A Security-enhanced Alignment-free Fuzzy Vault-based Fingerprint Cryptosystem Using Pair-polar Minutiae Structures Cai Li, Jiankun Hu  Abstract— Alignment-free fingerprint cryptosystems perform matching using relative information between minutiae, e.g., local minutiae structures, is promising because it can avoid the recognition errors and information leakage caused by template alignment/registration. However, as most local minutiae structures only contain relative information of a few minutiae in a local region, they are less discriminative than the global minutiae pattern. Besides, the similarity measures for trivially/coarsely quantized features in existing work cannot provide a robust way to deal with nonlinear distortions, a common form of intra-class variation. As a result, the recognition accuracy of current alignment-free fingerprint cryptosystems is unsatisfying. In this paper, we propose an alignment-free fuzzy vault-based fingerprint cryptosystem using highly discriminative pair-polar (P-P) minutiae structures. The fine quantization used in our system can largely retain information about a fingerprint template and enables the direct use of a traditional, well-established minutiae matcher. In terms of template/key protection, the proposed system fuses cancelable biometrics and biocryptography. Transforming the P-P minutiae structures before encoding destroys the correlations between them, and can provide privacy-enhancing features, such as revocability and protection against cross-matching by setting distinct transformation seeds for different applications. The comparison with other minutiae-based fingerprint cryptosystems shows that the proposed system performs favorably on selected publicly available databases and has strong security. Index Terms— Fingerprint, biocryptosystem, cancelable, quantization, alignment-free, local minutiae structures, fuzzy vault, pair-polar minutiae structures. EDICS: BIO-MODA-FIN; BIO-SECP I. INTRODUCTION Fingerprint recognition is one of the most mature and popular biometric authentication techniques because of its stability, individuality and cost-effectiveness [1-3]. Methods of fingerprint recognition can be classified into two main categories: texture-based and minutiae-based. The first method extracts patterns of valleys and ridges of fingerprint images as Copyright (c) 2013 IEEE. Personal use of this material is permitted. However, permission to use this material for any other purposes must be obtained from the IEEE by sending a request to pubs-permissions@ieee.org Cai Li is with the School of Engineering and Information Technology, University of New South Wales at Canberra, Canberra, Australia. (e-mail: Cai.Li2@student.adfa.edu.au). Jiankun Hu is with the School of Engineering and Information Technology, University of New South Wales at Canberra, Canberra, Australia. (e-mail: J.Hu@adfa.edu.au). the distinctive features of an individual while the second method uses minutiae information (referred to ridge ending and ridge bifurcation) to identify and verify users. In comparison, minutiae-based matching methods are more reliable, thus being widely-studied in the past decade [1, 2, 4, 5]. The use of fingerprint techniques significantly enhances individuals’ security and privacy in banking systems, mobile transaction and so forth, but it has meanwhile brought about some new challenges. Firstly, fingerprint impressions suffer from nonlinear distortion during the acquisition process. Several factors contribute to the fingerprint distortion, including the applied pressure, the skin moisture, the elasticity of the skin [6], etc. Therefore, choosing reliable features that are robust to nonlinear distortion plays a dominant role in building a fingerprint system of high recognition accuracy. Besides, unlike traditional protection techniques (token cards and passwords) which can be reissued or reset, biometric templates are hard to be replaced because of the scarcity of biometric traits an individual possesses. What is worse, repeated use of the same biometric features in different applications aggravates the loss to the owners once they are compromised by attackers. This security concern gives rise to the development of template protection techniques [7-18]. Biocryptosystems [11-18] provide a win-win solution for both template protection as well as cryptographic key generation. In a biocryptosystem, a cryptographic key is either bound with a biometric template to encrypt each other or directly generated from the template. Meanwhile, some biometric-dependent information (referred to as helper data) is generated, which assists in recovering the key and template. A successful biocryptosystem must satisfy that it is computational infeasible to recover the key or template given the helper data only. So far, minutiae-based fingerprint cryptosystems can be divided into two categories: fingerprint cryptosystems based on the conventional matching algorithm (requiring alignment before matching), and alignment-free fingerprint cryptosystems. The conventional algorithms use the Cartesian positions and orientations of minutiae as matching features, which makes alignment a necessary procedure because impressions captured at different times or by different sensors are likely to be translated and rotated versions of each other. Generally, alignment in fingerprint cryptosystems is conducted in two ways [19]. The first approach assumes that minutiae features are pre-aligned prior to constructing any cryptosystem [20, 21]. The second is to stores some additional information about a fingerprint template in the cryptosystem to facilitate automatic alignment during the verification process [22-24]. On the one hand, pre-alignment is only acceptable in research but not practical in real-life applications because of the original template’s inaccessibility in the encrypted domain. On the other, fingerprint automatic alignment produces two new issues. Firstly, it relies greatly on the accurate detection of reference points, such as core points [25], reference minutiae [22] and high curvature points [23], which is a non-trivial task. The experimental results provided by Zhang et al. [26] showed that even the routine image rotation transformation process can cause significant deviations of singular points, not to mention the reference points becoming invisible or even nonexistent in some fingerprint images. As a result, matching based on automatic alignment may lead to a high FRR (false rejection rate). Secondly, reference points may leak some information about the original template. Li et al. [27] suggested that storing singular points can help an attacker distinguish between genuine and chaff points in a fuzzy vault, which reduces system security. To address the above issues, alignment-free fingerprint cryptosystems that perform matching using relative information between minutiae, e.g., local minutiae structures [28-32], have been widely studied in recent years. As the relationships between minutiae do not vary with rotation or translation, they are transformation-invariant features. Jeffers et al. [33] investigated the robustness of three different minutiae representations, the five-nearest neighbor, Voronoi neighbor and triangle structures, and discussed their suitability for the fuzzy vault construction. Later, they [34] implemented a practical fingerprint cryptosystem based on the PinSketch construction [14] using the five-nearest neighbor structure. Li et al. [27] proposed an alignment-free fingerprint cryptosystem based on the fuzzy vault scheme. In their method, minutiae descriptors and the two-nearest neighbor structure, both of which are invariant to transformation in the fingerprint capturing process, are