Professional Documents
Culture Documents
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
and matcher, masquerade attack during verification the user privacy in the whole client-server model of
channel between sensor and matcher, Trojan horse biometric authentication system. Here, user needs to
attack on matcher, overriding attack and yes/no provide two biometric data during each and every
response during decision making after matching and authentication session. Hence, sometimes very
privacy issue During Decision Making after Matching. bothering. Not user - friendly.
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
better resistance against attacks on the WHPE
Watermark Embedding Algorithm: Let FPuni be template. Moreover, the additional variability
the unique fingerprint image of size s × s and FPdwt (i, introduced by hidden password-based watermark
j) be the corresponding four level discrete wavelet embedding reduces the similarity between WHPE
transformed image, where i = 1,2,3,4 denotes the templates of different users. This decreases the False
wavelet decomposition level and j = a, h, v, d denotes Accept Rate (FAR) of the system significantly. If we
the approximation, horizontal, vertical and diagonal imagine client-server structural design for the
sub-bands respectively. Let PPuni be the unique biometric system where preprocessing, feature
palmprint image of size t × t, where s ! t and PPdwt (i, extraction and watermark embedding are applied at the
j) be the corresponding two level wavelet transformed client side and hidden password encryption, matching
image with i=1,2. At level-2, the coefficients of is performed at the server, the server never watch the
approximation band of the palmprint image are original template. Only the watermark embedded
embedded into the detail sub-bands of the fingerprint template would be exposed during successful
image. A Hidden Password F1 is used to embed the decryption and the original template is never exposed
coefficients in the possible 3*S*S locations, where S is at the server.
the length and width of the sub-bands. Embedding at Two common methods for cracking a users’
level-2 is described in Equation (1). password are, dictionary attacks and social engineering
Next, the approximation band in the second level of techniques. In the proposed system, hidden password is
the palmprint image is further decomposed to the third implicitly verified during authentication by matching
level. At level-3, the coefficients of the approximation the WHPE biometric features. Even if an adversary
band of the palmprint image are embedded into the attempts to guess the hidden password, it is not
detail sub-bands of the fingerprint image using another possible to verify the guess without knowledge of the
auto generate key F2 whose upper bound is 3*T*T. T user’s biometric data. This provides resistance against
is the height and width of sub-bands at level-3. dictionary attacks to learn the hidden password.
Equation (2) describes the watermark embedding However, it is still possible to glean the hidden
process at level-3. password through social engineering techniques.
The inverse wavelet transformation is performed on Therefore, hidden password based transformation
the modified FPdwt (i, j) to obtain the final watermarked alone is not sufficient to ensure the security of the
fingerprint image FPwm. Figure 1 shows the process of biometric template. Due to this reason, we use the
embedding palmprint image in the fingerprint image. watermark embedding process to secure the biometric
template. Note that the hidden password used in
constructing the watermark embedding that secures the
FPdwt (2, j)= { PPdwt (2, a) according to F1
FPdwt (2, j) elsewhere
transformed template is fixed forever. Therefore, if the
hidden password is compromised, the security of the
WHPE is not affected and it is computationally hard
for an attacker to obtain the original biometric
FPdwt (3, j)= { PPdwt (3, a) according to F2
FPdwt (3, j) elsewhere template. Because of the template is however
synthesized by watermarking. Finally, the watermarked
template is encrypted using a hidden password derived
C. Watermarked Template binding by
from the palmprint classification. This prevents
Hidden Password Encryption substitution attacks against the watermarked template
because an adversary cannot modify the watermarked
Hidden password improves user privacy to template without knowing the hidden password or the
encryption of the watermarked template because it key derived from it.
enables the creation of revocable templates and
prevents cross matching of templates across different
applications. The distribution of WHPE template is
statistically more similar to uniform distribution than
the distribution of original template. This recommends
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
(a) Client
Webcam
Palmprint
Preprocessing
DWT
Cat1 Cat2
Embedding Auto Generate Key F2
Palm Template
Hidden password F1 in Fingerprint
Cat4 Cat3
IDWT
Encrypted
Database Template
(b) Server
Figure 1(a): Enrolment phase- Proposed Watermarking with Hidden password Encryption (WHPE)
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
(a) Client
Webcam
Palmprint
Preprocessing
DWT
Cat1 Cat2
Embedding Auto Generate Key F2
Palm Template
Hidden password F1 in Fingerprint
Cat4 Cat3
IDWT
Yes/no
Decrypted Matching
Database Template
(b) Server
Figure 1(b): Verification phase- Proposed Watermarking with Hidden password Encryption (WHPE)
The proposed watermarking with hidden password Our webcam database is a database with 1000
encryption (WHPE) scheme has been tested on the images (100 fingers × 5 impressions/finger and 100
webcam database. palms × 5 impressions/palm) of size 480×580. We
followed the standard of FVC2000 [6], FVC2002 [7],
FVC2004 [8] fingerprint databases where each
database contains fingerprints from 110 fingers. The
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
experiments are designed and performed to study
effects of the watermarking on the performance of the We classified our test in three different experiments
proposed secure fingerprint-based authentication and our experiments representing the performances of
system. In this experiment the compassion of the authentication system using original fingerprint
watermarking schemes on biometric images is database for matching in the experiment 1 and the
analyzed. matching performance between the original fingerprint
To carry out the tests, we watermarked the 1000 data with watermarked fingerprints obtained by WHPE
images from our database including both 500 in the experiment 2 and finally the matching using the
fingerprints and 500 palmprints, ran feature extraction same set of watermarked fingerprint database with
and recognition on the watermarked images, and watermarked fingerprint data in experiment 3. We
compared the results to that of using the original performed all these experiments and obtained the
fingerprints. In order to perform watermark-embedding results that are revealed in table 1.
process we used each impression of palmprint on each From a visual inspection of the matching results
fingerprint impression, which are obtained from the generated in our final experiments, we observed that
same individual. And by following this process, we got experiment 1 and experiment 3 had no significant
six watermark embedded templates for single effects on the performance of the authentication
individual and like this in the whole database we got system, where experiment 2 had significant and
500 templates from 100 individuals. First, to obtain a undesirable effect. This is because, in WHPE scheme
baseline performance of the authentication system, the watermark embedding affects a significant number
each fingerprint is matched with rest of the fingerprint of pixels in a local neighborhood so that some minutiae
database i.e., 499 fingerprints to obtain 499 normalized cannot be extracted during matching session. As a
matching scores. Among the normalized matching result experiment 2 obtained awful matching results.
scores obtained for a fingerprint, one would expect 4 These results have demonstrated that the watermarked
high scores and 495 low scores. For each hypothesized images can obtain approximately the same accuracy as
threshold matching score, the performance of the the original unwatermarked fingerprints in the
system was characterized by the true rejects (TR) and matching/authentication session on our proposed
the True accepts (TA). secure authentication system.
The averaged matched true acceptance for biometric is not obtained. Such an attacker, fully
experiment 1 and experiment 3 is around 90%. So we familiar with the system and exploiting its weaknesses,
have proved that our WHPE scheme will perform will not be doing just a watermark extraction process in
successfully and better. The security level also order to break the embedded template. As a substitute,
remaining strong because in our proposed scheme the he will develop different attacks that can be run in a
original biometric is not exposed anywhere. realistic time frame. The WHPE must be flexible
against those on-line attacks.
Here, we discuss the security of the above scheme.
B. Discussions First, we cite the security framework of the proposed
authentication scheme. If challengers’ success to steal
Although numerous techniques have been proposed the template stored in the database, they can get the
to enhance the security and privacy of the biometric encrypted template. Subsequently they attempt to
authentication system, but still it’s a risky issue. It has extract the template and ruin the file so that it may no
been largely disregarded the study of potential longer be useful. Hans Georg Schaathun, [3] presented
vulnerability of Biometric Authentication against some attacks in watermarking layer. A real
attacks. That means a complicated attacker could watermarking scheme cannot be expected to be
achieve access to both the embedded templates and the infallible. The attacks are, (1) Non-collusive
whole attack phases described in section. But a user’s watermarking attack: Non-collusive watermarking
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
attacks can be applied to any mark. By garbling the replay attack on the proposed authentication scheme. If
segment, the pirates cause the extraction algorithm to the adversaries can snoop to the communication from
fail with some probability. (2) Collusive watermarking the proposed scheme, and obtain the information of
attack: A collusive watermarking attack applies to any embedded template or encrypted data or decrypted
detectable marks. By combining different versions of data, when they reuse this information, the client and
the same mark, for instance by averaging, the pirates the database can detect replay attack by verifying the
can weaken the watermark and cause extraction to fail difference among the information of the data used in
with some probability. (3) Cropping a segment: A WHPE scheme.
pirate can crop the file by removing certain segments. Only the attack will be established possibly when
If the pirates use a very strong watermarking attack or the user’s biometric as well as according to our scheme
extensive cropping, they will also ruin the file, because the attacker compromises the fingerprint and the
they have no information about the hidden password, palmprint both.
which is used for embedding and encryption. Suppose,
the hidden password is compromised then they can 4. Conclusion
become impostor of the decryption and they will able
to obtain a watermarked template which is still secured We proposed the authentication scheme to protect
in the authentication scheme because the original the biometric templates and to improve the security
template will never be exposed any where in the and privacy level of biometric authentication system in
system, even in the matching process. this paper. The main concept of the proposed
However, even if adversaries hijack the whole authentication scheme is that stolen biometric
database, because it receives no personal information, information is not reusable, in every authentication for
of course including the original template and the even same person. In the scheme we used hidden
extracted feature, the takeover does not threaten the password, which was derived from palmprint
user’s privacy. Then we consider the case of a classifications. The hidden password concept is very
malicious authentication server collects information. In similar to the password concept [15] but here user
this structure, it receives watermark embedded and needs to remember the password and also the password
encrypted transformed data. As abovementioned, they is very easy to guess. Finally, we obtained the view of
imply no information before extraction the embedded the security of our proposed authentication scheme
and encrypted data. Besides, the malicious sever against the attacks described in section 1(a). The
cannot know the corresponding watermark embedded performance of the authentication scheme is presented
process, hidden password and encryption process. by the experiments and results.
Hence, the malicious server obtains no information
about original templates. 5. References
Next, we consider security of the information
transformed by WHPE against hill-climbing attack [9] [1]. X. Wu, D. Zhang, K. Wang and B. Huang, “Palmprint
[10], replay attack [11], collusion attack. Hill-climbing classification using principle lines,” Pattern Recognition,
attack [11] uses of replied matching score in order to Vol. 37, No. 10, pp 1987-1998, 2004.
make a fake. When the application server sends the
matching score to client or adversary as shown in Fig. [2]. Palmprint database from Biometric Research Center,
3, the adversary transforms embedded feature data The Hong Kong Polytechnic University.
selected from database that the adversary constructs. Available:http://www4.comp.polyu.edu.hk/~biometrics/
The adversary sends the transformed features to the [3]. Hans Georg Schaathun, “On watermarking/
authentication server for matching. Because this fingerprinting for copyright protection,” Proc. of First
system used the hidden password to seek the International Conference on Innovative Computing,
corresponding data, it is difficult for the adversary to Information and Control (ICICIC '06), Vol. 3, pp. 50- 53,
improve the fake from the replied matching score. 2006.
Therefore, the probability of the adversary’s success on
our proposed authentication scheme becomes less than [4]. Yeung M. and Pankanti S., “Verification Watermarks on
conventional biometric authentication. Fingerprint Recognition and Retrieval,” Journal of Electronic
Normally, replay attack is impossible, if previously Imaging, vol. 9, no. 4, pp.468-476, 2000.
obtained information is not reusable. When adversaries
eavesdrop on the communication between the client [5]. M.M. Yeung and F.C. Mintzer, “Invisible watermarking
and the authentication server, they obtain only for image verification,” Journal of Electronic Imaging, Vol.
embedded transformed features or encrypted data, 7(03), pp. 578-591, 1998.
which are not reusable. Hence, no adversary successes
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.
[6]. FVC2000 fingerprint database, Available:
http://bias.csr.unibo.it/fvc2000/databases.asp
Authorized licensed use limited to: IEEE Xplore. Downloaded on November 27, 2008 at 02:06 from IEEE Xplore. Restrictions apply.