Biometric Cryptosystems based Fuzzy Commitment Scheme: A Security Evaluation

Biometric systems are developed in order to replace traditional authentication. However, protecting the stored templates is considered as one of the critical steps in designing a secure biometric system. When biometric data is compromised, unlike passwords, it can't be revoked. One methodology for biometric template protection is ‘Biometric Cryptosystem'. Biometric cryptosystems benefit from both fields of cryptography and biometrics where the biometrics exclude the need to remember passwords and the cryptography provides high security levels for data. In order to, develop these systems, Fuzzy Commitment Scheme (FCS) is considered as well known approach proposed in the literature to protect the user's data and has been used in several applications. However, these biometric cryptosystems are hampered by the lack of formal security analysis to prove their security strength and effectiveness. Hence, in this paper we present several metrics to analyze the security and evaluate the weaknesses of biometric cryptosystems based on FCS