A New Scheme for the Polynomial Based Biometric Cryptosystems

This paper presents a new scheme for the fuzzy vault based biometric cryptosystems which explore the feasibility of a polynomial based vault for the biometric traits like iris, palm, vein, and so forth. Gabor filter is used for the feature extraction from the biometric data and the extracted feature points are transformed into Eigen spaces using Karhunen Loeve (K-L) transform. A polynomial obtained from the secret key is used to generate projections from the transformed features and the randomly generated points, known as chaff points. The points and their corresponding projections form the ordered pairs. The union of the ordered pairs from the features and the chaff points creates a fuzzy vault. At the time of decoding, matching scores are computed by comparing the stored and the claimed biometric traits, which are further tested against a predefined threshold. The number of matched scores should be greater than a tolerance value for the successful decoding of the vault. The threshold and the tolerance value are learned from the transformed features at the encoding stage and chosen according to the tradeoff in the error rates. The proposed scheme is tested on a variety of biometric databases and error rates obtained from the experimental results confirm the utility of the new scheme.


Introduction
Intrusions in the secret data protection arena pose potential threat to the information security. In the recent trends of the data protection, biometrics based cryptosystems are emerging as promising technologies. Biometric cryptosystems can be broadly divided into two main schemes: (a) Key binding mode, in which the secret key is integrated with the biometric template. In this mechanism, both the biometric template and the key are so locked that it is very difficult to retrieve any one without the information of other [1][2][3][4]. (b) Key generation mode, in which the biometric template generates the keys used in any cryptographic algorithm for the encryption and decryption of secret messages [5][6][7][8]. Both the approaches are secure and computationally very difficult for the intruder to attack. However, these approaches pose implementation problems as it requires the encryption key to be exactly same as the decryption one. But the biometric data acquired at different times is substantially different, due to the intraclass variations, necessitating a different key every time.
The implementation of key binding mode is greatly affected by the cryptographic construct called fuzzy vault, investigated by Juels and Sudan [9]. This fuzzy vault can tolerate the intraclass variability in the biometric data, which has inspired several researchers [1][2][3][4] to pursue the biometrics based fuzzy vaults. This paper proposes another attempt on using fuzzy vault scheme in key binding mode by presenting a new scheme which exploits textural features from biometric traits.
The key generating mode of the biometric cryptosystem is of particular interest in [6-8, 11, 19]. Hao [7] resort to the key generation using the fingerprints and their work has resulted in the product, Bioscrypt. Instead of generating a key directly from biometrics, they have devised a method of biometric locking using the phase product. A fuzzy extractor based approach is suggested by Dodis et al. [8] to generate a strong cryptographic key from the noisy biometric data. This scheme is modified by Boyen [19] by generating multiple keys before hashing.
The basic idea of a key binding was borrowed from the work of Juels and Sudan [9] which was an extension of the work in [20]. They introduce the polynomial construction to hide the secret key with integration of an unordered set and modify the fuzzy vault scheme of Davida at el. [13] by invoking Reed and Solomon error correcting code [21]. However, Uludag et al. [1] were among the first to investigate the fuzzy vault using the fingerprint biometric as an unordered set. The difficulties associated with the minutiae point alignment are significantly reduced in [4] with the helper data during the minutiae point extraction. A modified fuzzy vault is suggested in [22] where the secret key and the biometric features are hidden in separate grids with chaff points added to make the grids fuzzy. The same scheme makes its way in a palmprint based vault [23].

The Motivations.
Note that fingerprint has been utilized as a biometric trait [1][2][3][4] in most of the published work on polynomial based fuzzy vault. In the context of fingerprint authentication, minutiae points are widely accepted as the most significant features [4]. The minutiae points are the specific locations in a finger and can be considered as ordered triplet ( , , ) [4]. But since the points are associated with their locations and saved accordingly, they become an unordered set which can be shuffled without losing its significance and can be matched with original set in any order. Despite the current popularity of other biometric traits like palmprint, iris, and hand veins, there are less attempts to use them in the polynomial based fuzzy vault. In this direction, iris [24], palmprint [25], and handwritten signature [26] based cryptosystems merit a mention. Here, the work in [24] made use of clustering method to make iris features unordered while the other two cryptosystems operate on key generation mode. The reason for lack of interest could be the orderliness of the features extracted from these traits. The orderliness of these features implies that any change in their order will result in a new set of features that can affect the authentication process.

