Abstract
Security of stored templates is a critical issue in biometric systems because biometric templates are non-revocable. Fuzzy vault is a cryptographic framework that enables secure template storage by binding the template with a uniformly random key. Though the fuzzy vault framework has proven security properties, it does not provide privacy-enhancing features such as revocability and protection against cross-matching across different biometric systems. Furthermore, non-uniform nature of biometric data can decrease the vault security. To overcome these limitations, we propose a scheme for hardening a fingerprint minutiae-based fuzzy vault using password. Benefits of the proposed password-based hardening technique include template revocability, prevention of cross-matching, enhanced vault security and a reduction in the False Accept Rate of the system without significantly affecting the False Reject Rate. Since the hardening scheme utilizes password only as an additional authentication factor (independent of the key used in the vault), the security provided by the fuzzy vault framework is not affected even when the password is compromised.
Research supported by ARO grant no. W911NF-06-1-0418.
Chapter PDF
Similar content being viewed by others
References
Juels, A., Sudan, M.: A Fuzzy Vault Scheme. In: Proceedings of IEEE International Symposium on Information Theory, Lausanne, Switzerland, p. 408 (2002)
Ratha, N., Chikkerur, S., Connell, J.H., Bolle, R.M.: Generating Cancelable Fingerprint Templates. IEEE Trans. on PAMI 29(4), 561–572 (2007)
Savvides, M., Kumar, B.V.K.V., Khosla, P.K.: Cancelable biometric filters for face recognition. In: Proceedings of ICPR, Cambridge, UK, August 2004, vol. 3, pp. 922–925 (2004)
Teoh, A.B.J., Goh, A., Ngo, D.C.L.: Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs. IEEE Trans. on PAMI 28(12), 1892–1901 (2006)
Monrose, F., Reiter, M.K., Li, Q., Wetzel, S.: Cryptographic Key Generation from Voice. In: Proc. IEEE Symp. Security and Privacy, Oakland, May 2001, pp. 202–213 (2001)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Proceedings of International Conference on Theory and Applications of Cryptographic Techniques, May 2004, pp. 523–540 (2004)
Hao, F., Anderson, R., Daugman, J.: Combining Crypto with Biometrics Effectively. IEEE Trans. on Computers 55(9), 1081–1088 (2006)
Sutcu, Y., Li, Q., Memon, N.: Protecting Biometric Templates with Sketch: Theory and Practice. IEEE Trans. on Information Forensics and Security (to appear, 2007)
Draper, S.C., Khisti, A., Martinian, E., Vetro, A., Yedidia, J.S.: Using Distributed Source Coding to Secure Fingerprint Biometrics. In: Proc. of IEEE International Conference on Acoustics, Speech and Signal Processing, Hawaii, vol. 2, pp. 129–132 (April 2007)
Boult, T.E., Scheirer, W.J., Woodworth, R.: Fingerprint Revocable Biotokens: Accuracy and Security Analysis. In: Proc. of CVPR, Minneapolis (June 2007)
Scheirer, W.J., Boult, T.E.: Cracking Fuzzy Vaults and Biometric Encryption, Univ. of Colorado at Colorado Springs, Tech. Rep. (February 2007)
Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based Fuzzy Vault: Implementation and Performance, Michigan State Univ. Tech. Rep. TR-06-31 (2006)
Yang, S., Verbauwhede, I.: Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme. In: Proceedings of IEEE International Conference on Acoustics, Speech, and Signal Processing, Philadelphia, USA, March 2005, vol. 5, pp. 609–612 (2005)
Uludag, U., Pankanti, S., Jain, A.K.: Fuzzy Vault for Fingerprints. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 310–319. Springer, Heidelberg (2005)
Chetverikov, D., Svirko, D., Stepanov, D., Krsek, P.: The Trimmed Iterative Closest Point Algorithm. In: Proc. of ICPR, Quebec City, Canada, August 2002, pp. 545–548 (2002)
Jain, A.K., Hong, L., Bolle, R.: On-line Fingerprint Verification. IEEE Trans. on PAMI 19(4), 302–314 (1997)
Maio, D., Maltoni, D., Wayman, J.L., Jain, A.K.: FVC2002: Second Fingerprint Verification Competition. In: Proc. of ICPR, Quebec City, August 2002, pp. 811–814 (2002)
Jain, A.K., Prabhakar, S., Ross, A.: Fingerprint Matching: Data Acquisition and Performance Evaluation. Michigan State Univ. Tech. Rep. TR99-14 (1999)
Burr, W.E., Dodson, D.F., Polk, W.T.: Information Security: Electronic Authentication Guideline. NIST Special Report 800-63 (April 2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nandakumar, K., Nagar, A., Jain, A.K. (2007). Hardening Fingerprint Fuzzy Vault Using Password. In: Lee, SW., Li, S.Z. (eds) Advances in Biometrics. ICB 2007. Lecture Notes in Computer Science, vol 4642. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74549-5_97
Download citation
DOI: https://doi.org/10.1007/978-3-540-74549-5_97
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74548-8
Online ISBN: 978-3-540-74549-5
eBook Packages: Computer ScienceComputer Science (R0)