Chaos-based biometrics template protection and secure authentication

1.1. Biometric and biometric identification systems

Traditional identity authentication methods are based on what is physically possessed such as ID cards and what can be mentally stored in the memory such as passwords and keys. The shortfalls of both are for instance ID cards can easily be lost or forged while passwords and keys can either be easily guessed or forgotten respectively. Short passwords are often easy for memory but easily guessed by others. On the other hand, long passwords (commonly known as keys) although cannot be easily guessed are prone to memory problem. Key storage is therefore an issue and it is recommended that general long keys are stored in key cards and at the same time use short passwords to protect the Key Cards (Wang et al., 2006, Wang et al., 2007). Eventually, short passwords are still essential to identity authentication security.

Biometric (Tian, 2005) features inherited in person include two major categories which are person’s physical characteristics and behavioural characteristics. Physiological characteristics are fingerprints, face, iris, palm prints, and voice to name but a few. Behavioural characteristics include gait, signature, keystrokes etc. These characteristics have attracted a large number of scholars who conducted extensive and thorough research on them. In order to perform the identification, an automatic technology is adopted to measure these features, and have them compared with data from a database template. This infers that identification and biometric identification technology is the solution to the certification.

Before the popularization and application of computers, biometrics was carried out manually mainly by artificial experts (e.g. American FBI for instance have large fingerprint experts). The development of productivity and popularity of information technology today have made biometrics to be automated using computers. The Automatic Fingerprint Identification System (AFIS) for example is one of the automated systems ever established. A typical AFIS includes an off-line register and an on-line identification process, as shown in Fig.1 (Li et al, 2009). The off-line register includes signal acquisition, feature extraction, template storage and other necessary steps. The on-line identification includes a signal acquisition, feature extraction, registration, template matching etc. Biometric identification system has two modes for identity authentication: authentication (1:1) and identification (1: N). Authentication mode test are “you the person you claimed”, and identification mode test verifies “your identity information in the database and who you are”. The two methods have large gap in aspects of their algorithm processing time complexity.

1.2. The defects of traditional biometric identification system

Traditional biometric identification system has increased in terms of recognition accuracy and speed. Yet, most traditional fingerprint identification systems adopt minutiae as their recognition features and the information of location where the direction of minutiae are stored for comparison in the form of pure data. The traditional system stores original coordinates of minutiae and their value of direction, unfortunately, without any encryption. With the development of hardware attack and crack technology the whole biometrics identification system will be completely exposed to the scope of hacker attacks, threatening the security and privacy of user identity. Unlike passwords and keys that can be reset after their loss, the loss of biometric is permanent.

Cappelli et al. (2007) shows in a novel approach that the original fingerprint can be reconstructed automatically from standard minutiae-based templates. This may unlikely fool a human expert but is definitely possible to successfully attack even state-of-the-art automatic recognition systems, provided that one is able to present reconstructed images to the system. Thus there is the higher need for template security of biometric identification systems. Besides outside threats to template security, biometrics identification system is also facing a variety of other types of attacks.

In particular, Ratha et al. (2001a) did specific analysis on the sources of vulnerable attacks on the biometric identification system, and put them into 8 categories, as shown in Fig.2.

The eight basic sources of attack are described as below:

1. Fake biometric at the sensor: In this mode of attack, a possible reproduction of the biometric being used will be presented to the system. Examples include a fake finger, a copy of a signature, a face mask.

2. Resubmission of old digitally stored biometrics signal: In this mode of attack, an old recorded signal is replayed into the system bypassing the sensor.

3. Override feature extract: The feature extractor could be attacked with a Trojan horse so that it would produce feature sets chosen by the hacker.

4. Tampering with the feature representation: After the features have been extracted from the input signal they are replaced with a different synthesized feature set (assuming the representation is known).

5. Override matcher: The matcher is attacked to always directly produce an artificial high or low match score.

6. Tampering with stored templates: The stored template attacker tries to modify one or more templates in the database which could result in authorization for a fraudulent individual, or at least denial of service for the person associated with the corrupted template.

