Abstract
Biometric identification allows people to be identified by their unique physical characteristics. Among such schemes, fingerprinting is well-known for biometric identification. Many studies related to fingerprint-based biometric identification have been proposed; however, they are based purely on heavy cryptographic primitives such as additively homomorphic encryption and oblivious transfer. Therefore, it is difficult to apply them to large databases because of the expense. To resolve this problem, some schemes have been proposed that are based on simple matrix operations rather than heavy cryptographic primitives. Recently, Liu et al. proposed an improved matrix-based scheme using the properties of orthogonal matrices. Despite being more efficient when compared to previous systems, it still fails to provide sufficient security against various types of attackers. In this paper, we demonstrate that their scheme is vulnerable to an attacker who operates with a cloud server by introducing statistical-inference attack algorithms. Moreover, we propose concrete identity confirmation parameters that an adversary must always pass, and present experimental results to demonstrate that our algorithms are both feasible and practical.
Highlights
B IOMETRIC identification is a convenient means of identifying users in a specific group
An experiment can be tested with random data, not real-value, since the length of the biometric vector and the number of mathematical operations implemented in the scheme have greater effect on the calculation time than the actual value
Because FFGA repeats SIA in a reduced domain, we can increase the accuracy and decrease the operation times
Summary
B IOMETRIC identification is a convenient means of identifying users in a specific group. Because FingerCodes must be encrypted and a general encryption scheme (such as AES or RSA) requires a decryption process to compute the Euclidean distance between them, we have difficulty checking whether two encrypted FingerCodes are identical. To overcome this difficulty, many works related to privacypreserving matching algorithms have been proposed. 2) We highlight the security flaw in Liu et al.’s scheme by applying our algorithm By using this vulnerability, we show that the adversary can impersonate another user with a fake fingerprint.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