incorporated by adopting three different fusion strategies. Yang et al. [35] described the relationship between two minutiae as the address of a neighbor minutia with respect to the reference one in a pre-built 3D array. The Voronoi neighbor structure of each minutia is then represented by a set of addresses in binary format which are fed into the PinSketch. Later, they [36] designed a new local minutiae structure representation called the Delaunay quadrangle which they successfully applied to the fuzzy commitment. The Delaunay quadrangle, which is formed by jointing any two Delaunay triangles that share a common side, can effectively address the change in a triangular structure arising from nonlinear distortion and provide more discriminative information than Delaunay triangles. Although the use of transformation-invariant features enables matching without alignment and eliminates recognition errors caused by unreliable alignment, the recognition accuracy of existing alignment-free fingerprint cryptosystems is insufficiently satisfying. The factors leading to poor accuracy are manifold. Firstly, compared with the global minutiae pattern that considers the global spatial relationships between all the minutiae in a fingerprint image, as the above mentioned local minutiae structures contain only relative information of a few minutiae in a local region, they are less discriminative; for example, Jeffers et al. [33] showed that the discrimination between true and false matches for the three local minutiae structures (the five-nearest neighbor, Voronoi neighbor, and triangle structures) is quite limited. To be more precise, with the thresholds given in their experiments, impressions from the same finger/different fingers tend to have approximately 75%/50% of triangles in common, with those of the Voronoi neighbor and five-nearest neighbor structures 80%/60% and 70%/30%, respectively. Although minutiae descriptors and auxiliary local features are employed in [27] and [36], respectively, to increase the discriminative power of their proposed local minutiae structures, it is worth noting that they both act as an artificial filter to reject imposters rather than encrypted features. If an attacker obtains the helper data (the vault or sketch), he can bypass this filter and directly recover the key/template. As the distinguishing capability of both the two-nearest neighbor structure and Delaunay quadrangle is relatively poor, the key/template is very likely to be retrieved with an imposter’s fingerprint. That is to say, the performances, particularly of the genuine rejection rates (GRR), reported in [27] and [36] are highly unachievable in practice. Secondly, the similarity measures for original fingerprint templates are quite different from those considered in cryptosystems [37]; for example, a typical fingerprint matching algorithm considers two fingerprints matched if more than a certain number of minutiae in one are near distinct minutiae in the other. In this case, the similarity measures in fingerprint cryptosystems have to consider both the Euclidean distance and set difference. In [33, 35, 36], trivial quantization is used to deal with the Euclidean distance, that is, the original feature domain is segmented into several non-overlapping parts while all information inside a part is assigned a specific value. Although this approach is neat and able to somewhat tolerate nonlinear distortion via the quantization operation, it may map originally similar features into different segments due to quantization boundaries. In [27] and [34], original minutiae features are coarsely quantized and then matching is performed via some sort of similarity measure. The main problem with this technique is that coarse quantization will lead to discrimination/information loss of the original features because short binary strings are insufficient to represent features from a large domain. Also, traditional and well-established similarity measures specially designed to deal with fingerprint intra-class variations cannot be applied directly to coarsely-quantized features. Considering the above issues, in this chapter, we propose a security-enhanced alignment-free fuzzy vault-based fingerprint cryptosystem using pair-polar (P-P) minutiae structures. The main contributions of this chapter are as follows. 1) Compared with other local minutiae structures that contain only relative information of a few minutiae in a local region, as the P-P minutiae structure used in the proposed system describes the relationships between a reference minutia and all the others in a fingerprint within its polar coordinate space, it is more discriminative (experimentally proven). 2) A well-established minutiae matcher in global minutiae matching algorithms is seamlessly transformed into a transformation-invariant feature-applicable version and information about the original features is largely retained using a fine quantization, which only removes the decimal parts of the features. Unlike many fuzzy vault constructions that choose chaff points separated by a minimum distance d from any genuine point and previously added chaff point, where d is the distance inside which a query feature and vault point are considered matched during verification, the proposed vault selects both genuine and chaff features greater than 2d away from each other. As this design removes the probability that a query feature matches multiple points in the vault, decoding time is significantly reduced. 4) For security enhancement, each P-P minutiae structure is transformed before being encoded into the fuzzy vault. The transformation functions take a pre-set seed and an invariant value extracted from each reference minutia as parameters. This approach fully combines the advantages of both cancelable biometrics and biocryptography. Firstly, transforming the P-P minutiae structures before encoding destroys the correlations between them and can provide privacy-enhancing features, such as revocability and protection against cross-matching attacks, by setting distinct seeds for different applications. Secondly, the transformed genuine features are blurred by a greater number of chaff points, which further increases the difficulty of deriving the original features from the transformed ones. The rest of this paper is organized as follows. The P-P minutiae structures are introduced in Section II, including structure generation and the minutiae matcher used in our system. In Section III, We experimentally explore the discrimination ability of the P-P minutiae structures. The proposed scheme with security-enhancement is described detailedly in Section IV. Section V and Section VI concentrate on the analysis and discussion of experimental results and security. The conclusion and future work are given in Section VII. Mj 3) II. PAIR-POLAR (P-P) MINUTIAE STRUCTURE A. Generation of Structure A fingerprint F is always represented by a set of minutiae, i.e., F  M i i 1 , M i  ( xi , yi ,i ) , where ( xi , yi ) are the N Cartesian coordinates of M i ,  i its orientation and N the number of minutiae in F . When M i is selected as a reference minutia, we denote the relative position of a minutia M j , j  i to M i by a P-P coordinate vector vij  (rij , ij ,ij ) . Here M i serves as the center of a polar coordinate space, the orientation of which acts as the 0 axis, rij is the radial distance between M i and M j , ij the counter-clockwise angle between the rij ik rik ik ij ij Mi Mk Fig. 1. Pair-polar structure of minutia M i ( N  3 ). B. Minutiae Matcher In global minutiae matching algorithms, after two fingerprints (a template and query) are aligned, their corresponding minutiae are paired. M j  ( x j , y j , j ) from the template and M j  ( x j , y j , j ) from the query are regarded as a pair of matched points if the conditions in (1) and (2) are simultaneously met [38]. ( x j  x j ) 2  ( y j  y j ) 2  d  j   j   , (1) (2) where d and  are predefined distance and angle thresholds, respectively. This minutiae matcher is widely adopted in minutiae-based fingerprint matching because it can effectively deal with the intra-class variations between different captures of the same fingerprint. At first glance, the above well-established minutiae matcher cannot be applied directly to the P-P coordinate vectors which represent relative information and do not contain Cartesian positions. However, we can seamlessly transform it into a transformation-invariant feature-applicable version as below. Let vij  (rij , ij ,ij ) (the relative position of minutia M j to M i ) and vkl  (rkl , kl ,kl ) ( the relative position of minutia M l to M k ) be two P-P coordinate vectors for comparison. After M i and M k are aligned, M j and M l in the new coordinate space can be expressed as (rij cos ij , rij sin ij ,ij ) and (rkl cos kl , rkl sin kl ,kl ) , respectively. Assuming that vij matches vkl when M j matches M l , the conditions in (1) and orientation of M i and direction of M i M j , and  ij the (2) are transformed into P-P coordinate vector-applicable conditions, i.e., vij matches vkl if they simultaneously satisfy orientation difference between M i and M j . In this case, the the conditions in (3) and (4). P-P structure of M i can be represented by Vi  {v } Figure. 1) and F by F  {Vi }iN1 [8]. N ij j 1, j  i (see (rij cos ij  rkl cos kl )2  (rij sin ij  rkl sin kl )2  rij 2  rkl 2  2rij rkl cos(ij  kl )  d ij  kl   (3) (4) TEST OF DISCRIMINATION ABILITY 90 The P-P minutiae structure describes the relationships between a reference minutia and all the other minutiae in a fingerprint within its polar coordinate space. As a fingerprint usually contains 30 to 50 minutiae, the features extracted from this structure are more discriminative than those from other local minutiae structures, such as the five-nearest neighbor, Voronoi neighbor and triangle. Also, distortions in local areas are no longer determinants of structure matching. To test the discriminative power of the P-P minutiae structure, we conduct experiments on the publicly available database FVC2002DB2. In our experiment, we compare the first image of each finger, firstly with the second image of the same finger and then with the first images of the remaining fingers to evaluate the number of structures that successfully find a match in either case. For simplicity, the thresholds d and  are fixed as d  9 and   20 . Two P-P minutiae structures are deemed matched if they have no less than n matched P-P coordinate vectors. The results obtained from the experiment are shown in Figure 2, in which we can see that, when n  3 , the percentage gap is slightly less than 60% and, when n  4,5,6 , increases to more than 70%. Obviously, the P-P minutiae structure is more discriminative than five-nearest neighbor (40%), Voronoi neighbor (20%), and triangle structures (25%). Although the probability that a specific P-P structure finds a match in a different finger sample is relatively small, it is still very likely that different samples have at least one matched P-P structure due to the large number of P-P structures (30 to 50) in a fingerprint; for example, the probability of a P-P structure from a fingerprint finding a match in a different one is about 1.5% when n  5 . Assuming that P-P minutiae structures generated from a fingerprint are mutually independent and each fingerprin contains 30 minutiae, the probability that two fingerprints captured from different fingers having at least one matched P-P structure can be calculated by P  1  0.985 ^ 30  0.3645 . To further reduce the false acceptance rate (FAR), we set another threshold m to control the number of matched P-P minutiae structures, whereby two fingerprints are regarded as matched if the number of their matched P-P minutiae structures is not less than m . In this case, the probability that a genuine fingerprint is accepted can be calculated by 30 30   (5) GAR     ( ps )i (1  ps )30 i , i m  m  and the probability that a false fingerprint is accepted by 30 30   FAR     ( pd )i (1  pd )30 i , (6) i m  m  where ps and pd denote the probability that a P-P minutiae structure finds a match in the same and different finger samples, respectively. If we set m  4 and n  5 ( ps  0.74 , pd  0.015 ), 30 30   GAR     (0.74)i (1  0.74)30 i  1 i 4  4  and 30 30   FAR     (0.015)i (1  0.015)30 i  0.001 , which offers i 4  4  high recognition accuracy. successful matches in same finger samples successful matches in different finger samples 80 percents of matched pair-polar minutiae structures III. 70 60 50 40 30 20 10 0 n=3 n=4 n=5 n=6 Fig. 2. Percentages of matched pair-polar minutiae structures in same and different finger samples. IV. PROPOSED SCHEME A. Encoding Stage To address errors in different feature levels, a two-level secure sketch (a fuzzy vault and Shamir’s secret sharing scheme) is used in the encoding procedure (see Figure 3), the detailed steps in which are as follows. 1) Given a fingerprint template T , we first extract the M  T i template minutiae set NT i 1 using the software VeriFinger 6.0 from Neurotechnology [39], where N T is the number of minutiae in T . From this set, we choose only 30 well-separated genuine minutiae, i.e., the minimum distance between each is greater than a predefined threshold d . The distance between two minutia points M i and M j is defined as D(M i , M j )  x  x   y  y   2 2  w i   j  , where  i   j   min i   j ,360  i   j i j i j  and w is the weight assigned to the orientation attribute [23]. If the number of well-separated minutiae in the template is less than 30, all will be chosen and we denote the selected   minutiae set by SM T  M iT ST i 1 ( S T  30 ). The reason we set the upper bound for the number of genuine minutiae is to reduce the processing time required for matching. 2) A chaff minutiae set CM  M c c 1 is generated R iteratively as below. A randomly generated minutia M can be added into CM if M is well-separated from all the points in the set CM SM T . 3) For each minutia M i  SM T , its P-P structure, denoted by ViT  {vijT }Sj 1, Rj i , is constructed by connecting M i to all T the other minutiae M j  SM T CM . Then the features in p1 Vault1 Key binding V1T K1 Vault2 p2 ( H ( Ki ), p( Ki ))i 1 ( K 0 , p( K 0 )) ST Minutiae extraction Key binding Build P-P structures Add chaff minutiae V2T . . . . . . . . . Key binding T K2 pS T {H ( K i )}iS 1 K VaultS T Key binding VSTT K sT Fig. 3. Encoding stage. Vaulti Next decoding attempt No Key decoding V1Q H ( A1 )  H ( Ki ) Ai Yes ( Ai , p( Ki )) Vault j Minutiae extraction Next decoding attempt Key decoding Build P-P structure No Q 2 V . . . . . . . . . VSQQ Aj H ( Aj )  H ( K j ) Yes ( A , p( K )) j Key decoding j UL K ( K0 , p( K0 )) Vaultk ( Ak , p( K k )) Next decoding attempt Key decoding No Ak H ( Ak )  H ( K k ) Yes Fig. 4. Decoding stage. vijT are quantized and represented as bit strings Trij , Tij and Tij , respectively. segments as Ki  ki , n 1 || ki , n  2 || ... || ki ,0 , with each segment Concatenating these three bit l bits in length and the length of K i ln. Then, we encode strings, we can obtain a l-bit binary string CBijT which For each M j  SM T  M i , pi ( x) is evaluated at CBijT to represents the P-P coordinate vector vTij . Correspondingly, the P-P structure Vi T T ij ST  R j 1, j  i {CB } can then be expressed by . 4) Each P-P structure Vi T is encrypted into the fuzzy vault construction (the first level secure sketch). Specifically, given a cryptographic sub-key K i , we divide it into n K i into a polynomial pi as pi ( x)  ki ,n1 xn1  ki ,n2 xn2 ...  