This paper presents a new scheme for the fuzzy vault based biometric cryptosystems which explore the feasibility of a polynomial based vault for the biometric traits like iris, palm, vein, and so forth. Gabor filter is used for the feature extraction from the biometric data and the extracted feature points are transformed into Eigen spaces using Karhunen Loeve (K-L) transform. A polynomial obtained from the secret key is used to generate projections from the transformed features and the randomly generated points, known as chaff points. The points and their corresponding projections form the ordered pairs. The union of the ordered pairs from the features and the chaff points creates a fuzzy vault. At the time of decoding, matching scores are computed by comparing the stored and the claimed biometric traits, which are further tested against a predefined threshold. The number of matched scores should be greater than a tolerance value for the successful decoding of the vault. The threshold and the tolerance value are learned from the transformed features at the encoding stage and chosen according to the tradeoff in the error rates. The proposed scheme is tested on a variety of biometric databases and error rates obtained from the experimental results confirm the utility of the new scheme.
1. Introduction
Intrusions in the secret data protection arena pose potential threat to the information security. In the recent trends of the data protection, biometrics based cryptosystems are emerging as promising technologies. Biometric cryptosystems can be broadly divided into two main schemes: (a) Key binding mode, in which the secret key is integrated with the biometric template. In this mechanism, both the biometric template and the key are so locked that it is very difficult to retrieve any one without the information of other [1–4]. (b) Key generation mode, in which the biometric template generates the keys used in any cryptographic algorithm for the encryption and decryption of secret messages [5–8]. Both the approaches are secure and computationally very difficult for the intruder to attack. However, these approaches pose implementation problems as it requires the encryption key to be exactly same as the decryption one. But the biometric data acquired at different times is substantially different, due to the intraclass variations, necessitating a different key every time.
The implementation of key binding mode is greatly affected by the cryptographic construct called fuzzy vault, investigated by Juels and Sudan [9]. This fuzzy vault can tolerate the intraclass variability in the biometric data, which has inspired several researchers [1–4] to pursue the biometrics based fuzzy vaults. This paper proposes another attempt on using fuzzy vault scheme in key binding mode by presenting a new scheme which exploits textural features from biometric traits.
1.1. The Prior Work
Both the key binding mode [1–4, 10] and the key generation mode [5–8, 11] of biometric cryptosystem have been addressed in the literature. Moreover, prevention of the attacks on the biometric templates is also addressed by using the nonrevocable biometrics [12–14] and BioHashing [11, 15–18]. One widely accepted solution to the intrusion of the stored biometric templates is the reissuance of biometric features.
The key generating mode of the biometric cryptosystem is of particular interest in [6–8, 11, 19]. Hao et al. [6] select iris for generating the cryptographic keys with the help of the hybrid Reed & Solomon and Hadamard error correcting codes. Sauter et al. [7] resort to the key generation using the fingerprints and their work has resulted in the product, Bioscrypt. Instead of generating a key directly from biometrics, they have devised a method of biometric locking using the phase product. A fuzzy extractor based approach is suggested by Dodis et al. [8] to generate a strong cryptographic key from the noisy biometric data. This scheme is modified by Boyen [19] by generating multiple keys before hashing.
The basic idea of a key binding was borrowed from the work of Juels and Sudan [9] which was an extension of the work in [20]. They introduce the polynomial construction to hide the secret key with integration of an unordered set and modify the fuzzy vault scheme of Davida at el. [13] by invoking Reed and Solomon error correcting code [21]. However, Uludag et al. [1] were among the first to investigate the fuzzy vault using the fingerprint biometric as an unordered set. The difficulties associated with the minutiae point alignment are significantly reduced in [4] with the helper data during the minutiae point extraction. A modified fuzzy vault is suggested in [22] where the secret key and the biometric features are hidden in separate grids with chaff points added to make the grids fuzzy. The same scheme makes its way in a palmprint based vault [23].
1.2. The Motivations
Note that fingerprint has been utilized as a biometric trait [1–4] in most of the published work on polynomial based fuzzy vault. In the context of fingerprint authentication, minutiae points are widely accepted as the most significant features [4]. The minutiae points are the specific locations in a finger and can be considered as ordered triplet (x,y,θ) [4]. But since the points are associated with their locations and saved accordingly, they become an unordered set which can be shuffled without losing its significance and can be matched with original set in any order. Despite the current popularity of other biometric traits like palmprint, iris, and hand veins, there are less attempts to use them in the polynomial based fuzzy vault. In this direction, iris [24], palmprint [25], and handwritten signature [26] based cryptosystems merit a mention. Here, the work in [24] made use of clustering method to make iris features unordered while the other two cryptosystems operate on key generation mode. The reason for lack of interest could be the orderliness of the features extracted from these traits. The orderliness of these features implies that any change in their order will result in a new set of features that can affect the authentication process.
