Chander Kant
advertisement
Efficiency and Security Optimization for
Fingerprint Biometric System
By:
Chander Kant
Under the supervision of
Dr. Rajender Nath
(Associate Professor)
Department of Computer Science & Applications
Kurukshetra University, Kurukshetra
Department of Computer Science & Applications
Kurukshetra University, Kurukshetra
2010
Thesis Contributions
• Design and development of approaches to protect the Biometric
System against imposter attack and making biometric system more
secure.
• Design and development of approaches to make the biometric system
more efficient by reducing their process time.
2
Introduction
Biometric recognition refers to the user authentication by using his
different biological features i.e. fingerprint, face, retina, hand geometry,
iris (physical traits) and voice, gait, signature, keystrokes (behavioral
traits). These traits
are called biometric identifiers or simply
biometrics. A biometric system may operate either in Verification Mode
or in Identification Mode but before the system can be put into
verification or identification mode, a system database consisting of
biometric templates must be created through to process of enrollment.
3
Enrollment Process
In the enrollment process, user’s initial biometric samples are
collected, assessed, processed, and stored for ongoing use in a
biometric system
4
Verification and Identification Process
5
Verification is a 1:1 matching process, where the user claims an identity
and the system verifies whether the user is genuine or not. If the user’s
input and the template of the claimed identity have a high degree of
similarity, then the claim is accepted as “genuine” otherwise, the claim
is rejected and the user is considered as “fraud”.
Identification is a 1: N matching process, where the user’s input is
compared with the templates of all the persons enrolled in the database
and the identity of the person whose template has the highest degree of
similarity with the user’s input is processed by the biometric system. If
the highest similarity between the input and all the templates is less
than a fixed minimum threshold, the system rejects the input, which
implies that the user presenting the input is not one among the enrolled
users.
6
Identification Technologies
Methods
Examples
Problems
What we Know
Password, PIN, ID Forgotten,
Shared,
easy to guess
What we have
Key, Cards, etc
Lost or Stolen, Can be
duplicated
What we are
Fingerprint, Face,
Iris…
Non-Repudiable
authentication
7
Fingerprint as Biometrics traits
Among all the biometric techniques, fingerprint-based identification is
the oldest method, which has been successfully used in numerous
applications. Everyone is known to have unique, immutable
fingerprints. The uniqueness of a fingerprint can be determined by the
pattern of ridges and furrows as well as the minutiae points. A
fingerprint is believed to be unique to each person. Fingerprints of
even identical twins are different.
8
Fingerprint Patterns
The three basic patterns of fingerprint ridges are the arch, loop,
and whorl
(a) Arch
(b) Loop
(c) Whorl
9
Minutia Points
The major Minutia points in fingerprint are: ridge ending,
bifurcation, and short ridge or dot.
Ridges Ending
Ridges Bifurcation
Dot
10
Fingerprint Feature Extraction
The fingerprint is basically the combination of ridges and valleys on
the surface of the finger. The major steps involved in fingerprint
recognition using minutiae matching approach after image acquisition
are Image enhancement, Minutiae extraction as shown in figure. Once
a high-quality image is captured, there are a several steps required to
convert its distinctive features into a compact template. This process is
known as feature extraction.
11
Multibiometric System
A Multibiometric system uses multiple sensors for data acquisition.
It captures multiple samples of a single biometric trait (called multisample biometrics)
OR
Samples of multiple biometric traits (called multi-source or multimodal
biometrics). Multibiometric systems promise significant improvement
over single biometric systems, for example, higher accuracy and
increased resistance to spoofing.
12
Source of Biometric Information
13
Soft Biometric
Soft biometric traits are those characteristics of human being that provide
some information about the individual, but lack of the distinctiveness
and permanence to sufficiently differentiate any two individuals.
We define soft biometric traits as characteristics that provide some
information about the individual, but lack the distinctiveness and
permanence to sufficiently differentiate any two individuals. The soft
biometric traits can either be continuous (e.g., height and weight) or
discrete (e.g., gender, eye color, ethnicity, etc.)
14
Commonly used Soft biometric traits
15
Deformations in Biometric Systems
•
•
•
•
•
•
Acquiring high-quality images of distinctive fingerprint ridges and
minutiae is a complicated task. People with no or few minutiae points
(surgeons as they often wash their hands with strong detergents,
builders, people with special skin conditions) cannot enroll or use the
system. The number of minutiae points can be a limiting factor for
security of the algorithm. Results can also be confused by false
minutiae points (areas of obfuscation that appear due to low-quality
enrollment, imaging, or fingerprint ridge detail).
Cold finger
Dry/oily finger
High or low humidity
Angle of placement
Pressure of placement
Cuts to fingerprint
16
Hand Geometry Deformations
• Jewelry
• Change in weight
• Bandages
• Swelling of joints
Deformations in Iris biometrics
• Too much movement of head or eye
• Glasses
Deformations in voice biometric systems
• Cold or illness that affects voice
• Different enrollment and verification capture devices
• Speaking softly
• Variation in background noise
Deformations in signature Scan
• People may not always sign in a consistent manner
• Signing too quickly
• Different signing positions (e.g., sitting vs. standing)
17
Literature Survey
For the purpose of this thesis, the literature survey covers a period of
1997 to 2008. The literature work on “Efficiency and Security
optimization for Fingerprint Biometric System” divided into these
areas.
• Security issues in Biometric System.
• Performance issues in Biometric System.
