Securing fuzzy vault schemes through biometric hashing

Cengiz Örencik*, Thomas B. Pedersen, Erkay Savaş, Mehmet Keskinöz

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

10 Citations (Scopus)

Abstract

The fuzzy vault scheme is a well-known technique to mitigate privacy, security, and usability related problems in biometric identification applications. The basic idea is to hide biometric data along with secret information amongst randomly selected chaff points during the enrollment process. Only the owner of the biometric data who presents correct biometrics can recover the secret and identify himself. Recent research, however, has shown that the scheme is vulnerable to certain types of attacks. The recently proposed "correlation attack", that allows linking two vaults of the same biometric, pose serious privacy risks that have not been sufficiently addressed. The primary aim of this work is to remedy those problems by proposing a framework based on distance preserving hash functions to render the correlation attack inapplicable. We first give definitions which capture the requirements such hash functions must posses. We then propose a specific family of hash functions that fulfills these requirements and lends itself to efficient implementation. We also provide formal proofs that the proposed family of hash functions indeed protects the fuzzy vault against correlation attacks. We implement a hashed fuzzy vault using fingerprint data and investigate the effects of the proposed method on the false accept and false reject rates (FAR and FRR, respectively) extensively. Implementation results suggest that the proposed method provides a complete protection against correlation attacks at the expense of small degradation in the FRR.

Original languageEnglish
Pages (from-to)515-539
Number of pages25
JournalTurkish Journal of Electrical Engineering and Computer Sciences
Volume18
Issue number4
DOIs
Publication statusPublished - Jul 2010
Externally publishedYes

Keywords

  • Biometric hashing
  • Biometrics
  • Fingerprint
  • Fuzzy vault
  • Privacy

Fingerprint

Dive into the research topics of 'Securing fuzzy vault schemes through biometric hashing'. Together they form a unique fingerprint.

Cite this