A Security-enhanced Alignment-free Fuzzy
Vault-based Fingerprint Cryptosystem Using
Pair-polar Minutiae Structures
Cai Li, Jiankun Hu
Abstract— Alignment-free fingerprint cryptosystems perform
matching using relative information between minutiae, e.g.,
local minutiae structures, is promising because it can avoid the
recognition errors and information leakage caused by template
alignment/registration. However, as most local minutiae
structures only contain relative information of a few minutiae
in a local region, they are less discriminative than the global
minutiae pattern. Besides, the similarity measures for
trivially/coarsely quantized features in existing work cannot
provide a robust way to deal with nonlinear distortions, a
common form of intra-class variation. As a result, the
recognition accuracy of current alignment-free fingerprint
cryptosystems is unsatisfying. In this paper, we propose an
alignment-free fuzzy vault-based fingerprint cryptosystem
using highly discriminative pair-polar (P-P) minutiae
structures. The fine quantization used in our system can
largely retain information about a fingerprint template and
enables the direct use of a traditional, well-established minutiae
matcher. In terms of template/key protection, the proposed
system fuses cancelable biometrics and biocryptography.
Transforming the P-P minutiae structures before encoding
destroys the correlations between them, and can provide
privacy-enhancing features, such as revocability and protection
against cross-matching by setting distinct transformation seeds
for different applications. The comparison with other
minutiae-based fingerprint cryptosystems shows that the
proposed system performs favorably on selected publicly
available databases and has strong security.
Index Terms— Fingerprint, biocryptosystem, cancelable,
quantization, alignment-free, local minutiae structures, fuzzy
vault, pair-polar minutiae structures.
EDICS: BIO-MODA-FIN; BIO-SECP
I.
INTRODUCTION
Fingerprint recognition is one of the most mature and popular
biometric authentication techniques because of its stability,
individuality and cost-effectiveness [1-3]. Methods of
fingerprint recognition can be classified into two main
categories: texture-based and minutiae-based. The first method
extracts patterns of valleys and ridges of fingerprint images as
Copyright (c) 2013 IEEE. Personal use of this material is permitted.
However, permission to use this material for any other purposes must be
obtained from the IEEE by sending a request to pubs-permissions@ieee.org
Cai Li is with the School of Engineering and Information Technology,
University of New South Wales at Canberra, Canberra, Australia. (e-mail:
Cai.Li2@student.adfa.edu.au).
Jiankun Hu is with the School of Engineering and Information Technology,
University of New South Wales at Canberra, Canberra, Australia. (e-mail:
J.Hu@adfa.edu.au).
the distinctive features of an individual while the second
method uses minutiae information (referred to ridge ending and
ridge bifurcation) to identify and verify users. In comparison,
minutiae-based matching methods are more reliable, thus being
widely-studied in the past decade [1, 2, 4, 5].
The use of fingerprint techniques significantly enhances
individuals’ security and privacy in banking systems, mobile
transaction and so forth, but it has meanwhile brought about
some new challenges. Firstly, fingerprint impressions suffer
from nonlinear distortion during the acquisition process.
Several factors contribute to the fingerprint distortion,
including the applied pressure, the skin moisture, the elasticity
of the skin [6], etc. Therefore, choosing reliable features that
are robust to nonlinear distortion plays a dominant role in
building a fingerprint system of high recognition accuracy.
Besides, unlike traditional protection techniques (token cards
and passwords) which can be reissued or reset, biometric
templates are hard to be replaced because of the scarcity of
biometric traits an individual possesses. What is worse,
repeated use of the same biometric features in different
applications aggravates the loss to the owners once they are
compromised by attackers. This security concern gives rise to
the development of template protection techniques [7-18].
Biocryptosystems [11-18] provide a win-win solution for
both template protection as well as cryptographic key
generation. In a biocryptosystem, a cryptographic key is either
bound with a biometric template to encrypt each other or
directly generated from the template. Meanwhile, some
biometric-dependent information (referred to as helper data) is
generated, which assists in recovering the key and template. A
successful biocryptosystem must satisfy that it is computational
infeasible to recover the key or template given the helper data
only. So far, minutiae-based fingerprint cryptosystems can be
divided into two categories: fingerprint cryptosystems based on
the conventional matching algorithm (requiring alignment
before
matching),
and
alignment-free
fingerprint
cryptosystems. The conventional algorithms use the Cartesian
positions and orientations of minutiae as matching features,
which makes alignment a necessary procedure because
impressions captured at different times or by different sensors
are likely to be translated and rotated versions of each other.
Generally, alignment in fingerprint cryptosystems is conducted
in two ways [19]. The first approach assumes that minutiae
features are pre-aligned prior to constructing any cryptosystem
[20, 21]. The second is to stores some additional information
about a fingerprint template in the cryptosystem to facilitate
automatic alignment during the verification process [22-24].
On the one hand, pre-alignment is only acceptable in research
but not practical in real-life applications because of the original
template’s inaccessibility in the encrypted domain. On the
other, fingerprint automatic alignment produces two new
issues. Firstly, it relies greatly on the accurate detection of
reference points, such as core points [25], reference minutiae
[22] and high curvature points [23], which is a non-trivial task.
The experimental results provided by Zhang et al. [26] showed
that even the routine image rotation transformation process can
cause significant deviations of singular points, not to mention
the reference points becoming invisible or even nonexistent in
some fingerprint images. As a result, matching based on
automatic alignment may lead to a high FRR (false rejection
rate). Secondly, reference points may leak some information
about the original template. Li et al. [27] suggested that storing
singular points can help an attacker distinguish between
genuine and chaff points in a fuzzy vault, which reduces system
security.
To address the above issues, alignment-free fingerprint
cryptosystems that perform matching using relative
information between minutiae, e.g., local minutiae structures
[28-32], have been widely studied in recent years. As the
relationships between minutiae do not vary with rotation or
translation, they are transformation-invariant features. Jeffers et
al. [33] investigated the robustness of three different minutiae
representations, the five-nearest neighbor, Voronoi neighbor
and triangle structures, and discussed their suitability for the
fuzzy vault construction. Later, they [34] implemented a
practical fingerprint cryptosystem based on the PinSketch
construction [14] using the five-nearest neighbor structure. Li
et al. [27] proposed an alignment-free fingerprint cryptosystem
based on the fuzzy vault scheme. In their method, minutiae
descriptors and the two-nearest neighbor structure, both of
which are invariant to transformation in the fingerprint
capturing process, are incorporated by adopting three different
fusion strategies. Yang et al. [35] described the relationship
between two minutiae as the address of a neighbor minutia with
respect to the reference one in a pre-built 3D array. The
Voronoi neighbor structure of each minutia is then represented
by a set of addresses in binary format which are fed into the
PinSketch. Later, they [36] designed a new local minutiae
structure representation called the Delaunay quadrangle which
they successfully applied to the fuzzy commitment. The
Delaunay quadrangle, which is formed by jointing any two
Delaunay triangles that share a common side, can effectively
address the change in a triangular structure arising from
nonlinear distortion and provide more discriminative
information than Delaunay triangles.
