A Security-Enhanced Alignment-Free Fuzzy Vault ... - IEEE Xplore

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

543

A Security-Enhanced Alignment-Free Fuzzy Vault-Based Fingerprint Cryptosystem Using Pair-Polar Minutiae Structures Cai Li, Member, IEEE, and Jiankun Hu

Abstract— Alignment-free fingerprint cryptosystems perform matching using relative information between minutiae, e.g., local minutiae structures, is promising, because it can avoid the recognition errors and information leakage caused by template alignment/registration. However, as most local minutiae structures only contain relative information of a few minutiae in a local region, they are less discriminative than the global minutiae pattern. Besides, the similarity measures for trivially/coarsely quantized features in the existing work cannot provide a robust way to deal with nonlinear distortions, a common form of intraclass variation. As a result, the recognition accuracy of current alignment-free fingerprint cryptosystems is unsatisfying. In this paper, we propose an alignment-free fuzzy vault-based fingerprint cryptosystem using highly discriminative pair-polar (P-P) minutiae structures. The fine quantization used in our system can largely retain information about a fingerprint template and enables the direct use of a traditional, well-established minutiae matcher. In terms of template/key protection, the proposed system fuses cancelable biometrics and biocryptography. Transforming the P-P minutiae structures before encoding destroys the correlations between them, and can provide privacy-enhancing features, such as revocability and protection against cross-matching by setting distinct transformation seeds for different applications. The comparison with other minutiaebased fingerprint cryptosystems shows that the proposed system performs favorably on selected publicly available databases and has strong security. Index Terms— Fingerprint, biocryptosystem, cancelable, quantization, alignment-free, local minutiae structures, fuzzy vault, pair-polar minutiae structures.

I. I NTRODUCTION INGERPRINT recognition is one of the most mature and popular biometric authentication techniques because of its stability, individuality and cost-effectiveness [1]–[3]. Methods of fingerprint recognition can be classified into two main categories: texture-based and minutiae-based. The first method extracts patterns of valleys and ridges of fingerprint images as the distinctive features of an individual

F

Manuscript received March 30, 2015; revised August 10, 2015 and October 28, 2015; accepted November 21, 2015. Date of publication December 4, 2015; date of current version December 24, 2015. This work was supported by the Australian Research Council through the Linkage Project under Grant LP120100595 and Grant LP100200538. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Sen-Ching Samson Cheung. The authors are with the School of Engineering and Information Technology, University of New South Wales at Canberra, Canberra, ACT 2612, Australia (e-mail: [email protected]; [email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIFS.2015.2505630

while the second method uses minutiae information (referred to ridge ending and ridge bifurcation) to identify and verify users. In comparison, minutiae-based matching methods are more reliable, thus being widely-studied in the past decade [1], [2], [4], [5]. The use of fingerprint techniques significantly enhances individuals’ security and privacy in banking systems, mobile transaction and so forth, but it has meanwhile brought about some new challenges. Firstly, fingerprint impressions suffer from nonlinear distortion during the acquisition process. Several factors contribute to the fingerprint distortion, including the applied pressure, the skin moisture, the elasticity of the skin [6], etc. Therefore, choosing reliable features that are robust to nonlinear distortion plays a dominant role in building a fingerprint system of high recognition accuracy. Besides, unlike traditional protection techniques (token cards and passwords) which can be reissued or reset, biometric templates are hard to be replaced because of the scarcity of biometric traits an individual possesses. What is worse, repeated use of the same biometric features in different applications aggravates the loss to the owners once they are compromised by attackers. This security concern gives rise to the development of template protection techniques [7]–[18]. Biocryptosystems [11]–[18] provide a win-win solution for both template protection as well as cryptographic key generation. In a biocryptosystem, a cryptographic key is either bound with a biometric template to encrypt each other or directly generated from the template. Meanwhile, some biometricdependent information (referred to as helper data) is generated, which assists in recovering the key and template. A successful biocryptosystem must satisfy that it is computational infeasible to recover the key or template given the helper data only. So far, minutiae-based fingerprint cryptosystems can be divided into two categories: fingerprint cryptosystems based on the conventional matching algorithm (requiring alignment before matching), and alignment-free fingerprint cryptosystems. The conventional algorithms use the Cartesian positions and orientations of minutiae as matching features, which makes alignment a necessary procedure because impressions captured at different times or by different sensors are likely to be translated and rotated versions of each other. Generally, alignment in fingerprint cryptosystems is conducted in two ways [19]. The first approach assumes that minutiae features are pre-aligned prior to constructing any cryptosystem [20], [21]. The second is to stores some additional

1556-6013 © 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

544

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

information about a fingerprint template in the cryptosystem to facilitate automatic alignment during the verification process [22]–[24]. On the one hand, pre-alignment is only acceptable in research but not practical in real-life applications because of the original template’s inaccessibility in the encrypted domain. On the other, fingerprint automatic alignment produces two new issues. Firstly, it relies greatly on the accurate detection of reference points, such as core points [25], reference minutiae [22] and high curvature points [23], which is a non-trivial task. The experimental results provided by Zhang et al. [26] showed that even the routine image rotation transformation process can cause significant deviations of singular points, not to mention the reference points becoming invisible or even nonexistent in some fingerprint images. As a result, matching based on automatic alignment may lead to a high FRR (false rejection rate). Secondly, reference points may leak some information about the original template. Li et al. [27] suggested that storing singular points can help an attacker distinguish between genuine and chaff points in a fuzzy vault, which reduces system security. To address the above issues, alignment-free fingerprint cryptosystems that perform matching using relative information between minutiae, e.g., local minutiae structures [28]–[32], have been widely studied in recent years. As the relationships between minutiae do not vary with rotation or translation, they are transformation-invariant features. Jeffers and Arakala [33] investigated the robustness of three different minutiae representations, the five-nearest neighbor, Voronoi neighbor and triangle structures, and discussed their suitability for the fuzzy vault construction. Later, they [34] implemented a practical fingerprint cryptosystem based on the PinSketch construction [14] using the five-nearest neighbor structure. Li et al. [27] proposed an alignment-free fingerprint cryptosystem based on the fuzzy vault scheme. In their method, minutiae descriptors and the two-nearest neighbor structure, both of which are invariant to transformation in the fingerprint capturing process, are incorporated by adopting three different fusion strategies. Yang et al. [35] described the relationship between two minutiae as the address of a neighbor minutia with respect to the reference one in a pre-built 3D array. The Voronoi neighbor structure of each minutia is then represented by a set of addresses in binary format which are fed into the PinSketch. Later, they [36] designed a new local minutiae structure representation called the Delaunay quadrangle which they successfully applied to the fuzzy commitment. The Delaunay quadrangle, which is formed by jointing any two Delaunay triangles that share a common side, can effectively address the change in a triangular structure arising from nonlinear distortion and provide more discriminative information than Delaunay triangles. Although the use of transformation-invariant features enables matching without alignment and eliminates recognition errors caused by unreliable alignment, the recognition accuracy of existing alignment-free fingerprint cryptosystems is insufficiently satisfying. The factors leading to poor accuracy are manifold. Firstly, compared with the global minutiae pattern that considers the global spatial relationships between all the minutiae in a fingerprint image, as the above mentioned

local minutiae structures contain only relative information of a few minutiae in a local region, they are less discriminative; for example, Jeffers and Arakala [33] showed that the discrimination between true and false matches for the three local minutiae structures (the five-nearest neighbor, Voronoi neighbor, and triangle structures) is quite limited. To be more precise, with the thresholds given in their experiments, impressions from the same finger/different fingers tend to have approximately 75%/50% of triangles in common, with those of the Voronoi neighbor and five-nearest neighbor structures 80%/60% and 70%/30%, respectively. Although minutiae descriptors and auxiliary local features are employed in [27] and [36], respectively, to increase the discriminative power of their proposed local minutiae structures, it is worth noting that they both act as an artificial filter to reject imposters rather than encrypted features. If an attacker obtains the helper data (the vault or sketch), he can bypass this filter and directly recover the key/template. As the distinguishing capability of both the two-nearest neighbor structure and Delaunay quadrangle is relatively poor, the key/template is very likely to be retrieved with an imposter’s fingerprint. That is to say, the performances, particularly of the genuine rejection rates (GRR), reported in [27] and [36] are highly unachievable in practice. Secondly, the similarity measures for original fingerprint templates are quite different from those considered in cryptosystems [37]; for example, a typical fingerprint matching algorithm considers two fingerprints matched if more than a certain number of minutiae in one are near distinct minutiae in the other. In this case, the similarity measures in fingerprint cryptosystems have to consider both the Euclidean distance and set difference. In [33], [35], and [36], trivial quantization is used to deal with the Euclidean distance, that is, the original feature domain is segmented into several non-overlapping parts while all information inside a part is assigned a specific value. Although this approach is neat and able to somewhat tolerate nonlinear distortion via the quantization operation, it may map originally similar features into different segments due to quantization boundaries. In [27] and [34], original minutiae features are coarsely quantized and then matching is performed via some sort of similarity measure. The main problem with this technique is that coarse quantization will lead to discrimination/information loss of the original features because short binary strings are insufficient to represent features from a large domain. Also, traditional and well-established similarity measures specially designed to deal with fingerprint intra-class variations cannot be applied directly to coarsely-quantized features. Considering the above issues, in this chapter, we propose a security-enhanced alignment-free fuzzy vault-based fingerprint cryptosystem using pair-polar (P-P) minutiae structures. The main contributions of this chapter are as follows. 1) Compared with other local minutiae structures that contain only relative information of a few minutiae in a local region, as the P-P minutiae structure used in the proposed system describes the relationships between a reference minutia and all the others in a fingerprint within its polar coordinate space, it is more discriminative (experimentally proven).

LI AND HU: SECURITY-ENHANCED ALIGNMENT-FREE FUZZY VAULT-BASED FINGERPRINT CRYPTOSYSTEM

2) A well-established minutiae matcher in global minutiae matching algorithms is seamlessly transformed into a transformation-invariant feature-applicable version and information about the original features is largely retained using a fine quantization, which only removes the decimal parts of the features. 3) Unlike many fuzzy vault constructions that choose chaff points separated by a minimum distance d from any genuine point and previously added chaff point, where d is the distance inside which a query feature and vault point are considered matched during verification, the proposed vault selects both genuine and chaff features greater than 2d away from each other. As this design removes the probability that a query feature matches multiple points in the vault, decoding time is significantly reduced. 4) For security enhancement, each P-P minutiae structure is transformed before being encoded into the fuzzy vault. The transformation functions take a pre-set seed and an invariant value extracted from each reference minutia as parameters. This approach fully combines the advantages of both cancelable biometrics and biocryptography. Firstly, transforming the P-P minutiae structures before encoding destroys the correlations between them and can provide privacy-enhancing features, such as revocability and protection against cross-matching attacks, by setting distinct seeds for different applications. Secondly, the transformed genuine features are blurred by a greater number of chaff points, which further increases the difficulty of deriving the original features from the transformed ones. The rest of this paper is organized as follows. The P-P minutiae structures are introduced in Section II, including structure generation and the minutiae matcher used in our system. In Section III, We experimentally explore the discrimination ability of the P-P minutiae structures. The proposed scheme with security-enhancement is described detailedly in Section IV. Section V and Section VI concentrate on the analysis and discussion of experimental results and security. The conclusion and future work are given in Section VII. II. PAIR -P OLAR (P-P) M INUTIAE S TRUCTURE A. Generation of Structure A fingerprint F is always represented by a set of minutiae, N i.e., F = {Mi }i=1 , Mi = (x i , yi , θi ), where (x i , yi ) are the Cartesian coordinates of Mi , θi its orientation and N the number of minutiae in F. When Mi is selected as a reference minutia, we denote the relative position of a minutia M j , j = i to Mi by a P-P coordinate vector vi j = (ri j , ϕi j , θi j ). Here Mi serves as the center of a polar coordinate space, the orientation of which acts as the 0° axis, ri j is the radial distance between Mi and M j , ϕi j the counter-clockwise angle −−− between the orientation of Mi and direction of Mi M j , and θi j the orientation difference between Mi and M j . In this case, the P-P structure of Mi can be represented by Vi = {vi j } Nj=1, j =i N [8]. (see Figure. 1) and F by F = {Vi }i=1

Fig. 1.

545

Pair-polar structure of minutia Mi (N = 3).

B. Minutiae Matcher In global minutiae matching algorithms, after two fingerprints (a template and query) are aligned, their corresponding minutiae are paired. M j = (x j , y j , θ j ) from the template and M j = (x j , y j , θ j ) from the query are regarded as a pair of matched points if the conditions in (1) and (2) are simultaneously met [38].  (x j − x j )2 + (y j − y j )2 ≤ d (1)     (2) θ j − θ j  ≤ θ, where d and θ are predefined distance and angle thresholds, respectively. This minutiae matcher is widely adopted in minutiae-based fingerprint matching because it can effectively deal with the intra-class variations between different captures of the same fingerprint. At first glance, the above well-established minutiae matcher cannot be applied directly to the P-P coordinate vectors which represent relative information and do not contain Cartesian positions. However, we can seamlessly transform it into a transformation-invariant feature-applicable version as below. Let vi j = (ri j , ϕi j , θi j ) (the relative position of minutia M j to Mi ) and vkl = (rkl , ϕkl , θkl ) ( the relative position of minutia Ml to Mk ) be two P-P coordinate vectors for comparison. After Mi and Mk are aligned, M j and Ml in the new coordinate space can be expressed as (ri j cos ϕi j , ri j sin ϕi j , θi j ) and (rkl cos ϕkl , rkl sin ϕkl , θkl ), respectively. Assuming that vi j matches vkl when M j matches Ml , the conditions in (1) and (2) are transformed into P-P coordinate vector-applicable conditions, i.e., vi j matches vkl if they simultaneously satisfy the conditions in (3) and (4).  (ri j cos ϕi j − rkl cos ϕkl )2 + (ri j sin ϕi j − rkl sin ϕkl )2  = ri2j + rkl2 − 2ri j rkl cos(ϕi j − ϕkl ) ≤ d (3)   θi j − θkl  ≤ θ (4)

546

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

acceptance rate (FAR), we set another threshold m to control the number of matched P-P minutiae structures, whereby two fingerprints are regarded as matched if the number of their matched P-P minutiae structures is not less than m. In this case, the probability that a genuine fingerprint is accepted can be calculated by  30   30 (5) ( ps )i (1 − ps )30−i , G AR = m i=m

and the probability that a false fingerprint is accepted by  30   30 (6) FAR = ( pd )i (1 − pd )30−i , m i=m

Fig. 2. Percentages of matched pair-polar minutiae structures in same and different finger samples.

III. T EST OF D ISCRIMINATION A BILITY The P-P minutiae structure describes the relationships between a reference minutia and all the other minutiae in a fingerprint within its polar coordinate space. As a fingerprint usually contains 30 to 50 minutiae, the features extracted from this structure are more discriminative than those from other local minutiae structures, such as the five-nearest neighbor, Voronoi neighbor and triangle. Also, distortions in local areas are no longer determinants of structure matching. To test the discriminative power of the P-P minutiae structure, we conduct experiments on the publicly available database FVC2002DB2. In our experiment, we compare the first image of each finger, firstly with the second image of the same finger and then with the first images of the remaining fingers to evaluate the number of structures that successfully find a match in either case. For simplicity, the thresholds d and θ are fixed as d = 9 and θ = 20. Two P-P minutiae structures are deemed matched if they have no less than n matched P-P coordinate vectors. The results obtained from the experiment are shown in Figure 2, in which we can see that, when n = 3, the percentage gap is slightly less than 60% and, when n = 4, 5, 6, increases to more than 70%. Obviously, the P-P minutiae structure is more discriminative than five-nearest neighbor (40%), Voronoi neighbor (20%), and triangle structures (25%). Although the probability that a specific P-P structure finds a match in a different finger sample is relatively small, it is still very likely that different samples have at least one matched P-P structure due to the large number of P-P structures (30 to 50) in a fingerprint; for example, the probability of a P-P structure from a fingerprint finding a match in a different one is about 1.5% when n = 5. Assuming that P-P minutiae structures generated from a fingerprint are mutually independent and each fingerprin contains 30 minutiae, the probability that two fingerprints captured from different fingers having at least one matched P-P structure can be calculated by P = 1 − 0.985 ∧ 30 ≈ 0.3645. To further reduce the false

where ps and pd denote the probability that a P-P minutiae structure finds a match in the same and different finger samples, respectively. If we set m= 4 and n = 5 ( ps ≈ 0.74, 30  30 pd ≈ 0.015), G A R = (0.74)i (1 − 0.74)30−i ≈ 1 4 i=4   30  30 (0.015)i (1 − 0.015)30−i ≈ 0.001, and F A R = 4 i=4 which offers high recognition accuracy. IV. P ROPOSED S CHEME A. Encoding Stage To address errors in different feature levels, a two-level secure sketch (a fuzzy vault and Shamir’s secret sharing scheme) is used in the encoding procedure (see Figure 3), the detailed steps in which are as follows. 1) Given a fingerprint template T , we first extract the  N T template minutiae set MiT i=1 using the software VeriFinger 6.0 from Neurotechnology [39], where N T is the number of minutiae in T . From this set, we choose only 30 well-separated genuine minutiae, i.e., the minimum distance between each is greater than a predefined threshold d. The distance between two minutia points Mi and M j is defined as  D(Mi , M j ) = (x i −x j )2 + (yi − y j )2 + w(θi − θ j ),   



 where  θi − θ j = min θi − θ j  , 360 − θi − θ j  and w is the weight assigned to the orientation attribute [23]. If the number of well-separated minutiae in the template is less than 30, all will be chosen and we S T  denote the selected minutiae set by S M T = MiT i=1 (S T ≤ 30). The reason we set the upper bound for the number of genuine minutiae is to reduce the processing time required for matching. R is generated 2) A chaff minutiae set C M = {Mc }c=1 iteratively as below. A randomly generated minutia M can be added into C M if M is well-separated from all the points in the set C M ∪ S M T . 3) For each minutia Mi ∈ S M T , its P-P structure, denoted T +R by ViT = {viTj } Sj =1, j  =i , is constructed by connecting Mi to all the other minutiae M j ∈ S M T ∪ C M. Then the features in viTj are quantized and represented as bit

LI AND HU: SECURITY-ENHANCED ALIGNMENT-FREE FUZZY VAULT-BASED FINGERPRINT CRYPTOSYSTEM

Fig. 3.

547

Encoding stage.

strings BrTi j , BϕTi j and BθTi j , respectively. Concatenating these three bit strings, we can obtain a l-bit binary string C BiTj which represents the P-P coordinate vector viTj . Correspondingly, the P-P structure ViT can then be T +R expressed by {C BiTj } Sj =1, j  =i . 4) Each P-P structure ViT is encrypted into the fuzzy vault construction (the first level secure sketch). Specifically, given a cryptographic sub-key K i , we divide it into n segments as K i = ki,n−1 ||ki,n−2 || . . . ||ki,0 , with each segment l bits in length and the length of K i ln. Then, we encode K i into a polynomial pi as pi (x) = ki,n−1 x n−1 + ki,n−2 x n−2 . . . + ki,0 . For each M j ∈ S M T = Mi , pi (x) is evaluated at C BiTj to generate a genuine point set G Si = {(C BiTj , pi (C BiTj ))} M j ∈S M T , j =i , while for each M j ∈ C M, a chaff point set C Si = {(C BiTj , yi j )} M j ∈C M in which yi j = pi (C BiTj ), is generated. The computation is operated in the Galois field G F(228 ), with G Si and C Si composing a vault V aulti . In addition, a hash value of K i (H (K i )) is stored for verification during the decoding process. 5) In this stage, the second level secure sketch, which is essentially the Shamir’s secret sharing scheme, is applied. Given a cryptographic key K provided by a user, if we expect that m of K i is sufficient to recover it, we divide K into m + 1 segments as K = km ||km−1 || . . . ||k0 , with each element 28n bits in length and the length of K 28(m+1)n. Subsequently, we construct a polynomial p by taking km , km−1 . . . k0 as its coefficients, i.e., p(x) = km x m +km−1 x m−1 . . .+k0 , and evaluate p(x) at each sub-key K i . K i is then discarded and p(K i ) paired with H (K i ) as ( p(K i ), H (K i )). Finally, we randomly choose a ln-bit string K 0 , compute p(K 0 ) and publish (K 0 , p(K 0 )). Combing the fuzzy vault construction and the Shamir’s secret sharing scheme, the total sketch data our two-level

construction produces can be represented by S D = ST {V aulti , (H (K i ), p(K i ))}i=1 ∪{(K 0 , p(K 0 ))}, which is stored explicitly for key recovery. B. Decoding Stage The decoding procedure is shown in Figure 4 and its detailed steps are explained below. 1) Given a fingerprint query Q, we first extract the  Q N Q query minutiae set Mk k=1 , where N Q is the number of minutiae in Q. From this set, we choose only 30 well-separated minutiae (if the number of wellseparated minutiae in the query is less than 30, all will be chosen) and denote the selected minutiae set by  S Q S M Q = MkQ k=1 (S Q ≤ 30). 2) For each minutia Mk ∈ S M Q , we construct its P-P structure by connecting it to all the other minutiae Q SQ }l=1,l=k , where Ml ∈ S M Q and denote it by VkQ = {vkl Q Q Q Q Q Q Q vkl = (rkl , ϕkl , θkl ). Then the features rkl , ϕkl and θkl are converted to integers (by a floor function) and represented as bit strings BrQkl , BϕQkl and BθQkl , respectively. As a result, the P-P structure VkQ can be represented by SQ {(BrQkl , BϕQkl , BθQkl )}l=1,l =k . 3) The elements in VkQ are paired with those in V aulti one by one. In particular, for each P-P coordinate vector Q vkl = (BrQkl , BϕQkl , BθQkl ) ∈ VkQ , we search for an element (C BiTj , y) from V aulti which meets the conditions Q Q Q Q (dec(Bri j )2 + dec(Brkl )2 − 2dec(Bri j )dec(Brkl ) Q Q 1/2 ≤ d and  ϕkl )) cos(dec(Bϕi j ) − dec(B  Q Q  dec(Bθi j ) − dec(Bθkl ) ≤ θ , and add the qualified one into a unlocking set U L i . Here C BiTj = BrTi j ||BϕTi j ||BθTi j and dec(x) denotes the decimal representation of x. Now, there are two situations to be considered.

548

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

Fig. 4.

Decoding stage.

a) If |U L i | < n, which means that there is insufficient information to reconstruct pi , we pair VkQ with the next vault. b) If |U L i | ≥ n, for each subset of size n of the unlocking set U L i , we construct a polynomial pi = ai,n−1 x n−1 + ai,n−2 x n−2 . . . + ai,0 by Lagrange interpolation and concatenate its coefficients as Ai = ai,n−1 ai,n−2 . . . ai,0 . Then, we compute H (Ai ) and compare it with H (K i ). If H (Ai ) = H (K i ), it indicates that Ai = K i with overwhelming probability and (Ai , p(K i )) is added into a unlocking set U L. Otherwise, we repeat the same procedure for the next subset. After all the subsets are traversed, if no Ai satisfies H (Ai ) = H (K i ), we pair VkQ with the next vault. 4) Step 2 and Step 3 are repeated until all the P-P structures generated from the query are examined. We then check the unlocking set U L. If the number of elements in U L is smaller than m, the key recovery/verification fails. Otherwise, we randomly pick m elements from U L, combine them with (K 0 , p(K 0 )), and reconstruct the original polynomial p by Lagrange interpolation. Then, the key can be retrieved by concatenating the coefficients of p. C. Quantization Parameters Although it is feasible to compare template and query features (r, θ, ϕ) in the real domain, they are often quantized before applying the fuzzy vault scheme. This is because the computations involved in the encoding and decoding stages are usually performed in a finite field such as G F(2l ) [20], [23], [27], [40], [41] as the cryptographic key must be an integer. In addition, proper quantization can significantly reduce data storage without sacrificing too much performance. In our method, we perform fine quantization Quant using a floor function, i.e., Quant (a) = a. Obviously, Quant (θ ), Quant (ϕ) ∈ {0, 1, .., 359} and Quant (r ) ∈ {0, 1, .., 633} considering that the distance between any two

minutiae in a 560∗290 fingerprint image is at most equal to the lengths of its diagonal lines. Therefore, the lengths of BrTi j , BϕTi j and BθTi j are assigned 10, 9 and 9, respectively, and l = 28. Intuitively, using this fine quantization, the information about the original features is retained to a large extent as only the decimal parts of the features are removed. In this case, the quantization itself will not significantly affect the matching performance. (Experiments results obtained in Section V can also prove this). D. Selection of Genuine and Chaff Minutiae The well-separated genuine and chaff minutiae play an important role in our construction. Setting d > 2d + Q 2wθ , we ensure that, for each vkl , there is at most one qualified/matched element in V aulti (see Theorem 1). Many fuzzy vault implementations [20], [23], [27], [40] choose chaff points that are separated by a minimum distance d from any genuine point and previously added chaff point, where d is the distance inside which a query feature and vault point are considered matched during verification. This design requires more decoding time because a query feature is likely to match multiple points in a vault, which increases the number of candidate subsets for Lagrange interpolation (see B.3.b); for example, let V = {vi }30 i=1 be a query P-P minutiae structure. In the methods of [20], [23], [27], and [40], if we suppose that, on average, each vi finds two matches in the vault, the number  of candidate subsets for Lagrange 60 interpolation is . In our case, however, the number   n 30 is up to as each vi can find at most one match. n That is to say, the number of interpolation attempts     required 30 60 to recover the key is reduced to < 1/2n . n n In addition, the same selection criteria for both the genuine and chaff minutiae can prevent an attacker from distinguishing between them by exploiting different distance settings.

LI AND HU: SECURITY-ENHANCED ALIGNMENT-FREE FUZZY VAULT-BASED FINGERPRINT CRYPTOSYSTEM

549

Theorem 1: Given two P-P structures Vi = {vi j } Nj=1, j =i M (with center at Mi ) and Vk = {vkl }l=1,l =k (with center at Mk ), if the minimum distance between any two minutiae M1 (x 1 , y1 , θ1 ) and M2 (x 2 , y2 , θ2 ) (defined in A.1) in each P-P structure satisfies D(M1 , M2 ) > 2d + 2wθ (w > 0), then for each vi j ∈ Vi , there is at most one P-P coordinate vector vkl ∈ Vk that meets the conditions    r 2 + r 2 − 2ri j rkl cos(ϕi j − ϕkl ) ≤ d and θi j − θkl  ≤ θ . ij

kl

Proof: If for a P-P coordinate vector vi j ∈ Vi , there are two vectors vkl1 , vkl2 ∈ Vk that meet the above  conditions, i.e., ri2j + rkl2 1 − 2ri j rkl1 cos(ϕi j − ϕkl1 ) ≤ d,    θi j − θkl  ≤ θ , r 2 + r 2 − 2ri j rkl cos(ϕi j − ϕkl ) ≤ d 1 2 2 ij kl2   and θi j − θkl2  ≤ θ , then after aligning Vi with Vk (based M j, two on their centers Mi and Mk ), for  the minutia   −−−− −−−− minutiae Ml1 and Ml2 satisfy that  M j Ml1  ,  M j Ml2  ≤ d     and θ j − θl1  , θ j − θl2  ≤ θ . As a result, we can deduce that D(Ml1 , Ml2 )  = (xl1 − xl2 )2 + (yl1 − yl2 )2 + w(θl1 , θl2 )    −−−−  

 =  Ml1 Ml2  + w min θl1 − θl2  , 360 − θl1 − θl2    −−−−   ≤  Ml1 Ml2  + w θl1 − θl2       −−−−   

 ≤  M j Ml1  +  M j Ml2  + w θ j − θl1  + θ j − θl2  ≤ 2d + 2wθ, which contradicts the assumption D(Ml1 , Ml2 ) > 2d + 2wθ . E. Security Enhancement Although the use of the P-P minutiae structure can improve recognition performance because of its high discriminative power, there is a security flaw in the above construction. Specifically, if a genuine P-P coordinate vector vi j = (ri j , ϕi j , θi j ) occurs in the ith vault, there will be a corresponding vector v j i = (r j i , ϕ j i , θ j i ) in the jth vault. As ri j = r j i and θi j + θ j i = 360◦ , this relationship will help an attacker distinguish genuine from chaff features. To address this issue, we transform each P-P minutiae structure before feeding it into the fuzzy vault construction using the methods in [10] and [41]. The transformation amount for each minutia is computed using two designed changing functions, which take a pre-set seed and an invariant value extracted from this minutia as input. 1) Extraction of Invariant Value: The Minutiae descriptor sample structure [42] is used to compute the invariant value. Given a minutia M and its orientation θ , its descriptor is composed of L concentric circles of radius rl , (1 ≤ l ≤ L), each of which comprises K l sampling points pk,l , (1 ≤ k ≤ K l ), equally distributed along its circumference (Figure 5). We adopt the same parameter settings as [41] and [42], that is, the minutiae descriptor of each minutia is composed of

Fig. 5.

