Secure and Revocable Biometric Template Using Fuzzy Vault...

Proposed Methodology Chapter 3

83

Secure and Revocable Biometric Template Using Fuzzy

Vault for Fingerprint, Iris and Retina

CHAPTER 3

3. PROPOSED METHODOLOGY

3.1 OUTLINE OF THE PHASES OF PROPOSED METHODOLOGY

3.2 PHASE I – UNIMODAL BIOMETRIC FUZZY VAULT

3.3 PHASE II – PASSWORD HARDENED BIOMETRIC FUZZY VAULT

3.4 PHASE III – MULTIMODAL BIOMETRIC FUZZY VAULT

3.5 PHASE IV – PASSWORD HARDENED MULTIMODAL BIOMETRIC

FUZZY VAULT

3.6 PHASE V– PASSWORD HARDENED TRIMODAL BIOMETRIC FUZZY

VAULT FOR HIGH SECURITY APPLICATIONS

3.7 PHASE VI – COMBINED USER AND SOFT BIOMETRIC BASED

PASSWORD HARDENED BIOMETRIC FUZZY VAULT

3.8 CHAPTER SUMMARY


84

As a result of literature survey it is understood that establishing the

identity of an individual is very crucial in the present times. Biometric

authentication has proved itself superior to the traditional password based

authentication in many respects. Nevertheless, biometric systems are prone to a

variety of attacks. The stored biometric template attack is the most severe of all

the attacks. Hence, providing security to this form is of prim e importance.

Moreover, biometric templates may reveal private information about diseases

and disorders of a person. Biometric templates cannot be reissued on spoofing.

From the literature survey it is found that fuzzy vault is a proven technology for

protecting biometric templates and hybrid methods are better in providing

security to biometric templates.

Eye based biometrics namely iris and retina have certain merits

compared to other biometrics like fingerprint. Anyhow, very few have worked

on iris and retinal biometric templates. Both iris and retina capturing camera

can be mounted on a single device to improve user convenience. Their

combination is the best suited for high security applications.

The proposed hybrid method mainly depends on biometric crypto

system based fuzzy vault scheme for providing security for biometric

templates. To impose revocability and diversity, apart from security to

biometric templates the feature transformation based salting method (password

hardening) is combined with fu zzy vault scheme to obtain a password hardened

fuzzy vault.

Password hardened fuzzy vault overcome certain limitation of fuzzy

vault and renders more security. Multibiometric is more powerful compared to

their unibiometric components. Multibiometric fuzzy vault is constructed to

provide more security and they are more resistive to spoof attacks. The

proposed method considers feature points extracted from fingerprint, iris and

retina for constructing multimodal biometric fuzzy vault. Feature level fusion

is done to combine feature points from three different biometric modalities.


85

Multibiometric fusion based on feature level extraction has strong interaction

among the input measurements and such schemes are referred to as tightly

coupled integrations. Featu re level fusion is better co mpared to match level

fusion as integration done in the feature level is more effective and informative

than in the matching level fusion.

Multibiometric fuzzy vault is also hardened using user specific password

for diversity, revocability and added security. An attempt is made in the

proposed method to utilize the idea of soft biometrics. To find the strength of

the fuzzy vault, the security vault is measured using min -entropy. The number

of computations required to compromis e the vault by brute force attack is also

calculated. The proposed method involves fingerprint, iris and retinal

biometric templates and their combinations.

3.1 OUTLINE OF THE PHASES OF PROPOSED METHODOLOGY

Ensuring security to biometric template is of prima ry importance. A

person loses his identity when biometric is lost. The main objective of the

proposed method is to provide security, revocability and diversity to biometric

templates. Three different biometric modalities namely fingerprint, iris and

retina are considered. The proposed method protects the biometric template

using a hybrid approach namely password hardened fuzzy vault.

Thus the proposed methodology has been divided in to five phases as

shown in Figure 3.1.