Although the use of transformation-invariant features
enables matching without alignment and eliminates recognition
errors caused by unreliable alignment, the recognition accuracy
of existing alignment-free fingerprint cryptosystems is
insufficiently satisfying. The factors leading to poor accuracy
are manifold. Firstly, compared with the global minutiae
pattern that considers the global spatial relationships between
all the minutiae in a fingerprint image, as the above mentioned
local minutiae structures contain only relative information of a
few minutiae in a local region, they are less discriminative; for
example, Jeffers et al. [33] showed that the discrimination
between true and false matches for the three local minutiae
structures (the five-nearest neighbor, Voronoi neighbor, and
triangle structures) is quite limited. To be more precise, with
the thresholds given in their experiments, impressions from the
same finger/different fingers tend to have approximately
75%/50% of triangles in common, with those of the Voronoi
neighbor and five-nearest neighbor structures 80%/60% and
70%/30%, respectively. Although minutiae descriptors and
auxiliary local features are employed in [27] and [36],
respectively, to increase the discriminative power of their
proposed local minutiae structures, it is worth noting that they
both act as an artificial filter to reject imposters rather than
encrypted features. If an attacker obtains the helper data (the
vault or sketch), he can bypass this filter and directly recover
the key/template. As the distinguishing capability of both the
two-nearest neighbor structure and Delaunay quadrangle is
relatively poor, the key/template is very likely to be retrieved
with an imposter’s fingerprint. That is to say, the performances,
particularly of the genuine rejection rates (GRR), reported in
[27] and [36] are highly unachievable in practice. Secondly, the
similarity measures for original fingerprint templates are quite
different from those considered in cryptosystems [37]; for
example, a typical fingerprint matching algorithm considers
two fingerprints matched if more than a certain number of
minutiae in one are near distinct minutiae in the other. In this
case, the similarity measures in fingerprint cryptosystems have
to consider both the Euclidean distance and set difference. In
[33, 35, 36], trivial quantization is used to deal with the
Euclidean distance, that is, the original feature domain is
segmented into several non-overlapping parts while all
information inside a part is assigned a specific value. Although
this approach is neat and able to somewhat tolerate nonlinear
distortion via the quantization operation, it may map originally
similar features into different segments due to quantization
boundaries. In [27] and [34], original minutiae features are
coarsely quantized and then matching is performed via some
sort of similarity measure. The main problem with this
technique is that coarse quantization will lead to
discrimination/information loss of the original features because
short binary strings are insufficient to represent features from a
large domain. Also, traditional and well-established similarity
measures specially designed to deal with fingerprint intra-class
variations cannot be applied directly to coarsely-quantized
features.
Considering the above issues, in this chapter, we propose a
security-enhanced alignment-free fuzzy vault-based fingerprint
cryptosystem using pair-polar (P-P) minutiae structures. The
main contributions of this chapter are as follows.
1) Compared with other local minutiae structures that
contain only relative information of a few minutiae in a
local region, as the P-P minutiae structure used in the
proposed system describes the relationships between a
reference minutia and all the others in a fingerprint
within its polar coordinate space, it is more
discriminative (experimentally proven).
2) A well-established minutiae matcher in global minutiae
matching algorithms is seamlessly transformed into a
transformation-invariant feature-applicable version and
information about the original features is largely
retained using a fine quantization, which only removes
the decimal parts of the features.
Unlike many fuzzy vault constructions that choose
chaff points separated by a minimum distance d from
any genuine point and previously added chaff point,
where d is the distance inside which a query feature
and vault point are considered matched during
verification, the proposed vault selects both genuine
and chaff features greater than 2d away from each
other. As this design removes the probability that a
query feature matches multiple points in the vault,
decoding time is significantly reduced.
4) For security enhancement, each P-P minutiae structure
is transformed before being encoded into the fuzzy
vault. The transformation functions take a pre-set seed
and an invariant value extracted from each reference
minutia as parameters. This approach fully combines
the advantages of both cancelable biometrics and
biocryptography. Firstly, transforming the P-P minutiae
structures before encoding destroys the correlations
between them and can provide privacy-enhancing
features, such as revocability and protection against
cross-matching attacks, by setting distinct seeds for
different applications. Secondly, the transformed
genuine features are blurred by a greater number of
chaff points, which further increases the difficulty of
deriving the original features from the transformed
ones.
The rest of this paper is organized as follows. The P-P
minutiae structures are introduced in Section II, including
structure generation and the minutiae matcher used in our
system. In Section III, We experimentally explore the
discrimination ability of the P-P minutiae structures. The
proposed scheme with security-enhancement is described
detailedly in Section IV. Section V and Section VI concentrate
on the analysis and discussion of experimental results and
security. The conclusion and future work are given in Section
VII.
Mj
3)
II.
PAIR-POLAR (P-P) MINUTIAE STRUCTURE
A. Generation of Structure
A fingerprint F is always represented by a set of minutiae,
i.e., F M i i 1 , M i ( xi , yi ,i ) , where ( xi , yi ) are the
N
Cartesian coordinates of M i , i its orientation and N the
number of minutiae in F . When M i is selected as a reference
minutia, we denote the relative position of a minutia M j , j i
to M i by a P-P coordinate vector vij (rij , ij ,ij ) . Here M i
serves as the center of a polar coordinate space, the orientation
of which acts as the 0 axis, rij is the radial distance between
M i and M j , ij the counter-clockwise angle between the
rij
ik
rik
ik
ij
ij
Mi
Mk
Fig. 1. Pair-polar structure of minutia M i ( N 3 ).
B. Minutiae Matcher
In global minutiae matching algorithms, after two
fingerprints (a template and query) are aligned, their
corresponding minutiae are paired. M j ( x j , y j , j ) from the
template and M j ( x j , y j , j ) from the query are regarded
as a pair of matched points if the conditions in (1) and (2) are
simultaneously met [38].
( x j x j ) 2 ( y j y j ) 2 d
j j ,
(1)
(2)
where d and are predefined distance and angle thresholds,
respectively. This minutiae matcher is widely adopted in
minutiae-based fingerprint matching because it can effectively
deal with the intra-class variations between different captures
of the same fingerprint.
At first glance, the above well-established minutiae matcher
cannot be applied directly to the P-P coordinate vectors which
represent relative information and do not contain Cartesian
positions. However, we can seamlessly transform it into a
transformation-invariant feature-applicable version as below.
Let vij (rij , ij ,ij ) (the relative position of minutia M j to
M i ) and vkl (rkl , kl ,kl ) ( the relative position of minutia
M l to M k ) be two P-P coordinate vectors for comparison.
After M i and M k are aligned, M j and M l in the new
coordinate space can be expressed as (rij cos ij , rij sin ij ,ij )
and (rkl cos kl , rkl sin kl ,kl ) , respectively. Assuming that vij
matches vkl when M j matches M l , the conditions in (1) and
orientation of M i and direction of M i M j , and ij the
(2) are transformed into P-P coordinate vector-applicable
conditions, i.e., vij matches vkl if they simultaneously satisfy
orientation difference between M i and M j . In this case, the
the conditions in (3) and (4).
P-P structure of M i can be represented by Vi {v }
Figure. 1) and F by F {Vi }iN1 [8].
N
ij j 1, j i
(see
(rij cos ij rkl cos kl )2 (rij sin ij rkl sin kl )2
rij 2 rkl 2 2rij rkl cos(ij kl ) d
ij kl
(3)
(4)
TEST OF DISCRIMINATION ABILITY
90
The P-P minutiae structure describes the relationships
between a reference minutia and all the other minutiae in a
fingerprint within its polar coordinate space. As a fingerprint
usually contains 30 to 50 minutiae, the features extracted from
this structure are more discriminative than those from other
local minutiae structures, such as the five-nearest neighbor,
Voronoi neighbor and triangle. Also, distortions in local areas
are no longer determinants of structure matching. To test the
discriminative power of the P-P minutiae structure, we conduct
experiments on the publicly available database FVC2002DB2.
In our experiment, we compare the first image of each finger,
firstly with the second image of the same finger and then with
the first images of the remaining fingers to evaluate the number
of structures that successfully find a match in either case. For
simplicity, the thresholds d and are fixed as d 9 and
20 . Two P-P minutiae structures are deemed matched if
they have no less than n matched P-P coordinate vectors. The
results obtained from the experiment are shown in Figure 2, in
which we can see that, when n 3 , the percentage gap is
slightly less than 60% and, when n 4,5,6 , increases to more
than 70%. Obviously, the P-P minutiae structure is more
discriminative than five-nearest neighbor (40%), Voronoi
neighbor (20%), and triangle structures (25%).