1.3. The Proposed Work
This paper devises a new scheme for the polynomial based fuzzy vault, in the key binding mode, by employing the textural features generated using Gabor filters of the biometric traits [27]. In the proposed approach, Karhunen Loeve (K-L) transform [28] to transform the features into the Eigenspace through the transformation matrix (Eigenvector matrix). The projection of the transformed features is taken on the polynomial and chaff points are added to form the fuzzy vault. The original and the transformed features are discarded after creating the vault. However, the transformation matrix is stored along with the vault to be used during the decoding process. Essentially, a query feature vector is transformed using the stored transformation matrix. Each point of the transformed query feature vector is subtracted from all the stored vault points, and the differences are matched against a cutoff threshold. If the difference is less than this threshold, the corresponding biometric feature point is supposed to be the original feature vector. However, only N+1 features are required to reconstruct a polynomial of degree N and an original feature set may have more points than N. Thus, total count of such feature points should be greater than a tolerance value for the claimed identity to be true. The cutoff threshold and tolerance value are learned from the transformed features (before being discarded) at the time of encoding. The reconstruction of the polynomial of any query takes place only when these two thresholds are validated. These values can also be compared with the decision thresholds in the traditional biometric authentication, chosen according to the tradeoff between the error rates (false acceptance/rejection).
The usage of the Gabor filter based features in the vault allows this scheme to be generalized for many biometric traits. The proposed scheme is tested on variety of publicly available databases, that is, FVC 2004 DB2, Hong Kong PolyU V2, and CASIA V1 of fingerprint, palmprint, and iris, respectively, including the hand vein database of IIT Delhi with the textural features extracted using Gabor filters. The experimental results show that the presented approach operates on lower error rates and can be acceptable for any security applications. It is remarked that no existing biometric cryptosystem is tested on such a variety of publicly available databases. The block diagram of the complete approach is shown in Figure 1.
Block diagram of the complete system.
The rest of the paper is organized as follows. Section 2 presents an overview on implementation of the earlier proposed fuzzy vault and the modifications done in our scheme. Section 3 details the proposed scheme of the fuzzy vault. The experimental results are presented in Section 4, and some security-related issues are discussed in Section 5. Finally, a summary of the overall work is outlined in Section 6.
2. An Overview on Fuzzy Vault2.1. The Fuzzy Vault
The fuzzy vault introduced by Juels and Sudan [9] contains a secret key integrated with an unordered set using polynomial projections. The key can be accessed through the polynomial reconstruction using another unordered set, if the set is much similar to the original one. The fuzzy vault is used as biometric cryptosystem in [2] with the minutiae points of the fingerprint as an unordered set. In this work, the polynomial coefficients are computed from the secret key and the projections of the minutiae points are taken on this polynomial. The added chaff points are such that they do not lie on the generated polynomial. Let secret key S (e.g., cryptographic key) be hidden using a biometric feature set T={t1,t2⋯tr} of length r. Error correcting bits are added to the secret key S to form S1 to tolerate the errors created at the time of decoding. The coefficients of the polynomial are generated using S1. Let P(x)=a0+a1x+⋯+a(n-1)xN-1 be the polynomial of degree N-1 formed from S1. The projection of each element of T on the polynomial P together with element itself forms a couplet (tk,P(tk)). The chaff couplet (ui,vi) is generated such that P(ui)≠vi. The union of feature couplet (tk,P(tk)) and chaff couplet (ui,vi) creates the vault V. The secret key S and the feature T are thus integrated and bind in the fuzzy vault.
At the unlocking step, the user provides a query template denoted by T′={t1′,t2′⋯tr′} of “r” elements. If T′ overlaps substantially with T, the user can retrieve many original points from V that lie on the polynomial. These overlaps help reconstruct the polynomial coefficients and thereby the secret key S. If the number of discrepancies between T and T′ is less than (r-n), n overlaps are needed to interpolate the polynomial. Error checking is one way to check whether the set of overlaps chosen is appropriate to decode the vault. On the other hand, if T and T′ do not have a sufficient overlap, P cannot be reconstructed; hence the authentication fails. The vault is called fuzzy because the added chaff points to the original biometric features make them so vague that it cannot be separated without the presence of original features.
The crucial parameters in the vault implementation are R, N, and C, where R is the number of features used in the vault encoding, N is the degree of the polynomial chosen according to the length of the secret message in the vault, and C is the number of chaff points added to the vault for concealing the original data points from an attacker.
2.2. Modifications in the Earlier Approach
The new scheme for fuzzy vault, presented in this paper, has the following main differences from the earlier schemes [2–4, 29].
The textural features extracted using Gabor filters are attributed as one of the most significant features in palmprint [27], iris [30], and even fingerprint [31]. Note that the use of these features is made for the first time in the polynomial based fuzzy vault. To separate out the original points from the chaff points, a cutoff threshold and a tolerance value are learned empirically at the encoding phase of the vault. A novel scheme for the generation of the polynomial coefficients from the secret key is also developed.