Sampling points in a minutiae descriptor [42].

4 concentric circles, the radii of which are 27, 45, 63 and 81 pixels and the samples points on which 10, 16, 22 and 28, respectively. In this case, a 76-dimension translation- and rotation- invariant feature vector of the ith minutia Mi can be computed as  )] Fi = [d(θi , θ1 ), d(θi , θ2 ), . . . , d(θi , θ76 ⎧ ⎪ θi − θ j + π, i f − π < θi − θ j ≤ −π/2 ⎪ ⎪ ⎪ ⎪ ⎨θ i − θ  , i f − π/2 < θi − θ j ≤ π/2 j d(θi , θ j ) = ⎪ θi − θ j − π, i f π/2 < θi − θ j ≤ 3π/2 ⎪ ⎪ ⎪ ⎪ ⎩θ − θ  − 2π, i f 3π/2 < θ − θ  ≤ 2π, i i j j

(7) where θi ∈ [0, 2π) is the orientation of Mi and θ j ∈ [0, π) the ridge direction estimated at the jth sample point. Subsequently, a random 76-dimension vector U par is generated using a random number generator with par as the seed. Finally, an invariant value corresponding to  Mi is computed using an  inner product as m i = U par  ◦ Fi  + 1, in which A denotes the vector norm of A and m i ∈ [0, 2]. 2) Changing Functions: The design of the changing functions is the same as that in [10]. Firstly, two random number sequences X and Y are created using par as the seed. Secondly, the control points of the distance change function DC F and angle change function AC F are generated by summing the outputs of X and Y , respectively, as DC Fpar (aT ) = x 0 + x T + . . . + x (a−1)T + x aT = AC Fpar (aT ) = y0 + yT + . . . + y(a−1)T + yaT =

a  i=0 a 

x iT yiT ,

i=0

(8) where a is an integer, and x i ∈ [−β, −α] ∪ [α, β] and yi ∈ [−η, −λ] ∪ [λ, η] the outputs of X and Y , respectively (α and β are pixels, and λ and η are degrees). Finally, using linear interpolation, the values of DC Fpar ( p) and AC Fpar ( p)

550

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

TABLE I E XPERIMENTAL PARAMETERS FOR P ROPOSED S YSTEM

Fig. 6.

The P-P minutiae structure after transformation.

V. E XPERIMENTAL R ESULTS A. Experimental Databases and Parameter Setting

between (k − 1)T and kT are obtained as p − (k − 1)T DC Fpar (kT ) DC Fpar ( p) = T kT − p DC Fpar ((k − 1)T ) + T p − (k − 1)T kT − p AC Fpar (kT ) + AC Fpar ( p) = T T ×AC Fpar ((k −1)T )(k −1)T < p < kT (9) 3) Transformation: For each P-P minutiae structure Vi = {vi j = (ri j , ϕi j , θi j )} Nj=1, j =i , we transform its reference minutia Mi = (x i , yi , θi ) as x i  = x i + DC Fpar (m i ) cos θi yi  = yi + DC Fpar (m i ) sin θi θi  = θi + AC Fpar (m i ) Mi  = (x i  , yi  , θi  )

(10)

and then generate a new P-P structure with Mi  as the reference minutia, denoted by Vi  = {vi  j == (ri  j , ϕi  j , θi  j )} Nj=1, j =i  . Figure 6 shows a P-P minutiae structure with one P-P coordinate vector (solid line) and its new structure after transformation (broken lines). Instead of Vi , the new P-P structure Vi  is fed into the fuzzy vault construction for encoding (A.4) and decoding (B.3), with the subsequent procedure the same. As the transformation amounts for P-P minutiae structures vary with the invariant values extracted from their reference minutiae, the correspondence between vi j and v j i no longer exists between vi  j and v j  i . That is to say, an attacker cannot distinguish genuine from chaff features in the deformation domain by correlating the P-P coordinator vectors. Admittedly, if the attacker knowns the transformation amount for each minutia, he can inverse the transformation and then perform the correlating attack. However, even if the changing functions and par are revealed, the transformation amount for each minutia cannot be computed without the information about the invariant value, which is extracted from input images and no longer stored in the system after performing the transformation process.

We conduct experiments on a wide variety of public fingerprint databases, FVC 2000 (DB1), FVC 2002 (DB1, DB2, DB3, DB4), FVC 2004 (DB2) and FVC 2006 (DB2, DB3). The first three (FVC 2000, FVC 2002 and FVC 2004) contain 800Gy-level fingerprint images collected from 100 fingers with 8 samples of each while FVC 2006 contains fingerprint images from 140 fingers with 12 samples of each. The parameters used in our experiment are listed in Table I. B. Performance Evaluation Three performance indices are used for performance evaluation: (1) the FAR, the probability of an imposter being accepted as a legitimate user; (2) the FRR, the probability of a legitimate user being rejected as an imposter; and (3) the equal error rate (EER), the error rate when the FAR and FRR are equal. Similar to [35], [36], and [43], we also use two different protocols (the 1vs1 and standard FVC) to evaluate the recognition performance of the proposed system (“proposed system” or “our system” throughout this paper always involves the implementation of the security enhancement step unless stated otherwise). In the 1vs1 protocol, the first image of each finger is compared with the second image of the same finger to compute the FRR and then compared with the first images of the remaining fingers to compute the FAR. To avoid a duplicate comparison, if image 1, as the template, has been compared with image 2, when image 2 is chosen as the template, it is not compared with image 1 again. Therefore, for FVC 2000, FVC 2002 and FVC 2004, this results in 100 genuine and (1 + 99) ∗ 99/2 = 4950 imposter matching attempts, while for FVC 2006, 140 genuine and (1 + 139) ∗ 139/2 = 9730 imposter ones. In the standard FVC protocol, each image of each finger is compared with the remaining (7/11) images of the same finger to calculate the FRR, and the first image of each finger is compared with the first images of the remaining fingers to computer the FAR. We also remove any duplication comparison in this protocol. Therefore, for FVC 2000,

LI AND HU: SECURITY-ENHANCED ALIGNMENT-FREE FUZZY VAULT-BASED FINGERPRINT CRYPTOSYSTEM

Fig. 7. Comparison of performances of raw matching algorithms with and without quantization before applying the fuzzy vault.

FVC 2002 and FVC 2004, there are ((0+7)∗8/2)∗100 = 2800 genuine and (1 + 99) ∗ 99/2 = 4950 imposter matching attempts, while for FVC2006, ((0 + 11) ∗ 12/2) ∗ 140 = 9240 genuine and (1 + 139) ∗ 139/2 = 9730 imposter ones. For different purposes, our experiments are divided into two groups. The first group of experiments is to demonstrate how much the fine quantization affects the performance of our raw matching algorithm before applying the fuzzy vault, and it is conducted on FVC2002DB1, FVC2002DB2 and FVC2002DB3 using the standard FVC protocol. Figure 7 shows that the performance differences between the matching algorithms with and without quantization is negligible on the experimental databases (Note that the matching algorithms evaluated in this group of experiments do not consider the implementation of the security enhancement step as we only care about performance here). In terms of the second group of experiments, we evaluate the proposed system using the 1VS1 protocol and standard FVC protocols, respectively. To ensure fair performance evaluation, the preset seed par is assumed to be publicly known, i.e., both genuine and imposter samples use the same transformation seed in our experiments. Using the 1VS1 protocol, the proposed system performs best on database FVC 2002 DB2 (FRR = FAR = 0). However, its performance drops substantially on databases FVC2004 DB2 (FRR = 24%, FAR = 0.06) and FVC2006 DB3 (FRR = 30.91%, FAR = 0.1%). The reasons for this are manifold; for example, the fingerprint images in FVC2006 DB3 have many missing or spurious minutiae, which could definitely negatively affect recognition accuracy because the propose method is minutiae-based. In particular, as the first image of the 24th finger has only one minutia, we would not even build up a P-P minutiae structure for it. Regarding FVC2004 DB2, fingerprint providers are requested to

551

Fig. 8. ROC curves of proposed system using 1VS1 protocol for best EER performance.

Fig. 9. ROC curves of proposed system using standard FVC protocol for best EER Performance.

exaggerate skin distortions during the acquisition process, which leads to significant distortions in the first two images [44]. The proposed system performs best on FVC2006 DB2 (FRR = 5.78%, FAR = 0) using the standard FVC protocol. The main reason the performance is better than its counterpart using the 1VS1 protocol is the significant increase of genuine matching attempts, from 140 to 9240. In this case, few unsuccessful genuine attempts will not result in a high FRR when divided by a large number (9240). However, the performances on FVC2002 DB1 (FRR = 11.11%, FAR = 0.1%) and DB2 (FRR = 8.07%, FAR = 0.06%) using the standard FVC protocol are poorer than those using the

552

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

TABLE II C OMPARISON OF P ERFORMANCES OF P ROPOSED AND O THER F INGERPRINT C RYPTOSYSTEMS U SING 1VS1 P ROTOCOL (VALUES IN P ERCENTAGES )

TABLE III C OMPARISON OF P ERFORMANCES OF P ROPOSED AND O THER F INGERPRINT C RYPTOSYSTEMS U SING S TANDARD FVC P ROTOCOL (VALUES IN P ERCENTAGES )

1VS1 protocol. This is because the 1VS1 protocol uses only the first and second images, which are acquired in the same session and have fewer variations and distortions than the other 6 used in the standard FVC protocol. Figure 8 and Figure 9 show the ROC curves of the proposed system for the best EER performance (by adjusting m) when the 1VS1 and standard FVC protocols are adopted, respectively. To further verify the strength of the proposed system, we compare it with other fingerprint cryptosystems, including the Voronoi neighbor structure-based [35], five-nearest neighbor-based [34], [45], and two fuzzy vault-based ones which require alignment [23], [24], in terms of FRR, FAR and EER. Although it is unfair to compare the proposed system with the two nearest-neighbor structure-based [27] and Delaunay quadrangle-based [36] fingerprint cryptosystems, the reported performances of which are not achievable in practice (see Section I), they are still listed for reference. In Table II and Table III, we can see that, regardless of the protocol adopted, our system performs better than [23], [24], [27], [34], and [35] on the same database. In comparison with [36], it shows better recognition accuracy on all the experimental databases except 2006DB3 when the 1VS1 protocol is used

(28.67/0.1 VS 30.91/0.1). In the case of [45], our system performs better than it on 2002DB2 and 2002DB1 when the 1VS1 and FVC protocols are adopted, respectively, but results in a few more false rejections on 2002DB2 (11.50 VS 8.89) using the FVC protocol when FAR=0. VI. S ECURITY A NALYSIS A. Brute Force Attack The security of the proposed system relies on the security of the sub-key K i as m sub-keys are able to recover K . Now, we consider two common cases. In one in which an attacker has no information about the distribution of fingerprint features and the sketch data is stored in a completely secure database or server, he has to guess K i by traversing all the possibilities. Therefore, the security of the system is equal to the length of K i , which is 28n bits. In the other in which an attacker obtains the sketch data, as he can recover K i by decoding V aulti , the security of K i depends on the strength of the vault. The degrees of security provided by the fuzzy vault construction has been well studied in [13], [14], [46], and [47]. Here, we consider only the most widelyused method of security analysis, the brute force attack [23],

LI AND HU: SECURITY-ENHANCED ALIGNMENT-FREE FUZZY VAULT-BASED FINGERPRINT CRYPTOSYSTEM

Fig. 10.

GAR vs number of security bits using 1VS1 protocol.

in which an attacker tries to decode K i using all combinations of n points in V aulti .  Because the total number  ST + R − 1 of all possible combinations is , of which n   T S −1 ones will successfully decode K i , the probability n of a specific K i can be computed   Tdecoding   Tcombination S + R−1 S −1 . If we assume that by P = n n S T = 30 and R = 300 (the number of the chaff minutiae is ten  times   that  of the genuine minutiae), 29 329 then P = , which is comparable to n   n  329 29 -bit security. Note that the − log2 P = log n n security bit is complexity rather than entropy-based because most fingerprint-based fuzzy vault constructions have no entropy security [48]. Based on this equation, in Figures 10 and 11, we plot the GAR-security curves [36], [49] of the proposed system using the 1VS1 protocol and standard FVC protocols, respectively. B. Cross-Matching Attack and Revocability A well-known issue regarding the fuzzy vault is that it is vulnerable to the cross-matching attack [50], [51]. If the attacker has access to multiple vaults generated from the same biometric data, he can easily identify the genuine features by correlating the elements in them. This issue, however, can be addressed in the proposed system by setting a distinct seed for the random number generators in each application. In this way, the same biometric data is transformed to different features encoded in the fuzzy vault and the correlation destroyed. Once a vault is compromised, a new vault can be created from the same fingerprint data by replacing the two changing functions. Therefore, the revocability of the proposed system depends on the number of different changing functions that can be created,

Fig. 11.

553

GAR vs number of security bits using standard FVC protocol.

Fig. 12.

Numbers of changing functions.

which, according to the theoretical analysis in [10], can be calculated as C Fn = {4(β − α + 1)(η − λ + 1)}W/T , where W denotes the range of the invariant values in a fingerprint. Figure 12 shows the number of different changing functions when β − α = 5, η − λ = 5 and T = 0.2, which are used in our experiments. VII. C ONCLUSION AND F UTURE W ORK Although alignment-free fingerprint cryptosystems provide a promising solution for template/key protection without registration, the recognition accuracy of previous work is insufficiently satisfying due to poor discriminative power of the features used as well as improper handling of nonlinear distortions in the quantized/encrypted domain. To address this

554

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 3, MARCH 2016

issue, an alignment-free fuzzy vault using pair-polar (P-P) minutiae structures is proposed in this paper. Our system improves recognition accuracy in two respects. Firstly, the P-P minutiae structure is more discriminative than other local minutiae structures, such as the five-nearest neighbor, Voronoi neighbor, and triangle structures. Secondly, compared with the trivial or coarse quantization used in other work, the fine quantization used in our system can retain more information about a fingerprint template to a greater extent and enable the direct use of a well-established minutiae matcher, which is specially designed to deal with intra-class variations. In terms of security, the proposed system combines the advantages of cancelable biometrics as well as biocryptography. Firstly, transforming P-P minutiae structures before encoding destroys the correlations between them and also provides privacyenhancing features, such as revocability and protection against cross-matching attacks. Secondly, adding enormous numbers of chaff points in the vault provides extra protection for transformed genuine features, which increases the complexity of deriving the original template from the transformed one. The experimental results on a wide selection of publicly available databases show that the proposed system outperforms other similar systems while providing strong security. So far, analyzing the difficulty of conducting a brute force attack is most widely used in examining the strength of the fuzzy vault scheme in terms of template protection because it is simple and intuitive. However, a logically rigorous and thorough security analysis that contains a formal proof is undoubtedly more convincing, and this will be an interesting and challenging work that deserves our collective efforts in the future. R EFERENCES [1] W.-B. Zhong, X.-B. Ning, and C.-J. Wei, “A fingerprint matching algorithm based on relative topological relationship among minutiae,” in Proc. ICNNSP, Jun. 2008, pp. 225–228. [2] W. Zhang and Y. Wang, “Core-based structure matching algorithm of fingerprint verification,” in Proc. 16th ICPR, 2002, pp. 70–74. [3] K. Xi and J. Hu, “Dual layer structure check (DLSC) fingerprint verification scheme designed for biometric mobile template protection,” in Proc. 4th ICIEA, May 2009, pp. 630–635. [4] X. Jiang and W.-Y. Yau, “Fingerprint minutiae matching based on the local and global structures,” in Proc. 15th ICPR, 2000, pp. 1038–1041. [5] N. K. Ratha, V. D. Pandit, R. M. Bolle, and V. Vaish, “Robust fingerprint authentication using local structural similarity,” in Proc. 5th IEEE WACV, 2000, pp. 29–34. [6] X. Chen, J. Tian, X. Yang, and Y. Zhang, “An algorithm for distorted fingerprint matching based on local triangle feature set,” IEEE Trans. Inf. Forensics Security, vol. 1, no. 2, pp. 169–177, Jun. 2006. [7] S. Wang and J. Hu, “Alignment-free cancelable fingerprint template design: A densely infinite-to-one mapping (DITOM) approach,” Pattern Recognit., vol. 45, no. 12, pp. 4129–4137, 2012. [8] T. Ahmad, J. Hu, and S. Wang, “Pair-polar coordinate-based cancelable fingerprint templates,” Pattern Recognit., vol. 44, nos. 10–11, pp. 2555–2564, 2011. [9] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, “Generating cancelable fingerprint templates,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 29, no. 4, pp. 561–572, Apr. 2007. [10] C. Lee, J.-Y. Choi, K.-A. Toh, S. Lee, and J. Kim, “Alignment-free cancelable fingerprint templates based on local minutiae information,” IEEE Trans. Syst., Man, Cybern. B, Cybern., vol. 37, no. 4, pp. 980–992, Aug. 2007. [11] U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, “Biometric cryptosystems: Issues and challenges,” Proc. IEEE, vol. 92, no. 6, pp. 948–960, Jun. 2004.

[12] A. Juels and M. Wattenberg, “A fuzzy commitment scheme,” in Proc. 6th ACM CCS, 1999, pp. 28–36. [13] A. Juels and M. Sudan, “A fuzzy vault scheme,” Designs, Codes Cryptogr., vol. 38, no. 2, pp. 237–257, 2006. [14] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data,” in Proc. Int. Conf. Theory Appl. Cryptogr. Techn., 2004, pp. 523–540. [15] C. Chen, R. N. J. Veldhuis, T. A. M. Kevenaar, and A. H. M. Akkermans, “Multi-bits biometric string generation based on the likelihood ratio,” in Proc. IEEE Int. Conf. Biometrics, Theory, Appl., System, Sep. 2007, pp. 1–6. [16] C. Chen and R. Veldhuis, “Binary biometric representation through pairwise adaptive phase quantization,” EURASIP J. Inf. Secur., 2011. [17] E. Maiorana, P. Campisi, and A. Neri, “IRIS template protection using a digital modulation paradigm,” in Proc. IEEE Int. Conf. Acoust., Speech Signal Process., May 2014, pp. 3759–3763. [18] E. Maiorana, P. Campisi, and A. Neri, “User adaptive fuzzy commitment for signature template protection and renewability,” J. Electron. Imag., vol. 17, no. 1, pp. 011011-1–011011-12, 2008. [19] V. Krivoku´ca, W. Abdulla, and A. Swain, “A dissection of fingerprint fuzzy vault schemes,” in Proc. 27th Conf. Image Vis. Comput., 2012, pp. 256–261. [20] T. C. Clancy, D. J. Lin, and N. Kiyavash, “Secure smartcard based fingerprint authentication,” in Proc. ACM SIGMM Workshop Biometric Methods Appl., Berkeley, CA, USA, Nov. 2003, pp. 45–52. [21] U. Uludag, S. Pankanti, and A. K. Jain, “Fuzzy vault for fingerprints,” in Proc. Audio-Video-Based Biometric Person Authentication, 2005, pp. 310–319. [22] S. Yang and I. Verbauwhede, “Automatic secure fingerprint verification system based on fuzzy vault scheme,” in Proc. IEEE ICASSP, Mar. 2005, pp. 609–612. [23] K. Nandakumar, A. K. Jain, and S. Pankanti, “Fingerprint-based fuzzy vault: Implementation and performance,” IEEE Trans. Inf. Forensics Security, vol. 2, no. 4, pp. 744–757, Dec. 2007. [24] A. Nagar, K. Nandakumar, and A. K. Jain, “Securing fingerprint template: Fuzzy vault with minutiae descriptors,” in Proc. 19th ICPR, Dec. 2008, pp. 1–4. [25] Y. Wang, J. Hu, and D. Phillips, “A fingerprint orientation model based on 2D Fourier expansion (FOMFE) and its application to singular-point detection and fingerprint indexing,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 29, no. 4, pp. 573–585, Apr. 2007. [26] P. Zhang, J. Hu, C. Li, M. Bennamoun, and V. Bhagavatula, “A pitfall in fingerprint bio-cryptographic key generation,” Comput. Security, vol. 30, no. 5, pp. 311–319, 2011. [27] P. Li, X. Yang, K. Cao, X. Tao, R. Wang, and J. Tian, “An alignmentfree fingerprint cryptosystem based on fuzzy vault scheme,” J. Netw. Comput. Appl., vol. 33, no. 3, pp. 207–220, 2010. [28] A. K. Hrechak and J. A. McHugh, “Automated fingerprint recognition using structural matching,” Pattern Recognit., vol. 23, no. 8, pp. 839–904, 1990. [29] Z. Chen and C. H. Kuo, “A topology-based matching algorithm for fingerprint authentication,” in Proc. 25th Annu. IEEE ICCST, Oct. 1991, pp. 84–87. [30] X. Chen, J. Tian, and X. Yang, “A novel algorithm for distorted fingerprint matching based on fuzzy features match,” in Proc. AVBPA, 2005, pp. 665–673. [31] D. P. Mital and E. K. Teoh, “An automated matching technique for fingerprint identification,” in Proc. 22nd IEEE Int. Conf. Ind. Electron., Control Instrum., May 1996, pp. 806–811. [32] K. D. Yu, S. Na, and T. Y. Choi, “A fingerprint matching algorithm based on radial structure and a structure-rewarding scoring strategy,” in Proc. AVBPA, 2005, pp. 656–664. [33] J. Jeffers and A. Arakala, “Minutiae-based structures for a fuzzy vault,” in Proc. Biometric Consortium Conf., 2006, pp. 1–6. [34] A. Arakala, J. Jeffers, and K. J. Horadam, “Fuzzy extractors for minutiae-based fingerprint authentication,” in Proc. Int. Conf. Adv. Biometrics, 2007, pp. 760–769. [35] W. Yang, J. Hu, S. Wang, and M. Stojmenovic, “An alignment-free fingerprint bio-cryptosystem based on modified Voronoi neighbor structures,” Pattern Recognit., vol. 47, no. 3, pp. 1309–1320, 2014. [36] W. Yang, J. Hu, and S. Wang, “A Delaunay quadrangle-based fingerprint authentication system with template protection using topology code for local registration and security enhancement,” IEEE Trans. Inf. Forensics Security, vol. 9, no. 7, pp. 1179–1192, Jul. 2014.

