International Journal of Scientific Research Engineering & Technology (IJSRET)

Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882

IJSRET @ 2014
Secure Transaction of Minutiae Data over Web
Ashish Shukla
Department of Computer Science and applications, BSA College, Mathura (INDIA)
Abstract
Advancement of biometric systems in various applications raises
concerns about the security and privacy of biometric technology.
Although biometric systems are secure, but extra protection tools can
keep safe our biometric system at various attack points, for example
an attacker may hack templates from a database and constructs
artificial biometrics that breach authentication. It indicates that our
biometrics templates in database are not secure; a solution should be
device for database template-protection, which makes it hard to
recover the actual biometric data from the templates. Here in this
paper, we focus on biometric template security which is an important
issue because unlike passwords and tokens, biometric templates
cannot be revoked and reissued. We present an idea with the help of
cancelable biometrics to protect templates in database in an efficient
manner.
Keywords: Biometrics, fingerprint, minutiae, security, template,
attack.
1. Introduction
A biometric ID is a unique trait of the human body that can be
used for authentication e.g. fingerprints, eyes, face, hand,
voice, and signature. A biometric authenticates the user, unlike
a password that can be lost or stolen. Biometrics can be
classified further into subtypes: physical and behavioral.
Physical biometrics are based on body features. Behavioral
biometrics is based on learned gestures such as signatures.
Biometric authentication can be vulnerable to machine error.
Verification error occurs when a one-to-one match is
attempted. Identification error occurs when a one-to-many
match is attempted. Further false non-match rates (FRR) and
false match rates (FAR) can be raised. User authentication is
part of the larger security system, which can be strong or
weak. A typical biometric system comprises of several
modules. The sensor module acquires the raw biometric data
of an individual in the form of an image, video, audio or some
other signal. The feature extraction module extracts a salient
set of features to represent the signal; during user enrolment
the extracted feature set, labeled with the users identity, is
stored in the biometric system and is known as a template. The
matching module compares the feature set extracted during
authentication with the enrolled template(s) and generates
match scores. The decision module processes these match
scores in order to either determine or verify the identity of an
individual. An imposter can attack on any of the above
mentioned points (Discussed in sec 1.3).
1.2 Secure Fingerprints
To enhance the security and privacy of fingerprint-based
authentication, the fingerprint is intentionally distorted in a
repeatable manner (instead of enrolling with your true finger
or other biometric), and this new print is used. If, for some
reason, the old fingerprint is "stolen", a "new" fingerprint can
be issued by simply changing the parameters of the distortion
process. This also results in enhanced privacy for the user
since his true fingerprint is never used anywhere, and different
distortions can be used for different types of accounts. The
same technique can also be used with other biometrics (as
shown below) to achieve similar benefits.
1.3 Attacks on a Biometric System
Different levels of attacks can be launched against a biometric
system [1]: (i) a fake biometric such as an artificial finger may
be presented at the sensor, (ii) illegally intercepted data may
be resubmitted to the system, (iii) the feature extractor may be
replaced by a Trojan horse program that produces pre-
determined feature sets, (iv) legitimate feature sets may be
replaced with synthetic feature sets, (v) the matcher may be
replaced by a Trojan horse program that always outputs high
scores thereby defying system security, (vi) the templates
stored in the database may be modified or removed, or new
templates may be introduced in the database, (vii) the data in
the communication channel between various modules of the
system may be altered, and (viii) the final decision output by
the biometric system may be overridden. These attacks are
shown in Figure 1.
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
Figure1. Attack levels in a biometric system
2. Related Work
Several fingerprint sensors were tested by [2] to check if they
accept an artificially created (dummy) finger instead of a real
finger. They tried methods to create dummy fingers with and
without the cooperation of the real owner of the biometric.
When the owner cooperates, obviously the quality of the
produced dummy fingers can be higher than those produced
without cooperation. In this process, the plaster cast of the
finger, liquid silicon rubber is filled inside the cast to create a
wafer-thin dummy that can be attached to a finger, without
being noticed at all. This operation is said to take only a few
hours and more skill are needed:
Synthetic images are input to the matching algorithm, which
in turn handles conversion of the images into any suitable
representation before matching. But, for a fingerprint-based
biometric system, such an approach presents challenges not
found in a face-based system: the discriminating information
in fingerprints is not tied to specific geometrical relationships,
as it is in face-based systems (e.g., between eyes, nose, mouth,
etc.) and methods that are inherently linked to the correct
registration of image pixels seem unsuitable. A study that is
related to the template database security (type 6 attack) is
given in [3]. Using a commercial fingerprint matcher, the
minutiae template data is reverse engineered by the author and
the corresponding synthetic fingerprint images are generated.
Although the generated images are not very realistic and few
experimental results are provided, the possibility of this
masquerading may imply that raw biometric templates need to
be secured, using, for example, techniques such as encryption.
Another method to protect templates from fraudulent usage
involves using a distorted (but noninvertible) version of the
biometric signal or the feature vector; if a specific
representation of template is compromised, the distortion
transform can be replaced with another one from a transform
database. Every application can use a different transform (e.g.,
health care, visa, e-commerce) so that the privacy concerns of
subjects related to database sharing between institutions can
be addressed. Data hiding and watermarking techniques have
also been proposed as means of increasing the security of
fingerprint images, by detecting modifications [4], by hiding
one biometric into another [5] and by hiding in the
compressed domain.
An attack system has been designed for a minutiae-based
fingerprint authentication system [6]. On the basis of this
system we proposed our scheme on the basis of cancelable
biometrics. First let us discuss the existing attack system given
by [6].
Let D and T represent the Database Template and Synthetic
Template respectively. Each minutia is described by a number
of attributes. Usually, each minutiae m is considered as a
triplet, m={x,y,} that indicates the minutiae location (x, y),
and the minutiae angle .
D= {m
1
,m
2
,.m
n
} m
i =
{x
i
,y
i
,
i
} i= 1.m
T= { m
1
,m
2
,.m
n
} m
j =
{x
j
,y
j
,
j
} j= 1.n
Where m and n denotes the number of minutiae in D and T
respectively.

Di : The database template corresponding to user i , i 1,
2,3,....N , where N is the total number of users registered in the
system.
Ti
j
: The jth synthetic template generated by the attacking
system for user i . This template has the same format as
database templates; it can be represented as
S( Di, Ti
j
): The matching score between Di and Ti
j

S
threshold
: The decision threshold used by the matcher. Two
templates will be considered as matched if their matching
score meet this value.
Algorithm 1.
For attacking a specific user account, the attacking system
must follow the following five steps [7] also shown in figure2.
Step 1 (Initial guessing): Generate a fixed number of
synthetic templates (Ti
1
,Ti
2
,Ti
3
Ti
100
).
Fig. 2. Overview of the attack system.
Step 2 (Try initial guesses): accumulate the corresponding
matching scores ( S(Di ,Ti
1
), S(Di ,Ti
2
), S(Di ,Ti
3
),..., S(Di
,Ti
100
) ) for user i.
Step 3 (Pick the best initial guess): Declare the best guess
Ti
best
to be the template resulting in the highest matching
score.
Step 4: Modify Ti
best
by adding a new minutia, replacing an
existing minutia. If for any one of these attempts, the matching
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
Figure1. Attack levels in a biometric system
2. Related Work
Several fingerprint sensors were tested by [2] to check if they
accept an artificially created (dummy) finger instead of a real
finger. They tried methods to create dummy fingers with and
without the cooperation of the real owner of the biometric.
When the owner cooperates, obviously the quality of the
produced dummy fingers can be higher than those produced
without cooperation. In this process, the plaster cast of the
finger, liquid silicon rubber is filled inside the cast to create a
wafer-thin dummy that can be attached to a finger, without
being noticed at all. This operation is said to take only a few
hours and more skill are needed:
Synthetic images are input to the matching algorithm, which
in turn handles conversion of the images into any suitable
representation before matching. But, for a fingerprint-based
biometric system, such an approach presents challenges not
found in a face-based system: the discriminating information
in fingerprints is not tied to specific geometrical relationships,
as it is in face-based systems (e.g., between eyes, nose, mouth,
etc.) and methods that are inherently linked to the correct
registration of image pixels seem unsuitable. A study that is
related to the template database security (type 6 attack) is
given in [3]. Using a commercial fingerprint matcher, the
minutiae template data is reverse engineered by the author and
the corresponding synthetic fingerprint images are generated.
Although the generated images are not very realistic and few
experimental results are provided, the possibility of this
masquerading may imply that raw biometric templates need to
be secured, using, for example, techniques such as encryption.
Another method to protect templates from fraudulent usage
involves using a distorted (but noninvertible) version of the
biometric signal or the feature vector; if a specific
representation of template is compromised, the distortion
transform can be replaced with another one from a transform
database. Every application can use a different transform (e.g.,
health care, visa, e-commerce) so that the privacy concerns of
subjects related to database sharing between institutions can
be addressed. Data hiding and watermarking techniques have
also been proposed as means of increasing the security of
fingerprint images, by detecting modifications [4], by hiding
one biometric into another [5] and by hiding in the
compressed domain.
An attack system has been designed for a minutiae-based
fingerprint authentication system [6]. On the basis of this
system we proposed our scheme on the basis of cancelable
biometrics. First let us discuss the existing attack system given
by [6].
Let D and T represent the Database Template and Synthetic
Template respectively. Each minutia is described by a number
of attributes. Usually, each minutiae m is considered as a
triplet, m={x,y,} that indicates the minutiae location (x, y),
and the minutiae angle .
D= {m
1
,m
2
,.m
n
} m
i =
{x
i
,y
i
,
i
} i= 1.m
T= { m
1
,m
2
,.m
n
} m
j =
{x
j
,y
j
,
j
} j= 1.n
Where m and n denotes the number of minutiae in D and T
respectively.

Di : The database template corresponding to user i , i 1,
2,3,....N , where N is the total number of users registered in the
system.
Ti
j
: The jth synthetic template generated by the attacking
system for user i . This template has the same format as
database templates; it can be represented as
S( Di, Ti
j
): The matching score between Di and Ti
j

S
threshold
: The decision threshold used by the matcher. Two
templates will be considered as matched if their matching
score meet this value.
Algorithm 1.
For attacking a specific user account, the attacking system
must follow the following five steps [7] also shown in figure2.
Step 1 (Initial guessing): Generate a fixed number of
synthetic templates (Ti
1
,Ti
2
,Ti
3
Ti
100
).
Fig. 2. Overview of the attack system.
Step 2 (Try initial guesses): accumulate the corresponding
matching scores ( S(Di ,Ti
1
), S(Di ,Ti
2
), S(Di ,Ti
3
),..., S(Di
,Ti
100
) ) for user i.
Step 3 (Pick the best initial guess): Declare the best guess
Ti
best
to be the template resulting in the highest matching
score.
Step 4: Modify Ti
best
by adding a new minutia, replacing an
existing minutia. If for any one of these attempts, the matching
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
Figure1. Attack levels in a biometric system
2. Related Work
Several fingerprint sensors were tested by [2] to check if they
accept an artificially created (dummy) finger instead of a real
finger. They tried methods to create dummy fingers with and
without the cooperation of the real owner of the biometric.
When the owner cooperates, obviously the quality of the
produced dummy fingers can be higher than those produced
without cooperation. In this process, the plaster cast of the
finger, liquid silicon rubber is filled inside the cast to create a
wafer-thin dummy that can be attached to a finger, without
being noticed at all. This operation is said to take only a few
hours and more skill are needed:
Synthetic images are input to the matching algorithm, which
in turn handles conversion of the images into any suitable
representation before matching. But, for a fingerprint-based
biometric system, such an approach presents challenges not
found in a face-based system: the discriminating information
in fingerprints is not tied to specific geometrical relationships,
as it is in face-based systems (e.g., between eyes, nose, mouth,
etc.) and methods that are inherently linked to the correct
registration of image pixels seem unsuitable. A study that is
related to the template database security (type 6 attack) is
given in [3]. Using a commercial fingerprint matcher, the
minutiae template data is reverse engineered by the author and
the corresponding synthetic fingerprint images are generated.
Although the generated images are not very realistic and few
experimental results are provided, the possibility of this
masquerading may imply that raw biometric templates need to
be secured, using, for example, techniques such as encryption.
Another method to protect templates from fraudulent usage
involves using a distorted (but noninvertible) version of the
biometric signal or the feature vector; if a specific
representation of template is compromised, the distortion
transform can be replaced with another one from a transform
database. Every application can use a different transform (e.g.,
health care, visa, e-commerce) so that the privacy concerns of
subjects related to database sharing between institutions can
be addressed. Data hiding and watermarking techniques have
also been proposed as means of increasing the security of
fingerprint images, by detecting modifications [4], by hiding
one biometric into another [5] and by hiding in the
compressed domain.
An attack system has been designed for a minutiae-based
fingerprint authentication system [6]. On the basis of this
system we proposed our scheme on the basis of cancelable
biometrics. First let us discuss the existing attack system given
by [6].
Let D and T represent the Database Template and Synthetic
Template respectively. Each minutia is described by a number
of attributes. Usually, each minutiae m is considered as a
triplet, m={x,y,} that indicates the minutiae location (x, y),
and the minutiae angle .
D= {m
1
,m
2
,.m
n
} m
i =
{x
i
,y
i
,
i
} i= 1.m
T= { m
1
,m
2
,.m
n
} m
j =
{x
j
,y
j
,
j
} j= 1.n
Where m and n denotes the number of minutiae in D and T
respectively.

Di : The database template corresponding to user i , i 1,
2,3,....N , where N is the total number of users registered in the
system.
Ti
j
: The jth synthetic template generated by the attacking
system for user i . This template has the same format as
database templates; it can be represented as
S( Di, Ti
j
): The matching score between Di and Ti
j

S
threshold
: The decision threshold used by the matcher. Two
templates will be considered as matched if their matching
score meet this value.
Algorithm 1.
For attacking a specific user account, the attacking system
must follow the following five steps [7] also shown in figure2.
Step 1 (Initial guessing): Generate a fixed number of
synthetic templates (Ti
1
,Ti
2
,Ti
3
Ti
100
).
Fig. 2. Overview of the attack system.
Step 2 (Try initial guesses): accumulate the corresponding
matching scores ( S(Di ,Ti
1
), S(Di ,Ti
2
), S(Di ,Ti
3
),..., S(Di
,Ti
100
) ) for user i.
Step 3 (Pick the best initial guess): Declare the best guess
Ti
best
to be the template resulting in the highest matching
score.
Step 4: Modify Ti
best
by adding a new minutia, replacing an
existing minutia. If for any one of these attempts, the matching
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
score is larger than previous S
best
(Di) declare the modified
template as Ti
best
, and update S
best
(Di) accordingly.
Step 5 (Obtaining result): If the current best score is
accepted by the matcher (namely, S
best
(Di) S
Threshold
), stop
the attack.
3. Proposed Work
This algorithm of attack will be successful if we store our
template D
i
in database without any change. If we apply
cancelable biometrics and store our template D
i
in database
such that all D
i
in database are not in original form, rather they
are mutants only. Such that if D is database templates like
D= {m
1
,m
2
,.m
n
} m
i =
{x
i
,y
i
,
i
} i= 1.m
Then their mutants D=H(D) will be stored in database instead
of actual D.
D= {m
1
,m
2
,.m
n
} m
i =
{X
i
,Y
i
,
i
} i= 1.m
Where X = H(x) Y= H(y) and = H()
Figure3. A block structure is imposed on the image aligned with
characteristic points. The blocks in the original image are
subsequently scrambled randomly but repeatably. Image
morphing algorithms are described in References [8] and [9].
H is hashing function corresponds to any transformation
applied to actual Templates as shown in figure3 above. It is
also true that there will be no math between actual template
and its mutant i.e. if we calculate Spatial Distance (sd) and
direction difference (dd) that will not be below r
0
and
0
or we
can write as
sd(m
1,
m
1
)
=
sqrt [(X
i
- x
i
)
2
+
(
Y
i
- y
i
)
2
] < r
0
----------------(1)
Similarly dd(m
1,
m
1
) <
0
----------------(2)
Now lets apply the Algorithm-1 to find the best math
between existing templates. Keeping in mind that now instead
of D, D are stored in database. Suppose the algorithm
declares the D
i
as best match due to its score level S
best
(Di).
Since Spatial Distance (sd) and direction difference (dd) of D
and D does not match. No doubt T and D will not match and
similarly from equations (1) and (2).
Sd(T
m1,
D
m1
)
=
sqrt [(X
i
x
i
)
2
+
(
Y
i
y
i
)
2
] < r
0
Dd(T
m1,
D
m1
) <
0
Only mutants will be stolen and original template are quite
safe. We can further alter D to D by some another hashing
function W in future whenever required. In this way the
cancelable biometrics helps a lot in safekeeping our templates
in database.
4. Conclusion
No biometric system or any security system is a foolproof.
Every system is breakable with an appropriate amount of time
and money. The techniques used to prevent the attacks, help to
increase the time, and cost of money. The greatest strength of
biometrics is that it does not change over time, but at the same
time its a great problem. Once a set of biometric data has
been compromised, it is compromised forever. To address this
issue, we have proposed applying repeatable noninvertible
distortions to the biometric signal. Cancellation simply
requires the specification of a new distortion transform.
Privacy is enhanced because different distortions can be used
for different services and the true biometrics are never stored
or revealed to the authentication server. In addition, such
intentionally distorted biometrics cannot be used for searching
legacy databases and will thus ease some privacy violation
concerns. A single template protection approach may not be
sufficient to meet all the application requirements. Hence,
hybrid schemes that make use of the advantages of the
different template protection approaches must be developed.
5. References
[1] N. Ratha, J. H. Connell, and R. M. Bolle, An analysis of minutiae
matching strength, in Proc. Audio and Video-based Biometric Person
Authentication (AVBPA), pp. 223228, (Halmstad, Sweden), June 2001.
[2] T. Putte and J. Keuning, Biometrical fingerprint recognition: dont get
your fingers burned, Proc. IFIP TC8/WG8.8, Fourth Working Conf. Smart
Card Research and Adv. App., pp. 289-303, 2000.
[3] C.J. Hill, Risk of masquerade arising from the storage of biometrics,
B.S. Thesis, http://chris.fornax.net/biometrics.html
[4] S. Pankanti and M.M. Yeung, Verification watermarks on fingerprint
recognition and retrieval, Proc. SPIE EI, vol. 3657, pp. 66-78, 1999.
[5] A. K. Jain and U. Uludag, Hiding biometric data, IEEE Transactions on
Pattern Analysis and Machine Intelligence, vol. 25, no. 11, pp. 1494-1498,
November 2003.
[6] U. Uludag and A. K. Jain, Attacks on biometric systems:a case study in
fingerprints, in Proc. SPIE, Security, Seganography and Watermarking of
MultimediaContents VI, vol. 5306, pp. 622633, (San Jose, CA), January
2004.
[7] Umut Uludag, Anil K. Jain, Attacks on Biometric Systems: A Case Study
in Fingerprints, http://biometrics.cse.msu.edu
[8] G. Wolberg, Image Morphing: A Survey, The Visual Computer 360
372 (1998).
[9] T. Beier and S. Neely, Feature-Based Image Metamorphosis,
Proceedings of SIGGRAPH, ACM, New York (1992), pp. 3542.
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
score is larger than previous S
best
(Di) declare the modified
template as Ti
best
, and update S
best
(Di) accordingly.
Step 5 (Obtaining result): If the current best score is
accepted by the matcher (namely, S
best
(Di) S
Threshold
), stop
the attack.
3. Proposed Work
This algorithm of attack will be successful if we store our
template D
i
in database without any change. If we apply
cancelable biometrics and store our template D
i
in database
such that all D
i
in database are not in original form, rather they
are mutants only. Such that if D is database templates like
D= {m
1
,m
2
,.m
n
} m
i =
{x
i
,y
i
,
i
} i= 1.m
Then their mutants D=H(D) will be stored in database instead
of actual D.
D= {m
1
,m
2
,.m
n
} m
i =
{X
i
,Y
i
,
i
} i= 1.m
Where X = H(x) Y= H(y) and = H()
Figure3. A block structure is imposed on the image aligned with
characteristic points. The blocks in the original image are
subsequently scrambled randomly but repeatably. Image
morphing algorithms are described in References [8] and [9].
H is hashing function corresponds to any transformation
applied to actual Templates as shown in figure3 above. It is
also true that there will be no math between actual template
and its mutant i.e. if we calculate Spatial Distance (sd) and
direction difference (dd) that will not be below r
0
and
0
or we
can write as
sd(m
1,
m
1
)
=
sqrt [(X
i
- x
i
)
2
+
(
Y
i
- y
i
)
2
] < r
0
----------------(1)
Similarly dd(m
1,
m
1
) <
0
----------------(2)
Now lets apply the Algorithm-1 to find the best math
between existing templates. Keeping in mind that now instead
of D, D are stored in database. Suppose the algorithm
declares the D
i
as best match due to its score level S
best
(Di).
Since Spatial Distance (sd) and direction difference (dd) of D
and D does not match. No doubt T and D will not match and
similarly from equations (1) and (2).
Sd(T
m1,
D
m1
)
=
sqrt [(X
i
x
i
)
2
+
(
Y
i
y
i
)
2
] < r
0
Dd(T
m1,
D
m1
) <
0
Only mutants will be stolen and original template are quite
safe. We can further alter D to D by some another hashing
function W in future whenever required. In this way the
cancelable biometrics helps a lot in safekeeping our templates
in database.
4. Conclusion
No biometric system or any security system is a foolproof.
Every system is breakable with an appropriate amount of time
and money. The techniques used to prevent the attacks, help to
increase the time, and cost of money. The greatest strength of
biometrics is that it does not change over time, but at the same
time its a great problem. Once a set of biometric data has
been compromised, it is compromised forever. To address this
issue, we have proposed applying repeatable noninvertible
distortions to the biometric signal. Cancellation simply
requires the specification of a new distortion transform.
Privacy is enhanced because different distortions can be used
for different services and the true biometrics are never stored
or revealed to the authentication server. In addition, such
intentionally distorted biometrics cannot be used for searching
legacy databases and will thus ease some privacy violation
concerns. A single template protection approach may not be
sufficient to meet all the application requirements. Hence,
hybrid schemes that make use of the advantages of the
different template protection approaches must be developed.
5. References
[1] N. Ratha, J. H. Connell, and R. M. Bolle, An analysis of minutiae
matching strength, in Proc. Audio and Video-based Biometric Person
Authentication (AVBPA), pp. 223228, (Halmstad, Sweden), June 2001.
[2] T. Putte and J. Keuning, Biometrical fingerprint recognition: dont get
your fingers burned, Proc. IFIP TC8/WG8.8, Fourth Working Conf. Smart
Card Research and Adv. App., pp. 289-303, 2000.
[3] C.J. Hill, Risk of masquerade arising from the storage of biometrics,
B.S. Thesis, http://chris.fornax.net/biometrics.html
[4] S. Pankanti and M.M. Yeung, Verification watermarks on fingerprint
recognition and retrieval, Proc. SPIE EI, vol. 3657, pp. 66-78, 1999.
[5] A. K. Jain and U. Uludag, Hiding biometric data, IEEE Transactions on
Pattern Analysis and Machine Intelligence, vol. 25, no. 11, pp. 1494-1498,
November 2003.
[6] U. Uludag and A. K. Jain, Attacks on biometric systems:a case study in
fingerprints, in Proc. SPIE, Security, Seganography and Watermarking of
MultimediaContents VI, vol. 5306, pp. 622633, (San Jose, CA), January
2004.
[7] Umut Uludag, Anil K. Jain, Attacks on Biometric Systems: A Case Study
in Fingerprints, http://biometrics.cse.msu.edu
[8] G. Wolberg, Image Morphing: A Survey, The Visual Computer 360
372 (1998).
[9] T. Beier and S. Neely, Feature-Based Image Metamorphosis,
Proceedings of SIGGRAPH, ACM, New York (1992), pp. 3542.
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 614-616 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
score is larger than previous S
best
(Di) declare the modified
template as Ti
best
, and update S
best
(Di) accordingly.
Step 5 (Obtaining result): If the current best score is
accepted by the matcher (namely, S
best
(Di) S
Threshold
), stop
the attack.
3. Proposed Work
This algorithm of attack will be successful if we store our
template D
i
in database without any change. If we apply
cancelable biometrics and store our template D
i
in database
such that all D
i
in database are not in original form, rather they
are mutants only. Such that if D is database templates like
D= {m
1
,m
2
,.m
n
} m
i =
{x
i
,y
i
,
i
} i= 1.m
Then their mutants D=H(D) will be stored in database instead
of actual D.
D= {m
1
,m
2
,.m
n
} m
i =
{X
i
,Y
i
,
i
} i= 1.m
Where X = H(x) Y= H(y) and = H()
Figure3. A block structure is imposed on the image aligned with
characteristic points. The blocks in the original image are
subsequently scrambled randomly but repeatably. Image
morphing algorithms are described in References [8] and [9].
H is hashing function corresponds to any transformation
applied to actual Templates as shown in figure3 above. It is
also true that there will be no math between actual template
and its mutant i.e. if we calculate Spatial Distance (sd) and
direction difference (dd) that will not be below r
0
and
0
or we
can write as
sd(m
1,
m
1
)
=
sqrt [(X
i
- x
i
)
2
+
(
Y
i
- y
i
)
2
] < r
0
----------------(1)
Similarly dd(m
1,
m
1
) <
0
----------------(2)
Now lets apply the Algorithm-1 to find the best math
between existing templates. Keeping in mind that now instead
of D, D are stored in database. Suppose the algorithm
declares the D
i
as best match due to its score level S
best
(Di).
Since Spatial Distance (sd) and direction difference (dd) of D
and D does not match. No doubt T and D will not match and
similarly from equations (1) and (2).
Sd(T
m1,
D
m1
)
=
sqrt [(X
i
x
i
)
2
+
(
Y
i
y
i
)
2
] < r
0
Dd(T
m1,
D
m1
) <
0
Only mutants will be stolen and original template are quite
safe. We can further alter D to D by some another hashing
function W in future whenever required. In this way the
cancelable biometrics helps a lot in safekeeping our templates
in database.
4. Conclusion
No biometric system or any security system is a foolproof.
Every system is breakable with an appropriate amount of time
and money. The techniques used to prevent the attacks, help to
increase the time, and cost of money. The greatest strength of
biometrics is that it does not change over time, but at the same
time its a great problem. Once a set of biometric data has
been compromised, it is compromised forever. To address this
issue, we have proposed applying repeatable noninvertible
distortions to the biometric signal. Cancellation simply
requires the specification of a new distortion transform.
Privacy is enhanced because different distortions can be used
for different services and the true biometrics are never stored
or revealed to the authentication server. In addition, such
intentionally distorted biometrics cannot be used for searching
legacy databases and will thus ease some privacy violation
concerns. A single template protection approach may not be
sufficient to meet all the application requirements. Hence,
hybrid schemes that make use of the advantages of the
different template protection approaches must be developed.
5. References
[1] N. Ratha, J. H. Connell, and R. M. Bolle, An analysis of minutiae
matching strength, in Proc. Audio and Video-based Biometric Person
Authentication (AVBPA), pp. 223228, (Halmstad, Sweden), June 2001.
[2] T. Putte and J. Keuning, Biometrical fingerprint recognition: dont get
your fingers burned, Proc. IFIP TC8/WG8.8, Fourth Working Conf. Smart
Card Research and Adv. App., pp. 289-303, 2000.
[3] C.J. Hill, Risk of masquerade arising from the storage of biometrics,
B.S. Thesis, http://chris.fornax.net/biometrics.html
[4] S. Pankanti and M.M. Yeung, Verification watermarks on fingerprint
recognition and retrieval, Proc. SPIE EI, vol. 3657, pp. 66-78, 1999.
[5] A. K. Jain and U. Uludag, Hiding biometric data, IEEE Transactions on
Pattern Analysis and Machine Intelligence, vol. 25, no. 11, pp. 1494-1498,
November 2003.
[6] U. Uludag and A. K. Jain, Attacks on biometric systems:a case study in
fingerprints, in Proc. SPIE, Security, Seganography and Watermarking of
MultimediaContents VI, vol. 5306, pp. 622633, (San Jose, CA), January
2004.
[7] Umut Uludag, Anil K. Jain, Attacks on Biometric Systems: A Case Study
in Fingerprints, http://biometrics.cse.msu.edu
[8] G. Wolberg, Image Morphing: A Survey, The Visual Computer 360
372 (1998).
[9] T. Beier and S. Neely, Feature-Based Image Metamorphosis,
Proceedings of SIGGRAPH, ACM, New York (1992), pp. 3542.