Secure and Revocable Biometric Template Using Fuzzy Vault...
Transcript of Secure and Revocable Biometric Template Using Fuzzy Vault...
Proposed Methodology Chapter 3
83
Secure and Revocable Biometric Template Using Fuzzy
Vault for Fingerprint, Iris and Retina
CHAPTER 3
3. PROPOSED METHODOLOGY
3.1 OUTLINE OF THE PHASES OF PROPOSED METHODOLOGY
3.2 PHASE I – UNIMODAL BIOMETRIC FUZZY VAULT
3.3 PHASE II – PASSWORD HARDENED BIOMETRIC FUZZY VAULT
3.4 PHASE III – MULTIMODAL BIOMETRIC FUZZY VAULT
3.5 PHASE IV – PASSWORD HARDENED MULTIMODAL BIOMETRIC
FUZZY VAULT
3.6 PHASE V– PASSWORD HARDENED TRIMODAL BIOMETRIC FUZZY
VAULT FOR HIGH SECURITY APPLICATIONS
3.7 PHASE VI – COMBINED USER AND SOFT BIOMETRIC BASED
PASSWORD HARDENED BIOMETRIC FUZZY VAULT
3.8 CHAPTER SUMMARY
Proposed Methodology Chapter 3
84
As a result of literature survey it is understood that establishing the
identity of an individual is very crucial in the present times. Biometric
authentication has proved itself superior to the traditional password based
authentication in many respects. Nevertheless, biometric systems are prone to a
variety of attacks. The stored biometric template attack is the most severe of all
the attacks. Hence, providing security to this form is of prim e importance.
Moreover, biometric templates may reveal private information about diseases
and disorders of a person. Biometric templates cannot be reissued on spoofing.
From the literature survey it is found that fuzzy vault is a proven technology for
protecting biometric templates and hybrid methods are better in providing
security to biometric templates.
Eye based biometrics namely iris and retina have certain merits
compared to other biometrics like fingerprint. Anyhow, very few have worked
on iris and retinal biometric templates. Both iris and retina capturing camera
can be mounted on a single device to improve user convenience. Their
combination is the best suited for high security applications.
The proposed hybrid method mainly depends on biometric crypto
system based fuzzy vault scheme for providing security for biometric
templates. To impose revocability and diversity, apart from security to
biometric templates the feature transformation based salting method (password
hardening) is combined with fu zzy vault scheme to obtain a password hardened
fuzzy vault.
Password hardened fuzzy vault overcome certain limitation of fuzzy
vault and renders more security. Multibiometric is more powerful compared to
their unibiometric components. Multibiometric fuzzy vault is constructed to
provide more security and they are more resistive to spoof attacks. The
proposed method considers feature points extracted from fingerprint, iris and
retina for constructing multimodal biometric fuzzy vault. Feature level fusion
is done to combine feature points from three different biometric modalities.
Proposed Methodology Chapter 3
85
Multibiometric fusion based on feature level extraction has strong interaction
among the input measurements and such schemes are referred to as tightly
coupled integrations. Featu re level fusion is better co mpared to match level
fusion as integration done in the feature level is more effective and informative
than in the matching level fusion.
Multibiometric fuzzy vault is also hardened using user specific password
for diversity, revocability and added security. An attempt is made in the
proposed method to utilize the idea of soft biometrics. To find the strength of
the fuzzy vault, the security vault is measured using min -entropy. The number
of computations required to compromis e the vault by brute force attack is also
calculated. The proposed method involves fingerprint, iris and retinal
biometric templates and their combinations.
3.1 OUTLINE OF THE PHASES OF PROPOSED METHODOLOGY
Ensuring security to biometric template is of prima ry importance. A
person loses his identity when biometric is lost. The main objective of the
proposed method is to provide security, revocability and diversity to biometric
templates. Three different biometric modalities namely fingerprint, iris and
retina are considered. The proposed method protects the biometric template
using a hybrid approach namely password hardened fuzzy vault.
Thus the proposed methodology has been divided in to five phases as
shown in Figure 3.1.
Phase I : Unimodal Biometric Fuz zy Vault
• Provides Security to Fingerprint, Iris and Retinal Templates
Phase II: Password Hardened Biometric Fuzzy Vault
• Provides Security to Fingerprint, Iris and Retinal Templates
• Overcomes the limitations of Fuzzy Vault
• Provides revocability and di versity to biometric templates
Proposed Methodology Chapter 3
86
• Increase the strength of the Fuzzy Vault
• More resistive towards spoof attacks
Phase III: Multimodal Biometric Fuzzy Vault
• Provides security to fingerprint, iris and retinal templates
• Overcomes the limitations of unimodal b iometric fuzzy vault
• Increases the strength of the fuzzy vault
• More resistive towards spoof attacks
• Provides the merits of multimodal biometrics
Phase IV: Password Hardened Multimodal Biometric Fuzzy Vault
• Provides Security to Fingerprint, Iris and R etinal Templates
• Overcomes the limitations of unimodal biometrics
• Overcomes the limitations of plain fuzzy vault
• Increases further the strength of the fuzzy vault
• More resistive towards spoof attacks
• Provides the merits of multimodal biometrics and password
hardening
• Provides revocability and diversity to biometric templates
• Increases further the strength of the vault
Phase V: Combined User and Soft Biometric based Password Hardened Fuzzy
Vault
• Introduces the concept of soft biometrics
• Provides the merits of multimodal biometrics, password hardening and
soft biometrics
• Provides revocability and diversity to biometric templates
• Maintains the strength of the vault
Proposed Methodology Chapter 3
87
Phase VI: Trimodal Password Hardened Fuzzy Vau lt for High Security
Applications
• Provides the merits of multimodal biometrics, password hardening and
soft biometrics
• Provides revocability and diversity to biometric templates
• Increases further the strength of the vault
• More resistive towards spoof attacks
• Provides revocability and diversity to biometric templates
• Suitable for high security applications
• In this phase, strength of the different vaults is also compared.
Proposed Methodology Chapter 3
88
Figure 3.1 Phases of Proposed Methodology
Phase I Unimodal Biometric Fuzzy Vault
• Provides Security to Biometric templates
Phase II Password Hardened UniBiometric Fuzzy Vault
• Overcomes the Limitations of Plain Fuzzy Vault • More Resistive towards Attacks • Provides Revocability and Diversity • Avoids Function Creeping
Phase III Multimodal Biometric Fuzzy Vault(Bimodal)
• Overcomes the Limitations of Unibiometrics • More Resistive towards Attacks • Overcome the Limitations of Unimodal Fuzzy Vault
Phase IV Password Hardened Bimodal Biometric Fuzzy Vault
• Overcomes the Limitations of plain Fuzzy Vault • More Resistive towards Attacks • Overcomes the Limitations of Unibiometrics • Provides More Security, Revocability and Diversity • Avoids Function Creeping
Phase V Password Hardened Trimodal Biometric Fuzzy Vault
• Provides the Merits of Hardened Vault • Provides the Merits of Multibiometrics • Suitable for High Security Applications • Improves
Phase VI Combined User and Soft Biometric Based Password
Hardened Multimodal Biometric Fuzzy Vault • Introduces Soft Biometrics in Fuzzy Vault • Provides the Merits of Hardened Vault • Provides the Merits of Multibiometrics
Proposed Methodology Chapter 3
89
3.2 UNIMODAL BIOMETRIC FUZZY VAULT
Fuzzy vault is a cryptographic construct proposed by Juels and Sudan
[61]. This construct is more suitable for applications where biometric
authentication and cryptography are fused to gether. Fuzzy vault framework ,
thus utilizes the goodness of both cryptography and biometrics. In fuzzy vault
framework, the secret key S is locked by G, where G is an unordered set from
the biometric sample. A polynomial P is constructed by encoding the s ecret S.
This polynomial is evaluated by all the elements of the unordered set G.
A vault V is constructed by the union of unordered set G and chaff point
set C which is not in G.
V = G U C
The union of the chaff point set hides the genuine point set fr om the
attacker. Hiding the genuine point set secures the secret data S and user
biometric template T. The vault is unlocked with the query template T’. T’ is
represented by another unordered set U’. The user has to separate sufficient
number of points from the vault V by comparing U’ with V. By using error
correction method the polynomial P can be successfully reconstructed if U’
overlaps with U and secret S gets decoded. If there is not substantial
overlapping between U and U’ secret key S is not decoded . This construct is
called fuzzy because the vault will get decoded even for very close values of U
and U’ and the secret key S can be retrieved. Therefore , fuzzy vault construct
becomes more appropriate for biometric data which possess inherent fuzziness
and hence the name fuzzy vault as proposed by Sudan [ 61]. The security of the
fuzzy vault depends on the infeasibility of the polynomial reconstruction
problem. The vault performance can be improved by adding more number of
chaff points C to the vault.
Proposed Methodology Chapter 3
90
A. Fuzzy Vault Encoding
For the vault implementation, a unique point from biometric modality is
extracted. Secret message is generated as a 128 bit random stream. The 16 bit
CRC is appended to transformed key S to get 144 bit SC. The primitive
polynomial cons idered for CRC generation is
gcrc(a) = a16 + a15+ a2 + 1
In the minutiae set, the minutiae points whose Euclidian distance is less
than D are removed. A 16 bit lock/unlock unit ‘u’ is obtained by concatenating
x and y (each 8 bits) coordinates. The ‘u’ v alues are sorted and first N of them
are selected. The Secret (SC) is divided into 9 non overlapping segments of 16
bits each. Each segment is converted to its decimal equivalent to account for
the polynomial coefficients (C8, C7 …C0). All operations tak e place in Galois
Field GF (216). The projection of ‘u’ on polynomial ‘p’ is found. Now the
Genuine points set G is ((ui, P(ui)). Random chaff points are generated which
are 10 times more in number than that of the genuine points. Thus two sets
namely the Genuine set (G) and chaff set (C) are generated in the following
way.
G = [(u1,p(u1), (u2,p(u2),…….. (u l,p(ul)] C = [(c1,d1),(c2,d2) …..(cm,dm)] cj • ui ( j = 1,2,…….l, i = 1,2, …m) dj • P(ci ) ( j = 1,2,…….l, i = 1,2, …m) VS = Listscrambled (G U C)
Where ‘u’ is genuine point ‘p(u)’ is the projection of the genuine point ‘c’ is the chaffpoint which is not in genuine point set ‘d’ is the dummy value which is not in p(u) ‘m’ is the number of chaff points ‘l’ is the number of genuine points
Proposed Methodology Chapter 3
91
Both the genuine and chaff point sets are combined to construct the
vault. The vault is list scrambled. The encoding operation for fingerprint and
retina based multimodal fuzzy vault is s hown in Figure 3.2. The following
Table 3.1 shows the notations used.
Table 3.1 Notations Used
Notations Meaning S Secret Key
SC Secret Key+ Cyclic Redundancy Code (CRC ) G Genuine set C Chaff set
VS List scrambled Vault SC* SC Generated after Decoding Q Query Template
Figure 3.2 Biometric Fuzzy vault: Encoding
Polynomial (P) Construction
Polynomial Projection
Template Minutiae Feature List
Cyclic Redundancy
Check Encoding
(SC)
List Scrambling (VS)
Secure Data (D)
Chaff Point Generation (C)
Vault (V)
Proposed Methodology Chapter 3
92
B. Fuzzy Vault Decoding
From the query templates, unlocking points (N in number) are extracted.
The unlocking set is found as in encoding. This set is compared with the vau lt
to separate the genuine point set for polynomial reconstruction. From this set,
all combinations are tried to decode the polynomial. Lagrangian interpolation is
used for polynomial reconstruction. For a specific combination of feature
points the polynomial gets decoded. In order to decode the polynomial of
degree 8, a minimum of at least 9 points are required. If the combination set
contains less then 9 points, polynomial cannot be reconstructed. Now the
coefficients and CRC are appended to arrive at SC* . Then SC* is divided by
the CRC primitive polynomial.
If the remainder is not zero, query image does not match template image
and the secret data cannot be extracted. If the remainder is zero, query image
matches with the template image and the correct se cret data can be extracted.
In this case SC* is divided into two parts as the 128 bit secret data and 16 bit
CRC code. The decoding operation of fuzzy vault is shown in Fig ure 3.3.
