A Finger-Vein Based Cancellable Bio-cryptosystem

2 downloads 0 Views 185KB Size Report
Yang@student.adfa.edu.au, J.Hu@adfa.edu.au,. [email protected]. Abstract. Irrevocability is one major issue in existing bio-cryptosystems. In.
A Finger-Vein Based Cancellable Bio-cryptosystem Wencheng Yang1, Jiankun Hu1,∗, and Song Wang2 1

School of Engineering and Information Technology, University of New South Wales at the Australia Defence Force Academy, Canberra ACT, 2600, Australia 2 School of Engineering and Mathematical Sciences, La Trobe University, VIC 3086, Australia [email protected], [email protected], [email protected]

Abstract. Irrevocability is one major issue in existing bio-cryptosystems. In this paper, we proposed a cancellable bio-cryptosystem by taking the full advantage of cancellable and non-invertible properties of bio-hashing biometrics. Specifically, two transformed templates are generated by using the bio-hashing algorithm and applied into two different secure sketches, fuzzy commitment sketch and fuzzy vault sketch, respectively. These two secure sketches can be fused in two different ways: AND fusion and OR fusion, so as to emphasis either on the recognition accuracy or the security level of the system. Experimental results and security analysis show the validity of the proposed scheme. Keywords: Cancellable biometrics, bio-cryptosystem, finger-vein, fuzzy commitment, fuzzy vault.

1

Introduction

Finger-vein pattern is unique to a specific individual, contact-less, difficult to forge, not affected by skin discolorations or race, and does not change with people’s age [1]. Because of these good properties of finger-vein features, finger-vein recognition attracts more and more research attentions and becomes a hot research topic in recent years. In a standard biometric recognition system, templates are stored in the databases or smartcards at the enrollment stage and compared with queries at the authentication stage. However, the raw template in use will bring serious secure consequences. For example, finger-vein feature is permanently associated with a particular individual. Once it is compromised, it will be lost permanently. Moreover, one finger-vein template is usually used for different applications which can be compromised by the cross-match. If an individual’s finger-vein template is compromised in one application, substantially all of the applications, in which the finger-vein template is used, are compromised. To reduce the security threats brought by the possible information leakage of finger-vein template, two possible techniques, named bio-cryptosystem and cancellable biometrics are proposed to achieve the template protection in this paper. *

Corresponding author.

J. Lopez, X. Huang, and R. Sandhu (Eds.): NSS 2013, LNCS 7873, pp. 784–790, 2013. © Springer-Verlag Berlin Heidelberg 2013

A Finger-Vein Based Cancellable Bio-cryptosystem

785

Bio-cryptosystem provides security by two ways, either by binding the cryptographic key using biometric features or generating the cryptographic key directly from biometric features [2]. These biometric features are not stored explicitly but in the encrypted domain protected by some secure techniques, e.g. fuzzy vault, fuzzy extractor [2-6]. However, one drawback of bio-cryptosystems is that the encrypted template is probable to be restored by the adversary if the encryption algorithm and the helper data are public. Once the template is restored, it will be lost forever, if it is not revocable. Cancellable biometrics, which is first introduced by Ratha et al [7], achieves authentication by using the transformed or distorted biometric data instead of the original biometric data. The templates can be cancelled and are unique in different applications [8]. Even if the adversary compromises the transformed templates, the original templates are still secure and cannot be recovered because the transformation is non-invertible [6, 8, 9]. Motivated by the above concerns, in this paper, we proposed a finger-vein based cancellable bio-cryptosystem which combines the changeable and non-invertible properties of cancellable biometrics into bio-cryptosystem to achieve irreversibility of the template, at the same time, enhance the security level of the system. The rest of the paper is organized as follows. The proposed finger-vein based cancellable biocryptosystem is presented in Section 2. In Section 3, experimental results and security analysis are demonstrated and discussed. The conclusion and future work are given in Section 4.