The Proposed
Work. This paper devises a new scheme for the polynomial based fuzzy vault, in the key binding mode, by employing the textural features generated using Gabor filters of the biometric traits [27]. In the proposed approach, Karhunen Loeve (K-L) transform [28] to transform the features into the Eigenspace through the transformation matrix (Eigenvector matrix). The projection of the transformed features is taken on the polynomial and chaff points are added to form the fuzzy vault. The original and the transformed features are discarded after creating the vault. However, the transformation matrix is stored along with the vault to be used during the decoding process. Essentially, a query feature vector is transformed using the stored transformation matrix. Each point of the transformed query feature vector is subtracted from all the stored vault points, and the differences are matched against a cutoff threshold. If the difference is less than this threshold, the corresponding biometric feature point is supposed to be the original feature vector. However, only + 1 features are required to reconstruct a polynomial of degree and an original feature set may have more points than . Thus, total count of such feature points should be greater than a tolerance value for the claimed identity to be true. The cutoff threshold and tolerance value are learned from the transformed features (before being discarded) at the time of encoding. The reconstruction of the polynomial of any query takes place only when these two thresholds are validated. These values can also be compared with the decision thresholds in the traditional biometric authentication, chosen according to the tradeoff between the error rates (false acceptance/rejection).
The usage of the Gabor filter based features in the vault allows this scheme to be generalized for many biometric traits. The proposed scheme is tested on variety of publicly available databases, that is, FVC 2004 DB2, Hong Kong PolyU V2, and CASIA V1 of fingerprint, palmprint, and iris, respectively, including the hand vein database of IIT Delhi with the textural features extracted using Gabor filters. The experimental results show that the presented approach operates on lower error rates and can be acceptable for any security applications. It is remarked that no existing biometric cryptosystem is tested on such a variety of publicly available databases. The block diagram of the complete approach is shown in Figure 1.
The rest of the paper is organized as follows. Section 2 presents an overview on implementation of the earlier proposed fuzzy vault and the modifications done in our scheme. Section 3 details the proposed scheme of the fuzzy vault. The experimental results are presented in Section 4, and some security-related issues are discussed in Section 5. Finally, a summary of the overall work is outlined in Section 6.

An Overview on Fuzzy Vault
2.1. The Fuzzy Vault. The fuzzy vault introduced by Juels and Sudan [9] contains a secret key integrated with an unordered set using polynomial projections. The key can be accessed through the polynomial reconstruction using another unordered set, if the set is much similar to the original one. The fuzzy vault is used as biometric cryptosystem in [2] with the minutiae points of the fingerprint as an unordered set. In this work, the polynomial coefficients are computed from the secret key and the projections of the minutiae points are taken on this polynomial. The added chaff points are such that they do not lie on the generated polynomial. Let secret key (e.g., cryptographic key) be hidden using a biometric feature set = { 1 , 2 ⋅ ⋅ ⋅ } of length . Error correcting bits are added to the secret key to form 1 to tolerate the errors created at the time of decoding. The coefficients of the polynomial are generated using 1. Let   At the unlocking step, the user provides a query template denoted by = { 1 , 2 ⋅ ⋅ ⋅ } of " " elements. If overlaps substantially with , the user can retrieve many original points from V that lie on the polynomial. These overlaps help reconstruct the polynomial coefficients and thereby the secret key . If the number of discrepancies between and is less than ( − ), overlaps are needed to interpolate the polynomial. Error checking is one way to check whether the set of overlaps chosen is appropriate to decode the vault. On the other hand, if and do not have a sufficient overlap, cannot be reconstructed; hence the authentication fails. The vault is called fuzzy because the added chaff points to the original biometric features make them so vague that it cannot be separated without the presence of original features.
The crucial parameters in the vault implementation are , , and , where is the number of features used in the vault encoding, is the degree of the polynomial chosen according to the length of the secret message in the vault, and is the number of chaff points added to the vault for concealing the original data points from an attacker.