ki ,0 . generate a genuine point set GSi  {(CBijT , pi (CBijT ))}M SM T , j i , while for each M j  CM , CSi  {(CB , yij )}M j CM T ij j a chaff point set in which yij  pi (CB ) , is T ij generated. The computation is operated in the Galois field GF (228 ) , with GSi and CSi composing a vault Vaulti . In addition, a hash value of K i ( H ( Ki ) ) is stored for verification during the decoding process. 5) In this stage, the second level secure sketch, which is essentially the Shamir’s secret sharing scheme, is applied. Given a cryptographic key K provided by a user, if we expect that m of K i is sufficient to recover it, we divide K into m  1 segments as K  km || km1 || ... || k0 , with each element 28n bits in length and the length of K 28(m+1)n. Subsequently, we construct a polynomial p by km , km 1...k0 taking as its coefficients, i.e., p( x)  km x  km1 x ...  k0 , and evaluate p( x) at each sub-key K i . K i is then discarded and p( Ki ) paired with H ( Ki ) as ( p( Ki ), H ( Ki )) . Finally, we randomly choose a m 1 m ln-bit string K0 , compute p( K 0 ) and publish ( K0 , p( K0 )) . Combing the fuzzy vault construction and the Shamir’s secret sharing scheme, the total sketch data our two-level construction produces can be represented by SD  Vaulti ,( H ( Ki ), p( Ki ))i 1 ST (K0 , p(K0 )) , which is stored explicitly for key recovery. B. Decoding Stage The decoding procedure is shown in Figure 4 and its detailed steps are explained below. 1) Given a fingerprint query Q , we first extract the query minutiae set M  Q Q N k k 1 , where N Q is the number of minutiae in Q . From this set, we choose only 30 well-separated minutiae (if the number of well-separated minutiae in the query is less than 30, all will be chosen) and   denote the selected minutiae set by SM Q  M kQ SQ k 1 ( S Q  30 ). 2) For each minutia M k  SM Q , we construct its P-P structure by connecting it to all the other minutiae M l  SM Q and denote it by VkQ  {vklQ }lS1,l  k , where Q vklQ  (rklQ , klQ ,klQ ) . Then the features rklQ ,  klQ and  klQ are converted to integers (by a floor function) and represented as bit strings Qrkl , Qkl and Qkl , respectively. As a result, the P-P structure {(Qrkl , Qkl , Qkl )}lS1,l  k . VkQ can be represented by Q 3) The elements in VkQ are paired with those in Vaulti one by one. In particular, for each P-P coordinate vector vklQ  (Qrkl , Qkl , Qkl ) VkQ , we search for an element (CBijT , y) from Vaulti which meets the conditions dec(Qrij )2  dec(Qrkl )2  2dec(Qrij )dec(Qrkl )cos(dec(Qij )  dec(Qkl ))  d and dec(Qij )  dec(Qkl )   , and add the qualified one into a unlocking set ULi . Here CBijT  Trij || Tij || Tij and dec( x) denotes the decimal representation of x . Now, there are two situations to be considered. a) If ULi  n , which means that there is insufficient information to reconstruct pi , we pair VkQ with the next vault. b) If ULi  n , for each subset of size n of the unlocking set ULi , we construct a polynomial by Lagrange pi  ai , n 1 xn 1  ai , n 2 x n 2 ...  ai ,0 interpolation and concatenate its coefficients as Ai  ai ,n 1ai ,n 2 ...ai ,0 . Then, we compute H ( Ai ) and compare it with H ( Ki ) . If H ( Ai )  H ( Ki ) , it indicates that Ai  Ki with overwhelming probability and ( Ai , p( Ki )) is added into a unlocking set UL . Otherwise, we repeat the same procedure for the next subset. After all the subsets are traversed, if no Ai satisfies H ( Ai )  H ( Ki ) , we pair VkQ with the next vault. 4) Step 2 and Step 3 are repeated until all the P-P structures generated from the query are examined. We then check the unlocking set UL . If the number of elements in UL is smaller than m , the key recovery/verification fails. Otherwise, we randomly pick m elements from UL , combine them with ( K0 , p( K0 )) , and reconstruct the original polynomial p by Lagrange interpolation. Then, the key can be retrieved by concatenating the coefficients of p . C. Quantization Parameters Although it is feasible to compare template and query features ( r , ,  ) in the real domain, they are often quantized before applying the fuzzy vault scheme. This is because the computations involved in the encoding and decoding stages are usually performed in a finite field such as GF (2l ) [20, 23, 27, 40, 41] as the cryptographic key must be an integer. In addition, proper quantization can significantly reduce data storage without sacrificing too much performance. In our method, we perform fine quantization Quant using a floor function, i.e., Quant (a)  a  . Obviously, Quant ( ), Quant ( ) {0,1,..,359} and Quant (r ) {0,1,..,633} considering that the distance between any two minutiae in a 560*290 fingerprint image is at most equal to the lengths of its diagonal lines. Therefore, the lengths of Trij , Tij and Tij are assigned 10, 9 and 9, respectively, and l  28 . Intuitively, using this fine quantization, the information about the original features is retained to a large extent as only the decimal parts of the features are removed. In this case, the quantization itself will not significantly affect the matching performance. (Experiments results obtained in Section V can also prove this). D. Selection of Genuine and Chaff Minutiae The well-separated genuine and chaff minutiae play an important role in our construction. Setting d  2d  2w , we ensure that, for each vklQ , there is at most one qualified/matched element in Vaulti (see Theorem 1). Many fuzzy vault implementations [20, 23, 27, 40] choose chaff points that are separated by a minimum distance d from any genuine point and previously added chaff point, where d is the distance inside which a query feature and vault point are considered matched during verification. This design requires more decoding time because a query feature is likely to match multiple points in a vault, which increases the number of candidate subsets for Lagrange interpolation (see B.3.b); for example, let V  {vi }30 i 1 be a query P-P minutiae structure. In the methods of [20, 23, 27, 40], if we suppose that, on average, each vi finds two matches in the vault, the number of candidate  60  subsets for Lagrange interpolation is   . In our case, n  30  however, the number is up to   as each vi can find at most n one match. That is to say, the number of interpolation attempts  30   60  required to recover the key is reduced to      1 2n . n n In addition, the same selection criteria for both the genuine and chaff minutiae can prevent an attacker from distinguishing between them by exploiting different distance settings. Theorem 1: Given two P-P structures Vi  {vij }Nj 1, j i (with center at M i ) and Vk  {vkl }lM1,l  k (with center at M k ), if the minimum distance between any two minutiae M1 ( x1 , y1 ,1 ) and M 2 ( x2 , y2 ,2 ) (defined in A.1) in each P-P structure satisfies D(M1 , M 2 )  2d  2w ( w  0 ), then for each vij  Vi , there is at most one P-P coordinate vector vkl Vk that meets the conditions and ij   kl   . rij 2  rkl 2  2rij rkl cos(ij  kl )  d Proof: if for a P-P coordinate vector vij  Vi , there are two vectors vkl1 , vkl2 Vk that meet the above conditions, i.e., rij 2  rkl1 2  2rij rkl1 cos(ij  kl1 )  d , ij  kl   , rij 2  rkl2 2  2rij rkl2 cos(ij  kl2 )  d and ij   kl2   , then 1 after aligning Vi with Vk (based on their centers M i and M k ), for the minutia M j , two minutiae M l1 and M l2 satisfy that M j M l1 , M j M l2  d and  j  l1 ,  j  l2   . As a result, we can deduce that D(M l1 , M l2 )  ( xl1  xl2 )2  ( yl1  yl2 )2  w(l1 ,l2 )   M l1 M l2  w min l1  l2 ,360  l1  l2  M l1 M l2  w l1  l2  Fig. 5. Sampling points in a minutiae descriptor [42].   