Title :
Cracking Fuzzy Vaults and Biometric Encryption
Author :
Scheirer, Walter J. ; Boult, Terrance E.
Author_Institution :
Univ. of Colorado, Colorado Springs
Abstract :
This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various "proven" security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have "proven" security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address the privacy and security requirements.
Keywords :
biometrics (access control); cryptography; data privacy; fuzzy set theory; BE techniques; BFV techniques; biometric encryption; biometric fuzzy vaults; blended substitution attacks; privacy enhanced technologies; published attacks; record multiplicity; security analysis; surreptitious key-inversion attack; Authentication; Bioinformatics; Biometrics; Cryptography; Data security; Databases; Positron emission tomography; Privacy; Protection; Springs;
Conference_Titel :
Biometrics Symposium, 2007
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4244-1549-6
Electronic_ISBN :
978-1-4244-1549-6
DOI :
10.1109/BCC.2007.4430534
