Secure Authentication Using PIN-based Cancellable Fingerprint Templates

wispsyndicateΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 8 μήνες)

95 εμφανίσεις



STO
-
MP
-
IST
-
111

13

-

1



Secure Authentication Using PIN
-
based Cancellable Fingerprint
Templates

Dr. Qinghan Xiao

Defence Research and Development Canada


Ottawa

3701 Carling Avenue, Ottawa, ON, K1A 0Z4 Canada

qinghan.xiao@drdc
-
rddc.gc.ca

ABSTRACT

With the growing deployment of b
iometric

authentication systems, there is a rising concern about the
security and privacy of the stored biometric data, no matter as
original image or biometric templates
. A
major reason is that each person has unique and limited biometric traits; it will
be a permanent loss if
biometric data is stolen or compromised. To overcome this problem, a
substantial

research effort has been
devoted in the development of biometric template protection techniques that can be roughly categorized as
cancellable biometric
s and
biometric cryptosystems
. This paper presents a novel biometric authentication
method in which the authentication is performed based on a set of fingerprint local minutiae structures
established based on a user selected PIN number. In the proposed app
roach, different local minutiae
structure sets can be obtained with different PIN numbers, more or less like in cance
l
lable biometrics that
transformed version of the biometric data can be changed with different transformation functions.

1.0

INTRODUCTION

A
uthentication plays a vital role in military operations conducted by forces in coalition with other nations.
It is a process that verifies the identity of a user with whom a system is communicating or conducting a
transaction. It is reported that “Military

information security experts at the U.S. Defense Advanced
Research Projects Agency in Arlington, Va., are asking for industry’s help in developing ways to blend
biometrics into U.S. Department of Defense (DOD) military cyber security systems without insta
lling new
hardware. The intent is not only to save time and money, but also to help bolster existing DOD computer
security that relies primarily on requiring users to type in long and complex passwords” [1]. A concern of
using biometrics for authentication

is that if biometric data is stolen or compromised, it is a permanent loss
to a user. Unlike there are unlimited amount of passwords, a person has a limited number of biometric
traits that cannot be changed or revoked. To address this challenge, various t
emplate protection schemes
have been proposed in the literature which can be roughly classified into two categories: cancellable
biometrics and
biometric cryptosystems (also referred to as helper data
-
based schemes) [2
-
6].

The concept of cancellable biome
trics was introduced by Ratha et al [3], which generates a transformed
version of biometric data that can be cancelled and replaced. If transformed biometric data is
compromised, a new transform function will be used to generate an updated transformed vers
ion of
biometric sample. Due to the nature of biometrics, it is almost impossible to obtain two samples that are
exactly the same. That is, there are intra
-
class variations existing in biometric data. The transform function
may make any small changes in th
e input result in very different biometric data in the output. Nagar et al
pointed out that the transform techniques “lead to a reduction in the matching performance due to an
increase in the intra
-
user variations” [4]. Biometric cryptosystems attempt to c
ombine biometrics and
cryptography take advantages of both fields to improve the security and privacy level of an authentication
system. The methods can be categorized into two groups: key binding biometric cryptosystem and key
generation biometric cryptos
ystem [2]. The key binding scheme binds a biometric template with a
cryptographic key at the time of enrollment. The key will be retrieved at the authentication stage upon a
successful biometric match. On the other hand, the cryptographic key is directly g
enerated from the
Secure Authentication Using PIN
-
based Cancellable Fingerprint Templates






13

-

2

STO
-
MP
-
IST
-
111



biometric template in the key generation mode. In this way, the biometrics and cryptography are combined
and a unique biometric trait will generate a unique cryptographic key. However, it was pointed out that the
fact that biometric measu
rements are variable and noisy makes the biometric cryptosystems difficult to
implement [5]. In addition, both methods need to facilitate the use of match algorithms designed for the
original biometric templates to guarantee performances.

In order to overc
ome these drawbacks, a novel biometric authentication method is presented in this paper.
The authentication is performed based on a set of fingerprint local minutiae structure (LMS) extracted by a
PIN number selected by the user at the enrollment stage. Li
ke the cance
l
lable biometrics in which
transformed version of the biometric data is changed with different transformation functions, different
LMS sets will be obtained with different PIN numbers. The proposed algorithm aims to possess the
following proper
ties of a template protection scheme: revocability, diversity, security and performance.
The remainder of the paper is organized as follows. Section 2 gives a brief introduction of template
protection techniques. Section 3 explains the notion of LMS with
i
ts parameter

set. Section 4 presents a
matching algorithm using local minutia structure. Section 5 presents the experimental results and Section 6

gives the conclusions and future work.

