Simulation of Attacks on Fuzzy Vault Fingerprint-based Scheme

Throughout this social service program, an extensive bibliographic review of the functioning of biometric systems used in conjunction with cryptographic systems to protect information was carried out. Specifically, we focused on the operation of the Fuzzy Vault scheme based on Fingerprint; we studied the original scheme proposal as well as the existing implementations.

Subsequently, the study was redirected towards the identified attacks to which the scheme may be vulnerable. Diagrams, reports and other didactic resources were constructed from the attacks studied to improve their understanding and study. Within the set of attacks whose diagrams were obtained, a subset was chosen from which a simulation was built by programming them. This was done with the objective of attacking vaults generated with a Fuzzy Fingerprint-based Vault system that was adapted for the simulations of the attacks.

A data analysis of the results obtained in the experiments carried out with the attack simulations was performed. In addition, we experimented trying to attack with one of the implemented simulations to a proposal of modified fuzzy vaults that emerged within the CIC Cybersecurity Lab team, in order to test the hypothesis that such vaults could not be breached using the methods with which the attack simulations were built.

Keywords: Biometric cryptosystems, Polynomial Reconstruction, Cryptographic Attacks, Fuzzy Vault, Cross-Matching, Brute Force

Project Goals

Analyze the behavior of existing attacks on a cryptographic-biometric system through the generation of interaction diagrams of the entities involved, and build a simulation of an attack on the system, to determine the feasibility of using post-quantum schemes in the mitigation of such attacks.

• Identify the phases that are part of a biometric system.
• Study the operation of the fuzzy fingerprint-based fuzzy vault scheme.
• Identify the existing attacks in a cryptographic-biometric system.
• Generate diagrams that theoretically and visually model the studied attacks.
• Perform a set of simulations of specific attacks on the system using a programming language.
• Obtain statistics of system behavior and effectiveness of the attacks.
• Determine the feasibility of using post-quantum cryptography schemes in biometric systems.

Project Requirements & Specifications

This project has been 2 in two parts, the first one as a Research stay while being an undergraduate student, the second part was developed under the work done in the social service corresponding to my bachelor degree. The code of the realized implementations can be found in: Correlation Attack, Brute Force Attack, Automated Fuzzy Vault Implementation

The activities carried out within the social service in general terms were:

• Literature review of previous similar work and related therms.
• Study of the scheme and review of the implementations found.
• Identification and classification of attacks reported in the literature.
• Elaboration of diagrams modeling the operation of the attacks.
• Preparation of reports reflecting the partial results of the search and analysis.
• Adaptation of an implementation of the studied scheme for experimentation.
• Construction of a simulation of attacks through programming.
• Carrying out of experiments by means of simulation of the attacks.
• Analysis report of results and final conclusions of the project.