Document not found! Please try again

A Fingerprint Fuzzy Vault Scheme Using A Fast Chaff ... - IEEE Xplore

1 downloads 0 Views 1MB Size Report
Abstract— Fuzzy vault is one of the most popular algorithms, which is used to protect the biometric templates and secret key simultaneously. In the fuzzy vault ...
A Fingerprint Fuzzy Vault Scheme Using A Fast Chaff Point Generation Algorithm Thi Hanh Nguyen1,2, Yi Wang1,3, Trung Nhan Nguyen4, Renfa Li1 1

2

School of Information Science and Engineering, Hunan University, Changsha, China Faculty of Information Technology, Industry University of Ho Chi Minh City, Ho Chi Minh, Vietnam 3 Dept. of Electrical & Computer Engineering, National University of Singapore, Singapore 4 School of Electrical and Information Engineering, Hunan University, Changsha, China Email: {[email protected], [email protected]}

Abstract— Fuzzy vault is one of the most popular algorithms, which is used to protect the biometric templates and secret key simultaneously. In the fuzzy vault scheme, the biometric features are used to lock and unlock the secret key, which is encoded in the coefficients of a polynomial equation. Its security depends on the infeasibility of the polynomial reconstruction problem. Additionally, the vault performance can be enhanced by adding more noise (chaff) points to the vault. For a real-time implementation of the bio-cryptosystem, as would be required in today’s information security system, existing methods for chaff generation is inadequate. This paper proposed and employed a new fast chaff point generation algorithm which is less timeconsuming for producing more points to improve the performance and security of fingerprint fuzzy vault scheme. Our experimental results show that the proposed algorithm achieves faster than existing algorithms and still satisfies the typical security need. Index Terms— fingerprint; fuzzy vault; template protection; chaff generation; chaff points

I.

INTRODUCTION

As we go about our daily lives, we often need to verify our identities or identify someone else. Biometric technologies are, hence, technologies developed to use statistical analysis of an individual’s biological traits to determine his identity. Using biometrics for authentication human is user-friendly, demands less cost, and offers better safety measures to avoid information theft and safety harassment [1, 2]. A biometric template is a digital reference of distinct characteristics that has been extracted from a biometric sample. The biometric templates are captured during an enrollment phase and stored in the system, such as in a central database or in smartcards. These templates could be used as the encryption key and the decryption key in authentication systems. Since biometric data cannot be easily replaced or changed once stolen, it is important that biometric templates used in biometric applications should be constructed and stored in a secure way in order that the adversaries would not be able to forge biometric data easily even when the templates are compromised. Once these adversaries have compromised a template, they can use this template to imitate the legitimate users. This leads to serious problems in security and privacy such as imitation, information leakage, and tracking/tracing threats of biometric systems.

978-1-4799-1027-4/13/$31.00 ©2013 IEEE

Biometric cryptosystem which is one of two classes of template protection approaches [3] serves the purpose of either securing the cryptographic key using the biometric features or directly generating the cryptographic key from the biometric features. There are two subcategories of biometric encryptions: key binding and key generating. If the helper data is derived from binding the secret key and biometric template, it is called key binding. Examples include the fuzzy commitment [4] and fuzzy vault [5]. If the helper data are generated from the biometric template only, and the secret key comes from the helper data and the biometric features, it is called key generation. Key generation schemes have been proposed in [68]. Fuzzy vault, proposed by Juels and Sudan [5], becomes one of the most popular algorithms, which is used to protect the biometric templates and secret key simultaneously. The fuzzy vault scheme works with biometric features that they are represented as an unordered set. The fingerprint minutiae set naturally is unordered set, and fingerprint modality suits with the fuzzy vault scheme. Therefore, the most practical fuzzy vault schemes are implemented with fingerprints [3, 8-19]. It has been identified that the most compute-intensive block in the fuzzy vault scheme is the chaff point generation module. It fills approximately 18% of the time of biometric system [20]. This module is used to generate random noise points to hide the genuine minutiae inside the vault template. For a real-time implementation of the bio-cryptosystem, as would be required in today’s information security system, existing methods for chaff generation is inadequate. In this paper, proposed a fuzzy vault scheme which chaff point generation module is applied a new fast chaff point generation algorithm presented in [21]. In our method, the fingerprint image is split into the segments, called image cells, the candidate chaff points generate randomly in an arbitrary image cell. This point can be a chaff point, if it is the unique one in this image cell and the distance between this point and adjacent points is larger or equal to a distance threshold. Our proposed fuzzy vault scheme reduces significantly the computation time due to the chaff point module is less timeconsuming for producing more chaff points. Additionally, the degree of freedom of chaff points does not depend on the order that they are generated, our fuzzy vault scheme could resist against the attacks in [22].