One parity check bit is added to each binary string of the secret message/key. The binary strings are formed from the secret key by splitting the key into N parts, where N is the number of coefficients of the polynomial. The reconstruction of the polynomial is successful only if the parity check bit is unaltered. Otherwise, this gives rise to the false acceptance/rejection error.
At the learning phase, the biometric features are employed to construct the transformation matrix of Eigenvectors. The original feature vector is then transformed and the transformed feature vector is used for the polynomial projection. The cutoff threshold is also learned at this phase using the transformed feature vector. After the vault is generated, both the original and transformed feature vectors are discarded for the security reasons. However, the transformation matrix (i.e., Eigen vector matrix) is retained for the assessment of the query features toward the access to the authentication system.
3. The Proposed Scheme for the Fuzzy Vault3.1. Generation of the Polynomial Coefficients
A secret key S of lengths B bits is randomly generated. For a polynomial of degree N, a total of N+1 number of coefficients should be generated from the random bits B. So, B is divided into N+1 binary strings denoted as B′. With each B′, a cyclic redundancy check (CRC) bit is added to every string. At the authentication stage, these bits are checked after the reconstruction of the polynomial coefficients and any discrepancy in these bits is declared as an unsuccessful attempt to the access of the vault.
Each of bit strings B’ is converted to a decimal number and then the logarithmic transformation is applied on the decimal numbers to bring them into the lower range of values that become the polynomial coefficients K. The block diagram in Figure 2 shows the stages in the generation of the polynomial coefficients. We have 384 randomly generated bits B, which are split into B′=8 strings of equal length. One bit of CRC is added to each B′ and converted into its decimal equivalent, which is subjected to the logarithmic transformation (base 2) to yield the coefficients of the polynomial.
Block diagram for generating polynomial coefficients.
In the proposed scheme, a polynomial of degree 7 is chosen to hide the secret key of 384 bits. Any secret key of more than this length can be hidden by choosing a polynomial of higher degree. The method in [4] uses an 8 degree polynomial to hide a secret of 128 bits.
3.2. Significant Features for Encoding
K-L transform, also known as PCA (principal component analysis), is used to extract the significant features [28]. In the proposed scheme, the transformation matrix arising out of the K-L transform facilitates the determination of the subspace of the original feature vector for encoding the vault. The same transformation matrix is applied on the query feature vector to convert it into the same subspace for aligning (matching) with the fuzzy vault.
Let {S}N1×1 denote the feature vector of size N1 extracted from the biometric trait. The covariance matrix {M}N1×N1 is constructed from S. The Eigenvector matrix {V}N1×N1 corresponding to the Eigenvalues {λ}N1×1 of M spans the feature subspace. The extracted features sometime contain redundant data which can increase the error rates (FAR/FRR) in the vault implementation. Hence S has to be reduced to the chosen dimension k and {δ}k×1 can be made up of Eigen vectors corresponding to the dominant Eigen values {λ}k×1 by multiplying the transformation matrix {V}k×N1 as follows:
(1){δ}k×1={V}k×N1×{S}N1×1.
The transformed feature vector is used to learn the cutoff threshold (α) and the tolerance value (β). The cutoff threshold is taken as the maximum of the pointwise differences between the training feature vectors. The tolerance value is determined from the ROC curve for each modality. The cutoff threshold and tolerance value are fine-tuned as per the specified error rates to be achieved.
3.3. Encoding of the Vault
Let the transformed feature vector {δ}k×1 be represented by {θ1,θ2⋯θk}T, whose projections on the polynomial P of degree N form the projection set Pr={P(θ1),P(θ2)⋯P(θk)}T. Next, N+1 coefficients of P computed using the secret key (detailed in Section 4.1) are saved as K={C0,C1,C2⋯CN}. The elements of the projection set are obtained as
(2)P(X)=CNXN+CN-1XN-1+⋯+C0.
The ordered pairs {θi,P(θi)}; i=1,2,3,…,k, are made up of point θi and its corresponding projection P(θi).
The next task is to generate the chaff points that do not satisfy P. In the proposed scheme, the random numbers are generated by fitting a U-distribution [32] having the mean and variance of the feature point. Any number of chaff points can be generated using this distribution corresponding to each data point δi; i=1,2,3,…,k, and the generated random numbers do not coincide with any of the original k features. For example, considering δi as mean and [δi+1-δi] as variance, we can generate 10 random numbers for each data point δi resulting in 900 chaff points corresponding to 90 transformed feature points.
Let the chaff points {μi1,μi2,…,μig}, g, be the random numbers for a feature point θi. The ordered pairs (μit,ηit) arise from μit such that P(μit)≠ηit. The union of the two ordered pairs {θi,P(θi)} and {μit,ηit} for all θi’s creates the fuzzy vault, V, given by
(3)V={θi+k,P(θi+k)}∪{μit,ηit}.
As mentioned above, the original feature vector {S}N1×1 and the transformed feature vector {δ}k×1 are removed from the database. The transformation matrix {V}k×N1, the cutoff threshold (α), tolerance value (β), and the vault V are stored for decoding. The block diagram in Figure 3 shows the modules required in encoding the fuzzy vault.
Encoding of the vault.
3.4. Decoding of the Vault
The decoding of the vault involves alignment of a query template with the stored one. This alignment of query template helps in separating the chaff points from the stored template points in the vault. In the fingerprint based fuzzy vault in [4] the minutiae features are aligned using an adaptive bounding box, which counters the distortions in the minutiae features more effectively than the approach in [2]. The approach in [4] resorts to a threshold to separate the original minutiae points from the chaff points. The basic idea is to cash in on a parameter to differentiate between the genuine and the imposter templates. In the proposed scheme, the successful decoding of the vault depends upon two parameters: the cutoff threshold (α), learned from the transformed features {δ}k×1, and the tolerance value (β) which is fixed according to the tradeoff in the error rates (FAR/FRR).
The query feature vector q={q1,q2,q3⋯qN1} undergoes the K-L transformation {VkT}k×N1, to yield the transformed query feature vector Q={Q1Q2⋯Qk} of length k at the encoding. Let the ordered pairs of the vault V be denoted as {μ,η}. Subtraction of Qk from all the abscissas of the ordered pairs in V provides (g+1)k differences stored in an array A as the matching score. The scores below the cutoff threshold α is assumed to be from original feature points, otherwise from chaff points. The ordered pairs corresponding to these scores are separated out from the vault V. Let H of the set of ordered pairs be separated from the vault V. To reconstruct the polynomial coefficients K={C0,C1,C2⋯CN} only N+1 original (genuine) ordered pairs are needed. If H<N+1 then it results in the authentication failure. If H≥N+1 the polynomial can be successfully reconstructed. However, H may also exceed N+1 due to the noisy biometric data. The task of tolerance value (β) is to prevent the imposter attempts to open the vault. Even if H=N+1 is sufficient to reconstruct the polynomial the condition H≥β is enforced for the access. But the high values of β can restrict the genuine users from decoding the vault. Hence, the choice of β must be made to achieve the requisite error (FAR/FRR) in the authentication system.
In case H>β and H>N+1 as well, any N+1 points from H can be taken for the reconstruction of the polynomial. Let {θH,P(θH)} be the set of ordered pairs corresponding to the points with H>β and let {θN+1,P(θN+1)} be the candidate points selected for the reconstruction of the polynomial p. The reconstruction is done using Lagrange’s interpolation and the reconstructed polynomial P*(x) is obtained as
(4)P*(x)=(x-θ2)(x-θ3)⋯(x-θN+1)(θ1-θ2)(θ1-θ3)⋯(θ1-θN+1)×P(θ1)+(x-θ1)(x-θ3)⋯(x-θN+1)(θ2-θ1)(θ2-θ3)⋯(θ2-θN+1)×P(θ2)+⋯(x-θ1)(x-θ3)⋯(x-θN)(θN+1-θ1)(θN+1-θ3)⋯(θ2-θN)×P(θN+1).
The reconstructed polynomial P*(x) using Lagrange’s interpolation in (4) can also be represented as
(5)P*(X)=CN*XN+CN-1*XN-1+⋯+C0*.
The reconstructed coefficients {C0*,C1*,C2*⋯CN*} help recover the secret binary bits by applying the method in reverse order as discussed in Section 3.1. The Antilog (base 2) transformation of all the coefficients will yield the decimal representations which are converted to binary equivalents. Each of the binary equivalents C* is of length 49 with the first bit being the CRC parity bit.
A check is made to see whether the parity bit is changed during the reconstruction of the polynomial. This check is about finding whether the binary equivalent is equal to the original one. If this check fails, it may be due to the noisy biometric data or due to the coefficient approximation by Lagrange’s interpolation in (5). In this case, we examine other candidates in the set {θH,P(θH)} and reconstruct the coefficients {C0*,C1*,C2*⋯CN*} again using (5). If none of the candidates is unable to reconstruct the original coefficients the authentication failure occurs and the user is identified to be an imposter. Finally, the converted bits (the binary equivalent) are concatenated to form the original secret key. The decoding of the vault is shown in Figure 4.
Decoding of the vault.
4. Experiments and Results
The performance of the proposed vault is ascertained by making rigorous experiments on several standard databases of different biometrics. A random binary string of 392 bits is generated as the random key (or message), which is used to calculate the polynomial coefficients. As the minutiae points of the fingerprint have been employed already for the fuzzy vault, the motivation of the proposed scheme is to evaluate the fuzzy vault on other biometric modalities using the textural features. We will enumerate the following strategies for the implementation of our fuzzy vault.
Only one impression from the enrolled images of each user in the database is employed for encoding the vault and the rest are used for testing. In all the experiments the parameters of the vault are taken as follows: 392 randomly generated secret binary bits, 8 coefficients chosen for the 7 degree polynomial, 90 features selected from K-L transform for encoding of the vault, and 910 chaff points added to the original projections.
Having done the encoding with one sample, other enrolled samples of the same user are recalled to encode the vault and other enrolled samples of the same user are recalled to open the vault for testing the genuine access and those of the different users are recalled to open the vault for testing the imposter access. The authentication failure of the genuine cases is marked as false rejection (FR) whereas the successful attempts of the imposter cases are marked as false acceptance (FA). For example, a 100 user database with 6 genuine attempts per user (two from each 3 enrolled samples) a total of 600 (100 × 6) genuine attempts can be made. Similarly, we can have 891 (297 × 3) imposter attempts per user (99 × 3 = 297 images from 99 users) and hence 89100 (891 × 100) in the whole database.
4.1. Fingerprint Based Vault
Fingerprint is a good old biometric trait for the personal authentication and its minutiae features have also found a place in the fuzzy vault scheme [2–4]. However, the proposed vault is intended to pursue the textural features from the fingerprints obtained with the application of Gabor filterbank, as detailed in [31]. Here we take recourse to the publically available FVC 2004 DB1 database, having 100 users with three samples each. The core point is detected as in [31] and ROIs are cropped using the core point as the centre point. The detection of core point itself is a challenging task and many enrolled sample images get rejected due to the false core point. A sample image from the database and the corresponding ROI are shown in Figure 5.
(a) Sample image from FVC 2004 DB1 database, (b) ROI cropped from core point.
The cropped ROI is of size 153 × 153 while the original fingerprint image is of size 640 × 480. We create multiple Gabor filters of the size 33 × 33 with mean μ=0, sigma σ = 5.6569, and orientations (ang×(π/8))0, where ang = 0,1,2⋯7. The Gabor filters at each orientation are convolved with ROIs and the real parts of this convolution are divided into nonoverlapping windows of size 15 × 15. A feature vector of size 832 (104 × 8) is generated. In order to test the performance of the extracted features, the database is divided into two training images and one test image. Next, genuine and imposter scores are generated using the Euclidean distance, shown in Figure 6(a). For use in fuzzy vault, the extracted features are transformed using K-L transform to the reduced feature vector of size 90. The other parameters of the fingerprint based fuzzy vault are given in Table 6. Table 1 shows the value of FAR and FRR for varying values of tolerance. The ROC curve for FAR versus GAR (100-FRR) is shown in Figure 6(b).
Performance of the fuzzy vault based on fingerprint FVC 2004 DB1 database (1 template 2 queries).
Tolerance
15
16
17
18
19
20
21
22
23
24
FAR (%)
1.5
1.26
1.12
0.95
0.72
0.51
0.48
0.35
0.16
0.08
FRR (%)
3.0
4.56
5.21
6.0
7.5
8.3
9.0
10.3
11.5
13.4
(a) Score distribution in FVC 04 database, (b) ROC of fingerprint based fuzzy vault.
4.2. Palmprint Based Vault
Despite the current popularity of the palmprint as a biometric trait only a few palmprint based cryptosystems exist in the literature [18, 23]. However, there is no attempt on utilizing the palmprint features in the polynomial based fuzzy vault approach. We therefore embark on the palmprint features to evaluate the polynomial based fuzzy vault scheme. The database for the palmprint owes it allegiance to the publically available PolyU V2 [33]. The ROI and feature extraction method are the same as detailed in [27].
The palmprint image and the extracted ROI are shown in Figure 7. The palmprint images of size 384 × 384 are cut into ROIs of size 128 × 128. Multiple Gabor filters each of the size 35 × 35 with mean μ=0.0916, and sigma σ = 5.6179 with orientations 0°, 45°, 90°, and 135° are convolved with ROIs and the resulting real Gabor images are down sampled to 91 × 91. The real Gabor images are ROIs are then divided into nonoverlapping windows of size 7 × 7 and the mean values of these windows are stored as a Gabor feature vector of size 676 (169 × 4). In order to test the performance of the Gabor features, the PolyU database of 150 users and 5 samples each is divided into 3 training and 2 test images for each user. The genuine and imposter scores are computed using the Euclidean distance based classifier, as shown in Figure 8(a).
(a) Sample image from PolyU database V2, (b) corresponding ROI image.
(a) Score distribution in PolyU V2 database, (b) ROC of palmprint fuzzy vault with 1 template and 4 queries, and (c) ROC of the same vault fuzzy vault with 1 template and 2 queries.
