Efficiency and Security Optimization for Fingerprint Biometric System. By: Chander Kant Under the supervision of Dr. Rajender Nath (Associate Professor) Department of Computer Science & Applications Kurukshetra University, Kurukshetra Department of Computer Science & Applications
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Efficiency and Security Optimization for
Fingerprint Biometric System
Under the supervision of
Dr. Rajender Nath
Department of Computer Science & Applications
Kurukshetra University, Kurukshetra
Department of Computer Science & Applications
Kurukshetra University, Kurukshetra
Biometric recognition refers to the user authentication by using his different biological features i.e. fingerprint, face, retina, hand geometry, iris (physical traits) and voice, gait, signature, keystrokes (behavioral traits). These traits are called biometric identifiers or simply biometrics. A biometric system may operate either in Verification Mode or in Identification Mode but before the system can be put into verification or identification mode, a system database consisting of biometric templates must be created through to process of enrollment.
In the enrollment process, user’s initial biometric samples are collected, assessed, processed, and stored for ongoing use in a biometric system
Verification and Identification Process
Verification is a 1:1 matching process, where the user claims an identity and the system verifies whether the user is genuine or not. If the user’s input and the template of the claimed identity have a high degree of similarity, then the claim is accepted as “genuine” otherwise, the claim is rejected and the user is considered as “fraud”.
Identification is a 1: N matching process, where the user’s input is compared with the templates of all the persons enrolled in the database and the identity of the person whose template has the highest degree of similarity with the user’s input is processed by the biometric system. If the highest similarity between the input and all the templates is less than a fixed minimum threshold, the system rejects the input, which implies that the user presenting the input is not one among the enrolled users.
Among all the biometric techniques, fingerprint-based identification is the oldest method, which has been successfully used in numerous applications. Everyone is known to have unique, immutable fingerprints. The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutiae points. A fingerprint is believed to be unique to each person. Fingerprints of even identical twins are different.
The three basic patterns of fingerprint ridges are the arch, loop, and whorl
(a) Arch (b) Loop (c) Whorl
The major Minutia points in fingerprint are: ridge ending, bifurcation, and short ridge or dot.
Ridges Ending Ridges BifurcationDot
The fingerprint is basically the combination of ridges and valleys on the surface of the finger. The major steps involved in fingerprint recognition using minutiae matching approach after image acquisition are Image enhancement, Minutiae extraction as shown in figure. Once a high-quality image is captured, there are a several steps required to convert its distinctive features into a compact template. This process is known as feature extraction.
A Multibiometric system uses multiple sensors for data acquisition.
It captures multiple samples of a single biometric trait (called multi-sample biometrics)
Samples of multiple biometric traits (called multi-source or multimodal biometrics). Multibiometric systems promise significant improvement over single biometric systems, for example, higher accuracy and increased resistance to spoofing.
Soft biometric traits are those characteristics of human being that provide some information about the individual, but lack of the distinctiveness and permanence to sufficiently differentiate any two individuals.
We define soft biometric traits as characteristics that provide some information about the individual, but lack the distinctiveness and permanence to sufficiently differentiate any two individuals. The soft biometric traits can either be continuous (e.g., height and weight) or discrete (e.g., gender, eye color, ethnicity, etc.)
Commonly used Soft biometric traits
Acquiring high-quality images of distinctive fingerprint ridges and minutiae is a complicated task. People with no or few minutiae points (surgeons as they often wash their hands with strong detergents, builders, people with special skin conditions) cannot enroll or use the system. The number of minutiae points can be a limiting factor for security of the algorithm. Results can also be confused by false minutiae points (areas of obfuscation that appear due to low-quality enrollment, imaging, or fingerprint ridge detail).
Hand Geometry Deformations
Deformations in Iris biometrics
Deformations in voice biometric systems
Deformations in signature Scan
For the purpose of this thesis, the literature survey covers a period of 1997 to 2008. The literature work on “Efficiency and Security optimization for Fingerprint Biometric System” divided into these areas.
Comparison of various biometric traits
Different attack points in a biometric authentication system
Attack-1 involves presenting a fake biometric (e.g., synthetic fingerprint, face, iris etc.) to the sensor.
Attack-2 can be achieved by submitting a previously intercepted biometric data.
Attack-3 can happen when feature extractor module is compromised to produce feature values selected by the attacker. Genuine feature values are replaced with the ones selected by the attacker.
In Attack-4 the channel between feature extractor module and matcher is hacked and override by duplicated data, thus modified the output of feature extractor module.
Attack-5 is achieved by imposing an artificially high score at matching module.
Attack-6 happens when there is attack on the template database (e.g., adding a new template, modifying an existing template, removing templates, etc.)
Attack-7 belongs to the transmission medium between the template database and matcher is hacked, resulting in the alteration of the transmitted templates.
In Attack-8 matcher result (accept or reject) can be overridden by the attacker.
Biometric authentication systems can be more convenient for the users since there is no password to be forgotten or key to be lost. In spite their numerous advantages, biometric systems are also vulnerable to attacks, which can decrease their security. To raise the biometric security level three schemes have been proposed, these are:
There are various methods that can be deployed to secure a key with a biometric.
First one involves remote template matching and key storage. In this method biometric image is captured and compared with a corresponding template. If the user is verified, the key is released.
Second method hides the cryptographic key within the enrollment template itself via a secret bit-replacement algorithm. When the user is successfully authenticated, this algorithm extracts the key bits from the appropriate locations and releases the key.
(i) Key Entropy (strength).Instead of developing simply longer cryptographic keys to resist brute force attacks, a more intelligent approach might be to aggregate features and parameters from an individual in such a way that their correlation generates a key that is much stronger than the individual size of the actual key.
(ii) Key Uniqueness. The uniqueness of a biometric key will be determined by the uniqueness of the individual biometric characteristics used in the key. Instead of trying to find a single unique feature, biometric key needs to find only a collection of somewhat unique features or parameters that when assembled collectively create a unique profile for an individual.
(iii) Key Stability. A major problem with biometric identification is that individual’s enrollment template and sample template, which can vary from session to session. This variation can occur for a number of reasons including different environments (e.g. lighting, orientation, emotional state) or physical changes (e.g. facial hair, glasses, cuts).
There are various methods that can be deployed to secure a key with a biometric
One method that involves remote template matching and key storage is that the biometric image is captured and the corresponding template is sent to a secure location for template comparison. If the user is verified, then the key is released from the secure location. In this scenario, the communication line must also be secured to avoid spoof attacks.
Second method that involves hiding the cryptographic key within the enrollment template itself via a trusted (secret) bit-replacement algorithm [LIN, 2003]. Upon successful authentication by the user, this trusted algorithm would simply extract the key bits from the appropriate locations and release the key into the system.
Steganography is a technique to hide the message in digital objects such as image, video, music or any other computer file.
Digital images are more attractive for steganography purpose since these contain a significant amount of data and can be modified slightly without leading to visible artifacts.
The goal of steganography is to hide a secret message, which is transmitted between two or more communication partners in a way to ensure confidentiality and integrity.
Steganography plays an important role to enhance the integrity and security of biometric templates. Biometric cryptosystems can also contribute to template security (as discussed in section 3.2) by supporting biometric matching in secure cryptographic domains. In case of cryptography the ‘key’ can be guessed sometime easily but steganography has no separate key to be hacked, the key is embedded in the template itself.
LSB Insertion method of Steganography
The simplest approach to hiding data within an image file is called least significant bit (LSB) insertion. In this method, one can take the binary representation of the hidden_data and overwrite the LSB of each byte within the cover_image. In 24-bit color, the amount of change will be minimal and indiscernible to the human eye. As an example, suppose that there are three adjacent pixels (nine bytes) with the following RGB encoding:
11110101 11001101 10101001
10100110 11001111 11001010
10101111 00010011 11001000
Now suppose we want to "hide" the following 9 bits of data (the hidden data is usually compressed prior to being hidden): 101101110. If we overlay these 9 bits over the LSB of the 9 bytes above, we get the following (where bits in bold have been changed)
11110101 11001100 10101001
10100111 11001110 11001011
10101111 00010011 11001000
Note that we have successfully hidden 9 bits but at a cost of only changing 4 bits i.e. roughly 50%, of the 9 LSBs.
Advantages of LSB insertion
Limitations of LSB insertion
How to Apply Steganography in Biometrics
Algorithm for insertion of message bit ‘b’.
(i) Find pseudo-random location ‘L’ in an image from the secret key to insert the message bit b.
(ii) Check whether at location ‘L’, pixel value is 00000000 or 11111111, called boundary values. If yes, ignore this location and go to step (i). Here we are ignoring these boundary values because the change may be +2 or -2 in pixel values, which is to be avoided.
(iii) Check whether at location ‘L’
a)6th and 7th bits are b, b? If yes, then no change at ‘L’ is required. Message bit is already there. Go to End.
b)6th and 7th bit are b, b or b, b? If yes, then see that whether it is possible to make 6th and 7th bits as b, b by adding or subtracting 1 to pixel value?. If yes, do it and go to End. Otherwise ignore the location ‘l’ and go to step (i).
c) 6th and 7th bits are b, b? If yes, then see whether it is possible to make 6th and 7th bits to b, b by adding or subtracting 1? If yes, do it and go to End. Otherwise change them to b, b or b, b by adding or subtracting 1 and go to (i).
Algorithm for retrieval of message bit ‘b’
(i) Trace out the location ‘L’ from the same secret key as used in insertion algorithm.
(ii) Pixel value is equal to one of the boundary values, i.e., 00000000 or 11111111? If yes, then it is invalid address. Go to step (i).
(iii) Check whether at location ‘L’
a) 6th and 7th bits are different, i.e., b, b or b, b? If yes, then it is invalid address go to step (i).
b) 6th and 7th bits are same i.e. b, b then b is the message bit.
working of the first algorithm for insertion of bits 0
working of the first algorithm for insertion of bits 1
By using the algorithm discussed above, one can hide the secret data in the host image and generate a secret template.
Steganography plays an important role to enhance the integrity and security of biometric templates.
Steganography has no separate key to be hacked, the key is embedded in the template itself. Further, when the amount of available memory increases, there is a tendency to store more information in the template. This increases the risks associated with template misuse. As a result, the issue of template security and integrity continues to cause several challenges, and it is necessary that further research be conducted in this direction.
When the biometric data are compromised, replacement is not possible. In order to alleviate this problem, here comes the concept of “cancelable biometrics” is introduced. It consists of an intentional, repeatable distortion of a biometric signal based on a chosen transform. The biometric signal is distorted in the same fashion at each presentation, for enrollment and for every authentication. With this approach, every instance of enrollment can use a different transform thus rendering cross-matching impossible. Furthermore, if one variant of the transformed biometric data is compromised, then the transform-function can simply be changed to create a new variant for re-enrollment as a new person.
This is a method of enhancing the security and privacy of biometric authentication. Instead of enrolling with a true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used. If, for some reason, the old fingerprint is stolen then an essentially a new fingerprint can be issued by simply changing the parameters of the distortion process. This also results in enhanced privacy for the user; since the true fingerprint is never used anywhere and also different distortions can be used for different types of accounts. The same technique can also be used with other biometrics to achieve similar benefits.
Image morphing using Cancelable Biometric
Proposed Work: Protection of Biometric Template
H is hashing function corresponds to any transformation applied to actual Templates as shown in figure3.7 above. It is also true that there will be no math between actual template and its mutant (those are actually stored). If we calculate Spatial Distance (Sd) and direction difference (Dd) that will not be below r0 and θ0 or we can write as
Now let’s apply the Algorithm-1 to find the best match between existing templates. Keeping in mind that now instead of D, D’ are stored in database. Suppose the algorithm declares the D’i as best match due to its score level Sbest(D’i).
Blocks in the original image are subsequently scrambled
With this approach, only mutants will be stolen and original templates are quite safe. We can further alter D to D” by some another hashing function (say W) in future whenever required. In this way the cancelable biometrics helps a lot in safekeeping our templates in database. Cancellation simply requires the specification of a new distortion transform. Privacy is enhanced because different distortions can be used for different services and the true biometrics are always safe. In addition, such distorted biometrics cannot be used for searching legacy databases and will thus ease some privacy violation concerns. A single template protection approach may not be sufficient to meet all the application requirements. Hence, hybrid schemes that make use of the advantages of the different template protection approaches must be developed.
Biometrics System Efficiency Concerns
Here we have proposed three different techniques to improve the efficiency of the biometric systems. The Henry finger print classification scheme, which classifies the fingerprints in the database according to their relative Primary Grouping Ratio (PGR) values has several limitations such as (i) it works only when both palm-prints of person are available; (ii) it can not work when intruder has made some trick while enrolling his palm-print to system, for instance, he can change the normal order of his fingers on the sensor; (iii) a huge amount of computer memory is required to store fingerprints of both hands.
After having the fingerprint image preprocessed, the feature extraction block extracts the minutiae points from template and then the extracted minutiae point undergoes with a matching process to match with the stored database Templates and finally identify the person if it is in system database. The database of biometric system plays very important role in identification process as all the templates are stored in it. The system performance also depends on the architecture of system database that is the way templates are stored there in. The system performance decreases, if templates are stored randomly as compared with if templates are stored in a particular manner. To store the templates in a proper way, Sir Henry has given a classification scheme. The following section highlights the Henry classification scheme.
