Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto- biometric systems, and some implementations for fingerprint have been ...
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 25, 1177-1190 (2009)
Inserting Chaff Minutiae for the Geometric Hashing-based Fuzzy Fingerprint Vault* SUNGJU LEE, DAESUNG MOON+ AND YONGWHA CHUNG Department of Computer and Information Science Korea University Chungnam 339-700, Korea + Biometrics Technology Research Team Electronics and Telecommunications Research Institute Daejeon 305-700, Korea Recently, a cryptographic construct, called fuzzy vault, has been proposed for cryptobiometric systems, and some implementations for fingerprint have been reported to protect the stored fingerprint template by hiding the fingerprint features. Also, solutions to the most challenging issue in applying the fuzzy vault to fingerprint have been proposed. One of the solutions exploits the idea of the geometric hashing to solve the auto-alignment problem. In this paper, we analyze the feature distribution of the generated hash table as a stored fingerprint template and improve the security of the geometric hashingbased fuzzy vault by uniformly distributing the features in the stored fingerprint template. That is, after analyzing the geometric transform from the real and chaff minutiae in the fingerprint image to the generated hash table, we modify the way to add the chaff minutiae. The goals of this addition make the feature distribution of the hash table for the chaff minutiae similar to that of the real minutiae as well as the feature distribution of the fingerprint image for both types of minutiae uniform. Based on the experimental results, we confirm that the proposed approach can perform the fingerprint verification more securely without a significant degradation of the verification accuracy. Keywords: crypto-biometric, fingerprint verification, fuzzy vault, geometric hashing, information security
1. INTRODUCTION Many of the limitations of password-based key release can be eliminated by incorporating biometric data. It is inherently more reliable than password-based key release as biometric characteristics cannot be lost or forgotten. Further, biometric characteristics are difficult to copy, share, and distribute, and require the person being authenticated to be present at the time and feature of authentication. Thus, biometrics-based solution is a potential candidate to replace password-based solution, either for providing complete authentication mechanism or for securing the traditional cryptographic keys. In this paper, the fingerprint has been chosen as the biometrics for user authentication. It is more mature in terms of the algorithm availability and feasibility [1]. However, the fact that biometric templates are stored in a database introduces a Received May 10, 2007; revised September 9, 2008; accepted January 8, 2009. Communicated by Chung-Sheng Li. * A preliminary version of this paper has been presented at KES 2007. This research was supported by the Ministry of Knowledge Economy, Korea, under the HNRC (Home Network Research Center) – ITRC (Information Technology Research Center) support program supervised by the Institute of Information Technology Assessment. + Corresponding author.
1177
1178
SUNGJU LEE, DAESUNG MOON AND YONGWHA CHUNG
number of security risks, and the following threats can be identified [1-4]: For example, when an authentication system is used on a large-scale, the reference database has to be made available to many different verifiers, who, in general, cannot be trusted. Especially, in a networked environment, attacks on the database pose a serious threat. Furthermore, unlike changeable passwords, a user has a limited number of fingers to produce different fingerprints, once a fingerprint is compromised. Thus, if the fingerprint template storing the user’s features (i.e., minutiae) is compromised, the user may quickly run out of the features to be used for authentication and cannot re-enroll forever. To solve this problem, some results have been reported [5-15] and a summary of these results can also be found in [4]. For example, Juels and Sudan [8] proposed a scheme called fuzzy vault. In LOCK function of the fuzzy vault scheme, the secret k (such as private key) is encoded as the coefficients of a Galois field polynomial f(x). A user’s biometric minutiae (set A) are encoded as pairs (ai, f(ai)), where ai is a minutia and f(ai) is a mapping value from the minutia to the polynomial. Additionally, to hide these “real” minutiae, numerous “chaff” minutiae are encoded, in which the value of f(ai) is random. During UNLOCK function, new biometric input minutiae (set B) are calculated, and the minutiae ai closest to the bi are chosen. The f(ai) corresponding to these minutiae are used to estimate the polynomial, using a Reed-Solomon error correcting