For the palmprint based fuzzy vault, 90 significant features are selected out of 676 Gabor features for the polynomial projection using K-L transform. The parameters of the vault are given in Table 6. Two sets of experiments are conducted on PolyU database, with the first set involving 150 users with 3 samples per user. Out of the 3 enrolled images, one image is randomly selected for encoding the vault (template) and the rest 2 images are kept for testing (query). Table 2 shows the FAR and FRR values for this experiment with the varying values of tolerance. Its ROC is shown in Figure 8(b).
Performance of the fuzzy vault based on the 150 users palmprint database (1 template 2 queries).
Tolerance
17
18
19
20
21
22
23
24
25
26
FAR (%)
7.48
4.58
2.72
1.56
0.86
0.46
0.22
0.10
0.04
0.02
FRR (%)
2.0
3.0
4.33
5.00
7.0
7.33
9.0
10.0
11.33
14.33
The next set of experiments makes use of samples per user. One sample is embarked for encoding the template and the rest 4 samples are for the query. The FAR and FRR obtained from this experiment are given in Table 3. The corresponding ROC is shown in Figure 8(c). It can be observed that, increase in the number of query templates has very less effect on the proposed vault as reflected in FAR of 0.65% for FRR of 8.66%.
Performance of the fuzzy vault based on 150 users palmprint database (1 template 4 queries).
Tolerance
19
20
21
22
23
24
25
26
27
28
FAR (%)
10
6.52
3.99
2.28
1.25
0.65
0.32
0.16
0.07
0.03
FRR (%)
4.83
5.66
6.66
7.16
7.83
8.66
10.33
11.83
13.83
14.66
4.3. Iris Based Vault
Another set of experiments is carried out on the publically available CASIA I iris database [34] having 108 users with 3 samples per user which is the standard benchmark [35] for the evaluation of iris. The image normalization and Log Gabor based feature extraction are the same as in [30]. A sample iris image and the normalized enhanced iris strip are shown in Figures 9(a) and 9(b). The Log Gabor filter has a central frequency of 18 and radial bandwidth ratio of 0.55 [30].
The enhanced iris strip of size 50 × 512 is divided into windows of size 7 × 7 and mean of each window is taken as a feature leading to 522 features, which are reduced to 90 using K-L transform and the reduced features encode the vault. The genuine and imposter scores are generated by dividing the database into 2 training and 1 test images. The distribution of scores is shown in Figure 10(a). The parameters of the iris based fuzzy vault are given in Table 6. Table 4 presents FARs and FRRs for the varying values of tolerance. Figure 10(b) shows the ROC generated from these error rates.
Performance of the vault based on the 108 users iris database (1 template 3 queries).
Tolerance
18
19
20
21
22
23
24
25
26
27
FAR (%)
7.45
4.85
2.97
1.73
1.08
0.57
0.31
0.14
0.07
0.03
FRR (%)
5.75
6.37
7.45
9.45
10.30
11.85
12.46
13.70
18.24
18.86
(a) Score distribution in CASIA I database, (b) ROC of iris based fuzzy vault.
4.4. Hand Vein Based Vault
To test the performance of the proposed vault on a variety of biometric modalities, the use of the infrared thermal hand vein images is also made. Beneath the skin, vein patterns are too harder to intercept for an intruder; hence is a safer biometric trait. Realizing the inherent potential of the infrared thermal hand vein patterns as a biometric trait, these are some works on its use for authentication [36–38].
Since there is no database of the infrared thermal hand veins patterns, a database has been created at Biometrics Research Laboratory, IIT, Delhi. This database consists of infrared thermal hand vein images of 100 users with three images. The camera setup, image acquisition, and image normalization (ROI extraction) of the hand vein images are the same as in [36]. A sample image and the corresponding normalized image are shown in Figure 11. Here, the Gabor wavelet features [36] are employed for the vault implementation. The parameters used for the vein based fuzzy vault are given in Table 6.
(a) Camera setup, (b) captured image, and (c) normalized image.
The ROIs of size 104 × 104 extracted from the infrared hand vein images of size 320 × 240 are enhanced by Gabor wavelet filters with orientations 0°, 45°, 90°, and 135°. The real parts of the convolved images are called real-Gabor images. The real-Gabor images are divided into windows of size 8 × 8 and thus yielding a total of 676 (169 × 4) Gabor features. Using these features, genuine and imposter scores are generated by dividing the database into 2 training and 1 test, as shown in Figure 12(a).
(a) Score distribution in IITD Vein database, (b) ROC of vein based fuzzy vault.
These features are reduced to 90 features by the application of K-L transform. The parameters of vein fuzzy vault are given in Table 6. The values of FAR and FRR for different values of threshold are given in Table 5. The corresponding ROC is shown in Figure 12(b).
