Beruflich Dokumente
Kultur Dokumente
Pattern Recognition
journal homepage: www.elsevier.com/locate/pr
a r t i c l e i n f o abstract
Article history: Abstraction of a fingerprint in the form of a hash can be used for secure authentication. The main
Received 23 May 2011 challenge is in finding the right choice of features which remain relatively invariant to distortions such
Received in revised form as rotation, translation and minutiae insertions and deletions, while at the same time capturing the
20 January 2012
diversity across users. In this paper, an alignment-free novel fingerprint hashing algorithm is proposed
Accepted 26 February 2012
which uses a graph comprising of the inter-minutia minimum distance vectors originating from the
Available online 9 March 2012
core point as a feature set called the minimum distance graph. Matching of hashes has been
Keywords: implemented using a corresponding search algorithm. Based on the experiments conducted on the
Fingerprint FVC2002-DB1a and FVC2002-DB2a databases, we obtained an equal error rate of 2.27%. The computa-
Hash
tional cost associated with our fingerprint hash generation and matching processes is relatively low,
Minimum distance graph
despite its success in capturing the minutia positional variations across users.
Corresponding search algorithm
Security & 2012 Elsevier Ltd. All rights reserved.
0031-3203/$ - see front matter & 2012 Elsevier Ltd. All rights reserved.
doi:10.1016/j.patcog.2012.02.022
3374 P. Das et al. / Pattern Recognition 45 (2012) 3373–3388
How the hashing algorithm really qualifies as a robust fingerprint the cells and a one-dimensional bit-string is generated. Finally, the
perceptual hash is discussed in Section 5. Section 6 is related to bit-string is permuted using user specific PIN or the permutation
the determination of maximum matching pairs using the corre- matrices. This approach performs well when all the users have
sponding search algorithm. Security issues are discussed in different PINs, however the performance degrades when the key is
Section 7. Experimental results, comparison with other hashing compromised due to quantization error and image distortion.
methods and complexity analysis are presented in Section 8. In Another bit-string based cancelable template generation method
Section 9, we have described how our hashing algorithm can be appeared in the work of Jin et al. [11]. In their method, a set of
extended to generate cancelable templates. Finally, in Section 10, invariant features are extracted from minutiae pairs, and further
the conclusions are presented. they apply quantization, histogram binning and binarization
operations to generate a bit-string. Finally the bit-string is trans-
formed into a non-invertible and cancelable one using helper data
2. Related work and user’s key based permutation procedure. But how the minu-
tiae pairs are to be chosen is not mentioned in their paper. Farooq
Most template protection approaches can be roughly classified et al. [12] presented an alignment-free cancelable template gen-
into two categories: (i) transformation based and (ii) biometric eration method based on minutiae triplets (triangles). The authors
cryptosystems. In the first case, the matching between template have extracted seven invariant features followed by quantization
and query image is performed in transformed domain. So, leakage and hashing into a binary string (224 bits). However the computa-
of original biometric information is not possible. It is very tional complexity of this method is high as calculation of all
challenging to find an optimal transformation that is non-inver- possible triplet invariant features are required. Another registra-
tible, while preserving matching accuracy. One way to do this is tion-free cancelable template design method is proposed by
by using robust, non-invertible hash functions. Ahmad et al. [13]. The authors have designed pair polar coordinate
A fair amount of attention has been directed towards hash space where relative position of a minutia point with respect to
function based fingerprint authentication. A secure biometric other minutiae points is computed. Matching process is performed
authentication scheme based on robust hash function has been in transform domain to satisfy the property of non-invertibility.
proposed by Sutcu et al. [1]. A combination of various Gaussian A fully automated and practical fuzzy vault scheme based on
functions with a secure cryptographic hash function is used in fingerprint minutiae has been proposed by Nandakumar et al. [14].
their paper to satisfy both non-invertibility and security condi- Their method strongly depends on the alignment accuracy. The
tions. An efficient distortion tolerant fingerprint authentication authors have used high curvature points derived from orientation
scheme has been presented in [2] based on labeled and weighted field as helper data for alignment which leaks sufficient information
graphs of minutiae features known as the Minutiae Adjacency to the attackers. In addition, due to non-linear deformation in
Graph (MAG). Generation of cancelable template using cartesian, fingerprints, the high curvature points cannot be reliably obtained
polar and surface folding transformations from minutiae points in certain images and this leads to a slight misalignment. An
has been shown by Ratha et al. [3]. The registration prior to improved minutiae descriptor (ridge frequency and ridge orienta-
transformation has been accomplished by the position and orien- tion) based fuzzy vault scheme is presented in [15]. However, their
tation of the core point in their method. Lee et al. have described approach also relies on alignment accuracy. Liu et al. [16] have
an alignment-free cancelable fingerprint template generation proposed a key binding system using n-nearest minutia structures.
method based on local information around each minutia [4]. For They have demonstrated that fingerprint matching performance
each minutia, the rotation and translation invariant value is can be improved substantially by incorporating more genuine
computed from the orientation information of local region close points in the vault, but which in turn, increases the computational
to the central minutia. Another novel method to generate cancel- complexity.
