Enhance fuzzy vault security using nonrandom chaff point generator

• We review state of the art techniques related to fuzzy vault, especially CRC-based fuzzy vault.
• We analyze significant flaws of CRC-based fuzzy vault, demonstrate blend substitution attack on vault.
• We suggest new schema in replace for CRC-based fuzzy vault, proposed one specific algorithm to implement our schema.
• Security analysis and practical experiments are reported.
• New schema limits previous CRC problems including blend substitution attack and improve authentication quality.

Toward the combination of cryptographic and biometric systems, by performing specific binding technique on cryptographic key and biometric template, the fuzzy vault framework enhances security level of current biometric cryptographic systems in terms of hiding secret key and protecting the template. Though original scheme suggests the use of error-correction techniques (e.g., Reed-Solomon code) to reconstruct the original polynomial, recent implementations do not share the same point of view. Instead, Cyclic Redundant Code (CRC) is applied to identify the genuine polynomial from set of candidates due to its simplicity. Within the scope of this article, we address a significant flaw of current CRC-based fuzzy vault schemes, which allows the potential of successful blend substitutions attack. To overcome that problem, an integration of two novel modules into general fuzzy vault scheme, namely chaff points generator and verifier, are proposed. The new modules are designed to be integrated easily into existing systems as well as simple to enhance. The proposed scheme can detect any modification in vault and, as a result, eliminate the blend substitutions attack to improve general security. Moreover, our experimental results with real-world datasets show an increasing of Genuine Acceptance Rates (GAR).