Abstract
We investigate the security of privacy enhancing techniques for biometric applications. The fuzzy vault of Jules and Sudan is a technique that allows error tolerant authentication, while preserving the privacy of the reference data. Several publications have proposed its application to fingerprints in order to implement privacy-enhanced biometric authentication.While the heuristic security estimates given are promising, no rigid security analysis has been presented so far. We explore if and under what circumstances a provably secure fuzzy fingerprint vault can be implemented. Based on bounds on the loss of entropy for the general fuzzy vault and realistic models for minutiae distributions, we deduce lower bounds for attacks that attempt to recover the template. Furthermore, we show how to select optimal parameters and evaluate both, minimum minutiae match rates and minimum number of minutiae needed to obtain an appropriate security level. Our results indicate that a provable secure scheme is hard to achieve with current fingerprint technology.