The rest of the paper is organized as follows. Section II introduces the fuzzy vault scheme. Section III gives the proposed new chaff point generation method. Section IV shows the experimental results and Section V draws the conclusion. II.

THE FINGERPRINT FUZZY VAULT SCHEME

The fuzzy vault scheme aims to secure critical data (e.g., secret encryption key) with the biometric template that only the authorized user can access the secret by providing the valid fingerprint. In encoding phase, the vault template is created by applying polynomial encoding and error correction such that the secret key cannot be reproduced without the valid biometric features. The noise points which are not on the polynomial function, called chaff point, are generated randomly in order to protect genuine points. During the decoding phase, query biometric template is generated to retrieve the genuine points and secret key by measuring the distance between the biometric template and query template. The fuzzy vault scheme can make use of many types of biometric data such as fingerprint. Minutiae are important information is extracted from the fingerprint image and stored in the database in the form of a template. The basic features of minutiae include minutiae position (x, y) and orientation (θ). In the fingerprint based fuzzy vault, basic feature of minutiae is used as private attributes. Such these fuzzy vault schemes called minutia-based fuzzy vault schemes. A. Encoding phase In the encoding phase, a user (Alice) needs to protect a secret K and her fingerprint template. Figure 1 shows the encoding process of a fuzzy vault scheme. The process is performed as follows. First, the serest key K={ki}ni=1 of length q*n-bit is encoded using Cyclic Redundancy Check (CRC). The reason why the coefficients were q–bit values is that all the arithmetic operations of the proposed fuzzy vault system were based on the finite field F=GF(2q). The q-bit CRC is concatenated at the end of secret to form a new q(n+1)-bit code K’. This K’ is used for constructing the polynomial. The secret K’ is encoded into a polynomial P of degree n in F by partitioning it into (n+1) qbit values (c0, c1, …, cn) and they are as the coefficients of P (i.e., P(x)=cnxn+…+c0). The fingerprint minutiae of each user protect the secret such that the secret K’ just can be reconstructed from the fuzzy vault as long as (n+1) number of minutiae are found. Second, generating a genuine point set G. A={ai}ri=1, where ai∈F, is the fingerprint template that has r minutiae. r minutiae is well-separated minutiae (i.e., the minimum distance between any two selected minutiae is larger than a threshold δ1). Note that, if the selection algorithm fails to find r well-separated ridge features, it will be considered as a failure to capture (FTC) error and the algorithm stops or says “it terminates”. Treating the elements of A as distinct x-coordinate values, she computes evaluations of the polynomial P on the elements of A to obtain a genuine point set G, where G={ai, P(ai)}ri=1. Third, generating a chaff point set C. Randomly generate s chaff points which are not on P(x), s and these points construct a chaff point set C to secure the fingerprint template. These chaff points are C={cj, zj}sj=1, where zj ≠ P(cj), j ∈ [0, ..., s].

