Chaff point generation mechanism for improving fuzzy vault security

Tran Khanh Dang; Minh Tan Nguyen; Quang Hai Truong

Chaff point generation mechanism for improving fuzzy vault security

View Fulltext

Author(s): Tran Khanh Dang ^{1, 2} ; Minh Tan Nguyen ² ; Quang Hai Truong ²
- Affiliations: 1: Faculty of Computer Science and Engineering, FAW Institute, JKU Linz, Linz, Austria ;
  2: Faculty of Computer Science and Engineering, HCMC University of Technology, Ho Chi Minh, Vietnam
Source: Volume 5, Issue 2, June 2016, p. 147 – 153
DOI: 10.1049/iet-bmt.2015.0023 , Print ISSN 2047-4938, Online ISSN 2047-4946

Received 27/04/2015, Accepted 26/10/2015, Revised 15/07/2015, Published 01/06/2016

A combination of cryptographic and biometric systems, by performing specific binding technique on cryptographic key and biometric template, the fuzzy vault framework enhances the security level of current biometric cryptographic systems in terms of hiding secret key and protecting the template. Although the original scheme suggests the use of error-correction techniques (e.g. the Reed–Solomon code) to reconstruct the original polynomial, recent implementations do not share the same point of view. Instead, cyclic redundant code (CRC) is applied to identify the genuine polynomial from a set of candidates due to its simplicity. Within the scope of this study, the authors address a significant flaw of current CRC-based fuzzy vault schemes, which allows the potential of successful blend substitution attack. To overcome this problem, an integration of two novel modules into general fuzzy vault scheme, namely chaff point generator and verifier, is proposed. The new modules are designed to be integrated easily into the existing systems as well as simple to enhance. The proposed scheme can detect any modification in vault and, as a result, eliminate the blend substitution attack to improve general security. Moreover, the experimental results of this study with real-world datasets show an increase in genuine acceptance rates.

References

1. 1)
  - 16. Hong, S., Jeon, W., Kim, S., et al: ‘The vulnerabilities analysis of fuzzy vault using password’. Proc. Future Generation Communication and Networking, December 2008, vol. 3, pp. 76–83.
2. 2)
  - 17. Tams, B.: ‘Unlinkable minutiae-based fuzzy vault for multiple fingerprints’, IET Biometrics, 2015DOI: 10.1049/iet-bmt.2014.0093, Online ISSN 2047-4946, Available online: 23 June 2015.
3. 3)
  - 13. Chang, E.C., Shen, R., Teo, F.W.: ‘Finding the original point set hidden among chaff’. Proc. ACM Symp. on Information, Computer and Communications Security, March 2006, pp. 182–188.
4. 4)
  - 7. Nandakumar, K., Nagar, A., Jain, A.K.: ‘Hardening fingerprint fuzzy vault using password’. Proc. Advances in Biometrics, 2007, pp. 927–937.
5. 5)
  - 14. Poona, H.T., Miria, A.: ‘A collusion attack on the fuzzy vault scheme’, ISC Int. J. Inf. Security, 2009, Bd, 1, (1), pp. 27–34.
6. 6)
  - 5. Juels, A., Sudan, M.: ‘A fuzzy vault scheme’, Des. Codes Cryptogr., 2006, 38, (2), pp. 237–257 (doi: 10.1007/s10623-005-6343-z).
7. 7)
  - 11. Khalil-Hani, M., Marsono, M.N., Bakhteri, R.: ‘Biometric encryption based on a fuzzy vault scheme with a fast chaff generation algorithm’, Future Gener. Comput. Syst., 2013, 29, (3), pp. 800–810 (doi: 10.1016/j.future.2012.02.002).
8. 8)
  - 2. Rathgeb, C., Uhl, A.: ‘A survey on biometric cryptosystems and cancelable biometrics’, EURASIP J. Inf. Secur., 2011, 3, (1), pp. 1–25.
9. 9)
  - 4. Uludag, U., Pankanti, S., Jain, A.K.: ‘Fuzzy vault for fingerprints’. Proc. of Audio-and Video-Based Biometric Person Authentication, January 2005, pp. 310–319.
10. 10)
  - 5. Uludag, U., Jain, A.: ‘Securing fingerprint template: fuzzy vault with helper data’. Proc. Computer Vision and Pattern Recognition Workshop, June 2006, pp. 163–163.
11. 11)
  - 8. Clancy, T.C., Kiyavash, N., Lin, D.J.: ‘Secure smartcard based fingerprint authentication’. Proc. ACM SIGMM Workshop on Biometrics Methods and Applications, November 2003, pp. 45–52.
12. 12)
  - 10. Benhammadi, F., Bey, K.B.: ‘Password hardened fuzzy vault for fingerprint authentication system’, Image Vis. Comput., 2014, 32, (8), pp. 487–496 (doi: 10.1016/j.imavis.2014.04.014).
13. 13)
  - 15. Scheirer, W.J., Boult, T.E.: ‘Cracking fuzzy vaults and biometric encryption’. Proc. Biometrics Symp., September 2007, pp. 1–6.
14. 14)
  - 19. Tams, B., Mihăilescu, P., Munk, A.: ‘Security considerations in minutiae-based fuzzy vaults’, IEEE Trans. Inf. Forensics Sec., 2015, 10, (5), pp. 985–998 (doi: 10.1109/TIFS.2015.2392559).
15. 15)
  - 12. Mihailescu, P.: ‘The fuzzy vault for fingerprints is vulnerable to brute force attack’, arXiv preprint arXiv:0708.2974, 2007.
16. 16)
  - 19. Maio, D., Maltoni, D., Cappelli, R., et al: ‘FVC2002: second fingerprint verification competition’, Proc. Pattern Recognit., 2002, 3, pp. 811–814.
17. 17)
  - 10. Nandakumar, K., Jain, A.K., Pankanti, S.: ‘Fingerprint-based fuzzy vault: implementation and performance’, IEEE Trans. Inf. Forensics Sec., 2007, 2, (4), pp. 744–757 (doi: 10.1109/TIFS.2007.908165).
18. 18)
  - 1. Sousedik, C., Busch, C.: ‘Presentation attack detection methods for fingerprint recognition systems: a survey’, IET Biometrics, 2014, 3, (4), pp. 219–233 (doi: 10.1049/iet-bmt.2013.0020).
19. 19)
  - 9. Poon, H.T., Miri, A.: ‘On efficient decoding for the fuzzy vault scheme’. Proc. Information Science, Signal Processing and their Applications (ISSPA), July 2012, pp. 454–459.

Login

Not registered yet?

Share

Tools

Login to add to favourites

Key

Chaff point generation mechanism for improving fuzzy vault security

References

Related content