Information Technology Reference
In-Depth Information
The Advanced of Fuzzy Vault Using Password
Sumin Hong and Hwakyu Park
LIGNEX1, Yongin-City, Gyeonggi-do, Korea
fasinetcul@gmail.com
coco_kagoo@hotmail.com
Abstract.
Biometric information of person is immutable and unchangeable.
Thus, if it is disclosed, owner of fingerprint cannot use his fingerprint any
longer. Fuzzy vault is a cryptographic framework that makes secure template
storage to bind the template with a uniformly random key. In order to keep
fuzzy vault secure, various schemes are studied using special data like pass-
word. K.Nandakumar proposed a scheme for hardening a fingerprint minutiae-
based fuzzy vault using password. However, that scheme has vulnerabilities
against several attacks. In this paper, we analyze vulnerabilities of
K.Nandakumar's scheme and propose a new scheme which is secure against
various attacks to fuzzy vaults.
1 Introduction
Nowadays, various internet services are provided. To use various services securely,
user authentication is needed. The user authentication can be implemented in various
ways, for example, using password, using smartcard, or using biometric information.
In e-commerce service, for authentication, many service providers use biometric in-
formation, especially, fingerprint, because authentication using fingerprint is very
simple and familiar to user. However, because biometric information is immutable
and unchangeable, if biometric information is exposed, even owner cannot use his
biometric information any longer. Thus, various schemes are studied to protect bio-
metric information.
Fuzzy vault is a cryptographic framework to keep secure biometric template using
encryption by a random key. Generally, fingerprint fuzzy vault consists of two factors,
minutiae and chaff points. Minutiae points are unique information of fingerprint used in
user authentication and chaff points are a set of points those are included in the vault to
make attacker hard to extract minutiae points. However, because minutiae points of user
are unique information, if attacker obtains two vaults of same user, he can extract minu-
tiae by cross-matching. To prevent cross-matching, K.Nandakumar proposed a harden-
ing fingerprint fuzzy vault using password. In this scheme, attacker cannot extract
minutiae by cross-matching, because this scheme uses transformed minutiae points by
password to make fuzzy vault. However, if an attacker obtains template before trans-
formed and template after transformed, he can easily obtain user's password which is
used in template transformation.Thus, to prevent exposure of password, in this paper,
we propose a new secure fuzzy vault scheme. To solve the problem of K.Nandakumar's
scheme, we use one-way hash function. Also, K.Nandakumar describes the equation
Search WWH ::
Custom Search