The fuzzy vault scheme is a well-known technique to mitigate privacy, security, and usability related problems in biometric identification applications. The basic idea is to hide biometric data along with secret information amongst randomly selected chaff points during the enrollment process. Only the owner of the biometric data who presents correct biometrics can recover the secret and identify himself. Recent research, however, has shown that the scheme is vulnerable to certain types of attacks. The recently proposed ``correlation attack'', that allows linking two vaults of the same biometric, pose serious privacy risks that have not been sufficiently addressed. The primary aim of this work is to remedy those problems by proposing a framework based on distance preserving hash functions to render the correlation attack inapplicable. We first give definitions which capture the requirements such hash functions must posses. We then propose a specific family of hash functions that fulfills these requirements and lends itself to efficient implementation. We also provide formal proofs that the proposed family of hash functions indeed protects the fuzzy vault against correlation attacks. We implement a hashed fuzzy vault using fingerprint data and investigate the effects of the proposed method on the false accept and false reject rates (FAR and FRR, respectively) extensively. Implementation results suggest that the proposed method provides a complete protection against correlation attacks at the expense of small degradation in the FRR.
ÖRENCİK, CENGİZ; PEDERSEN, THOMAS BROCHMANN; SAVAŞ, ERKAY; and KESKİNÖZ, MEHMET
"Securing fuzzy vault schemes through biometric hashing,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 18:
4, Article 2.
Available at: https://journals.tubitak.gov.tr/elektrik/vol18/iss4/2