Fig. 1. Encoding process of a fuzzy vault scheme Query fingerprint template

Genuine points filter (Q)

Filtered minutiae

Polynomial Reconstruction (P(x))

Coefficients of polynomial

Recover secrect

Vault V=(A,B)

K=[abdc] Fig. 2. Decoding procedure of a fuzzy vault scheme

Finally, constructing the vault template, get a new set, V’={xi, yi}r+si=1, by combining G and C sets together. V’ is reset the order of its points. The scrambled V’, denoted as V, is the final fuzzy vault set. B. Decoding phase In the decoding phase, a user (Bob) tries to unlock the vault V using his query fingerprint. If the query fingerprint template is similar to the query fingerprint template, the coefficients can be obtained and the secret key can be retrieved. Figure 2 shows the decoding process of a fuzzy vault scheme. First, query minutiae of the query fingerprint are obtained and represented as field elements, B={bj}tj=1, where bj∈F. If the number of well-separated query minutiae is less than r, it is considered as FTC and the algorithm stops or says “it terminates”. Second, for every bj, the vault set V is searched for a matching field element (bj=xi) and the corresponding projection point on the polynomial P(x), Q={bl, P(bl)}t’l=1. In order to reconstruct an n-order polynomial P, Q set should have at least (n -1) elements. Third, Lagrange interpolation can be used to reconstruct the polynomial. Then, the coefficients are obtained and the secret K is retrieved. The security strength of the fuzzy vault scheme is based on the infeasibility of the polynomial reconstruction problem [5]. The vault performance can be improved by adding more number of chaff points to the vault. III.

CHAFF POINT GENERATION ALGORITHMS

In this section we review and evaluate the existing chaff point generation methods to choose one best method for our fuzzy vault scheme. The main goal of the adding chaff points in the fuzzy vault is to hide the genuine fingerprint minutiae, so that the chaff points could be chosen in a way that they must be indistinguishable from genuine points. Juels and Sudan [5] first proposed fuzzy vault scheme in which they used the location of the individual minutiae for generating chaff points. The chaff

points are randomly generated and added to the template if these points meet two criteria: (i) These points just are pixels with x-coordinate locations that are not the same x-coordinate locations of the valid points and the existing chaff points, and (ii) the y-coordinate location is not equal to P(x), i.e. the chaff points should not be on the polynomial P(x). Based on [5], some improved chaff point generation methods have been proposed in literature. Almost these methods based on random point generation to generate the chaff points for the fuzzy vault [11, 14, 23]. A. Clancy’s chaff point generation method According to Clancy et al. [11], if a chaff point is placed next to each other at a distance less than δ, the adversary can immediately ignore them as the unlikely candidates. They use the Euclidean distance to check the validity of chaff points, and also firstly suggest that chaff points should be located at a minimum distance, δ, from the valid points. The locations of the individual minutiae are just pixel coordinates in a fingerprint image denoted as u and v. Hence a chaff point m = (u, v) is randomly chosen such that u ∈ {1, 2, …, row}, v ∈ {1, 2, …, col}, where row and col represent the size of the fingerprint image. In 2007, Nandakumar et al. [14] proposed a modified chaff point method based on Clancy’s method. In their method, they used both minutia location and orientation information which makes it more difficult for an attacker to decode the vault. Orientation attribute that denote θ is ridge orientation, it is randomly chosen from the set of {1, 2, 3, ..., 360}. The distance DM is defined slightly different than [16].

DM (mi , mj ) = (ui − u j )2 − (vi − v j )2 + βM Δ(θi ,θ j )

Fig. 3. Illustration of generating a chaff point based on Clancy’s method

Fig. 4. Illustration of generating a chaff point based on Khalil-Hani’s method

(1)

Where ∆(θi,θj)= min(θi - θj, 360 - θi, θj) and βM are the weight assigned to the orientation attribute (set to 0.2 in [14]). For convenience, from hereon, we will refer the above methods of chaff point generation as Clancy’s algorithm. This method requires calculations of Euclidean distance, such as square and square-root values. Figure 3 shows that when new chaff point generation, they calculate and compare the Euclidean distance between candidate point and existing points (gunnies points and chaff points). The calculation time to determine the Euclidean distance is linearly increasing with a growing number of needed points in the vault template. Hence, the drawbacks of Clancy’s method are computational complexity and time consuming, especially in the case of larger chaff points generation. B. Khalil-Hani’s chaff point generation method Khalil-Hani et al. [23] propose a chaff generation method based on Clancy’s algorithm, which uses a mathematical theorem of circle packing scheme, known as circle packing. A new point is added to the fuzzy vault set only if its boundary (equal to or larger than δ/2) does not overlap with the boundary of any other existing points. They use addition, subtraction and comparison instead of squaring and square-roots operators in [11, 14] to reduce the computational intension. However, it still needs to check whether the new point’s boundary is overlapping with all the existing points or not (see Fig. 4). Khalil-Han’s chaff point generation algorithm is described in detail in [23].