7. Channel attack between stored templates and the matcher: The templates from the stored database are sent to the matcher through a channel which could be attacked to change the contents of the templates before they reach the matcher.

8. Overriding Yes/No response: If the final result can be overridden with the choice of result from the hacker, the final outcome is very dangerous. Even if the actual pattern recognition system had excellent performance characteristics, it has been rendered useless by the simple exercise of overriding the result.

Due to the existence of the above threats to biometric system, it can be said that biometrics have degenerated gradually from “inherent features of you” to “features of what you have” to a certain extent. On the contrary passwords and keys can overcome this danger through encryption. Biometric cannot be protected directly through encryption, for instance, the hash function, as the great Hash intra-variance of it. However, it provides a feasible way for protecting the safety of biometric templates that combined biometric science and cryptography. There is the biggest obstacle to above combination that the contradiction between accuracy required by cryptography and inherent ambiguity of biometrics even if more and more researchers realized the advancement of the combination. How to overcome that contradiction in the condition of guarantying authentication performance of the system is the content of study on various biometric templates protection algorithm.

2.1. Biohashing

The cancellable biometrics issue was addressed by Connie et al. (2004) which adopted a technique known as BioHashing. Jin et al. (2004c) proposed a novel approach of two-factor authenticator, based on iterated inner products between tokenised pseudo-random number and the user specific fingerprint feature, which generated from the integrated wavelet and Fourier–Mellin transform (WFMT), and hence produced a set of user specific compact code that named as BioHashing. WFMT features were chosen in this algorithms because in WFMT framework, wavelet transform preserves the local edges and noise reduction in the low-frequency domain (high energy compacted) after the image decomposition, and hence makes the fingerprint images less sensitive to shape distortion. In addition to that, the reduced dimension of the images also helps to improve the computation efficiency.

The fingerprint feature vector is acquired after fingerprint image passed through wavelet transform, FFT transform, log-polar transform and high-pass filtering. As log-polar transform, the vector is invariable to translation, rotation and scale. Pseudo-random number can be calculated based on a seed that stores in USB token or smart card microprocessor through a random number generator. And a data T can be produced by iterating inner product between the pseudo-random number and the wavelet FMT fingerprint feature. Then the biohashing code is obtained by quantizing T with T=0 if T≤τ, otherwise T=1, where τ is a preset threshold. The BioHashing progression can be illustrated as in Fig. 3.

However, if the user token was stolen, the performance of BioHashing would be lower than that using only the biometric data (Lumini & Nanni, 2007; Nanni & Lumini, 2006, 2008). It can be concluded that the main factor is pseudo-random number, instead of fingerprint itself.

Lumini & Nanni (2007) proposed an improved BioHashing approach which is more robust than the original method. They consider that the case of loss of random number can be solved by extending the length of hashing key. Then they put forward four improvement measures to extend the length of key, i.e.

• NORMALIZATION:
• τ VARIATION:ττττmaxτminp

1. SPACES AUGMENTATION:kK
2. FEATURES PERMUTATION:qq

The result of improved BioHashing procedure, if all the above solutions are exploited, is a set of k p q BioHash codes, which are compared by the Hamming distance. The verification task is performed by training a classifier for each BioHash code and finally by combining these classifiers by a fusion rule (we suggest the SUM rule).Thus it enormously increased length of hashing key, the problem of original algorithm is solved.

Biohashing algorithm was originally proposed for the fingerprint, but the algorithm requires highly differentiated fixed-length features which are very difficult to extract in the fingerprint. FingerCode (Jain et al, 1999) has a fixed length, but a low discriminabiltity, can not assure the certificated performance under the circumstance of loss of random number (Lumini & Nanni, 2007). The Biohashing algorithms of other biometrics, such as face, palmprint, have been proposed and carried out relevant research (Jin et al, 2004a, 2004b, 2006; Nanni & Lumini, 2006, 2008a; Connie et al, 2004; Jin & Ling, 2005; Ling et al, 2004, 2006). Some of the new technology applied also to Biohashing algorithms, such as probabilistic neural network (PNN) (Lumini & Nanni, 2006), Gray coding (Jin et al, 2007, 2008).It also applied to Biohashing algorithms that the technology of multimodal fusion and multi-feature fusion, to settle the problem of high EER in the term of loss of random number (Maio & Nanni, 2005; Lumini & Nanni, 2006; Nanni & Lumini, 2008).

