{"title":"破解模糊保险库和生物识别加密","authors":"W. Scheirer, T. Boult","doi":"10.1109/BCC.2007.4430534","DOIUrl":null,"url":null,"abstract":"This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various \"proven\" security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have \"proven\" security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address the privacy and security requirements.","PeriodicalId":389417,"journal":{"name":"2007 Biometrics Symposium","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"342","resultStr":"{\"title\":\"Cracking Fuzzy Vaults and Biometric Encryption\",\"authors\":\"W. Scheirer, T. Boult\",\"doi\":\"10.1109/BCC.2007.4430534\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various \\\"proven\\\" security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have \\\"proven\\\" security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address the privacy and security requirements.\",\"PeriodicalId\":389417,\"journal\":{\"name\":\"2007 Biometrics Symposium\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"342\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 Biometrics Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BCC.2007.4430534\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 Biometrics Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BCC.2007.4430534","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This paper is a security analysis of leading privacy enhanced technologies (PETs) for biometrics including biometric fuzzy vaults (BFV) and biometric encryption (BE). The lack of published attacks, combined with various "proven" security properties has been taken by some as a sign that these technologies are ready for deployment. While some of the existing BFV and BE techniques do have "proven" security properties, those proofs make assumptions that may not, in general, be valid for biometric systems. We briefly review some of the other known attacks against BFV and BE techniques. We introduce three disturbing classes of attacks against PET techniques including attack via record multiplicity, surreptitious key-inversion attack, and novel blended substitution attacks. The paper ends with a discussion of the requirements for an architecture to address the privacy and security requirements.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