Fig. 5. Illustration of generating a chaff point based on our method,

C. Our proposed chaff point generation method To overcome the disadvantages of the existing methods, we proposed a new method based on Clancy’s method and reported recently in [21]. In our method, the fingerprint image is split into the segments, called image cells, and the chaff point generation randomly and unique in the image cells. We noted that each image cell has eight adjacent image cells (see Fig. 5). A new chaff point is randomly generated according to the following two criteria: (i) in an arbitrary image cell, we randomly generated a unique chaff point. If the image cell contains a genuine point or chaff point, this image cell will be ignored; (ii) the distance between this new point and the existing eight points is larger or equal to δ. The algorithm is described the details in [21]. Figure 5 shows that to generate a new chaff point, the proposed algorithm only needs to calculate and compare eight times of Euclidean distance. Therefore, this method reduces the number of the needed calculation times compared with the existing methods. The advantages of our chaff point generation algorithm are: (i) the proposed chaff point extraction algorithm could resist

against the attack in [22]. In this method, fingerprint image is split into image cells, and we make the assumption that each image cell could contain one chaff point only. Therefore, the degree of freedom does not depend on the order of the chaff points that are generated. And it makes the attacks in [22] difficult to distinguish between genuine minutiae points and chaff points. (ii) More specially, our proposed method is consuming less time than existing methods. In order to prove the validation of this reason, we take the template consisting of 24 minutiae and 240 chaff points as an example and compute the different the times of calculations for Euclidean distance of our method and Clancy’s method. Clancy’s algorithm uses the Euclidean distance to check the validity of chaff points. They need to compute 20 times for Euclidean distance when generating the first chaff point. They also need to compute (20+1) times Euclidean distance for the second point generation. This process has to be repeated until a sufficient number (200 points) of chaff points are generated. There also exist some failed points which could not meet the requirement of a valid point; therefore, they need to extra the computation to generate valid points. Let G, N is the number of genuine points and the chaff points. Ki is the number of failed points (candidate points) for ith chaff point. The time of calculations for Euclidean distance is S' =

N

Ki

i =1

j=0

∑ (G + i − 1) + ∑

j ( G + i − 1)

(3)

The chaff points that are generated later have more the number of failed points compared to early chaff points, the time of calculations increases. According to above example and Eq. 3, we found that if S’ is great, the computational time increases a lot. In our method [21], every candidate chaff point has the maximum eight adjacent points which are used to calculate the Euclidean distance. The time of calculations for Euclidean distance doesn’t depend on the order of chaff point. N

Ki

i =1

j=0

S '' = ∑ (8 + i − 1) + ∑ j (8 + i − 1)

(4)

It is easy to find that the different value between Eq. 3 and Eq. 4 which is calculated as follows. S =

Ki



j (G − 8 + 1 + i ) + N (G − 8 ) +

j=0

N +1 N 2

(5)

where G is always larger than 8. S will increase with N increasing. These advantages are also the main reasons for choosing our chaff point generation algorithm to improve the performance and security of fingerprint fuzzy vault scheme. IV.

RESULTS AND ANALYSIS

The selection of fuzzy vault parameters is very important for verification performance. The fingerprint databases used to evaluate the performance of the proposed fuzzy vault scheme include FVC2002-DB1A and FVC2002-DB2A (called DB1A and DB2A in this paper). They both are public-domain databases [24]. We select relatively reliable ridge features (r) of fix-number for various databases, 18–24, and 20-28 for include DB1A and DB2A, respectively. The remaining