2.2. Biometric template encryption

Bioscrypt algorithm was proposed by Soutar et al. (1999), which is one of the earliest algorithms about biometric encryption. The basic idea is based on image processing and Fourier transform. The algorithm has two steps: enrollment (as shown in Fig. 4(a) ) and verification (as shown in Fig. 4(b) ).

Enrollment phase: In the stage E-1 called Image Processing, combine a series of input fingerprint images with a random (phase) array to create two output arrays that are H_stored(u) and c₀(x); In the stage E-2 called Key linking, link a cryptographic key k₀, to the pattern, c₀(x), via the link algorithm; In the stage E-3 called Identification code creation, create an identification code id₀, derived from the key k₀.

Verification phase: In the stage V-1 called Image Processing, combine H_stored(u) from the bioscrypt, with a new series of input fingerprint images to create an output pattern, c₁(x); In the stage V-2 called Key Retrieval, extract a key k₁ from c₁(x) using the retrieval algorithm; In the stage V-3 called Key Validation, validate k₁ by creating a new identification code id₁, and comparing it with id₀.

Also, there are criticisms to the algorithm from literature (Davida et al, 1998; Juels & Sudan, 2002) that the algorithm carried no rigorous security guarantees. It does not count the entropy loss of algorithm in enrollment phase and not present definitely the rejection rate and false acceptance rate. In addition, the authors assume that the corresponding fingerprint image is pre-registration in the course of the experiment, in fact, it is difficult to achieve.

2.3. Geometric transform of template technology

2.3.1. Geometric features transform

Ang et al. (2005) consider a key-dependent geometric transform that is applied to the features extracted from a fingerprint, to generate a key-dependent cancellable template for the fingerprint. The method reduce the EER according to the experiment with FVC2002 database, while the drawback of the method is that it has to detect singularity, and singularity itself is difficult to detect precisely, so the associated error will be introduced, what’s more, some types of fingerprints does not have singularity(such as arch). In addition, there is some inaptitude when folded templates are treated with common matching, such as there may be a coincidence that the minutiae to be overwritten while folded.

Ratha et al. (2006, 2007) presented a method of template transform. The method transforms the set of fingerprint minutiae from original space to another space using a one-way function. However, the performance of transformed template is lower than original template using the method. The reason is that there is deviation of transformed minutiae position from expectation, and additional registration to transformation function can avoid the descend mentioned above, but the registration is difficult to control. Lee C et al. (2007) presented a method without additional registration to transformation function, whereas, the method still does not reduce the risk of that system is attacked as loss of key.

Actually, Tulyakov et al. proposed a method named Symmetric Hash Functions for Fingerprint Minutiae (Tulyakov et al, 2007; Jain et al, 2006). They presented a method of hashing fingerprint minutia information and performing fingerprint identification in hashing space. Due to the disorder of templates minutiae, input of hash function was not dependent on sequence (i.e. symmetric). Specifically, given n minutia points {c₁, c₂, …, c_n}, they constructed following m symmetric hash functions and employed one or some of them:

h1(c1,c2,⋯,cn)=c1+c2+⋯+cnh2(c1,c2,⋯,cn)=c12+c22+⋯+cn2⋯hm(c1,c2,⋯,cn)=c1m+c2m+⋯+cnmE2

where c_i ( i =1, 2, …, n) are complex numbers, represent the information of minutiae structure.

They spread the concept of two factor authentication using key binding method. In order to enhance the security, they establish random relationship between a class of hash function and pair of minutiae structure by a particular user's key, so different user has different relationship between hash function and pair of minutiae structure.

2.4. Hidden transmission of biometric template

Khan et al. (2007) presented a chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to improve the system’s resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature. In 2010, Khan et al. proposed another means of hidden biometric template transmission named chaos and NDFT-based spread spectrum technique to conceal fingerprint-biometrics templates into audio signals. Fingerprint templates are encrypted by chaotic encryption, encoded by the BCH codes, modulated by chaotic parameter modulation (CPM), and then hid into the chaotically selected random sampling points of the host speech signal by non-uniform discrete Fourier transform (NDFT). The template extraction process is completely blind and does not require original speech signal, thus the extraction depends on the secret key. Experimental and simulation results show that the scheme is robust against common signal processing attacks, and accomplishes perceptual transparency by exploiting the masking effects of human auditory system (HAS).

3.1. Chaotic spread spectrum encryption using coupled n-NDFs

Since the intra-class variance among the samples from same finger may achieve to 25%-30%, the chaotic spread spectrum encryption technique, instead of ECC, is used here to improve the error-correcting ability, with attendant encryption function. In the following subsection, n-dimensional nonlinear digital filter (n-NDF) is preferred to serve as the underlying chaotic system to produce secure spread spectrum code.

3.1.1. Chaotic spread spectrum code base on n-dimensional NDF

Nonlinear digital filters (NDFs) have received attention in chaotic secure communication, hash function and pseudorandom bit generator. The reason is that the n-NDF outputs n-dimensional uniform distributed chaotic signal when it satisfies Kelber conditions (Wang & Zhang, 2007). Fig.5. depicts the block diagram of an nth-order NDF, whose state equation is given by

{z1(t+1)=h∘mod(∑i=1ncizi(t)+ϕ)  zq(t+1)=zq−1(t)     y(t)=z1(t+1), q=2,3,⋯,nE3

whereϕ∈(−1,1)denotes input signal, y(t) the output signal, z={z1,z2,⋯,zn}T∈(−1,1)nthe initial states of filter, c={c1,c2,⋯cn}the filter coefficients, h(.) the piecewise linear map defined by…

h(x,p)={(2x+1−p)/(1+p)x∈(−1,p](−2x+1+p)/(1−p)x∈(p,1),and mod(v)=v−2⋅⌊v+12⌋.

For describing convenience, the discretization form of n-NDF above is denoted asy(i+1)=F(ϕ,z,c,i). It has been proven that n-NDF is an ergodic chaotic system with n-D uniform distribution provided that the system is not decomposable and the coefficientscn∈Z,|cn|>1,ci≠0,i∈{1,2,...,n−1}.

In the following, we couple two independent n-NDFs, as depicted in Fig. 6, to generate chaotic spread spectrum sequence. The two independent n-NDFs are expressed as

{y1(i+1)=F1(ϕ1,z1,c1,i)y2(i+1)=F2(ϕ2,z2,c2,i)  ,  y1,y2∈(−1,1)E4

Then couple two outputs of Eq.(4) as y(i)=mod(y1(i)+y2(i))( The symbol “⊗” in Fig.6.), and quantize y(i) uniformly to get the binary spread spectrum sequenceri=⌈2y(i)⌉mod2.

3.1.2. Chaotic spread spectrum encryption

Figure 7 shows that the process of chaotic spread spectrum encryption is with the encryped operation XOR, at the same time with code spectrum spread. Specifically, under the control of key k₁, chaotic spread spectrum sequence {ri}i=1Nc×S can be obtained, then XOR it with each error correction encoded binary codecj (j=1,⋯Nc), the result wi=ri⊕c⌈i/s⌉ is the spreading encryption information corresponding toC={cj} j=1Nc.

Based on the chaotic spread spectrum sequence r_i, the process of chaotic spread spectrum encryption is defined as

w={wi}i=1Nw={ri⊕c⌈i/s⌉}i=1NC×S={cj⊕r(j−1)×S+1,cj⊕r(j−1)×S+2,⋯,cj⊕r(j−1)×S+S}j=1NcE5

where symbol “ ⊕“ denotes bit-XOR operation, S is spread factor, Nc the bit-length of original message, r_i the spread spectrum sequence, and w the spreaded sequence with bit-lengthNw=S×Nc. With the increasing S, the error correction capability can also be improved. The critical work is to decide a suitable S by experiments to discriminate the intra-class samples and inter-class samples.

Regarding the de-spread spectrum, it is the inverse process of Fig.7. Assume the spread information isw∗={wj∗}j=1Nw, corresponding to the original message w, the de-spread process is composed of correlation and decision phases defined by Eq.(6) and Eq.(7), respectively. The cj* in Eq.(7) is the recovered binary code sequence corresponding tocj.

d={dj}j=1Nc={∑i=1sw(j−1)×S+i∗⊕r(j−1)×S+i}j=1NcE6

cj∗={01       dj<S/2dj≥S/2E7

3.2. The proposed biometric template protection scheme

The way of centralized storage of biometric data in the database have security guarantees by using the chaotic n-NDF, where the hash value H(R) of random secret information R instead of biometric w₀ itself stored in the database, can play the same protection effect as a password on authentication system. Given that the one-way hash function H(.) is safe and collision free, the proposed scheme is a safe fingerprint identification system.

The proposed scheme includes two stages: registration and authentication. In the stage of registration, l-bit random number R was selected first, and then carry out BCH encoding operation on it and R’ is obtained. Next, perfrom chaotic spread spectrum on R’ to get sequence R’’. At the same time w₀’ is reached from the user’s fingerprint code w₀ after BCH decoding operation on the w₀, then publish pub=R’’⊕w₀’. The stage of authentication is the recovery process of R. Suppose w₁ is the fingerprint code what is to be authenticated, similarily the w₁’ is the data obtained from the BCH decoding on the w₁, as pub ⊕w₁’= (R’’ ⊕ w₀’) ⊕w₁’=R’’ ⊕ (w₀’ ⊕w₁’), while w₀’⊕w₁’can be viewd as noise which disturbes R’’. The registration and identification process can be seen as that R passes an additive noise channel of digital communication system. Similar fingerprint feature code have less different bits equivalently less noise, while the different fingerprint feature code have more different bits, resulting in greater noise. When the R'' is disturbed by noise P, through the appropriate error-correcting code that R can be recovered when similar fingerprint feature is authenticated while different fingerprint feature can not. Assume R be recovered as R₁, the authentication is valid or not depending on whether the hash value of R₁ equals the pre-stored hash value H (R) or not.

Utilizing the ECC, chaotic spread spectrum and fuzzy extractor, the proposed scheme consists of registration process and authentication process, which is illustrated in Fig.8. and described as follows.

Registration process

User's fingerprint data is collected firstly in the registration phase, and carry out features extraction and coding, calculate R and pub from the BCH decoding of fingerprint template w₀’, where R is the secret random number and pub is public data. H(R) is calculated by the one-way hash function. R, H(R) and pub are stored in server database, thus complete the registration.

1. Randomly select a secret R and perform BCH encoding: R’←BCH(R);

2. Perform chaotic spread spectrum operation on R’: R’’←Chaotic_SS(R’);

3. To decrease the distance of intra-class samples, perform BCH decoding on the user’s biometric template w₀: w₀’←De_BCH(w₀);

4. Perform bit-XOR operation on R’’ and w₀’ to get public information: pub←R’’⊕w₀’;

5. Store pub and Hash value of R on server for user authentication: server←{pub, H(R)}, where H(.) is a cryptographic hash function.

Authentication process

In the authentication phase the user's fingerprint information is collected and the fingerprint feature is denoted as w₁. The authentication process is as follows.

1. extract the user’s fingerprint template w₁ and execute BCH decoding on it:

1. retrieve the pub information from server, and bit–XOR it with w₁’: R₁’’←w₁’⊕pub;

2. perform chaotic de-spread spectrum operation on R₁’’: R₁’←Chaotic_DS(R₁’’);

3. perform BCH decoding on R₁’: R₁←De_BCH(R₁’);

4. match the hash value of R₁ and the hash value of R stored in server, if H(R₁)==H(R), the user is authenticated, otherwise, the user is rejected.