Although the probability that a specific P-P structure finds a
match in a different finger sample is relatively small, it is still
very likely that different samples have at least one matched P-P
structure due to the large number of P-P structures (30 to 50) in
a fingerprint; for example, the probability of a P-P structure
from a fingerprint finding a match in a different one is about
1.5% when n 5 . Assuming that P-P minutiae structures
generated from a fingerprint are mutually independent and each
fingerprin contains 30 minutiae, the probability that two
fingerprints captured from different fingers having at least one
matched
P-P
structure
can
be
calculated
by
P 1 0.985 ^ 30 0.3645 . To further reduce the false
acceptance rate (FAR), we set another threshold m to control
the number of matched P-P minutiae structures, whereby two
fingerprints are regarded as matched if the number of their
matched P-P minutiae structures is not less than m . In this
case, the probability that a genuine fingerprint is accepted can
be calculated by
30 30
(5)
GAR ( ps )i (1 ps )30 i ,
i m m
and the probability that a false fingerprint is accepted by
30 30
FAR ( pd )i (1 pd )30 i ,
(6)
i m m
where ps and pd denote the probability that a P-P minutiae
structure finds a match in the same and different finger samples,
respectively. If we set m 4 and n 5 ( ps 0.74 ,
pd 0.015 ),
30 30
GAR (0.74)i (1 0.74)30 i 1
i 4 4
and
30 30
FAR (0.015)i (1 0.015)30 i 0.001 , which offers
i 4 4
high recognition accuracy.
successful matches in same finger samples
successful matches in different finger samples
80
percents of matched pair-polar minutiae structures
III.
70
60
50
40
30
20
10
0
n=3
n=4
n=5
n=6
Fig. 2. Percentages of matched pair-polar minutiae structures in same and
different finger samples.
IV.
PROPOSED SCHEME
A. Encoding Stage
To address errors in different feature levels, a two-level
secure sketch (a fuzzy vault and Shamir’s secret sharing
scheme) is used in the encoding procedure (see Figure 3), the
detailed steps in which are as follows.
1) Given a fingerprint template T , we first extract the
M
T
i
template minutiae set
NT
i 1
using the software
VeriFinger 6.0 from Neurotechnology [39], where N T is
the number of minutiae in T . From this set, we choose
only 30 well-separated genuine minutiae, i.e., the
minimum distance between each is greater than a
predefined threshold d . The distance between two
minutia points M i and M j is defined as
D(M i , M j )
x x y y
2
2
w i j ,
where i j min i j ,360 i j
i
j
i
j
and w
is
the weight assigned to the orientation attribute [23]. If the
number of well-separated minutiae in the template is less
than 30, all will be chosen and we denote the selected
minutiae set by SM T M iT
ST
i 1
( S T 30 ). The reason
we set the upper bound for the number of genuine minutiae
is to reduce the processing time required for matching.
2) A chaff minutiae set CM M c c 1 is generated
R
iteratively as below. A randomly generated minutia M
can be added into CM if M is well-separated from all the
points in the set CM SM T .
3) For each minutia M i SM T , its P-P structure, denoted by
ViT {vijT }Sj 1, Rj i , is constructed by connecting M i to all
T
the other minutiae M j SM T
CM . Then the features in
p1
Vault1
Key
binding
V1T
K1
Vault2
p2
( H ( Ki ), p( Ki ))i 1 ( K 0 , p( K 0 ))
ST
Minutiae
extraction
Key
binding
Build P-P
structures
Add chaff
minutiae
V2T
.
.
.
.
.
.
.
.
.
Key
binding
T
K2
pS T
{H ( K i )}iS 1
K
VaultS T
Key
binding
VSTT
K sT
Fig. 3. Encoding stage.
Vaulti
Next
decoding
attempt
No
Key
decoding
V1Q
H ( A1 ) H ( Ki )
Ai
Yes
( Ai , p( Ki ))
Vault j
Minutiae
extraction
Next
decoding
attempt
Key
decoding
Build P-P
structure
No
Q
2
V
.
.
.
.
.
.
.
.
.
VSQQ
Aj
H ( Aj ) H ( K j )
Yes
( A , p( K ))
j
Key
decoding
j
UL
K
( K0 , p( K0 ))
Vaultk
( Ak , p( K k ))
Next
decoding
attempt
Key
decoding
No
Ak
H ( Ak ) H ( K k )
Yes
Fig. 4. Decoding stage.
vijT are quantized and represented as bit strings Trij , Tij
and Tij , respectively.
segments as Ki ki , n 1 || ki , n 2 || ... || ki ,0 , with each segment
Concatenating these three bit
l bits in length and the length of K i ln. Then, we encode
strings, we can obtain a l-bit binary string CBijT which
For each M j SM T M i , pi ( x) is evaluated at CBijT to
represents the P-P coordinate vector vTij . Correspondingly,
the P-P structure Vi T
T
ij
ST R
j 1, j i
{CB }
can then be expressed by
.
4) Each P-P structure Vi T is encrypted into the fuzzy vault
construction (the first level secure sketch). Specifically,
given a cryptographic sub-key K i , we divide it into n
K i into a polynomial pi as pi ( x) ki ,n1 xn1 ki ,n2 xn2 ... ki ,0 .
generate a genuine point set GSi {(CBijT , pi (CBijT ))}M SM T , j i ,
while
for
each
M j CM ,
CSi {(CB , yij )}M j CM
T
ij
j
a
chaff
point
set
in which yij pi (CB ) , is
T
ij
generated. The computation is operated in the Galois field
GF (228 ) , with GSi and CSi composing a vault Vaulti . In
addition, a hash value of K i ( H ( Ki ) ) is stored for
verification during the decoding process.
5) In this stage, the second level secure sketch, which is
essentially the Shamir’s secret sharing scheme, is applied.
Given a cryptographic key K provided by a user, if we
expect that m of K i is sufficient to recover it, we divide
K into m 1 segments as K km || km1 || ... || k0 , with
each element 28n bits in length and the length of K
28(m+1)n. Subsequently, we construct a polynomial p
by
km , km 1...k0
taking
as
its
coefficients,
i.e.,
p( x) km x km1 x ... k0 , and evaluate p( x) at each
sub-key K i . K i is then discarded and p( Ki ) paired with
H ( Ki ) as ( p( Ki ), H ( Ki )) . Finally, we randomly choose a
m 1
m
ln-bit
string
K0 ,
compute
p( K 0 )
and
publish
( K0 , p( K0 )) .
Combing the fuzzy vault construction and the Shamir’s
secret sharing scheme, the total sketch data our two-level
construction
produces
can
be
represented
by
SD Vaulti ,( H ( Ki ), p( Ki ))i 1
ST
(K0 , p(K0 ))
, which is stored
explicitly for key recovery.
B.
Decoding Stage
The decoding procedure is shown in Figure 4 and its detailed
steps are explained below.
1) Given a fingerprint query Q , we first extract the query
minutiae set
M
Q
Q N
k k 1
, where N Q is the number of
minutiae in Q . From this set, we choose only 30
well-separated minutiae (if the number of well-separated
minutiae in the query is less than 30, all will be chosen) and
denote the selected minutiae set by SM Q M kQ
SQ
k 1
(
S Q 30 ).
2) For each minutia M k SM Q , we construct its P-P
structure by connecting it to all the other minutiae
M l SM Q and denote it by VkQ {vklQ }lS1,l k , where
Q
vklQ (rklQ , klQ ,klQ ) . Then the features rklQ , klQ and klQ are
converted to integers (by a floor function) and represented
as bit strings Qrkl , Qkl and Qkl , respectively. As a result,
the
P-P
structure
{(Qrkl , Qkl , Qkl )}lS1,l k .
