Alignment-free Cancellable Template Generation for Fingerprint based
Authentication
Rumana Nazmul
1
, Md. Rafiqul Islam
1
and Ahsan Raja Chowdhury
2
1
Charles Sturt University, Albury, NSW-2640, Australia
2
Federation University Australia, Mount Helen, VIC-3350, Australia
Keywords:
Biometric Authentication, Cancellable Template, Minutia.
Abstract:
With the emergence and extensive deployment of biometric based user authentication system, ensuring the se-
curity of biometric template is becoming a growing concern in research community. One approach of securing
biometric data is cancellable biometric which transforms the original biometric features into a non-invertible
form for enrolment and matching. However, most of the schemes for generating cancellable template are
alignment-based requiring an accurate alignment of query and enrolled images, which is very difficult to
achieve. In this paper, we propose an alignment-free technique for generating revocable fingerprint template
that exploits the local features i.e., minutiae details in a fingerprint image. A rotation and translation invari-
ant values are extracted from the neighbouring region of each minutia. The invariant values are then used as
inputs in a transformation function and combined with a stored and a user-specific key based random vectors
using the type and orientation information of the minutiae. Hence, by varying the stored and user-specific
keys in the transformation, multiple application-specific templates can be generated to preserve users’ pri-
vacy. Besides, if the transformed template is compromised, a new template can be reissued by assigning
different keys for transformation to achieve revocability. Furthermore, the proposed approach preserves the
actual geometric relationships between the enrolled and query templates even after transformation and offers
reasonable recognition rate. Experiments conducted on FVC2000 DB1 demonstrate that the proposed method
exhibits promising performance in terms of recognition accuracy, computational complexity, security along
with diversity, revocability and non-invertibility that are the key issues of cancellable template generation.
1 INTRODUCTION
Biometrics identifiers, due to the distinctiveness and
permanence, have emerged as a convenient and reli-
able technology to verify the identities of the users.
However, there are several vulnerabilities (Wang and
Hu, 2012) and challenges in biometric authentication
that can lead to numeral security breaches and pri-
vacy threats. Due to the strong association between
biometric property and the user’s identity, once a bio-
metric data is compromised, it results in permanent
loss of a subject’s biometrics and consequently, the
lost biometric trait may cause serious privacy threats
(Nagar et al., 2010). Thereby, the revelation of user’s
privacy is one of the major concerns for biometric
template security (Ratha et al., 2007) which drives
the motivation of designing an effective and secure
method for biometric template protection.
Cancellable biometrics is an approach for tem-
plate protection that uses transformed biometric data
instead of the original one for user identification and
thereby ensures security and privacy in biometrics.
Although a number of methods for biometric template
protection have been introduced, devising a tech-
nique that provides both privacy protection and ver-
ification accuracy is still challenging and must have
to satisfy the key issues (i) Diversity: The trans-
formed templates must be dissimilar to ensure non-
linkability and privacy of user’s data stored in differ-
ent databases across different applications (ii) Revo-
cability: A number of different cancellable templates
should be generated from the original biometric so
that a new template can be revoked if the transformed
one is compromised (iii) Non-invertibility: It must
be impossible or computationally hard to retrieve the
original biometric data back from the transformed
template even if the transformation method and the
transformed data are known, and (iv) Performance:
The performance while using transformed templates
should not degrade much than the performance of us-
Nazmul, R., Islam, M. and Chowdhury, A.
Alignment-free Cancellable Template Generation for Fingerprint based Authentication.
DOI: 10.5220/0006614303610366
In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pages 361-366
ISBN: 978-989-758-282-0
Copyright © 2018 by SCITEPRESS Science and Technology Publications, Lda. All rights reserved
361
ing the original biometric template.
By exploiting the geometric invariant value ex-
tracted from the neighbouring region around finger-
print minutiae and hinging on a stored as well as a
user-specific key based transformation, we propose
an effective method for cancellable fingerprint tem-
plate generation. The merits of the proposed method
lies in the aspects outlined as: it 1) conceals the bio-
metric data in such a way that it remains irretriev-
able even though an impostor obtains the transformed
template as well as the transformation; 2) satisfies
the cancelability and diversity by changing the stored
and user-specific keys in the transformation; 3) per-
forms matching in the transformed domain without
requiring alignment of the input fingerprint images
prior transformation; 4) preserves the geometric rela-
tionships even after transformation and alleviates the
trade-off between security and performance in recog-
nition accuracy.
Besides, a set of extensive experiments and com-
prehensive testing on fingerprint benchmark dataset
are conducted to analyse the performance, diver-
sity, revocability and non-invertibility of the proposed
method.
2 RELATED WORK
A number of research works have been proposed to
address template protection problem in biometric sys-
tems. Here we provide a brief review on several exist-
ing alignment-based and alignment-free approaches
proposed for fingerprint template protection which
are based on minutiae representation.
Among these approaches, Ratha et al. (Ratha
et al., 2007) pioneered the concept of cancellable tem-
plate generation using Cartesian, polar, and functional
transformation. In Cartesian and polar transforma-
tion methods, a fingerprint was divided into several
grid blocks which were scrambled subsequently. Al-
though the methods were claimed to be non-invertible
due to many-to-one mapping property, these were
successfully degenerated by the work reported in
(Quan et al., 2008) provided that the transformed tem-
plate and parameters are known to the attacker. Fur-
ther, as the minutiae were transformed according to
their positions, alignment between the enrolled and
query images was required to acquire the same trans-
formed image from different impressions of the same
finger.
A key-based transformation method was proposed
by Ang et al. (Ang et al., 2005) for fingerprint tem-
plate protection. At first a core point in the finger-
print image was determined and then a line through
the core point was specified. The orientation of the
line depends on the key, where 0 key π. Then by
reflecting the minutiae under the line to those above
the line, transformed fingerprint templates were gen-
erated. However, this method required detecting the
accurate location of the core point which was not al-
ways feasible. Furthermore, by retaining the minutiae
above the line intact, the template even after transfor-
mation disclosed some information from the original
fingerprint.
A hash-based transformation method has been
presented by Tulyakov et al. (Tulyakov et al., 2007).
In this method, fingerprint minutiae information was
hashed and matching between enrolled and query fin-
gerprint was performed in the hashed domain subse-
quently. Due to one-way transformation characteristic
of hashing function, reforming the original features
with hash values was computationally hard (Jin et al.,
2012). The method does not need pre-alignment be-
tween the enrolled and query fingerprint templates.
Lee et al. (Lee et al., 2007) proposed a method
for template protection in which translation and ro-
tation invariant values were extracted from the ori-
entation information of neighbouring local region
around each minutia. The obtained invariant values
were then used as inputs into two changing functions.
These functions provided two values that were used
as parameters for translational and rotational move-
ment to transform the original minutia. Finally, the
transformed template was generated by moving each
minutia according to the movements calculated by the
changing functions. However, the performance of this
method degrades for fingerprints of poor quality.
A bit-string was generated from fingerprint minu-
tiae based on minutiae triplets in a method proposed
by Farooq et al. (Farooq et al., 1991). Seven invari-
ant features: the length of three sides, the three angles
between the sides and minutiae orientations and the
height of the triangles were extracted, followed by
quantization and hashing into a binary-string (bits).
To enhance the security of the template, binary-string
was further permuted and encrypted. However, this
method involves the calculation of all possible triple
invariant features which incurs high computational
costs. Jin et al. (Jin et al., 2010) proposed another
bit-string based template generation method that ex-
tracted a set of invariant features from minutiae pairs,
and then applied quantization, histogram binning and
binarization operations to generate a bit-string. Fi-
nally, using a helper data and user’s key based permu-
tation procedure the bit-string was transformed into a
non-invertible template.
Lee et al. (Lee and Kim, 2010) proposed a
minutiae-based bit string for generating fingerprint
ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy
362
template. In this method, a minutia was mapped
into a predefined array which consisted of small cells.
Firstly, a minutia was chosen as reference minutiae
and other minutiae were translated and rotated in or-
der to map the minutiae into the cells based on the po-
sition and orientation of the reference minutia. Next,
each cell containing more than one minutia was set to
1 (otherwise 0) and thus a bits-string was generated
by sequentially visiting the cells in the 3D array. Fi-
nally, the resultant bit-string was permuted using user-
specific key. The method performs well, however, the
performance degrades when the key is compromised.
Another alignment-free fingerprint hashing algo-
rithm (Das et al., 2012) was proposed which used a
graph, called the Minimum Distance Graph (MDG),
consisting of the inter-minutia minimum distance vec-
tors originating from the core point as a feature set.
However, the performance of this algorithm degrades
for poor quality images due to inaccurate core point
detection.
