Project topics and materials
Get Complete Project Material File(s) Now! »
Literature Review on Fingerprint Template Protection Schemes
In Chapter 2, it was established that traditional data protection mechanisms (such as cryptographic hashing and encryption) are unsuitable for securing fingerprint templates due to the variable nature of fingerprint measurements. The need for fingerprint template protection schemes that are more suitable to the nature of fingerprints was thus motivated. This chapter considers the characteristics of an ideal fingerprint template protection scheme, followed by a discussion on the types of fingerprint template protection schemes that have been proposed in the literature to date.
INTRODUCTION
Researchers in the field of biometric template security in general have agreed upon a set of four characteristics that define an ideal biometric template protection scheme:
Non-invertibility: It should be impossible (or at least computationally infeasible) to reconstruct the original biometric template from the protected template.
Cancellability (revocability): It should be possible to cancel (revoke) a compromised biometric template and replace it with a new template originating from the same biometric data.
Diversity: It should not be possible to cross-match a protected biometric template across different databases.
Performance: The incorporation of a biometric template protection scheme into a biometric recognition system should not have an adverse effect on that system‟s recognition accuracy (in terms of its FAR and FRR).
An ideal biometric template protection scheme should satisfy all four requirements. While a strategy of this calibre has thus far remained elusive, a number of creative solutions have been proposed in the literature. Provide an extensive review of biometric template protection schemes presented in the literature up to the year 2008. Although this review was written in 2008, it still encapsulates the main characteristics of the majority of biometric template protection schemes emerging in the literature today. Indeed, judging by the number of citations this paper has received since its publication, it is fair to assume that much of the research on biometric template protection schemes today has been influenced by this review. The popularity of the aforementioned paper may be mainly attributed to the fact that the authors provide a convenient and effective classification of biometric template protection schemes into two main categories: feature transformations and biometric cryptosystems. A feature transformation approach essentially relies on the use of a specific function to transform a biometric template into a protected version of its former self. Depending on the characteristics of the transformation function, feature transformation approaches may be further divided into salting and non-invertible transforms. A biometric cryptosystem incorporates ideas from traditional cryptographic protection schemes with biometrics. Its fundamental operation depends on extracting helper data from a biometric template in order to reconstruct a particular key, the validity of which is used for authentication decisions. Depending on the method in which the helper data is obtained, biometric cryptosystems can be further classified as key binding and key generation systems. While categorising biometric template protection schemes is not a straightforward process, the classification proposed in [2] is very suitable and has thus been widely adopted by researchers in this field. For this reason, we have chosen to adopt this classification in reviewing the associated literature in this chapter. Borrowing Maltoni et al.‟s terminology , the term protected template will henceforth be used to refer to an enrolled biometric template that has been subjected to a certain protection technique, while unprotected template will be reserved for the description of a biometric template in its native form (before the application of any specific protection strategies). The remainder of this chapter discusses the general methodology behind the feature transformation and biometric cryptosystem approaches, lists several strengths and difficulties associated with the nature of these methods, and provides examples of well-known techniques that fall into these categories.
FEATURE TRANSFORMATIONS
In a feature transformation approach, the unprotected biometric template, T, of a user to be enrolled in the system is transformed into a protected template, T’, via a transformation function, F. The transformation function is characterized by a set of user-specific parameters, which are normally derived from a random external key or password, K. Thereafter, only the protected template, F(T, K), is stored in the system database. The enrolment process in a feature transformation approach is clearly illustrated . During verification, which is depicted in the right half of Figure 3.1, the same transformation function, F, and its governing parameters, K, are applied to the unprotected query feature set, Q, such that matching between the enrolled and query templates occurs in the transformed space, i.e., F(T, K) is matched against F(Q, K). Several advantages of the feature transformation approach readily present themselves. Firstly, the fact that the key is user-specific suggests the incorporation of diversity into the protected biometric templates, since different keys can generate multiple protected templates from the same unprotected template. Furthermore, should a protected template be compromised, it can easily be revoked and replaced with a new one by applying a different user-specific key to the same unprotected biometric data. Finally, since matching is done in the transformed domain, this means that biometric templates can remain secure even during authentication. A difficulty faced by the feature transformation approach is dealing with the intra-user variations in the unprotected biometric template. There are typically two ways of dealing with this problem: either the transformation function must be tolerant to input variations, or the transform must leave the protected biometric template in its original (feature) space (for example, fingerprint minutiae can be transformed into a different set of minutiae). The latter method could deal with intra-class variations by employing the same matcher on the transformed features as on the original feature set. An example of a typical form of intra-user variation is misalignment of the enrolled and query biometric feature sets. A common method of ensuring that the two feature sets are aligned is to pre-align the biometric templates prior to applying the transform to them (for example, by using the core point[1] in a fingerprint as the registration point). An alternative approach is to design a transform that produces an alignment-invariant biometric representation. Feature transformations may be further classified into salting and non-invertible transforms, depending on the properties of the transformation function.