18
Universality
Uniqueness
Permanence
Biometrics
Collect
ability
Performance
Acceptab
lity
Circumvention
Face
H
L
M
H
L
H
L
Fingerprint
M
H
H
M
H
M
H
Hand geometry
M
M
M
H
M
M
M
Keystrokes
L
L
L
M
L
M
M
Hand veins
M
M
M
M
M
M
H
Iris
H
H
H
M
H
L
H
Retinal scan
H
H
M
L
H
L
H
Signature
L
L
L
H
L
H
L
Voice
M
L
L
M
L
H
L
Face
H
H
L
H
M
H
H
Odor
H
H
H
L
L
M
L
DNA
H
H
H
L
H
L
L
Gait
M
L
L
H
L
H
M
Ear Canal
M
M
H
M
M
H
M
Comparison of various biometric traits
19
Proposed Work
Biometrics Security Concerns
20
Threats to Biometrics
Modern Burglar
21
Different attack points in a biometric authentication system
22
Attack-1 involves presenting a fake biometric (e.g., synthetic fingerprint,
face, iris etc.) to the sensor.
Attack-2 can be achieved by submitting a previously intercepted biometric
data.
Attack-3 can happen when feature extractor module is compromised to
produce feature values selected by the attacker. Genuine feature values
are replaced with the ones selected by the attacker.
In Attack-4 the channel between feature extractor module and matcher is
hacked and override by duplicated data, thus modified the output of
feature extractor module.
Attack-5 is achieved by imposing an artificially high score at matching
module.
Attack-6 happens when there is attack on the template database (e.g., adding
a new template, modifying an existing template, removing templates, etc.)
Attack-7 belongs to the transmission medium between the template database
and matcher is hacked, resulting in the alteration of the transmitted
templates.
In Attack-8 matcher result (accept or reject) can be overridden by the
attacker.
23
Types of Attacks
• In Denial of Service (DoS), an attacker corrupts the authentication
system so that legitimate users cannot use it.
• In Circumvention, an attacker gains access to the system protected by
the authentication application.
• In Repudiation, the attacker denies accessing the system
• In Contamination (covert acquisition), an attacker can surreptitiously
obtain biometric data of legitimate users.
• In Collusion, a legitimate user with wide access privileges (e.g.,
system administrator) is the attacker who illegally modifies the system.
• In Coercion, attackers force the legitimate users to access the system
(e.g., using a fingerprint to access ATM accounts at a gunpoint).
24
Improving Security in Biometric Systems
Biometric authentication systems can be more convenient for the users
since there is no password to be forgotten or key to be lost. In spite
their numerous advantages, biometric systems are also vulnerable to
attacks, which can decrease their security. To raise the biometric
security level three schemes have been proposed, these are:
• Securing Data using Biometric Cryptography
• Securing Biometric Data Using Steganography
• Securing Biometric Data Using Cancelable Biometrics
25
Hiding Data Using Biometric Cryptography
There are various methods that can be deployed to secure a key with a
biometric.
First one involves remote template matching and key storage. In this
method biometric image is captured and compared with a
corresponding template. If the user is verified, the key is released.
Second method hides the cryptographic key within the enrollment
template itself via a secret bit-replacement algorithm. When the user is
successfully authenticated, this algorithm extracts the key bits from the
appropriate locations and releases the key.
26
Problems to Generate Biometric Cryptographic
Key
(i) Key Entropy (strength). Instead of developing simply longer
cryptographic keys to resist brute force attacks, a more intelligent
approach might be to aggregate features and parameters from an
individual in such a way that their correlation generates a key that is
much stronger than the individual size of the actual key.
(ii) Key Uniqueness. The uniqueness of a biometric key will be
determined by the uniqueness of the individual biometric characteristics
used in the key. Instead of trying to find a single unique feature,
biometric key needs to find only a collection of somewhat unique
features or parameters that when assembled collectively create a unique
profile for an individual.
(iii) Key Stability. A major problem with biometric identification is that
individual’s enrollment template and sample template, which can vary
from session to session. This variation can occur for a number of
reasons including different environments (e.g. lighting, orientation,
emotional state) or physical changes (e.g. facial hair, glasses, cuts). 27
Methods to Secure Biometric Key
There are various methods that can be deployed to secure a key with a
biometric
One method that involves remote template matching and key storage is
that the biometric image is captured and the corresponding template is
sent to a secure location for template comparison. If the user is
verified, then the key is released from the secure location. In this
scenario, the communication line must also be secured to avoid spoof
attacks.
Second method that involves hiding the cryptographic key within the
enrollment template itself via a trusted (secret) bit-replacement
algorithm [LIN, 2003]. Upon successful authentication by the user, this
trusted algorithm would simply extract the key bits from the
appropriate locations and release the key into the system.
28
Traditional Cryptography
29
Biometric Cryptography
30
31
Advantages of Biometric Encryption
• Biometrics Encryption Technologies can enhance both privacy and
security as discussed below:
• (i) No preservation of biometric image or template
• (ii) Multiple / cancelable / revocable identifiers
• (iii) Greater public confidence, acceptance, and use
• (iv) Suitable for large-scale applications
32
Hiding Biometric data using
Steganography
Steganography is a technique to hide the message in digital objects such
as image, video, music or any other computer file.
Digital images are more attractive for steganography purpose since these
contain a significant amount of data and can be modified slightly
without leading to visible artifacts.
The goal of steganography is to hide a secret message, which is
transmitted between two or more communication partners in a way to
ensure confidentiality and integrity.