Note that two minor things in registration and authentication phases have to be processed. One is how to initialize the initial states and coefficients of coupled n-NDFs in chaotic spread/de-spread spectrum process. This can optionally split H(R) into 32-bit strings for each state and coefficient. If the length of H(R) is not enough long, we can hashing R one more times until the total hash length meets requirement. The other is bit-XOR operations in pub←R″⊕w′0 andR″1←w′1⊕pub, where two operands are required to be identical bit length, otherwise bit-expansion is necessary. That is, if the bit length of w′0 is smaller than that ofR″, repeatedly concatenatew′0 so that its length is enough long. Otherwise, trim w′0 so that its length equals to that ofR″. As forR″1←w′1⊕pub, the way of processing is similar.

3.3. Security analysis

In this subsection, we will briefly illustrate the privacy protection and cancellable ability of proposed scheme.

/Privacy protection:/ Early biometric-based authentication systems directly store user’s biometric templates in server, this way may cause template disclosing by database manager or hacker, even the templates are stored in smart card. In the proposed scheme, only H(R) and pub are stored in server. Since H( ) is one-way cryptographic hash function, it’s computationally infeasible to recover R. Moreover, R is randomly selected by authenticated user, the attacker can not derive R and biometric template from H(R) and pub. Therefore, the proposed scheme has strong privacy protection.

/Template cancellation:/ The template cancellation of proposed scheme is different from traditional template cancellations, but in fact it can achieve to the purpose of “template cancellation”. In this scheme, on the one hand, users select different random secret R for different application systems, and thus different systems stored different information H(R) and pub. This way adversary can not obtain any secret information R or biometric template of a user, though they collect all the stored information of the same user from multiple authentication systems. On the other hand, when user’s register information requires update, user only need reselect random secret information R_new and calculate H(R_new) and pub_new. After re-registering, the old information H(R_old) and pub_old are not valid any more. Moreover, it is not conductive to derive the user’s biometric template from the newly registered information H(R_new) and pub_new, even when attacker got the H(R_old) and pub_old. Therefore, the multiple re-registering information from the same user does not decrease the security. From system function point of view, the proposed scheme inherently owns revocable-biometric ability.

3.4. Experimental results

The proposed method is evaluated using the fingerprint database of FVC 2004 [FVC 2004], where there are 8 impressions for each of the 100 distinct fingers with image size of 328x364 at a resolution of 500dpi.

We select 8 impressions for each of the 20 distinct fingers. Among these fingerprint images, 60 images for 20 fingers (each finger has 3 images) are used to parameter tuning before testing, while the rest fingerprint images are used to evaluate the scheme. Fig.9 shows 3 images of one finger of 20 fingers. The evaluation criteria used here are fault accept rate (FAR) and fault reject rate (FRR).

Firstly, we use 60 images for parameter optimizing. There are two parameters (i.e. n, k) in BCH error-correcting code, and one parameter (i.e. spread factor S) in chaotic spread spectrum. The optimization target is balancing the FRR for intra-class samples, the FAR for inter-class samples and computational load. Based on such optimization principle, one of the tuning parameter set are valued as n=63, k=10 and spread factor S=40.

In the rest 100 samples, we select 2 samples from the rest 5 samples of each finger, that one sample is used to registration while the other is used to authentication. We perform such intra-class experiments for 20×C52=200 times. The experiment result is listed in table 1. The data of table 1 shows that the FRR=0.5% and GAR=99.5% in the scheme. When we improve the error-correcting capability by increasing the spread factor or BCH parameters, the FRR will decrease as expected at the cost of time complexity and storing volume.

In addition, we randomly select 2 inter-class samples from the rest 100 samples to evaluate the FAR. Fig.10 shows one experimented group of that. Such experiments are performed forC1002−20×C52=4750 times with the same parameters as table 1, and the statistical result is summarized in table 2.

The inter-class experiments show that no fingerprint sample has been accepted by fault, i.e. the FAR=0. It should not be surprise for such result, because the difference of two inter-class samples is so large that exceeds the error-correcting capability of BCH and spread spectrum under the selected parameters.

From the experimental FRR and FAR index of the proposed scheme, it can be seen that the scheme has high right accept rate for the intra-class fingerprints while keep ideal fault accept rate for the inter-class fingerprints. Of course, the above experiments are not enough to test the scheme and come to final conclusion. More samples, more kinds of biometrics and great number of experiments are necessary to evaluate the biometric system.