Tams, Benjamin

[["dc.bibliographiccitation.firstpage","985"],["dc.bibliographiccitation.issue","5"],["dc.bibliographiccitation.journal","IEEE Transactions on Information Forensics and Security"],["dc.bibliographiccitation.lastpage","998"],["dc.bibliographiccitation.volume","10"],["dc.contributor.author","Tams, Benjamin"],["dc.contributor.author","Mihailescu, Preda"],["dc.contributor.author","Munk, Axel"],["dc.date.accessioned","2017-09-07T11:44:26Z"],["dc.date.available","2017-09-07T11:44:26Z"],["dc.date.issued","2015"],["dc.description.abstract","The fuzzy vault scheme is a cryptographic primitive that can be used to protect human fingerprint templates where stored. Analyses for most implementations account for brute-force security only. There are, however, other risks that have to be consider, such as false-accept attacks, record multiplicity attacks, and information leakage from auxiliary data, such as alignment parameters. In fact, the existing work lacks analyses of these weaknesses and are even susceptible to a variety of them. In view of these vulnerabilities, we redesign a minutiae-based fuzzy vault implementation preventing an adversary from running attacks via record multiplicity. Furthermore, we propose a mechanism for robust absolute fingerprint prealignment. In combination, we obtain a fingerprint-based fuzzy vault that resists known record multiplicity attacks and that does not leak information about the protected fingerprints from auxiliary alignment data. By experiments, we evaluate the performance of our security-improved implementation that, even though it has slight usability merits as compared with other minutiae-based implementations, provides improved security. However, despite heavy efforts spent in improving security, our implementation is, like all other implementations based on a single finger, subjected to a fundamental security limitation related to the false acceptance rate, i.e., false-accept attack. Consequently, this paper supports the notion that a single finger is not sufficient to provide acceptable security. Instead, implementations for multiple finger or even multiple modalities should be deployed the security of which may be improved by the technical contributions of this paper."],["dc.identifier.doi","10.1109/TIFS.2015.2392559"],["dc.identifier.gro","3141918"],["dc.identifier.isi","000352534300008"],["dc.identifier.uri","https://resolver.sub.uni-goettingen.de/purl?gro-2/2522"],["dc.language.iso","en"],["dc.notes.intern","WoS Import 2017-03-10"],["dc.notes.status","final"],["dc.notes.submitter","PUB_WoS_Import"],["dc.relation.eissn","1556-6021"],["dc.relation.issn","1556-6013"],["dc.title","Security Considerations in Minutiae-Based Fuzzy Vaults"],["dc.type","journal_article"],["dc.type.internalPublication","yes"],["dc.type.peerReviewed","yes"],["dc.type.subtype","original"],["dspace.entity.type","Publication"]]

[["dc.bibliographiccitation.firstpage","43"],["dc.bibliographiccitation.lastpage","54"],["dc.contributor.author","Mihăilescu, Preda"],["dc.contributor.author","Munk, Axel"],["dc.contributor.author","Tams, Benjamin"],["dc.contributor.editor","Brömme, Arslan"],["dc.contributor.editor","Busch, Christoph"],["dc.contributor.editor","Hühnlein, Detlef"],["dc.date.accessioned","2018-02-05T10:16:35Z"],["dc.date.available","2018-02-05T10:16:35Z"],["dc.date.issued","2009"],["dc.description.abstract","The fuzzy vault approach is one of the best studied and well accepted ideas for binding cryptographic security into biometric authentication. We present in this paper a brute force attack which improves on the one described by T. Charles Clancy et. al. in 2003 in an implementation of the vault for fingerprints. Based on this attack, we show that three implementations of the fingerprint vault are vulnerable and show that the vulnerability cannot be avoided by mere parameter selection in the actual frame of the protocol. We will report about our experiences with an implementation of such an attack. We also give several suggestions which can improve the fingerprint vault to become a cryptographically secure algorithm. In particular, we introduce the idea of fuzzy vault with quiz which draws upon information resources unused by the current version of the vault. This may bring important security improvements and can be adapted to the other biometric applications of the vault."],["dc.identifier.uri","https://resolver.sub.uni-goettingen.de/purl?gro-2/11951"],["dc.language.iso","en"],["dc.notes.status","fcwi-famis"],["dc.publisher","Gesellschaft für Informatik"],["dc.publisher.place","Bonn"],["dc.relation.eventend","18"],["dc.relation.eventlocation","Darmstadt"],["dc.relation.eventstart","17"],["dc.relation.ispartof","BIOSIG 2009: biometrics and electronic signatures"],["dc.title","The fuzzy vault for fingerprints is vulnerable to brute force attack"],["dc.type","conference_paper"],["dc.type.internalPublication","unknown"],["dspace.entity.type","Publication"]]