The Fuzzy Vault for fingerprints is Vulnerable to Brute Force Attack
Preda Mihailescu
TL;DR
This paper demonstrates that the fuzzy vault scheme used with fingerprint biometrics is susceptible to brute force attacks, compromising security, and suggests cryptographic methods as more secure alternatives.
Contribution
It reveals the vulnerability of the fingerprint fuzzy vault to brute force attacks and discusses potential cryptographic solutions for enhanced security.
Findings
The fingerprint fuzzy vault can be broken with affordable computational resources.
Interceptors can recover secret and template data from the vault.
Cryptographic security may be more reliable than one-way functions for biometric protection.
Abstract
The \textit{fuzzy vault} approach is one of the best studied and well accepted ideas for binding cryptographic security into biometric authentication. The vault has been implemented in connection with fingerprint data by Uludag and Jain. We show that this instance of the vault is vulnerable to brute force attack. An interceptor of the vault data can recover both secret and template data using only generally affordable computational resources. Some possible alternatives are then discussed and it is suggested that cryptographic security may be preferable to the one - way function approach to biometric security.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBiometric Identification and Security · User Authentication and Security Systems · Forensic Fingerprint Detection Methods