Global Journal of Computer Science and Technology Vol. 10 Issue 7 Ver. 1.

0 September 2010 P a g e | 13

Securing Retina Fuzzy Vault System using Soft

Biometrics GJCST Computing Classification
D 4.6, I 2.3
N. Radha1 Dr. S. Karthikeyan2 P.Anupriya3

Abstract-The major concern of almost all the verification extensively used for authentication is face, fingerprint, hand
system is user authentication and security. This necessitates the geometry, keystroke dynamics, hand vein, iris, retina,
development of a mechanism that ensures user security and signature, voice, facial thermogram, and DNA.
privacy. A lot of research has been carried on this developing The use of above mentioned biometrics for recognizing
field and numerous techniques have been proposed earlier in individuals is becoming increasingly accepted and many
literature. These traditional methods use tokens and passwords
to provide security to the users. Uncertainly, it can be easily
applications are already accessible. These applications can
compromised by attackers and therefore it is significant to be hardly classified in to one of the following two
design verification system that ensures authentication. In categories, verification and identification [1] [2] [3]. The
recent years, technology has turned in favor of combining soft verification systems validate a person‘s identity by
biometrics and cryptographic key generation technique. The comparing the captured biometric characteristic with that of
principal feature of using soft biometric template is that it person‘s own biometric template previously stored in the
cannot be easily revoked by any unauthorized user. Most system whereas the identification systems recognize an
commonly used soft biometric features are iris, retina, face, individual by searching the entire template database for a
fingerprint, voice and so on. Fuzzy vault is the framework match with the captured biometric characteristic.
which comprises of the combination of soft biometrics and
The substitution of biometric features in the place of
cryptographic key generation technique. This fuzzy vault acts
as an additional layer of security. This overcomes the limitation passwords provides an assortment of advantages in
met by a biometrics system when implemented individually. verification systems such as access control and so on.
This paper proposes a biometric verification system Although biometrics provides a variety of advantages it has
investigating the combined usage of soft biometrics features some limitations. Once a biometric image or template is
hardened by fuzzy vault scheme. This approach uses retina as stolen, it is stolen forever and cannot be reissued, updated,
a soft biometric since it is capable of providing best results. or destroyed. An additional problem associated with the use
Experiments were conducted to investigate the performance of of biometrics is that once a biometric is chosen, the same
the proposed authentication system in ensuring the user biometric will be used to access many different systems.
security and privacy.
This means that, if it is compromised, the attacker will have
Keywords-Authentication, Cryptography, Fuzzy Vault right to use all the accounts/services/applications of that
Scheme, Retina Feature Extraction, Retinal Soft Biometrics. particular user [6]. This is the correspondent of using the
I. INTRODUCTION same password across multiple systems, which can lead to
some very serious problems in terms of security. Recently,
Biometric technology identifies individuals automatically by novel cryptographic techniques such as fuzzy commitment
using their biological or behavioral characteristics. There is and fuzzy vault were proposed to provide a secure storage
growing interest in the use of biometrics for a large for the reference biometric template [4] [5]. The soft
spectrum of applications, ranging from governmental biometric template of the user is vault with the randomly
programs to personal applications such as logical and generated key by a cryptographic framework so called
physical access control. Since biometric properties cannot ―Fuzzy Vault Scheme.‖ This overcomes the limitation met
be lost or forgotten in contrast to tokens and passwords, they by a biometric system when implemented individually.
offer an attractive and convenient alternative to identify and Moreover it improves user authentication and security.
authenticate user information. This paper proposes a biometric verification system,
The initial step of providing biometric authentication to user exploring the combined usage of soft biometrics features
is enrollment. In this enrollment stage a user registers with hardened by fuzzy vault scheme. This proposed approach,
the system where one or more measurements of user which will have enhanced security on comparison with the
biometric data are obtained. Each such measurement is then traditional systems. The soft biometric feature used in this
processed by some algorithm to obtain a ―te mplate‖, and method is retina, since it has been reported to provide some
stored in a database. Some of the user biometrics that is of the best results for verification systems and it remains
_______________________________
fairly unaltered during a person‘s lifetime. Experiments
About-1Ph.D.Scholar,Department of Computer Science Karpagam were conducted to examine the performance of the proposed
University,Coimabtore-21 ( [email protected] ) authentication system in ensuring security and privacy.
About-2Director,Department of Computer Science Karpagam The remainder of this paper is organized as follows. Section
University,Coimbatore-21(e-mail- [email protected]) 2 discusses the related work proposed earlier in literature for
About-3Lecturer,MCA Department PSGR Krishnammal college for women
Peelamedu,Coimabtore-4 ([email protected]) soft biometric authentication systems. Section 3 explains our
proposed system for providing authentication-using retina as
P a g e | 14 Vol. 10 Issue 7 Ver. 1.0 September 2010 Global Journal of Computer Science and Technology

