Translator Disclaimer
18 March 2008 Realization of correlation attack against the fuzzy vault scheme
Author Affiliations +
User privacy and template security are major concerns in the use of biometric systems. These are serious concerns based on the fact that once compromised, biometric traits can not be canceled or reissued. The Fuzzy Vault scheme has emerged as a promising method to alleviate the template security problem. The scheme is based on binding the biometric template with a secret key and scrambling it with a large amount of redundant data, such that it is computationally infeasible to extract the secret key without possession of the biometric trait. It was recently claimed that the scheme is susceptible to correlation based attacks which assume the availability of two fuzzy vaults created using the same biometric data (e.g. two impressions of the same fingerprint) and suggests that correlating them would reveal the biometric data hidden inside. In this work, we implemented the fuzzy vault scheme using fingerprints and performed correlation attacks against a database of 400 fuzzy vaults (200 matching pairs). Given two matching vaults, we could successfully unlock 59% of them within a short time. Furthermore, it was possible to link an unknown vault to a short list containing its matching pair, for 41% of all vaults. These results prove the claim that the fuzzy vault scheme without additional security measures is indeed vulnerable to correlation attacks.
© (2008) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Alisher Kholmatov and Berrin Yanikoglu "Realization of correlation attack against the fuzzy vault scheme", Proc. SPIE 6819, Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, 68190O (18 March 2008);


Cryptographic key generation using handwritten signature
Proceedings of SPIE (April 17 2006)
Data searching system based on webpages exploring technology
Proceedings of SPIE (December 02 2005)
A palmprint-based cryptosystem using double encryption
Proceedings of SPIE (March 17 2008)
Secret sharing using biometric traits
Proceedings of SPIE (April 17 2006)

Back to Top