33
Steganography plays an important role to enhance the integrity and
security of biometric templates. Biometric cryptosystems can also
contribute to template security (as discussed in section 3.2) by
supporting biometric matching in secure cryptographic domains. In
case of cryptography the ‘key’ can be guessed sometime easily but
steganography has no separate key to be hacked, the key is embedded
in the template itself.
34
Steganography in Biometrics
35
LSB Insertion method of Steganography
The simplest approach to hiding data within an image file is called least
significant bit (LSB) insertion. In this method, one can take the binary
representation of the hidden_data and overwrite the LSB of each byte
within the cover_image. In 24-bit color, the amount of change will be
minimal and indiscernible to the human eye. As an example, suppose
that there are three adjacent pixels (nine bytes) with the following
RGB encoding:
11110101 11001101 10101001
10100110 11001111 11001010
10101111 00010011 11001000
Now suppose we want to "hide" the following 9 bits of data (the hidden
data is usually compressed prior to being hidden): 101101110. If we
overlay these 9 bits over the LSB of the 9 bytes above, we get the
following (where bits in bold have been changed)
11110101 11001100 10101001
10100111 11001110 11001011
10101111 00010011 11001000
Note that we have successfully hidden 9 bits but at a cost of only changing
36
4 bits i.e. roughly 50%, of the 9 LSBs.
Advantages of LSB insertion
• If message bit is same as the pixel’s least significant bit then no change
at all is required for that pixel value.
• If pixel value is different from message bit then effective change in
pixel value is either +1 or –1. The +1 or –1 change in pixel value is
invisible to human eye.
Limitations of LSB insertion
• The message can be easily removed by unauthorized person (intruder)
as message is in least significant bit.
• As message is hidden in least significant bit so intruder can modify the
least significant bits of all the image pixels.
37
How to Apply Steganography in Biometrics
Algorithm for insertion of message bit ‘b’.
(i) Find pseudo-random location ‘L’ in an image from the secret key to insert the
message bit b.
(ii) Check whether at location ‘L’, pixel value is 00000000 or 11111111, called
boundary values. If yes, ignore this location and go to step (i). Here we are
ignoring these boundary values because the change may be +2 or -2 in pixel
values, which is to be avoided.
(iii) Check whether at location ‘L’
a) 6th and 7th bits are b, b? If yes, then no change at ‘L’ is required. Message
bit is already there. Go to End.
b) 6th and 7th bit are b, b or b, b? If yes, then see that whether it is possible to
make 6th and 7th bits as b, b by adding or subtracting 1 to pixel value?. If
yes, do it and go to End. Otherwise ignore the location ‘l’ and go to step (i).
c) 6th and 7th bits are b, b? If yes, then see whether it is possible to make 6th
and 7th bits to b, b by adding or subtracting 1? If yes, do it and go to End.
Otherwise change them to b, b or b, b by adding or subtracting 1 and go to
(i).
(iv) End.
38
Algorithm for retrieval of message bit ‘b’
(i) Trace out the location ‘L’ from the same secret key as used in insertion
algorithm.
(ii) Pixel value is equal to one of the boundary values, i.e., 00000000 or 11111111?
If yes, then it is invalid address. Go to step (i).
(iii) Check whether at location ‘L’
a) 6th and 7th bits are different, i.e., b, b or b, b? If yes, then it is invalid
address go to step (i).
b) 6th and 7th bits are same i.e. b, b then b is the message bit.
(iv) End.
39
working of the first algorithm for insertion of bits 0
Decimal
Value
Pixel Value before Insertion
Pixel Value after
Insertion of 0
Change in Pixel Value and Comment for Insertion of 0
0
00000000
00000000
BV*,NC**, ignore***
1
00000001
00000001
NC, insert****
2
00000010
00000001
-1*****, insert
3
00000011
00000011
NC, ignore
4
00000100
00000100
NC, ignore
5
00000101
00000101
NC, ignore
6
00000110
00000101
-1, ignore
7
00000111
00001000
+1******, insert
8
00001000
00001000
NC, insert
~
~
~
~
15
00001111
00010000
+1, insert
16
00010000
00010000
NC, insert
~
~
~
~
31
00011111
00100000
+1. insert
32
00100000
00100000
NC, insert
~
~
~
~
63
00111111
01000000
+1, insert
64
01000000
01000000
NC, insert
~
~
~
~
127
01111111
10000000
+1, insert
128
10000000
10000000
NC, insert
~
~
~
~
255
11111111
11111111
BV,NC, ignore
40
working of the first algorithm for insertion of bits 1
Decimal Value
Pixel Value before Insertion
Pixel Value after Insertion of 1
Change in Pixel Value and Comment for
Insertion of 1
0
00000000
00000000
BV,NC, ignore
1
00000001
00000010
+1, ignore
2
00000010
00000010
NC, ignore
3
00000011
00000011
NC, ignore
4
00000100
00000100
NC, ignore
5
00000101
00000110
+1, insert
6
00000110
00000110
NC, insert
7
00000111
00000111
NC, insert
8
00001000
00000111
-1, insert
~
~
~
~
15
00001111
00001111
NC, insert
16
00010000
00001111
-1, insert
~
~
~
~
31
00011111
00011111
NC, insert
32
00100000
00011111
-1, insert
~
~
~
~
63
00111111
00111111
NC, insert
64
01000000
00111111
-1, insert
~
~
~
~
127
01111111
01111111
NC, insert
128
10000000
01111111
-1, insert
~
~
~
~
255
11111111
11111111
BV,NC, ignore
41
By using the algorithm discussed above, one can hide the secret data in
the host image and generate a secret template.
Steganography plays an important role to enhance the integrity and
security of biometric templates.
Steganography has no separate key to be hacked, the key is embedded in
the template itself. Further, when the amount of available memory
increases, there is a tendency to store more information in the template.
This increases the risks associated with template misuse. As a result,
the issue of template security and integrity continues to cause several
challenges, and it is necessary that further research be conducted in
this direction.
42
Securing Biometric data using Cancelable
Biometric
When the biometric data are compromised, replacement is not possible.
In order to alleviate this problem, here comes the concept of
“cancelable biometrics” is introduced. It consists of an intentional,
repeatable distortion of a biometric signal based on a chosen transform.
The biometric signal is distorted in the same fashion at each
presentation, for enrollment and for every authentication. With this
approach, every instance of enrollment can use a different transform
thus rendering cross-matching impossible. Furthermore, if one variant
of the transformed biometric data is compromised, then the transformfunction can simply be changed to create a new variant for reenrollment as a new person.
43
Cancelable Biometrics
This is a method of enhancing the security and privacy of biometric
authentication. Instead of enrolling with a true finger (or other
biometric), the fingerprint is intentionally distorted in a repeatable
manner and this new print is used. If, for some reason, the old
fingerprint is stolen then an essentially a new fingerprint can be issued
by simply changing the parameters of the distortion process. This also
results in enhanced privacy for the user; since the true fingerprint is
never used anywhere and also different distortions can be used for
different types of accounts. The same technique can also be used with
other biometrics to achieve similar benefits.
44
Image morphing using Cancelable Biometric
45
• Let D and T be the representation of the Database Template and
Synthetic Template respectively. Each minutia may be described by a
number of attributes, including its location in the fingerprint image,
orientation, type etc. Most common minutiae matching algorithms
consider each minutiae as a triplet m={x,y,θ} that indicates the
minutiae location coordinates and the minutiae angle θ.
• D= {m1,m2,…….mn} mi = {xi,yi,θi} i= 1….m
• T= { m’1,m’2,…….m’n }
mj = {x’j,y’j,θ’j} j= 1….n
• Where m and n denotes the number of minutiae in D and T
respectively.
• Di : The database template corresponding to user i , i =1, 2,3,....N ,
where N is the total number of users registered in the system. It is
assumed that the attacking system knows the format of this template,
but it cannot access the template itself.
• Tij : The jth synthetic template generated by the attacking system for
user i. This template has the same format as database templates; it can
be represented as S (Di, Tij): The matching score between Di and Tij .
• Sthreshold : The decision threshold used by the matcher. Two
templates will be considered as matched if their matching score meet
this value.
46
Attack Algorithm
• For attacking a specific user account, the attacking system must follow
the following five steps:
• Step 1 (Initial guessing): Generate a fixed number of synthetic
templates (Ti1, Ti2, Ti3 ……… Ti100).
• Step 2 (Try initial guesses): accumulate the corresponding matching
scores
[S(Di ,Ti1), S(Di ,Ti2 ), S(Di ,Ti3 ),..., S(Di ,Ti100)] for
user i.
• Step 3 (Pick the best initial guess): Declare the best guess Tibest to be
the template resulting in the highest matching score.
• Step 4: Modify Tibest by adding a new minutia, replacing an existing
minutia. If for any one of these attempts, the matching score is larger
than previous Sbest(Di) declare the modified template as Tibest , and
update Sbest(Di) accordingly.
• Step 5 (Obtaining result): If the current best score is accepted by the
matcher (namely, Sbest(Di)
SThreshold ), stop the attack.
47
Proposed Work: Protection of Biometric Template
• The proposed algorithm of attack works on the basis of cancelable
technique. Here we will not store the templates in database in original;
rather these will be stored after applying some hashing. The above
discussed algorithm of attack will be successful if we store our
template Di in database without any change. But, if we apply
cancelable biometrics and store our template Di in database such that
all Di in database are not in original form, rather they are mutants only.
Such that if D is database templates as follows:
• D= {m1,m2,…….mn}
mi = {xi,yi,θi} i= 1….m
• Then their mutants D’ = H(D) will be stored in database instead of
actual D.
• D’= {m’1,m’2,…….m’n}
mi = {Xi,Yi,φi} i= 1….m
• Where X = H(x)
Y= H (y)
and
φ = H (θ)
48
H is hashing function corresponds to any transformation applied to actual
Templates as shown in figure3.7 above. It is also true that there will be no
math between actual template and its mutant (those are actually stored). If we
calculate Spatial Distance (Sd) and direction difference (Dd) that will not be
below r0 and θ0 or we can write as
• Sd(m’1, m1)= sqrt [(Xi - xi )2 + (Yi - yi )2 ] < r0----------------(1)
Similarly
• Dd(m’1, m1) < θ0
----------------(2)
Now let’s apply the Algorithm-1 to find the best match between existing
templates. Keeping in mind that now instead of D, D’ are stored in database.
Suppose the algorithm declares the D’i as best match due to its score level
Sbest(D’i).
•
•
•
•
Since Spatial Distance (Sd) and direction difference (Dd) of D and D’ does not
match (From equation 1 & 2 above). No doubt the synthetic templates T and
Database Templates D will not match and similarly from equations (1) and (2).