parameters are selected the same for the two databases. The number of chaff points (t) is approximately ten times the genuine points in the vault. The size of an image cells is m x m, where m is chosen 11 (m≥δ/2). The minutia location and the minutia orientation of the template and the query fingerprints are used to encode and decode a secret K. The key size is 128 bits, i.e., the polynomial degree n is 8. The x,y-coordinates and θ orientation are encoded a field F, where {F= GF(216)}, to obtain a bit string length of 16 bits. Cyclic Redundancy Check (IBMCRC − 16) with a value of 0×8005 to form the polynomial x16 + x15 + x2 + 1 is used for generating the CRC bits which combine with the secret K to obtain a new secret K with 16(n + 1) bits. The K is divided into nine nonoverlapping chunks, giving the coefficients of an 8th degree polynomial. We use the MATLAB language program to simulate our proposed fuzzy vault scheme which is running on PC Core2 Duo 2.3GHz using Microsoft Windows 7 operating system. A.

Performance evaluation In order to have a fair comparison with the works of [11, 23], we generate the same number of chaff points (200 points) to hide 20 genuine minutiae. We define that the value of δ is 20 and size of image cell is 15 × 15. We use DB1A fingerprint database to evaluate the performance of the proposed algorithm. Table 1 shows the average time to generate the chaff points of Clancy’s, Khalil-Hani’s and the proposed algorithms. From Table 1, our algorithm is slower than the other methods in the case of generating less than 200 chaff points. But our method is faster than Clancy’s method in the case of generating more than 200 chaff points. In the case of generating 240 chaff points, the proposed method can achieve 14.82 and 41.86 times faster than Clancy’s and Khalil-Hani’s methods respectively. Figure 6 shows the execution time comparisons. As the number of chaff points increase, the execution time for Clancy’s and Khalil-Hani’s algorithm increases exponentially, while the increase of execution time of our proposed algorithm increases linearly. TABLE I.

THE PERFORMANCE OF CHAFF POINT GENERATION METHODS

No. of genuine minutiae 10 18 20 22 23 24 26

No. of chaff point

Clancy’s (sec.)

KhalilHani’s (sec.)

100 180 200 220 230 240 260

0.0337 0.1093 0.2079 0.5501 5.7790 52.7631 #N/A

0.2188 0.4194 0.5613 7.0802 26.5979 38.9469 #N/A

Proposed method (sec.) 0.0939 0.2086 0.3088 0.4554 0.5422 0.8219 2.7575

We use the first impression of each finger as the template fingerprint and the second one as the query. Therefore, the total number of genuine attempts is 100 for each database. For imposter matches, we use the first impression of each finger as the template and the impressions all of the other fingers as the query. Therefore, the number of imposter attempts is 9900 for each database. The equal error rate (ERR) of the ROC turned out to be 2.4% and 1.9% for DB1A and DB2A, respectively. This result shows the performance of our proposed fuzzy vault scheme achieve good accuracy (see Fig. 7).

minutiae domain. Degree of freedom in this instance refers to the amount of free area around each point. According to [22], the chaff points generated later have smaller degree of freedom compared with the ones generated earlier. While adding more chaff points may increase the security of the system, it also increases the memory required to store the vault.

100.0000

Clancy's Khalil-Hani's

Execution tmes (sec.)

10.0000

Proposed Method

1.0000 0.8219 0.4154

0.5422

0.3088 0.1000 0.2086 0.0939 0.0100 100

180

200

220

230

240

Number of generated chaff points

Fig. 6. Execution time comparison of generating chaff points for Clancy’s method, Khalil-Hani’s method and the proposed method