2.0

TEMPLATE PROTECTION
TECHNIQUES

The concept of
biometric template
protection scheme is a promising idea which should be anonymous,
revocable and noninvertible while maintaining acceptable performance. Various methods have been
proposed in the literature, and cancel
l
able biometrics is one of them.

2.1 Cancellable biometri
cs

Cancellable biometrics, first introduced by Ratha
et al. [3],

applies a parameterized transformation onto
the biometric template. Therefore, the original biometric template is never stored in the database but only
its transformed representation. If a tr
ansformed representation in the database were compromised, it could
be revoked and replaced with a new version of representation by changing the parameters. The schemes
can be further categorized into salting and non
-
invertible transformation approaches ba
sed on the
characteristics of transformation function [2].

Biometric salting uses the same principle of
password

salting

in conventional cryptography in which
biometric features are transformed using a function defined by a user
-
specific key or password.
The
advantages of biometric salting include: (a) the introduction of user
-
specific secrete makes the transformed
biometric template can be easily changed and revoked; (b) the use of auxiliary data reduces the false
accept rates. A drawback of this approach

is that once the user
-
specific secrete is being compromised the
transformed template is no longer secure since the transformation is usually invertible [2]. On the other
hand, a biometric template is secured by a one
-
way function in non
-
invertible transfo
rmation approach.
When compared with salting approach, a

significant advantage
in
non
-
invertible transformation approach
is that there is a slight chance to obtain the original biometric features even if the user
-
specific secrete or
the transformed templat
e is compromised [2,6]. However, all
transform techniques “lead to a reduction in
the matching performance due to an increase in the intra
-
user variations” [4].

2.2 Biometric cryptosystems

Biometric cryptosystems attempt to incorporate biometric authentica
tion into cryptographic bounds, thus
take advantages of both fields to enhance security and privacy. Different from the
feature transformation
approach, some information about the biometric template, called helper data, is stored and the match is
performed

indirectly by
checking the validity of the extracted key
. The helper data does not reveal much
information
regarding the biometric template
.
This approach can also be divided into two groups: key
Secure Authentication Using PIN
-
based Cancellable Fingerprint Templates

STO
-
MP
-
IST
-
111

13

-

3



binding biometric cryptosystem and key generation biometric

cryptosystem according to how the helper
data is generated. In the key binding scheme, the helper data is obtained by binding a biometric template
with a cryptographic key at the time of enrollment. Recovery of the correct key implies a successful match
a
t the authentication stage. In the key generation mode, the cryptographic key is directly generated from
the biometric template and the stored helper data. Therefore, a unique biometric trait will generate a
unique cryptographic key, but this key will chan
ge upon each re
-
enrollment [7]. It is necessary to point out
that both methods need to facilitate the use of match algorithms design for the original biometric templates
to guarantee performances.

3.0

LOCAL MINUTIAE STRUC
TURE

In order to guarantee the perf
ormance and use the same match algorithms designed for the original
biometric templates, a novel biometric authentication method is developed in this paper. The
authentication is performed based on a set of fingerprint LMS constructed based on a PIN number

selected
by the user at the enrollment stage. Like the cancel
l
able biometrics in which transformed version of the
biometric data can be changed when using different transformation functions, various LMS sets can be
obtained with different PIN numbers. The

proposed approach fulfills the following critical aspects of a
template protection scheme [8]:



Revocability: If compromised, a template can be revoked and a new one will easily be issued
using the same biometric data.



Security: It is computationally unfe
asible to obtain the original biometric trait from the stored
template.



Accuracy: The verification performance, in terms of False Rejection Rate (FRR) or False
Acceptance Rate (FAR), is compatible with the performance of using the original biometric data.

In the proposed approach, each minutiae,
M
, is represented by a feature vector

M

= (
x
,

y
,

θ
)
T





(1)

where
x
,
y

indicate the minutiae location coordinates and
θ

denotes the minutiae orientation [9]. A
fingerprint templa
te
F

containing
N

minutiae is represented by

F

=
M
k

= (
x
k
,

y
k
,

θ
k
)
T

k
= 1, 2, …,
N



(2)

A LMS is defined by a minutia with its three nearest
-
neighbors and the measurements include the
Euclidean distance, the relative angle, and the ridge coun
t that is defined as the number of ridges that
intersect the straight line between two minutiae [10].

