Share Email Print

Proceedings Paper

Realization of correlation attack against the fuzzy vault scheme
Author(s): Alisher Kholmatov; Berrin Yanikoglu
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

User privacy and template security are major concerns in the use of biometric systems. These are serious concerns based on the fact that once compromised, biometric traits can not be canceled or reissued. The Fuzzy Vault scheme has emerged as a promising method to alleviate the template security problem. The scheme is based on binding the biometric template with a secret key and scrambling it with a large amount of redundant data, such that it is computationally infeasible to extract the secret key without possession of the biometric trait. It was recently claimed that the scheme is susceptible to correlation based attacks which assume the availability of two fuzzy vaults created using the same biometric data (e.g. two impressions of the same fingerprint) and suggests that correlating them would reveal the biometric data hidden inside. In this work, we implemented the fuzzy vault scheme using fingerprints and performed correlation attacks against a database of 400 fuzzy vaults (200 matching pairs). Given two matching vaults, we could successfully unlock 59% of them within a short time. Furthermore, it was possible to link an unknown vault to a short list containing its matching pair, for 41% of all vaults. These results prove the claim that the fuzzy vault scheme without additional security measures is indeed vulnerable to correlation attacks.

Paper Details

Date Published: 18 March 2008
PDF: 7 pages
Proc. SPIE 6819, Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, 68190O (18 March 2008); doi: 10.1117/12.766861
Show Author Affiliations
Alisher Kholmatov, Sabanci Univ. (Turkey)
Berrin Yanikoglu, Sabanci Univ. (Turkey)

Published in SPIE Proceedings Vol. 6819:
Security, Forensics, Steganography, and Watermarking of Multimedia Contents X
Edward J. Delp III; Ping Wah Wong; Jana Dittmann; Nasir D. Memon, Editor(s)

© SPIE. Terms of Use
Back to Top