M j M l1  M j M l2  w  j  l1   j  l2   2d  2w , which contradicts the assumption D(M l1 , M l2 )  2d  2w . E. Security Enhancement Although the use of the P-P minutiae structure can improve recognition performance because of its high discriminative power, there is a security flaw in the above construction. Specifically, if a genuine P-P coordinate vector vij  (rij , ij ,ij ) occurs in the ith vault, there will be a corresponding vector v ji  (rji ,  ji , ji ) in the jth vault. As rij  rji and ij   ji  360 , this relationship will help an attacker distinguish genuine from chaff features. To address this issue, we transform each P-P minutiae structure before feeding it into the fuzzy vault construction using the methods in [10, 41]. The transformation amount for each minutia is computed using two designed changing functions, which take a pre-set seed and an invariant value extracted from this minutia as input. 1) Extraction of Invariant Value The Minutiae descriptor sample structure [42] is used to compute the invariant value. Given a minutia M and its orientation  , its descriptor is composed of L concentric circles of radius rl ,(1  l  L) , each of which comprises K l sampling points pk ,l ,(1  k  Kl ) , equally distributed along its circumference (Figure 5). We adopt the same parameter settings as [41, 42], that is, the minutiae descriptor of each minutia is composed of 4 concentric circles, the radii of which are 27, 45, 63 and 81 pixels and the samples points on which 10, 16, 22 and 28, respectively. In this case, a 76-dimension translation- and rotation- invariant feature vector of the ith minutia M i can be computed as Fi  [d (i ,1 ), d (i ,2 ),..., d (i ,76 )] TABLE I EXPERIMENTAL PARAMETERS FOR PROPOSED SYSTEM. Parameter Value setting 0.2 Weight assigned to orientation attribute, w Minimum distance between selected 27 minutiae, d 9 Joint threshold for r and  , d Mi  j ri  j ij ACFpar (mi ) i rij i j Mj ij Threshold for minutiae orientation,  DCFpar (mi ) M T i Degree of encoding polynomial pi , n  1 20 6-14 Degree of encoding polynomial p , m 1-4 300 5, 10 Number of chaff minutiae, R Control parameters for distance,  ,    j   ,   j ,   j   , if   / 2  i   j   / 2 if  / 2  i   j  3 / 2 random number generator with par as the seed. Finally, an invariant value corresponding to M i is computed using an Fi  1 , in which A denotes the vector norm of A and mi  [0, 2] . 2) Changing Functions The design of the changing functions is the same as that in [10]. Firstly, two random number sequences X and Y are created using par as the seed. Secondly, the control points of the distance change function DCF and angle change function ACF are generated by summing the outputs of X and Y , respectively, as a i 0 ACFpar (aT )  y0  yT  ...  y( a 1)T  yaT   yiT a , (8) i 0 where a is an integer, and xi [ ,  ] [ ,  ] and yi [ ,  ] [, ] the outputs of X and Y , respectively (  and  are pixels, and  and  are degrees). Finally, using linear interpolation, the values of DCFpar ( p) and ACFpar ( p) between (k  1)T and kT are obtained as p  (k  1)T kT  p DCFpar (kT )  DCFpar ((k  1)T ) T T p  (k  1)T kT  p ACFpar ( p)  ACFpar (kT )  ACFpar ((k  1)T ) (9) T T ( k  1)T  p  kT DCFpar  p   0.2 yi  yi  DCFpar (mi ) sin i i  i  ACFpar (mi ) , (7) where i  [0, 2 ) is the orientation of M i and  j  [0,  ) the ridge direction estimated at the jth sample point. Subsequently, a random 76-dimension vector U par is generated using a DCFpar  aT   x0  xT  ...  x( a 1)T  xaT   xiT Interval size, T we transform its reference minutia M i  ( xi , yi ,i ) as xi  xi  DCFpar (mi ) cos i if     i   j   / 2   j  2 , if 3 / 2  i   j  2 inner product as mi  U par 15, 20 3) Transformation For each P-P minutiae structure Vi  {vij  (rij , ij ,ij )}Nj 1, j i , Fig. 6. The P-P minutiae structure after transformation   i   i  d (i , j )   i  i Control parameters for angle,  ,  (10) M i  ( xi , yi , i ) and then generate a new P-P structure with M i as the reference minutia, denoted by Vi  {vij  (rij , ij ,ij )}Nj 1, j i . Figure 6 shows a P-P minutiae structure with one P-P coordinate vector (solid line) and its new structure after transformation (broken lines). Instead of Vi , the new P-P structure Vi  is fed into the fuzzy vault construction for encoding (A.4) and decoding (B.3), with the subsequent procedure the same. As the transformation amounts for P-P minutiae structures vary with the invariant values extracted from their reference minutiae, the correspondence between vij and v ji no longer exists between vi j and v j i . That is to say, an attacker cannot distinguish genuine from chaff features in the deformation domain by correlating the P-P coordinator vectors. Admittedly, if the attacker knowns the transformation amount for each minutia, he can inverse the transformation and then perform the correlating attack. However, even if the changing functions and par are revealed, the transformation amount for each minutia cannot be computed without the information about the invariant value, which is extracted from input images and no longer stored in the system after performing the transformation process. V. EXPERIMENTAL RESULTS A. Experimental Databases and Parameter Setting We conduct experiments on a wide variety of public fingerprint databases, FVC 2000 (DB1), FVC 2002 (DB1, DB2, DB3, DB4), FVC 2004 (DB2) and FVC 2006 (DB2, DB3). The first three (FVC 2000, FVC 2002 and FVC 2004) contain 800Gy-level fingerprint images collected from 100 fingers with 8 samples of each while FVC 2006 contains fingerprint images from 140 fingers with 12 samples of each. The parameters used in our experiment are listed in Table I. 0.45 FVC2002DB1(quantized) FVC2002DB1(unquantized) FVC2002DB2(quantized) FVC2002DB2(unquantized) FVC2002DB3(quantized) FVC2002DB3(unquantized) 0.4 0.35 0.3 FRR 0.25 0.2 0.15 0.1 0.05 0 -6 10 10 -5 10 -4 -3 10 FAR 10 -2 10 -1 10 Fig. 7. Comparison of performances of raw matching algorithms with and without quantization before applying the fuzzy vault. B. Performance Evaluation Three performance indices are used for performance evaluation: (1) the FAR, the probability of an imposter being accepted as a legitimate user; (2) the FRR, the probability of a legitimate user being rejected as an imposter; and (3) the equal error rate (EER), the error rate when the FAR and FRR are equal. Similar to [35, 36, 43], we also use two different protocols (the 1vs1 and standard FVC) to evaluate the recognition performance of the proposed system (“proposed system” or “our system” throughout this paper always involves the implementation of the security enhancement step unless stated otherwise). In the 1vs1 protocol, the first image of each finger is compared with the second image of the same finger to compute the FRR and then compared with the first images of the remaining fingers to compute the FAR. To avoid a duplicate comparison, if image 1, as the template, has been compared with image 2, when image 2 is chosen as the template, it is not compared with image 1 again. Therefore, for FVC 2000, FVC 2002 and FVC 2004, this results in 100 genuine and (1+99)*99/2=4950 imposter matching attempts, while for FVC 2006, 140 genuine and (1+139)*139/2=9730 imposter ones. In the standard FVC protocol, each image of each finger is compared with the remaining (7/11) images of the same finger to calculate the FRR, and the first image of each finger is compared with the first images of the remaining fingers to computer the FAR. We also remove any duplication comparison in this protocol. Therefore, for FVC 2000, FVC 2002 and FVC 2004, there are ((0+7)*8/2)*100=2800 genuine and (1+99)*99/2=4950 imposter matching attempts, while for FVC2006, ((0+11)*12/2) *140=9240 genuine and (1+139)*139/2=9730 imposter ones. For