LF

= (
d
oi
,
d
oj
,
d
ok
,
θ
oi
,
θ
oj
,
θ
ok
,

r
oi
,
r
oj
,
r
ok
) (3)

where
d
ox
is the

Euclidean distance between the centre minutiae
M
o

and
M
x
,
θ
ox

is t
he orientation difference
between minutiae
M
o

and
M
x
, and
r
ox
, denotes the ridge count between minutiae
M
o

and
M
x
. Because the
Euclidean distance among minutiae may not be the same due to the elastic distortion, the ridge count is
used in the proposed algo
rithm to make the matching stretch invariant. The minutiae orientation difference
is calculated as follows:

θ
ox
= norm(
θ
o
-

θ
x
)
(4)

Secure Authentication Using PIN
-
based Cancellable Fingerprint Templates






13

-

4

STO
-
MP
-
IST
-
111



where


(5)


4.0

MATCHING ALGORITHM

To perform fingerprint matching, the core point h
as been widely used with its orientation to align two
fingerprint images to overcome the problems from rotation and translation [11,

12]. A polar coordinate
system is used with the core point as the
pole. A serial number is assigned to each
LMS based on th
e
distance.

During an enrollment phase,
a user starts with
choosing an eight digits pin

number. Then the
users fingerprint is captured and processed. Eight local minutiae structures are selected based on the eight
-
digit PIN number. It is possible to make
the user be the only person who knows the PIN. Therefore
nobody knows the combination of local minutiae structures used for authentication the user. Like the
password, the user can change the local minutiae set by replacing the old PIN with a new one. In a
ddition,
the user can choose different PINs for each account and application. In the proposed approach, a minutiae
structure set includes 8 to 32 minutiae points, which is more than enough for user authentication purposes
because in general a match of 6
-
8
minutiae points are usually considered sufficient, while some particular
law
-
enforcement applications need up to 12 matching minutiae points [13]. A match score is calculated by
measuring the degree of similarity between minutiae structure sets of two fing
erprints.


S
LFLF’

=
1
-
{
A
∙(|
d
oi
-
d’
oi
|+|
d
oj
-
d’
oj
|+|
d
ok
-
d’
ok
|)

+

B
∙[norm(
θ
oi
-
θ’
oi
)+norm(
θ
oj
-
θ’
oj
)+norm(
θ
ok
-
θ’
ok
)]


+
C
∙(|
r
oi
-

r’
oi
|+|
r
oj
-
r’
oj
|+|
r
ok
-
r’
ok
|)}

(6)

where S
LFLF’

is calculated by the weighted sum of the differences between the input local minutia structu
re
LF’ and enrolled local minutia structure LF. Parameters A, B and C are the weights that sum to 1:

A
+
B
+
C

= 1

(7)

The proposed method exhibits the following advantages

over the existing methods



Security: it is almost impossible for attackers to guess the PIN number that the user uses.



Renewability: if the biometrics profile is compromised, the user can simply change the PIN
number to generate a new profile.



Privacy: it is not the original biomet
ric data, but only a set of minutiae, is stored in a central
database.

5.0

EXPERIMENTS

To evaluate the performance of the proposed approach, experiments were performed on FVC 2002 DB1
database that is available in a DVD included in [11]. It is an excellent

benchmark for fingerprint
identification studies. First, a fingerprint image was processed and transformed from a grey
-
scale image
into a binary image with the optimized regions that have similar gray
-
scale values [14]. Next, a thinning


Secure Authentication Using PIN
-
based Cancellable Fingerprint Templates

STO
-
MP
-
IST
-
111

13

-

5





Figure 1. A
minutiae with nearest 3 neighbours.


algorithm was applied to produce a skeleton image. Then, a feature extraction algorithm was used to
generate minutiae vector with associated attributes. Finally, LMS was constructed for each minutia with
its three neare
st
-
neighbours (Figure 1).


The database contains 8 impressions per finger from 100 individuals for a total of 800 fingerprint images
as evaluation set. In our experiments, t
wo impressions

were excluded in our experiments because at least
two out of eigh
t impressions for each finger in FVC 2002 DB1 database are partial fingerprints. Therefore,
the total number of genuine tests is 100 x

= 1500 to compute the FRR. According to FVC 2002
instruction [15], in imposter test the first sample of eac
h finger is matched against the first sample of the
remaining fingers to compute the FAR, which result in (100×99)/2 = 4950 imposter attempts. The
performance of the proposed algorithm is measured in terms of genuine individuals being accepted (GAR)
and FA
R. Figure 2 plots the corresponding Receiver Operating Characteristic (ROC) curve.