Salting
Salting is a two-factor authentication scheme, in which an unprotected biometric template is transformed into a protected template via a function specified by a user-specific external key or password. The main advantage of salting is the increase in entropy of the biometric template that is a result of the incorporation of additional information into the biometric template in the form of a key . The entropy of a biometric template may be defined as “a measure of the number of different identities that are distinguishable by a biometric system” , hence increasing the entropy of a biometric template makes it more difficult for an adversary to guess the template, which means that there is a decrease in False Accept Rates. The main drawback of the salting approach is that the security of this scheme relies upon the secrecy of the key or password . This means that the transformation function is irreversible (non-invertible) only as long as the adversary remains ignorant of the key. Simultaneous availability of both the key and the protected template would enable recovery of the original, unprotected biometric template (or a close approximation of it). As a result, effective key management procedures must be put into place, or else the user is obliged to memorise the secret key; however, relying on users‟ memory for the protection of complex secret keys re-introduces the weakness of password-based schemes that we are trying to circumvent . Since matching is performed directly in the transformed domain, the salting functions must be designed such that they do not have an adverse effect on the recognition performance. This becomes especially important in the presence of large intra-user variations. Salting methods generally use quantization to deal with intra-user variability during matching in the transformed domain. The most popular example of biometric salting is the BioHashing approach, introduced by Jin et al. BioHashing is a two-factor authentication method, which is based on iterative inner products between biometric feature vectors and token-derived random number sequences that are generated by a unique hash key. The BioHashing procedure was initially proposed for the fingerprint modality, and it consists of two stages. Firstly, the extracted fingerprint feature vector is transformed into a translation, rotation, and scale invariant feature set, employing the Wavelet Fourier-Mellin Transform (WFMT). Secondly, the resulting data is discretised via an inner product computation between the invariant feature vector and a tokenised pseudorandom number sequence. The second stage of this process produces the protected biometric template vector, which is referred to as a BioHash . Portrays the creation of a user‟s BioHash vector, i.e., the enrolment stage (note that it is assumed that the biometric feature vector of the user has already been obtained and made translation, rotation, and scale invariant). During enrolment, each user is presented with a secret seed, K (hash key), which is stored on an external device such as a USB token or a smart-card. The seed is used to generate a set of m pseudorandom vectors,, and these random vectors constitute the “salt” of the BioHashing scheme. The vectors are orthonormalised using the Gram-Schmidt orthonormalisation method, after which the dot products between the invariant biometric feature vector, , and the orthonormal set of vectors, are calculated. The resulting vector is binarised in order to account for intra-user variations, where the binarised vector, constitutes the protected biometric template (BioHash). The binarisation is computed based on a pre-set threshold, where 0 corresponds to a dot product that is less than or equal to , while 1 represents a dot product greater than. The threshold, is selected based on the criterion that the expected number of zeros in the resulting BioHash vector, is equal to the expected number of ones, in order to maximize the entropy of the protected template. During verification, the invariant query biometric feature set is transformed in the same fashion, and the resulting bit vectors are compared using Hamming distance.
BIOMETRIC CRYPTOSYSTEMS
A biometric cryptosystem incorporates ideas from traditional cryptographic protection schemes with biometrics. The initial motivation behind the merging of biometrics with cryptosystems was for the purpose of either using biometric features to secure a cryptographic key or for directly generating a cryptographic key from the biometric features themselves [2, 70, 152]. However, it has since been realised that biometric cryptosystems can also be employed in the protection of biometric templates. The fundamental idea behind biometric cryptosystems is to store a small amount of information, referred to as helper data, about the unprotected biometric template [2], which can be used for matching purposes while simultaneously securing the biometric data. For this reason, biometric cryptosystems are also known as helper data based methods [2]. The helper data is ideally not supposed to reveal any information about the original biometric template, but it is employed during matching to extract a cryptographic key from the query biometric features. Verification success is determined by the validity of the extracted key, and error correction codes and quantisation are commonly used as a means of dealing with intra-user variability in the biometric features. The main operational difference between biometric cryptosystems and the feature transformation approach is that, while feature transformations rely on the non-invertibility of the transform function (in the case of non-invertible transforms) or on the secrecy of the transformation parameters (for the salting approach) to impart security to the biometric templates, in the case of biometric cryptosystems security of the protected templates is dependent upon the amount of information revealed by the helper data about the corresponding unprotected biometric templates. Furthermore, despite their applicability in biometric template protection schemes, biometric cryptosystems in general are not designed with the intention of providing diversity and revocability to the protected biometric templates. This is in contrast to the feature transformation approach, which exhibits diversity and revocability among its chief advantages. Depending on the method in which the helper data is generated, biometric cryptosystems can be further categorized into key binding and key generation systems .
