Secure and private fingerprint-based authentication

This thesis studies the requirements and processes involved in building an authentication system using the fingerprint biometric, where the fingerprint template is protected during storage and during comparison. The principles developed in this thesis can be easily extended to authentication systems using other biometric modalities. Most existing biometric authentication systems store their template securely using an encryption function. However, in order to perform matching, the enrolled template must be decrypted. It is at this point that the authentication system is most vulnerable as the entire enrolled template is exposed. A biometric is irreplaceable if compromised and can also reveal sensitive information about an individual. If biometric systems are taken up widely, the template could also be used as an individual's digital identifier. Compromise in that case, violates an individual's right to privacy as their transactions in all systems where they used that compromised biometric can be tracked. Therefore securing a biometric template during comparison as well as storage in an authentication system is imperative. Eight different fingerprint template representation techniques, where templates were treated as a set of elements derived from the locations and orientations of fingerprint minutiae, were studied. Four main steps to build any biometric based authentication system were identified and each of the eight fingerprint template representations was inducted through the four steps. Two distinct Error Tolerant Cryptographic Constructs based on the set difference metric, were studied for their ability to securely store and compare each of the template types in an authentication system. The first construct was found to be unsuitable for a fundamental reason that would apply to all the template types considered in the research. The second construct did not have the limitation of the first and three algorithms to build authentication systems using the second construct were proposed. It was determined that minutiae-based templates had significant intra sample variation as a result of which a very relaxed matching threshold had to be set in the authentication system. The relaxed threshold caused the authentication systems built using the first two algorithms to reveal enough information about the stored templates to render them insecure. It was found that in cases of such large intra-sample variation, a commonality based match decision was more appropriate. One solution to building a secure authentication system using minutiae-based templates was demonstrated by the third algorithm which used a two stage matching process involving the second cryptographic construct and a commonality based similarity measure in the two stages respectively. This implementation was successful in securing the fingerprint template during comparison as well as storage, with minimal reduction in accuracy when compared to the matching performance without the cryptographic construct. Another solution is to use an efficient commonality based error tolerant cryptographic construct. This thesis lists the desirable characteristics of such a construct as existence of any is unknown to date. This thesis concludes by presenting good guidelines to evaluate the suitability of different cryptographic constructs to protect biometric templates of other modalities in an authentication system

Fingerprint alignment for a minutiae-based fuzzy vault

The fuzzy vault is an innovative cryptographic construct that uses error correction techniques to compensate for natural biometric variation. For fingerprints, the fuzzy vault can be used to compensate for the insertion and deletion of minutiae between samples, within the cryptographic framework. However, fingerprint biometrics also suffer from the problem that samples at enrolment and verification cannot be captured and recorded within a universally agreed frame of reference. There is currently no efficient fingerprint pre-alignment technique that also protects the template. In this paper we propose a pre-alignment algorithm that incorporates quantifiable template protection and explore the suitability of three minutiae-based structures for the algorithm. We find that one of the structures is strongly suitable with respect to the goals of our pre-alignment algorithm and its impact on the false non-match rate of an overall system is quantified. Our research also clarifies the key characteristics required from minutiae-based structures for high performance

Minutiae-based structures for a fuzzy vault

One vital application of biometrics is to supplement or replace passwords to provide secure authentication. Cryptographic schemes using passwords require exactly the same password at enrolment and verification to authenticate successfully. The inherent variation in samples of the same biometric makes it difficult to replace passwords directly with biometrics in a cryptographic scheme. The fuzzy vault is an innovative cryptographic construct that uses error correction techniques to compensate for biometric variation. Our research is directed to methods of realizing the fuzzy vault for the fingerprint biometric using minutia points described in a translation and rotation invariant manner. We investigate three different minutia representation methods, which are translation and rotation invariant. We study their robustness and determine their suitability to be incorporated in a fuzzy vault construct. We finally show that one of our three chosen structures shows promise for incorporation into a fuzzy vault scheme

Retina features based on vessel graph substructures

We represent the retina vessel pattern as a spatial relational graph, and match features using error-correcting graph matching. We study the distinctiveness of the nodes (branching and crossing points) compared with that of the edges and other substructures (nodes of degree k, paths of length k). On a training set from the VARIA database, we show that as well as nodes, three other types of graph substructure completely or almost completely separate genuine from imposter comparisons. We show that combining nodes and edges can improve the separation distance. We identify two retina graph statistics, the edge-to-node ratio and the variance of the degree distribution, that have low correlation with node match score

Entropy of feature point-based retina templates

This paper studies the amount of distinctive information contained in a privacy protecting and compact template of a retinal image created from the locations of crossings and bifurcations in the choroidal vasculature, otherwise called feature points. Using a training set of 20 different retina, we build a template generator that simulates one million imposter comparisons and computes the number of imposter retina comparisons that successfully matched at various thresholds. The template entropy thus computed was used to validate a theoretical model of imposter comparisons. The simulator and the model both estimate that 20 bits of entropy can be achieved by the feature point-based template. Our results reveal the distinctiveness of feature point-based retinal templates, hence establishing their potential as a biometric identifier for high security and memory intensive applications