A non-invertible Randomized Graph-based Ham-
ming Embedding (RGHE) technique (Jin et al., 2014;
Jin et al., 2016) was proposed to generate a secure fin-
gerprint template. This method initially constructed
a set of minutiae vicinity where each minutia vicin-
ity was decomposed into four minutiae triplets. Then
a set of nine geometric invariant features was ex-
tracted from each triplet which were projected onto
a random subspace determined by a pseudorandom
sequence. Finally, using Graph-based Hamming Em-
bedding, the randomized minutia vicinity decomposi-
tion features (RMVD) were embedded into the Ham-
ming space. However, this method requires 36 fea-
ture components for a minutia vicinity, resulting in a
N × 36 features for the entire vicinity set, which is
computationally extensive.
Hence, in the alignment-based methods alignment
between the enrolled and query fingerprint images is
required prior transformation to protect the template.
However, while generating protected templates en-
rolled fingerprint image is transformed in such a way
that it cannot provide any clue to a query fingerprint
for alignment. To overcome this alignment issue, var-
ious alignment-free approaches have been proposed.
From the above literature review, it is noteworthy that
due to transformation applied to achieve irreversiblity,
the performance in recognition accuracy deteriorates,
hence demonstrating the inevitable trade-off between
non-invertibility and performance.
3 PROPOSED METHOD
In this section, our proposed approach for alignment-
free cancellable fingerprint template generation is de-
scribed. Due to the large variation in different im-
pressions of the same finger, most of the methods re-
quire aligning input images prior to the transforma-
tion in order to obtain the same transformed template
from different impressions. The proposed method,
as a typical indirect approach, derives a set of geo-
metric invariant features from the neighbourhood of
each minutia and hence relinquishes the process of
pre-alignment prior to the transformation in response
to rotational and translational variation. The feature
set of a minutia is then used as an input to a trans-
formation function that combines the feature values
with random offsets to convert into the transformed
form. The random offsets that conceal the local topo-
logical relationship among the neighbouring minutiae
are selected from stored and user-specific key based
random vectors using the type and orientation infor-
mation of the corresponding minutiae. In the follow-
ing three subsections, we describe the three stages of
the proposed method, namely, Invariant features ex-
traction, Protected template generation and Matching
transformed templates.
3.1 Extraction of Invariant Features
from Fingerprint Minutiae
As the first step of cancellable template generation
process, a set of minutiae M = {m
i
|i = 1, 2, . . . , N}
is extracted to derive the geometric invariant fea-
tures where N = N
E
or N
Q
denote the number of
minutiae in the enrolled and query images, respec-
tively. To extract the geometrical invariant features,
for each minutia m
i
in M, a neighbourhood set
i
=
{m
i j
| j = 1, 2, . . . , L} of L nearest neighbours (mea-
sured in terms of Euclidean distance) in its vicin-
ity is constructed. Next, for each neighbour minutia
m
j
i.e., m
j
i
, its distance with m
i
and with ad-
jacent minutia in
i
, denoted by dist
i, j
and d
j, j
next
respectively, are calculated. Hence, a feature vector
ϑ
i
for m
i
consists of L pairs of two distance values
i.e., {(dist
i,1
, d
1,2
), (dist
i,2
, d
2,3
), . . . , (dist
i,L
, d
L,1
)} as
shown in eq.(1):
ϑ
i
=
L
[
j=1
D
i j
(1)
where D
i j
= (dist
i, j
, d
j, j
next
). This process is con-
tinued for all the minutia in M and all the feature vec-
tors are stacked into a matrix V of size N × L in which
Alignment-free Cancellable Template Generation for Fingerprint based Authentication
363
each row corresponds to the feature vector of a minu-
tia and can be defined as follows:
V =
N
[
i=1
L
[
j=1
D
i, j
(2)
Here, V generated from enrolled or query images
are represented by V
E
and V
Q
, respectively.
3.2 Protected Template Generation
To generate the cancellable template, the extracted
features that are robust to geometric transformation
are combined with stored and user specific key-based
random vectors by using the type and orientation in-
formation of minutiae in the region. Let’s consider
ϑ
T
i
be the transformed feature vector of m
i
as shown
in eq. (3).