able templates by Bin-based Quantization (BQ) has been proposed In summary, it is extremely difficult to develop a fingerprint
by Yang et al. [5]. They have used both local and global fingerprint authentication algorithm which satisfies the conditions of high
features for better discrimination between users. matching accuracy, low computational complexity and more
Application of a family of symmetric hash functions for secure security simultaneously. This is the motivation of our paper.
fingerprint biometric systems appears in the work of Tulyakov
et al. [6]. The algorithm does not depend on the singular points
(core and delta) and does not need pre-alignment between the 3. Pre-processing
test and reference fingerprint templates. They have extended
their work by generating a combination of symmetric hash The complete hashing algorithm is shown in Fig. 1 in the form
functions in order to enhance the security of the system against of a block diagram. Each block is discussed below.
brute force attack [7]. The advantage of this approach is that the
algorithm is applicable to partial fingerprint matching without 3.1. Fingerprint image enhancement
requiring pre-alignment. Yang et al. [8] presented a dynamic
random projection-based template protection algorithm which The first step of any fingerprint matching process is to enhance
increases the computational complexity to search for the original both the template and query fingerprint images. Different approaches
unprotected biometric template when the bio-token is stolen. are implemented in spatial domain or frequency domain to reduce
Yang and Busch [9] developed a parameterized geometric align- noise and to increase the contrast between ridges and valleys in the
ment method for fingerprint template protection. In this method, gray-scale fingerprint images before further processing. Given a
minutiae vicinity is defined by each minutia itself together with fingerprint image, the Gabor filtered based enhancement algorithm
M closest neighbouring minutiae. The main idea is to infuse proposed by Hong et al. [17] is adopted to obtain the enhanced binary
randomness into the minutiae vicinity self alignment process in fingerprint image. The main steps are
order to achieve template diversification.
Lee and Kim [10] used minutiae-based bit strings as cancelable Normalization.
templates. Firstly a three-dimensional array consisting of cells is Segmentation.
generated. A reference minutia point is selected and other minu- Orientation image estimation.
tiae are translated and rotated in order to map the minutiae into Ridge frequency image estimation.
P. Das et al. / Pattern Recognition 45 (2012) 3373–3388 3375
Fig. 2. Fingerprint image enhancement by Gabor filter: (a)–(d) original images and (e)–(h) corresponding enhanced images.
3376 P. Das et al. / Pattern Recognition 45 (2012) 3373–3388
The directional or orientation field plays a very important role in more than twice the average distance between two ridges. Too
the fingerprint image analysis. The orientation field, where each large a window size cancels some true minutiae whereas, too
pixel represents the local orientation of the ridges (as calculated small a window size will not be able to detect and cancel false
in the enhancement step), appears in a discontinuous manner in minutiae. As a compromise between the two, in our experiment,
the region of singular point, while it is continuously distributed in we have chosen W as 29. The boundary effect has been treated by
other parts of fingerprint image. The consistency of local orienta- canceling all minutiae at the periphery within a 10 pixel boundary
tion in a neighbourhood along the dominant direction can be as the border minutiae may result in false ridge endings and
measured with the help of a reliability image [19]. The black bifurcations. Moreover, in order to detect ridge break structure,
pixels of value zero in the reliability image map correspond to ridge endings closer than 10 pixels are canceled. Consequently,
singular points. Fig. 3 clearly shows the results of core point better performance has been achieved by removing a large
detection algorithm. Many images can have more than one core number of false minutiae specially ridge bifurcations. Fig. 4 shows
point. In that case, the top most core point is used. the result of minutiae extraction before and after post-processing.
3.3. Minutiae extraction in the valid region 3.5. Desired characteristics of a biometric hash (bio-hash) function
After the reference point has been detected, the next step is
Once the final set of ‘‘stable’’ minutiae has been identified in
robust feature extraction. Here, we have chosen minutiae as our
the post-processing stage, the hashing algorithm is applied. A
desired feature. In order to detect minutiae, the well-known
generic bio-hash is expected to abstract the information available
crossing number (CN) concept is used [20]. The CN value, which
from minutia positions and orientations, either into a compact
is defined as half the sum of the differences between pairs of
binary string or a sequence of ordered integers. We present some
adjacent pixels in the eight-neighbourhood, is then computed for
desired, yet somewhat conflicting properties of a typical bio-hash
both the template and query image in the foreground region. A
ridge pixel with a CN of one corresponds to a ridge ending, and a
1. Non-invertibility: Given the message digest or hash value, it
CN of three corresponds to a bifurcation. For each extracted
should be computationally infeasible to reconstruct the origi-
minutiae point, the following information is recorded: (i) x and
nal input (which is the biometric template). This requires
y coordinates, (ii) angle of orientation, y and (iii) type of minutiae
some form of a one way transformation.
(ridge ending or bifurcation).
Fig. 3. Singular point detection: (a) orientation image, (b) reliability image, (c) reliability image after thresholding, (d) the dot shows the detected core point overlaid on
the image, (e)–(h) detected core point (dot) in different classes of images. (e) Arch, (f) left loop, (g) right loop, (f) Whorl.