Existing Fingerprint Identification system
The Henry classification scheme allows for logical categorization of fingerprint records into Primary Group Ratio (PGR) based on fingerprint pattern types. To find the PGR values, Henry classification scheme assigns each finger a number according to the order in which it is located in the hand, beginning with the right thumb as number 1 and ending with the left pinky/little as number 10 as shown in Table.
Palm prints of a single person
According to the Henry classification scheme, fingerprints are stored in the database with their relative PGR values. The fingerprint Primary Group Ratio is determined by calculating the ratio of one plus the sum of the values of the whorl-patterned, even-numbered fingers; divided by one plus the sum of the values of the whorl-patterned, odd-numbered fingers. Mathematically the formula can be written as:
Primary Grouping Ratio (PGR) =
1+ (Sum of EVEN, whorled, finger values)
1+ (Sum of ODD, whorled finger value)
To illustrate the computation of PGR values, consider an individual having a fingerprint record with a LWAALALWLA pattern series (where L stands for Loop, W stands for Whorl and A stands for Arch). The series begins with Finger 1 (i.e. right thumb) and ending with Finger 10 (i.e. left pinky finger). By referring to table 4.1 the weights of even finger having whorl pattern are 16 and 2 (which have been shown as bold in Table 4.1). Further no odd finger has whorl pattern in the given series, hence the sum of its value is nil.
1+ (Sum of EVEN, whorled, finger values) 1+ (16+2) 19
__________________________________ = _______ = __
1+ (Sum of ODD, whorled finger value) 1+ (0) 1
Therefore, this individual belongs to the 19:1 primary group. This PGR ratio is always treated as 19/1 not 19, as PGR contains both numerator and denominator. In case an individual does not have any whorl-patterned fingerprints, his classification ratio, or primary group, would be 1:1. On the other hand if an individual having all ten fingerprints containing a whorl pattern, his classification ratio would be 31:31. Henry classification scheme reduce the effort to search a large templates of database, as fingerprints are now stored with their respective PGR values. However Henry classification scheme has some limitations as given below:
(i) Henry classification scheme work, only when both palm-prints of person are stored in database. The scheme could not work with single fingerprint template.
(ii) The problem can also arise if the criminal as made some trick while enrolling his palm-print to system. For instance, he can change the normal order of his fingers on the sensor.
(iii) Amount of computer memory increases to store both palms of person as compared to single fingerprint template.
In a conventional system, the database contains the fingerprint templates in an ordinary manner. But in the proposed system the database contains the different set of templates according to their classification that is achieved during the enrollment process. The schematic diagram of the proposed approach is shown in Figure 4.3 and the enrollment/identification process of the approach is described below:
Proposed Classifier for Fingerprint Identification
Whorl Arch Right-Loop Left-Loop
The algorithm for the proposed classifiers is shown in Figure 4.6. If the value of ND (i.e. number of deltas) is 2 then it is either taken as whorl or twin loop. If the value of ND is 1 then it is further computed for Left-Loop or Right-Loop. If the value of ND is 0 then it is marked as Arch. To find the category of loop (right or left) the feature extraction stage estimates an axis locally symmetric to the ridge structures at the core and computes γ (number of ridges crossing the line segment joining core and delta). The relative position, R, of delta with respect to symmetry axis is determined as follows R = 1 if the delta is on the right side of symmetry axis and it will be left loop otherwise R = 0 and in this case it will be a right loop. In this way we find the categories of input fingerprint and build our database containing different domains of fingerprints. Now let’s find the efficiency of proposed approach.
Working of proposed Fingerprint classifier
Time taken by proposed approach 37.4sec 1
___________________________ = ______ = ___
Time taken by existing approach 25min 40.1
This section discusses an approach developed by the author of this thesis to improve the existing conventional fingerprint verification system. In the proposed method, dimensions of Finger/Thumb are matched in first phase and the minute points are calculated and matched in next phase only when the dimensions are matched in first phase. The author of this thesis has proved that the proposed approach improves FAR (False Accept Rate) and Total Response Time of Biometric System as compared with Conventional Fingerprint Verification Systems. The approach is useful when fingerprint verifications are made at large scale level.