ϑ
T
i
=
L
[
j=1
D
T
i j
(3)
where D
T
i j
= (dist
T
i, j
, d
T
j, j
next
) and dist
T
i, j
, d
T
j, j
next
can be
defined as follows:
dist
T
i, j
= dist
i, j
+ M dist
i, j
d
T
j, j
next
= d
j, j
next
+ M d
j, j
next
(4)
Here, M dist
i, j
and M d
j, j
next
are random offsets se-
lected by a transformation function RndTrans. The
extracted feature vector ϑ
i
along with the type and ori-
entation information of m
i
and its neighbouring minu-
tiae are used as inputs in RndTr ans. Next, the random
offsets are selected by RndTrans from random vec-
tors generated using two keys as seeds; a stored key
(i.e., PIN)and a user-specific key (i.e., UPIN). The
entire process is accomplished for N
E
in the enrollled
image before enrolment and the obtained matrix of
transformed feature vectors V
T
E
is considered as the
protected template. In the authentication phase, the
same process repeats for the query image to obtain
V
T
Q
. Thus, by storing the transformed feature vector
the proposed technique offers high level of privacy
and protection as the biometric data, i.e., location and
orientation of the minutiae, are not directly revealed.
3.3 Matching Transformed Templates
In authentication phase,the matching algorithm first
obtains the correspondence between V
T
E
and V
T
Q
.
Since an exact one-to-one mapping between V
T
E
and
V
T
Q
may not be obtained, finding the maximum possi-
ble κ matched pairs, where κ min(N
E
, N
Q
) is the ob-
jective of the matching algorithm. Firstly, each trans-
formed feature vector ϑ
T
p
in V
T
E
for p = 1, 2, . . . , N
E
is compared with each vector ϑ
T
q
for q = 1, 2, . . . , N
Q
in V
T
Q
. Let ϑ
T
p
and ϑ
T
q
be the feature vectors in V
T
E
and V
T
Q
extracted from p-th and q-th minutia of the
enrolled and query images, respectively. Next, if the
number of matched elements (Φ
p,q
) between ϑ
T
p
and
ϑ
T
q
is greater than a predefined threshold value, (p, q)
is stored as a matched minutia pair. The whole pro-
cess repeats for each of N
E
× N
Q
pairs. Subsequently,
a set F is constructed by selecting the best distinct κ
out of N
E
× N
Q
pairs having number of matched pairs
greater than 1. Finally, if the ratio of the number of
matched elements κ in F and the number of minu-
tiae N
Q
in the query image is more than a threshold
value δ
T h
, the authentication is accepted, otherwise
rejected.
4 EXPERIMENTAL RESULT AND
ANALYSIS
In our experiments, the proposed method is evaluated
in terms of performance in verification accuracy and
template security. While evaluating the first criteria, it
has been tested how the recognition accuracy varies in
the transformed templates used for matching. In addi-
tion, the proposed method has been examined against
three criteria, namely revocability, diversity and non-
invertibility to evaluate its performance in template
security.
4.1 Experimental Setup
The proposed method has been evaluated using vari-
ous sample fingerprint images available in public do-
main databases (Maltoni et al., 2003), namely, DB1
in FVC-2000. The database comprises of 10 users
having 8 impressions per user and 80 (10 × 8) fin-
gerprint images in total. The first impression from
each finger is considered as the template and the
seven other impressions are used as the query im-
ages. In the proposed method, minutiae points are
extracted from each image in the databases using
the method of (Thai, 2003) that involves image en-
hancement, binarization and thinning as preprocess-
ing steps. In our experiment, the performance of
the proposed method has been measured using False
Acceptance Rate (FAR), Genuine Acceptance Rate
(GAR), False Rejection Rate (FRR) and Equal Er-
ror Rate (ERR). To calculate FRR and GAR, exper-
iments are conducted by comparing the image from
the template set to the corresponding impressions in
the query set. FAR is measured by comparing each
image from the template set to all the images in
ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy
364
the query set except with the impressions from the
same finger. Apart from these, two more performance
measures namely, Receiver Operating Characteristic
(ROC) curve and genuine-impostor distributions are
used to demonstrate the performance of the proposed
method. The genuine distribution is the score calcu-
lated by comparing the template of each user with the
other impressions of the fingerprint from the same in-
dividual. On the contrary, the imposter distribution
is generated by comparing the template of each user
with the impressions of all other users’ in the query
set (Jin et al., 2012). A clear separability between the
genuine and impostor distributions implies good per-
formance while strong overlapping between the two
indicates poor performance.
