
Research Article


A New Secure Storing System for Biometric Templates Based Encryption and Concealment 

Emad Taha Khalaf
and
Norrozila Sulaiman



ABSTRACT

The security of templates is the critical part of biometric system and one
of the most crucial issues in any proposed system. In fact, features such as
voice, face, fingerprints and many others can be covertly acquired or stolen
by an attacker and misused. Therefore, storing biometric templates a secure
way is crucial. This study proposes a novel approach that combines an improved
encryption method with a new concealment technique to establish a secure data
template storing system. The Hill Cipher algorithm has been improved to be more
secure by using a large and random key with large data block and also extending
it to include the special characters. In the other hand a new concealment method
proposed by combine two of the popular methods DWT and DCT for embedding and
extraction the secret data in order to compensate the drawbacks of both of them
and to make the hidden information much more secure against the attacks, wavelet
transform which use dyadic filters to decompose cover image into 4levels (HH,
HL, LH and LL) and discrete cosine Transforms to convert a signal of the selected
coefficients (HH, HL and LH) into elementary frequency components then according
to the percentages entering by a user the encrypted data will distribute. The
efficiency of encryption and concealment have been checked out with a number
of widely used metrics such as Peak Signal to Noise Ratio (PSNR) and Normalized
Correlation Coefficient (NCC).





Received: January 06, 2015;
Accepted: March 10, 2015;
Published: April 02, 2015


INTRODUCTION
Biometric field has taken a huge interest by global industry with protect and safeguard information as an everlasting necessity, biometric is uses to identify authorized person based on specific physiological or behavioral features. Examples of behavioral characteristics are gait, signature and voice. Physical characteristics include: DNA, ear, face, fingerprint, hand geometry, iris and retina (Griaule Biometrics, 2012). Salient features are extracted using some feature transformation technique and get converted into digital form. This digital information is stored in the database which is known as Biometric Template. Later the template is used during authentication purpose, compromised biometric templates are unlike passwords and tokens they cannot be revoked and reissued this led to become biometric template security is an important issue and protecting the template is a challenging task due to intra user variability in the acquired biometric traits, based on knowledge of the biometric characteristics (Malhotra and Kant, 2013). Cryptography was created as a technique for transmitting secret information between persons in a way that prevents a third party from reading it, many encryption methods have been developed to encrypt and decrypt data to make it meaningless and unintelligible unless the decryption key is available. There are three types of cryptosystems: Symmetric key, Asymmetric key and Hash Functions. Symmetric key (private key or secret key) encryption uses one key to encrypt and decrypt. The Hill Cipher is a block cipher and symmetric key algorithm, it was introduced to the journal of mathematics by Lester Hill as a short paper and published in 1929 (Hill, 1929). Hill Cipher has several advantages such as disguising letter frequencies of the plaintext, simplicity because of using basic matrix operations, high speed, high throughput (Overbey et al., 2005; Saeednia, 2000). Unfortunately it has some disadvantages such as not include special characters and digits, takes the smaller sizes of blocks so key length is shorter, very simple and vulnerable for exhaustive key search attack and known plain text attack, also the key matrix which entered should be invertible. The proposed system is inspired from a number of researches which are related to cryptography and steganography biometric techniques. Many of researchers have proposed techniques to keep the security of biometric data. One of the suggested techniques was by Monrose et al. (1999), proposed a behavioral biometric key generation based on keystroke biometrics. They use dynamic features (duration of keystrokes and latencies between keystrokes) to strengthen a user’s password. This scheme makes the system more secure by adding 15 bits of entropy to the password for 15 dynamic features (Uludag et al., 2004). In their later studies, Monrose et al. (2001, 2002) applied this scheme to voice data. The algorithm to generate cryptographic keys from voices was mainly based on the speaker verification and identification technologies, such as digital signal processing, feature extraction and the vector quantization technique. Consequently, their system was eventually able to generate cryptographic keys up to 60 bits from voice features. However, the False Rejection Rate (FRR) was still high (20%). Moreover, since their approach was based on the VQ technique, the system left useful information which can be used in gaining access to the system. Another suggested technique was by Jain and Uludag (2003) with two scenarios of hiding data, first one in a cover image not related to the template data, other scenario by using the fingerprint image to hiding the facial information. Wang et al. (2010) and Sonsare and Sapkal (2011) use DCT transformation method to hiding the iris code and the secret information after encrypting in random blocks of the coefficients. Another security system have been proposed by Ntalianis et al. (2011) based on DWT transformation method to hides biometric signals in video objects over open network. One of the common methods is uses skin region of the image for embedded the template data (Kharge et al., 2013), HSV color space has been used to detect skin color tone, also DWT is used to embedded in one of the high frequency subband by tracing the number of skin pixels in that band, then cropped a region of the image which will be used as a key at the decoder side (Amritha and Meethu, 2013). A Classical Least Significant bit Technique (LSB) introduced earlier steganography schemes in the spatial domain which directly embed the secret data within the pixels of the cover image (Macq and Quisquater, 2005). This approach has few disadvantages like the relative easiness to implement it makes the method popular, the proper cover image required to hide a secret message inside an image (Kolpatzik and Bouman, 1992). Many previous stenographic algorithms have been used pixel domain, its provides the space (capacity), reliability and controllability in encoding/decoding while embedding the hidden message but more of the steganalysis attacks will focus on this domain as expected. Kumar and Shunmuganathan (2010) and Ramani et al. (2008) studied the steganography in transform domain since the compress of digital data will be provides a reduction of storage space and transmission cost. In this study some improvements have been proposed to the Classic Hill Cipher to overcome these problems. In the other hand, encryption sometimes not enough to keep the contents of information secret, the attackers can guess that there is confidential information passing on from the source to the destination and can be broken with enough computational power. One solution to this problem is through the use of steganography. Steganography is a technique of concealment information in digital media. In contrast to cryptography, it is not to keep others from knowing the hidden information but in a way that does not allow an attacker to even detect that there is secret message. Two of the popular methods are combined DWT and DCT in the proposed security system for concealing and extraction the secret data in order to compensate the drawbacks of both of them and to make the hidden information much more secure against the attacks. The proposed protection system goal is giving more the complexity to the encryption and to make the concealment capacity as high as possible with high visible quality.
MATERIALS AND METHODS Proposed system: The proposed system has been consist of three phases, improved encryption/decryption method, improved concealment/extracting method and finally combining the two methods. This system has been implemented in MATLAB 9.
Encryption and decryption phase: The proposed method is improvement to the Classic Hill Cipher (Hill, 1929). In this proposed method the disadvantages of Classic Hill Cipher algorithm have been addressed, the encryption comparatively became more secure and it extended to include special characters and digits by using the extended ASCII table to replace characters, special characters and digits. The key has become random and variable size based on the password and the value which became entered by a user. The InvertibleMatrix problem has been solved also, where key matrix should have an inverse (InvertibleMatrix) that is required in the decryption process which accounted as the disadvantage of the Classic Hill Cipher. Repeat entering the encryption key for N of times with testing processes to check if the key matrix invertible or noninvertible using long procedures, this may take long time which is making the method not efficient. Therefore and to solve this problem the proposed method suggest replacing summation instead of multiplication in the encryption process.
The steps of the encryption will be as follow:
Input: 
Template data/password 
Output: 
Encrypted data vector 
Step 1: 
Convert the secret data into a vector of digits using extended ASCII 
Step 2: 
Calculate the length (L) of the entered password 
Step 3: 
Generate random key (K) from the entered password: Pseudo Random Generator (PRG) function has been used to generate a random key which generate different key each time that create different key in the decryption process, to solve this problem the default seed has been reset programmatically before using it that will help to having same key in the decryption process 

Then, apply Pseudo Random Generator (PRG): 

