TY - GEN
T1 - Secure smartcard-based fingerprint authentication
AU - Clancy, T. Charles
AU - Kiyavash, Negar
AU - Lin, Dennis J.
N1 - Publisher Copyright:
Copyright 2003 ACM.
PY - 2003/11/8
Y1 - 2003/11/8
N2 - In this paper, the fundamental insecurities hampering a scalable, wide-spread deployment of biometric authentication are examined, and a cryptosystem capable of using nger-print data as its key is presented. For our application, we focus on situations where a private key stored on a smartcard is used for authentication in a networked environment, and we assume an attacker can launch online attacks against a stolen card. Juels and Sudan's fuzzy vault is used as a starting point for building and analyzing a secure authentication scheme using ngerprints and smartcards called a fingerprint vault. Fingerprint minutiae coordinates mi are encoded as elements in a nite eld F and the secret key is encoded in a polynomial f (x) over F [x]. The polynomial is evaluated at the minutiae locations, and the pairs (mi, f(mi)) are stored along with random (ci,di) cha points such that di = f (ci). Given a matching ngerprint, a valid user can seperate out enough true points from the cha points to reconstruct f(x), and hence the original secret key. The parameters of the vault are selected such that the attacker's vault unlocking complexity is maximized, subject to zero unlocking complexity with a matching ngerprint and a reasonable amount of error. For a feature location measurement variance of 9 pixels, the optimal vault is 269 times more di cult to unlock for an attacker compared to a user posessing a matching ngerprint, along with approximately a 30% chance of unlocking failure.
AB - In this paper, the fundamental insecurities hampering a scalable, wide-spread deployment of biometric authentication are examined, and a cryptosystem capable of using nger-print data as its key is presented. For our application, we focus on situations where a private key stored on a smartcard is used for authentication in a networked environment, and we assume an attacker can launch online attacks against a stolen card. Juels and Sudan's fuzzy vault is used as a starting point for building and analyzing a secure authentication scheme using ngerprints and smartcards called a fingerprint vault. Fingerprint minutiae coordinates mi are encoded as elements in a nite eld F and the secret key is encoded in a polynomial f (x) over F [x]. The polynomial is evaluated at the minutiae locations, and the pairs (mi, f(mi)) are stored along with random (ci,di) cha points such that di = f (ci). Given a matching ngerprint, a valid user can seperate out enough true points from the cha points to reconstruct f(x), and hence the original secret key. The parameters of the vault are selected such that the attacker's vault unlocking complexity is maximized, subject to zero unlocking complexity with a matching ngerprint and a reasonable amount of error. For a feature location measurement variance of 9 pixels, the optimal vault is 269 times more di cult to unlock for an attacker compared to a user posessing a matching ngerprint, along with approximately a 30% chance of unlocking failure.
KW - Authentication
KW - Biometrics
KW - Ngerprint
KW - Smartcard
UR - http://www.scopus.com/inward/record.url?scp=84937704662&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84937704662&partnerID=8YFLogxK
U2 - 10.1145/982507.982516
DO - 10.1145/982507.982516
M3 - Conference contribution
AN - SCOPUS:84937704662
T3 - Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, WBMA 2003
SP - 45
EP - 52
BT - Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, WBMA 2003
PB - Association for Computing Machinery, Inc
T2 - 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, WBMA 2003
Y2 - 8 November 2003
ER -