4.2 Performance Evaluation in
Recognition Accuracy
As mentioned above, we have investigated the recog-
nition performance before and after the transforma-
tion of the fingerprint images. The FAR vs FRR graph
for the images in FVC2002 DB1-B before and after
transformation are shown in Figure. 1 (a) and 1 (b),
respectively.
0
10
20
30
40
50
60
70
80
90
100
0 10 20 30 40 50 60
Error Rate
Score
FAR(Before Transformation)
FRR(Before Transformation)
(a) Before Transformation
0
10
20
30
40
50
60
70
80
90
100
0 10 20 30 40 50 60
Error Rate
Score
FAR(Different key)
FRR(Different key)
(b) After Transformation
Figure 1: (a) The FAR and FRR curve before and (b) after
transformation in FVC2002 DB1-B where EER is denoted
by the intersecting point.
From the experiments we found that the EER be-
fore and after the transformation is 1% and 2%, re-
spectively, which shows that the performance degra-
0.4
0.5
0.6
0.7
0.8
0.9
1.0
0 0.01 0.02 0.03 0.04 0.05 0.06 0.07
GAR (%)
FAR (%)
FVC 2002 DB1-B
Figure 2: ROC Curve for different keys in FVC2002 DB1-
B.
dation in matching caused by transformation is rather
insignificant for DB1 in FVC-2002. To illustrate the
recognition performance of the proposed method, the
ROC curve in the actual scenario, where each user in
the databases is assigned a different key, is shown in
Figure. 2. Finally, the genuine and the impostor dis-
tributions using different keys are plotted in Figure.
3, which depict that individual users are clearly dis-
tinct from one another. Hence, the experimental result
presented in this section signifies the preservation of
the actual geometric relationship between the original
fingerprint and the transformed templates even after
transformation.
0.00
0.02
0.04
0.06
0.08
0.10
0.12
0.14
0.16
0.00 0.10 0.20 0.30 0.40 0.50 0.60
Distribution (in %)
Score
(a) Genuine Distribution
0.0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.0
0.00 0.10 0.20 0.30 0.40 0.50 0.60
Distribution (in %)
Score
(b) Imposter Distribution
Figure 3: (a) Genuine and (b) Imposter distributions in
FVC2002 DB1-B where all the users are assigned different
keys.
Alignment-free Cancellable Template Generation for Fingerprint based Authentication
365
5 CONCLUSION
In this paper, we have proposed a method for
generating cancellable fingerprint templates to pro-
vide protection to minutiae-based fingerprint data.
The notable contributions of our method are two
folds: alignment-free and excellent recognition per-
formance. The proposed construct preserves the ge-
ometric relationships among the original fingerprint
image in the transformed templates and hence does
not cause performance degradation. Further, the pro-
posed scheme ensures strong security in that given
both the user key and the transformed template, re-
vealing raw fingerprint data is not be feasible. The
stored and user-specific keys are employed to trans-
form the invariant feature vector and thus diversity
and revocability can be vindicated. Experiments con-
ducted on the public domain database FVC2002-DB1
demonstrate the excellent performance of the pro-
posed method in recognition accuracy, computational
complexity and security.
REFERENCES
Ang, R., Safavi-Naini, R., and McAven, L. (2005). Cance-
lable key-based fingerprint templates. In Australasian
conference on information security and privacy, pages
242–252. Springer.
Das, P., Karthik, K., and Garai, B. C. (2012). A robust
alignment-free fingerprint hashing algorithm based
on minimum distance graphs. Pattern Recognition,
45(9):3373–3388.
Farooq, S. T. F., Mansukhani, P., and Govindaraju, V.
(1991). Symmetric hash functions for secure finger-
print biometric systems. In Pattern Recognition Let-
ters.
Jin, Z., Lim, M.-H., Teoh, A. B. J., and Goi, B.-M. (2014).
A non-invertible randomized graph-based hamming
embedding for generating cancelable fingerprint tem-
plate. Pattern Recognition Letters, 42:137–147.
Jin, Z., Teoh, A. B. J., Goi, B.-M., and Tay, Y.-H. (2016).
Biometric cryptosystems: A new biometric key bind-
ing and its implementation for fingerprint minutiae-
based representation. Pattern Recognition, 56:50–62.
Jin, Z., Teoh, A. B. J., Ong, T. S., and Tee, C. (2010). A
revocable fingerprint template for security and privacy
preserving. TIIS, 4(6):1327–1342.
Jin, