Two-Factor Authentication or How to Potentially Counterfeit Experimental Results in Biometric Systems

Rathgeb, Christian; Uhl, Andreas

doi:10.1007/978-3-642-13775-4_30

Cited by 36 publications

(15 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, if secret tokens are considered compromised accuracy decreases. Performance is untruly gained if this scenario is ignored during experiments causing even more vulnerable systems in case of compromise [139].…”

Section: A the Issue Of Performance Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

A survey on biometric cryptosystems and cancelable biometrics

Rathgeb

Uhl

2011

EURASIP J. on Info. Security

Self Cite

505

337

View full text Add to dashboard Cite

Form a privacy perspective most concerns against the common use of biometrics arise from the storage and misuse of biometric data. Biometric cryptosystems and cancelable biometrics represent emerging technologies of biometric template protection addressing these concerns and improving public confidence and acceptance of biometrics. In addition, biometric cryptosystems provide mechanisms for biometric-dependent key-release. In the last years a significant amount of approaches to both technologies have been published. A comprehensive survey of biometric cryptosystems and cancelable biometrics is presented. State-of-the-art approaches are reviewed based on which an in-depth discussion and an outlook to future prospects are given.

show abstract

Section: A the Issue Of Performance Evaluationmentioning

confidence: 99%

“…BioHashing [41] (without key-binding) represents the most popular instance of biometric salting which represents a two-factor authentication scheme [139]. Since additional tokens have to be kept secret [137,157] result reporting turns out to be problematic.…”

Section: The State-of-the-artmentioning

confidence: 99%

A survey on biometric cryptosystems and cancelable biometrics

Rathgeb

Uhl

2011

EURASIP J. on Info. Security

Self Cite

505

337

View full text Add to dashboard Cite

show abstract

“…In these approaches, the user has to remember the key, which is used for transformations, and the transformations are determined based on the positions of minutia, their local neighborhoods and the key. Note that although some matching results of enhanced fuzzy vaults appear to be better than the original ones, these can be caused by implicit incorporation of the user specific key into the matching decision [23]. As recommended by [23] we measure the matching performance of our system under the assumption of a stolen user key.…”

Section: Related Workmentioning

confidence: 99%

“…Note that although some matching results of enhanced fuzzy vaults appear to be better than the original ones, these can be caused by implicit incorporation of the user specific key into the matching decision [23]. As recommended by [23] we measure the matching performance of our system under the assumption of a stolen user key. We also present matching numbers for our two-factor system without a compromised key, though these results come from the unlikeliness of two keys (rather than two templates) matching.…”

Section: Related Workmentioning

confidence: 99%

A multiple server scheme for fingerprint fuzzy vaults

Hartloff

Morse

Zhang

et al. 2015

2015 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

View full text Add to dashboard Cite

In this work, we present a multiple server fingerprint verification scheme that provides enhanced template security by eliminating several known vulnerabilities of the fuzzy vault scheme. We secure templates from adversarial attacks in honest-but-curious server scenarios by utilizing commutative encryption in which the raw fingerprint template is never used in matching or storage.In this system, there is a matching server that performs the enrollment and matching functions on fingerprint data that has been encrypted by a separate encryption server. Since the encrypted template is stored at one server and the encryption key is on another server, an attacker would have to compromise both servers to decrypt the data. Even in this case, the templates are protected by the fuzzy vault scheme. Thus, this scheme limits an attacker's ability to attack active users even after compromising both servers providing multiple layers of template security.

show abstract

“…In experiments a system which exhibits a GAR of 92% and a FAR of 0.03% is hardened, resulting in a GAR of 90.2% and a FAR of 0.0%. However, if passwords are compromised the systems security decreases to that of a standard one, thus the FAR of 0.0% was calculated under unrealistic preconditions (Rathgeb & Uhl, 2010b). A multi-biometric fuzzy vault based on fingerprint and iris was proposed by Nandakumar and Jain ).…”

Section: Fuzzy Vault Schemementioning

confidence: 99%