Attacks and Countermeasures in Fingerprint Based Biometric Cryptosystems
The authors investigate implementations of biometric cryptosystems protecting fingerprint templates (which are mostly based on the fuzzy vault scheme by Juels and Sudan in 2002) with respect to the security they provide. They show that attacks taking advantage of the systems false acceptance rate, i.e. false-accept attacks, pose a very serious risk | even if brute-force attacks are impractical to perform. Their observations lead to the clear conclusion that currently a single fingerprint is not sufficient to provide a secure biometric cryptosystem. But there remain other problems that cannot be resolved by merely switching to multi-finger: Kholmatov and Yanikoglu in 2007 demonstrated that it is possible to break two matching vault records at quite a high rate via the correlation attack.