soft biometric feature by hardening the fuzzy vault scheme. these biometric key binding/generation algorithms using the
Section 4 illustrates the experimental results with necessary fingerprint biometric. Moreover they illustrated the
explanations and Section 5 concludes the paper with fewer challenges involved in biometric key generation principally
discussions. due to extreme acquisition variations in the representation of
a biometric identifier and the imperfect nature of biometric
II. RELATED WORK
feature extraction and matching algorithms. They
Numerous research works has been proposed previously, sophisticated on the suitability of these algorithms for digital
which suggests the combination of biometrics and rights management systems. Experiments were conducted to
cryptography for developing a verification system [7] [8]. explore the performance of there discussed methods in
These are referred to as cancelable biometrics since it makes improving user security.
use of a one way transformation to convert the biometric A Biometric Verification System was proposed by Cimato
signal into irreversible form. This section of the paper et al. in [12]. In their proposed work they presented a
discusses some of the relevant work proposed earlier in biometric authentication technique based on the
literature for developing a user authentication system using combination of multiple biometric readings. The
soft biometric characteristics and fuzzy vault scheme. The authentication control can be performed offline and the
hardening of soft biometric features with fuzzy vault scheme stored identifier does not disclose any information on the
improves user security and privacy. biometric traits of the identified person, so that even in case
Moi et al. in [9] put forth an approach for identity document of loss or steal of the document, privacy is guaranteed. Their
using iris biometric cryptography. They presented an proposed approach ensures high level of security because of
approach to create a distinctive and more secure the association of multiple biometric readings. Biometric
cryptographic key from iris template. The iris images are techniques are more and more exploited in order to fasten
processed to generate iris template or code to be utilized for and make more consistent the identification process. The
the encryption and decryption tasks. The international combination of cryptography and biometrics increases the
standard cryptography algorithm – AES has been adopted in confidence in the system when biometric templates are
their work to produce a high cryptographic strength security stored for verification.
protection on the iris information. Their proposed approach Sunil et al. in [13] put forth a novel methodology for the
comprises of two processes. They are encryption and secure storage of fingerprint template by generating Secured
decryption process. Template matching is the process used Feature Matrix and keys for cryptographic techniques
for pattern recognition. The utilization of biometric as a key applied for data Encryption or Decryption with the aid of
is to enhance security in a more efficient way, decrease cancelable biometric features. They proposed a technique to
human mistakes during identification, increase user produce cancelable key from fingerprint so as to surmount
convenience and automation of security function. Their the limitations of traditional approaches. Cryptography is
experimental results revealed that their proposed approach merged with biometrics in Biometric cryptosystems,
out performed some of the traditional techniques in otherwise known as crypto-biometric systems [11]. They
providing authentication for the user. have introduced the concept of cancelable biometrics that
A two-phase authentication mechanism for federated was earlier proposed in [14]. Their approach facilitates the
identity management systems was described by Abhilasha et every incidence of enrollment to utilize a distinct transform
al. in [10]. The first phase consists of a two-factor biometric thus making expose cross matching unachievable.
authentication based on zero knowledge proofs. They Generally, the transforms utilized for distortion are chosen
employed techniques from vector-space model to engender to be non-invertible. Thus it is not possible to recover the
cryptographic biometric keys. These keys are kept secret, original (undistorted) biometrics despite knowing the
thus preserving the confidentiality of the biometric data, and transform method and the resulting transformed biometric
at the same time make use of the advantages of a biometric data.
authentication. The second authentication combines several An effective authentication scheme by combining crypto
authentication factors in concurrence with the biometric to with biometrics was projected by Hao et al. in [15]. They
make available a strong authentication. A key advantage of projected the first practical and secure way to integrate the
their approach is that any unexpected combination of factors iris biometric into cryptographic applications. A repeatable
can be used. Such authentication system leverages the binary string, which we call a biometric key, is generated
information of the user that is available from the federated reliably from genuine iris codes. The key is generated from
identity management system. Their proposed approach a subject‘s iris image with the support of auxiliary error-
improves privacy, reliability, security of the biometric data. correction data, which do not disclose the key and can be
Uludag et al. in [11] discussed the issues and challenges in saved in a tamper-resistant token, such as a smart card. The
implementing the biometric system for user authentication. reproduction of the key depends on two factors: the iris
They presented a variety of methods that monolithically biometric and the token. The attacker has to get hold of both
combine a cryptographic key with the biometric template of of them to compromise the key. Moreover they evaluated
a user stored in the database in such a manner that the key the technique using iris samples from 70 different eyes, with
cannot be revealed without a successful biometric 10 samples from each eye. As a result they found that an
authentication. They assessed the performance of one of error-free key can be reproduced reliably from genuine iris
Global Journal of Computer Science and Technology Vol. 10 Issue 7 Ver. 1.0 September 2010 P a g e | 15

codes with a 99.5 percent success rate. One can generate up to 140 bits of biometric key, more than enough for 128-bit
AES. The extraction of a repeatable binary string from
biometrics opens new possible applications, where a strong
binding is required between a person and cryptographic
operations.
Apart from above mentioned works numerous researches
has been done in this field of combining fuzzy and
cryptographic key generation techniques [23, 24, 25].
Establishing the identity of a person is a critical task in any
identity management system. Karthick Nandakumar et al. in
[16] [17] showed the password hardened finger print fuzzy (a)
vault in which password acts an additional layer of security. (b)
This additional layer of security improves the security and Fig. 2 (a). Original Retinal Template (b) Highlighted
privacy of users‘ biometric template data. The same concept Bifurcation Feature
mentioned in [16] was suggested to iris based hardened B. Hardening the retinal fuzzy vault using password
fuzzy vault scheme [17]. The approach discussed in [17]
applies a sequence of morphological operations to extract This is the significant step in the design of an authentication
minutiae points from the iris texture. Chen et al in [26] system. This makes use of the retinal template samples
proposes the use of a Higher Order Spectral (HOS) obtained from the database. The proposed system is
Transform that can be applied to biometric data as a secure implemented using MATLAB. The retinal samples that are
hash function. This HOS transform is non-invertible, is obtained from the database are first resized as per our
robust to noise in the input allowing it to tolerate the natural requirement. By highlighting the retinal bifurcation feature
variations present in a biometric and can be made to produce points the proposed method identifies the lock/unlock data.
a large number of significantly different outputs given an The bifurcation feature points are subjected to mathematical
identical input. operation like permutation and translation using password.
The principal requirement of this step is to achieve the three
III. OUR PROPOSED APPROACH
tuple parameters (u, v,  ). In which ‗u‘ and ‗v‘ signifies the
Our proposed methodology of fuzzy vault construction row and column indices respectively of the image found out
and  symbolizes the orientation parameter. These
using retina as a soft biometric feature involves three steps.
In the initial step the retinal template is subjected to undergo transformed feature points are then secured in the fuzzy
a random transformation. The approach makes use of the vault using the 128 bit randomly generated key. A 64 bit
advantages provided by both the fuzzy framework and the user password is used to transform the randomly generated
soft biometrics, thereby enhancing the security and privacy. key. Additionally, the same can be used to encrypt the vault.
In the next step the obtained transformed template is secured
with the assistance of constructing a fuzzy vault. The final
step comprise of hardening the constructed fuzzy vault by C. Transformation of Extracted Bifurcation Feature Points
encrypting the vault with the key randomly generated from
As mentioned previously the retinal vascular tree holding
soft biometric features and the user password. The password
the bifurcation points are destined to under go mathematical
pretends as an additional layer of security. Fig 1 shows the
operations like permutation and translation. As a result of
soft biometric hardening of retina-based fuzzy vault scheme
this process the original bifurcation points will get
A. Retinal Bifurcation Feature Point Extraction transformed into new points. There is a constraint on the
number of characters used for user password. The user
The technique described by Chen et al. in [19] is utilized in password is of 8 characters in length. Therefore a total of 64
this paper, for extracting the bifurcation feature points from
retina. The retinal bifurcation points are extracted to
improve the security and privacy of the user. The
combination of soft biometrics characteristics and fuzzy
vault scheme exploit the performance of the authentication
system that was developed in recent years. In our approach
the bifurcation feature of retina were obtained form vascular
pattern of retina. The two major operations to be performed
on the retinal template are thinning and joining operation, in
order to extract the retina vascular pattern. As a result of this
operation the bifurcation feature points are extracted from
the retinal template. Fig .2 (a) represents the original retinal
template. Fig.2 (b) shows the highlighted bifurcation feature
points in a retinal vascular tree after performing thinning
and joining operations
P a g e | 16 Vol. 10 Issue 7 Ver. 1.0 September 2010 Global Journal of Computer Science and Technology

bits are considered for randomization. These 64 bits are The transformation that is utilized to derive at the new
further divided into 4 blocks each block consisting of 16 retinal points is Xu‘ = (Xu+Tu) mod (2^7)
bits. The first five characters resemble the password and the Yv‘ = (Yv+Tv) mod (2^9)
last three characters denote the soft biometric feature of the In which Xu and Xu‘ represents the horizontal distance
user. The five-character password used in our before and after transformation respectively. In the similar
implementation is ― TOKEN.‖ The last three characters that manner, Yv and Yv‘ represents the vertical distance before
indicate the user soft biometric characteristics are as and after transformation respectively.
follows. The sixth character denotes the height, the seventh
D. Encoding the vault
stand for gender, and the eighth character resembles iris
color of the user. This step secures the vault from being modified by an
As an initial stage of implementation the bifurcation points imposter from the knowledge of the password. The approach
are divided into 4 quadrants. Each quadrant is then substitutes Reed-Solomon reconstruction step by Lagrange
processed with one password prior to permutation and interpolation and cyclic redundancy check (CRC) based
translation operations. Care must be taken while applying error detection. The obtained feature points are consistently
the permutation operation. Note that there should not be any quantized and articulated as binary strings. Therefore this
change in the relative position of the bifurcation points. The can be represented as an element in Galois Field GF (216).
16 bits of each quadrant is segmented into two bit block, one A large number of the chaff points are generated by the
containing 9 bits and the other containing 7 bits. Tu denote method mentioned in [4] [20]. Finally these chaff points are
the segment with 7 bits and Tv denote the segment with 9 combined with the obtained feature points to make the
bit length. Tu and Tv represents the amount of translation in imposter unaware of the genuine points in the retina.
the horizontal and in the vertical directions, respectively. Fig
E Decoding the vault
3 shows transformed retinal bifurcation points.
The user password is used to decrypt the encrypted fuzzy
vault and the bifurcation feature points of the retina in this
authentication phase. The helper data or a set of high
curvature points are created in order to make possible the
alignment of query minutiae to the biometric template. A
transformation based on the password is implemented on the
query feature points and the vault is unlocked.
IV. EXPERIMENTS AND RESULTS
(a) (b) The proposed work is implemented in MATLAB 7.0. The
essential parameters used in this implementation are the
Fig 3. (a) and (b) Transformed bifurcation Points. (Blue- number of chaff points (c), number of genuine points (r),
Transformed, Red-Original Points) and the total number of points (r+c). More the number of
chaff points used, more is the privacy and security. It is
remarkable that the number of chaff points introduced must
be ten times the total number of genuine points that are
available in the retinal template. The number of chaff points
Global Journal of Computer Science and Technology Vol. 10 Issue 7 Ver. 1.0 September 2010 P a g e | 17

