@article { author = {Poon, H. and Miri, A.}, title = {A collusion attack on the fuzzy vault scheme}, journal = {The ISC International Journal of Information Security}, volume = {1}, number = {1}, pages = {27-34}, year = {2009}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.1.1.4}, abstract = {The Fuzzy Vault scheme is an encryption scheme, which can tolerate errors in the keys. This leads to the possibility of enhancing the security in environments where these errors can be common, such as biometrics storage systems. Although several researchers have provided implementations, we find that the scheme is vulnerable to attacks when not properly used. This paper describes an attack on the Fuzzy Vault scheme where the attacker is assumed to have access to multiple vaults locked by the same key and where a non-maximal vault size is used. The attack effectively reduces the vault size by identifying and removing cha_ points. As the vault size decreases, the rate at which cha_ points are identified increases exponentially. Several possible defenses against the attack are also discussed.}, keywords = {Biometric Encryption,Fuzzy Vault,vulnerability}, url = {https://www.isecure-journal.com/article_39164.html}, eprint = {https://www.isecure-journal.com/article_39164_bb892dfd2dc7dcabe491c9d4e5201284.pdf} }