End
Lagrange Interpolation
Secret S’ Extraction
Combination Sets
Determination
Candidate Point Identification
Query Minutiae Feature List
Vault (V)
CRC Decoding
Figure 3.3 Biometric Fuzzy vault: Decoding
Negative
Positive
Proposed Methodology Chapter 3
93
C. Security Analysis of Fuzzy Vault
The security of the fuzzy vault depends on the infeasibility of the
polynomial reconstruction and the number of chaff points. Using th is construct
128 bit secret data like Advanced Encryption Standard (AES) key can also be
protected. The security of the proposed fuzzy vault is measured by min-entropy
which is expressed in terms of security bits. According to NandaKumar [ 86]
the min-entropy of the minutiae template MT given the vault V can be
calculated as
Where
r = number of genuine points in the vault
c = number of chaff points in the vault
t = the total number of points in the vault (r + c)
In the above fuzzy vau lt an adversary has to guess (n+1) points
combinations simultaneously to decode the vault. Polynomial with lesser
degrees can be easily reconstructed by the attacker and the vault gets decoded.
Polynomials with larger degrees require a lot of computational effort. The
security of the fuzzy vault increases as the degree of the polynomial increases.
However it requires a lot of computation for higher degree polynomials which
make the system slow. The security increases as the number of chaff points in
the vault increases but at the cost of increased memory consumption. Number
of chaff points added is 10 times more than that of the genuine points to have
larger combinations for achieving higher security. Moreover, it is observed that
the process consumes more memory and makes the system slow but they are
hard to reconstruct. If the adversary stages a brute force attack, to decode a
polynomial of degree n, he has to try total of (t, n+ 1) combinations of n+1
Proposed Methodology Chapter 3
94
element each. Out of this, only (r, n+1) combinations are required to decode the
vault. Hence, for an attacker to decode the vault it takes C(t, n+1) / C(r, n+1)
evaluations.
D. Merits of Fuzzy Vault Scheme
Fuzzy vault, being a crypto biometric based key binding mechanism for
template protection has the following merits;
• Fuzzy vault is a proven technology f or biometric template security
• Fuzzy vault framework thus utilizes the goodness of bo th cryptography
and biometrics
• Fuzzy vault is more suitable for applications where biometric
authentication and cryptograph y are fused together
• Fuzzy vault eliminates the key management problem as compared t o
other practical cryptosystems
• The security of the fuzzy vault depends on the infeasibility of the
polynomial reconstruction
• This construct is called fuzzy because the va ult will get decoded even
for very close values of U and the secret key S can be retrieved.
Therefore fuzzy vault construct become more appropriate for biometric
data which possesses inherent fuzziness
E. Limitation of Fuzzy Vault Scheme
Fuzzy vault being a proven scheme has its own limitati ons which are
listed as follows;
• The same biometric data cannot be used to construct a n ew vault when it is
compromised
• Fuzzy vault suffers from non -revocability, cross -matching and lack of
diversity
Proposed Methodology Chapter 3
95
• It is possible to attack the vault by performing statistic al analysis on the
vault points
• The attacker can substitute few points from his own biometric feature as
chaff points. Now the vault authenticates for the legal user as well as the
imposter for the same biometric template
• The imposter can glean the original template when it is exposed temporarily
• Fuzzy vault scheme is vulnerable to specific attacks like attack via record
multiplicity, stolen key inversion attack, blended substitution attack
In order to overcome these problems fuzzy vault scheme is hardened
with password to obtain a password hardened fuzzy vault. Password is used as
an additional authentication factor and this improves the security of the fuzzy
vault. The proposed unimodal fuzzy vault is hardened by password. This
enhances the user -privacy and adds an additional level of security.
3.3 UNIMODAL BIOMETRIC FUZZY VAULT HARDENING
Password Hardening is a salting based approach in which the minutiae
points of the biometric templates are transformed by apply ing a function which
is derived from the user specific password.
The user can have different password for different applications, so that
diversity for biometric template is achieved and function creeping is
eliminated. Even if the attacker compromise s the vault, a new set of minutiae
points can be generated by changing the password and or the transformation
function. This makes the biometric template revocable. In this hybrid approach
only the transformed points are secured using fuzzy vault and stored in the
database rather than the original points. T herefore, security of the password is
crucial in this approach.
3.3.1 Steps in Password Hardening of Fuzzy Vault
The following are the steps involved in the process of hardening the
fuzzy vault and they are shown in the Figure 3.4.
Proposed Methodology Chapter 3
96
Step 1:- A random transformation function is derived from the user
password.
Step 2:- The password transformed function is applied to the biometric
template.
Step 3:- Fuzzy vault frame work is constructed to secure the transforme d
template.
Step 4:- The key derived from the same password is used to encrypt the vault.
Figure 3.4 Steps in Password Hardening of Fuzzy Vault
3.3.2 Merits of Hardened Fuzzy Vault
The following are the merits of hardened fuzzy vault as compared to the
plain fuzzy vault.
• The hardened fuzzy vault overcomes the limitations of non -revocability
and cross-matching.
• Password introduces an additional layer of security.
• Even if the password is compromised, the basic security and privacy
provided by the fuzzy vault are not affected.
• Compromised password makes the security level the same as that of a
fuzzy vault.
Secret Key Generation User Password Biometric Feature Extraction
Transformation Transformation
Biometric Template
Fuzzy Vault
Proposed Methodology Chapter 3
97
• It is very difficult for an attacker to compromise both the biometric
template and the password at the same time.
• Hardening provides diversity to biometric templates.
• Introduction of password enhances user privacy.
• Strength of the fuzzy vault increases as the
Strength of the Vault = Min -entropy of the fuzzy vault + Guessing
entropy of the password
Where guessing entropy is the av erage amount of work required to
guess the password of a selected user.
Even though fuzzy vault hardening overcome s certain problems of fuzzy
vault, unimodal based systems suffer from certain other problems when
compared to their multimodal counterparts.
The unimodal fuzzy vault has to overcome the problems faced by
unimodal biometrics. Moreover , multimodal biometric authentication systems
are practiced in several crucial applications. Therefore , providing security to
multibiometric templates is very import ant. The problems with unimodal
biometrics are alleviated by employing multibiometric.
3.3.3 Problems with Unimodal Biometric Systems
Unimodal biometric systems suffer from the following problems,
• Noise in sensed data
• Intra-class variations
• Distinctiveness
• Non-universality
• Spoof attacks
In order to overcome these limitations of unimodal biometric systems,
multibiometric systems are preferred. Multibiometric systems are better in
Proposed Methodology Chapter 3
98
performance and they are more resistive towards attacks. Multibiometric
templates are to be protected using multimodal biometric fuzzy vault.
3.4 MULTIBIOMETRIC FUZZY VAULT
Multibiometric systems consolidate information from different traits.
The main design issue of the multibiometric system is fusion strategy and
selection of biometric modalities. In the proposed method , feature level fusion
of biometric feature points is done . This gives better results compared to other
fusion strategies. Multimodal biometric fuzzy vault combines feature points
from more than one biometric trait and hence the number of genuine points can
be increased and thereby more number of chaff points can be added. This
increases the security of the fuzzy vault. The proposed method implements
three different bimodal fuzzy vault for various application s using fingerprint,
iris and retinal templates.
3.4.1 Merits of Multimodal biometric fuzzy vault
The multimodal biometric posses the following merits,
• Can address the non -universality problem
• Reduce the Failure To Enroll Rate (FTER) and Failure to Capture Rate
(FTCR).
• Reduces the effect of noisy data.
• More resistant to spoof attacks.
• Enhances user convenience.
• It is very difficult for an attacker to compromise the multibiometric fuzzy
vault, as all the biometric modalities must be compromised simultaneously.
• Security of the fuzzy vault increases as the number of points in the vault
increases.
• Security of the fuzzy vault = combined min -entropy of the fuzzy vault.
Proposed Methodology Chapter 3
99
3.4.2 Limitation of Plain Multibiometric Fuzzy Vault
Multibiometric fuzzy vault suff ers from the following problems;
• non-revocability
• lack of diversity
• function-creeping
Therefore hardening of multibiometric fuzzy vault is necessary to
overcome these limitations.
3.5 PASSWORD HARDENING OF MULTIMODAL BIOMETRIC FUZZY VAULT
Biometric templates from different m odalities are password
transformed. The transformed points from multimodal templates are combined
together by feature level fusion into a single set of points. This combined
password transformed template is secured using fuzzy vault and stored in the
database.
3.5.1 Steps in Password Hardening of Multimodal Fuzzy Vault
The following are the steps involved in the password hardening of Multimodal
fuzzy vault. The steps involved in password hardening of multimodal biometric fuzzy
vault is depicted in Figure 3.5
Step 1: A random transformation function is derived from the user password.
Step 2: The password transformed function is applied to the first biometric modality.
Step 3: The password transformed function is applied to the second biometric
modality.
Step 4: Fuzzy vault frame work is constructed to secure the transformed templates by
using the feature points from all the modalities.
Step 5: The key derived from the same password is used to encrypt the vault.
Proposed Methodology Chapter 3
100
Figure 3.5 Steps in Password Hardening of Multimodal Biometric Fuzzy
Vault
3.5.2 Merits of Password Hardened Multibiometric fuzzy vault
Password hardened multibiometric fuzzy vault acquires the merits of
both multibiometric and password hardening. Multibiometric component over
comes the limitations of unibiometric , and hardened fuzzy vault alleviate s the
limitations of plain fuzzy vault. The collecti ve merits are listed as follows;
• It is very difficult for an attacker to compromise all the biometric traits and
password simultaneou sly.
• Multibiometric password hardened fuzzy vault is more resistive towards
spoof attack.
• Password acts as an additional layer of security.
• Revocability and diversity are obtained.
• Function-creeping is avoided.
• Can address the non -universality problem.
• Reduce the Failure To Enroll Rate (FTER) and Failure to Capture Rate
(FTCR).
• Reduces the effect of noisy data.
Combined Multimodal Fuzzy Vault
Key Generation
Biometric Modality 1
Password
Feature Extraction
Biometric Modality 2
Feature Extraction
Transformation Transformation Transformation
Proposed Methodology Chapter 3
101
• Enhances user convenience.
• More secure as the strength of the vault increases.
Strength of the vault = min -entropy of the combined fuzzy vault +
Guessing entropy of the password
This phase provides security to three different combinations of bimodal
biometric templates namely fingerprint and iris, fingerprint and retina, retina
and iris through password hardene d fuzzy vault. All the three combinations
find their role in three specific applications in real situations.
The performance of the primary template protection mechanism can be
improved by augmenting the ideas of other template protection methods like
liveness detection Mechanisms, Steganographic and Watermarking
Techniques, Challenge -Response Systems, Multi -modal Biometric Systems,
Soft Biometrics and Cancelable Biometrics.
The Phase V of the proposed work protects three different biometric
templates namely fingerprint, iris and retina in tri modal fuzzy vault. This
biometric combination can be used in high security applications.
3.6 TRIMODAL BIOMETRIC FUZZY VAULT FOR HIGH SECURITY
APPLICATIONS
This phase constructs a Trimodal fuzzy vault by combining fe ature
point set from three different biometric mo dalities say fingerprint, i ris and
retina namely Kf, Ki and Kr. Then Chaff points are added to the vaults to
conceal the genuine points.
Vf i r = (Kf U Ki U Kr U C)
The Chaff points are generated in such a way that they do not lie on Kf,
Ki and Kr. In this proposed vault the secret S is locked by three unordered sets
Proposed Methodology Chapter 3
102
U1, U2 and U3. This phase implements both the plain and hardened trimodal
fuzzy vault.
3.6.1 Steps involved in the Hardening of Trimodal biomet ric fuzzy vault
The following are the steps involved in the construction of Trimodal
fuzzy vault.
Step 1: A random transformation function is derived from the user password.
Step 2: The password transformed function is applied to the first biometric
modality - fingerprint template.
Step 3: The password transformed function is applied to the second biometric
modality - iris template.
Step 4: The password transformed function is applied to the third biometric
modality - retina template.
Step 5: Fuzzy vault frame work is constructed to secure the transformed
templates by using the feature points from all the three modalities.
Step 6: The key derived from the same password is used to encrypt the vault.
Figure 3.6 depicts the steps involved in the constru ction of the password
hardened multi biometric fuzzy vault with three biometric modalities.
Figure 3.6 Steps in Password Hardened Trimodal Biometric Fuzzy Vault
Password Biometric Modality 1 (Fingerprint)
Biometric Modality 2 (Iris)
Biometric Modality 3 (Retina)
Key Generation Feature Extraction Feature Extraction Feature Extraction
Transformation Transformation Transformation Transformation
Combined Multimodal Fuzzy Vault
Proposed Methodology Chapter 3
103
3.6.2 Encoding of Trimodal biometric Fuzzy Vault
For the vault implementation, unique points from a ll the three biometric
modalities namely fingerprint, iris and retina are combined together. Then they
are encoded in the fuzzy vault in the same way as explained in phase I. In order
to check for revocability three different passwords are applied. The e ncoding
process is depicted in Figure 3 .7.
3.6.3 Decoding of Trimodal biometric Fuzzy Vault
In the authentication phase, the encrypted vault and feature points are
decrypted by the user password. Password based transformation is applied to
the query feature points and the vault is unlocked. From the query templates of
all the three biometric templates, unlocking points (N in number) are extracted.
The unlocking set is found as in encoding. This set is compared with the vault
to separate the genuine point set for polynomial reconstruction. From this set,
all combinations are tried to decode the polynomial. Lagrangian interpolation is
used for polynomial reconstruction. For a specific combination of feature
points the polynomial gets decoded. Decoding operation of the trimodal vault is
the same as that of the one given in phase I. The decoding operation of the
trimodal vault is given in the Figure 3. 8
Figure. 3.7 Trimodal Biometric Fuzzy Vault: En coding
List scrambling (VS)
Chaff Point Generation (C)
Polynomial Projection
Cyclic Redundancy
Check Encoding (SC)
Polynomial (P) Construction
Vault (V)
Fingerprint Minutiae Feature List Tf
Retina bifurcation feature list Tr
Iris Minutiae Feature List Ti
Secure Data (S)
Combined Feature List TFIR
Proposed Methodology Chapter 3
104
3.6.4 Merits and Demerits of Password Hardened Trimodal Fuzzy Vault
The trimodal hardened fuzzy vault posses es higher strength as it has
more genuine points from three different biometric modalities. The number of
points in the vault is very high and it is very difficult for an attacker to
compromise the vault. It is not practically possible for the attacker to
compromise all the three modalities and password at the same time. Security of
the vault increases as it accounts for the min -entropy of trimodal vau lt and the
guessing entropy of the user specific password. The vault is revocable and
avoids function creeping. Diversity is provided. The trimodal vault acquires
the merits of multibiometric and password hardening.
However, it takes much computational time for the encoding and
decoding process for higher degree polynomials and three different modalities
are involved. Anyway, this can be accepted as it is employed in high security
applications. To overcome this problem faster hybrid methods must be
explored and the algorithm should be implemented in high speed systems.
Negative
Positive
Figure. 3.8 Trimodal Biometric Fuzzy Vault: Decoding
Query minutiae feature list from Fingerprint Qf
Query minutiae feature list from Iris Qi
Query minutiae feature list from Retina Qr
Combined Query feature list QIIR
Vault (V) Candidate Point
Identification Candidate Set
Determinations Language
Interpolation
CRC Decoding
Secret S’ Extraction
End
Proposed Methodology Chapter 3
105
The phase V of the proposed method makes an attempt to incorporate
the concept of soft biometrics to secure biometric templates.
3.7 COMBINED USER AND SOFT BIOMETRIC BASED PASSWORD HARDENED
FUZZY VAULT
The idea of soft biometric is mixed with the hybrid template protection
method of password hardened fuzzy vault. The characteristics of the soft
biometrics are as follows,
• Soft biometrics provides ancillary information about a person.
Examples: - gender, ethnicity, age, height, weight, eye color, body fat
content.
• They lack distinctiveness or permanence.
• Soft biometrics alone is not enough to differentiate two individuals.
• When combined with primary biometrics (Fingerprint, Iris, and Retina
etc) soft biometrics gives better results.
