[Show abstract][Hide abstract] ABSTRACT: The fuzzy vault is an error tolerant authentication method that ensures the
privacy of the stored reference data. Several publications have proposed the
application of the fuzzy vault to fingerprints, but the results of subsequent
analyses indicate that a single finger does not contain sufficient information
for a secure implementation. In this contribution, we present an implementation
of a fuzzy vault based on minutiae information in several fingerprints aiming
at a security level comparable to current cryptographic applications. We
analyze and empirically evaluate the security, efficiency, and robustness of
the construction and several optimizations. The results allow an assessment of
the capacity of the scheme and an appropriate selection of parameters. Finally,
we report on a practical simulation conducted with ten users.
[Show abstract][Hide abstract] ABSTRACT: We investigate the security of privacy enhancing techniques for biometric applications. The fuzzy vault of Jules and Sudan is a technique that allows error tolerant authentication, while preserving the privacy of the reference data. Several publications have proposed its application to fingerprints in order to implement privacy-enhanced biometric authentication. While the heuristic security estimates given are promising, no rigid security analysis has been presented so far. We explore if and under what circumstances a provably secure fuzzy fingerprint vault can be implemented. Based on bounds on the loss of entropy for the general fuzzy vault and realistic models for minutiae distributions, we deduce lower bounds for attacks that attempt to recover the template. Furthermore, we show how to select optimal parameters and evaluate both, minimum minutiae match rates and minimum number of minutiae needed to obtain an appropriate security level. Our results indicate that a provable secure scheme is hard to achieve with current fingerprint technology.
Internet Monitoring and Protection (ICIMP), 2010 Fifth International Conference on; 06/2010
[Show abstract][Hide abstract] ABSTRACT: We investigate the security of a privacy enhancing technique for fingerprint authentication known as fuzzy fingerprint vault. This technique is based on the fuzzy vault of Jules and Sudan, a scheme that allows error tolerant authentication, while pre-serving the privacy of the reference data. We explore if and under what circumstances a secure fuzzy fin-gerprint vault can be implemented. We derive both upper and lower security bounds for any attacks that attempt to recover the template from the stored reference data, and, at the same time, significantly improve the best known attack. Furthermore, we show how to select optimal parameters and evaluate both minimum minutiae match rates and minimum number of minutiae needed to obtain an appropri-ate security level. Our results quantify the security capacity of the fuzzy fingerprint vault and provide important tools for selection of suitable parameters.
International Journal on Advances in Security. 01/2010; 3(3 & 4):146-168.
[Show abstract][Hide abstract] ABSTRACT: This paper presents a comparative study on fingerprint recognition systems. The goal of this study was to investigate the capability characteristics of biometric systems regarding integration of biometric features in personnel documents such as ID cards and Visa application documents. Thus the designed test has the focus on performance testing of selected algorithms and systems with dedicated investigations on side effects such as independence of matching rates and results from the scanning device or the impacts of ageing effects on the received operator characteristics. The study was carried out in close collaboration between German Federal Criminal Police Office (Bundeskriminalamt, BKA), the German Federal Office for Information Security (Bundesamt fuer Sicherheit in der Informationstechnik, BSI) and the Fraunhofer-IGD.
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC; 07/2005