Hardening Fingerprint Fuzzy Vault Using Password

  • Karthik Nandakumar
  • Abhishek Nagar
  • Anil K. Jain
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4642)


Security of stored templates is a critical issue in biometric systems because biometric templates are non-revocable. Fuzzy vault is a cryptographic framework that enables secure template storage by binding the template with a uniformly random key. Though the fuzzy vault framework has proven security properties, it does not provide privacy-enhancing features such as revocability and protection against cross-matching across different biometric systems. Furthermore, non-uniform nature of biometric data can decrease the vault security. To overcome these limitations, we propose a scheme for hardening a fingerprint minutiae-based fuzzy vault using password. Benefits of the proposed password-based hardening technique include template revocability, prevention of cross-matching, enhanced vault security and a reduction in the False Accept Rate of the system without significantly affecting the False Reject Rate. Since the hardening scheme utilizes password only as an additional authentication factor (independent of the key used in the vault), the security provided by the fuzzy vault framework is not affected even when the password is compromised.


Biometric template security fuzzy vault hardening password fingerprint minutiae helper data 


  1. 1.
    Juels, A., Sudan, M.: A Fuzzy Vault Scheme. In: Proceedings of IEEE International Symposium on Information Theory, Lausanne, Switzerland, p. 408 (2002)Google Scholar
  2. 2.
    Ratha, N., Chikkerur, S., Connell, J.H., Bolle, R.M.: Generating Cancelable Fingerprint Templates. IEEE Trans. on PAMI 29(4), 561–572 (2007)Google Scholar
  3. 3.
    Savvides, M., Kumar, B.V.K.V., Khosla, P.K.: Cancelable biometric filters for face recognition. In: Proceedings of ICPR, Cambridge, UK, August 2004, vol. 3, pp. 922–925 (2004)Google Scholar
  4. 4.
    Teoh, A.B.J., Goh, A., Ngo, D.C.L.: Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs. IEEE Trans. on PAMI 28(12), 1892–1901 (2006)Google Scholar
  5. 5.
    Monrose, F., Reiter, M.K., Li, Q., Wetzel, S.: Cryptographic Key Generation from Voice. In: Proc. IEEE Symp. Security and Privacy, Oakland, May 2001, pp. 202–213 (2001)Google Scholar
  6. 6.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Proceedings of International Conference on Theory and Applications of Cryptographic Techniques, May 2004, pp. 523–540 (2004)Google Scholar
  7. 7.
    Hao, F., Anderson, R., Daugman, J.: Combining Crypto with Biometrics Effectively. IEEE Trans. on Computers 55(9), 1081–1088 (2006)CrossRefGoogle Scholar
  8. 8.
    Sutcu, Y., Li, Q., Memon, N.: Protecting Biometric Templates with Sketch: Theory and Practice. IEEE Trans. on Information Forensics and Security (to appear, 2007)Google Scholar
  9. 9.
    Draper, S.C., Khisti, A., Martinian, E., Vetro, A., Yedidia, J.S.: Using Distributed Source Coding to Secure Fingerprint Biometrics. In: Proc. of IEEE International Conference on Acoustics, Speech and Signal Processing, Hawaii, vol. 2, pp. 129–132 (April 2007)Google Scholar
  10. 10.
    Boult, T.E., Scheirer, W.J., Woodworth, R.: Fingerprint Revocable Biotokens: Accuracy and Security Analysis. In: Proc. of CVPR, Minneapolis (June 2007)Google Scholar
  11. 11.
    Scheirer, W.J., Boult, T.E.: Cracking Fuzzy Vaults and Biometric Encryption, Univ. of Colorado at Colorado Springs, Tech. Rep. (February 2007)Google Scholar
  12. 12.
    Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based Fuzzy Vault: Implementation and Performance, Michigan State Univ. Tech. Rep. TR-06-31 (2006)Google Scholar
  13. 13.
    Yang, S., Verbauwhede, I.: Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme. In: Proceedings of IEEE International Conference on Acoustics, Speech, and Signal Processing, Philadelphia, USA, March 2005, vol. 5, pp. 609–612 (2005)Google Scholar
  14. 14.
    Uludag, U., Pankanti, S., Jain, A.K.: Fuzzy Vault for Fingerprints. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 310–319. Springer, Heidelberg (2005)Google Scholar
  15. 15.
    Chetverikov, D., Svirko, D., Stepanov, D., Krsek, P.: The Trimmed Iterative Closest Point Algorithm. In: Proc. of ICPR, Quebec City, Canada, August 2002, pp. 545–548 (2002)Google Scholar
  16. 16.
    Jain, A.K., Hong, L., Bolle, R.: On-line Fingerprint Verification. IEEE Trans. on PAMI 19(4), 302–314 (1997)Google Scholar
  17. 17.
    Maio, D., Maltoni, D., Wayman, J.L., Jain, A.K.: FVC2002: Second Fingerprint Verification Competition. In: Proc. of ICPR, Quebec City, August 2002, pp. 811–814 (2002)Google Scholar
  18. 18.
    Jain, A.K., Prabhakar, S., Ross, A.: Fingerprint Matching: Data Acquisition and Performance Evaluation. Michigan State Univ. Tech. Rep. TR99-14 (1999)Google Scholar
  19. 19.
    Burr, W.E., Dodson, D.F., Polk, W.T.: Information Security: Electronic Authentication Guideline. NIST Special Report 800-63 (April 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Karthik Nandakumar
    • 1
  • Abhishek Nagar
    • 1
  • Anil K. Jain
    • 1
  1. 1.Department of Computer Science & Engineering, Michigan State University, East Lansing, MI – 48824USA

Personalised recommendations