On Security of Fuzzy Commitment Scheme for Biometric Authentication

Biometric security is a prominent research area with growing privacy and security concerns related to biometric data, generally known as biometric templates. Among the recently proposed biometric template protection schemes, fuzzy commitment is the most popular and reliable. It uses error correcting codes to deal with the significant number of bit errors present in the biometric templates. The high error correcting capability of the underlying error correcting codes is crucial to achieving the desired recognition performance in the biometric system. In general, it is satisfied by padding the input biometric template with some additional bits. The fixed padding approaches proposed in the literature have security vulnerabilities that could disclose the user's biometric data to the attacker, leading to an impersonation attack. We propose a user-specific, random padding scheme that preserves the recognition performance of the system while it prevents the impersonation attack. The empirical results show that the proposed scheme provides 3 times better recognition performance on the IIT Delhi iris database than the baseline, unprotected systems. Through security analysis, we show that the attack complexity of our proposed work is 2(k), where k is the length of the secret message used to generate codeword, with k >= 128 bits.