The fuzzy vault for fingerprints is vulnerable to brute force attack

The fuzzy vault approach is one of the best studied and well accepted ideas for binding cryptographic security into biometric authentication. We present in this paper a brute force attack which improves on the one described by T. Charles Clancy et. al. in 2003 in an implementation of the vault for fingerprints. Based on this attack, we show that three implementations of the fingerprint vault are vulnerable and show that the vulnerability cannot be avoided by mere parameter selection in the actual frame of the protocol. We will report about our experiences with an implementation of such an attack. We also give several suggestions which can improve the fingerprint vault to become a cryptographically secure algorithm. In particular, we introduce the idea of fuzzy vault with quiz which draws upon information resources unused by the current version of the vault. This may bring important security improvements and can be adapted to the other biometric applications of the vault.

Mihǎilescu, Preda; Munk, Axel; Tams, Benjamin (2009): The fuzzy vault for fingerprints is vulnerable to brute force attack. BIOSIG 2009: biometrics and electronic signatures. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-249-1. pp. 43-54. Regular Research Papers. Darmstadt. 17.–18. September 2009

Sammlungen

P155 - BIOSIG 2009 - Proceedings of the 8th International Conference of the Biometrics Special Interest Group

Komplettanzeige

The fuzzy vault for fingerprints is vulnerable to brute force attack

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen