Biometric systems propose numerous benefits over traditional authentication
methods. Biometric information cannot be obtained by direct secret observation.
It is unfeasible to share and complicated to replicate. It increases user
expediency by improving the need to memorize long and random passwords.
It guards against repudiation by the user. Biometrics supplies the same
level of security to all users unlike passwords and is highly challenging
to brute force attacks. Identification and authentication refers to two
special tasks: finding the identity of a person given the biometric versus
verifying the identity given the biometric data and the claimed identity.
In this study, we propose a biometric authentication scheme to address the
security and privacy concerns as shown in Fig. 1. In meticulous,
two biometric features (e.g., fingerprint and palmprint) are combined to obtain
a non-unique identifier of the individual and stored as such in a central database.
||Privacy and security issues concerning a biometric authentication
||Some attacks and their temperaments
While the combined biometric ID is not a unique identifier, reducing concerns
of security and privacy, we show that it can still be used in authenticating
a person`s identity. As a particular example, we exhibit a biometric authentication
system that uses two separate biometrics of the same individual to form a combined
Nevertheless, it is now recognized that biometric systems are vulnerable to
attacks. One of the most solemn attacks is against the stored templates. A stolen
biometric template cannot be easily revoked and it may be used in other applications
that utilize the same biometric feature. Table 1 shows a summary
of some attacks and their role and area of attacks in the authentication system.
Security vulnerabilities of a general biometric system: Biometric
authentication systems may become vulnerable to potential attacks. Some
of those security vulnerabilities are presented in Table
The privacy and security issues of a biometric authentication system
sketched in this study are shown in Fig. 1.
Outline of biometric template security approaches: We have summarized
some Biometric Template Security approaches in Table 2
which have proposed by numerous researchers. A bit briefing of their attitude,
merits and drawbacks are sketched as well.
||Review of several approaches to defend templates
||Proposed watermarking with fixed digit encryption (WFDE)
Proposed approach towards enhanced authentication security: The
approach based on user biometric synthesis using watermark embedded and
fixed digit encryption as exposed in Fig. 2, to enhance
the authentication security of the system. Biometric templates are bound
with the Fixed Digits and recomputed directly from it on verification.
As a result we get much stronger Biometric template security. Advantages
to use fixed digit are as follows:
||Fixed digits are longer and more complex identifiers,
||No need for user memorization
||Less susceptible to security attacks
Besides, some of the security vulnerabilities of a biometric authentication
system listed in Fig. 1 are addressed:
||No substitution attack: Without any knowledge
of the Fixed Digit and other transitory data, an attacker cannot create
his own template that had been used to create the genuine template.
||No tampering: While the extracted features are not stored,
the attacker has no method to adapt them.
||No masquerade attack: The attacker cannot construct a digital
artifact to submit to the system, since the system does not store
the biometric template. Watermark with Fixed Digit Encryption provides
an effective protection for remote authentication systems.
||No Trojan horse attacks: Watermark embedded process, Encryption
or Decryption algorithm does not use any score, either final or intermediate,
to make a judgment, it just retrieves (or does not retrieve) a key
(as we called fixed digit in our approach). Therefore, the attacker
has no means to fool the system by outputting a high score;
||No overriding Yes/No response: The Encryption algorithm`s
output is a 128-bit (or longer) fixed digit, as opposed to the binary
Yes/No response. The attacker cannot obtain the fixed digit from a
PROPOSED WATERMARKING WITH FIXED DIGIT ENCRYPTION (WFDE)
Present proposed scheme consists of four main steps as shown in Fig.
2. First of all, performed preprocessing and DWT (Discrete Wavelet Transform)
of the fingerprint image to make it prepared for the watermark embedding process.
Second step is palmprint classification, so that the system can get a fixed
digit which we have fixed according to six categories of palmprint. In third
step, two different biometric images derived from the same user are applied
to the watermark embedding process. The embedded template is then secured by
the watermarking based on DWT and LSB. Finally, the watermarked template is
encrypted using the fixed digit derived after palmprint classification from
the second step. In this work, we call this approach Watermarking with Fixed
Digit Encryption (WFDE).
Palmprint classification: Wu et al. (2004) and Huang
et al. (2008) proposed a novel algorithm for the automatic classification
of low-resolution palmprints using principle lines. The algorithm has
the ability to classify palmprints into six categories according to the
number of principal lines and the number of their intersections. The principal
lines of the palmprint are identified first using their position and thickness.
Then a set of directional line detectors is developed. After that they
extract potential beginnings (line initials) of the principal lines and
then, a recursive process is applied to extract the principal lines in
their entirety based on these line initials. The proportions of these
six categories (1-6) in the database containing 13,800 samples (Zhang
et al., 2003) are 0.36, 1.23, 2.83, 11.81, 78.12 and 5.65%, respectively.
They have shown 96.03% of accuracy to classify palmprints.
Watermarking algorithm: For watermarking, the fingerprint image
is used as the base or the cover image and the palmprint features are
used as the watermark (Yeung and Pankanti, 2000; Yeung and Mintzer, 1998).
These features are the palmprint template obtained by convolving the palmprint
image with preprocessing.
Watermark embedding algorithm
Stage 1: Two-level Discrete Wavelet Transform (DWT) is applied
on the original fingerprint image I. The coefficients of the approximation
band of the DWT image contain significant details of the fingerprint image.
Hence the approximation band is not modified during embedding.
Stage 2: The detailed sub-bands are divided into blocks I1,
I2,…, Ir of size MxN and the coefficients
in each block are numbered in raster scan order. From each block, the
first wavelet coefficient that has a positive phase and whose value is
less than threshold ? is selected. The second LSB of the selected
coefficient is replaced by one bit from the palmprint template. This process
is written as follows:
where, I`w(i, j) are the wavelet coefficients in block Ir.
F(x, y) is the palmprint template, Iw(i, j) is the wavelet
decomposed fingerprint image, ? is the threshold which decides whether
the watermark bit is inserted or not and LSB2 denotes the second
Stage 3: If the number of bits in the palmprint template F(x,
y) is less than the number of blocks in the fingerprint image, then all
bits of the palmprint template can be embedded. Otherwise, the following
procedure is used to embed the remaining bits of the palmprint template:
||For each block Ir, a message block MBr
is formed by selecting few high order bits from each pixel of Ir.
A fixed digit D is appended to message block MBr. The value
D is sufficiently large to prevent an attacker from using brute force
to remove the watermark.
||The fixed digit D is used to compute a cryptographic hash of the
||The value of [Hr mod (MxN)] gives the pixel
position for embedding the watermark bit. The watermark bit is embedded
depending on the value of the Most Significant Bit (MSB) of the hash
value Hr. If the MSB of Hr is 0 then the palmprint
bit is inserted unchanged; otherwise the complement of the palmprint
bit is inserted.
Stage 4: After embedding all the bits from the palmprint template.
Inverse Discrete Wavelet Transformation (IDWT) is applied on the watermarked
fingerprint coefficients to generate the final secure watermarked fingerprint
image. Figure 2 shows the watermark embedding process.
Any change in the value of Ir produces an entirely different
hash and can make the watermark undetectable. Since the attacker does
not know the fixed digit D, it is not possible to compute the hash value
Hr. Also, high order bits are chosen for watermark insertion
because any change in these values will degrade the quality of the image
and hence the biometric verification performance.
Binding watermarked template using fixed digit encryption: Encryption
of the watermarked template using fixed digit enhances user privacy because
it enables the creation of revocable templates and prevents cross-matching
of templates across different applications.
||Operation of WFDE, (a) client and (b) server scheme
The distribution of WFDE template is statistically more similar to uniform
distribution than the distribution of original template. This offers better
resistance against attacks on the WFDE template. Besides, the additional variability
introduced by fixed digit-based watermark embedding reduces the similarity between
WFDE templates of different users. This decreases the False Accept Rate (FAR)
of the system significantly. If we imagine client-server structural design for
the biometric system as shown in Fig. 3 where preprocessing,
feature extraction and watermark embedding are applied at the client side and
fixed digit encryption, matching is performed at the server, the server never
watch the original template. Only the watermark embedded template would be exposed
during successful decryption and the original template is never exposed at the
Two common methods for cracking a user fixed digit are dictionary attacks
and social engineering techniques. In the proposed system, fixed digit
is implicitly verified during authentication by matching the WFDE biometric
features. Even if an adversary attempts to guess the fixed digit, it is
not possible to verify the guess without knowledge of the user`s biometric
data. This provides resistance against dictionary attacks to learn the
fixed digit. However, it is still possible to glean the user fixed digit
through social engineering techniques. Therefore, fixed digit based transformation
alone is not sufficient to ensure the security of the biometric template.
Due to this reason, we use the watermark embedding process to secure the
biometric template. Note that the fixed digit used in constructing the
watermark embedding that secures the transformed template is fixed forever.
Therefore, if the fixed digit is compromised, the security of the WFDE
is not affected and it is computationally hard for an attacker to obtain
the original biometric template. Because of the template is however synthesized
by watermarking. Finally, the watermarked template is encrypted using
a fixed digit derived from the palmprint classification. This prevents
substitution attacks against the watermarked template because an adversary
cannot modify the watermarked template without knowing the fixed digit
or the key derived from it.
In Fig. 3, F and I are the fingerprint input obtained
from same finger but different impressions. P and A are the palmprint
preprocessing data obtained from the same user during enrolment and authentication.
In Fig. 3, D represents fixed digit and S represents
the encryption and decryption key generated form fixed digit. and represent
the templates of enrolment phase and verification phase, respectively
after watermark embedded process using fixed digit. E represents the encryption.
Data Collection: A number of volunteers provided their fingerprint
and palmprint in the webcam of our fingerprint authentication system which
takes over one month. Not all participants could provide their precise
fingerprint and palmprint for every take. The webcam was located in the
Image Processing and Telemedicine Laboratory with a Pentium 4 PC and took
fingerprint and palmprint images from the webcam whenever a new frame
was available. In each take, the participants pressed their thumbs and
palms on the transparent piece of glass. And like this they put six times
and after capture their fingerprint or palmprint they removed their thumbs
or palm from the glass. It took five to ten seconds for per impression
capture. As a result, we collected fingerprint and palmprint images where
the individuals have varying fingerprints and palmprints for six impressions
from the same finger and palm, respectively in different rotation angle
from the webcam. We discarded all fingerprints and palmprints that were
corrupted by hasty movement.
Experiments and results: Our webcam database is a database with 1200
images (100 fingersx6 impressions/finger and 100 palmsx6 impressions/palm) of
size 480x580. We followed the standard of FVC2000 (Maltoni et al., 2003),
FVC2002, FVC2004 (Nanni and Maio, 2006) fingerprint databases where each database
contains fingerprints from 110 fingers. Only the first two impressions of each
finger and palm were used in our initial experiments, the first impressions
were used as the template to WFDE and the second impressions were used as the
query in the decryption of WFDE template. The output results we have shown in
The final experiments are designed and performed to study effects of the watermarking
on the performance of the proposed secure fingerprint-based authentication system.
In this experiment the compassion of watermarking schemes on biometric images
To carry out the tests, we watermarked the 1200 images from present database
including both 600 fingerprints and 600 palmprints, ran feature extraction and
recognition on the watermarked images and compared the results to that of using
the original fingerprints. In order to perform watermark embedding process we
used each impression of palmprint on each fingerprint impression which are obtained
from the same individual. And by following this process, we got six watermark
embedded templates for single individual and like this in the whole database
we got 600 templates from 100 individuals. First, to obtain a baseline performance
of the authentication system, each fingerprint is matched with rest of the fingerprint
database i.e., 599 fingerprints to obtain 599 normalized matching scores.
||Receiver Operating Characteristics (ROC) demonstrating
the effects of watermarking on the performance of the fingerprint
||Standard results obtained from the tests
the normalized matching scores obtained for a fingerprint, one would expect
5 high scores and 594 low scores. For each hypothesized threshold matching score,
the performance of the system was characterized by the True Rejects (TR) and
the True Accepts (TA). To obtain the receiver operating characteristics (ROC),
the loci of the true accepts/rejects for various hypothesized thresholds were
WFDE was performed for each fingerprint and palmprint image in the above mentioned
database and the performance of the authentication was characterized using an
ROC as shown in fig.4, for each experiment. We classified
our test in three different experiments and our experiments representing the
performances of the authentication system using original fingerprint database
for matching in the experiment 1 and the matching performance between the original
fingerprint data with watermarked fingerprints obtained by WFDE in the experiment
2 and finally the matching using the same set of watermarked fingerprint database
with watermarked fingerprint data in experiment 3. We performed all these experiments
and obtained the results which are shown in Table 3.
||Original palmprint captured by webcam (left) and
palmprint preprocessing (right)
||Original fingerprint image captured by webcam (left)
and minutiae extracted from the original fingerprint (right)
||The minutiae, extracted after watermarking embedded
process during enrolment phase (left) and verification phase (right)
Two different impressions of the same finger embedded
by watermarking in matching and illustrating our proposed scheme where
templates are never exposed through authentication. Common minutiae
points are marked on the templates
rom a visual inspection of the matching results generated in our final
experiments, we observed that experiment 1 and 3 had no significant effects
on the performance of the authentication system, where experiment 2 had
significant and undesirable effect. This is because; in WFDE scheme the
watermark embedding affects a significant number of pixels in a local
neighborhood so that some minutiae cannot be extracted during matching
session. As a result experiment 2 obtained awful matching results. These
results demonstrated that the watermarked images can obtain approximately
the same accuracy as the original unwatermarked fingerprints in the matching/
authentication session on our proposed secure authentication system.