Phase I : Unimodal Biometric Fuz zy Vault

• Provides Security to Fingerprint, Iris and Retinal Templates

Phase II: Password Hardened Biometric Fuzzy Vault

• Provides Security to Fingerprint, Iris and Retinal Templates

• Overcomes the limitations of Fuzzy Vault

• Provides revocability and di versity to biometric templates


86

• Increase the strength of the Fuzzy Vault

• More resistive towards spoof attacks

Phase III: Multimodal Biometric Fuzzy Vault

• Provides security to fingerprint, iris and retinal templates

• Overcomes the limitations of unimodal b iometric fuzzy vault

• Increases the strength of the fuzzy vault


• Provides the merits of multimodal biometrics

Phase IV: Password Hardened Multimodal Biometric Fuzzy Vault

• Provides Security to Fingerprint, Iris and R etinal Templates

• Overcomes the limitations of unimodal biometrics

• Overcomes the limitations of plain fuzzy vault

• Increases further the strength of the fuzzy vault


• Provides the merits of multimodal biometrics and password

hardening

• Provides revocability and diversity to biometric templates

• Increases further the strength of the vault

Phase V: Combined User and Soft Biometric based Password Hardened Fuzzy

Vault

• Introduces the concept of soft biometrics

• Provides the merits of multimodal biometrics, password hardening and

soft biometrics


• Maintains the strength of the vault


87

Phase VI: Trimodal Password Hardened Fuzzy Vau lt for High Security

Applications

• Provides the merits of multimodal biometrics, password hardening and

soft biometrics


• Increases further the strength of the vault



• Suitable for high security applications

• In this phase, strength of the different vaults is also compared.


88

Figure 3.1 Phases of Proposed Methodology

Phase I Unimodal Biometric Fuzzy Vault

• Provides Security to Biometric templates

Phase II Password Hardened UniBiometric Fuzzy Vault

• Overcomes the Limitations of Plain Fuzzy Vault • More Resistive towards Attacks • Provides Revocability and Diversity • Avoids Function Creeping

Phase III Multimodal Biometric Fuzzy Vault(Bimodal)

• Overcomes the Limitations of Unibiometrics • More Resistive towards Attacks • Overcome the Limitations of Unimodal Fuzzy Vault

Phase IV Password Hardened Bimodal Biometric Fuzzy Vault

• Overcomes the Limitations of plain Fuzzy Vault • More Resistive towards Attacks • Overcomes the Limitations of Unibiometrics • Provides More Security, Revocability and Diversity • Avoids Function Creeping

Phase V Password Hardened Trimodal Biometric Fuzzy Vault

• Provides the Merits of Hardened Vault • Provides the Merits of Multibiometrics • Suitable for High Security Applications • Improves

Phase VI Combined User and Soft Biometric Based Password

Hardened Multimodal Biometric Fuzzy Vault • Introduces Soft Biometrics in Fuzzy Vault • Provides the Merits of Hardened Vault • Provides the Merits of Multibiometrics


89

3.2 UNIMODAL BIOMETRIC FUZZY VAULT

Fuzzy vault is a cryptographic construct proposed by Juels and Sudan

[61]. This construct is more suitable for applications where biometric

authentication and cryptography are fused to gether. Fuzzy vault framework ,

thus utilizes the goodness of both cryptography and biometrics. In fuzzy vault

framework, the secret key S is locked by G, where G is an unordered set from

the biometric sample. A polynomial P is constructed by encoding the s ecret S.

This polynomial is evaluated by all the elements of the unordered set G.

A vault V is constructed by the union of unordered set G and chaff point

set C which is not in G.

V = G U C

The union of the chaff point set hides the genuine point set fr om the

attacker. Hiding the genuine point set secures the secret data S and user

biometric template T. The vault is unlocked with the query template T’. T’ is

represented by another unordered set U’. The user has to separate sufficient

number of points from the vault V by comparing U’ with V. By using error

correction method the polynomial P can be successfully reconstructed if U’

overlaps with U and secret S gets decoded. If there is not substantial

overlapping between U and U’ secret key S is not decoded . This construct is

called fuzzy because the vault will get decoded even for very close values of U

and U’ and the secret key S can be retrieved. Therefore , fuzzy vault construct

becomes more appropriate for biometric data which possess inherent fuzziness

and hence the name fuzzy vault as proposed by Sudan [ 61]. The security of the

fuzzy vault depends on the infeasibility of the polynomial reconstruction

problem. The vault performance can be improved by adding more number of

chaff points C to the vault.