P. Das et al. / Pattern Recognition 45 (2012) 3373–3388 3377
the alignment phase. fThe probability of having more than one minutiae at the
Let tðn1 ,n2 Þ denote the template image and iðn1 ,n2 Þ the input or same distance from the previous reference minutia located
query image, where n1 ¼ 1; 2, . . . ,N1 and n2 ¼ 1; 2, . . . ,N 2 (image away from the core is very less. Hence, the other nodes of the
size is N 1 N2 ) and L denote the number of minutiae in an image. graph are being searched on the basis of minimum distance:g
S
Also, let a set M comprising of the core point and L number of V ðkÞ ¼ V ðk1Þ fjnext g
minutiae points be represented by M ¼ fC,m1 ,m2 , . . . ,mL g, where S
DðkÞ ¼ Dðk1Þ fdijnext g
the core point is C and all the minutiae denoted by m1 ,m2 , . . . ,mL . i’jnext
A graph essentially consists of an ordered set of connected end for
nodes. Let us define some notations.
return the sets V ðL þ 1Þ and DðL þ 1Þ and terminate the algorithm.
V(i), ordered set of nodes after ith iteration i.e., up to ith node in
The output parameters of the Algorithm 1, V ðL þ 1Þ contains Lþ 1
the graph;
and DðL þ 1Þ contains L number of elements. The Euclidean distance
D(i), distances between successive ordered nodes after ith
between ith element of V ðL þ 1Þ i.e., V ðL þ 1Þ ðiÞ and ði þ 1Þth element of
iteration;
V ðL þ 1Þ i.e., V ðL þ 1Þ ðiþ 1Þ is given by ith element of DðL þ 1Þ i.e., DðL þ 1Þ ðiÞ,
dij, distance from ith node to the jth node in the graph,
where i ¼ 1; 2, . . . ,L and L being the total number of minutia in any
image after post-processing. Suppose there are p and q number of
where ði,jÞ A f1; 2, . . . ,ðL þ 1Þg and ia j. Total number of nodes in
minutiae points located in the region of interest of the query and
the MDG will be same as the length of set M, i.e., ðLþ 1Þ. Our next
template image respectively after post-processing, for the query image i,
step is to find the minimum distance graph or MDG which is
the MDG is denoted by Di ¼ ðdi1 ,di2 , . . . ,dip Þ. Similarly, for the template
described in Algorithm 1 using the set M and the above notations.
image, the minimum distance graph is also obtained and is repre-
Algorithm 1. Constructing MDG. sented by the vector Dt ¼ ðdt1 ,dt2 , . . . ,dtq Þ as seen from Fig. 5. There-
fore, the two vectors Dt and Di are the final hash values to be compared
Step1: Initialization
generated from the template and query images respectively.
V ð1Þ ¼ f1gf1st node in the graph be the 1st element in set M i.e.,
core point ðCÞg.
Dð1Þ ¼ ffgfPortion of the graph up to 1st node is NULL set:g 5. Qualification as a fingerprint hash
Step2: Find the second node of the graph
jnext ¼ Arg minfd1j g 5.1. Non-invertibility
2V ð1Þ ,j A M
j=
count ¼ jnext f# denotes the number of j value for which the In our hashing algorithm, we have computed the distance
above condition for jnext satisfies:g between the core point and its nearest minutia, then, the distance
3378 P. Das et al. / Pattern Recognition 45 (2012) 3373–3388
between the next nearest minutia to the previous one and so on. The distance between A0 and B0 after transformation will be
If there are a number of minutiae located at the same minimum qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
distance from the core point, the minutia located at the next dðA0 ,B0 Þ ¼ ðx02 x01 Þ2 þðy02 y01 Þ2 ¼ dðA,BÞ ð6Þ
higher to the minimum distance is chosen as the second node of
Hence, ideally the distance between any two points of an image
the MDG while the other nodes are chosen based on the mini-
remains same irrespective of the angle of rotation y and transla-
mum distance only. Once we have a set of distance elements in
tion parameter ðt x ,t y Þ. In our case, since the MDG originates from
our hand, we cannot get back the original minutiae locations. This
the core point of the fingerprint image the rotational and
is because given a particular node in the distance graph, the next
translational parameter ðy,t x ,t y Þ should not be such that the core
node can lie anywhere on the periphery of a circle, with the
point may shift out of the foreground region of the image. Our
previous node as its center, and the distance between the two
hash function can tolerate rotational variation up to 7401 which
nodes as its radius. Hence, there are infinite possible trajectories
is more practical. Figs. 7 and 8 show some cases where MDG
for the same set of distances which implies infinite set of possible
remains approximately same subject to rotational and transla-
minutiae points can be constructed from the same distance
tional changes. Here we have not considered the scaling effect as
vector. Fig. 6 shows three out of many such possible trajectories
all the images to be tested from a given database are of the same
with the distance vector D ¼ ½d1 ,d2 ,d3 considering three original
resolution.
minutiae points i.e., L¼3. So, given the MDG, it is extremely
difficult to guess the original set of minutiae positions of the
image i.e., our method satisfies the non-invertibility property of 5.2.2. Cropping
the hash function. We will briefly see how the nature of the distance graph
changes with insertion, deletion of one or more minutiae in any
5.2. Robustness to intra-user variations image due to noise and feature extraction errors. Very poor
quality image leads to generation of false minutiae. Also, the 5.3. Distinctiveness or inter-user variations
thinning algorithm in the image enhancement step is partly
responsible for false minutiae creation or deletion. As the MDG has a strong correlation with the minutiae points in
(a) One minutia insertion or deletion: Fig. 9(a) shows the any image, and those minutiae points are unique for a given user, the
situation when one minutia has been inserted in any one of the
input and template images from the same user. One minutia has
been inserted in Fig. 9(a(i)) relative to Fig. 9(a(ii)). Before the third
distance, d3, there is a perfect correspondence between the two
graphs. However, it loses synchronization after the second dis-
tance, d2, in each image. Again the forth distance of Fig. 9(a(i)) i.e.,
d4 matches with the fifth distance of Fig. 9(a(ii)) i.e., d5, and, the
two distance graphs re-synchronize again.
