Cracking Fuzzy Vaults and Biometric Encryption
Scheirer, W.J.
Boult, T.E.
Univ. of Colorado, Colorado Springs;
This paper appears in: Biometrics Symposium, 2007
Publication Date: 11-13 Sept. 2007
On page(s): 1-6
Location: Baltimore, MD,
ISBN: 978-1-4244-1549-6
INSPEC Accession Number: 9822044
Digital Object Identifier: 10.1109/BCC.2007.4430534
Current Version Published: 2008-01-14
Abstract
This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various "proven" security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have "proven" security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address theprivacyandsecurityrequirements.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