90

A. Fuzzy Vault Encoding

For the vault implementation, a unique point from biometric modality is

extracted. Secret message is generated as a 128 bit random stream. The 16 bit

CRC is appended to transformed key S to get 144 bit SC. The primitive

polynomial cons idered for CRC generation is

gcrc(a) = a16 + a15+ a2 + 1

In the minutiae set, the minutiae points whose Euclidian distance is less

than D are removed. A 16 bit lock/unlock unit ‘u’ is obtained by concatenating

x and y (each 8 bits) coordinates. The ‘u’ v alues are sorted and first N of them

are selected. The Secret (SC) is divided into 9 non overlapping segments of 16

bits each. Each segment is converted to its decimal equivalent to account for

the polynomial coefficients (C8, C7 …C0). All operations tak e place in Galois

Field GF (216). The projection of ‘u’ on polynomial ‘p’ is found. Now the

Genuine points set G is ((ui, P(ui)). Random chaff points are generated which

are 10 times more in number than that of the genuine points. Thus two sets

namely the Genuine set (G) and chaff set (C) are generated in the following

way.

G = [(u1,p(u1), (u2,p(u2),…….. (u l,p(ul)] C = [(c1,d1),(c2,d2) …..(cm,dm)] cj • ui ( j = 1,2,…….l, i = 1,2, …m) dj • P(ci ) ( j = 1,2,…….l, i = 1,2, …m) VS = Listscrambled (G U C)

Where ‘u’ is genuine point ‘p(u)’ is the projection of the genuine point ‘c’ is the chaffpoint which is not in genuine point set ‘d’ is the dummy value which is not in p(u) ‘m’ is the number of chaff points ‘l’ is the number of genuine points


91

Both the genuine and chaff point sets are combined to construct the

vault. The vault is list scrambled. The encoding operation for fingerprint and

retina based multimodal fuzzy vault is s hown in Figure 3.2. The following

Table 3.1 shows the notations used.

Table 3.1 Notations Used

Notations Meaning S Secret Key

SC Secret Key+ Cyclic Redundancy Code (CRC ) G Genuine set C Chaff set

VS List scrambled Vault SC* SC Generated after Decoding Q Query Template

Figure 3.2 Biometric Fuzzy vault: Encoding

Polynomial (P) Construction

Polynomial Projection

Template Minutiae Feature List

Cyclic Redundancy

Check Encoding

(SC)

List Scrambling (VS)

Secure Data (D)

Chaff Point Generation (C)

Vault (V)


92

B. Fuzzy Vault Decoding

From the query templates, unlocking points (N in number) are extracted.

The unlocking set is found as in encoding. This set is compared with the vau lt

to separate the genuine point set for polynomial reconstruction. From this set,

all combinations are tried to decode the polynomial. Lagrangian interpolation is

used for polynomial reconstruction. For a specific combination of feature

points the polynomial gets decoded. In order to decode the polynomial of

degree 8, a minimum of at least 9 points are required. If the combination set

contains less then 9 points, polynomial cannot be reconstructed. Now the

coefficients and CRC are appended to arrive at SC* . Then SC* is divided by

the CRC primitive polynomial.

If the remainder is not zero, query image does not match template image

and the secret data cannot be extracted. If the remainder is zero, query image

matches with the template image and the correct se cret data can be extracted.

In this case SC* is divided into two parts as the 128 bit secret data and 16 bit

CRC code. The decoding operation of fuzzy vault is shown in Fig ure 3.3.

End

Lagrange Interpolation

Secret S’ Extraction

Combination Sets

Determination

Candidate Point Identification

Query Minutiae Feature List

Vault (V)

CRC Decoding

Figure 3.3 Biometric Fuzzy vault: Decoding

Negative

Positive


93

C. Security Analysis of Fuzzy Vault

The security of the fuzzy vault depends on the infeasibility of the

polynomial reconstruction and the number of chaff points. Using th is construct

128 bit secret data like Advanced Encryption Standard (AES) key can also be

protected. The security of the proposed fuzzy vault is measured by min-entropy

which is expressed in terms of security bits. According to NandaKumar [ 86]

the min-entropy of the minutiae template MT given the vault V can be

calculated as

Where

r = number of genuine points in the vault

c = number of chaff points in the vault

t = the total number of points in the vault (r + c)

In the above fuzzy vau lt an adversary has to guess (n+1) points

combinations simultaneously to decode the vault. Polynomial with lesser

degrees can be easily reconstructed by the attacker and the vault gets decoded.

Polynomials with larger degrees require a lot of computational effort. The

security of the fuzzy vault increases as the degree of the polynomial increases.

However it requires a lot of computation for higher degree polynomials which

make the system slow. The security increases as the number of chaff points in

the vault increases but at the cost of increased memory consumption. Number

of chaff points added is 10 times more than that of the genuine points to have

larger combinations for achieving higher security. Moreover, it is observed that

the process consumes more memory and makes the system slow but they are

hard to reconstruct. If the adversary stages a brute force attack, to decode a

polynomial of degree n, he has to try total of (t, n+ 1) combinations of n+1


94

element each. Out of this, only (r, n+1) combinations are required to decode the

vault. Hence, for an attacker to decode the vault it takes C(t, n+1) / C(r, n+1)

evaluations.

D. Merits of Fuzzy Vault Scheme

Fuzzy vault, being a crypto biometric based key binding mechanism for

template protection has the following merits;

• Fuzzy vault is a proven technology f or biometric template security

• Fuzzy vault framework thus utilizes the goodness of bo th cryptography

and biometrics

• Fuzzy vault is more suitable for applications where biometric

authentication and cryptograph y are fused together

• Fuzzy vault eliminates the key management problem as compared t o

other practical cryptosystems

• The security of the fuzzy vault depends on the infeasibility of the

polynomial reconstruction

• This construct is called fuzzy because the va ult will get decoded even

for very close values of U and the secret key S can be retrieved.

Therefore fuzzy vault construct become more appropriate for biometric

data which possesses inherent fuzziness

E. Limitation of Fuzzy Vault Scheme

Fuzzy vault being a proven scheme has its own limitati ons which are

listed as follows;

• The same biometric data cannot be used to construct a n ew vault when it is

compromised

• Fuzzy vault suffers from non -revocability, cross -matching and lack of

diversity


95

• It is possible to attack the vault by performing statistic al analysis on the

vault points

• The attacker can substitute few points from his own biometric feature as

chaff points. Now the vault authenticates for the legal user as well as the

imposter for the same biometric template

• The imposter can glean the original template when it is exposed temporarily

• Fuzzy vault scheme is vulnerable to specific attacks like attack via record

multiplicity, stolen key inversion attack, blended substitution attack

In order to overcome these problems fuzzy vault scheme is hardened

with password to obtain a password hardened fuzzy vault. Password is used as

an additional authentication factor and this improves the security of the fuzzy

vault. The proposed unimodal fuzzy vault is hardened by password. This

enhances the user -privacy and adds an additional level of security.

3.3 UNIMODAL BIOMETRIC FUZZY VAULT HARDENING

Password Hardening is a salting based approach in which the minutiae

points of the biometric templates are transformed by apply ing a function which

is derived from the user specific password.

The user can have different password for different applications, so that

diversity for biometric template is achieved and function creeping is

eliminated. Even if the attacker compromise s the vault, a new set of minutiae

points can be generated by changing the password and or the transformation

function. This makes the biometric template revocable. In this hybrid approach

only the transformed points are secured using fuzzy vault and stored in the

database rather than the original points. T herefore, security of the password is

crucial in this approach.

3.3.1 Steps in Password Hardening of Fuzzy Vault

The following are the steps involved in the process of hardening the

fuzzy vault and they are shown in the Figure 3.4.


96

Step 1:- A random transformation function is derived from the user

password.

Step 2:- The password transformed function is applied to the biometric

template.

Step 3:- Fuzzy vault frame work is constructed to secure the transforme d

template.

Step 4:- The key derived from the same password is used to encrypt the vault.

Figure 3.4 Steps in Password Hardening of Fuzzy Vault

3.3.2 Merits of Hardened Fuzzy Vault

The following are the merits of hardened fuzzy vault as compared to the

plain fuzzy vault.

• The hardened fuzzy vault overcomes the limitations of non -revocability

and cross-matching.

• Password introduces an additional layer of security.

• Even if the password is compromised, the basic security and privacy

provided by the fuzzy vault are not affected.

• Compromised password makes the security level the same as that of a

fuzzy vault.

Secret Key Generation User Password Biometric Feature Extraction

Transformation Transformation

Biometric Template

Fuzzy Vault


97

• It is very difficult for an attacker to compromise both the biometric

template and the password at the same time.

• Hardening provides diversity to biometric templates.

• Introduction of password enhances user privacy.

• Strength of the fuzzy vault increases as the

Strength of the Vault = Min -entropy of the fuzzy vault + Guessing

entropy of the password

Where guessing entropy is the av erage amount of work required to

guess the password of a selected user.

Even though fuzzy vault hardening overcome s certain problems of fuzzy

vault, unimodal based systems suffer from certain other problems when

compared to their multimodal counterparts.

The unimodal fuzzy vault has to overcome the problems faced by

unimodal biometrics. Moreover , multimodal biometric authentication systems

are practiced in several crucial applications. Therefore , providing security to

multibiometric templates is very import ant. The problems with unimodal

biometrics are alleviated by employing multibiometric.

3.3.3 Problems with Unimodal Biometric Systems

Unimodal biometric systems suffer from the following problems,

• Noise in sensed data

• Intra-class variations

• Distinctiveness

• Non-universality

• Spoof attacks

In order to overcome these limitations of unimodal biometric systems,

multibiometric systems are preferred. Multibiometric systems are better in


98

performance and they are more resistive towards attacks. Multibiometric

templates are to be protected using multimodal biometric fuzzy vault.

3.4 MULTIBIOMETRIC FUZZY VAULT

Multibiometric systems consolidate information from different traits.

The main design issue of the multibiometric system is fusion strategy and

selection of biometric modalities. In the proposed method , feature level fusion

of biometric feature points is done . This gives better results compared to other

fusion strategies. Multimodal biometric fuzzy vault combines feature points

from more than one biometric trait and hence the number of genuine points can

be increased and thereby more number of chaff points can be added. This

increases the security of the fuzzy vault. The proposed method implements

three different bimodal fuzzy vault for various application s using fingerprint,

iris and retinal templates.

3.4.1 Merits of Multimodal biometric fuzzy vault

The multimodal biometric posses the following merits,

• Can address the non -universality problem

• Reduce the Failure To Enroll Rate (FTER) and Failure to Capture Rate

(FTCR).

• Reduces the effect of noisy data.

• More resistant to spoof attacks.

• Enhances user convenience.

• It is very difficult for an attacker to compromise the multibiometric fuzzy

vault, as all the biometric modalities must be compromised simultaneously.

• Security of the fuzzy vault increases as the number of points in the vault

increases.

• Security of the fuzzy vault = combined min -entropy of the fuzzy vault.


99

3.4.2 Limitation of Plain Multibiometric Fuzzy Vault

Multibiometric fuzzy vault suff ers from the following problems;

• non-revocability

• lack of diversity

• function-creeping

Therefore hardening of multibiometric fuzzy vault is necessary to

overcome these limitations.

3.5 PASSWORD HARDENING OF MULTIMODAL BIOMETRIC FUZZY VAULT

Biometric templates from different m odalities are password

transformed. The transformed points from multimodal templates are combined

together by feature level fusion into a single set of points. This combined

password transformed template is secured using fuzzy vault and stored in the

database.

3.5.1 Steps in Password Hardening of Multimodal Fuzzy Vault

The following are the steps involved in the password hardening of Multimodal

fuzzy vault. The steps involved in password hardening of multimodal biometric fuzzy

vault is depicted in Figure 3.5

Step 1: A random transformation function is derived from the user password.

Step 2: The password transformed function is applied to the first biometric modality.

Step 3: The password transformed function is applied to the second biometric

modality.

Step 4: Fuzzy vault frame work is constructed to secure the transformed templates by

using the feature points from all the modalities.

Step 5: The key derived from the same password is used to encrypt the vault.


100

Figure 3.5 Steps in Password Hardening of Multimodal Biometric Fuzzy

Vault

3.5.2 Merits of Password Hardened Multibiometric fuzzy vault

Password hardened multibiometric fuzzy vault acquires the merits of

both multibiometric and password hardening. Multibiometric component over

comes the limitations of unibiometric , and hardened fuzzy vault alleviate s the

limitations of plain fuzzy vault. The collecti ve merits are listed as follows;

• It is very difficult for an attacker to compromise all the biometric traits and

password simultaneou sly.

• Multibiometric password hardened fuzzy vault is more resistive towards

spoof attack.

• Password acts as an additional layer of security.

• Revocability and diversity are obtained.

• Function-creeping is avoided.

• Can address the non -universality problem.

• Reduce the Failure To Enroll Rate (FTER) and Failure to Capture Rate

(FTCR).

• Reduces the effect of noisy data.

Combined Multimodal Fuzzy Vault

Key Generation

Biometric Modality 1

Password

Feature Extraction

Biometric Modality 2

Feature Extraction

Transformation Transformation Transformation


101

• Enhances user convenience.

• More secure as the strength of the vault increases.

Strength of the vault = min -entropy of the combined fuzzy vault +

Guessing entropy of the password

This phase provides security to three different combinations of bimodal

biometric templates namely fingerprint and iris, fingerprint and retina, retina

and iris through password hardene d fuzzy vault. All the three combinations

find their role in three specific applications in real situations.

The performance of the primary template protection mechanism can be

improved by augmenting the ideas of other template protection methods like

liveness detection Mechanisms, Steganographic and Watermarking

Techniques, Challenge -Response Systems, Multi -modal Biometric Systems,

Soft Biometrics and Cancelable Biometrics.

The Phase V of the proposed work protects three different biometric

templates namely fingerprint, iris and retina in tri modal fuzzy vault. This

biometric combination can be used in high security applications.

3.6 TRIMODAL BIOMETRIC FUZZY VAULT FOR HIGH SECURITY

APPLICATIONS

This phase constructs a Trimodal fuzzy vault by combining fe ature

point set from three different biometric mo dalities say fingerprint, i ris and

retina namely Kf, Ki and Kr. Then Chaff points are added to the vaults to

conceal the genuine points.

Vf i r = (Kf U Ki U Kr U C)

The Chaff points are generated in such a way that they do not lie on Kf,

Ki and Kr. In this proposed vault the secret S is locked by three unordered sets


102

U1, U2 and U3. This phase implements both the plain and hardened trimodal

fuzzy vault.

3.6.1 Steps involved in the Hardening of Trimodal biomet ric fuzzy vault

The following are the steps involved in the construction of Trimodal

fuzzy vault.

Step 1: A random transformation function is derived from the user password.

Step 2: The password transformed function is applied to the first biometric

modality - fingerprint template.

Step 3: The password transformed function is applied to the second biometric

modality - iris template.

Step 4: The password transformed function is applied to the third biometric

modality - retina template.

Step 5: Fuzzy vault frame work is constructed to secure the transformed

templates by using the feature points from all the three modalities.


Figure 3.6 depicts the steps involved in the constru ction of the password

hardened multi biometric fuzzy vault with three biometric modalities.