Modifications in the Earlier Approach.
The new scheme for fuzzy vault, presented in this paper, has the following main differences from the earlier schemes [2][3][4]29].
(1) The textural features extracted using Gabor filters are attributed as one of the most significant features in palmprint [27], iris [30], and even fingerprint [31]. Note that the use of these features is made for the first time in the polynomial based fuzzy vault. To separate out the original points from the chaff points, a cutoff threshold and a tolerance value are learned empirically at the encoding phase of the vault. A novel scheme for the generation of the polynomial coefficients from the secret key is also developed. vector. After the vault is generated, both the original and transformed feature vectors are discarded for the security reasons. However, the transformation matrix (i.e., Eigen vector matrix) is retained for the assessment of the query features toward the access to the authentication system.

Generation of the Polynomial Coefficients. A secret key
of lengths bits is randomly generated. For a polynomial of degree , a total of + 1 number of coefficients should be generated from the random bits . So, is divided into + 1 binary strings denoted as . With each , a cyclic redundancy check (CRC) bit is added to every string. At the authentication stage, these bits are checked after the reconstruction of the polynomial coefficients and any discrepancy in these bits is declared as an unsuccessful attempt to the access of the vault.
Each of bit strings is converted to a decimal number and then the logarithmic transformation is applied on the decimal numbers to bring them into the lower range of values that become the polynomial coefficients . The block diagram in Figure 2 shows the stages in the generation of the polynomial coefficients. We have 384 randomly generated bits , which are split into = 8 strings of equal length. One bit of CRC is added to each and converted into its decimal equivalent, which is subjected to the logarithmic transformation (base 2) to yield the coefficients of the polynomial.
In the proposed scheme, a polynomial of degree 7 is chosen to hide the secret key of 384 bits. Any secret key of more than this length can be hidden by choosing a polynomial of higher degree. The method in [4] uses an 8 degree polynomial to hide a secret of 128 bits.

Significant Features for
Encoding. K-L transform, also known as PCA (principal component analysis), is used to extract the significant features [28]. In the proposed scheme, the transformation matrix arising out of the K-L transform facilitates the determination of the subspace of the original feature vector for encoding the vault. The same transformation matrix is applied on the query feature vector to convert it into the same subspace for aligning (matching) with the fuzzy vault.
The transformed feature vector is used to learn the cutoff threshold ( ) and the tolerance value ( ). The cutoff threshold is taken as the maximum of the pointwise differences between the training feature vectors. The tolerance value is determined from the ROC curve for each modality. The cutoff threshold and tolerance value are fine-tuned as per the specified error rates to be achieved.

Encoding of the Vault.
Let the transformed feature vector { } ×1 be represented by { 1 , 2 ⋅ ⋅ ⋅ } , whose projections on the polynomial of degree form the projection set = { ( 1 ), ( 2 ) ⋅ ⋅ ⋅ ( )} . Next, + 1 coefficients of computed using the secret key (detailed in Section 4.1) are saved as The elements of the projection set are obtained as The ordered pairs { , ( )}; = 1, 2, 3, . . . , , are made up of point and its corresponding projection ( ). The next task is to generate the chaff points that do not satisfy . In the proposed scheme, the random numbers are generated by fitting a U-distribution [32] having the mean and variance of the feature point. Any number of chaff points can be generated using this distribution corresponding to each data point ; = 1, 2, 3, . . . , , and the generated random numbers do not coincide with any of the original features.
As mentioned above, the original feature vector { } 1×1 and the transformed feature vector { } ×1 are removed from the database. The transformation matrix { } × 1 , the cutoff threshold ( ), tolerance value ( ), and the vault are stored for decoding. The block diagram in Figure 3 shows the modules required in encoding the fuzzy vault.

Decoding of the Vault.
The decoding of the vault involves alignment of a query template with the stored one. This alignment of query template helps in separating the chaff points from the stored template points in the vault. In the fingerprint based fuzzy vault in [4] the minutiae features are aligned using an adaptive bounding box, which counters the distortions in the minutiae features more effectively than the approach in [2]. The approach in [4] resorts to a threshold to separate the original minutiae points from the chaff points. The basic idea is to cash in on a parameter to differentiate between the genuine and the imposter templates. In the proposed scheme, the successful decoding of the vault depends upon two parameters: the cutoff threshold ( ), learned from the transformed features { } ×1 , and the tolerance value ( ) which is fixed according to the tradeoff in the error rates (FAR/FRR).
The query feature vector = { 1 , 2 , 3 ⋅ ⋅ ⋅ 1 } undergoes the K-L transformation { } × 1 , to yield the transformed query feature vector = { 1 2 ⋅ ⋅ ⋅ } of length at the encoding. Let the ordered pairs of the vault be denoted as { , }. Subtraction of from all the abscissas of the ordered pairs in provides ( + 1) differences stored in an array as the matching score. The scores below the cutoff threshold is assumed to be from original feature points, otherwise from chaff points. The ordered pairs corresponding to these scores are separated out from the vault . Let of the set of ordered pairs be separated from the vault . To reconstruct the polynomial coefficients = { 0 , 1 , 2 ⋅ ⋅ ⋅ } only +1 original (genuine) ordered pairs are needed. If < + 1 then it results in the authentication failure. If ≥ + 1 the polynomial can be successfully reconstructed. However, may also exceed + 1 due to the noisy biometric data. The task of tolerance value ( ) is to prevent the imposter attempts to open the vault. Even if = + 1 is sufficient to reconstruct the polynomial the condition ≥ is enforced for the access. But the high values of can restrict the genuine users from decoding the vault. Hence, the choice of must be made to achieve the requisite error (FAR/FRR) in the authentication system.
In case > and > +1 as well, any +1 points from can be taken for the reconstruction of the polynomial. Let { , ( )} be the set of ordered pairs corresponding to the points with > and let { +1 , ( +1 )} be the candidate points selected for the reconstruction of the polynomial .

ISRN Machine Vision
The reconstruction is done using Lagrange's interpolation and the reconstructed polynomial * ( ) is obtained as * ( ) The reconstructed polynomial * ( ) using Lagrange's interpolation in (4) can also be represented as The reconstructed coefficients { * 0 , * 1 , * 2 ⋅ ⋅ ⋅ * } help recover the secret binary bits by applying the method in reverse order as discussed in Section 3.1. The Antilog (base 2) transformation of all the coefficients will yield the decimal representations which are converted to binary equivalents. Each of the binary equivalents * is of length 49 with the first bit being the CRC parity bit.
A check is made to see whether the parity bit is changed during the reconstruction of the polynomial. This check is about finding whether the binary equivalent is equal to the original one. If this check fails, it may be due to the noisy biometric data or due to the coefficient approximation by Lagrange's interpolation in (5). In this case, we examine other candidates in the set { , ( )} and reconstruct the coefficients { * 0 , * 1 , * 2 ⋅ ⋅ ⋅ * } again using (5). If none of the candidates is unable to reconstruct the original coefficients the authentication failure occurs and the user is identified to be an imposter. Finally, the converted bits (the binary equivalent) are concatenated to form the original secret key. The decoding of the vault is shown in Figure 4

Experiments and Results
The performance of the proposed vault is ascertained by making rigorous experiments on several standard databases of different biometrics. A random binary string of 392 bits is generated as the random key (or message), which is used to calculate the polynomial coefficients. As the minutiae points of the fingerprint have been employed already for the fuzzy vault, the motivation of the proposed scheme is to evaluate the fuzzy vault on other biometric modalities using the textural features. We will enumerate the following strategies for the implementation of our fuzzy vault.

