Vulnerabilities of fuzzy vault schemes using biometric data with traces

Biometric cryptosystems represent emerging techniques for biometric template protection. These cryptosystems are vulnerable to different types of attacks, as brute force attacks or correlation attacks if several templates are compromised. Another biometric security issue comes from certain biometric data (as fingerprint or face image) that can leave traces, but are, in the same time, the most commonly biometric modalities used in mobile security. In this paper, a new attack based on the alteration of original user data is investigated on fuzzy Vault biometric cryptosystems. We assume that the attacker uses a modified version of the real user image to gain unauthorized access to the system (mobile phone). Experimental results carried out using fingerprint and face modalities show that this assumption has serious impact on the security of this type of biometric cryptosystems.