Figure 3.6 Steps in Password Hardened Trimodal Biometric Fuzzy Vault

Password Biometric Modality 1 (Fingerprint)

Biometric Modality 2 (Iris)

Biometric Modality 3 (Retina)

Key Generation Feature Extraction Feature Extraction Feature Extraction

Transformation Transformation Transformation Transformation

Combined Multimodal Fuzzy Vault


103

3.6.2 Encoding of Trimodal biometric Fuzzy Vault

For the vault implementation, unique points from a ll the three biometric

modalities namely fingerprint, iris and retina are combined together. Then they

are encoded in the fuzzy vault in the same way as explained in phase I. In order

to check for revocability three different passwords are applied. The e ncoding

process is depicted in Figure 3 .7.

3.6.3 Decoding of Trimodal biometric Fuzzy Vault

In the authentication phase, the encrypted vault and feature points are

decrypted by the user password. Password based transformation is applied to

the query feature points and the vault is unlocked. From the query templates of

all the three biometric templates, unlocking points (N in number) are extracted.

The unlocking set is found as in encoding. This set is compared with the vault

to separate the genuine point set for polynomial reconstruction. From this set,

all combinations are tried to decode the polynomial. Lagrangian interpolation is

used for polynomial reconstruction. For a specific combination of feature

points the polynomial gets decoded. Decoding operation of the trimodal vault is

the same as that of the one given in phase I. The decoding operation of the

trimodal vault is given in the Figure 3. 8

Figure. 3.7 Trimodal Biometric Fuzzy Vault: En coding

List scrambling (VS)

Chaff Point Generation (C)

Polynomial Projection

Cyclic Redundancy

Check Encoding (SC)

Polynomial (P) Construction

Vault (V)

Fingerprint Minutiae Feature List Tf

Retina bifurcation feature list Tr

Iris Minutiae Feature List Ti

Secure Data (S)

Combined Feature List TFIR


104

3.6.4 Merits and Demerits of Password Hardened Trimodal Fuzzy Vault

The trimodal hardened fuzzy vault posses es higher strength as it has

more genuine points from three different biometric modalities. The number of

points in the vault is very high and it is very difficult for an attacker to

compromise the vault. It is not practically possible for the attacker to

compromise all the three modalities and password at the same time. Security of

the vault increases as it accounts for the min -entropy of trimodal vau lt and the

guessing entropy of the user specific password. The vault is revocable and

avoids function creeping. Diversity is provided. The trimodal vault acquires

the merits of multibiometric and password hardening.

However, it takes much computational time for the encoding and

decoding process for higher degree polynomials and three different modalities

are involved. Anyway, this can be accepted as it is employed in high security

applications. To overcome this problem faster hybrid methods must be

explored and the algorithm should be implemented in high speed systems.

Negative

Positive

Figure. 3.8 Trimodal Biometric Fuzzy Vault: Decoding

Query minutiae feature list from Fingerprint Qf

Query minutiae feature list from Iris Qi

Query minutiae feature list from Retina Qr

Combined Query feature list QIIR

Vault (V) Candidate Point

Identification Candidate Set

Determinations Language

Interpolation

CRC Decoding

Secret S’ Extraction

End


105

The phase V of the proposed method makes an attempt to incorporate

the concept of soft biometrics to secure biometric templates.

3.7 COMBINED USER AND SOFT BIOMETRIC BASED PASSWORD HARDENED

FUZZY VAULT

The idea of soft biometric is mixed with the hybrid template protection

method of password hardened fuzzy vault. The characteristics of the soft

biometrics are as follows,

• Soft biometrics provides ancillary information about a person.

Examples: - gender, ethnicity, age, height, weight, eye color, body fat

content.

• They lack distinctiveness or permanence.

• Soft biometrics alone is not enough to differentiate two individuals.

• When combined with primary biometrics (Fingerprint, Iris, and Retina

etc) soft biometrics gives better results.

According to the recent literature survey it is found that Scars, Marks

and Tattoos (SMT) can also serve as soft biometrics. They find their

applications in suspect and victim identification in forensic and law

enforcement.