Deletion of one minutia in one image with respect to the other
is essentially same as the insertion of that minutia point in the
second with respect to the first image. Hence, same picture holds
in case of one minutia deletion in Fig. 9(a(i)).
(b) Consecutive two minutiae insertions or deletions: Let us
consider the case where two minutiae have been inserted in
succession in Fig. 9(b(ii)) with respect to Fig. 9(b(i)) after first two
minutiae lying on the graph. So, up to d2 both images are in order.
Then, due to minutiae insertions, the two graphs become out of
order. Re-synchronization again takes place at forth distance of
Fig. 9(b(i)), d4, with sixth distance of Fig. 9(b(ii)), d6.
Therefore, in general, if n number of minutiae have been succes-
sively inserted after l number of minutiae in one image compared to
the other derived from the same user, re-synchronization of the two
distance graphs occurs at ðl þn þ2Þth distances of that image with
ðl þ 2Þth distance of the other. Deletion of two consecutive minutiae
in the first image with respect to the second is same as the insertion
of two consecutive minutiae in the second image with respect to the
first. So, the same rule is followed in case of deletion also. In this way,
no matter how many insertions or deletions take place, the graph
must return to the original set of points. Hence, our algorithm focuses
on the re-synchronization of the two distance vectors. However,
instead of successive minutiae insertions or deletions, if more than
one minutiae have been inserted randomly at the same distance from
the previous node of the graph, the rest of the portion of the graph
may change significantly. In this case, the matching score between
the two MDG hashes belonging to the same user will be very low.
Fig. 10(q)–(t) shows one example of false reject.
Such cases are rare as this clearly indicates some inconsistency
in the minutia deletion process. Usually accidental minutia Fig. 10. Minimum distance graph for intra- and inter-users: (a) U11 , (b) U12 , (c) U13 ,
(d) U14 , (e) U21 , (f) U22 , (g) U23 , (h) U24 , (i) U31 , (j) U32 , (k) U33 , (l) U34 , (m) U41 ,
insertions and deletions are not just due to imperfect sensory (n) U42 , (o) U43 , (p) U44 , (q) U51 , (r) U52 , (s) U53 , (t) U54 (U stands for user).
data, but also the extraction algorithm’s inability to recognize (a)–(d) Right loop, (e)–(h) left loop, (i)–(l) whorl, (m)–(p) partial type of fingerprints,
certain minutiae as unstable points. (q)–(t) failure to match intra-class users.
Fig. 9. Minutiae insertions or deletions: (a) case of one minutia insertion/deletion: (i) query image, (ii) template image, and (b) case of two minutiae insertions/deletions:
(i) query image, (ii) template image. In each figure the distance values are marked by d1 ,d2 ,d3 , etc. in order i.e., the distance between the core point and its nearest minutia
is marked as d1, the distance between next closest minutia to the previous one is marked as d2 and so on.
3380 P. Das et al. / Pattern Recognition 45 (2012) 3373–3388
minimum distance graph should be similar for the same user and We have chosen the smaller length vector (D2) as the reference
dissimilar for fingerprints from different users. It is clearly visible set, and compare the other (D1) with respect to it as a group of
from Fig. 10(a), (e), (i) and (m) that the graphs change completely for three starting from the first element. CSA1 is demonstrated in
different users U11 , U21 , U31 and U41 . So it is proved that the Algorithm 2. This algorithm returns the matched pairs between
proposed hash function qualifies for the distinctiveness property also. the two vectors, and the indices iret and jret of D1 and D2
respectively, after which CSA2 will start.
6.2. CSA2
divide CSA2 into two parts depending on the maximum number Step4:
of minutiae insertion or deletion. CSA2A takes care of a maximum Terminate the algorithm if the last element in D1 or D2 has
of four minutiae insertions whereas CSA2B checks up to nine been reached. Count the total number of matched pairs.
minutiae insertions in any one of the two images.
Assume that CSA1 ends at ði1Þth and ðj1Þth element of the 6.2.2. CSA2B
vector D1 and D2 respectively, where i1 ¼ iret and j1 ¼ jret This algorithm is almost identical as CSA2A except that we
according to Algorithm 2. That means, ith to L1 th and jth to L2 th search for at most nine minutiae insertions or deletions. Initialize
elements of D1 and D2 respectively are still unchecked for the value of x as x¼2 in Case 3 of Algorithm 3 and go on
correspondence search, where 1 r i1 oL1 and 1 rj1 oL2 . increasing up to x ¼10 for checking maximum of nine minutiae
insertions instead of x ¼5 as in Case 3C.
CSA1 is compulsory prior to CSA2A and CSA2B. The total
6.2.1. CSA2A
number of matching pairs between D1 and D2 can be obtained
CSA2A is discussed in Algorithm 3. This algorithm takes the
by adding matching pairs found in CSA1 and CSA2A individually
two distance vectors D1 and D2 with their respective lengths L1
resulting in MDG_CSA2A. Similarly by adding the number of
and L2, and the indices, iret and jret of D1 and D2 respectively, as
matching pairs in CSA1 and CSA2B, we achieve total number of
inputs, and returns the corresponding elements as outputs.
correspondences in MDG_CSA2B.
Algorithm 3. CSA2A.
6.3. Calculation of matching score
Input: D1, L1, D2, L2, iret (from CSA1), jret (from CSA1)
Step1: Initialization Let the total number of matched pairs out of L2 ð r L1 Þ be X and
i ¼ iret þ 1 Y respectively in case of MDG_CSA2A and MDG_CSA2B. Generally
j ¼ jret þ 1 X a Y depending on the average probability of the number of
Step2: Find remaining matching pairs when CSA1 stops minutiae insertions or deletions. The matching score, S, is defined
Compute the absolute differences between the ith element of as the maximum normalized matching pairs and is given by
D1 with jth element of D2, ði þ 1Þth element of D1 with ðj þ 1Þth
element of D2 and ði1Þth element of D1 with ðj1Þth element X Y
S ¼ Max , ð7Þ
of D2 and compare the three difference values with a L2 L2
threshold, d as used in CSA1. Three cases are possible. If the value S is greater than a threshold, ðtÞ, the two fingerprints
Case 1 are said to be from the same user i.e., accepted, otherwise they are
if 9D1 ðiÞD2 ðjÞ9 r d and ð9D1 ðiþ 1ÞD2 ðj þ 1Þ9 r d or from different users i.e., rejected.
9D1 ði1ÞD2 ðj1Þ9 r dÞ then
D1 ðiÞ and D2 ðjÞ are next matched pair after those pairs as found
7. Security analysis
by CSA1.
Increment both the pointers i and j by 1 for next element
Our algorithm is dependent on the accuracy with which the
search.
core and minutiae points are detected. For a given user, the
Case 2
position of the core point is not unique. Many different fingers
else if 9D1 ðiÞD2 ðjÞ9 4 d and 9D1 ði þ 1ÞD2 ðj þ1Þ9 r d and
may have the same core point. We are concerned about the
9D1 ðiþ 2ÞD2 ðj þ 2Þ9 r d and 9D1 ði1ÞD2 ðj1Þ9 r d then degree of complexity in determining the original minutiae loca-
Skip the present ith and jth value of D1 and D2 respectively and tions through which the known MDG passes. Let us assume that
increment both pointers by 1. This indicates that there is a an attacker already knows the core position and the minimum
discontinuity by one pair in successive matched pairs due to distance vector D ¼ ðd1 ,d2 , . . . ,dL Þ and he wants to know the
distortion. original minutiae locations.
Case 3 Let di 9i ¼ 1;2,...,L be the distance between two closest minutiae or
else we check for at most four minutiae insertions/deletions in the distance between the core and its closest minutia. The first
any image. Initialize x¼2 to check single minutia insertion. element d1 of vector D corresponds to the distance between the
Case 3A core and its nearest minutia.
if 9D1 ðiþ 1ÞD2 ðj þ xÞ9 r d and 9D1 ði þ2ÞD2 ðj þx þ 1Þ9 r d then All possible minutiae at a distance d1 from the core point lie on
D1 ði þ 1Þ and D2 ðj þ xÞ are matched pair i.e., one insertion has the periphery of a circle of radius d1 and the core as its center.
taken place in vector D2. Hence, the number of possible paths/trajectories/graphs starting
Case 3B from the core and terminating on each minutia lying on the circle
else if 9D1 ði þ xÞD2 ðj þ 1Þ9 r d and 9D1 ðiþ x þ 1ÞD2 ðj þ2Þ9 r d of radius d1 is given by
then 2pd1
D1 ði þ xÞ and D2 ðj þ 1Þ are matched pair i.e., one insertion has n1 ¼ ð8Þ
dr
taken place in vector D1.
Case 3C where dr is the average distance between two ridges.
else From each of the n1 number of minutiae, we can further have
Increment x by 1. 2pd2 =dr number of minutiae locations. Hence, total number of
repeat Case 3A and Case 3B to check for x1 minutiae paths starting from the core for d2 is
insertions. In this way, maximum of four insertions are to be 2pd2
checked i.e., until x ¼5. n2 ¼ n1 ð9Þ
dr
Step3:
In general, given the ith element of vector D i.e., di, the possible
If no matched pair is found by considering maximum of four
number of paths, ni is
minutiae insertions, discard the ith and jth value and start
searching from ði þ 1Þth and ðj þ1Þth value of D1 and D2 2pdi
ni ¼ ni1 , i ¼ 2; 3, . . . ,L ð10Þ
respectively. dr
3382 P. Das et al. / Pattern Recognition 45 (2012) 3373–3388
Considering all the L number of elements of D, total possible 8.2. Parameter selection
number of paths or graphs characterizing each user’s fingerprint
is given by The parameters used in our implementation for the two
databases are listed in Table 2.