code framework. If enough legitimate (i.e., real) minutiae are taken, the correct polynomial will be obtained and the correct secret k decrypted. Also, solutions to the most challenging issue in applying the fuzzy vault to fingerprint (i.e., “align” the input fingerprint with the stored fingerprint template in the domain of the fuzzy vault) have been proposed [9-15]. One of the solutions [15] exploits the idea of the geometric hashing [16] to solve the auto-alignment problem. In the domain of the fuzzy fingerprint vault, the security level of the fuzzy vault scheme depends on how difficult it is to separate the chaff minutiae from the legitimate features in the vault [18]. Generally, an attacker may try to unlock the vault using the brute-force attack because he does not know the legitimate features. However, if the feature distributions generated by the fuzzy vault scheme are different for real and chaff minutiae, the attacker can discover the legitimate features much more quickly. In this paper, we propose an approach to enhance the security level of the geometric hashing-based fuzzy fingerprint vault which can solve the auto-alignment problem. We first observe that the feature distributions generated by the real and chaff minutiae are different if we apply the geometric hashing technique straightforwardly. To enhance the security level of the straightforward approach, we modify the way to add the chaff minutiae in the “fingerprint image domain” such that the feature distribution of the “generated hash table domain” for the chaff minutiae is similar to that of the real minutiae. Simultaneously, we also consider the feature distribution of the “fingerprint image domain” such that the features of the fuzzy fingerprint vault are distributed uniformly and the possible degradation of the verification accuracy is minimized. The rest of the paper is structured as follows. Section 2 explains the overview of the fuzzy fingerprint vault and the geometric hashing-based fuzzy fingerprint vault which can solve the auto-alignment problem. Section 3 describes the proposed approach to guarantee the similar distribution of the real and chaff features as well as the uniform distribution of the both features in the stored fingerprint template in order to perform the fingerprint verification more securely. The experimental results are given in section 4, and conclusions are made in section 5.
INSERTING CHAFF MINUTIAE FOR FUZZY FINGERPRINT VAULT
1179
2. BACKGROUND There are many previous results to combine a cryptographic system and a biometric system [4]. Among them, some implementation results for fingerprint have been reported based on the fuzzy vault [9-15]. 2.1 Crypto-Biometric System A cryptographic system and a biometric system can be merged in one of the following two modes [4]: (1) In a “loosely-coupled” mode of cryptography and biometrics, the biometric matching is decoupled from the cryptographic part. Biometric matching operates on the traditional biometric templates [1-3]. (2) In a “tightly-coupled” mode of cryptography and biometrics [5-15], biometrics and cryptography are merged together at a much deeper level. Biometric matching can effectively take place within cryptographic domain, hence there is no separate matching operation that can be attacked; positive biometric matching “extracts” the secret key from the conglomerate (key/biometric template) data. Recently, researchers have described various techniques in generating cancelable biometric templates [2]. An example of this mode, called fuzzy vault, was proposed by Juels and Sudan [8]. In this paper, we focused on the fuzzy fingerprint vault based on the geometric hashing technique. This include non-invertible transforms where the original biometric is transformed using a one-way function. 2.2 Fuzzy Fingerprint Vault Juels and Sudan [8] proposed a scheme called fuzzy vault. In the fuzzy vault scheme, the secret k is locked by a user’s biometric (set A) using a probabilistic LOCK function, resulting in a vault VA. The corresponding decryption algorithm UNLOCK takes as input a vault VA, and a decryption biometric (set B) and outputs k if B is close enough to A, or null, otherwise. The authors argued that in a minutiae-based fingerprint matching system, if a real minutiae template is augmented with a larger number of “chaff” minutiae that constitute random noise, the secrecy of the fingerprint features as well as the secret k is strengthened. If the unlocking minutiae set B overlaps with the real minutiae of the locking minutiae set A in at least (polynomial degree d + 1) minutiae, for some combinations, the correct polynomial of degree d can be reconstructed. This represents the desired outcome when the locking and the unlocking minutiae sets are from the same finger. Since an attacker cannot separate the real minutiae from the chaff minutiae, he cannot reconstruct the correct polynomial without the brute-force attacks. Among the implementation results of the fuzzy fingerprint vault, some results solved the most challenging issue in applying the fuzzy vault to fingerprint (i.e., “align” the input fingerprint with the stored fingerprint template in the domain of the fuzzy vault) [11-13]. For example, Yang and Verbauwhede [11] defined reference minutiae that were extracted during both the vault encoding and decoding. If these two reference minutiae are the same, the origins of the coordinate frames used during the locking and unlocking of the vault would be the same, and hence, the alignment could be established. Another
1180
SUNGJU LEE, DAESUNG MOON AND YONGWHA CHUNG
solution proposed by Uludag and Jain [12] considered the small amount of data used for alignment without any information about the feature-based fingerprint template. However, both solutions have some problems in the verification accuracy. 2.3 Geometric Hashing-based Fuzzy Vault In the previous result [17], the geometric hashing was used to provide a scalable performance for one-to-many matching of fingerprints on large-scale databases. Chung, et al. [15] proposed the method to solve the auto-alignment problem in the fuzzy fingerprint vault using the idea of the geometric hashing [16]. This is reasonable because the idea of the geometric hashing can also be used for pre-computing the possible alignments to save time for alignment in the one-to-one fuzzy fingerprint vault problem. In typical fingerprint verification systems, minutiae are stored in the template file, and input minutiae are compared with the template minutiae after aligning them. Similarly, the geometric hashing consists of two procedures – preprocessing (or enrollment) and recognition (or identification). The preprocessing procedure is executed off-line and only once. In this procedure, the model features are encoded and are stored in a hash table. The information is stored in a highly redundant multiple-viewpoint way. Assume each model in the database has n features. For each ordered pair of features in the model chosen as a basis, the coordinates of all other features in the model are computed in the orthogonal coordinate frame defined by the basis pair. Then, (model, basis) pairs are entered into the hash table bins by applying a given hash function f to the transformed coordinates. In the recognition procedure, a scene consisting of S features is given as input. An arbitrary ordered pair of features in the scene is chosen. Taking this pair as a basis, the coordinates of the remaining features are computed. Using the hash function on the transformed coordinates, a bin in the hash table (constructed in the preprocessing procedure) is accessed. For every recorded (model, basis) pair in the bin, a vote is collected for that pair. The pair winning the maximum number of votes is taken as a matching candidate. The execution of the recognition procedure corresponding to one basis pair is termed as a probe. If no (model, basis) pair scores high enough, another basis from the scene is chosen and a different probe is performed. When we apply this geometric hashing to the fuzzy vault, we should perform 1:1 comparisons. Thus, we use the notion of verification, instead of identification. After the enrollment procedure, the verification procedure separates the chaff minutiae (C) from the real minutiae (G) in the enrollment minutiae table. That is, the minutiae information (unlocking set B) of a verification user is computed and a table, called verification minutiae table, is generated according to the geometric characteristic of the minutiae. Then, the verification minutiae table is compared with the enrollment minutiae table, and the subset of real minutiae is finally selected. Note that, the verification minutiae table is generated in the same way as the enrollment procedure. In comparing the enrollment and verification minutiae tables, the transformed minutiae pairs with the same coordinates, the same angle, and the same type are determined. The minutiae pairs having the maximum number and the same basis are selected as the subset of real minutiae (G). Also, any additional alignment process is not needed because the pre-alignment with each minutia is already computed in the enrollment and verifica-
INSERTING CHAFF MINUTIAE FOR FUZZY FINGERPRINT VAULT
1181
tion minutiae table generation. For the purpose of explanation, Fig. 1 shows an illustration of the processing of the hash table generation and the auto-alignment processing with enrollment and input hash table. Additional details can be found in [15, 16].
Geometric hashing Enrollment Features
Enrollment hash table
matching
Geometric hashing Input Features
Input hash table
Fig. 1. An illustration of the auto-alignment processing with enrollment and input hash table [15].
