The Fuzzy Vault for fingerprints is Vulnerable to Brute Force Attack

Abstract

The fuzzy vault approach is one of the best studied and well accepted ideas for binding cryptographic security into biometric authentication. The vault has been implemented in connection with fingerprint data by Uludag and Jain. We show that this instance of the vault is vulnerable to brute force attack. An interceptor of the vault data can recover both secret and template data using only generally affordable computational resources. Some possible alternatives are then discussed and it is suggested that cryptographic security may be preferable to the one - way function approach to biometric security.