2pd1 2pd2 2pdL
N ¼ nL ¼ ð11Þ A question may arise that why we have chosen the threshold
dr dr dr
for comparison, d in implementing CSA as 5. If we choose a too
For simplicity, we assume small value of threshold (e.g. 3), we may miss the distance pair
generated by two corresponding minutiae points in both query
d1 ¼ d2 ¼ d3 ¼ ¼ dL ¼ davg ð12Þ and template images resulting in large false negative cases. Again
too large threshold value (e.g. 7) will treat the distance between
where
two different minutiae points in two images as same which
ðd1 þd2 þ d3 þ þ dL Þ results in large false positive case. In compromise to these two
davg ¼ ð13Þ
L possible cases, we have chosen a threshold value as 5. The
and performance of proposed hashing scheme is affected by the
threshold, t, selection. And the threshold value of 0.37 listed in
2pdavg Table 2 is based on a delicate balance between the False Accept
n¼ ð14Þ
dr Rate (FAR) and False Reject Rate (FRR) and is applicable to both
Therefore, with the help of Eqs. (12)–(14), Eq. (11) can be databases FVC2002-DB1a and FVC2002-DB2a.
rewritten as
8.3. Performance analysis
N ¼ nL ð15Þ
The criteria used for evaluating the performance are
Hence in our MDG hashing algorithm, security increases by an
exponential factor. The probability of an attacker to guess the
(i) False Accept Rate (FAR)—the frequency of an imposter falsely
original minutiae locations
accepted as a legitimate user.
p ¼ 1=N ð16Þ (ii) Genuine Accept Rate (GAR¼1 FRR)—the frequency of a
genuine user correctly accepted as a legitimate user.
In this scenario, the entropy or the difficulty in guessing the true
(iii) Equal Error Rate (EER)—the cross-over error rate when False
minutiae positions is given by
Accept Rate (FAR) is equal to the False Reject Rate (FRR).
2npndavg Lower EER means higher accuracy of the matcher.
H ¼ log2 ðpÞ ¼ Lnlog2 ðnÞ ¼ Lnlog2 bits ð17Þ
dr
To calculate FRR, each impression of a given finger is compared
In the proposed hashing system, the experimental value of the
with the rest impressions of the same finger. Hence there are
parameters are average value of the distance vector, davg ¼ 35 and
ðð8n7Þ=2Þn100 ¼ 2800 number of comparisons for each database.
average number of minutiae, L¼30 for FVC2002-DB1 and
FAR is computed based on comparing the first impression of each
davg ¼ 40 and L¼35 for FVC2002-DB2. The average distance
individual with the first of the others and the total number of
between two ridges dr ¼ 10. Hence, the security strength is
imposter tests equal ð100n99Þ=2 ¼ 4950 for each database. In our
30nlog2 ðð2npn35Þ=10Þ 133 bits for FVC2002-DB1 and 35nlog2
experiment, we have considered maximum of four and nine
ðð2npn40Þ=10Þ 162 bits for FVC2002-DB2 which are substan-
minutiae insertions/deletions resulting in two algorithms:
tially high. So, our method increases the computational complex-
MDG_CSA2A and MDG_CSA2B respectively. Fig. 12 shows the
ity of brute-force attack and the invertibility of the hash of the
actual fingerprint is intractable.
Table 2
Parameters used during Hashing algorithm.
Table 1
Summary of databases used in our experiments.
102
101
FAR (%) and FRR (%)
GAR (%)
100
FAR(#1)
FAR(#2)
FRR(#1) GAR(#1)
FRR(#2)
GAR(#2)
0.25 0.3 0.35 0.4
0 5 10 15 20
Threshold (t)
FAR (%)
102
1
10
FAR (%) and FRR (%)
GAR (%)
100
FAR(#1)
FAR(#2)
FRR(#1)
FRR(#2) GAR(#1)
GAR(#2)
0.25 0.3 0.35 0.4
Threshold (t) 0 5 10 15 20
FAR (%)
Fig. 12. ROC curves of our algorithm on (a) FVC2002-DB1; (b) FVC2002-DB2.
MDG_CSA2A and MDG_CSA2B are marked as #1 and #2 respectively. (a) DB1, Fig. 13. Performance of hashing algorithm on (a) FVC2002-DB1; (b) FVC2002-DB2.
(b) DB2. MDG_CSA2A and MDG_CSA2B are marked as #1 and #2 respectively. (a) DB1,
(b) DB2.
variation of FAR and FRR with different values of threshold, t for Table 3 lists the FAR, FRR for varying threshold value (t1 t 4 ) and
both databases. We can see that at a given value of t, FAR in EER for two databases using two algorithms. EER performance is
MDG_CSA2A is comparatively lower than that of MDG_CSA2B better by using MDG_CSA2B for both databases. The image size of
while FRR in MDG_CSA2B is lower than MDG_CSA2A. While FVC2002-DB1 is smaller than FVC2002-DB2, and accordingly the
performing corresponding element search between the MDGs of minutiae number is fewer in DB1 compared to DB2. Many
the query and template images, the probability of false matching algorithms in past (e.g. [23]) have shown that the result of
increases if we consider up to nine minutiae insertions, which in FVC2002-DB2 is better than FVC2002-DB1 due to larger region
turn, increases FAR. If we consider up to four minutiae insertions of interest. But in our case, the performance of our hashing
or deletions, it may happen that the synchronization of two algorithm is purely dependent on the image quality near the core
graphs can take place after five or more insertions. Hence, FRR point not on the image size, and hence, the reverse.
increases in case of MDG_CSA2A as compared to MDG_CSA2B.