6.0

CONCLUSION

The growing apprehension for the information security is owing to the gradually rising information on
security intrusions. Even though information security ca
n be accomplished with the help of a prevailing
tool like cryptography, user authentication is one of the key issues to be deal with. In this paper, we
present a novel biometric authentication method in which the authentication is performed based on a set
of
fingerprint local minutiae structures established based on a user selected PIN number. In the proposed
approach, different LMS sets can be obtained with different PIN numbers, more or less like in cancel
l
able
biometrics that transformed version of the b
iometric data can be changed with different transformation
functions. It is highly impractical to recover the original fingerprint traits from the stored local minutiae
structures. We have utilized the fingerprints available from public sources to evaluate

the efficacy of our
approach which proved to be effective. Future work on the development of fingerprint alignment
algorithm would lead to improved result.

Genuine accept rate (%)

False acceptance rate (%
)




Figure 2. ROC

curve for verification.


M
0

M
1

M
2

M
3

Secure Authentication Using PIN
-
based Cancellable Fingerprint Templates






13

-

6

STO
-
MP
-
IST
-
111



7.0

REFERENCES


[1]

Olesker, A. (2012).
DARPA seeks to blend biometrics with passwords in DOD cyber sec
urity without
new hardware
. FEDcyber.com,
http://www.fedcyber.com/2012/01/17/darpa
-
seeks
-
to
-
blend
-
biometrics
-
with
-
pas
swords
-
in
-
dod
-
cyber
-
security
-
without
-
new
-
hardware/
.

[2]

Jain, A., Nandakumar, K. & Nagar, A. (2008).
Biometric Template Security
. EURASIP Journal on
Advances in Signal Processing, Vol. 2008, 17 pages.

[3]

Ratha, N., Connell, J. & Bolle, R. (2001).
Enhancing Secur
ity and Privacy in Biometrics
-
Based
Authentication Systems
. IBM Systems Journal, Vol. 40, No. 3, pp. 614
-
634.

[4]

Nagar, A., Nandkuma, K. & Jain, A. (2010).
Biometric Template Transformation: A Security
Analysis
. Proc. SPIE, the International Society for Opti
cal Engineering, Vol.7541, 15 pages.

[5]

Seshadri, R. & Raghu Trivedi, T. (2011).
Efficient Cryptographic Key Generation Using Biometrics
.
International Journal of Computer Technology and Applications, Vol. 2, No. 1, pp. 183
-
187.

[6]

Al
-
Assam, H., Sellahewa, H. &
Jassim, S. (2009).
A Lightweight Approach for Biometric Template
Protection
. Proc. Mobile Multimedia / Image Processing, Security, and Applications, SPIE
Vol.7351, 12 pages.

[7]

Cavoukian, A. & Stoianov, A. (2011).
Biometric Encryption

in
Encyclopedia of Crypt
ography and
Security

(2nd ed.), H. C.A. van Tilborg and S. Jajodia (Eds.), New York: Springer, pp. 90
-
98.

[8]

Cavoukian, A. & Stoianov, A. (2009).
Biometric Encryption: The New Breed of Untraceable
Biometrics
. in
Biometrics: Fundamentals, Theory, and Systems
,
N. V. Boulgouris, K. N. Plataniotis,
and E. Micheli
-
Tzanakou (Eds.), London: Wiley
-
IEEE Press, pp. 655
-
718.

[9]

Pathak, P. (2010).
Image Compression Algorithms for Fingerprint System
. International Journal of
Computer Science Issues, Vol. 7, No 9, pp. 45
-
50.

[10]

C
hoi, H., Choi, K. & Kim, J. (2011).
Fingerprint Matching Incorporating Ridge Features with
Minutiae
. IEEE Trans. on Information Forensics and Security, Vol. 6, No. 2, pp. 338
-
345.

[11]

Maltoni, D., Maio, D., Jain, A. & Prabhakar, S. (2003).
Handbook of Fingerp
rint Recognition
. New
York: Springer
-
Verlag.

[12]

Lee, C., Jeng, I., Yang, T., Chen, C. & Su, P. (2009).
Singular Point Detection in Fingerprint Images
by A Bank of Discrete Fourier Filters
. Proceedings of

the 5
th

International Conference on Intelligent
Information Hiding and Multimedia Signal Processing, pp. 250
-
253.

[13]

Mansukhani, P. & Govindaraju, V. (2005).
Exploring Similarity Measures for Biometric Databases
.
Proceedings of the 5th International Conference on Au
dio
-

and Video
-
based Biometric Person
Authentication, LNCS 3546, pp. 832
-
840.

[14]

Yuheng, Z. & Qinghan, X. (2006).
An Optimized Approach for Fingerprint Binarization
.
Proceedings of 2006 IEEE International Joint Conference on Neural Networks
,
pp. 391
-
395.

[15]

FVC2
002 (2002).
Performance Evaluation
.
http://bias.csr.unibo.it/fvc2002/perfeval.asp
.

Genuine accept rate (%)

False acceptance rate (%)