Fingerprint Based Vault.
Fingerprint is a good old biometric trait for the personal authentication and its minutiae features have also found a place in the fuzzy vault scheme [2][3][4]. However, the proposed vault is intended to pursue the textural features from the fingerprints obtained with the application of Gabor filterbank, as detailed in [31]. Here we take recourse to the publically available FVC 2004 DB1 database, having 100 users with three samples each. The core point is detected as in [31] and ROIs are cropped using the core point as the centre point. The detection of core point itself is a challenging task and many enrolled sample images get rejected due to the false core point. A sample image from the database and the corresponding ROI are shown in Figure 5. The cropped ROI is of size 153 × 153 while the original fingerprint image is of size 640 × 480. We create multiple Gabor filters of the size 33 × 33 with mean = 0, sigma = 5.6569, and orientations (ang × ( /8)) 0 , where ang = 0, 1, 2 ⋅ ⋅ ⋅ 7. The Gabor filters at each orientation are convolved with ROIs and the real parts of this convolution are divided into nonoverlapping windows of size 15 × 15. A feature vector of size 832 (104 × 8) is generated. In order to test the performance of the extracted features, the database is divided into two training images and one test image. Next, genuine and imposter scores are generated using the Euclidean distance, shown in Figure 6(a). For use in fuzzy vault, the extracted features are transformed using K-L transform to the reduced feature vector of size 90. The other parameters of the fingerprint based fuzzy vault are given in Table 6. Table 1 shows the value of FAR and FRR for varying values of tolerance. The ROC curve for FAR versus GAR (100-FRR) is shown in Figure 6(b).

Palmprint Based Vault.
Despite the current popularity of the palmprint as a biometric trait only a few palmprint based cryptosystems exist in the literature [18,23]  polynomial based fuzzy vault approach. We therefore embark on the palmprint features to evaluate the polynomial based fuzzy vault scheme. The database for the palmprint owes it allegiance to the publically available PolyU V2 [33]. The ROI and feature extraction method are the same as detailed in [27]. The palmprint image and the extracted ROI are shown in    The genuine and imposter scores are computed using the Euclidean distance based classifier, as shown in Figure 8(a).
For the palmprint based fuzzy vault, 90 significant features are selected out of 676 Gabor features for the polynomial projection using K-L transform. The parameters of the vault are given in Table 6. Two sets of experiments are conducted on PolyU database, with the first set involving 150 users with 3 samples per user. Out of the 3 enrolled images, one image is randomly selected for encoding the vault (template) and the rest 2 images are kept for testing (query). Table 2 shows the FAR and FRR values for this experiment with the varying values of tolerance. Its ROC is shown in Figure 8(b).
The next set of experiments makes use of samples per user. One sample is embarked for encoding the template and the rest 4 samples are for the query. The FAR and FRR obtained from this experiment are given in Table 3.   The corresponding ROC is shown in Figure 8(c). It can be observed that, increase in the number of query templates has very less effect on the proposed vault as reflected in FAR of 0.65% for FRR of 8.66%.

Iris Based Vault.
Another set of experiments is carried out on the publically available CASIA I iris database [34] having 108 users with 3 samples per user which is the standard benchmark [35] for the evaluation of iris. The image normalization and Log Gabor based feature extraction are the same as in [30]. A sample iris image and the normalized enhanced iris strip are shown in Figures 9(a) and 9(b). The Log Gabor filter has a central frequency of 18 and radial bandwidth ratio of 0.55 [30].
The enhanced iris strip of size 50 × 512 is divided into windows of size 7 × 7 and mean of each window is taken as a feature leading to 522 features, which are reduced to 90 using K-L transform and the reduced features encode the vault. The genuine and imposter scores are generated by dividing the database into 2 training and 1 test images. The distribution of scores is shown in Figure 10 based fuzzy vault are given in Table 6. Table 4 presents FARs and FRRs for the varying values of tolerance. Figure 10(b) shows the ROC generated from these error rates.