In the proposed method password is split into two components namely

user password and soft biometric password. This combined user and soft

biometric based password is used for hardening the vault.

3.7.1 Combined User and Soft biometric based Password

The 64 bit user password in divided into two components as 40 bit user

password and 24 bit soft biometric password. The proposed method involves

protection of primary biometric templates namely iris and retina, and therefore,

the colour of the eye is considered and used in soft biometric password.

Moreover eye biometrics has certain merits compared to other biometrics and

they cannot be spoofed easily. In this phase, soft biometric component of the


106

password is obtained by combin ing the height, eye colour and gender of the

person. Seven different eye colo urs are identified and single character code is

assigned for each of them.

Consider the 5 character user password ‘FUZZY’ (40 bits) and soft

biometric password ‘155BM’ (Height + eye color + gender = 2 4 bits) and the

combined password becomes ‘FUZZY155BM’ (64 bits). In this phase

combined user and soft biometric based password hardened multimodal fuzzy

vault is also constructed. The security of the combined soft biometric based

password will have the sa me security level as that of plain password based

fuzzy vault. However, it will be hard for an attacker to find out which soft

biometric trait combination the system adapts. Current authentication systems

are provided with gender identification, height me asurement, facility to capture

the eye colour. These facilities can be captured and utilized .Certain difficult

combination of soft biometrics can be used to filter the attackers.

3.7.2 Steps in Combined User and Soft biometric based Password

Hardened Multimodal Fuzzy Vault

The following are the steps involved in the combined user and soft

biometric based password hardened multimodal biometric fuzzy vault.

Step 1: A combined user and soft biometric password is generated.

Step 2: A random transformation function is derived from the combined

password.

Step 3: The password transformed function is applied to the iris and retinal

template.

Step 4: Fuzzy vault frame work is constructed to secure the transformed

templates by using feature points from iris and retina.


Figure 3.9 depicts the steps involved in the construction of the combined

user and soft biometric based password hardened multimodal biome tric fuzzy


107

vault. This phase constructs three different soft biometric based password

hardened fuzzy vault for iris, retinal and their combined multi modal fuzzy

vault.

Figure 3.9 Steps involved in the combined user and soft bi ometric based password hardened Multimodal biometric fuzzy vault

3.8 CHAPTER SUMMARY

This chapter discusses the various phases of the proposed methodology.

Fuzzy vault constructed in phase I has the limitation of non -revocability, lack

of diversity and func tion creeping. In order to overcome those limitations the

plain fuzzy vault is hardened with password in phase II. Anyhow, the fuzzy

vault in phase II has the demerits of unimodal biometric fuzzy vault. Therefore

Phase III considers multimodal fuzzy vault. The vault in Phase III overcome s

the demerits of unimodal fuzzy vault and inherits the merits of multibiometrics.

Anyhow, it again suffers from non -revocability, lack of diversity and function

creeping. In order to overcome that , phase IV implements the password

hardened multimodal biometric fuzzy vault. Phase IV implements three

different combinations of bimodal biometric fuzzy vault. Phase V implements

the trimodal biometric fuzzy vault to protect fingerprint, iris and retinal

User Password (40 Bits)

Soft Biometric Password (24 Bits)

Biometric Templates

User Password + Soft Biometric Passwords (64 Bits)

Features Extractions from Iris

Deriving Transformation Equation from Combined Password

Simple Permutation and Translation of Iris Templates

Revocable Biometric Templates

Fuzzy Vault


108

templates. Trimodal fuzz y vault is suitable for high security applications. The

concept of softbiometrics is introduced in Phase VI of the proposed

methodology. Security analysis and the number of evaluation required to

capture the vault through brute force calculations are fou nd for all the phases of

the proposed method. The security of the vault and its resistance towards attack

increases from one phase to another phase.

Secure and Revocable Biometric Template Using Fuzzy Vault...

Documents

Transcript of Secure and Revocable Biometric Template Using Fuzzy Vault...