Gesellschaft fr Informatik e.V.

Lecture Notes in Informatics

BIOSIG 2009: Biometrics and Electronic Signatures P-155, 43-54 (2009).

Gesellschaft für Informatik, Bonn


Arslan Brömme, Christoph Busch, Detlef Hühnlein (eds.)

Copyright © Gesellschaft für Informatik, Bonn


The fuzzy vault for fingerprints is vulnerable to brute force attack

Preda Mihǎilescu , Axel Munk and Benjamin Tams


The fuzzy vault approach is one of the best studied and well accepted ideas for binding cryptographic security into biometric authentication. We present in this paper a brute force attack which improves on the one described by T. Charles Clancy et. al. in 2003 in an implementation of the vault for fingerprints. Based on this attack, we show that three implementations of the fingerprint vault are vulnerable and show that the vulnerability cannot be avoided by mere parameter selection in the actual frame of the protocol. We will report about our experiences with an implementation of such an attack. We also give several suggestions which can improve the fingerprint vault to become a cryptographically secure algorithm. In particular, we introduce the idea of fuzzy vault with quiz which draws upon information resources unused by the current version of the vault. This may bring important security improvements and can be adapted to the other biometric applications of the vault.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-231-4

Last changed 24.01.2012 22:12:40