Performance is slightly worse in case of FVC2002-DB2a. This 8.4. Comparison with other hashing methods
essentially occurs due to inaccurate core and minutiae points
detection in case of poor quality images. If the position of the core We compare the proposed alignment-free minimum distance
point is not detected accurately, the MDG changes significantly graph based hashing algorithm with some existing fingerprint
even at near the core point. Hence, the effectiveness of our template protection schemes. In [6], the authors have used a
algorithm will drop. We have plotted GAR versus FAR graph set of symmetric hash functions which are minutiae order
in Fig. 13. GAR(FAR¼0 þ) is 92.44% and 90.73% respectively independent for hashing the fingerprint. For each minutia, the n
in case of MDG_CSA2A and MDG_CSA2B for FVC2002-DB1a, nearest neighbour minutiae are found, and mðm o nÞ hashed
whereas GAR(FAR¼0þ) is 87.34% and 93.67% respectively in case minutiae are generated using symmetric hash functions. The
of MDG_CSA2A and MDG_CSA2B for FVC2002-DB2a database. matching is performed in hash space. The performance is verified
3384 P. Das et al. / Pattern Recognition 45 (2012) 3373–3388
Table 3
Experimental results for two databases.
FAR (%) FRR (%) FAR (%) FRR (%) FAR (%) FRR (%) FAR (%) FRR (%)
MDG_CSA2A FVC2002-DB1a 7.72 3.41 2.77 4.39 0.59 5.36 0.00 7.56 4.26
MDG_CSA2B FVC2002-DB1a 15.84 0.73 8.31 1.70 2.57 2.19 0.39 2.92 2.27
MDG_CSA2A FVC2002-DB2a 1.26 7.59 0.21 8.86 0.00 12.66 0.00 15.19 5.06
MDG_CSA2B FVC2002-DB2a 4.20 3.79 1.05 5.06 0.21 6.32 0.00 6.32 3.79
9. Cancelable biometric
can be issued by replacing two changing functions ðLPIN , YPIN Þ GAR vs FAR in Proposed 1
which are generated from X and Y whose seed is a user’s PIN. 100
Step 3: Minutia movement: The transformation from the
original minutia set M i ¼ ½xi ,yi , yi ,t i to transformed minutia set
c
M ci ¼ ½xci ,yci , yi ,t ci is performed as follows: 95
xci ¼ xi þ LPIN ðmi Þ cos ðyi þ YPIN ðmi ÞÞ ð20Þ
GAR (%)
yci ¼ yi þ YPIN ðmi Þ ð22Þ
85
t ci ¼ t i ð23Þ
Original vs Transform
90
Proposed 1
80 Proposed 2
70
60
FAR (%)
50
40
30
20
10
0
0.2 0.25 0.3 0.35 0.4 0.45 0.5 0.55 0.6 0.65
Threshold (t)
Fig. 16. FAR versus threshold, t, when matching is performed between the original
template and its different transformed templates generated by varying the key.
MDG_CSA2A and MDG_CSA2B respectively are referred to Proposed 1 and Fig. 18. Cancelable minimum distance graph based template generation: (a), (e),
Proposed 2 in this figure. (i) the original MDG templates, and (b)–(d), (f)–(h), (j)–(l) their transformed
templates respectively generated by varying the random number generators to
produce the changing functions, LPIN and YPIN .
Transform vs Transform
90
Proposed 1
80 Proposed 2 10. Conclusions
Different hash values can be generated by replacing the two [9] B. Yang, C. Busch, Parameterized geometric alignment for minutiae-based
changing functions LPIN ðmi Þ and YPIN ðmi Þ from the same original fingerprint template protection, in: Proceedings of the IEEE 3rd International
Conference on Biometrics: Theory, Applications and Systems (BTAS 09), 2009.
biometric. Different changing functions can be generated by [10] C. Lee, J. Kim, Cancelable fingerprint templates using minutiae-based bit-
changing the user’s PIN. Our method does not make any assump- strings, Journal of Network and Computer Applications 33 (2010) 236–246.
tion regarding pre-alignment. Thus, in contrast to other existing [11] Z. Jin, A.B.J. Teoh, T.S. Ong, C. Tee, A revocable fingerprint template for
methods, our method can offer an excellent balance between security and privacy preserving, KSII Transactions on Internet and Informa-
tion Systems 4 (December) (2010) 1327–1340.
better performance, high security and low computational com- [12] F. Farooq, R.M. Bolle, T.-Y. Jea, N. Ratha, Anonymous and revocable fingerprint
plexity in the field of fingerprint authentication. recognition, in: International Conference on Computer Vision and Pattern
Our future target is to set up a more practical partial finger- Recognition, 2007, pp. 1–7.
print matching strategy where information about the core point [13] T. Ahmad, J. Hu, S.Wang, Pair-polar coordinate-based cancelable fingerprint
templates, Journal on Pattern Recognition 44 (October) (2011) 2555–2564.
as well as high curvature point is unavailable. [14] K. Nandakumar, A.K. Jain, S. Pankanti, Fingerprint-based fuzzy vault: imple-
mentation and performance, IEEE Transactions on Information Forensics and
References Security 2 (December) (2007) 744–757.
