Smartcard-based Secret Distribution for Secure Fingerprint Verification

Abstract

Recently, in the smartcard-based authentication system, there is an increasing trend of using fingerprint for the card holder verification, instead of passwords. However, the security of the fingerprint data is particularly important as the possible compromise of the data will be permanent. In order to protect the fingerprint data, the fuzzy vault scheme has emerged as a promising solution to the user privacy problem. The techniques, such as “fuzzy vault,” which is based on the difficulty of the polynomial reconstruction need to be developed for the smartcard-based environment. In this paper, we propose a secure and efficient approach, which reconstructs a polynomial on a smartcard with the aid of a server by using fuzzy fingerprint vaults distributed into the smartcard and the server. The goal of our approach is, under the real-time constraint, to enhance the security level of the fuzzy vault scheme against not only the typical brute-force attack, but recently reported correlation attack which finds the real minutiae using multiple fuzzy vaults enrolled for different applications. Based on the experimental results, we confirmed that our secret distribution-based approach can perform the fuzzy vault-based fingerprint verification more securely (by a factor of 177 in brute-force attack, and by a factor of 109 in correlation attack) and quickly (by a factor of 17) on a combination of a smartcard and a server.