different purposes, our experiments are divided into two groups. The first group of experiments is to demonstrate how much the fine quantization affects the performance of our raw matching algorithm before applying the fuzzy vault, and it is conducted on FVC2002DB1, FVC2002DB2 and FVC2002DB3 using the standard FVC protocol. Figure 7 shows that the performance differences between the matching algorithms with and without quantization is negligible on the experimental databases (Note that the matching algorithms evaluated in this group of experiments do not consider the implementation of the security enhancement step as we only care about performance here). In terms of the second group of experiments, we evaluate the proposed system using the 1VS1 protocol and standard FVC protocols, respectively. To ensure fair performance evaluation, the preset seed par is assumed to be publicly known, i.e., both genuine and imposter samples use the same transformation seed in our experiments. Using the 1VS1 protocol, the proposed system performs best on database FVC 2002 DB2 (FRR=FAR=0). However, its performance drops substantially on databases FVC2004 DB2 (FRR=24%, FAR=0.06) and FVC2006 DB3 (FRR= 30.91%, FAR=0.1%). The reasons for this are manifold; for example, the fingerprint images in FVC2006 DB3 have many missing or spurious minutiae, which could definitely negatively affect recognition accuracy because the propose method is minutiae-based. In particular, as the first image of the 24th finger has only one minutia, we would not even build up a P-P minutiae structure for it. Regarding FVC2004 DB2, fingerprint providers are requested to exaggerate skin distortions during the acquisition process, which leads to significant distortions in the first two images [44]. The proposed system performs best on FVC2006 DB2 (FRR=5.78%, FAR=0) using the standard FVC protocol. The main reason the performance is better than its counterpart using the 1VS1 protocol is the significant increase of genuine matching attempts, from 140 to 9240. In this case, few unsuccessful genuine attempts will not result in a high FRR when divided by a large number (9240). However, the performances on FVC2002 DB1 (FRR=11.11%, FAR=0.1%) and DB2 (FRR=8.07%, FAR=0.06%) using the standard FVC protocol are poorer than those using the 1VS1 protocol. This is because the 1VS1 protocol uses only the first and second images, which are acquired in the same session and have fewer variations and distortions than the other 6 used in the standard FVC protocol. Figure 8 and Figure 9 show the ROC curves of the proposed system for the best EER performance (by adjusting m ) when the 1VS1 and standard FVC protocols are adopted, respectively. To further verify the strength of the proposed system, we compare it with other fingerprint cryptosystems, including the Voronoi neighbor structure-based [35], five-nearest neighbor-based [34 ,45], and two fuzzy vault-based ones which require alignment [23, 24], in terms of FRR, FAR and EER. Although it is unfair to compare the proposed system with the two nearest-neighbor structure-based [27] and Delaunay quadrangle-based [36] fingerprint cryptosystems, the reported performances of which are not achievable in practice (see Section I), they are still listed for reference. In Table II and Table III, we can see that, regardless of the protocol adopted, our system performs better than [23, 24, 27, 34, 35] on the same 0.5 0.5 1VS1 protocol on FVC2000DB1 1VS1 protocol on FVC2002DB1 1VS1 protocol on FVC2002DB2 1VS1 protocol on FVC2002DB3 1VS1 protocol on FVC2002DB4 1VS1 protocol on FVC2004DB2 1VS1 protocol on FVC2006DB2 1VS1 protocol on FVC2006DB3 0.45 0.4 0.35 0.4 0.35 0.3 FRR 0.3 FRR FVC protocol on FVC2000DB1 FVC protocol on FVC2002DB1 FVC protocol on FVC2002DB2 FVC protocol on FVC2002DB3 FVC protocol on FVC2002DB4 FVC protocol on FVC2004DB2 FVC protocol on FVC2006DB2 FVC protocol on FVC2006DB3 0.45 0.25 0.25 0.2 0.2 0.15 0.15 0.1 0.1 0.05 0.05 0 -6 10 10 -5 10 -4 -3 10 FAR 10 -2 10 -1 0 10 Fig. 8. ROC curves of proposed system using 1VS1 protocol for best EER performance 0 -6 10 10 -5 10 -4 -3 10 FAR 10 -2 10 -1 0 10 Fig. 9. ROC curves of proposed system using standard FVC protocol for best EER Performance. TABLE II COMPARISON OF PERFORMANCES OF PROPOSED AND OTHER FINGERPRINT CRYPTOSYSTEMS USING 1VS1 PROTOCOL (VALUES IN PERCENTAGES). Method 2000DB1 (FRR/FAR) EER 2002DB1 (FRR/FAR) EER 2002DB2 (FRR/FAR) EER 2002DB3 (FRR/FAR) EER 2002DB4 (FRR/FAR) EER 2004DB2 (FRR/FAR) EER Nagar et al. [24] (40/0.44) 13.11 - (8/0.59) 3.38 (4/0) - (7/0) (14/0) (3/0) (6/0.02) 0.59 (2/0) 1.02 (28/0.3) 9.80 8.63 (49/0.42) 16.52 - (9/0.18) 4.77 (16/0.26) 10.05 Nandakumar et al. [23] Li et al. [27] Yang et al. [35] Yang et al. [36] Liu et al. [45] without alignment Proposed system 2006DB3 (FRR/FAR) EER (41/0.22) 14.88 (24.72/0.1) - 2006DB2 (FRR/FA R) EER 4.83 (24/0.06) 14.10 (16.43/0) 2.74 (30.91/0.1) 12.79 (28.67/0.1) - (2/0) (10/0.28) 5.28 (2/0) 0.83 (0/0) 0 TABLE III COMPARISON OF PERFORMANCES OF PROPOSED AND OTHER FINGERPRINT CRYPTOSYSTEMS USING STANDARD FVC PROTOCOL (VALUES IN PERCENTAGES). Method 2000DB1 (FRR/FAR) EER 2002DB1 (FRR/FAR) EER 2002DB2 (FRR/FAR) EER 2002DB3 (FRR/FAR) EER 2002DB4 (FRR/FAR) EER 2004DB2 (FRR/FAR) EER Arakala et al. [34] 15 (36.79/0.55) 14.30 - (35.79/0.2) 11.84 4.5 (22.79/0) (26.79/0.16) 10.38 5.99 (8.89/0) (43/0.38) 16.52 (21.84/0.1) - (49.71/0.42) 15.63 - (12.71/0.28) 7.32 (16.61/0) 5 (11.50/0) 3.37 (21.39/0.06) 9.89 (17.04/0.24) 8.59 Yang et al. [35] Yang et al. [36] Liu et al. [45] without alignment Proposed system database. In comparison with [36], it shows better recognition accuracy on all the experimental databases except 2006DB3 when the 1VS1 protocol is used (28.67/0.1 VS 30.91/0.1). In the case of [45], our system performs better than it on 2002DB2 2006DB3 (FRR/FAR) EER (57.57/0.34) 20.61 (26.13/0.1) - 2006DB2 (FRR/FA R) EER 3.07 (24.82/0.08) 11.13 (5.78/0) 1.59 (21.63/0.1) 8.59 21.76/0.1 - and 2002DB1 when the 1VS1 and FVC protocols are adopted, respectively, but results in a few more false rejections on 2002DB2 (11.50 VS 8.89) using the FVC protocol when FAR=0. 100 SECURITY ANALYSIS obtains the sketch data, as he can recover K i by decoding Vaulti , the security of K i depends on the strength of the vault. The degrees of security provided by the fuzzy vault construction has been well studied in [13, 14, 46, 47]. Here, we consider only the most widely-used method of security analysis, the brute force attack [23], in which an attacker tries to decode K i using all combinations of n points in Vaulti . Because the total number of all possible combinations is  S T  R  1  S T  1  ones will successfully decode   , of which  n  n    K i , the probability of a specific combination decoding K i can  S T  1   S T  R  1 be computed by P      . If we assume that n  n    S T  30 and R  300 (the number of the chaff minutiae is ten  29   329  times that of the genuine minutiae), then P     , n  n   329   29  which is comparable to  log 2 P  log     -bit  n  n security. Note that the security bit is complexity rather than entropy-based because most fingerprint-based fuzzy vault constructions have no entropy security [48]. Based on this equation, in Figures 10 and 11, we plot the GAR-security curves [36, 49] of the proposed system using the 1VS1 protocol and standard FVC protocols, respectively. B. Cross-matching Attack and Revocability A well-known issue regarding the fuzzy vault is that it is vulnerable to the cross-matching attack [50, 51]. If the attacker has access to multiple vaults generated from the same biometric data, he can easily identify the genuine features by correlating the elements in them. This issue, however, can be addressed in the proposed system by setting a distinct seed for the random number generators in each application. In this way, the same biometric data is transformed to different features encoded in the fuzzy vault and the correlation destroyed. Once a vault is compromised, a new vault can be created from the same fingerprint data by replacing the two changing functions. Therefore, the revocability of the proposed system depends on the number of different changing functions that can be created, which, according to the theoretical analysis in [10], can be calculated as CFn  {4(    1)(    1)}W /T , where W denotes the range of the invariant values in a fingerprint. Figure 12 shows the number of different changing functions when 90 80 70 GAR(%) A. Brute Force Attack The security of the proposed system relies on the security of the sub-key K i as m sub-keys are able to recover K . Now, we consider two common cases. In one in which an attacker has no information about the distribution of fingerprint features and the sketch data is stored in a completely secure database or server, he has to guess K i by traversing all the possibilities. Therefore, the security of the system is equal to the length of K i , which is 28n bits . In the other in which an attacker 60 50 40 30 20 10 15 1VS1 protocol on FVC2000DB1 1VS1 protocol on FVC2002DB1 1VS1 protocol on FVC2002DB2 1VS1 protocol on FVC2002DB3 1VS1 protocol on FVC2002DB4 1VS1 protocol on FVC2004DB2 1VS1 protocol on FVC2006DB2 1VS1 protocol on FVC2006DB3 20 25 30 35 40 Security(bits) 45 50 55 60 Fig. 10. GAR vs number of security bits using 1VS1 protocol. 100 90 80 70 GAR(%) VI. 60 50 40 30 20 10 15 FVC protocol on FVC2000DB1 FVC protocol on FVC2002DB1 FVC protocol on FVC2002DB2 FVC protocol on FVC2002DB3 FVC protocol on FVC2002DB4 FVC protocol on FVC2004DB2 FVC protocol on FVC2006DB2 FVC protocol on FVC2006DB3 20 25 30 35 40 Security(bits) 45 50 55 60 Fig. 11. GAR vs number of security bits using standard FVC protocol.     5 ,     5 and T  0.2 , which are used in our experiments. VII. CONCLUSION AND FUTURE WORK Although alignment-free fingerprint cryptosystems provide a promising solution for template/key protection without registration, the recognition accuracy of previous work is insufficiently satisfying due to poor discriminative power of the features used as well as improper handling of nonlinear distortions in the quantized/encrypted domain. To address this issue, an alignment-free fuzzy vault using pair-polar (P-P) minutiae structures is proposed in this paper. Our system improves recognition accuracy in two respects. Firstly, the P-P minutiae structure is more discriminative than other local minutiae structures, such as the five-nearest neighbor, Voronoi neighbor, and triangle structures. Secondly, compared with the trivial or coarse quantization used in other work, the fine 11 10 10 10 9 10 8 10 7 CFn 10 6 10 5 10 4 10 3 10 2 10 0.2 0.3 0.4 0.5 0.6 W 0.7 0.8 0.9 1 Fig. 12. Numbers of changing functions quantization used in our system can retain more information about a fingerprint template to a greater extent and enable the direct use of a well-established minutiae matcher, which is specially designed to deal with intra-class variations. In terms of security, the proposed system combines the advantages of cancelable biometrics as well as biocryptography. Firstly, transforming P-P minutiae structures before encoding destroys the correlations between them and also provides privacy-enhancing features, such as revocability and protection against cross-matching attacks. Secondly, adding enormous numbers of chaff points in the vault provides extra protection for transformed genuine features, which increases the complexity of deriving the original template from the transformed one. The experimental results on a wide selection of publicly available databases show that the proposed system outperforms other similar systems while providing strong security. So far, analyzing the difficulty of conducting a brute force attack is most widely used in examining the strength of the fuzzy vault scheme in terms of template protection because it is simple and intuitive. However, a logically rigorous and thorough security analysis that contains a formal proof is undoubtedly more convincing, and this will be an interesting and challenging work that deserves our collective efforts in the future. ACKNOWLEDGEMENT This work is partially supported by Australian Research Council (ARC) Linkage Project LP120100595 and LP100200538. REFERENCES [1] W. Zhong, X. Ning, and C. Wei, “A fingerprint matching algorithm based on relative topological relationship among minutiae,” in Proc. ICNNSP, 2008, pp. 225-228. [2] W. Zhang, and Y. Wang, “Core-based structure matching algorithm of fingerprint verification,” in Proc. 16th ICPR, 2002, pp. 70-74. [3] K. Xi, and J. Hu, “Dual Layer Structure Check (DLSC) fingerprint verification scheme designed for biometric mobile template protection,” in Proc. 4th ICIEA, 2009, pp. 630-635. [4] X. Jiang, and W. Y. Yau, “Fingerprint minutiae matching based on the local and global structures,” in Proc. 15th ICPR, 2000, pp. 1038-1041. [5] N. K. Ratha, V. D. Pandit, R. M. Bolle, and V. Vaish, “Robust Fingerprint Authentication Using Local Structural Similarity,” in Proc. IEEE WACV, 2000, pp. 29-34. [6] X. Chen, J. Tian, J. Yang, and Y. Zhang, “An Algorithm for Distorted Fingerprint Matching Based on Local Triangle Feature Set,” IEEE Transaction on Information Forensics & Security, vol. 1, no. 2, pp. 169-177, 2006. [7] S. Wang, and J. Hu, “Alignment-Free Cancelable Fingerprint Template Design: A Densely Infinite-to-One Mapping (DITOM) Approach,” Pattern Recognition, vol. 45, no. 12, pp.4129-4137, 2012. [8] T. Ahmad, J. Hu, and S. Wang, “Pair-polar coordinate based cancelable fingerprint templates,” Pattern Recognition, vol. 44, no. 10-11, pp. 2555-2564, 2011. [9] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, “Generating Cancelable Fingerprint Templates,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 561-572, 2007. [10] C. Lee, J. Y. Choi, K. A. Toh, S. Lee, and J. Kim. “Alignment-Free Cancelable Fingerprint Templates Based on Local Minutiae Information,” IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, vol. 37, no. 4, pp. 980-992, 2007. [11] U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, “Biometric Cryptosystems: Issues and Challenges,” in Proc. IEEE, vol. 92, no. 6, pp. 948-960, 2004. [12] A. Juels, and M. Wattenbeg, “A Fuzzy Commitment Scheme,” in Proc. 6th ACM CCS, 1999, pp. 28-36. [13] A. Jules, and M. Sudan, “A Fuzzy Vault Scheme,” Designs, Codes and Cryptography, vol.38, no. 2, pp. 237-257, 2006. [14] Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data,” in Proc. International Conference on the Theory and Applications of Cryptographic Techniques. 