2

Proposed Method

In order to enhance the security level of the finger-vein template, we equip the fingervein based bio-cryptosystem with the cancellable property by using bio-hashing technique [10]. To be more specific, firstly, the original template feature set T extracted by two mature techniques named Gabor filter and linear discriminate analysis (LDA) is bio-hashed into two non-invertible variants, T1 and T2 by using the bio-hashing algorithm in [10]. Secondly, these two template variants are secured by two different secure sketches, fuzzy commitment and fuzzy vault, respectively. Finally, to enhance the recognition accuracy or security level of the system comparing with single secure sketch based system, these two sketches can be fused in two different ways, AND fusion and OR fusion. 2.1

Generation of Finger-Vein Feature Set and Its Variants

Before feature extraction, the finger-vein impression should be processed like impression alignment and region of interest (ROI) chop. Since Gabor filter and linear discriminate analysis (LDA) have shown to be powerful in image-based face recognition in the spatial domain [11], we employ the scheme in [11] to extract the finger-vein feature set and a real-valued vector, which contains N real values, is generated. In order to make the extracted features to be revocable, we transform the finger-vein feature set (e.g. template, T) into two different variants (e.g. T1 and T2) by

786

W. Yang, J. Hu, and S. Wang

the bio-hashing algorithm [10], each of them in the form of a fixed-length binary string of r bits. These two binary strings are non-invertible, because through inversion of bio-hashing to recover original biometric data is impossible due to that factoring the inner products of biometric feature and the user specified random number is intractable [10]. 2.2

Encoding Stage

In the encoding stage, the two variants, T1 and T2 of the original template T generated by bio-hashing are secured by two different secure sketches, fuzzy commitment and fuzzy vault, respectively. 1) Fuzzy commitment encoding: The template T1 is encrypted by fuzzy commitment sketch and the BCH code is used for error correction in our application. Given a secret s1, it is encoded by BCH code into a codeword C T 1 in the length of r which is the same as the length of the binary template feature T1. Then the template T1 is bound with the codeword C T 1 to generate the secure sketch ST1, as ST1=T1 ⊕ C T 1. Here, ⊕ denotes the XOR operation. Assuming that fuzzy commitment is information theoretically secure, the secure sketch ST1 provides no information about the template T1, the adversary can only carry out a brute force attack to compromise T1 which is expected to be uniformly distributed [7]. The secure sketch ST1 acts as helper data and is stored in the database. 2) Fuzzy vault encoding: The template T2 is encrypted by fuzzy vault sketch. Since the elements secured by fuzzy vault are in the form of points, we divide the template T2 into Q segments {T21, T22, …, T2Q} and each segment is rs bits. Correspondingly, Q random binary strings {S1, S2, …, SQ} are generated and encoded by BCH code into Q codewords {CS1, CS2, …, CSQ}, each of them is also rs bits. After that, each template segment from {T21, T22, …, T2Q} is bound with the corresponding codeword from {CS1, CS2, …, CSQ} sequentially to generate the transformed template segments {ST21, ST22, …, ST2Q}, as ST2i = T2i ⊕ CSi, where i ∈ [1,Q]. Given a secret s2, we divided it into num fragments and encoded them into a (num-1) order polynomial P(x) with num coefficients. Each elements of {S1, S2, …, SQ} is evaluated on polynomial P(x) to gain {P(S1), P(S2), …, P(SQ)}. The combination set {(S1, P(S1)), (S2, P(S2)), …, (SQ, P(SQ))} can be considered as the genuine point set GT2. At the same time, a chaff point set CT2 is generated to secure the genuine point set GT2. The final vault sketch VT2, obtained by the union of GT2 and CT2, is defined as VT2= GT2  CT2. Both VT2 and {ST21, ST22, …, ST2Q} act as helper data and are stored in the database. 2.3

Decoding Stage

Given a query feature set Q extracted from the query impression, its two variants, Q1 and Q2 are generated by the same procedure described in section 2.1. Then Q1 and Q2 are applied to the decode model of fuzzy commitment and vault sketches, respectively, to retrieve the secret s1 and s2.

A Finger-Vein Based Cancellable Bio-cryptosystem

787

1) Fuzzy commitment decoding: During the decoding procedure of commitment sketch, the variant query feature set Q1 and the secure sketch ST1 are XORed and ' output a corrupted codeword, CT'1 as CT1 = Q1 ⊕ ST1 . If the number of errors happening in CT'1 (comparing to CT1 ) is within the error correcting capability of the BCH code, the secret s1 can be correctly retrieved, vice verse. 2) Fuzzy vault decoding: During the decoding procedure of vault sketch, the inverse operation is applied to the transformed template segments {ST21, ST22, …, ST2Q}. To be specifically, the query feature set Q2 are divided into Q segments,{Q21, Q22, …, Q2Q} and an XOR operation is performed between the corresponding elements from {ST21, ST22, …, ST2Q} and {Q21, Q22, …, Q2Q}, so as to get the reversed codewords, {CS1' , CS2' ,…, CSQ' } . If the hamming distance between an element CSi' from reversed codewords,

