In this paper, the fundamental insecurities hampering a scalable, wide-spread deployment of biometric authentication are examined, and a cryptosystem capable of using fingerprint data as its key is presented. For our application, we focus on situations where a private key stored on a smartcard is used for authentication in a networked environment, and we assume an attacker can launch o -line attacks against a stolen card.Juels and Sudan's fuzzy vault is used as a starting point for building and analyzing a secure authentication scheme using fingerprints and smartcards called a figerprint vault. Fingerprint minutiae coordinates m_i are encoded as elements in a nite eld F and the secret key is encoded in a polynomial f(x) over F[x]. The polynomial is evaluated at the minutiae locations, and the pairs (m_i, f(m_i)) are stored along with random (c_i, d_i) cha points such that d_i ≠ f(c_i). Given a matching fingerprint, a valid user can seperate out enough true points from the cha points to reconstruct f(x), and hence the original secret key.The parameters of the vault are selected such that the attacker's vault unlocking complexity is maximized, subject to zero unlocking complexity with a matching fingerprint and a reasonable amount of error. For a feature location measurement variance of 9 pixels, the optimal vault is 2⁶⁹ times more difficult to unlock for an attacker compared to a user posessing a matching fingerprint, along with approximately a 30% chance of unlocking failure.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Dakshi Agrawal , Bruce Archambeault , Josyula R. Rao , Pankaj Rohatgi, The EM Side-Channel(s), Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems, p.29-45, August 13-15, 2002
	2	Sanjeev Arora , Subhash Khot, Fitting algebraic curves to noisy data, Proceedings of the thiry-fourth annual ACM symposium on Theory of computing, May 19-21, 2002, Montreal, Quebec, Canada  [doi>10.1145/509907.509934]
	3	Blahut, R. Algebraic Codes for Data Transmission. Cambridge University Press, 2003.
	4	Blahut, R. Modem Theory: An Introduction to Telecommunications. Cambridge University Press, preprint.
	5	Bleichenbacher, D., and Nguyen, P. Q. Noisy polynomial interpolation and noisy chinese remaindering. Advances in Cryptology, EUROCRYPT 2000.
	6	Davida, G., Frankel, Y., and Matt, B. On enabling secure applications through o -line biometric identification. IEEE Symposium on Privacy and Security, 1998.
	7	Venkatesan Guruswami , Madhu Sudan, Improved Decoding of Reed-Solomon and Algebraic-Geometric Codes, Proceedings of the 39th Annual Symposium on Foundations of Computer Science, p.28, November 08-11, 1998
	8	Begnaud Francis Hildebrand, Introduction to numerical analysis: 2nd edition, Dover Publications, Inc., New York, NY, 1987
	9	Jaeger, H., and Nagel, S. Physics of granular states. Science 255, 1524 (1992).
	10	Juels, A., and Sudan, M. A fuzzy vault scheme. ACM Conference on Computer and Communications Security, CCS 2002.
	11	Ari Juels , Martin Wattenberg, A fuzzy commitment scheme, Proceedings of the 6th ACM conference on Computer and communications security, p.28-36, November 01-04, 1999, Kent Ridge Digital Labs, Singapore  [doi>10.1145/319709.319714]
	12	Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.104-113, August 18-22, 1996
	13	Paul C. Kocher , Joshua Jaffe , Benjamin Jun, Differential Power Analysis, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.388-397, August 15-19, 1999
	14	Kuhn, M., and Anderson, R. Tamper resistance: A cautionary note. Workshop on Electronic Commerce, USENIX 1996.
	15	Kummerling, O., and Kuhn, M. Design principles for tamper-resistant smartcard processors. Workshop on Smartcard Technology, USENIX 1999.
	16	Mark Looi , Paul Ashley , Loo Tang Seet , Richard Au , Gary Gaskell , Mark Vandenwauver, Enhancing SESAMEV4 with Smart Cards, Proceedings of the The International Conference on Smart Card Research and Applications, p.193-202, September 14-16, 1998
	17	Massey, J. L. Shift register synthesis and bch decoding. IEEE Transactions on Information Theory 15, 1 (1969), 122--127.
	18	Fabian Monrose , Michael K. Reiter , Susanne Wetzel, Password hardening based on keystroke dynamics, Proceedings of the 6th ACM conference on Computer and communications security, p.73-82, November 01-04, 1999, Kent Ridge Digital Labs, Singapore  [doi>10.1145/319709.319720]
	19	Randall K. Nichols, Icsa Guide to Cryptography, McGraw-Hill Professional, 1998
	20	Osterberg, J., Parthasarathy, T., Raghavan, T., and Sclove, S. Development of a mathematical formula for the calculation of fingerprint probabilities based on individual characteristics. Journal of the American Statistical Association 72 (1977), 772--778.
	21	Sharath Pankanti , Salil Prabhakar , Anil K. Jain, On the Individuality of Fingerprints, IEEE Transactions on Pattern Analysis and Machine Intelligence, v.24 n.8, p.1010-1025, August 2002  [doi>10.1109/TPAMI.2002.1023799]
	22	Sclove, S. The occurance of fingerprint characteristics as a two-dimensional process. Journal of the American Statistical Association 74 (1979), 588--595.
	23	Steinhaus, H. Mathematical Snapshots, 3 ed. Dover, 1992.
	24	Vandenwauver, M., Govaerts, R., and Vandewalle, J. Overview of authentication protocols: Kerberos and sesame. IEEE Carnahan Conference on Security Technology 1997, pp. 108--113.
	25	Verifinger. Neurotechnologija ltd. http://www.neurotechnologija.com.
	26	Ylonen, T. Ssh secure login connections over the internet. Security Symposium, USENIX 1996, pp. 37--42.