The averaged matched true acceptance for experiment 1 and 2 is above
90%. So we proved that our WFDE scheme will perform successfully and better.
The security level also remaining strong because in our proposed scheme
the original biometric is not exposed anywhere.
Although numerous techniques have been proposed to enhance the security
and privacy of the biometric authentication system, but still it`s a risky
issue. It has been largely disregarded the study of potential vulnerability
of Biometric Authentication against attacks. That means a complicated
attacker could achieve access to both the embedded templates and the whole
attack phases shown in Table 1 and sketched as well
in Fig. 1. But a user`s biometric is not obtained. Such
an attacker, fully familiar with the system and exploiting its weaknesses,
will not be doing just a watermark extraction process in order to break
the embedded template. As a substitute, he will develop different attacks
that can be run in a realistic time frame. The WFDE must be flexible against
those on-line attacks.
Here, we discuss the security of the above scheme. First, we cite the
security framework of the proposed authentication scheme. If challengers`
success to steal the template stored in the database, they can get the
encrypted template. Subsequently they attempt to extract the template
and ruin the file so that it may no longer be useful. Schaathun (2006),
presented some attacks in watermarking layer. A real watermarking scheme
cannot be expected to be infallible. The attacks are:
||Non-collusive watermarking attack: Non-collusive
watermarking attacks can be applied to any mark. By garbling the segment,
the pirates cause the extraction algorithm to fail with some probability.
||Collusive watermarking attack: A collusive watermarking attack
applies to detectable marks. By combining different versions of the
same mark, for instance by averaging, the pirates can weaken the watermark
and cause extraction to fail with some probability.
||Cropping a segment: A pirate can crop the file by removing
certain segments. If the pirates use a very strong watermarking attack
or extensive cropping, they will also ruin the file, because they
have no information about the fixed digit which is used for embedding
Suppose, the fixed digit is compromised then they can become impostor
of the decryption and they will able to obtain a watermarked template
which is still secured in the authentication scheme because the original
template will never be exposed any where in the system, even in the matching
However, even if adversaries hijack the whole database, because it receives
no personal information, of course including the original template and
the extracted feature, the takeover does not threaten the user`s privacy.
Then we consider the case of a malicious authentication server collects
information. In this structure, it receives watermark embedded and encrypted
transformed data. As abovementioned, they imply no information before
extraction the embedded and encrypted data. Besides, the malicious sever
cannot know the corresponding watermark embedded process, fixed digit
and encryption process. Hence, the malicious server obtains no information
about original templates.
Next, we consider security of the information transformed by WFDE against
hill-climbing attack (Ross, et al., 2007), replay attack (Jain
et al., 2005), collusion attack. Hill-climbing attack (Jain et
al., 2005) uses of replied matching score in order to make a fake.
When the application server sends the matching score to client or adversary
as shown in Fig. 3, the adversary transforms embedded
feature data selected from database which the adversary constructs. The
adversary sends the transformed features to the authentication server
for matching. Because this system used the fixed digit to seek the corresponding
data, it is difficult for the adversary to improve the fake from the replied
matching score. Therefore, the probability of the adversary`s success
on our proposed authentication scheme becomes less than conventional biometric
Normally, replay attack is impossible, if previously obtained information
is not reusable. When adversaries eavesdrop on the communication between
the client and the authentication server, they obtain only embedded transformed
features or encrypted data which are not reusable. Hence, no adversary
successes replay attack on the proposed authentication scheme. If the
adversaries can snoop to the communication from the proposed scheme and
obtain the information of any embedded template or encrypted data or decrypted
data, when they reuse this information, the client and the database can
detect replay attack by verifying the difference among the information
of the data used in WFDE scheme.
Only the attack will be established possibly when the user`s biometric
as well as according to our scheme the fingerprint and the palmprint both
are compromised by the attacker.
In this study, we focus the problems of the current studies of the template
protection. We proposed the authentication scheme to protect the biometric
templates and to improve the security and privacy level of biometric authentication
system. The main concept of the proposed authentication scheme is that
stolen biometric information is not reusable, in every authentication
for even same person. In the scheme we used fixed digit which was derived
from palmprint classifications. The fixed digit concept is very similar
to the password concept (Nandakumar et al., 2007) but here user
needs to remember the password and also the password is very easy to guess.
Finally, we obtained the view of the security of our proposed authentication
scheme against the attacks shown in Table 1.
The performance of the authentication scheme is presented by the experiments
and results. Besides, we used the palmprint classifications to split our
database and the fixed digit to query the encrypted data from the database
during authentication session, so that the authentication system will
decrease the execution time. In this sense we can say that our proposed
scheme will perform more rapidly than the conventional one.