Fuzzy extractors for minutiae-based fingerprint authentication

We propose an authentication scheme using fingerprint biometrics, protected by a construct called a Fuzzy Extractor. We look at a new way of quantizing and digitally representing the minutiae measurements so that a construct called PinSketch can be applied to the minutiae. This is converted to a Fuzzy Extractor by tying some random information to the minutiae measurements. We run a matching algorithm at chosen quantization parameters and show that the authentication accuracy is within acceptable limits. We demonstrate that our authentication system succeeds in protecting the users' identity

Practical considerations for secure minutiae based templates

We illustrate the steps in building a secure authentication system using a construct called PinSketch where the identifier is a set of points derived from the minutiae extracted from a fingerprint. We define a relative set difference based threshold for matching templates, that takes the sizes of the sets being compared into account and show that it performs better than a fixed threshold for all fingerprints in a database. We describe the process of selecting the quantisation parameters and the design of the authentication system based on the PinSketch construct. The main question asked, and answered, is: At the operating parameters chosen, is the authentication system secure? We determine an empirical measure of the entropy of the quantised minutiae-based template and demonstrate how an attacker can exploit a non uniform distribution of the template elements to masquerade as a genuine user. We finally list desirable requirements for a template if it has to be protected using a set difference based construct like PinSketch

Hand vein authentication using biometric graph matching

This study proposes an automatic dorsal hand vein verification system using a novel algorithm called biometric graph matching (BGM). The dorsal hand vein image is segmented using the K-means technique and the region of interest is extracted based on the morphological analysis operators and normalised using adaptive histogram equalisation. Veins are extracted using a maximum curvature algorithm. The locations and vascular connections between crossovers, bifurcations and terminations in a hand vein pattern define a hand vein graph. The matching performance of BGM for hand vein graphs is tested with two cost functions and compared with the matching performance of two standard point patterns matching algorithms, iterative closest point (ICP) and modified Hausdorff distance. Experiments are conducted on two public databases captured using far infrared and near infrared (NIR) cameras. BGM's matching performance is competitive with state-of-the-art algorithms on the databases despite using small and concise templates. For both databases, BGM performed at least as well as ICP. For the small sized graphs from the NIR database, BGM significantly outperformed point pattern matching. The size of the common subgraph of a pair of graphs is the most significant discriminating measure between genuine and imposter comparisons

Retina verification system based on biometric graph matching

This paper presents an automatic retina verification framework based on the biometric graph matching (BGM) algorithm. The retinal vasculature is extracted using a family of matched filters in the frequency domain and morphological operators. Then, retinal templates are defined as formal spatial graphs derived from the retinal vasculature. The BGM algorithm, a noisy graph matching algorithm, robust to translation, nonlinear distortion, and small rotations, is used to compare retinal templates. The BGM algorithm uses graph topology to define three distance measures between a pair of graphs, two of which are new. A support vector machine (SVM) classifier is used to distinguish between genuine and imposter comparisons. Using single as well as multiple graph measures, the classifier achieves complete separation on a training set of images from the VARIA database (60% of the data), equaling the state-of-the-art for retina verification. Because the available data set is small, kernel density estimation (KDE) of the genuine and imposter score distributions of the training set are used to measure performance of the BGM algorithm. In the one dimensional case, the KDE model is validated with the testing set. A 0 EER on testing shows that the KDE model is a good fit for the empirical distribution. For the multiple graph measures, a novel combination of the SVM boundary and the KDE model is used to obtain a fair comparison with the KDE model for the single measure. A clear benefit in using multiple graph measures over a single measure to distinguish genuine and imposter comparisons is demonstrated by a drop in theoretical error of between 60% and more than two orders of magnitude

Protection of minutiae-based templates using biocryptographic constructs in the set difference metric

Fingerprint biometric authentication has particular advantages in a highly mobile environment.We investigate design issues involved in building authentication systems using minutia-based fingerprint templates, where the template is protected during comparison as well as storage. Two popular bio-cryptographic schemes based on the set difference metric, the Fuzzy Vault and PinSketch, are analysed with regard to theoretical bounds on the template sizes and decision thresholds. We define six different minutiae-based templates and for each, qantisation parameters are determined that yield the best matching performance at a threshold where the probability of false match is zero. We then determine which, if any, of the representations satisfy the theoretical bounds proposed for each bio-cryptographic construct. We implement a PinSketchbased authentication system that uses a combination of a commonality and a set difference measure to securely compare two fingerprint templates, with negligible deterioration in accuracy. Our results indicate that to securely correct the degree of intrasample error observed in minutiae-based templates, efficient commonality-based error tolerant cryptographic constructs will be more suited than set difference based constructs. Copyright © 2010 John Wiley & Sons, Ltd