@article{996,
  author = {Maryam Lafkih, Mounia Mikram, Sanaa Ghouzli, Mohamed El Haziti, Driss Aboutajdine},
  title = {Security Analysis of Biometric Cryptosystems: Case Study of Fuzzy Vault Approach},
  journal = {Journal of Information Security Research},
  year = {2012},
  volume = {3},
  number = {4},
  doi = {},
  url = {http://www.dline.info/jisr/fulltext/v3n4/4.pdf},
  abstract = {Use of biometric systems is becoming an important alternative to replace traditional authentication such as password. Yet most of biometric authentication systems store original biometric features, unfortunately, without any encryption, threatening though the security and privacy of user’s identity. When biometric data is compromised, unlike a password, it cannot be changed. Therefore, the security of biometric models is essential in designing an authentication system. To achieve this protection of biometric models, two approaches are used: methods based on transformation of user characteristics and biometric cryptosystems. Although biometric cryptosystems are used in several applications (e.g. smart cards), they include several components that have limitations such as risk of falsification and poor performance. A performance evaluation is then compulsory for comparison between different biometric systems. For this reason we proposed in this paper several criteria to assess the security strength and we defined several measures that facilitate overall security evaluation of biometric cryptosystems. In this analysis we considered Fuzzy Vault scheme, a well known approach of biometric cryptosystems, in order to provide security and protection risks associated with this approach. We proposed in this work four distinct classes of attacks against Fuzzy Vault technique, including Intrusion attacks, Correlation attacks, Combination attacks and Injection attacks. Our experimental results indicate that the Fuzzy Vault technique is vulnerable to some proposed attacks because of the easiness to obtain the user model using the elements known to the attacker. This vulnerability is increased especially in the intrusion attacks and correlation attacks where attacker can match multiple helper data generated from the same biometric traits. The proposed attacks can reach a 100% success to access the system, making the Fuzzy Vault based protection approach easily compromised.},
}