Performance of the proposed fuzzy vault based on the hand vein database.
Tolerance
17
18
19
20
21
22
23
24
25
26
FAR (%)
9.27
5.8
3.5
2.07
1.07
0.64
0.36
0.23
0.14
0.11
FRR (%)
4.5
6.0
6.5
6.6
7.5
8.5
9.5
9.7
10.3
11
Description of the parameter used in different vaults.
Parameter
Biometric database
Fingerprint
Palmprint
Iris
Hand veins
No of users
100
150
108
100
No of samples per user
3
5
4
3
Value of cutoff threshold (α)
21
0.2
21
35
Best value of tolerance (β)
20
24
24
22
5. Discussion
The fuzzy vault of this paper has two main features. (1) it is carried out on the feature vector extracted using Gabor filters which are robust and easy to implement and have less time complexity. In comparison, minutiae features are computationally difficult to extract, suffer from the problem of false and spurious minutiae points, and pose problems in the alignment in the fuzzy vault [4]. (2) It leads to low error rates and hence is comparable to the previous fuzzy vaults [1–4]. The fingerprint based vault generates FAR of 0.51 at FRR of 8.3, palmprint based vault yields FAR of 0.46 at of FRR: 7.33, and iris based vault gives FAR of 0.31 at FRR of 12.6. The high error rates due to fingerprint and iris based vaults are on account of features from sliding windows (see Section 4.3). Incorporating the minutiae features of fingerprint [4] and Hamming distance from iris code may produce better results [30]. However, the proposed approach is simpler. The results reported by hand vein based vault are as follows: FAR: 0.64 and FRR: 8.5. Infrared thermal hand veins are for the first time utilized for fuzzy vault in this work. The experimental results show that hand vein based vault is comparable to fingerprint, palmprint, and iris based vaults and can serve as a benchmark for the evaluation of fuzzy vault.
The vulnerability of fuzzy vault to different attacks is addressed in [29, 39]. The issues of security related to the fuzzy vault based cryptosystem are discussed in [1, 4]. Here, we discuss the security issues to circumvent the random attacks on the proposed fuzzy vault. The degree of the polynomial N is taken as 7 to hide a secret key of size 392 bits with feature vector of size 90. If 910 chaff points are added to the vault, the total number of possible combinations is C81000≈2.4 × 10^{19} and out of these C890≈7.7 × 10^{9} combinations can successfully decode the vault. The probability of decoding the vault with one combination is (7.7 × 10^{9}/2.4 × 10^{19}) ≈ 3.2 × 10^{−10} and the number of calculations needed is (2.4 × 10^{19}/7.7 × 10^{9}) ≈ 3.1 × 10^{9}. Thus, for the polynomial of degree 7, the probability of breaking this vault is 3.2 × 10^{−10}. However, if the degree is reduced to 6 this probability is increased to 3.8 × 10^{−8} and length of the secret key is changed to 343. The number of chaff points is chosen to be approximately 10 times greater than the genuine points.
6. Conclusions
The current popularity of the biometric modalities, like iris, palmprint, hand veins, and so forth, is behind the motivation to investigate the polynomial based fuzzy vault. This paper therefore presents a new scheme for the fuzzy vault based on the texture features of these traits. The prior work on the polynomial based fuzzy vault deals with the minutiae points as the biometric data. The fuzzy vault is a kind of biometric cryptosystems that spring forth from the integration of both the secret key and the biometric features, and, once this is locked in the vault, it is computationally very difficult to intrude the key or retrieve the stored features without the knowledge of any one of them.
In the proposed scheme, a new method of generating the polynomial coefficients, which can hide a secret key of 392 bits with the polynomial of degree 7, is developed. The original features from the biometric modalities are transformed using K-L transform for encoding the vault. The cutoff threshold is learned from the transformed features to separate out the chaff points from the original features. The transformation matrix and the cutoff threshold are saved and the original and the transformed features are discarded from the database for the security reasons. The proposed vault is implemented separately on a variety of biometric databases, including the publically available, fingerprint (FVC 2004), palmprint (PolyU V2), and iris (CASIAV1); and hand Veins. The performance of the proposed vault can be further improved by using multiple biometric traits like palmprint and fingerprint or palmprint of both the palms of a user.
Conflict of Interests
The authors declare that there is no conflict of interests regarding the publication of this paper.