3. FEATURE DISTRIBUTION OF GEOMETRIC HASHING-BASED FUZZY VAULT As we explained, the goal of an attacker is to separate the chaff minutiae from the real minutiae in the vault, and the security level of the fuzzy fingerprint vault depends on the difficulty of this separation [18]. In this Section, we first explain that the feature distributions generated by the real and chaff minutiae are different if we apply the geometric hashing technique straightforwardly. Then, we describe the way to add the chaff minutiae to enhance the security level of the geometric hashing-based fuzzy fingerprint vault. 3.1 A Non-Uniform Distribution of the Geometric Hashing-based Fuzzy Vault Applying the geometric hashing technique straightforwardly has some limitations in solving the auto-alignment problem. First, when the outside minutia is selected as a basis, the minutiae of the opposite side are located out of the hash table area. That is, the geometric hashing technique losses some outside information. Second, most of the transformed minutiae are located at the center of the generated hash table because the minutiae transformed by the basis are superposed on the enrollment hash table. Fig. 2 shows the distribution of the generated hash table. As shown in Fig. 2, we can know that the most minutiae are concentrated in the center of the hash table. Therefore, the hash table results in a non-uniform, Gaussian distribution. Fig. 3 shows that is the geometric hash table generated by real minutiae only and chaff minutiae only, respectively.
SUNGJU LEE, DAESUNG MOON AND YONGWHA CHUNG
1182
(a) An example of input minutiae. (b) A geometric hash table generated with Fig. 1 (a). Fig. 2. An illustration of the center-concentrated geometric hash table.
Especially, Fig. 3 (c) shows that the probability of a real (i.e., probability that a selected minutia is a real), denoted as probabilityreal, varies with the location of the selected minutia. Because of this characteristic of the generated hash table, attackers may try to find the real minutiae starting from the center of the hash table. For the purpose of explanation, we denote this type of the attack considering the probabilityreal as geometric attack. For example, the probabilityreal at the center is 0.17, whereas that of the boundary is 0.09. Furthermore, in case of the n-degree fuzzy vault where the attacker tries to find n + 1 real minutiae, the geometric attack becomes more effective. For example, in Table 1, the probability of finding 10 real minutiae in the degree-9 polynomial is 5.766 × 10-9 (= 0.1510) with the brute-force attack. However, the probability can be reduced to 2.015 × 10-8 (= 0.1710) with the geometric attack. 0.18
0.16
0.14
0.12
0.10
0.08
0.06 0
50
100
150
200
250
(a) (b) (c) Fig. 3. Characteristics of the geometric hash table; (a) Feature distribution of the geometric hash table generated by real minutiae; (b) Feature distribution of the geometric hash table generated by chaff minutiae; (c) Probability that the selected minutiae will be a real (i.e., probabilityreal = #of real / #of (real + chaff) ) in the hash table domain.
Table 1. Effectiveness of the geometric attack (200 Chaff). Degree-N Polynomial Type of Attack brute-force attack geometric attack
Degree-9 Polynomial
Degree-10 Polynomial
5.766 × 10-9 2.015 × 10-8
8.649 × 10-10 3.427 × 10-9
Therefore, we need to generate uniformly distributed probabilitiesreal in the hash table domain to protect the geometric attack. For example, if the number of the chaff mi-
INSERTING CHAFF MINUTIAE FOR FUZZY FINGERPRINT VAULT
1183
nutiae was 200 and real minutiae was 36 in the enrollment hash table, the ideal probabilityreal is 0.15 (= 36/236) across the hash table domain. 3.2 A Proposed Algorithm for Adding Chaff Minutiae Generally, the chaff minutiae are added into the fingerprint image after being randomly generated without any consideration of the locations. For example, Clancy, et al. [9] generated a predetermined number of the chaff minutiae and added them into the fingerprint image randomly such that the authentic user can unlock the vault efficiently. Recently, Chang, et al. [18] proposed a different approach to add the chaff minutiae for more secure feature distribution. That is, they added a maximum number of the chaff minutiae and then removed some near-by chaff minutiae such that the “free area” was minimized (i.e., the chaff minutiae were distributed more uniformly). Although they ignored the complexity of the unlocking, their observation based on the notion of “free area” needs to be considered in adding the chaff minutiae for the secure, geometric hashing-based fuzzy fingerprint vault. Furthermore, the security level of the geometric hashing-based fuzzy fingerprint vault needs to be improved by making the feature distributions of the hash table generated by both the real and chaff minutiae similar, as we mentioned in section 3.1. In this paper, we propose an approach to add the chaff minutiae for enhancing the security level of the geometric hashing-based fuzzy fingerprint vault without degradation of the verification accuracy. For the purpose of explanation, we denote the possible attack which exploits the notion of “free area” as Chang’s attack. Note that, the geometric hashing-based fuzzy fingerprint vault also needs to consider the Chang’s attack because the input fingerprint image can be derived back from the generated hash table. We first describe our approach to resist to the geometric attack by making the feature distributions of the hash table generated by both the real and chaff minutiae similar, i.e., probabilitiesreal (probability that a selected minutia is a real) are almost the same across the hash table domain. As we explained in section 3.1, most real minutiae in the geometric hash table are concentrated at the center. Thus, most chaff minutiae in the geometric hash table need to be concentrated at the center, too. For the purpose of explanation, we define the notion of sensor area, minutiae area and feature area. The sensor area means the region of the fingerprint image captured by a fingerprint sensor, whereas the minutiae area is the region whose boundaries are determined by the most outside real minutiae in the fingerprint image. Finally, the feature area is the region where we can add the chaff minutiae (see Fig. 4).
