Beruflich Dokumente
Kultur Dokumente
Zhao Feifei
I.
fingerprint
template;
INTRODUCTION
II.
RELATED WORKS
572
(1) and the template, he can not recover the original one. The
security mechanisms of the Rathas and Lees schemes are
Y=y+fY(x,y),
(2) different though they both rely on minutiae-based
transformation. The security of a template of Ratha depends
=mod(+f(x,y), 2),
(3) on many-to-one of the transformation (or one-to-many of
the inverse-transformation) while the security of Lees
depends on the secret, which must not be stored together
where (x,y) are the position and is orientation of a minutia,
(X,Y) and are position and orientation of transformed
with the template, unknown to the attacker.
minutia respectively.
However, when multiple transformed templates are
generated from the same original template, they can be
To cater to the constraints, Ratha generated two vector
G
G
cracked by a known technique named Attack via Record
valued functions F ( x, y ) and G ( x, y ) which had the
Multiplicity (ARM). In [12], Boyen firstly suggested to
same form. Ratha suggested two examples, one was an
reveal the secret in the fuzzy extractor [13] with multiple
electric potential field parameterized by a random
public strings generated from the same secret. Scheirer and
distribution of charges, the other was a mixture of Gaussian
Boult [14] further generalized this method and called it
kernels. For convenience, we only put down the latter here:
ARM, in which the correlation of multiple encodings
created from the same biometric template may be possibly
k
G
i
1
1
T
| G ( x, y ) |=
exp( ( z i ) i ( z i )) (4) utilized to reveal the template and the secrets. They even
gave two cracking examples attacking against fuzzy vault
2
i =1 | 2 i |
[15] and against biometric encryption [16] by way of ARM.
T
Like fuzzy vault, the scheme of Ratha is rather vulnerable to
where z=[x,y] . A random key defines the parameters of the
ARM attacks. Given a transformed templates T1, an attacker
distributions such as the weights i, covariance i, the
can find the inverse solutions for each minutia. Due to
center of the kernels i. Thus, fX(x,y), fY(x,y) and f(x,y) can
many-to-one property of transform functions, there may be
be written as follows:
exist several solutions. One is the original minutia and the
G
others are not. They can be viewed as chaff points. Then, all
f X ( x, y ) = K | G ( x, y ) | + K cos( F ( x, y )) ,
(5) solutions of the template can be treated as a fuzzy vault. If
the attacker collects another template T2 generated from the
G
fY ( x, y ) = K | G ( x, y ) | + K sin( F ( x, y )) ,
(6) same original template, he can get another vault. Finally, he
picks out the right minutiae by matching two vaults.
In [2], (1) - (3) are used to perform the transformation
f ( x, y ) = G ( x, y ) + rand ,
(7)
with relatively small ranges of fX(x,y), fY(x,y) and f(x,y).
One advantage of this approach is that feature representation
G
1
F = arg(F ) + rand ,
(8) is not changed, namely, it is also minutia. Another
advantage is that it can maintain intrauser variability
2
tolerance [2]. This allows the use of existing minutiae-based
G
matching algorithms. Though Ratha argued that (1)-(9)
1
G = arg(G ) + rand .
(9) satisfied the three constraints he suggested, he did not give
2
strict mathematical analysis. We think this is not always true.
It depends on the parameters of (4)-(9). The many-to-one
The random phase offset rand is also defined by the
and non-linear properties of Ratha lie in the second item of
random key.
(1)-(3), fX(x,y), fY(x,y) and f(x,y). However, in [2], they are
In practice, Ratha used 24 Gaussians all with the same
confined in small and limited ranges (e.g., in [2], the
isotropic standard deviation of 50 pixels. The centers of the
translation of minutia is typically 30+30S(x,y) pixels
Gaussians were placed randomly in the 512512 image
where -1S(x,y)1) while the first items of (1) (3), x, y, ,
space and each Gaussian was given a peak magnitude of
increase linearly (in [2], the range of x and y are both
either +1 or -1. K was typically taken 30 pixels.
[0,512]). Suppose the Gaussian kernels distributing
uniformly, this results in global increment and local
III. APPROACHES OF CRACKING FINGERPRINT TEMPLATE
distortion of x, y and , and weakens the many-to-one
OF RATHA
property. The examples of 1-demension are given in Fig.1.
In general, the parameters of transform and the
Though the sutiations of 1-demension have some
transformed template are stored together. So, we suppose
differences with those of 2-demension, the trends are the
that the parameters and the transformed template are known
same. In fact, we can see the weakening effect from the
to the attacker in the following. The security of cancelable
Fig.5 of [2]: in individual portions, e.g., in the upper
biometrics depends on noninvertibility of transformed
right-hand portion, the warping surface folds back over
template. That is, even if an attacker knows the parameters
itself only once, while in most of regions, there only exists
X=x+fX(x,y),
573
(a)
(b)
(c)
(d)
Fig.1. The one-dimension examples illustrating the weakening effect of many-to-one property in Rathas scheme. (a) and (c): the examples of f(x)
which is the sum of 5 Gaussian kernels with standard deviation of 40 pixels and 30 pixels respectively. Each Gaussian is given a peak magnitude
of 30 pixels. (b) and (d): the results of x+f(x) correspond to (a) and (c) respectively. The centers of the Gaussians are identical in (a) and (c). The
range of x is [0,512]. In (a) and (c), many-to-one property is notable, while in (b) and (c), it is unconspicuous.
EXPERIMENTAL RESULTS
574
[2]
[3]
[4]
[5]
[6]
[7]
(10)
[8]
[9]
[10]
[11]
[12]
CONCLUSION
[13]
ACKNOWLEDGEMENT
[18]
[14]
[15]
[16]
[17]
[19]
REFERENCES
[1]
575