Fig. 7. ROC curves on DB1A and DB2A

As a result, it may be easier for an adversary to identify some chaff points in the vault [22] which scarified the security. To overcome this limited security, like [14] we restrict the number of chaff points to approximately 10 times larger than the number of genuine points. Moreover, during generating chaff points, the fingerprint image is split into the segments, and each arbitrary segment contains only one chaff point. The segment’s size is kept the same, so chaff points which belong to this segment would have the same degree of freedom. The degree of freedom does not depend on the order of the chaff points that are generated. Thus, the proposed chaff point extraction algorithm could resist against the attack in [22]. In order to prove the ability to resist against the Chang’s attack, we carry on an experiment to analyze the degree of freedom chaff points generated by our chaff generation algorithms. We select 24 genuine points, and also randomly generate 240 chaff points under the prerequisite that the distance between the points is larger than or equaling to 20. Figure 8(a) shows the generated chaff points and each point is labeled in the order when it was generated and added to the vault. Green color in Fig. 8(a) represents the genuine points. Blue color represents the chaff points generated at an earlier stage i.e. from 1st chaff point up to the 120th. Read color represents the chaff points generated at a later stage i.e. from 121st up to 240th. , a part of the Fig. 8(b) shows the bottom-right corner of the Fig. 8(a). It is obvious that the chaff points have the random degree of freedom no matter of their order. 2) Using min-entropy method In this section, we adopt the min-entropy method, proposed in [25], to analyze the security of our fuzzy vault scheme. This method analyzes the security of the fuzzy vault scheme based on the complexity to reconstruct the polynomial. Assuming both chaff minutiae and genuine minutiae are similarly distributed. The min-entropy of the template minutiae SMT given the vault V can be computed as

⎛( r )⎞ H ∞ ( SM T | V ) = − log 2 ⎜ rn++1s ⎟ ⎝ ( n +1 ) ⎠

Fig. 8. (a) Degree of freedom of genuine points and chaff points, (b) Close-up of a part the bottom-right corner of (a)

B.

Security evaluation

1) Using the degree of freedom Chang et al. [22] described a statistical method of attack on a fuzzy vault that is significantly faster than the brute-force attack in identifying the valid points hidden within a fuzzy vault template. To identify and eliminate the chaff points, they apply the brute force attack method to chaff points by measuring the degree of freedom of all points that exist in the

(5)

where, r, s, and n denote the number of minutiae, number of chaff points and polynomial’s degree respectively and they are typically 20, 200, 8, respectively. The security level measure for two different databases obtains as the following. The total number of possible combinations is 2.8187 x 1015 DB2A. To decode the secret successfully needs 167,960 combinations. The probability that a combination of ridge features decodes the secret is equivalent 5.9 x 10-11. Based on these analyses, the security of our proposed fuzzy vault is approximately 34 bits. This also shows that the level security of proposed scheme can achieve.

V.

CONCLUSION

This paper proposed and employed a chaff point generation algorithm to improve the performance and security of fingerprint fuzzy vault scheme. Experimental results show that the time of chaff point generation module achieves 4.84 times and 41.86 times faster than Clancy’s and Khalil-Hani’s algorithms in the case of generating 240 chaff points. The ERR of the ROC turned out to be 2.4% and 1.9% for FVC2002DB1A and FVC2002-DB2A, respectively. Additionally, the degree of freedom of chaff points does not depend on the order that they are generated, our fuzzy vault scheme could resist against the attack of Chang et al. Based on min-entropy analyses the security of our proposed fuzzy vault is approximately 34 bits. Although this level security is not height but it still satisfies the typical security need. These results show that our fuzzy vault scheme based on proposed chaff point generation algorithm can achieve good performance, and can ensure the security of both fingerprint template and the secret key. Specially, it performs well on processing time.

[12] [13]

[14]

[15]

[16]

[17]

ACKNOWLEDGMENTS. This work is supported by "Chinese National Science Foundation" (No.61173036) and "the Fundamental Research Funds for Chinese Central Universities".

[18]