(a) (b) (c) Fig. 4. Illustrations of the minutiae and the feature areas; (a) Minutiae area; (b) Feature area; (c) Result of adding chaff minutiae in feature area.
SUNGJU LEE, DAESUNG MOON AND YONGWHA CHUNG
1184
Note that, we have two requirements in defining the feature area. The first requirement is that the feature distribution of the generated hash table domain for the chaff minutiae is similar to that of the real minutiae. One possible solution to this requirement is to set the boundary of the feature are to be equal to that of the minutiae area. However, in this solution, an attacker can easily find some real minutiae located at the boundary of the minutiae area. To hide these real minutiae, we need to define the feature area differently from the minutiae area. The second requirement for the feature area is that it should be enough for large numbers of chaff minutiae. Note that, the typical number of chaff minutiae (i.e., > 200) is much larger than the typical real minutiae (i.e., 30). Consequently, we need to set the feature area larger than the minutiae area. In this paper, we set the feature area larger than the minutiae area by the amount of (2 × ΔM). Note that, ΔM. is defined as the acceptable margin and explained in the following. Now, we consider the Chang’s attack simultaneously. To determine the acceptable margin, we define some notations. S and R are defined as the total number of pixels in the feature area and the total number of minutiae, respectively. B is defined as the area of the matching bound which is computed by (ΔM + 1)2. Note that, the newly added chaff minutiae should be located outside of the matching bound of any chaff or real minutiae in order to avoid both the Chang’s attack and the possible degradation of the verification accuracy. Both S and R are determined by the given fingerprint, and S can be represented by (Δx + 4ΔM) × (Δy + 4ΔM) where Δx is the x-axis length of the minutiae area and Δy the y-axis length. Also, S ≈ B × R. Thus, (Δx + 4ΔM) × (Δy + 4ΔM) ≈ (ΔM + 1)2 × R. By solving this equation, we can get the acceptable margin represented by Eq. (1). Then, the last step of our approach is to add the randomly generated chaff minutiae into the features area defined by the acceptable margin.
ΔM =
( 2( Δx + Δy ) − R ) 2 − (16 − R )( ΔxΔy − R ) − ( R − 2( Δx + Δy )) R − 16
(1)
The algorithm to insert the chaff points can be summarized as Algorithm 1. Note that, the number of the chaff points should be previously determined, and we can calculate the maximum and minimum x-y coordinates from the locations of all feature points. Algorithm 1 Algorithm for Inserting Chaff Points Chaff_Insert(NumberOfChaff) { Determine MinutiaeArea = deltaX × deltaY;
/* Calculate deltaX, deltaY, deltaX = Xmax-Xmin,
AM = Decision_AM(MinutiaeArea, NumberOfChaff);
/* Calculate AM(acceptable margin) by using the equation 1. */
deltaY = Ymax-Ymin. */ Determine FeatureArea = (deltaX + 2AM) × (deltaY + 2AM); /* Set FeatureArea. */ While (Index