UludagU.PankantiS.PrabhakarS.JainA. K.Biometric cryptosystems: issues and challengesUludagU.PankantiS.JainA. K.Fuzzy vault for fingerprintsUludagU.JainA. K.Securing fingerprint template: fuzzy vault with helper dataProceedings of the Conference on Computer Vision and Pattern Recognition WorkshopsJune 2006New York, NY, USA1632-s2.0-3384553297810.1109/CVPRW.2006.185NandakumarK.JainA. K.PankantiS.Fingerprint-based fuzzy vault: Implementation and performanceMonroseF.ReiterM. K.WetzelS.Password hardening based on keystroke dynamicsProceedings of the 6th ACM Conference on Computer and Communications Security (CCS '99)November 199973822-s2.0-0033281372HaoF.AndersonR.DaugmanJ.Combining crypto with biometrics effectivelySautarC.RobergeD.StoianovA.GilroyR.Vijaya KumarB. V. K.Biometric encryptionDodisY.OstrovskyR.ReyzinL.SmithA.Fuzzy extractors: how to generate strong keys from biometrics and other noisy dataJuelsA.SudanM.A fuzzy vault schemeProceedings of the IEEE International Symposium on Information TheoryJuly 20024082-s2.0-0036350106NandakumarK.JainA. K.Multibiometric template security using fuzzy vaultProceedings of the IEEE 2nd International Conference on Biometrics: Theory, Applications and Systems (BTAS '08)October 2008Arlington, Va, USA162-s2.0-6754910738410.1109/BTAS.2008.4699352GohA.NgoD. C. L.Computation of cryptographic keys from face biometricsRathaN. K.ConnellJ. H.BolleR. M.Enhancing security and privacy in biometrics-based authentication systemsDavidaG. I.FrankelY.MattB. J.On enabling secure applications through off-line biometric identificationProceedings of the IEEE Symposium on Security and PrivacyMay 1998Oakland, Calif, USA1481572-s2.0-0031651014ChangY. J.ZhangW.ChenT.Biometrics-based cryptographic key generationProceedings of the IEEE International Conference on Multimedia and Expo200422032206ConnieT.TeohA.GohM.NgoD.PalmHashing: a novel approach for cancelable biometricsKongA.CheungK.-H.ZhangD.KamelM.YouJ.An analysis of BioHashing and its variantsKongA.ZhangD.KamelM.Three measures for secure palmprint identificationWuX.ZhangD.WangK.A palmprint cryptosystemBoyenX.Reusable cryptographic fuzzy extractorsProceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04)October 2004ACM Press82912-s2.0-14844335721JuelA.WttenbergM.TsudikG.A fuzzy vault commitment schemeProceedings of the 6th ACM conference on Computer and Communications Security2002408412BerlekampE. R.NagarA.ChaudhuryS.Biometrics based asymmetric cryptosystem design using modified fuzzy vault schemeProceedings of the 18th International Conference on Pattern Recognition (ICPR '06)August 2006Hong Kong, China5375402-s2.0-3414709790610.1109/ICPR.2006.330KumarA.KumarA.Development of a new cryptographic construct using palmprint-based fuzzy vaultLeeY. J.ParkK. R.LeeS. J.BaeK.KimJ.A new method for generating an invariant iris private key based on the fuzzy vault systemWuX.ZhangD.WangK.A palmprint cryptosystemFreire-SantosM.Fierrez-AguilarJ.Ortega-GarciaJ.Cryptographic key generation using handwritten signature6202Biometric Technology for Human Identification IIIApril 2006225231Proceedings of SPIE2-s2.0-3374767430110.1117/12.665875ZhangD.KongW.-K.YouJ.WongM.Online palmprint identificationRibaricS.FratricI.A biometric identification system based on eigenpalm and eigenfinger featuresScheirerW. J.BoultT. E.Cracking fuzzy vaults and biometric encryptionProceedings of the Biometrics SymposiumSeptember 2007Baltimore, Md, USA162-s2.0-5024910701310.1109/BCC.2007.4430534KumarA.PassiA.Comparison and combination of iris matchers for reliable personal authenticationJainA. K.PrabhakarS.HongL.PankantiS.Filterbank-based fingerprint matchinghttp://en.wikipedia.org/wiki/Uniform_distribution_%28continuous%29The PolyU Palmprint Database ver.2.0http://www.comp.polyu.edu.hk/~biometricsCASIA IRIS Database2008, http://www.cbsr.ia.ac.cn/english/IrisDatabase.aspProençaH.AlexandreL. A.Toward noncooperative iris recognition: a classification approach using multiple signaturesKumarA.HanmandluM.GuptaH. M.Online biometric authentication using hand vein patternsProceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA '09)July 2009Ottawa, Canada2-s2.0-7795055589710.1109/CISDA.2009.5356554WangL.LeedhamG.ChoS.-Y.Infrared imaging of hand vein patterns for biometric purposesLinC.-L.FanK.-C.Biometric verification using thermal images of palm-dorsa vein patternsKholmatovA.YanikogluB.Realization of correlation attack against the Fuzzy Vault scheme6819Security, Forensics, Steganography, and Watermarking of Multimedia Contents XJanuary 2008Proceedings of SPIE2-s2.0-4294916725510.1117/12.766861