REFERENCES [1] A. K. Jain, A. Ross, and S. Pankanti, "Biometrics: a tool for information security," IEEE Trans. Infor. Forrensics and Security, vol. 1, pp. 125-143, 2006. [2] D. Bhattacharyya, R. Ranjan, A. Farkhod Alisherov, and M. Choi, "Biometric authentication: A review," Inter. Journal of uand e-Service, Sci. and Techno., vol. 2, pp. 13-28, 2009. [3] A. Nagar, K. Nandakumar, and A. K. Jain, "Securing Fingerprint Template: Fuzzy Vault with Minutiae Descriptors," Inter. Confer. on Pattern Recognition, 19th. vols 1-6, pp. 822825, 2008. [4] A. Juels and M. Wattenberg, "A fuzzy commitment scheme," ACM confer. on Computer and communications security, 6th, pp. 28-36, 1999. [5] A. Juels and M. Sudan, "A fuzzy vault scheme," IEEE Inter. Sympo. Information Theory, p. 408, 2002. [6] Y.-J. Chang, W. Zhang, and T. Chen, "Biometrics-based cryptographic key generation," IEEE Inter. Confer. Multimedia and Expo. ICME'04. pp. 2203-2206, 2004. [7] Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data," Advances in cryptology-Eurocrypt, pp. 523-540, 2004. [8] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, "Generating cancelable fingerprint templates," IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 29, pp. 561-572, 2007. [9] M. Savvides, B. Vijaya Kumar, and P. K. Khosla, "Cancelable biometric filters for face recognition," Procee. of the 17th Inter. Confer. on Pattern Recognition. ICPR 2004, pp. 922-925, 2004. [10] A. B. J. Teoh, K.-A. Toh, and W. K. Yip, "2^ N discretisation of biophasor in cancellable biometrics," Advances in Biometrics, ed: Springer , pp. 435-444, 2007. [11] T. C. Clancy, N. Kiyavash, and D. J. Lin, "Secure smartcardbased fingerprint authentication," Procee. of the ACM SIGMM

[19]

[20] [21]

[22]

[23]

[24]

[25]

workshop on Biometrics methods and applications, pp. 45-52, 2003. U. Uludag, S. Pankanti, and A. K. Jain, "Fuzzy vault for fingerprints," Audio-and Video-Based Biometric Person Authentication, pp. 310-319, 2005. U. Uludag and A. Jain, "Securing fingerprint template: Fuzzy vault with helper data," Confer. on Computer Vision and Pattern Recognition Workshop, CVPRW'06, pp. 163-163, 2006. K. Nandakumar, A. K. Jain, and S. Pankanti, "Fingerprint-based fuzzy vault: Implementation and performance," IEEE Trans. Infor. Forensics and Security, vol. 2, pp. 744-757, 2007. Y. Chung, D. Moon, S. Lee, S. Jung, T. Kim, and D. Ahn, "Automatic alignment of fingerprint features for fuzzy fingerprint vault," in Information Security and Cryptology, 2005, pp. 358-369. P. Li, X. Yang, K. Cao, P. Shi, and J. Tian, "Security-enhanced fuzzy fingerprint vault based on minutiae’s local ridge information," Advances in Biometrics, ed: Springer, pp. 930939, 2009. P. Li, X. Yang, K. Cao, X. Tao, R. Wang, and J. Tian, "An alignment-free fingerprint cryptosystem based on fuzzy vault scheme," Journal of Network and Computer Applications, vol. 33, pp. 207-220, 2010. S. Yang and I. Verbauwhede, "Automatic secure fingerprint verification system based on fuzzy vault scheme," IEEE Inter. Confer. on Acoustics, Speech, and Signal Processing, (ICASSP'05), vol. 5, pp. v/609-v/612, 2005. J. Li, X. Yang, J. Tian, P. Shi, and P. Li, "Topological structurebased alignment for fingerprint fuzzy vault," Inter. Confer. Pattern Recognition, ICPR 2008, pp. 1-4, 2008. R. Bakhteri and M. K. Hani, "Biometric encryption using fingerprint fuzzy vault for FPGA-based embedded systems," IEEE Region 10 Confer. TENCON 2009, pp. 1-5, 2009. T. H. Nguyen, Y. Wang, Y. Ha, and R. Li, “Improved chaff point generation for vault scheme in bio-cryptosystems,” IET Biometrics, vol. 2, no. 2, pp.48-55, 2013. E.-C. Chang, R. Shen, and F. W. Teo, "Finding the original point set hidden among chaff," ACM Procee. of the computer and communications security, pp. 182-188, 2006. M. Khalil-Hani and R. Bakhteri, "Securing cryptographic key with fuzzy vault based on a new chaff generation method," Inter. Confer. on High Performance Computing and Simulation (HPCS), pp. 259-265, 2010. D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K. Jain, "FVC2002: Second Fingerprint Verification Competition," Inter. Confer. on Pattern Recognition, vol. 3, pp. 811-814, 2012. K. Nandakumar, Multibiometric systems: fusion strategies and template security: ProQuest, 2008.