Hand Vein Based Vault.
To test the performance of the proposed vault on a variety of biometric modalities, the use of the infrared thermal hand vein images is also made. Beneath the skin, vein patterns are too harder to intercept for an intruder; hence is a safer biometric trait. Realizing the inherent potential of the infrared thermal hand vein patterns as a biometric trait, these are some works on its use for authentication [36][37][38].
Since there is no database of the infrared thermal hand veins patterns, a database has been created at Biometrics Research Laboratory, IIT, Delhi. This database consists of infrared thermal hand vein images of 100 users with three  images. The camera setup, image acquisition, and image normalization (ROI extraction) of the hand vein images are the same as in [36]. A sample image and the corresponding normalized image are shown in Figure 11. Here, the Gabor wavelet features [36] are employed for the vault implementation. The parameters used for the vein based fuzzy vault are given in Table 6.
The ROIs of size 104 × 104 extracted from the infrared hand vein images of size 320 × 240 are enhanced by Gabor wavelet filters with orientations 0 ∘ , 45 ∘ , 90 ∘ , and 135 ∘ . The real parts of the convolved images are called real-Gabor images. The real-Gabor images are divided into windows of size 8 × 8 and thus yielding a total of 676 (169 × 4) Gabor features. Using these features, genuine and imposter scores are generated by dividing the database into 2 training and 1 test, as shown in Figure 12(a).
These features are reduced to 90 features by the application of K-L transform. The parameters of vein fuzzy vault are given in Table 6. The values of FAR and FRR for different values of threshold are given in Table 5. The corresponding ROC is shown in Figure 12(b).

Discussion
The fuzzy vault of this paper has two main features. (1) it is carried out on the feature vector extracted using Gabor filters which are robust and easy to implement and have less time complexity. In comparison, minutiae features are computationally difficult to extract, suffer from the problem of false and spurious minutiae points, and pose problems in the alignment in the fuzzy vault [4]. (2) It leads to low error rates and hence is comparable to the previous fuzzy vaults [1][2][3][4]. The fingerprint based vault generates FAR of 0.51 at FRR of 8.3, palmprint based vault yields FAR of 0.46 at of FRR: 7.33, and iris based vault gives FAR of 0.31 at FRR of 12.6. The high error rates due to fingerprint and iris based vaults are on account of features from sliding windows (see Section 4.3). Incorporating the minutiae features of fingerprint [4] and Hamming distance from iris code may produce better results [30]. However, the proposed approach     [29,39]. The issues of security related to the fuzzy vault based cryptosystem are discussed in [1,4]. Here, we discuss the security issues to circumvent the random attacks on the proposed fuzzy vault. The degree of the polynomial is taken as 7 to hide a secret key of size 392 bits with feature vector of size 90. If 910 chaff points are added to the vault, the total number of possible combinations is 1000 8 C ≈ 2.4 × 10 19 and out of these 90 8 C ≈ 7.7 × 10 9 combinations can successfully decode the vault. The probability of decoding the vault with one combination is (7.7 × 10 9 /2.4 × 10 19 ) ≈ 3.2 × 10 −10 and the number of calculations needed is (2.4 × 10 19 / 7.7 × 10 9 ) ≈ 3.1 × 10 9 . Thus, for the polynomial of degree 7, the probability of breaking this vault is 3.2 × 10 −10 . However, if the degree is reduced to 6 this probability is increased to 3.8 × 10 −8 and length of the secret key is changed to 343. The number of chaff points is chosen to be approximately 10 times greater than the genuine points.

Conclusions
The current popularity of the biometric modalities, like iris, palmprint, hand veins, and so forth, is behind the motivation to investigate the polynomial based fuzzy vault. This paper therefore presents a new scheme for the fuzzy vault based on the texture features of these traits. The prior work on the polynomial based fuzzy vault deals with the minutiae points as the biometric data. The fuzzy vault is a kind of biometric cryptosystems that spring forth from the integration of both the secret key and the biometric features, and, once this is locked in the vault, it is computationally very difficult to intrude the key or retrieve the stored features without the knowledge of any one of them.
In the proposed scheme, a new method of generating the polynomial coefficients, which can hide a secret key of 392 bits with the polynomial of degree 7, is developed. The original features from the biometric modalities are transformed using K-L transform for encoding the vault. The cutoff threshold is learned from the transformed features to separate out the chaff points from the original features. The transformation matrix and the cutoff threshold are saved and the original and the transformed features are discarded from the database for the security reasons. The proposed vault is implemented separately on a variety of biometric databases, including the publically available, fingerprint (FVC 2004), palmprint (PolyU V2), and iris (CASIAV1); and hand Veins. The performance of the proposed vault can be further improved by using multiple biometric traits like palmprint and fingerprint or palmprint of both the palms of a user.