Spatial Distance = Sd(Tm’1, Dm1) = sqrt [(Xi – x’i )2 + (Yi – y’i )2 ] < r0
and
Direction difference = Dd(Tm’1, Dm1) < θ0
49
Blocks in the original image are subsequently scrambled
50
With this approach, only mutants will be stolen and original templates
are quite safe. We can further alter D to D” by some another hashing
function (say W) in future whenever required. In this way the
cancelable biometrics helps a lot in safekeeping our templates in
database. Cancellation simply requires the specification of a new
distortion transform. Privacy is enhanced because different distortions
can be used for different services and the true biometrics are always
safe. In addition, such distorted biometrics cannot be used for
searching legacy databases and will thus ease some privacy violation
concerns. A single template protection approach may not be sufficient
to meet all the application requirements. Hence, hybrid schemes that
make use of the advantages of the different template protection
approaches must be developed.
51
Biometrics System Efficiency Concerns
52
Making Biometric Systems More Efficient
Here we have proposed three different techniques to improve the
efficiency of the biometric systems. The Henry finger print
classification scheme, which classifies the fingerprints in the database
according to their relative Primary Grouping Ratio (PGR) values has
several limitations such as (i) it works only when both palm-prints of
person are available; (ii) it can not work when intruder has made some
trick while enrolling his palm-print to system, for instance, he can
change the normal order of his fingers on the sensor; (iii) a huge
amount of computer memory is required to store fingerprints of both
hands.
53
Reducing Process-Time for Fingerprint
Identification System
After having the fingerprint image preprocessed, the feature extraction
block extracts the minutiae points from template and then the extracted
minutiae point undergoes with a matching process to match with the
stored database Templates and finally identify the person if it is in
system database. The database of biometric system plays very
important role in identification process as all the templates are stored
in it. The system performance also depends on the architecture of
system database that is the way templates are stored there in. The
system performance decreases, if templates are stored randomly as
compared with if templates are stored in a particular manner. To store
the templates in a proper way, Sir Henry has given a classification
scheme. The following section highlights the Henry classification
scheme.
54
Existing Fingerprint Identification system
55
Henry Classification Scheme
The Henry classification scheme allows for logical categorization of fingerprint
records into Primary Group Ratio (PGR) based on fingerprint pattern types. To
find the PGR values, Henry classification scheme assigns each finger a number
according to the order in which it is located in the hand, beginning with the right
thumb as number 1 and ending with the left pinky/little as number 10 as shown in
Table.
R
Thumb
R
Index
R
Middle
R
Ring
R
Pinky
L
Thumb
L
Index
L
Middle
L
Ring
L
Pinky
Finger
Number
1
2
3
4
5
6
7
8
9
10
Value (If
Whorl)
16
16
8
8
4
4
2
2
1
1
Pattern
Type
loop
whorl
arch
arch
Loop
arch
loop
whorl
loop
arch
Finger
Value
0
16
0
0
0
0
0
2
0
0
56
Palm prints of a single person
57
According to the Henry classification scheme, fingerprints are stored in
the database with their relative PGR values. The fingerprint Primary
Group Ratio is determined by calculating the ratio of one plus the sum
of the values of the whorl-patterned, even-numbered fingers; divided
by one plus the sum of the values of the whorl-patterned, oddnumbered fingers. Mathematically the formula can be written as:
Primary Grouping Ratio (PGR) =
1+ (Sum of EVEN, whorled, finger values)
1+ (Sum of ODD, whorled finger value)
58
To illustrate the computation of PGR values, consider an individual having a
fingerprint record with a LWAALALWLA pattern series (where L stands for
Loop, W stands for Whorl and A stands for Arch). The series begins with
Finger 1 (i.e. right thumb) and ending with Finger 10 (i.e. left pinky finger).
By referring to table 4.1 the weights of even finger having whorl pattern are 16
and 2 (which have been shown as bold in Table 4.1). Further no odd finger has
whorl pattern in the given series, hence the sum of its value is nil.
PGR=
1+ (Sum of EVEN, whorled, finger values)
__________________________________ =
1+ (Sum of ODD, whorled finger value)
1+ (16+2)
19
_______ = __
1+ (0)
1
59
Therefore, this individual belongs to the 19:1 primary group. This PGR
ratio is always treated as 19/1 not 19, as PGR contains both numerator
and denominator. In case an individual does not have any whorlpatterned fingerprints, his classification ratio, or primary group, would
be 1:1. On the other hand if an individual having all ten fingerprints
containing a whorl pattern, his classification ratio would be 31:31.
Henry classification scheme reduce the effort to search a large templates
of database, as fingerprints are now stored with their respective PGR
values. However Henry classification scheme has some limitations as
given below:
(i) Henry classification scheme work, only when both palm-prints of person
are stored in database. The scheme could not work with single
fingerprint template.
(ii) The problem can also arise if the criminal as made some trick while
enrolling his palm-print to system. For instance, he can change the
normal order of his fingers on the sensor.
(iii) Amount of computer memory increases to store both palms of person
as compared to single fingerprint template.
60
Proposed Method
In a conventional system, the database contains the fingerprint
templates in an ordinary manner. But in the proposed system the
database contains the different set of templates according to their
classification that is achieved during the enrollment process. The
schematic diagram of the proposed approach is shown in Figure 4.3
and the enrollment/identification process of the approach is
described below:
Enrollment Process
• Sensor Module, senses the Fingerprint Templates
• Feature Extraction Module, extracts the minutiae points from
Fingerprint Template.
• Fingerprint Classifier Module, classifies the input templates based
on Left-Loop, Right-Loop, Whorl or Arch and store them into the
database.
61
Proposed Classifier for Fingerprint Identification
62
Identification Process
•
Sensor Module senses the input Fingerprint Template.
•
Feature Extraction Module, extracts the minutiae points from Fingerprint
Template.
•
A minutiae template has been generated of a particular classification and
search the database for its specific domain. The particular domain is then
extracted from database and matched with the Minutiae Template as shown
in Figure 4.3.
•
In the database classification, only whorl, arch and loops are considered
because loops make up nearly 65% of all fingerprints, whorls are nearly
30%, and perhaps 5% are arches [BEI, 2003]. In the proposed approach,
loops are further divided into two categories viz. left-loop and right-loop as
loops contribute 65% of the total fingerprints. Consequently, there become
four domains i) Left-Loop ii) Right-Loop iii) Arch and iv) Whorl as shown
in figure 4.4 below.
Whorl
Arch
Right-Loop
Left-Loop
63
The algorithm for the proposed classifiers is shown in Figure 4.6. If the
value of ND (i.e. number of deltas) is 2 then it is either taken as whorl
or twin loop. If the value of ND is 1 then it is further computed for
Left-Loop or Right-Loop. If the value of ND is 0 then it is marked as
Arch. To find the category of loop (right or left) the feature extraction
stage estimates an axis locally symmetric to the ridge structures at the
core and computes γ (number of ridges crossing the line segment
joining core and delta). The relative position, R, of delta with respect
to symmetry axis is determined as follows R = 1 if the delta is on the
right side of symmetry axis and it will be left loop otherwise R = 0 and
in this case it will be a right loop. In this way we find the categories of
input fingerprint and build our database containing different domains
of fingerprints. Now let’s find the efficiency of proposed approach.
64
Working of proposed Fingerprint classifier
65
• The proposed approach proves very efficient especially when the
stored database is very large that is having more than 1, 00000
templates.
• The proposed method was evaluated at Madhuban Forensic
Laboratory, Karnal, where the system database contains more than 1,
50,000 templates. The software used at Madhuban Forensic Laboratory
is FACTS (Finger Analysis Criminal Tracing System) developed by
CMC, New Delhi based on Henry classification scheme as discussed
above.
• The experiment was conducted on FACTS with an input template (my
own fingerprint). The system took 22.35 minutes to produce output.
There were 34 templates in output. These outputs are further subjected
to human verification and that took 4.55 hours to give the exact
identification. Therefore it is obvious that the existing classification
scheme is very time consuming and involves complication of human
verification. Two templates are declared as matched if their Spatial
distance and Direction are below than specified values as given by L.
Hong. The algorithm is discussed below:
66
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Let D and T be the representation of the Database Template and Target Template
respectively. Each minutia may be described by a number of attributes, including its
location in the fingerprint image, orientation, type etc. Most common minutiae
matching algorithms consider each minutiae as a triplet m= {x,y,θ}that indicates the
minutiae location coordinates and the minutiae angle θ.
D= {m1,m2,…….mn}
mi = {xi,yi,θi} i= 1….m
T= { m’1,m’2,…….m’n }
mj = {x’j,y’j,θ’j} j= 1….n
Where m and n denotes the number of minutiae in D and T respectively.
Database Template and Target Template and stored template will be matched, If we
calculate Spatial Distance (SD) and direction difference (DD) that will below than
specified value r0 and θ0 or we can write as [HON, 1998A].
SD (m’1, m1) = sqrt [(x’i - xi )2 + (y’i - yi )2 ] <= r0
Similarly
DD (m’1, m1) <= θ0
Where r0 and θ0 are minimum threshold values.
Now the efficiency of proposed system is computed as follows:
Assume one match takes 1ms time and there are 1, 50,000 templates in the
database.
Calculation for the best case:
The template is first match, time required = 1 X 1 = 1 ms.
Calculation for the worst case:
The database templates (1, 50,000 templates) are classified into the four domains
(Whorl domain, Left-Loop domain, Right-Loop domain and Arch domain) as
67
discussed previously.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Number of templates in Whorl-domain = 45000 templates.
(That is 30% of 1, 50,000).
Number of templates in Left-Loop-domain = 48000 templates.
(That is 32% of 1, 50,000).
Number of templates in Right-Loop-domain: 49500 templates.
(That is 33% of 1, 50,000).
Number of templates in Arch-domain: 7500 templates.
(That is 5% of 1, 50,000).
The input template may belong to either whorl domain or left-loop domain or right-loop
domain or arch domain. Now the amount of time required to match the input template
with the database template is computed below:
If input template is found in Whorl domain, It takes = 1ms X 45000=
45 sec.
If input template is found in Left-Loop domain, It takes = 1ms X 48000= 48 sec.
If input template is found in Whorl domain, It takes = 1ms X 49500=
49.5 sec
If input template is found in Whorl domain, It takes= 1msX 7500=
7.5 sec.
Average time for worst case = (45+48+49.5+7.5)/4= 150/4= 37.4 sec.
Efficiency of Existing System:
Calculation for the best case:
The template is First match, Time required = 1 X 1 = 1 ms
Calculation for the worst case:
The template is last match, Time required = 1 X 1, 50000 = 150 sec. = 25 min.
Speedup Factor=
Time taken by proposed approach
___________________________ =
Time taken by existing approach
37.4sec
1
______ = ___
25min
40.1
68
Performance Elevation of Fingerprint
Verification System
This section discusses an approach developed by the author of this
thesis to improve the existing conventional fingerprint verification
system. In the proposed method, dimensions of Finger/Thumb are
matched in first phase and the minute points are calculated and
matched in next phase only when the dimensions are matched in first
phase. The author of this thesis has proved that the proposed approach
improves FAR (False Accept Rate) and Total Response Time of
Biometric System as compared with Conventional Fingerprint
Verification Systems. The approach is useful when fingerprint
verifications are made at large scale level.