VkQ
can
be
represented
by
Q
3) The elements in VkQ are paired with those in Vaulti one by
one. In particular, for each P-P coordinate vector
vklQ (Qrkl , Qkl , Qkl ) VkQ , we search for an element
(CBijT , y) from Vaulti
which meets the conditions
dec(Qrij )2 dec(Qrkl )2 2dec(Qrij )dec(Qrkl )cos(dec(Qij ) dec(Qkl )) d
and dec(Qij ) dec(Qkl ) , and add the qualified one
into a unlocking set ULi . Here CBijT Trij || Tij || Tij and
dec( x) denotes the decimal representation of x . Now,
there are two situations to be considered.
a) If ULi n , which means that there is insufficient
information to reconstruct pi , we pair VkQ with the
next vault.
b) If ULi n , for each subset of size n of the
unlocking set ULi , we construct a polynomial
by
Lagrange
pi ai , n 1 xn 1 ai , n 2 x n 2 ... ai ,0
interpolation and concatenate its coefficients as
Ai ai ,n 1ai ,n 2 ...ai ,0 . Then, we compute H ( Ai ) and
compare it with H ( Ki ) . If H ( Ai ) H ( Ki ) , it
indicates that Ai Ki with overwhelming probability
and ( Ai , p( Ki )) is added into a unlocking set UL .
Otherwise, we repeat the same procedure for the next
subset. After all the subsets are traversed, if no Ai
satisfies H ( Ai ) H ( Ki ) , we pair VkQ with the next
vault.
4) Step 2 and Step 3 are repeated until all the P-P structures
generated from the query are examined. We then check the
unlocking set UL . If the number of elements in UL is
smaller than m , the key recovery/verification fails.
Otherwise, we randomly pick m elements from UL ,
combine them with ( K0 , p( K0 )) , and reconstruct the
original polynomial p by Lagrange interpolation. Then,
the key can be retrieved by concatenating the coefficients
of p .
C. Quantization Parameters
Although it is feasible to compare template and query
features ( r , , ) in the real domain, they are often quantized
before applying the fuzzy vault scheme. This is because the
computations involved in the encoding and decoding stages are
usually performed in a finite field such as GF (2l ) [20, 23, 27,
40, 41] as the cryptographic key must be an integer. In addition,
proper quantization can significantly reduce data storage
without sacrificing too much performance. In our method, we
perform fine quantization Quant using a floor function, i.e.,
Quant (a) a . Obviously, Quant ( ), Quant ( ) {0,1,..,359}
and Quant (r ) {0,1,..,633} considering that the distance
between any two minutiae in a 560*290 fingerprint image is at
most equal to the lengths of its diagonal lines. Therefore, the
lengths of Trij , Tij and Tij are assigned 10, 9 and 9,
respectively, and l 28 . Intuitively, using this fine
quantization, the information about the original features is
retained to a large extent as only the decimal parts of the
features are removed. In this case, the quantization itself will
not significantly affect the matching performance.
(Experiments results obtained in Section V can also prove this).
D. Selection of Genuine and Chaff Minutiae
The well-separated genuine and chaff minutiae play an
important role in our construction. Setting d 2d 2w , we
ensure that, for each vklQ , there is at most one qualified/matched
element in Vaulti (see Theorem 1). Many fuzzy vault
implementations [20, 23, 27, 40] choose chaff points that are
separated by a minimum distance d from any genuine point
and previously added chaff point, where d is the distance
inside which a query feature and vault point are considered
matched during verification. This design requires more
decoding time because a query feature is likely to match
multiple points in a vault, which increases the number of
candidate subsets for Lagrange interpolation (see B.3.b); for
example, let V {vi }30
i 1 be a query P-P minutiae structure. In
the methods of [20, 23, 27, 40], if we suppose that, on average,
each vi finds two matches in the vault, the number of candidate
60
subsets for Lagrange interpolation is . In our case,
n
30
however, the number is up to as each vi can find at most
n
one match. That is to say, the number of interpolation attempts
30 60
required to recover the key is reduced to 1 2n .
n n
In addition, the same selection criteria for both the genuine and
chaff minutiae can prevent an attacker from distinguishing
between them by exploiting different distance settings.
Theorem 1: Given two P-P structures Vi {vij }Nj 1, j i (with
center at M i ) and Vk {vkl }lM1,l k (with center at M k ), if the
minimum distance between any two minutiae M1 ( x1 , y1 ,1 )
and M 2 ( x2 , y2 ,2 ) (defined in A.1) in each P-P structure
satisfies D(M1 , M 2 ) 2d 2w ( w 0 ), then for each
vij Vi , there is at most one P-P coordinate vector vkl Vk
that meets the conditions
and ij kl .
rij 2 rkl 2 2rij rkl cos(ij kl ) d
Proof: if for a P-P coordinate vector vij Vi , there are two
vectors vkl1 , vkl2 Vk that meet the above conditions, i.e.,
rij 2 rkl1 2 2rij rkl1 cos(ij kl1 ) d
,
ij kl
,
rij 2 rkl2 2 2rij rkl2 cos(ij kl2 ) d and ij kl2 , then
1
after aligning Vi with Vk (based on their centers M i and
M k ), for the minutia M j , two minutiae M l1 and M l2 satisfy
that M j M l1 , M j M l2 d and j l1 , j l2 . As a
result, we can deduce that
D(M l1 , M l2 ) ( xl1 xl2 )2 ( yl1 yl2 )2 w(l1 ,l2 )
M l1 M l2 w min l1 l2 ,360 l1 l2
M l1 M l2 w l1 l2
Fig. 5. Sampling points in a minutiae descriptor [42].
M j M l1 M j M l2 w j l1 j l2
2d 2w ,
which contradicts the assumption D(M l1 , M l2 ) 2d 2w .
E. Security Enhancement
Although the use of the P-P minutiae structure can improve
recognition performance because of its high discriminative
power, there is a security flaw in the above construction.
Specifically, if a genuine P-P coordinate vector
vij (rij , ij ,ij ) occurs in the ith vault, there will be a
corresponding vector v ji (rji , ji , ji ) in the jth vault. As
rij rji and ij ji 360 , this relationship will help an
attacker distinguish genuine from chaff features. To address
this issue, we transform each P-P minutiae structure before
feeding it into the fuzzy vault construction using the methods in
[10, 41]. The transformation amount for each minutia is
computed using two designed changing functions, which take a
pre-set seed and an invariant value extracted from this minutia
as input.
1) Extraction of Invariant Value
The Minutiae descriptor sample structure [42] is used to
compute the invariant value. Given a minutia M and its
orientation , its descriptor is composed of L concentric
circles of radius rl ,(1 l L) , each of which comprises K l
sampling points pk ,l ,(1 k Kl ) , equally distributed along its
circumference (Figure 5). We adopt the same parameter
settings as [41, 42], that is, the minutiae descriptor of each
minutia is composed of 4 concentric circles, the radii of which
are 27, 45, 63 and 81 pixels and the samples points on which 10,
16, 22 and 28, respectively. In this case, a 76-dimension
translation- and rotation- invariant feature vector of the ith
minutia M i can be computed as
Fi [d (i ,1 ), d (i ,2 ),..., d (i ,76 )]
TABLE I
EXPERIMENTAL PARAMETERS FOR PROPOSED SYSTEM.
Parameter
Value setting
0.2
Weight assigned to orientation attribute, w
Minimum distance between selected
27
minutiae, d
9
Joint threshold for r and , d
Mi
j
ri
j
ij
ACFpar (mi )
i
rij
i j
Mj
ij
Threshold for minutiae orientation,
DCFpar (mi ) M T
i
Degree of encoding polynomial pi , n 1
20
6-14
Degree of encoding polynomial p , m
1-4
300
5, 10
Number of chaff minutiae, R
Control parameters for distance, ,
j ,
j ,
j ,
if / 2 i j / 2
if / 2 i j 3 / 2
random number generator with par as the seed. Finally, an
invariant value corresponding to M i is computed using an
Fi 1 , in which A denotes
the vector norm of A and mi [0, 2] .
2) Changing Functions
The design of the changing functions is the same as that in
[10]. Firstly, two random number sequences X and Y are
created using par as the seed. Secondly, the control points of
the distance change function DCF and angle change function
ACF are generated by summing the outputs of X and Y ,
respectively, as
a
i 0
ACFpar (aT ) y0 yT ... y( a 1)T yaT yiT
a
,
(8)
i 0
where a is an integer, and xi [ , ] [ , ] and
yi [ , ] [, ] the outputs of X and Y , respectively (
and are pixels, and and are degrees). Finally, using
linear interpolation, the values of DCFpar ( p) and ACFpar ( p)
between (k 1)T and kT are obtained as
p (k 1)T
kT p
DCFpar (kT )
DCFpar ((k 1)T )
T
T
p (k 1)T
kT p
ACFpar ( p)
ACFpar (kT )
ACFpar ((k 1)T ) (9)
T
T
( k 1)T p kT
DCFpar p
0.2
yi yi DCFpar (mi ) sin i
i i ACFpar (mi )
, (7)
where i [0, 2 ) is the orientation of M i and j [0, ) the
ridge direction estimated at the jth sample point. Subsequently,
a random 76-dimension vector U par is generated using a
DCFpar aT x0 xT ... x( a 1)T xaT xiT
Interval size, T
we transform its reference minutia M i ( xi , yi ,i ) as
xi xi DCFpar (mi ) cos i
if i j / 2
j 2 , if 3 / 2 i j 2
inner product as mi U par
15, 20
3) Transformation
For each P-P minutiae structure Vi {vij (rij , ij ,ij )}Nj 1, j i ,
Fig. 6. The P-P minutiae structure after transformation
i
i
d (i , j )
i
i
Control parameters for angle, ,
(10)
M i ( xi , yi , i )
and then generate a new P-P structure with M i as the reference
minutia, denoted by Vi {vij (rij , ij ,ij )}Nj 1, j i . Figure 6
shows a P-P minutiae structure with one P-P coordinate vector
(solid line) and its new structure after transformation (broken
lines). Instead of Vi , the new P-P structure Vi is fed into the
fuzzy vault construction for encoding (A.4) and decoding (B.3),
with the subsequent procedure the same.
As the transformation amounts for P-P minutiae structures
vary with the invariant values extracted from their reference
minutiae, the correspondence between vij and v ji no longer
exists between vi j and v j i . That is to say, an attacker cannot
distinguish genuine from chaff features in the deformation
domain by correlating the P-P coordinator vectors. Admittedly,
if the attacker knowns the transformation amount for each
minutia, he can inverse the transformation and then perform the
correlating attack. However, even if the changing functions and
par are revealed, the transformation amount for each minutia
cannot be computed without the information about the invariant
value, which is extracted from input images and no longer
stored in the system after performing the transformation
process.
V.
EXPERIMENTAL RESULTS
A. Experimental Databases and Parameter Setting
We conduct experiments on a wide variety of public
fingerprint databases, FVC 2000 (DB1), FVC 2002 (DB1,
DB2, DB3, DB4), FVC 2004 (DB2) and FVC 2006 (DB2,
DB3). The first three (FVC 2000, FVC 2002 and FVC 2004)
contain 800Gy-level fingerprint images collected from 100
fingers with 8 samples of each while FVC 2006 contains
fingerprint images from 140 fingers with 12 samples of each.
The parameters used in our experiment are listed in Table I.
0.45
FVC2002DB1(quantized)
FVC2002DB1(unquantized)
FVC2002DB2(quantized)
FVC2002DB2(unquantized)
FVC2002DB3(quantized)
FVC2002DB3(unquantized)
0.4
0.35
0.3
FRR
0.25
0.2
0.15
0.1
0.05
0 -6
10
10
-5
10
-4
-3
10
FAR
10
-2
10
-1
10
Fig. 7. Comparison of performances of raw matching algorithms with
and without quantization before applying the fuzzy vault.
B. Performance Evaluation
Three performance indices are used for performance
evaluation: (1) the FAR, the probability of an imposter being
accepted as a legitimate user; (2) the FRR, the probability of a
legitimate user being rejected as an imposter; and (3) the equal
error rate (EER), the error rate when the FAR and FRR are
equal. Similar to [35, 36, 43], we also use two different
protocols (the 1vs1 and standard FVC) to evaluate the
recognition performance of the proposed system (“proposed
system” or “our system” throughout this paper always involves
the implementation of the security enhancement step unless
stated otherwise).
In the 1vs1 protocol, the first image of each finger is
compared with the second image of the same finger to compute
the FRR and then compared with the first images of the
remaining fingers to compute the FAR. To avoid a duplicate
comparison, if image 1, as the template, has been compared
with image 2, when image 2 is chosen as the template, it is not
compared with image 1 again. Therefore, for FVC 2000, FVC
2002 and FVC 2004, this results in 100 genuine and
(1+99)*99/2=4950 imposter matching attempts, while for FVC
2006, 140 genuine and (1+139)*139/2=9730 imposter ones.
In the standard FVC protocol, each image of each finger is
compared with the remaining (7/11) images of the same finger
to calculate the FRR, and the first image of each finger is
compared with the first images of the remaining fingers to
computer the FAR. We also remove any duplication
comparison in this protocol. Therefore, for FVC 2000, FVC
2002 and FVC 2004, there are ((0+7)*8/2)*100=2800 genuine
and (1+99)*99/2=4950 imposter matching attempts, while for
FVC2006,
((0+11)*12/2)
*140=9240
genuine
and
(1+139)*139/2=9730 imposter ones.
For different purposes, our experiments are divided into two
groups. The first group of experiments is to demonstrate how
much the fine quantization affects the performance of our raw
matching algorithm before applying the fuzzy vault, and it is
conducted
on
FVC2002DB1,
FVC2002DB2
and
FVC2002DB3 using the standard FVC protocol. Figure 7
shows that the performance differences between the matching
algorithms with and without quantization is negligible on the
experimental databases (Note that the matching algorithms
evaluated in this group of experiments do not consider the
implementation of the security enhancement step as we only
care about performance here).
In terms of the second group of experiments, we evaluate the
proposed system using the 1VS1 protocol and standard FVC
protocols, respectively. To ensure fair performance evaluation,
the preset seed par is assumed to be publicly known, i.e., both
genuine and imposter samples use the same transformation
seed in our experiments.
Using the 1VS1 protocol, the proposed system performs best
on database FVC 2002 DB2 (FRR=FAR=0). However, its
performance drops substantially on databases FVC2004 DB2
(FRR=24%, FAR=0.06) and FVC2006 DB3 (FRR= 30.91%,
FAR=0.1%). The reasons for this are manifold; for example,
the fingerprint images in FVC2006 DB3 have many missing or
spurious minutiae, which could definitely negatively affect
recognition accuracy because the propose method is
minutiae-based. In particular, as the first image of the 24th
finger has only one minutia, we would not even build up a P-P
minutiae structure for it. Regarding FVC2004 DB2, fingerprint
providers are requested to exaggerate skin distortions during
the acquisition process, which leads to significant distortions in
the first two images [44].
The proposed system performs best on FVC2006 DB2
(FRR=5.78%, FAR=0) using the standard FVC protocol. The
main reason the performance is better than its counterpart using
the 1VS1 protocol is the significant increase of genuine
matching attempts, from 140 to 9240. In this case, few
unsuccessful genuine attempts will not result in a high FRR
when divided by a large number (9240). However, the
performances on FVC2002 DB1 (FRR=11.11%, FAR=0.1%)
and DB2 (FRR=8.07%, FAR=0.06%) using the standard FVC
protocol are poorer than those using the 1VS1 protocol. This is
because the 1VS1 protocol uses only the first and second
images, which are acquired in the same session and have fewer
variations and distortions than the other 6 used in the standard
FVC protocol. Figure 8 and Figure 9 show the ROC curves of
the proposed system for the best EER performance (by
adjusting m ) when the 1VS1 and standard FVC protocols are
adopted, respectively.
To further verify the strength of the proposed system, we
compare it with other fingerprint cryptosystems, including the
Voronoi neighbor structure-based [35], five-nearest
neighbor-based [34 ,45], and two fuzzy vault-based ones which
require alignment [23, 24], in terms of FRR, FAR and EER.
Although it is unfair to compare the proposed system with the
two nearest-neighbor structure-based [27] and Delaunay
quadrangle-based [36] fingerprint cryptosystems, the reported
performances of which are not achievable in practice (see
Section I), they are still listed for reference. In Table II and
Table III, we can see that, regardless of the protocol adopted,
our system performs better than [23, 24, 27, 34, 35] on the same
0.5
0.5
1VS1 protocol on FVC2000DB1
1VS1 protocol on FVC2002DB1
1VS1 protocol on FVC2002DB2
1VS1 protocol on FVC2002DB3
1VS1 protocol on FVC2002DB4
1VS1 protocol on FVC2004DB2
1VS1 protocol on FVC2006DB2
1VS1 protocol on FVC2006DB3
0.45
0.4
0.35
0.4
0.35
0.3
FRR
0.3
FRR
FVC protocol on FVC2000DB1
FVC protocol on FVC2002DB1
FVC protocol on FVC2002DB2
FVC protocol on FVC2002DB3
FVC protocol on FVC2002DB4
FVC protocol on FVC2004DB2
FVC protocol on FVC2006DB2
FVC protocol on FVC2006DB3
0.45
0.25
0.25
0.2
0.2
0.15
0.15
0.1
0.1
0.05
0.05
0 -6
10
10
-5
10
-4
-3
10
FAR
10
-2
10
-1
0
10
Fig. 8. ROC curves of proposed system using 1VS1 protocol for best EER
performance
0 -6
10
10
-5
10
-4
-3
10
FAR
10
-2
10
-1
0
10
Fig. 9. ROC curves of proposed system using standard FVC protocol for
best EER Performance.
TABLE II
COMPARISON OF PERFORMANCES OF PROPOSED AND OTHER FINGERPRINT CRYPTOSYSTEMS USING 1VS1 PROTOCOL (VALUES IN PERCENTAGES).
Method
2000DB1
(FRR/FAR)
EER
2002DB1
(FRR/FAR)
EER
2002DB2
(FRR/FAR)
EER
2002DB3
(FRR/FAR)
EER
2002DB4
(FRR/FAR)
EER
2004DB2
(FRR/FAR)
EER
Nagar et al. [24]
(40/0.44)
13.11
-
(8/0.59)
3.38
(4/0)
-
(7/0)
(14/0)
(3/0)
(6/0.02)
0.59
(2/0)
1.02
(28/0.3)
9.80
8.63
(49/0.42)
16.52
-
(9/0.18)
4.77
(16/0.26)
10.05
Nandakumar et al. [23]
Li et al. [27]
Yang et al. [35]
Yang et al. [36]
Liu et al. [45]
without alignment
Proposed system
2006DB3
(FRR/FAR)
EER
(41/0.22)
14.88
(24.72/0.1)
-
2006DB2
(FRR/FA
R)
EER
4.83
(24/0.06)
14.10
(16.43/0)
2.74
(30.91/0.1)
12.79
(28.67/0.1)
-
(2/0)
(10/0.28)
5.28
(2/0)
0.83
(0/0)
0
TABLE III
COMPARISON OF PERFORMANCES OF PROPOSED AND OTHER FINGERPRINT CRYPTOSYSTEMS USING STANDARD FVC PROTOCOL (VALUES IN PERCENTAGES).
Method
2000DB1
(FRR/FAR)
EER
2002DB1
(FRR/FAR)
EER
2002DB2
(FRR/FAR)
EER
2002DB3
(FRR/FAR)
EER
2002DB4
(FRR/FAR)
EER
2004DB2
(FRR/FAR)
EER
Arakala et al. [34]
15
(36.79/0.55)
14.30
-
(35.79/0.2)
11.84
4.5
(22.79/0)
(26.79/0.16)
10.38
5.99
(8.89/0)
(43/0.38)
16.52
(21.84/0.1)
-
(49.71/0.42)
15.63
-
(12.71/0.28)
7.32
(16.61/0)
5
(11.50/0)
3.37
(21.39/0.06)
9.89
(17.04/0.24)
8.59
Yang et al. [35]
Yang et al. [36]
Liu et al. [45]
without alignment
Proposed system
database. In comparison with [36], it shows better recognition
accuracy on all the experimental databases except 2006DB3
when the 1VS1 protocol is used (28.67/0.1 VS 30.91/0.1). In
the case of [45], our system performs better than it on 2002DB2
2006DB3
(FRR/FAR)
EER
(57.57/0.34)
20.61
(26.13/0.1)
-
2006DB2
(FRR/FA
R)
EER
3.07
(24.82/0.08)
11.13
(5.78/0)
1.59
(21.63/0.1)
8.59
21.76/0.1
-
and 2002DB1 when the 1VS1 and FVC protocols are adopted,
respectively, but results in a few more false rejections on
2002DB2 (11.50 VS 8.89) using the FVC protocol when
FAR=0.
100
SECURITY ANALYSIS
obtains the sketch data, as he can recover K i by decoding
Vaulti , the security of K i depends on the strength of the vault.
The degrees of security provided by the fuzzy vault
construction has been well studied in [13, 14, 46, 47]. Here, we
consider only the most widely-used method of security
analysis, the brute force attack [23], in which an attacker tries to
decode K i using all combinations of n points in Vaulti .
Because the total number of all possible combinations is
S T R 1
S T 1
ones will successfully decode
, of which
n
n
K i , the probability of a specific combination decoding K i can
S T 1 S T R 1
be computed by P
. If we assume that
n
n
S T 30 and R 300 (the number of the chaff minutiae is ten
29 329
times that of the genuine minutiae), then P
,
n n
329 29
which is comparable to log 2 P log
-bit
n n
security. Note that the security bit is complexity rather than
entropy-based because most fingerprint-based fuzzy vault
constructions have no entropy security [48]. Based on this
equation, in Figures 10 and 11, we plot the GAR-security
curves [36, 49] of the proposed system using the 1VS1 protocol
and standard FVC protocols, respectively.
B. Cross-matching Attack and Revocability
A well-known issue regarding the fuzzy vault is that it is
vulnerable to the cross-matching attack [50, 51]. If the attacker
has access to multiple vaults generated from the same biometric
data, he can easily identify the genuine features by correlating
the elements in them. This issue, however, can be addressed in
the proposed system by setting a distinct seed for the random
number generators in each application. In this way, the same
biometric data is transformed to different features encoded in
the fuzzy vault and the correlation destroyed. Once a vault is
compromised, a new vault can be created from the same
fingerprint data by replacing the two changing functions.
Therefore, the revocability of the proposed system depends on
the number of different changing functions that can be created,
which, according to the theoretical analysis in [10], can be
calculated as CFn {4( 1)( 1)}W /T , where W
denotes the range of the invariant values in a fingerprint. Figure
12 shows the number of different changing functions when
90
80
70
GAR(%)
A. Brute Force Attack
The security of the proposed system relies on the security of the
sub-key K i as m sub-keys are able to recover K . Now, we
consider two common cases. In one in which an attacker has no
information about the distribution of fingerprint features and
the sketch data is stored in a completely secure database or
server, he has to guess K i by traversing all the possibilities.
Therefore, the security of the system is equal to the length of
K i , which is 28n bits . In the other in which an attacker
60
50
40
30
20
10
15
1VS1 protocol on FVC2000DB1
1VS1 protocol on FVC2002DB1
1VS1 protocol on FVC2002DB2
1VS1 protocol on FVC2002DB3
1VS1 protocol on FVC2002DB4
1VS1 protocol on FVC2004DB2
1VS1 protocol on FVC2006DB2
1VS1 protocol on FVC2006DB3
20
25
30
35
40
Security(bits)
45
50
55
60
Fig. 10. GAR vs number of security bits using 1VS1 protocol.
100
90
80
70
GAR(%)
VI.
60
50
40
30
20
10
15
FVC protocol on FVC2000DB1
FVC protocol on FVC2002DB1
FVC protocol on FVC2002DB2
FVC protocol on FVC2002DB3
FVC protocol on FVC2002DB4
FVC protocol on FVC2004DB2
FVC protocol on FVC2006DB2
FVC protocol on FVC2006DB3
20
25
30
35
40
Security(bits)
45
50
55
60
Fig. 11. GAR vs number of security bits using standard FVC protocol.
5 , 5 and T 0.2 , which are used in our
experiments.
VII.
CONCLUSION AND FUTURE WORK
Although alignment-free fingerprint cryptosystems provide a
promising solution for template/key protection without
registration, the recognition accuracy of previous work is
insufficiently satisfying due to poor discriminative power of the
features used as well as improper handling of nonlinear
distortions in the quantized/encrypted domain. To address this
issue, an alignment-free fuzzy vault using pair-polar (P-P)
minutiae structures is proposed in this paper. Our system
improves recognition accuracy in two respects. Firstly, the P-P
minutiae structure is more discriminative than other local
minutiae structures, such as the five-nearest neighbor, Voronoi
neighbor, and triangle structures. Secondly, compared with the
trivial or coarse quantization used in other work, the fine
11
10
10
10
9
10
8
10
7
CFn
10
6
10
5
10
4
10
3
10
2
10
0.2
0.3
0.4
0.5
0.6
W
0.7
0.8
0.9
1
Fig. 12. Numbers of changing functions
quantization used in our system can retain more information
about a fingerprint template to a greater extent and enable the
direct use of a well-established minutiae matcher, which is
specially designed to deal with intra-class variations. In terms
of security, the proposed system combines the advantages of
cancelable biometrics as well as biocryptography. Firstly,
transforming P-P minutiae structures before encoding destroys
the correlations between them and also provides
privacy-enhancing features, such as revocability and protection
against cross-matching attacks. Secondly, adding enormous
numbers of chaff points in the vault provides extra protection
for transformed genuine features, which increases the
complexity of deriving the original template from the
transformed one. The experimental results on a wide selection
of publicly available databases show that the proposed system
outperforms other similar systems while providing strong
security.
So far, analyzing the difficulty of conducting a brute force
attack is most widely used in examining the strength of the
fuzzy vault scheme in terms of template protection because it is
simple and intuitive. However, a logically rigorous and
thorough security analysis that contains a formal proof is
undoubtedly more convincing, and this will be an interesting
and challenging work that deserves our collective efforts in the
future.
ACKNOWLEDGEMENT
This work is partially supported by Australian Research
Council (ARC) Linkage Project LP120100595 and
LP100200538.
REFERENCES
[1] W. Zhong, X. Ning, and C. Wei, “A fingerprint matching algorithm based
on relative topological relationship among minutiae,” in Proc. ICNNSP, 2008,
pp. 225-228.
[2] W. Zhang, and Y. Wang, “Core-based structure matching algorithm of
fingerprint verification,” in Proc. 16th ICPR, 2002, pp. 70-74.
[3] K. Xi, and J. Hu, “Dual Layer Structure Check (DLSC) fingerprint
verification scheme designed for biometric mobile template protection,” in
Proc. 4th ICIEA, 2009, pp. 630-635.
[4] X. Jiang, and W. Y. Yau, “Fingerprint minutiae matching based on the local
and global structures,” in Proc. 15th ICPR, 2000, pp. 1038-1041.
[5] N. K. Ratha, V. D. Pandit, R. M. Bolle, and V. Vaish, “Robust Fingerprint
Authentication Using Local Structural Similarity,” in Proc. IEEE WACV,
2000, pp. 29-34.
[6] X. Chen, J. Tian, J. Yang, and Y. Zhang, “An Algorithm for Distorted
Fingerprint Matching Based on Local Triangle Feature Set,” IEEE Transaction
on Information Forensics & Security, vol. 1, no. 2, pp. 169-177, 2006.
[7] S. Wang, and J. Hu, “Alignment-Free Cancelable Fingerprint Template
Design: A Densely Infinite-to-One Mapping (DITOM) Approach,” Pattern
Recognition, vol. 45, no. 12, pp.4129-4137, 2012.
[8] T. Ahmad, J. Hu, and S. Wang, “Pair-polar coordinate based cancelable
fingerprint templates,” Pattern Recognition, vol. 44, no. 10-11, pp. 2555-2564,
2011.
[9] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, “Generating
Cancelable Fingerprint Templates,” IEEE Transactions on Pattern Analysis
and Machine Intelligence, vol. 29, no. 4, pp. 561-572, 2007.
[10] C. Lee, J. Y. Choi, K. A. Toh, S. Lee, and J. Kim. “Alignment-Free
Cancelable Fingerprint Templates Based on Local Minutiae Information,”
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, vol.
37, no. 4, pp. 980-992, 2007.
[11] U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, “Biometric
Cryptosystems: Issues and Challenges,” in Proc. IEEE, vol. 92, no. 6, pp.
948-960, 2004.
[12] A. Juels, and M. Wattenbeg, “A Fuzzy Commitment Scheme,” in Proc. 6th
ACM CCS, 1999, pp. 28-36.
[13] A. Jules, and M. Sudan, “A Fuzzy Vault Scheme,” Designs, Codes and
Cryptography, vol.38, no. 2, pp. 237-257, 2006.
[14] Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy extractors: How
to generate strong keys from biometrics and other noisy data,” in Proc.
International Conference on the Theory and Applications of Cryptographic
Techniques. 2004, pp. 523-540.
[15] C. Chen, R. N. J. Veldhuis, T. A. M. Kevenaar, and A. H. M. Akkermans,
“Multi-Bits Biometric String Generation based on the Likelihood Ratio,” in
Proc. IEEE International Conference on Biometrics: Theory, Applications, and
System, 2007, pp. 1-6.
[16] C. Chen and R. Veldhuis, “Binary Biometric Representation through
Pairwise Adaptive Phase Quantization,” EURASIP Journal on Information
Security, vol. 2011, no. 1, Article ID 543106, 2011.
[17] E. Maiorana, P. Campisi, and A. Neri, “IRIS template protection using a
digital modulation paradigm,”, in Proc. IEEE International Conference on
Acoustic, Speech and Signal Processing, 2014, pp. 3759-3763.
[18] E. Maiorana , P. Campisi, and A. Neri "User adaptive fuzzy commitment
for signature templates protection and renewability", SPIE J. Electron. Imag.,
vol. 17, no. 1, pp. 1 -12, 2008
[19] V. Krivokuća, W. Abdulla, and A. Swain, “A Dissection of Fingerprint
Fuzzy Vault Schemes,” in Proc. 27th Conference on Image and Vision
Computing, 2012, pp. 256–261.
[20] T. Clancy, D. Lin, and N. Kiyavash, “Secure smartcard-based fingerprint
authentication,” in Proc. ACM SIGMM Workshop on Biometric Methods and
Applications, Berkley, CA, Nov. 2003, pp. 45–52.
[21] U. Uludag, S. Pankanti, and A. K. Jain, “Fuzzy vault for fingerprints,” in
Proc. Audio- and Video-Based Biometric Person Authentication, Rye Town,
NY, Jul. 2005, pp. 310–319.
[22] S. Yang, and I. Verbauwhede, “Automatic Secure Fingerprint Verification
System Based on Fuzzy Vault Scheme,” in Proc. of IEEE ICASSP, 2005, pp.
609-612.
[23] K. Nandakumar, A. K. Jain, and S. Pankanti, “Fingerprint-based Fuzzy
Vault: Implementation and Performance,” IEEE Transaction on Information
Forensics & Security, vol. 2, no. 4, pp. 744-757, 2007.
[24] A. Nagar, K. Nandakumar, and A. K. Jain, “Securing Fingerprint Template:
Fuzzy Vault with Minutiae Descriptors,” in Proc. 19th ICPR, 2008, pp. 1-4.
