Vulnerabilities of fuzzy vault schemes using biometric data with traces

Biometric cryptosystems represent emerging techniques for biometric template protection. These cryptosystems are vulnerable to different types of attacks, as brute force attacks or correlation attacks if several templates are compromised. Another biometric security issue comes from certain biometric data (as fingerprint or face image) that can leave traces, but are, in the same time, the most commonly biometric modalities used in mobile security. In this paper, a new attack based on the alteration of original user data is investigated on fuzzy Vault biometric cryptosystems. We assume that the attacker uses a modified version of the real user image to gain unauthorized access to the system (mobile phone). Experimental results carried out using fingerprint and face modalities show that this assumption has serious impact on the security of this type of biometric cryptosystems.

[1]  Anil K. Jain,et al.  Altered Fingerprints: Analysis and Detection , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[2]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[3]  Kang Ryoung Park,et al.  Biometric Key Binding: Fuzzy Vault Based on Iris Images , 2007, ICB.

[4]  Ashraf El-Sisi,et al.  Design and implementation biometric access control system using fingerprint for restricted area based on gabor filter , 2011, Int. Arab J. Inf. Technol..

[5]  Anil K. Jain,et al.  Securing fingerprint template: Fuzzy vault with minutiae descriptors , 2008, 2008 19th International Conference on Pattern Recognition.

[6]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[7]  C.J.H. Mann,et al.  Color Image Processing – Methods and Applications , 2008 .

[8]  M. Ramakrishnan,et al.  A NEW APPROACH OF ALTERED FINGERPRINTS DETECTION ON THE ALTERED AND NORMAL FINGERPRINT DATABASE , 2013 .

[9]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[10]  Aleix M. Martinez,et al.  The AR face database , 1998 .

[11]  T.E. Boult,et al.  Cracking Fuzzy Vaults and Biometric Encryption , 2007, 2007 Biometrics Symposium.

[12]  Benjamin Tams,et al.  Cryptanalysis of the Fuzzy Vault for Fingerprints: Vulnerabilities and Countermeasures , 2013 .

[13]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[14]  Xiangjun Zhang,et al.  Low Bit-Rate Image Compression via Adaptive Down-Sampling and Constrained Least Squares Upconversion , 2009, IEEE Transactions on Image Processing.

[15]  Jean-Luc Dugelay,et al.  Impact analysis of nose alterations on 2D and 3D face recognition , 2012, 2012 IEEE 14th International Workshop on Multimedia Signal Processing (MMSP).

[16]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[17]  P. Velayutham Automatic Detection of Altered Fingerprints , 2012 .

[18]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[19]  J. Fierrez-Aguilar,et al.  Cryptographic key generation using handwritten signature , 2006, SPIE Defense + Commercial Sensing.

[20]  Anil K. Jain,et al.  Multibiometric Template Security Using Fuzzy Vault , 2008, 2008 IEEE Second International Conference on Biometrics: Theory, Applications and Systems.

[21]  Ee-Chien Chang,et al.  Finding the original point set hidden among chaff , 2006, ASIACCS '06.

[22]  Pong C. Yuen,et al.  Protecting Face Biometric Data on Smartcard with Reed-Solomon Code , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[23]  Arun Ross,et al.  Detecting Altered Fingerprints , 2010, 2010 20th International Conference on Pattern Recognition.

[24]  A. Martínez,et al.  The AR face databasae , 1998 .

[25]  Anil K. Jain Fingerprint Alteration , 2009 .

[26]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[27]  Andrea Lagorio,et al.  On the Use of SIFT Features for Face Authentication , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[28]  Anil K. Jain,et al.  FVC2002: Second Fingerprint Verification Competition , 2002, Object recognition supported by user interaction for service robots.

[29]  Marina Blanton,et al.  Analysis of Reusability of Secure Sketches and Fuzzy Extractors , 2013, IEEE Transactions on Information Forensics and Security.

[30]  Andreas Uhl,et al.  Iris-Biometric Fuzzy Commitment Schemes under Signal Degradation , 2012, ICISP.