69
Memory Requirements for Biometric Templates
•
Table shows the memory requirements (in bytes) for different types of
biometric traits. It is obvious that if the size of memory for template is
large, it will increase the size of database templates. It increases the
system complexity and thereby response time of system.
Biometrics Traits
Memory Required (bytes)
Retinal Scan
35
Iris Scan
256
Fingerprints
512 - 1000
Hand Geometry
9
Data Size for Biometric Templates
70
The Proposed Approach to Improve Response Time
Figure 4.9 shows the architecture of the proposed approach, which
consists of two phase’s viz. Phase-I and Phase-II. Phase-I takes the
input from sensor and then measures the dimensions of the input
thumb. The thumb dimension measurements; a, b, c, d as shown in
Figure 4.8 is computed. After extracting these parameters, it is matched
with database templates for comparison. If the match is successful,
only then it goes to phase-II for minutiae extraction else match is
unsuccessful and no further processing is required. Phase-II extracts
the minutiae points for input fingerprint template by using the
algorithm given in Figure 4.7.
(a) Side-View
(b) Top-View
Figure Measuring Thumb Dimensions during Phase-I
71
Architecture of Proposed Approach
72
•
•
•
•
•
•
•
•
•
•
•
Performance Estimation for the Proposed Approach
To estimate the performance of proposed approach, let’s assume that there are
10,000 input templates which are to be compared against database templates. It
is further assumed that out of 10,000 templates only 100 templates got
verified. Let time taken by geometry verification system (i.e. Phase-I) is t and
time taken by fingerprint verification system (i.e. Phase-II) is T and (Where T
is five times greater than t given by [RUG, 1996]).
Calculation of Response Time:
Response Time (Tc) for conventional Fingerprint Verification System
Tc = 10,000 X T unit time.
Tc = 10,000 X 5t unit time.
(Because in conventional verification system, Phase-II is involved)
Response Time for Proposed System
Tp = 9900*t + 100 *(T + t).
(As per assumption only 100 templates are matched and rest of 9900 templates
are discard at Phase-I.)
Tp = 9900*t + 100(5t+t) = 9900t+600t=10500t unit time.
Speedup Factor =
Tp
10,500 t
1
___ = _______ = __
Tc
50,000 t 4.7
73
From the above calculation; it is obvious that the proposed approach is
approximately five times better than the existing biometric system. The
proposed approach allows completely controlled and automated
fingerprint verification with efficient response time and minimum FAR
(False Accept Rate) as fingerprint is now checked at two phases. The
proposed approach checks the dimensions as well as the minutiae
points of input template, after that it allows the user to be ‘Verified’.
74
Performance Improvement by using Soft
Biometric Traits
Unimodal biometric systems make use of a single biometric trait for
user recognition. It is difficult to achieve very high recognition rates
using unimodal systems due to problems like noisy sensor data and
non-universality or lack of distinctiveness of the chosen biometric trait.
Multimodal biometric systems address some of these problems by
combining evidence obtained from multiple sources. The problem with
multimodal system is that it will require a longer verification time
thereby causing inconvenience to the users. A multimodal biometric
system based on different biometric identifiers can be expected to be
more robust to noise, improve the matching accuracy and provide
reasonable protection against spoof attacks. But there are limitations as
well.
(i) The overall cost involved in building the multimodal system can be
high due to the need for multiple high quality sensors and increased
storage and computational requirements.
(ii) The system will require a longer verification time thereby causing
inconvenience to the users.
75
A possible solution to the problem of designing a reliable and userfriendly biometric system is to use additional information about the
user like height, weight, age, gender, ethnicity, and eye color to
improve the performance of the primary biometric system. Most of the
biometric systems collect such additional information about the users
during enrollment and store them in the database as metadata.
Biometric systems used in access control applications generally have a
human supervisor who oversees the operations of the system. When a
genuine user is falsely rejected by the system, the human operator has
to verify the identity of this user manually. This manual verification is
usually done by comparing the facial appearance of the user with the
facial image appearing on the user’s identification card and by
verifying other information on the ID card like age, gender, height, and
other visible identification marks. If the soft biometric characteristics
can be automatically extracted and used during the decision making
process, the overall performance of the system can be improved and
the need of manual involvement will be reduced.
76
Existing Soft Biometric System for person recognition.
Primary Biometric System
Soft Biometric System
77
Proposed Scheme to Integrate Soft Biometrics with
Primary Biometrics
• The proposed scheme consists of two stages viz. Stage-I and Stage-II.
The soft biometrics system is used as first stage and the primary
biometric system is used as second stage. The output of first stage is
fed to second stage. This type of combination will reduce the
processing time system and will improve the efficiency of system as
explained in coming sub-section 4.4.7.
• Processing at Stage-II is required only when the stage-I passes
successfully else there will be rejection automatically even without
computing the stage-II. Stage-I also computes the soft traits like age,
gender, height automatically, without human involvement.
78
Architecture of Personal Identification using Primary Biometrics and Soft Biometric
79
Performance Estimation of Proposed Scheme
In the proposed work, the fingerprint is used as the primary biometric
identifier and age, gender and height are used as soft biometric traits.