1. INTRODUCTION
1.1 THE FINGERPRINT AS A BIOMETRIC
1.2 PITFALLS OF TRADITIONAL FINGERPRINT STORAGE MECHANISMS
1.3 PROPOSED SOLUTIONS FOR SECURING FINGERPRINT TEMPLATES DURING STORAGE
1.4 THESIS OBJECTIVES
1.5 CONTRIBUTIONS
1.6 PUBLICATIONS
1.7 THESIS STRUCTURE
2. BACKGROUND AND MOTIVATION
2.1 FINGERPRINT RECOGNITION SYSTEM
2.2 VULNERABILITIES OF A FINGERPRINT RECOGNITION SYSTEM
2.3 WHY AN ATTACK ON THE TEMPLATE DATABASE IS THE MOST SERIOUS TYPE OF ATTACK
2.4 SECURING FINGERPRINT TEMPLATES DURING STORAGE IN A DATABASE
2.5 SUMMARY
3. LITERATURE REVIEW ON FINGERPRINT TEMPLATE PROTECTION SCHEME
3.1 INTRODUCTION
3.2 FEATURE TRANSFORMATIONS
3.3 BIOMETRIC CRYPTOSYSTEMS
3.4 HYBRID PROTECTION SCHEMES
3.5 SUMMARY
4. NON-INVERTIBLE FINGERPRINT TRANSFORMS
4.1 INTRODUCTION
4.2 FINGERPRINT INFORMATION USED
4.3 DEALING WITH INTRA-CLASS VARIANCE
4.4 TYPES OF EXISTING NON-INVERTIBLE FINGERPRINT TRANSFORMS
4.5 TECHNIQUES USED TO EVALUATE NON-INVERTIBLE FINGERPRINT TEMPLATE PROTECTION SCHEMES
4.6 SUMMARY
5. A NON-INVERTIBLE CANCELLABLE FINGERPRINT CONSTRUCT BASED ON COMPACT MINUTIAE PATTERNS
5.1 INTRODUCTION
5.2 THE PROPOSED FINGERPRINT CONSTRUCT
5.3 SUITABILITY OF PROPOSED FINGERPRINT CONSTRUCT AS A FINGERPRINT TEMPLATE PROTECTION SCHEME
5.4 SUMMARY
6. CONSISTENCY OF COOPERATIVE USERS IN SCANNING THEIR FINGERPRINTS
6.1 INTRODUCTION
6.2 FINGERPRINT DATABASE CONSTRUCTION
6.3 ANALYSIS OF USER CONSISTENCY IN PLACING FINGER ON SCANNER
6.4 IMOPRTANCE OF INVESTIGATION FOR THE PROPOSED FINGERPRINT CONSTRUCT
6.5 SUMMARY
7. TRUE FRR OF NEW FINGERPRINT CONSTRUCT
7.1 INTRODUCTION
7.2 TRUE FRR AS THE NUMBER OF REFERENCE FINGERPRINTS INCREASES
7.3 EVALULATION OF THE TRUE FRR WHEN THE USER IS ALLOWED MULTIPLE AUTHENTICATION ATTEMPTS
7.4 SUMMARY
8. PERFORMANCE OF PROPOSED FINGERPRINT CONSTRUCT ON COOPERATIVE-USER FINGERPRINT DATABASE
8.1 INTRODUCTION
8.2 GENERAL EXPERIMENTAL SET-UP
8.3 EFFECT OF MULTIPLE REFERENCE FINGERPRINTS ON FAR
8.4 FAR AND FRR IN MFGUAS
8.5 FAR AND FRR WHEN PROPOSED FINGERPRINT CONSTRUCT IS MODIFIED TO IMPROVE PATTERN UNIQUENESS
8.6 SUMMARY
9. PERFORMANCE COMPARISON
9.1 INTRODUCTION
9.2 EXPERIMENTAL SET-UP
9.3 EXPERIMENTAL RESULTS AND COMPARISON TO OTHER TECHNIQUES
9.4 SUMMARY
10. NON-INVERTIBILITY OF FC360°
10.1 INTRODUCTION
10.2 INFORMATION LEAKED BY AN FC360° N-NODE PATTERN
10.3 NON-INVERTIBILITY OF AN FC360° N-NODE PATTERN
10.4 SUMMARY
11. SUSCEPTIBILITY OF FC360° TO A RECORD MULTIPLICITY ATTACK
11.1 INTRODUCTION
11.2 SUSCEPTIBILITY OF FC360° TO A RECORD MULTIPLICITY ATTACK
11.3 MODIFICATION TO FC360°TOSTRENGTHENITSRESISTANCETOARECORDMULTIPLICITYATTACK
11.4 SUMMARY
12. CANCELLABILITY AND DIVERSITY OF FC360° =
12.1 INTRODUCTION
12.2 CANCELLABILLITY OF FIXED FC360° AND FLOATING FC360° N-NODE PATTERNS
12.3 DIVERSITY OF FIXED FC360° AND FLOATING FC360° N-NODE PATTERNS
12.4 SUMMARY
13. CONCLUSIONS AND FUTURE WORK
13.1 CONCLUSIONS
13.2 FUTURE WORK
GET THE COMPLETE PROJECT
Fingerprint Template Protection using Compact Minutiae Patterns