where, S is the password entered by the user, L is length of the entered password 
Step 4: 
Arrange Key vector in 2D matrix: 
Step 5: 
Calculate the length the message vector P and if the length is not a multiple of L then add some 0 s to the vector as follow: 
Then:
Step 6: 
Segment the message vector into N of blocks: 
Step 7: 
Process each block matrix P(i) individually. Where: i = 1, 2… N 
Step 8: 
Arrange each Block P(i) into 2D square matrix 
Step 9: 
Perform the encryption equation: 
Step 10: 
Convert the encrypted the square block matrix C(i) into 1D matrix 
Step 11: 
Repeat steps 6 and 9 for N times, to complete all segments 
Step 12: 
After encrypt all segments, recombine the segments and remove the added "0"s to get the encrypted vector: 
Proposed algorithm: Encryption algorithm shown in Fig. 1, where, P is Plaintext, P(i) is block of plaintext, C is ciphertext, C(i) is block of Ciphertext, K is key, L is length of encryption key, N is Number of blocks and S is Password. The steps of the decryption will be as follow: The decryption algorithm is basically follows the reverse processes of the encrypting steps to obtain the plaintext. After extracting the cipher text bits stream from the cover image, decryption processes will begin as follows:
Input: 
Encrypted data vector/password/length of key 
Output: 
Secret message 
Step 1: 
First process of decryption is convert encrypted data into Vector (P) of numbers using Extended ASCII codes 
Step 2: 
Generate the random key from the entered password by applying Pseudo Random Generator (PRG), as in the encryption process the default seed is first reset to get same random key 
Step 3: 
Arrange Key vector in 2D matrix: 
Step 4: 
Segment the encrypted message vector into N of blocks: 
Step 5: 
Arrange each Block P (i) into 2D square matrix: 
Step 6: 
Process each block matrix C (i) individually. Where, i = 1, 2… N 
Step 7: 
Perform the decryption equation: 
Step 8: 
Convert the encrypted the square block matrix P(i) into 1D matrix 
Step 9: 
Repeat steps 6 and 8 for N times, to complete all segments 
Step 10: 
After decrypt all segments, recombine the segment to get the original vector: 
Step 11: 
Replace the numbers of the vector with the extended ASCII table to get original template data 
Proposed algorithm: Decryption algorithm shown in Fig. 2, where, P is Plaintext, P(i) is block of plaintext, C is ciphertext, C(i) is block of Ciphertext, K is key, L is length of encryption key, N is Number of blocks and S = Password.
Concealment and extracting phase: In the proposed technique, information has been embedding through reparation technique in frequency domain based on combination of two transforms Discrete Wavelet Transform (DWT) and Discrete Cosine Transform (DCT). Frequency domain steganography is very secure and more complex way of hiding a secret inside an image comes with the use and modifications of discrete cosine transformations, it is more secure than spatial domain steganography because information can be spread out to entire image. Embedding process is started by applying 1level 2D Haar DWT to the host image (Fig. 3), then perform the block base DCT with selecting DWT coefficient sets (HL, LH and HH)) and embed data in middle frequencies in each subband depending in percentages entered by the user. Embed data in the subbands (HL, LH and HH) is better in perspective of security and quality. Besides, distribute data in these subbands depending on the percentages and nonspecific number of bits in each pixel, this will provide confidentiality for embedded data.
 Fig. 2:  Decryption process 

Fig. 3(ac): 
1level 2D Haar DWT, (a) Original image, (b) After haar image and (c) Haar DWD subbands 
Concealment procedure: The data embedding processes is represented in Fig. 4, followed by the steps of proposed technique:
Input: 
Cover image, encrypted message, selected percentages 
Output: 
Stego image 
Step 1: 
Perform DWT on the host image to decompose it into four nonoverlapping multiresolution coefficient sets: LL, HL, LH and HH 
Step 2: 
Perform DCT on the chosen coefficient sets (HL, LH and HH). These coefficients sets are chosen to inquire both of security and efficiency of the proposed algorithm 
Step 3: 
Compute the length of each message will be embed in each subband based on the input percentages. Number of bits of each pixel of subbands which will be used to embedding data message will be agreed between sender and receiver. If the entered message is greater than the maximum capacity of the three subbands, the program will return an error message to the user to change the cover image 
Step 4: 
Convert the secret message and the cover matrix into binary vector 
 Fig. 4:  Concealment process 
 Fig. 5:  Extracting process 
Step 5: 
Embedding process is done by insert the message vector bits in LSBs of the DCT coefficients of the cover vector, numbers of bits which will be used for embedding are equal for each pixel of cover vector. The process of embedding in subbands matrix will be in this sequence (HL, LH then HH) 
Step 6: 
Convert the resultant modified cover vector for each subband from binary to decimal vector. Then, Apply inverse DCT (IDCT) to each subband after its midband coefficients have been modified to embed the message bits as described in the previous step 
Step 7: 
Apply the inverse DWT (IDWT) on the DWT transformed image, including the modified subband, to produce the stego image 
Extracting procedure: The data embedding processes is represented in Fig. 5, followed by the steps of proposed technique.
Input: 
Stego image, the percentages 
Output: 
Cipher message 
Step 1: 
Perform DWT on stego image to decompose it into four non overlapping multiresolution coefficient sets: LL, HL, LH and HH 
Step 2: 
Perform DCT on the chosen coefficient sets (HL, LH and HH) 
Step 3: 
Extract the total length of embedded message from the first twenty bits of the coefficient sets then compute the length of each embedded message based on input percentages 
Step 4: 
Extract the embedded data vector bits from the LSBs of the coefficient sets (HL, LH and HH) 
Step 5: 
Reconstruct the scrambled cipher message using the extracted data bits 
Combining encryption and concealment methods phase: The proposed system consists of combining the two aforementioned methods which were enhanced to be more efficient and more secure, where encrypting data using the enhanced Hill Cipher and then concealing the encrypted data using proposed concealment technique will produce an image can transmitted without revealing that secret template information is being exchanged. Moreover, even if the attacker were to defeat the concealment technique and detect the information from the stegoobject, there is need for a key to decipher the encrypted information, Fig. 6.
 Fig. 6:  Proposed secure system 
RESULTS Analysis of encryption: In the proposed method a block cipher have been improved by modifying the Hill Cipher. Several images have been used standard and nonstandard images like Lena, Baboon, Einstein etc. and investigate text messages in different sizes. Encryption results
Encryption efficiency analysis: The performances of the experimental results have been evaluated by Normalized Crosscorrelation (NC) measurement (Wang and Cheng, 2005) as follows:
where, M is original secret message, M' is extracted secret message. The "normalized cross correlation" is a measure of the dissimilarity between the original and encrypted message, the range of NC metric values is between 0 (dissimilar) and 1 (similar). Table 1 shows the NC of the encrypted images and compare the result with the original Hill Cipher algorithm, decrease in NC value indicates difference between the original and the encrypted images. Figure 7 sample of image, the resulting images showing the change in images after encryption procedure for both original and improved Hill Cipher algorithm. The image sample shows that the proposed algorithm is more effective in encryption quality than the original Hill Cipher. Sample of text message before and after encryption are shown in Fig. 8 which performed changing the text after encryption.
Table 1:  Results comparison between original and improved Hill algorithm 

Running time analysis: For comparing running time with the original Hill Cipher been programmed these algorithms by the programming language MATLAB 9 on PC computer with Windows 7 Ultimate, processor: Genuine intel(R) CPU 585 at 2.16 GHz and Memory (RAM): 1.00 GB. The proposed system has been implemented on the text data of various sizes time calculated at the time encryption and decryption. Figure 9 shows the comparison result for encryption and decryption running time between the original and improved Hill Cipher, the results show running time less than the original method especially when the secret message increase.
Concealment results: The Peak Signal to Noise Ratio (PSNR) is introduced (Lu and Liao, 2001; Peng et al., 2004) to evaluate the performance of the proposed scheme and image quality which is defined as:
where, w×h is the image size, a_{i,j} and b_{i,j} are the corresponding pixel values of two images The PSNR is often expressed on a logarithmic scale in decibels (dB). A larger PSNR value means stegoimage preserves the original image quality better. In general, the distortion of the stego image that caused by the embedding can be obvious when the PSNR values falling below 30 dB while the stego image considered high quality when PSNR value is 40 dB and above (Cheddad et al., 2008).

Fig. 7(ac): 
Comparing between original and improved Hill Cipher encryption effects, (a) Lena, (b) Original hill and (c) Improved hill 

Fig. 8(ab): 
Sample of text message before and after encryption 
Table 2:  Results of the comparison with the standard LSB and the other methods 

The proposed method has been compared other number of methods, one of the common methods is uses skin region of the image for embedded the template data (Kharge et al., 2013; Amritha and Meethu, 2013). Other slandered method is the adaptive LSB method (ADLSB), it is enhance to the classic LSB. As well, proposed method has been compared with a method uses the same proposed technique but with using DWT transform only. The comparison is shown in Table 2.

Fig. 9(ab): 
Running time comparison between original and improved Hill Cipher algorithm, (a) Encryption running times and (b) Decryption running times 
Table 3:  Capacity and quality of images using different percentages 

Table 3 explains the effect of changing the percentages to stego image quality using different images (size of images are 256×256 with 15% data capacity).
CONCLUSION The results showed the efficiency of the proposed security system, encryption is become very secure cryptography technique through enhanced the Hill Cipher algorithm by generate the key matrix randomly and dynamically using the entered password, also by extended it to include special characters and digits and the concealment method which combine two transform methods DWT and DCT with dynamic data distribution are highly secured. Through combine the two above techniques, there is less chance for the original message to be detected by the attacker.

REFERENCES 
1: Griaule Biometrics, 2012. Bookunderstanding biometrics. Griaule Biometrics, Menlo Park, CA., USA. http://www.griaulebiometrics.com/enus/book/understandingbiometrics.
2: Malhotra, S. and C. Kant, 2013. A novel approach for securing biometric template. Int. J. Adv. Res. Comput. Sci. Software Eng., 3: 397403. Direct Link 
3: Hill, L.S., 1929. Cryptography in an algebraic alphabet. Am. Math. Monthly, 36: 306312. Direct Link 
4: Saeednia, S., 2000. How to make the hill cipher secure. Cryptologia, 24: 353360. CrossRef  Direct Link 
5: Monrose, F., M.K. Reiter and S. Wetzel, 1999. Password hardening based on keystroke dynamics. Proceedings of the 6th ACM Conference on Computer and Communications Security, November 14, 1999, Singapore, pp: 7382.
6: Uludag, U., S. Pankanti, S. Prabhakar and A.K. Jain, 2004. Biometric cryptosystems: Issues and challenges. Proc. IEEE, 92: 948960. CrossRef  Direct Link 
7: Monrose, F., M.K. Reiter, Q. Li and S. Wetzel, 2001. Using voice to generate cryptographic keys. Proceedings of the Speaker OdysseyThe Speech Recognition Workshop, Volume 6, June 1822, 2001, Crete, Greece, pp: 237242.
8: Monrose, F., M.K. Reiter, Q. Li, D.P. Lopresti and C. Shih, 2002. Toward speechgenerated cryptographic keys on resource constrained devices. Proceedings of the 11th USENIX Security Symposium, August 59, 2002, San Francisco, CA., USA .
9: Jain, A.K. and U. Uludag, 2003. Hiding biometric data. IEEE Trans. Pattern Anal. Mach. Intell., 25: 14941498. CrossRef  Direct Link 
10: Wang, N., C. Zhang, X. Li and Y. Wang, 2010. Enhancing irisfeature security with steganography. Proceedings of the 5th IEEE Conference on Industrial Electronics and Applications, June 1517, 2010, Taichung, pp: 22332237.
11: Sonsare, P.M. and S. Sapkal, 2011. Steganocryptosystem for enhancing biometricfeature security with RSA. Proceedings of the International Conference on Information and Network Technology, April 2930, 2011, Chennai, India, pp: 196200.
12: Ntalianis, K., N. Tsapatsoulis and A. Drigas, 2011. Videoobject oriented biometrics hiding for user authentication under errorprone transmissions. EURASIP J. Inform. Secur. 10.1155/2011/174945
13: Kharge, S.M., L.M. Deshpande and S.S. Kanade, 2013. A new approach for skin tone based steganography with key analysis for mistreatment biometrics. Int. J. Eng. Innov. Technol., 3: 6165. Direct Link 
14: Amritha, G. and V. Meethu, 2013. Biometric steganographic technique using DWT and encryption. Int. J. Adv. Res. Comput. Sci. Software Eng., 3: 566572. Direct Link 
15: Macq, B.M. and J.J. Quisquater, 2005. Cryptology for digital TV broadcasting. Proc. IEEE, 83: 944957. CrossRef  Direct Link 
16: Kolpatzik, B.W. and C.A. Bouman, 1992. Optimized error diffusion for image display. J. Electron. Imag., 1: 277292. CrossRef  Direct Link 
17: Kumar, P.M. and K.L. Shunmuganathan, 2010. A multilayered architecture for hiding executable files in 3D images. Indian J. Sci. Technol., 3: 402407. Direct Link 
18: Ramani, K., E.V. Prasad, S. Varadarajan and A. Subramanyam, 2008. A robust watermarking scheme for information hiding. Proceedings of the 16th International Conference on Advanced Computing and Communications, December 1417, 2008, Chennai, pp: 5864.
19: Wang, C.M. and Y.M. Cheng, 2005. An efficient information hiding algorithm for polygon models. Comput. Graph. Forum, 24: 591600. CrossRef  Direct Link 
20: Lu, C.S. and H.Y.M. Liao, 2001. Multipurpose watermarking for image authentication and protection. IEEE Trans. Image Process., 10: 15791592. CrossRef  Direct Link 
21: Peng, Y.Z., Q. Chen and L. Zhou, 2004. Fragile watermarking selfembedded authentication algorithm of color image. Comput. Eng. Design, 24: 22082212. Direct Link 
22: Cheddad, A., J. Condell, K. Curran and P. McKevitt, 2008. Enhancing steganography in digital images. Proceedings of the Canadian Conference on Computer and Robot Vision, May 2830, 2008, Windsor, ON., Canada, pp: 326332.
23: Overbey, J., W. Traves and J. Wojdylo, 2005. On the keyspace of the hill cipher. Cryptologia, 29: 5972. CrossRef  Direct Link 