The soft traits are chosen in such a way that they could be easily
extracted automatically when user interact with system. For estimating
the performance of proposed scheme, let us assume there are 1,00,000
input templates to be matched against database templates and out of
1,00,000 templates only 100 templates are verified by the system. Let
time taken by primary biometric system to process single template is
TF and time taken by soft biometric to process single template is TS.
Where TF >TS as soft traits can be processed easily and TF is 10 times
greater than TS
80
Calculation for the Response Time:
• In conventional Fingerprint verification system Total Processing Time
(TR) for 1,00,000 templates.
• TR = 100000*TF unit time.
• TR = 100000*10TS =1000000TS unit time
• In Proposed system Total Processing Time (TP) for 1,00,000)
templates.
• Tp = (100000-100)* TS + 100 *(TF + TS).
• (As per assumption only 100 templates are verified and rest of 99900
templates are discard at Stage-I.)
• Tp = 99900 TS + 100(10+1) TS = (99900+1100) TS =101000 TS unit
time.
Speedup Factor =
Tp
10,1000 TS
1
___ = __________ = __
Tr
10,00000 TS
9.9
81
It is obvious from the above calculation that the proposed scheme is
approximately 10 times better than the existing biometric system. The
system proves to be more efficient when huge number templates are
taken at input side.
82
Conclusion and Future Scope
As biometric technology matures, there will be an increasing interaction among the
market, technology, and the applications. This interaction will be influenced by
the added value of the technology, user acceptance, and the credibility of the
service provider. As biometrics continues to advance scientifically and
technologically, its use and acceptability as a means of security and
authorization across various sectors will also grow. Biometrics would be a
useful solution to the issue of security for mobile banking in rural areas as only
thumb impression is quite enough for money transaction. Many biometric
technology providers are already delivering biometric authentication for a
variety of web-based and client/server based applications. Continued
improvements in the technology will increase performance at a lower cost.
Though biometric authentication is not a magical solution that solves all
authentication concerns and also it does not guarantee for 100% accuracy and
security yet it make easier and cheaper for us to use a variety of automated
information systems. It is too early to predict where and how biometric
technology would evolve and get embedded in which applications. But it is
certain that biometrics based identification will have a profound influence on
the way we conduct our daily business. It is also certain that, the fingerprints
will remain an integral part of the preferred biometric-based identification
solutions as the most mature and well understood biometric in the future
generation.
83
List of Publications
84
Publications in International Journals
•
•
•
•
•
•
•
“Improving Biometric security using Cryptography” published in
International Journal of Advance Research in Computer Engineering Vol-I JanDec 2007 PP 33-38. ISSN 0974-4320.
"Elevating Fingerprint Verification System", published in International
Journal of Physical Sciences. Vol. 19 (I) April 2007. PP 35-38 ISSN 0970-9150.
“Fingerprint As Biometric Traits: An Overview” Published in International
journal of Computer Science and knowledge Engineering Vol-I Jan-Dec 2007
PP 33-38. ISSN 0973-6735.
“Biometrics Security using Steganography” published in CSC online Journal
“International Journal of Security” Malashiya Vol-II Issue-I, PP 1-5 2008.
www.cscjournals.com. ISSN 1985-2320.
“Secure online Business: Exploring the security threats to e-commerce”
published in International journal of Intelligent Information Processing Vol-I
Jan-Dec 2007 PP 1-8. ISSN 0973-3892.
“Reducing Process-Time for Fingerprint Identification System” published
in “International Journals of Biometric and Bioinformatics” Malaysia Vol-III
Issue–I, 2009 PP 1-9. www.cscjournals.com ISSN 1985-2347.
"Soft Biometric: An Asset for Personal Recognition" published in
International Journal of Computing Science & Communication Technologies
[IJCSCT]. Vol-I, Issue-II, 2009 PP 160-163. ISSN - 0974-3375.
85
Publications in Book
•
"Biometric Sensor Based on Optical Frustrated Total Internal
Reflection" in the Book titled “Bioinformatics Computing” published by
Narosa Publication, New Delhi 2007 PP 118-123, ISBN: 978-817319-7949.
86
Publications in International-Level Conferences
•
•
•
•
"Protection of Database Template using Cancelable Biometric"
published in IEEE-International advance computing conference 6-7 March
2009, Thapar University, Patiala.
"Improving Fingerprint Verification System” Published in International
Conference on Intelligent Systems & Networks, IISN-2007, Feb. 23-25
2007. PP 298-300.
"Soft Biometric: An Asset for Personal Recognition" published in
International Conference on Advanced Computing & Communication
Technologies at APIIT India, Panipat, November 08-09, 2008.
"Challenges in Biometrics" published in International Conference on
Emerging trends in Computer Sc. & IT April 23, 2008 at AL-FALAH
School of Engineering & Tech, Faridabad PP 69-77.
87
Publications in National-Level Conference/Seminar
•
•
•
•
"Off-line Optical Frustrated Total Internal Reflection" Published in the
proceedings of National Seminar on “Information and Communication
Technology- Recent Advances & Applications ICT-2006 PP 237-240 Feb
09-11, 2006 at JMIT, Radaur Yamuna Nagar.
“Web security using Biometrics” published in National Conference on
Total Quality Management held at Vaish College of Engg, Rohtak 10th
March 2007.
“Biometric Recognition System: An Introduction” published in National
level seminar on Convergence of IT and Management on 24-Nov.2007 at
TIMT, Yamunanagar.
“Role of Biometrics in Modern Business” published in National seminar
on "Emerging Challenges in Commerce and Management", Govt. College
for Women, KARNAL 18-19 March, 2008.
88
Bibliography
89
Thanks
90