TABLE I Bifurcation points before and after transformation

used determines the security and authentication provided by

the developed system.
The revocability is evaluated by transforming the retinal the retinal based genuine point determination pose a great
(biometric) template for user password and soft biometric challenge to all most all the attackers. Fuzzy vault is the
features. The proposed approach makes use of 8 characters framework which comprises of the combination of soft
to secure the vault as mentioned earlier. These 8 characters biometrics and cryptographic key generation technique.
comprises of both the user password and the soft biometric User password is used to improve the security and privacy
characteristics of the user. The 8 characters can be grouped of the authentication system. This
into two parts one containing the password of five password acts as an additional layer of security. Even if the
characters. The sixth character denotes the height, the password is compromised by an imposter it is hard to match
seventh and the eighth represents the gender and the color of the biometric template. Thereby, the security provided by
iris respectively. Table 1 shows an example bifurcation biometric feature is not affected. In future, works to improve
points for one quadrant before the transformation and after the performance of the vault can be carried out by applying
performing the transformation for user password ― VAULT‖, non-invertible transformation and multiple biometric traits
and user soft biometrics features namely height, gender and [21] [22]. This considerably reduces the failure to capture
iris color. rate thus improving the performance of fuzzy vault
The corresponding ASCII values of the 8 characters are
utilized to secure the fuzzy vault. For the user password set VI. REFERENCES
as ― VAULT‖ the corresponding ASCII values are
1) Jain, S. Pankanti, S. Prabhakar, L. Hong, and A.
determined as (86, 65, 85, 76 and 84). The remaining three
Ross, ― Biometrics: A Grand Challenge‖,
characters are represented by the soft biometric features of
Proceedings of the International Conference on
the user. The value of the user height can be used as one
Pattern Recognition, Vol. 2, pp. 935–942,
parameter, and the remaining two ASCII values are
September 2004.
calculated using the gender and the iris color of the user.
2) Wayman, A. Jain, D. Maltoni, and D. Maio,
With the change in the password variety of transformed
―Biometric Systems: Technology, Design and
templates can be obtained for same original biometric
Performance Evaluation,‖ Springer-Verlag, 2005.
template. A variety of applications can use the soft
3) Maltoni, D. Maio, A. K. Jain, and S. Prabhakar,
biometric features with different passwords thus averting the
―Handbook of Fingerprint Recognition,‖ Springer,
cross matching.
2003.
V. CONCLUSION 4) Juels, and M. Sudan, ―AFuzzy Vault Scheme‖,
Proceedings of the International Symposium on
As the decades pass by, improving the security and the Information Theory, p. 408, Lausanne,
privacy of the verification system is a challenging issue in Switzerland, June 2002.
recent years. Therefore, it is necessary to design a 5) Juels, and M. Wattenberg, ―AFuzzy Commitment
verification system that is more users friendly and secure. Scheme,‖ Proceedings of the 6th ACM Conference
The proposed approach determines to combine the soft on Computer and Communications Security, pp.
biometrics features and the cryptographic framework to 28-36, New York, NY, USA, 1999.
develop a verification system that suits for a wide variety of 6) Tiago Santos, Gonçalo Lourenço, Luís Ducla
applications. The biometric template that is taken into Soares, and Paulo Lobato Correia, ― Enhancing
consideration in this approach is retina because of the Biometrics Security,‖ 2009.
advantage that
P a g e | 18 Vol. 10 Issue 7 Ver. 1.0 September 2010 Global Journal of Computer Science and Technology