Memory Requirements for Biometric Templates
Data Size for Biometric Templates
Figure 4.9 shows the architecture of the proposed approach, which consists of two phase’s viz. Phase-I and Phase-II. Phase-I takes the input from sensor and then measures the dimensions of the input thumb. The thumb dimension measurements; a, b, c, d as shown in Figure 4.8 is computed. After extracting these parameters, it is matched with database templates for comparison. If the match is successful, only then it goes to phase-II for minutiae extraction else match is unsuccessful and no further processing is required. Phase-II extracts the minutiae points for input fingerprint template by using the algorithm given in Figure 4.7.
(a) Side-View(b) Top-View
Figure Measuring Thumb Dimensions during Phase-I
Architecture of Proposed Approach
Tp 10,500 t 1
___ = _______ = __
Tc 50,000 t 4.7
Speedup Factor =
From the above calculation; it is obvious that the proposed approach is approximately five times better than the existing biometric system. The proposed approach allows completely controlled and automated fingerprint verification with efficient response time and minimum FAR (False Accept Rate) as fingerprint is now checked at two phases. The proposed approach checks the dimensions as well as the minutiae points of input template, after that it allows the user to be ‘Verified’.
Unimodal biometric systems make use of a single biometric trait for user recognition. It is difficult to achieve very high recognition rates using unimodal systems due to problems like noisy sensor data and non-universality or lack of distinctiveness of the chosen biometric trait. Multimodal biometric systems address some of these problems by combining evidence obtained from multiple sources. The problem with multimodal system is that it will require a longer verification time thereby causing inconvenience to the users. A multimodal biometric system based on different biometric identifiers can be expected to be more robust to noise, improve the matching accuracy and provide reasonable protection against spoof attacks. But there are limitations as well.
(i) The overall cost involved in building the multimodal system can be high due to the need for multiple high quality sensors and increased storage and computational requirements.
(ii) The system will require a longer verification time thereby causing inconvenience to the users.
A possible solution to the problem of designing a reliable and user-friendly biometric system is to use additional information about the user like height, weight, age, gender, ethnicity, and eye color to improve the performance of the primary biometric system. Most of the biometric systems collect such additional information about the users during enrollment and store them in the database as metadata. Biometric systems used in access control applications generally have a human supervisor who oversees the operations of the system. When a genuine user is falsely rejected by the system, the human operator has to verify the identity of this user manually. This manual verification is usually done by comparing the facial appearance of the user with the facial image appearing on the user’s identification card and by verifying other information on the ID card like age, gender, height, and other visible identification marks. If the soft biometric characteristics can be automatically extracted and used during the decision making process, the overall performance of the system can be improved and the need of manual involvement will be reduced.
Existing Soft Biometric System for person recognition.
Primary Biometric System Soft Biometric System
Architecture of Personal Identification using Primary Biometrics and Soft Biometric
In the proposed work, the fingerprint is used as the primary biometric identifier and age, gender and height are used as soft biometric traits. The soft traits are chosen in such a way that they could be easily extracted automatically when user interact with system. For estimating the performance of proposed scheme, let us assume there are 1,00,000 input templates to be matched against database templates and out of 1,00,000 templates only 100 templates are verified by the system. Let time taken by primary biometric system to process single template is TF and time taken by soft biometric to process single template is TS. Where TF >TS as soft traits can be processed easily and TF is 10 times greater than TS
Calculation for the Response Time:
Tp 10,1000 TS 1
___ = __________ = __
Tr 10,00000 TS 9.9
Speedup Factor =
It is obvious from the above calculation that the proposed scheme is approximately 10 times better than the existing biometric system. The system proves to be more efficient when huge number templates are taken at input side.
As biometric technology matures, there will be an increasing interaction among the market, technology, and the applications. This interaction will be influenced by the added value of the technology, user acceptance, and the credibility of the service provider. As biometrics continues to advance scientifically and technologically, its use and acceptability as a means of security and authorization across various sectors will also grow. Biometrics would be a useful solution to the issue of security for mobile banking in rural areas as only thumb impression is quite enough for money transaction. Many biometric technology providers are already delivering biometric authentication for a variety of web-based and client/server based applications. Continued improvements in the technology will increase performance at a lower cost.
Though biometric authentication is not a magical solution that solves all authentication concerns and also it does not guarantee for 100% accuracy and security yet it make easier and cheaper for us to use a variety of automated information systems. It is too early to predict where and how biometric technology would evolve and get embedded in which applications. But it is certain that biometrics based identification will have a profound influence on the way we conduct our daily business. It is also certain that, the fingerprints will remain an integral part of the preferred biometric-based identification solutions as the most mature and well understood biometric in the future generation.
Publications in International Journals
Publications in Book
Publications in International-Level Conferences
Publications in National-Level Conference/Seminar