[25] Y. Wang, J. Hu, and D. Philip, “A fingerprint orientation model based on
2D Fourier Expansion (FOMFE) and its application to singular-point detection
and fingerprint Indexing,” IEEE Transactions on Pattern Analysis and
Machine Intelligence, vol. 29, no. 4, pp.573-585, 2007.
[26] P. Zhang, J. Hu, C. Li, M. Bennamoun, and V. Bhagavatula, “A Pitfall in
Fingerprint Bio-cryptographic Key Generation,” Computers & Security, vol. 30,
no. 5, pp. 311-319, 2011.
[27] P. Li, X. Yang, K. Cao, X. Tao, R. Wang, and J. Tian, “An alignment-free
fingerprint cryptosystem based on fuzzy vault scheme,” Journal of Network
and Computer Applications, vol. 33, no. 3, pp. 207-220, 2010.
[28] A. K. Hrechak, and J. A. Mchugh, “Automated Fingerprint Recognition
Using Structural Matching,” Pattern Recognition, vol. 23, no. 8, pp. 839-904,
1990.
[29] Z. Chen, and C. H. Kuo, “A Topology-Based Matching Algorithm for
Fingerprint Authentication,” in Proc. 25th Annual IEEE ICCST, 1991, pp.
84-87.
[30] X. Chen, J. Tian, and X. Yang, “A Novel Algorithm for Distorted
Fingerprint Matching Based on Fuzzy Features Match,” in Proc. AVBPA, 2005,
pp. 665-673.
[31] D. P. Mital, and E. K. Teoh, “An Automated Matching Technique for
Fingerprint Identification,” in Proc. 22nd IEEE International Conference on
Industrial Electronics, Control and Instrumentation, 1996, pp. 806-811.
[32] K. D. Yu, S. Na, and T.Y. Choi, “A Fingerprint Matching Algorithm Based
on Radial Structure and a Structure-Rewarding Scoring Strategy,” in Proc.
AVBPA, 2005, pp. 656-664.
[33] J. Jeffers, and A. Arakala, “Minutiae-Based Structures for a Fuzzy Vault,”
in Proc. Biometric Consortium Conference, 2006, pp. 1-6.
[34] A. Arakala, J. Jeffers, and K. Horadam, “Fuzzy Extractors for
Minutiae-Based Fingerprint Authentication,” in Proc. International
Conference on Advances in Biometrics, 2007, pp. 760-769.
[35] W. Yang, J. Hu, S. Wang, and M. Stojmenovic, “An alignment-free
fingerprint bio-cryptosystem based on modified Voronoi neighbor structures,”
Pattern Recognition, vol. 47, no. 3, pp. 1309-1320, 2013.
[36] W. Yang, J. Hu, and S. Wang, “A Delaunay Quadrangle-Based Fingerprint
Authentication System with Template Protection Using Topology Code for
Local Registration and Security Enhancement,” IEEE Transactions on
Information Forensics & Security, vol. 9, no. 7, pp. 1179-1192, 2014.
[37] Q. Li, Y. Sutcu, and N. Memon, “Secure Sketch for Biometric
Templates,” in Proc. 12th International Conference on Theory and Application
of Cryptology and Information Security, 2006, pp. 99 -113.
[38] A. K. Jain, A. A. Ross, and K. Nandakumar, “Introduction to Biometrics,”
Springer, 2011.
[39] S. VeriFinger, Neuro Technology, 2010.
[40] D. Moon, S. Lee, S. Jung, Y. Chung, M. Park, and O. Yi, “Fingerprint
Template Protection Using Fuzzy Vault,” in Lect Notes Comput Sc, ICCAS,
2007, pp. 1141-1151.
[41] P. Li, X. Yang, K. Cao, P. Shi, and J. Tan, “Security-Enhanced Fuzzy
Fingerprint Vault Based on Minutiae’s Local Ridge Information,” in Pro. 3rd
International Conference of Biometrics, 2009, pp. 930-939.
[42] M. Tico, and P. Kuosmanen, “Fingerprint Matching Using an
Orientation-Based Minutia Descriptor,” IEEE Transactions on Pattern
Analysis and Machine Intelligence, vol. 25, no. 8, pp. 1009-1014, 2003.
[43] M. Ferrara, D. Maltoni, and R. Cappelli, “Noninvertible Minutia
Cylinder-Code Representation,” IEEE Transactions on Information Forensics
& Security, vol. 7, no. 6, pp. 1727-1737, 2012.
[44] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K. Jain,
“FVC2004: Third fingerprint verification competition,” in Biometric
Authentication, New York, NY, USA: Springer-Verlag, 2004, pp. 1–7.
[45] E. Liu, H. Zhao, J. Liang, L. Pang, M. Xie, H. Chen, Y. Li, P. Li and J.
Tian, “A key binding system based on n-nearest minutiae structure of
fingerprint,” Pattern Recognition Letters, vol. 32, no. 5, pp. 666-675.
[46] E.-C. Chang, R. Shen, and F. W. Teo, “Finding the Original Point Set
Hidden among Chaff,” in Proc. ASIACCS, 2006, pp. 182-188.
[47] X. Q. Guo and A. Q. Hu. "The automatic fuzzy fingerprint vault based on
geometric hashing: Vulnerability analysis and security enhancement," in
MINES, 2009, pp. 62–67.
[48] C. Li, J. Hu, J. Pieprzyk, and W. Susilo, “A New
Bio-cryptosystem-oriented Security Analysis Framework and Implementation
of Multibiometric Cryptosystems Based on Decision Level Fusion,” IEEE
Transactions on Information Forensics Security, in Press, 2015.
[49] A. Nagar, K. Nandakumar, and A. K. Jain, “Multibiometric cryptosystems
based on feature-level fusion,” IEEE Transactions on Information Forensics
Security, vol. 7, no. 1, pp. 255–268, 2012.
[50] T. E. Boult, W. J. Scheirer, and R. Woodworth, “Fingerprint Revocable
Biotokens: Accuracy and Security Analysis,” in Proc. IEEE Conference on
CVPR, 2007, pp.1-8.
[51] W. J. Scheirer, and T. E. Boult, “Cracking Fuzzy Vaults and Biometric
Encryption,” in Proc. IEEE Biometrics Symposium, 2007, pp. 1-6.
Cai Li received his B.S. degree from Nanjing
University of Aeronautics and Astronautics, China
in 2007 and his master degree of Information
Technology from the University of Melbourne in
2009. Now he is currently working toward the PhD
degree in the School of Engineering and Information
Technology, University of New South Wales at
Canberra (UNSW@Canberra), Australia. He is an
IEEE Member. His research interests are biometric
pattern recognition and biometric security.
Jiankun Hu is Full Professor and Research Director
of Cyber Security Lab, School of Engineering and
IT, University of New South Wales at the
Australian
Defence
Force
Academy
(UNSW@ADFA), Canberra, Australia. He has
obtained his BE from Hunan University, China in
1983; PhD in Control Engineering from Harbin
Institute of Technology, China in 1993 and Masters
by Research in Computer Science and Software
Engineering from Monash University, Australia in
2000. He has worked in Ruhr University Germany
on the prestigious German Alexander von
Humboldt Fellowship 1995-1996; research fellow in Delft University of the
Netherlands 1997-1998, and research fellow in Melbourne University,
Australia 1998-1999.
Jiankun’s main research interest is in the field of cyber security including
biometrics security where he has published many papers in high-quality
conferences and journals including IEEE Transactions on Pattern Analysis and
Machine Intelligence (PAMI), IEEE Transactions on Computers, IEEE
Transactions on Parallel and Distributed Systems, IEEE Transactions on
Information Forensics and Security, and IEEE Transactions on Industrial
Informatics. He has served in the editorial board of up to 7 international
journals and served as Security Symposium Chair of IEEE flagship conferences
of IEEE ICC and IEEE Globecom. He has obtained 7 ARC (Australian
Research Council) Grants and has served at the prestigious Panel of
Mathematics, Information and Computing Sciences (MIC), ARC ERA (The
Excellence in Research for Australia) Evaluation Committee.