According to the recent literature survey it is found that Scars, Marks
and Tattoos (SMT) can also serve as soft biometrics. They find their
applications in suspect and victim identification in forensic and law
enforcement.
In the proposed method password is split into two components namely
user password and soft biometric password. This combined user and soft
biometric based password is used for hardening the vault.
3.7.1 Combined User and Soft biometric based Password
The 64 bit user password in divided into two components as 40 bit user
password and 24 bit soft biometric password. The proposed method involves
protection of primary biometric templates namely iris and retina, and therefore,
the colour of the eye is considered and used in soft biometric password.
Moreover eye biometrics has certain merits compared to other biometrics and
they cannot be spoofed easily. In this phase, soft biometric component of the
Proposed Methodology Chapter 3
106
password is obtained by combin ing the height, eye colour and gender of the
person. Seven different eye colo urs are identified and single character code is
assigned for each of them.
Consider the 5 character user password ‘FUZZY’ (40 bits) and soft
biometric password ‘155BM’ (Height + eye color + gender = 2 4 bits) and the
combined password becomes ‘FUZZY155BM’ (64 bits). In this phase
combined user and soft biometric based password hardened multimodal fuzzy
vault is also constructed. The security of the combined soft biometric based
password will have the sa me security level as that of plain password based
fuzzy vault. However, it will be hard for an attacker to find out which soft
biometric trait combination the system adapts. Current authentication systems
are provided with gender identification, height me asurement, facility to capture
the eye colour. These facilities can be captured and utilized .Certain difficult
combination of soft biometrics can be used to filter the attackers.
3.7.2 Steps in Combined User and Soft biometric based Password
Hardened Multimodal Fuzzy Vault
The following are the steps involved in the combined user and soft
biometric based password hardened multimodal biometric fuzzy vault.
Step 1: A combined user and soft biometric password is generated.
Step 2: A random transformation function is derived from the combined
password.
Step 3: The password transformed function is applied to the iris and retinal
template.
Step 4: Fuzzy vault frame work is constructed to secure the transformed
templates by using feature points from iris and retina.
Step 5: The key derived from the same password is used to encrypt the vault.
Figure 3.9 depicts the steps involved in the construction of the combined
user and soft biometric based password hardened multimodal biome tric fuzzy
Proposed Methodology Chapter 3
107
vault. This phase constructs three different soft biometric based password
hardened fuzzy vault for iris, retinal and their combined multi modal fuzzy
vault.
Figure 3.9 Steps involved in the combined user and soft bi ometric based password hardened Multimodal biometric fuzzy vault
3.8 CHAPTER SUMMARY
This chapter discusses the various phases of the proposed methodology.
Fuzzy vault constructed in phase I has the limitation of non -revocability, lack
of diversity and func tion creeping. In order to overcome those limitations the
plain fuzzy vault is hardened with password in phase II. Anyhow, the fuzzy
vault in phase II has the demerits of unimodal biometric fuzzy vault. Therefore
Phase III considers multimodal fuzzy vault. The vault in Phase III overcome s
the demerits of unimodal fuzzy vault and inherits the merits of multibiometrics.
Anyhow, it again suffers from non -revocability, lack of diversity and function
creeping. In order to overcome that , phase IV implements the password
hardened multimodal biometric fuzzy vault. Phase IV implements three
different combinations of bimodal biometric fuzzy vault. Phase V implements
the trimodal biometric fuzzy vault to protect fingerprint, iris and retinal
User Password (40 Bits)
Soft Biometric Password (24 Bits)
Biometric Templates
User Password + Soft Biometric Passwords (64 Bits)
Features Extractions from Iris
Deriving Transformation Equation from Combined Password
Simple Permutation and Translation of Iris Templates
Revocable Biometric Templates
Fuzzy Vault
Proposed Methodology Chapter 3
108
templates. Trimodal fuzz y vault is suitable for high security applications. The
concept of softbiometrics is introduced in Phase VI of the proposed
methodology. Security analysis and the number of evaluation required to
capture the vault through brute force calculations are fou nd for all the phases of
the proposed method. The security of the vault and its resistance towards attack
increases from one phase to another phase.