Bits in an Iris Code , 2009, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[5]  Andreas Uhl,et al.  Reliability-balanced feature level fusion for fuzzy commitment scheme , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[6]  Gérard D. Cohen,et al.  Theoretical and Practical Boundaries of Binary Secure Sketches , 2008, IEEE Transactions on Information Forensics and Security.

[7]  Raymond N. J. Veldhuis,et al.  Pseudo Identities Based on Fingerprint Characteristics , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[8]  Nalini K. Ratha,et al.  Cancelable iris biometric , 2008, 2008 19th International Conference on Pattern Recognition.

[9]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[10]  Dexin Zhang,et al.  Efficient iris recognition by characterizing key local variations , 2004, IEEE Transactions on Image Processing.

[11]  Xingzhao Liu,et al.  Nonlinear Frequency Scaling Algorithm for High Squint Spotlight SAR Data Processing , 2008, EURASIP J. Adv. Signal Process..

[12]  Tieniu Tan,et al.  Robust Biometric Key Extraction Based on Iris Cryptosystem , 2009, ICB.

[13]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[14]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[15]  Alessandro Neri,et al.  User adaptive fuzzy commitment for signature template protection and renewability , 2008, J. Electronic Imaging.

[16]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[17]  Frans M. J. Willems,et al.  Achieving Secure Fuzzy Commitment Scheme for Optical PUFs , 2009, 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[18]  N. Balakrishnan,et al.  Binomial and Negative Binomial Analogues under Correlated Bernoulli Trials , 1994 .

[19]  Jorge Guajardo,et al.  Efficient strategies to play the indistinguishability game for fuzzy sketches , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[20]  A. Stoianov,et al.  Security issues of Biometric Encryption , 2009, 2009 IEEE Toronto International Conference Science and Technology for Humanity (TIC-STH).

[21]  Ross J. Anderson,et al.  Combining cryptography with biometrics effectively , 2005 .

[22]  Konstantinos N. Plataniotis,et al.  Biometric Encryption: The New Breed of Untraceable Biometrics , 2010 .

[23]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[24]  Hervé Sibert,et al.  Biometric Fuzzy Extractors Made Practical: A Proposal Based on FingerCodes , 2007, ICB.

[25]  Raymond N. J. Veldhuis,et al.  Binary Biometrics: An Analytic Framework to Estimate the Performance Curves Under Gaussian Assumption , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[26]  Frans M. J. Willems,et al.  Information Leakage in Fuzzy Commitment Schemes , 2010, IEEE Transactions on Information Forensics and Security.

[27]  Andreas Uhl,et al.  Systematic Construction of Iris-Based Fuzzy Commitment Schemes , 2009, ICB.

[28]  John Daugman How iris recognition works , 2004 .

[29]  Andrew Beng Jin Teoh,et al.  Secure biometric template protection in fuzzy commitment scheme , 2007, IEICE Electron. Express.

[30]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[31]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[32]  Karthik Nandakumar,et al.  A fingerprint cryptosystem based on minutiae phase spectrum , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[33]  Andreas Uhl,et al.  Two-Factor Authentication or How to Potentially Counterfeit Experimental Results in Biometric Systems , 2010, ICIAR.

[34]  Libor Masek,et al.  Recognition of Human Iris Patterns for Biometric Identification , 2003 .

[35]  Raymond N. J. Veldhuis,et al.  Preventing the Decodability Attack Based Cross-Matching in a Fuzzy Commitment Scheme , 2011, IEEE Transactions on Information Forensics and Security.

[36]  Andreas Uhl,et al.  Adaptive fuzzy commitment scheme based on iris-code error analysis , 2010, 2010 2nd European Workshop on Visual Information Processing (EUVIP).

[37]  Mauro Barni,et al.  eSketch: a privacy-preserving fuzzy commitment scheme for authentication using encrypted biometrics , 2010, MM&Sec '10.

[38]  Raymond N. J. Veldhuis,et al.  Binary Representations of Fingerprint Spectral Minutiae Features , 2010, 2010 20th International Conference on Pattern Recognition.

[39]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.