2004, pp. 523-540. [15] C. Chen, R. N. J. Veldhuis, T. A. M. Kevenaar, and A. H. M. Akkermans, “Multi-Bits Biometric String Generation based on the Likelihood Ratio,” in Proc. IEEE International Conference on Biometrics: Theory, Applications, and System, 2007, pp. 1-6. [16] C. Chen and R. Veldhuis, “Binary Biometric Representation through Pairwise Adaptive Phase Quantization,” EURASIP Journal on Information Security, vol. 2011, no. 1, Article ID 543106, 2011. [17] E. Maiorana, P. Campisi, and A. Neri, “IRIS template protection using a digital modulation paradigm,”, in Proc. IEEE International Conference on Acoustic, Speech and Signal Processing, 2014, pp. 3759-3763. [18] E. Maiorana , P. Campisi, and A. Neri "User adaptive fuzzy commitment for signature templates protection and renewability", SPIE J. Electron. Imag., vol. 17, no. 1, pp. 1 -12, 2008 [19] V. Krivokuća, W. Abdulla, and A. Swain, “A Dissection of Fingerprint Fuzzy Vault Schemes,” in Proc. 27th Conference on Image and Vision Computing, 2012, pp. 256–261. [20] T. Clancy, D. Lin, and N. Kiyavash, “Secure smartcard-based fingerprint authentication,” in Proc. ACM SIGMM Workshop on Biometric Methods and Applications, Berkley, CA, Nov. 2003, pp. 45–52. [21] U. Uludag, S. Pankanti, and A. K. Jain, “Fuzzy vault for fingerprints,” in Proc. Audio- and Video-Based Biometric Person Authentication, Rye Town, NY, Jul. 2005, pp. 310–319. [22] S. Yang, and I. Verbauwhede, “Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme,” in Proc. of IEEE ICASSP, 2005, pp. 609-612. [23] K. Nandakumar, A. K. Jain, and S. Pankanti, “Fingerprint-based Fuzzy Vault: Implementation and Performance,” IEEE Transaction on Information Forensics & Security, vol. 2, no. 4, pp. 744-757, 2007. [24] A. Nagar, K. Nandakumar, and A. K. Jain, “Securing Fingerprint Template: Fuzzy Vault with Minutiae Descriptors,” in Proc. 19th ICPR, 2008, pp. 1-4. [25] Y. Wang, J. Hu, and D. Philip, “A fingerprint orientation model based on 2D Fourier Expansion (FOMFE) and its application to singular-point detection and fingerprint Indexing,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp.573-585, 2007. [26] P. Zhang, J. Hu, C. Li, M. Bennamoun, and V. Bhagavatula, “A Pitfall in Fingerprint Bio-cryptographic Key Generation,” Computers & Security, vol. 30, no. 5, pp. 311-319, 2011. [27] P. Li, X. Yang, K. Cao, X. Tao, R. Wang, and J. Tian, “An alignment-free fingerprint cryptosystem based on fuzzy vault scheme,” Journal of Network and Computer Applications, vol. 33, no. 3, pp. 207-220, 2010. [28] A. K. Hrechak, and J. A. Mchugh, “Automated Fingerprint Recognition Using Structural Matching,” Pattern Recognition, vol. 23, no. 8, pp. 839-904, 1990. [29] Z. Chen, and C. H. Kuo, “A Topology-Based Matching Algorithm for Fingerprint Authentication,” in Proc. 25th Annual IEEE ICCST, 1991, pp. 84-87. [30] X. Chen, J. Tian, and X. Yang, “A Novel Algorithm for Distorted Fingerprint Matching Based on Fuzzy Features Match,” in Proc. AVBPA, 2005, pp. 665-673. [31] D. P. Mital, and E. K. Teoh, “An Automated Matching Technique for Fingerprint Identification,” in Proc. 22nd IEEE International Conference on Industrial Electronics, Control and Instrumentation, 1996, pp. 806-811. [32] K. D. Yu, S. Na, and T.Y. Choi, “A Fingerprint Matching Algorithm Based on Radial Structure and a Structure-Rewarding Scoring Strategy,” in Proc. AVBPA, 2005, pp. 656-664. [33] J. Jeffers, and A. Arakala, “Minutiae-Based Structures for a Fuzzy Vault,” in Proc. Biometric Consortium Conference, 2006, pp. 1-6. [34] A. Arakala, J. Jeffers, and K. Horadam, “Fuzzy Extractors for Minutiae-Based Fingerprint Authentication,” in Proc. International Conference on Advances in Biometrics, 2007, pp. 760-769. [35] W. Yang, J. Hu, S. Wang, and M. Stojmenovic, “An alignment-free fingerprint bio-cryptosystem based on modified Voronoi neighbor structures,” Pattern Recognition, vol. 47, no. 3, pp. 1309-1320, 2013. [36] W. Yang, J. Hu, and S. Wang, “A Delaunay Quadrangle-Based Fingerprint Authentication System with Template Protection Using Topology Code for Local Registration and Security Enhancement,” IEEE Transactions on Information Forensics & Security, vol. 9, no. 7, pp. 1179-1192, 2014. [37] Q. Li, Y. Sutcu, and N. Memon, “Secure Sketch for Biometric Templates,” in Proc. 12th International Conference on Theory and Application of Cryptology and Information Security, 2006, pp. 99 -113. [38] A. K. Jain, A. A. Ross, and K. Nandakumar, “Introduction to Biometrics,” Springer, 2011. [39] S. VeriFinger, Neuro Technology, 2010. [40] D. Moon, S. Lee, S. Jung, Y. Chung, M. Park, and O. Yi, “Fingerprint Template Protection Using Fuzzy Vault,” in Lect Notes Comput Sc, ICCAS, 2007, pp. 1141-1151. [41] P. Li, X. Yang, K. Cao, P. Shi, and J. Tan, “Security-Enhanced Fuzzy Fingerprint Vault Based on Minutiae’s Local Ridge Information,” in Pro. 3rd International Conference of Biometrics, 2009, pp. 930-939. [42] M. Tico, and P. Kuosmanen, “Fingerprint Matching Using an Orientation-Based Minutia Descriptor,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 25, no. 8, pp. 1009-1014, 2003. [43] M. Ferrara, D. Maltoni, and R. Cappelli, “Noninvertible Minutia Cylinder-Code Representation,” IEEE Transactions on Information Forensics & Security, vol. 7, no. 6, pp. 1727-1737, 2012. [44] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K. Jain, “FVC2004: Third fingerprint verification competition,” in Biometric Authentication, New York, NY, USA: Springer-Verlag, 2004, pp. 1–7. [45] E. Liu, H. Zhao, J. Liang, L. Pang, M. Xie, H. Chen, Y. Li, P. Li and J. Tian, “A key binding system based on n-nearest minutiae structure of fingerprint,” Pattern Recognition Letters, vol. 32, no. 5, pp. 666-675. [46] E.-C. Chang, R. Shen, and F. W. Teo, “Finding the Original Point Set Hidden among Chaff,” in Proc. ASIACCS, 2006, pp. 182-188. [47] X. Q. Guo and A. Q. Hu. "The automatic fuzzy fingerprint vault based on geometric hashing: Vulnerability analysis and security enhancement," in MINES, 2009, pp. 62–67. [48] C. Li, J. Hu, J. Pieprzyk, and W. Susilo, “A New Bio-cryptosystem-oriented Security Analysis Framework and Implementation of Multibiometric Cryptosystems Based on Decision Level Fusion,” IEEE Transactions on Information Forensics Security, in Press, 2015. [49] A. Nagar, K. Nandakumar, and A. K. Jain, “Multibiometric cryptosystems based on feature-level fusion,” IEEE Transactions on Information Forensics Security, vol. 7, no. 1, pp. 255–268, 2012. [50] T. E. Boult, W. J. Scheirer, and R. Woodworth, “Fingerprint Revocable Biotokens: Accuracy and Security Analysis,” in Proc. IEEE Conference on CVPR, 2007, pp.1-8. [51] W. J. Scheirer, and T. E. Boult, “Cracking Fuzzy Vaults and Biometric Encryption,” in Proc. IEEE Biometrics Symposium, 2007, pp. 1-6. Cai Li received his B.S. degree from Nanjing University of Aeronautics and Astronautics, China in 2007 and his master degree of Information Technology from the University of Melbourne in 2009. Now he is currently working toward the PhD degree in the School of Engineering and Information Technology, University of New South Wales at Canberra (UNSW@Canberra), Australia. He is an IEEE Member. His research interests are biometric pattern recognition and biometric security. Jiankun Hu is Full Professor and Research Director of Cyber Security Lab, School of Engineering and IT, University of New South Wales at the Australian Defence Force Academy (UNSW@ADFA), Canberra, Australia. He has obtained his BE from Hunan University, China in 1983; PhD in Control Engineering from Harbin Institute of Technology, China in 1993 and Masters by Research in Computer Science and Software Engineering from Monash University, Australia in 2000. He has worked in Ruhr University Germany on the prestigious German Alexander von Humboldt Fellowship 1995-1996; research fellow in Delft University of the Netherlands 1997-1998, and research fellow in Melbourne University, Australia 1998-1999. Jiankun’s main research interest is in the field of cyber security including biometrics security where he has published many papers in high-quality conferences and journals including IEEE Transactions on Pattern Analysis and Machine Intelligence (PAMI), IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Industrial Informatics. He has served in the editorial board of up to 7 international journals and served as Security Symposium Chair of IEEE flagship conferences of IEEE ICC and IEEE Globecom. He has obtained 7 ARC (Australian Research Council) Grants and has served at the prestigious Panel of Mathematics, Information and Computing Sciences (MIC), ARC ERA (The Excellence in Research for Australia) Evaluation Committee.