LI AND HU: SECURITY-ENHANCED ALIGNMENT-FREE FUZZY VAULT-BASED FINGERPRINT CRYPTOSYSTEM

[37] Q. Li, Y. Sutcu, and N. Memon, “Secure sketch for biometric templates,” in Proc. 12th Int. Conf. Theory Appl, Cryptol. Inf. Security, 2006, pp. 99–113. [38] A. K. Jain, A. A. Ross, and K. Nandakumar, Introduction to Biometrics. Springer Science & Business Media, 2011. [39] S. D. K. Verifinger. (2010). Neuro Technology. [Online]. Available: http://www.neurotechnology.com/verifinger.html [40] D. Moon, S. Lee, S. Jung, Y. Chung, M. Park, and O. Yi, “Fingerprint template protection using fuzzy vault,” in Int. Conf. ICCSA, 2007, pp. 1141–1151. [41] P. Li, X. Yang, K. Cao, P. Shi, and J. Tan, “Security-enhanced fuzzy fingerprint vault based on minutiae’s local ridge information,” in Proc. 3rd Int. Conf. Biometrics, 2009, pp. 930–939. [42] M. Tico and P. Kuosmanen, “Fingerprint matching using an orientationbased minutia descriptor,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 25, no. 8, pp. 1009–1014, Aug. 2003. [43] M. Ferrara, D. Maltoni, and R. Cappelli, “Noninvertible minutia cylinder-code representation,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 6, pp. 1727–1737, Dec. 2012. [44] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K. Jain, “FVC2004: Third fingerprint verification competition,” in Biometric Authentication. New York, NY, USA: Springer-Verlag, 2004, pp. 1–7. [45] E. Liu et al., “A key binding system based on n-nearest minutiae structure of fingerprint,” Pattern Recognit. Lett., vol. 32, no. 5, pp. 666–675, 2011. [46] E.-C. Chang, R. Shen, and F. W. Teo, “Finding the original point set hidden among chaff,” in Proc. ASIACCS, 2006, pp. 182–188. [47] G. X. Qiao and H. A. Qun, “The automatic fuzzy fingerprint vault based on geometric hashing: Vulnerability analysis and security enhancement,” in Proc. MINES, 2009, pp. 62–67. [48] C. Li, J. Hu, J. Pieprzyk, and W. Susilo, “A new biocryptosystemoriented security analysis framework and implementation of multibiometric cryptosystems based on decision level fusion,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 6, pp. 1193–1206, Jun. 2015. [49] A. Nagar, K. Nandakumar, and A. K. Jain, “Multibiometric cryptosystems based on feature-level fusion,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 1, pp. 255–268, Feb. 2012. [50] T. E. Boult, W. J. Scheirer, and R. Woodworth, “Revocable fingerprint biotokens: Accuracy and security analysis,” in Proc. IEEE Conf. CVPR, Jun. 2007, pp. 1–8. [51] W. J. Scheirer and T. E. Boult, “Cracking Fuzzy Vaults and Biometric Encryption,” in Proc. IEEE Biometrics Symp., Sep. 2007, pp. 1–6.

555

Cai Li (M’15) received the B.S. degree from the Nanjing University of Aeronautics and Astronautics, China, in 2007, and the master’s degree in information technology from the University of Melbourne, in 2009. He is currently pursuing the Ph.D. degree with the School of Engineering and Information Technology, University of New South Wales at Canberra, Canberra, Australia. His research interests are biometric pattern recognition and biometric security.

Jiankun Hu received the B.E. degree from Hunan University, China, in 1983, the Ph.D. degree in control engineering from the Harbin Institute of Technology, China, in 1993, and the master’s by research in computer science and software engineering from Monash University, Australia, in 2000. He was with Ruhr University, Germany, on the prestigious German Alexander von Humboldt Fellowship from 1995 to 1996. He was a Research Fellow with the Delft University, The Netherlands, from 1997 to 1998, and a Research Fellow with Melbourne University, Australia, from 1998 to 1999. He is a Full Professor and the Research Director of the Cyber Security Laboratory, School of Engineering and IT, University of New South Wales at Canberra, Canberra, Australia. He has published many papers in high-quality conferences and journals, including the IEEE T RANSACTIONS ON PATTERN A NALYSIS AND M ACHINE I NTELLIGENCE, the IEEE T RANSACTIONS ON C OMPUTERS , the IEEE T RANSACTIONS ON PARALLEL AND D ISTRIBUTED S YSTEMS , the IEEE T RANSACTIONS ON I NFORMATION F ORENSICS AND S ECURITY, and the IEEE T RANSACTIONS ON I NDUSTRIAL I NFORMATICS . His main research interest is in the field of cyber security, including biometrics security. He has served on the Editorial Board of up to seven international journals and served as the Security Symposium Chair of the IEEE flagship conferences of the IEEE ICC and the IEEE Globecom. He has received seven Australian Research Council (ARC) Grants and has served at the prestigious Panel of Mathematics, Information and Computing Sciences and the ARC The Excellence in Research for Australia Evaluation Committee.