7) N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. 20) K. Jain, L. Hong, and R. Bolle, ―On -line
Bolle, ―Generating Cancelable fingerprint Fingerprint Verification,‖ IEEE Transaction on
templates,‖ IEEE Transactions on Pattern Analysis Pattern Analysis and Machine Learning, vol. 19,
and Machine Learning, vol. 29, no. 4, pp. 561-572, no. 4, pp. 302-314, April 1997.
2007. 21) Jain, Anil K. Jain and Arun Ross, ― Multibiometric
8) Savvides, B. V. K. V. Kumar, and P. K. Khosla, systems,‖ Communications of the ACM,‖ January
―Can celable Biometric filters for face recognition,‖ 2004, Volume 47, no. 1, 2004.
Proceedings of ICPR, Vol. 3, pp. 922-925, 22) K. Jain and A. Ross, ―L earning User-specific
Cambridge, UK, September 2004. parameters in a Multibiometric System‖,
9) Sim Hiew Moi, Nazeema Binti Abdul Rahim, Proceedings of IEEE International Conference on
Puteh Saad, Pang Li Sim, Zalmiyah Zakaria, and Image Processing (ICIP), Rochester, New York,
Subariah Ibrahim, ― Iris Biometric Cryptography for pp. 57 – 60, 2002.
Identity Document,‖ IEEE Computer Society, 23) Monrose, M. K. Reiter, Q. Li, and S. Wetzel,
International Conference of Soft Computing and ―Cr yptographic Key Generation from Voice,‖ in
Pattern Recognition, pp. 736-741, 2009. Proceedings IEEE Symposium on Security and
10) Abhilasha Bhargav-Spantzel, Anna Squicciarini, Privacy, Oakland, pp. 202-213, May 2001.
and Elisa Bertino, ― Privacy preserving multi-factor 24) Dodis, L. Reyzin and A. Smith, ― Fuzzy Extractors:
authentication with biometrics,‖ Conference on How to generate Strong Keys from Biometrics and
Computer and Communications Security, pp. 63- other Noisy Data,‖ in Proceedings of International
72, 2006. Conference on Theory and Application of
11) U. Uludag, S. Pankanti, S. Prabhakar, A. K. Jain, Cryptographic Techniques, pp. 523-540, May
―Biometric cryptosystems: issues and challenges,‖ 2004.
vol. 92, no. 6, pp. 948-960, 2004. 25) Jain, A. K., Nandakumar, K., and Nagar, A.
12) Stelvio Cimato, Marco Gamassi, Vincenzo Piuri, Biometric template security. EURASIP J. Adv.
Roberto Sassi, and Fabio Scotti, ―A Biometric Signal Process 2008, Jan 2008.
Verification System Addressing Privacy 26) Chen, Brenden Chong and Chandran, Vinod
Concerns,‖ International Conference on Biometric template security using higher order
Computational Intelligence and Security (CIS spectra. In: International Conference on Acoustics,
2007), pp.594-598, 2007. Speech, and Signal Processing (ICASSP) 2010, 14-
13) Sunil V. K. Gaddam, and Manohar Lal, ― Efficient 19 March 2010
Cancelable Biometric Key Generation Scheme for
Cryptography,‖ International Journal of Network
Security, vol. 11, no. 2, pp. 57-65, 2010.
14) R. Ang, R. Safavi-Naini, and L. McAven,
―Can celable key-based fingerprint templates,‖
ACISP 2005, pp. 242-252, 2005.
15) Feng Hao, Ross Anderson, and John Daugman,
―Co mbining Crypto with Biometrics Effectively,‖
IEEE Transactions on Computers, vol. 55, no. 9,
pp. 1081-1088, 2006.
16) Karthik Nandakumar, Abhishek Nagar, and Anil
K.Jain, ― Hardening Fingerprint Fuzzy Vault Using
Password‖, International conference on Biometrics,
pp. 927 – 938, 2007.
17) Srinivasa Reddy, and I. Ramesh Babu,
―Performance of Iris Based Hard Fuzzy Vault‖,
Proceedings of IEEE 8th International conference
on computers and Information technology
workshops, pp. 248 – 253, 2008.
18) Karthick Nandakumar, Sharath Pankanti, and Anil
K. Jain, ― Fingerprint-Based Fuzzy Vault
Implementation and Performance‖, IEEE
Transacations on Information Forensics and
Security, vol. 2, no. 4, pp.744 – 757, December
2007.
19) Li Chen, and Xiao-Long zhang, ― Feature-Based
Image Registration Using Bifurcation Structures‖,
Matlab Central.