AN ENHANCED FINGERPRINT-BASED FUZZY VAULT SCHEME FOR BIOMETRIC CRYPTOSYSTEM

Abstract

Biometric technology makes use of the physiological and behavioral characteristics of individuals such as fingerprint to solve the problem of identity theft facing authentication systems. With biometrics, individual’s identity can easily be identified based on who you are, rather than by what you possess, such as ID card, or what you remember, such as a password. However, despite its wide applicability and acceptability, a major concern arises for biometric authentication systems due to the strong linkage of an individual’s biometric template to his identity. To avoid such attacks, various template security schemes have been devised such as Biometric Cryptosystem. Fuzzy Vault is an efficient and established cryptographic constructs in Biometric Cryptosystems that gains its popularity due to its security features and support for unordered biometric representations such as fingerprints. However, the Fuzzy Vault scheme has recently been facing serious attacks undermining its integrity for providing tight security for authentication systems. Thus, this work focuses on enhancing the security of Fingerprint Fuzzy Vault using Elliptic Curve Embedding and presented the results of the actual implementation of an embedded fingerprint minutiae in the Fuzzy vault construct. This led to the design and development of an Enhanced Fingerprint Fuzzy Vault Scheme for Biometric Cryptosystem called ECCFV. The Elliptic Curve Embedding algorithm transform the fingerprint minutiae to another set of points thereby preventing the use of the raw fingerprint template in the vault. The design of the system consist of locking process during enrolment and unlocking process during authentication. The embedded fingerprint minutiae is locked with a 128bits randomly generated cryptographic key during enrolment and unlocking this key for access using same fingerprint signals a successful authentication. The scheme was implemented in MATLAB. Experiments are carried out on three databases namely: in-houseDB, FVC2004-DB1 and FVC2002 DB1.The Elliptic Curve Fingerprint Fuzzy Vault (ECCFV) developed achieved a Genuine Acceptance Rate (GAR) of 96%, 90%, and 80% with False Acceptance Rate (FAR) of 0% across all the three databases respectively. A comparative analysis performed showed that the performance of the developed ECCFV is better in terms of Genuine Acceptance Rate (GAR), False Acceptance Rate (FAR) and False Rejection Rate (FRR) when compared with other works under the same scheme. The security analysis of the developed system showed that the computational time for an attacker to break the vault is high. The ECCFV system is recommended for deployment in security sensitive environment where reliable user authentication is of utmost priority.