{CS , CS ,…, CS } and ' 1

' 2

' Q

its corresponding element CS i from the original

codewords, {CS1, CS2,…, CSQ} is smaller than the error correcting ability of the BCH '

code, the element CSi could be correctly decoded to obtain the string Si. The decoded string set is expressed by {Si }i =1 , where DQ is the number of the correctly decoded DQ

strings. If DQ is larger num, the vault sketch VT2 can be successfully decoded and the polynomial P(x) can be reconstructed. The secret s2 can be retrieved by sequentially concatenating the num coefficients of polynomial P(x). 2.4

Fusion of Commitment Sketch and Vault Sketch

In order to achieve better recognition accuracy or higher security level of the system, two secure sketches, commitment sketch and vault sketch could be fused in two different ways, AND fusion and OR fusion. If higher security level of the system is required, AND fusion can be executed. Specifically, the secret, s of the system is generated by concatenating secrets, s1 and s2, as s = s1 || s2. If and only if both secure sketches are decoded, the secret, s could be retrieved. So the security level of the system will be the entropy of commitment sketch plus the entropy of vault sketch. However, under the AND fusion, the recognition accuracy of the system will be brought down, because the similarity between query feature set and template feature set have to satisfy both hamming distance threshold and set difference threshold. If high recognition accuracy of the system is required, the OR fusion can be adopted. To be specific, the secret, s of the system could be set to be the same as s1 and s2, as s = s1 = s2. Even if one secure sketch is decoded, the secret, s could still be retrieved. The recognition accuracy would be the better one of the single commitment sketch or vault sketch based system. However, the security level of the system would be the worse of them, because the adversary could compromise the secret, s by decoding any one sketch.

788

3

W. Yang, J. Hu, and S. Wang

Experimental Results and Security Analysis

The performance of the proposed system is evaluated on the public available fingervein database from the Homologous Multi-modal Traits Database [12] setup by the Group of Machine Learning and Applications, Shandong University (SDUMLA). The finger-vein database contains images from 106 individuals. Each individual was asked to provide images of his/her index finger, middle finger and ring finger of both hands and the collection for each of the 6 fingers are repeated for 6 times to obtain 36 finger-vein images. Therefore, there are 3,816 images composed in the database and each image is 320×240 pixels in size. We chose the 1st, 2nd impressions as the training samples, and the 3rd, 4th, 5th, 6th impressions from the first 100 fingers from the fingervein database as testing samples. For genuine test, the 3rd is considered as the template and 4th, 5th and 6th impressions from the same finger are considered as query, so 300 (=100×3) genuine matching attempts are made. For imposter test, the 3rd is considered as the template and 3rd, 4th, 5th and 6th impressions from other fingers are considered as query, so 39600 (=100×99×4) imposter matching attempts will be made. The performance of the proposed system is evaluated by the false accept rate (FAR), genuine accept rate (GAR) and false reject rate (FRR). In our application, the length of the variants generated from the original feature set by bio-hashing is r=288 bits. For the single fuzzy commitment scheme, we use the BCH(n, k, t) code for error correcting where we set n=r=255 bits, and k is the length of the secret s1. We evaluate the recognition accuracy of the single commitment sketch based biocryptosystem on different length of k, where t is the error correction capability of BCH code. By sphere-packing bound [13], the security of single commitment sketch based system is equal to the entropy of T1 by given ST1 which can be expressed as

 H ∞ (T1 | ST1 ) = log  2r 

r  /     t 

(1)

For the single vault sketch based scheme, we set the number of segment Q=17, so NGT2, the number of the genuine point set GT2 is also 17. Accordingly, we set NCT2, the number of chaff point set CT2 to be 400. We evaluate the performance of the single vault sketch based bio-cryptosystem based on different num which is the number of fragments from s2. For the security of single vault sketch based system, the entropy of GT2 by given VT2 is expressed as   N GT2     num    H ∞ (GT2 | VT2 ) = − log  N + N CT2   GT2  num 

       

(2)

The recognition accuracy and security level of single commitment sketch and single vault based bio-cryptosystem are shown in table 1 and table 2, respectively. The recognition accuracy and security level of AND fusion or OR fusion based biocryptosystem are adjustable according to different parameters which we will not discuss in this paper.

A Finger-Vein Based Cancellable Bio-cryptosystem

789

Table 1. Performance of single fuzzy commitment sketch based bio-cryptosystem

k, length of secret s1(bits)

FRR(%)

FAR(%)

Security (bits)

9 21 45 91 107

20.33 22.33 30.67 56.77 61.33

0 0 0 0 0

53 65 87 140 150

Table 2. Performance of single fuzzy vault sketch based bio-cryptosystem

4

num, number of fragments from secret s2

FRR(%)

FAR(%)

Security (bits)

7 8 9 10 11 12 13

6.33 9.67 12.33 15.67 18.67 22.33 24.67

7.33 2.41 0.64 0.14 0.03 0.01 0

34 40 45 51 57 63 69

Conclusion and Future Work

The proposed finger-vein based cancellable bio-cryptosystem takes the full advantage of cancellable and non-invertible properties of bio-hashing technique to solve the problem of irrevocability in existing bio-cryptosystems. It uses two variants of the original biometric template and applies them into two different secure sketches, fuzzy commitment sketch and fuzzy vault sketch. Different fusion ways, AND fusion and OR fusion of these two secure sketches improve either the recognition accuracy or the security level of the cancellable bio-cryptosystem depending on the requirement of the real application. Because different similarity measures are used in fuzzy commitment and fuzzy vault, hamming distance for fuzzy commitment and set difference for fuzzy vault, it is difficult to calculate the best points that achieve the best recognition accuracy and security level of AND fusion based system and OR fusion based system. To find these points will be the future research topic. Multimodal bio-cryptosystems incorporating fingerprint [14, 15] and face [16] will also be an interesting research topic.

References 1. Mulyono, D., Jinn, H.S.: A study of finger vein biometric for personal identification. In: International Symposium on Biometrics and Security Technologies, ISBAST 2008, pp. 1– 8. IEEE (2008)

790

W. Yang, J. Hu, and S. Wang

2. Hu, J.: Mobile fingerprint template protection: progress and open issues. In: 3rd IEEE Conference on Industrial Electronics and Applications, ICIEA 2008, pp. 2133–2138. IEEE (2008) 3. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing 38, 97–139 (2008) 4. Ahmad, T., Hu, J., Wang, S.: Pair-polar coordinate-based cancelable fingerprint templates. Pattern Recogn. 44, 2555–2564 (2011) 5. Zhang, P., Hu, J., Li, C., Bennamoun, M., Bhagavatula, V.: A pitfall in fingerprint biocryptographic key generation. Computers & Security 30, 311–319 (2011) 6. Wang, S., Hu, J.: Alignment-free cancellable fingerprint template design: a densely infinite-to-one mapping (DITOM) approach. Pattern Recogn. (2012) 7. Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometricsbased authentication systems. IBM Systems Journal 40, 614–634 (2001) 8. Xi, K., Ahmad, T., Han, F., Hu, J.: A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Security and Communication Networks 4, 487–499 (2011) 9. Yang, W., Hu, J., Wang, S.: A Delaunay Triangle-Based Fuzzy Extractor for Fingerprint Authentication. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 66–70. IEEE (2012) 10. Jin, A.T.B., Ling, D.N.C., Goh, A.: Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37, 2245–2255 (2004) 11. Vitomir, Š., Nikola, P.: The complete gabor-fisher classifier for robust face recognition. EURASIP Journal on Advances in Signal Processing (2010) 12. Yin, Y., Liu, L., Sun, X.: SDUMLA-HMT: a multimodal biometric database. Biometric Recognition, 260–268 (2011) 13. MacWilliams, F., Sloane, N.: The theory of error-correcting codes (2006) 14. Wang, Y., Hu, J., Phillips, D.: A fingerprint orientation model based on 2D Fourier expansion (FOMFE) and its application to singular-point detection and fingerprint indexing. IEEE Transactions on Pattern Analysis and Machine Intelligence 29, 573–585 (2007) 15. Wang, Y., Hu, J.: Global Ridge Orientation modelling for Partial Fingerprint Identification. IEEE Transactions on Pattern Analysis and Machine Intelligence 33, 16 (2011) 16. Xi, K., Hu, J., Han, F.: Mobile device access control: an improved correlation based face authentication scheme and its Java ME application. Concurrency and Computation: Practice and Experience 24, 1066–1085 (2012)