research-article

Enhance fuzzy vault security using nonrandom chaff point generator

Authors:

Minh Tan Nguyen,

Quang Hai Truong,

Tran Khanh DangAuthors Info & Claims

Information Processing Letters, Volume 116, Issue 1

Pages 53 - 64

https://doi.org/10.1016/j.ipl.2015.08.012

Published: 01 January 2016 Publication History

Abstract

Toward the combination of cryptographic and biometric systems, by performing specific binding technique on cryptographic key and biometric template, the fuzzy vault framework enhances security level of current biometric cryptographic systems in terms of hiding secret key and protecting the template. Though original scheme suggests the use of error-correction techniques (e.g., Reed-Solomon code) to reconstruct the original polynomial, recent implementations do not share the same point of view. Instead, Cyclic Redundant Code (CRC) is applied to identify the genuine polynomial from set of candidates due to its simplicity. Within the scope of this article, we address a significant flaw of current CRC-based fuzzy vault schemes, which allows the potential of successful blend substitutions attack. To overcome that problem, an integration of two novel modules into general fuzzy vault scheme, namely chaff points generator and verifier, are proposed. The new modules are designed to be integrated easily into existing systems as well as simple to enhance. The proposed scheme can detect any modification in vault and, as a result, eliminate the blend substitutions attack to improve general security. Moreover, our experimental results with real-world datasets show an increasing of Genuine Acceptance Rates (GAR). We review state of the art techniques related to fuzzy vault, especially CRC-based fuzzy vault.We analyze significant flaws of CRC-based fuzzy vault, demonstrate blend substitution attack on vault.We suggest new schema in replace for CRC-based fuzzy vault, proposed one specific algorithm to implement our schema.Security analysis and practical experiments are reported.New schema limits previous CRC problems including blend substitution attack and improve authentication quality.

References

[1]

C. Sousedik, C. Busch, Presentation attack detection methods for fingerprint recognition systems: a survey, Biometrics, 3 (2014) 219-233.

[2]

C. Rathgeb, A. Uhl, A survey on biometric cryptosystems and cancelable biometrics, EURASIP J. Inf. Secur., 2011 (2011) 1-25.

[3]

A. Juels, M. Sudan, A fuzzy vault scheme, Des. Codes Cryptogr., 38 (2006) 237-257.

Digital Library

[4]

U. Uludag, S. Pankanti, A.K. Jain, Fuzzy vault for fingerprints, in: Audio- and Video-Based Biometric Person Authentication, Springer, Berlin, Heidelberg, January 2005, pp. 310-319.

[5]

U. Uludag, A. Jain, Securing fingerprint template: fuzzy vault with helper data, in: Conference on Computer Vision and Pattern Recognition Workshop, IEEE, June 2006, pp. 163.

[6]

K. Nandakumar, A.K. Jain, S. Pankanti, Fingerprint-based fuzzy vault: implementation and performance, IEEE Trans. Inf. Forensics Secur., 2 (2007) 744-757.

[7]

K. Nandakumar, A. Nagar, A.K. Jain, Hardening fingerprint fuzzy vault using password, in: Advances in Biometrics, Springer, Berlin, Heidelberg, 2007, pp. 927-937.

[8]

T.C. Clancy, N. Kiyavash, D.J. Lin, Secure smartcardbased fingerprint authentication, in: Proceedings of the 2003 ACM SIGMM workshop on Biometrics Methods and Applications, ACM, November 2003, pp. 45-52.

Digital Library

[9]

H.T. Poon, A. Miri, On efficient decoding for the fuzzy vault scheme, in: 11th International Conference on Information Science, Signal Processing and their Applications, IEEE, July 2012, pp. 454-459.

[10]

F. Benhammadi, K.B. Bey, Password hardened fuzzy vault for fingerprint authentication system, Image Vis. Comput., 32 (2014) 487-496.

Digital Library

[11]

M. Khalil-Hani, M.N. Marsono, R. Bakhteri, Biometric encryption based on a fuzzy vault scheme with a fast chaff generation algorithm, Future Gener. Comput. Syst., 29 (2013) 800-810.

Digital Library

[12]

P. Mihailescu, The fuzzy vault for fingerprints is vulnerable to brute force attack. arXiv:0708.2974

[13]

E.C. Chang, R. Shen, F.W. Teo, Finding the original point set hidden among chaff, in: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ACM, March 2006, pp. 182-188.

Digital Library

[14]

H.T. Poona, A. Miria, A collusion attack on the fuzzy vault scheme, J. Inf. Secur., 1 (2009).

[15]

W.J. Scheirer, T.E. Boult, Cracking fuzzy vaults and biometric encryption, in: Biometrics Symposium, IEEE, September 2007, pp. 1-6.

[16]

S. Hong, W. Jeon, S. Kim, D. Won, C. Park, The vulnerabilities analysis of fuzzy vault using password, in: Second International Conference on Future Generation Communication and Networking, vol. 3, IEEE, December 2008, pp. 76-83.

[17]

B. Tams, Unlinkable minutiae-based fuzzy vault for multiple fingerprints, Biometrics (2015).

[18]

B. Tams, P. Mihailescu, A. Munk, Security considerations in minutiae-based fuzzy vaults, IEEE Trans. Inf. Forensics Secur., 10 (2015) 985-998.

[19]

D. Maio, D. Maltoni, R. Cappelli, J.L. Wayman, A.K. Jain, FVC2002: second fingerprint verification competition, in: Proceedings of the 16th International Conference on Pattern Recognition, vol. 3, IEEE, 2002.

Cited By

Qiu JLi HDong JFeng G(2017)A Privacy-preserving Cancelable Palmprint Template Generation Scheme Using Noise DataProceedings of the 2nd International Conference on Intelligent Information Processing10.1145/3144789.3144822(1-5)Online publication date: 17-Jul-2017
https://dl.acm.org/doi/10.1145/3144789.3144822

Enhance fuzzy vault security using nonrandom chaff point generator
1. Security and privacy
  1. Security services

Recommendations

Hardening fingerprint Fuzzy vault using password
ICB'07: Proceedings of the 2007 international conference on Advances in Biometrics

Security of stored templates is a critical issue in biometric systems because biometric templates are non-revocable. Fuzzy vault is a cryptographic framework that enables secure template storage by binding the template with a uniformly random key. ...
Biometric Template Protection with Fuzzy Vault and Fuzzy Commitment
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

Conventional security methods like password and ID card methods are now rapidly replacing by biometrics for identification of a person. Biometrics uses physiological or behavioral characteristics of a person. Usage of biometric raises critical privacy ...
Security Analysis of Hardened Retina Based Fuzzy Vault
ARTCOM '09: Proceedings of the 2009 International Conference on Advances in Recent Technologies in Communication and Computing

Biometric techniques are gaining importance for personal authentication and identification. Biometric templates are vulnerable to variety of attacks due to their inherent nature. When a person’s biometric is compromised his identity is lost. In contrast ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Information Processing Letters

Information Processing Letters Volume 116, Issue 1

January 2016

70 pages

ISSN:0020-0190

Issue’s Table of Contents

Copyright © Elsevier B.V.

Publisher

Elsevier North-Holland, Inc.

United States

Publication History

Published: 01 January 2016

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Qiu JLi HDong JFeng G(2017)A Privacy-preserving Cancelable Palmprint Template Generation Scheme Using Noise DataProceedings of the 2nd International Conference on Intelligent Information Processing10.1145/3144789.3144822(1-5)Online publication date: 17-Jul-2017
https://dl.acm.org/doi/10.1145/3144789.3144822

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents