Open Access
Securing fuzzy vault schemes through biometric hashing
Author(s) -
Cengiz Örencik,
Thomas Pedersen,
Erkay Savaş,
Mehmet Keskinöz
Publication year - 2010
Publication title -
turkish journal of electrical engineering and computer sciences/elektrik
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.225
H-Index - 30
eISSN - 1303-6203
pISSN - 1300-0632
DOI - 10.3906/elk-0910-228
Subject(s) - hash function , computer science , biometrics , fingerprint (computing) , data mining , fuzzy logic , computer security , identification (biology) , artificial intelligence , botany , biology
The fuzzy vault scheme is a well-known technique to mitigate privacy, security, and usability related problems in biometric identification applications. The basic idea is to hide biometric data along with secret information amongst randomly selected chaff points during the enrollment process. Only the owner\udof the biometric data who presents correct biometrics can recover the secret and identify himself. Recent research, however, has shown that the scheme is vulnerable to certain types of attacks. The recently proposed “correlation attack”, that allows linking two vaults of the same biometric, pose serious privacy risks that have not been sufficiently addressed. The primary aim of this work is to remedy those problems by proposing a framework based on distance preserving hash functions to render the correlation attack inapplicable. We first give definitions which capture the requirements such hash functions must posses. We then propose a specific family of hash functions that fulfills these requirements and lends itself to efficient implementation. We also provide formal proofs that the proposed family of hash functions indeed protects the fuzzy vault against correlation attacks. We implement a hashed fuzzy vault using fingerprint data and investigate the effects of the proposed method on the false accept and false reject rates (FAR and FRR, respectively) extensively.\udImplementation results suggest that the proposed method provides a complete protection against correlation attacks at the expense of small degradation in the FRR