[15] A. Nagar, K. Nandakumar, A.K. Jain, A hybrid biometric cryptosystem for
securing fingerprint minutiae templates, Pattern Recognition Letters 31
[1] Y. Sutcu, H.T. Sencar, N. Memon, A secure biometric authentication scheme (June) (2010) 733–741.
based on robust hashing, in: Proceedings of the 7th Workshop on Multimedia [16] E. Liu, H. Zhao, J. Liang, L. Pang, M. Xie, H. Chen, Y. Li, P. Li, J. Tian, A key
and Security, August 2005, pp. 111–116. binding system based on n-nearest minutiae structure of fingerprint, Pattern
[2] N.I. Ratha, V.D. Pandit, Robust fingerprint authentication using local Recognition Letters 32 (April) (2011) 666–675.
structural similarity, in: Applications of Computer Vision, 2000, Fifth IEEE [17] L. Hong, Y. Wan, A. Jain, Fingerprint image enhancement: algorithm and
Workshop, 2000, pp. 29–34. performance evaluation, IEEE Transactions on Pattern Analysis and Machine
[3] N.K. Ratha, S. Chikkerur, J.H. Connell, R.M. Bolle, Generating cancelable
Intelligence 20 (August) (1998) 777–789.
fingerprint templates, IEEE Transactions on Pattern Analysis and Machine
[18] M. Kaur, M. Singh, A. Girdhar, P.S. Sandhu, Fingerprint verification system
Intelligence 29 (April) (2007) 561–572.
using minutiae extraction technique, World Academy of Science, Engineering
[4] C. Lee, J.-Y. Choi, K.-A. Toh, S. Lee, J. Kim, Alignment-free cancelable
and Technology (2008) 497–502.
fingerprint templates based on local minutiae information, IEEE Transactions
[19] M.S. Khalil, D. Muhammad, M.K. Khan, K. Alghathbar, Singular points
on Systems, Man, and Cybernetics 37 (2007) 980–992.
[5] H. Yang, X. Jiang, A.C. Kot, Generating secure cancelable fingerprint templates detection using fingerprint orientation field reliability, International Journal
using local and global features, Journal of Computer Science and Information of Physical Sciences 5 (2010) 352–357.
Technology (2009) 645–649. [20] B.M. Mehtre, Fingerprint image analysis for automatic identification,
[6] S. Tulyakov, F. Farooq, P. Mansukhani, V. Govindaraju, Symmetric hash Machine Vision and Applications 6 (1993) 124–139.
functions for secure fingerprint biometric systems, Pattern Recognition [21] M. Tico, P. Kuosmanen, An algorithm for fingerprint image postprocessing, in:
Letters 28 (December) (2007) 2427–2436. Proceedings of the Thirty-Fourth Asilomar Conference on Signals, Systems
[7] G. Kumar, S. Tulyakov, V. Govindaraju, Combination of symmetric hash and Computers, vol. 2, 2000, pp. 1735–1739.
functions for secure fingerprint matching, in: 2010 International Conference [22] D. Maltoni, D. Maio, A.K. Jain, Handbook of Fingerprint Recognition, Springer,
on Pattern Recognition, August 2010, pp. 890–893. Berlin, 2009.
[8] B. Yang, D. Hartung, K. Simoens, C. Busch, Dynamic random projection for [23] P. Li, X. Yang, K. Cao, X. Tao, R. Wang, J. Tian, An alignment-free fingerprint
biometric template protection, in: Proceedings of the IEEE 4th International cryptosystem based on fuzzy vault scheme, Journal of Network and Compu-
Conference on Biometrics: Theory, Applications and Systems (BTAS10), ter Applications 33 (2010) 207–220.
November 2010, pp. 1–7.
Priyanka Das received B.Sc.(Hons.) degree in Physics from Burdwan University, West Bengal, India in 2006 and the B.Tech in Radio Physics and Electronics in 2009 from
the University of Calcutta. Currently she is pursuing her M.Tech degree in Digital Signal processing from Indian Institute of Technology Guwahati.
Kannan Karthik received Ph.D. degree from University of Toronto in 2006. Currently he is an Assistant Professor in the Department of Electronics and Electrical
Engineering, Indian Institute of Technology Guwahati. His research interests are in exploring new problems in the field of Multimedia Security and using signal processing
models to characterize its solutions.
Boul Chandra Garai received B.Sc.(Hons.) degree in Physics from Visva-Bharati University, West Bengal, India in 2005 and the B.Tech in Radio Physics and Electronics
in 2009 from the University of Calcutta. Currently he is working in ISRO Satellite Centre Bangalore as a scientist in the Hybrid Micro-circuit Division.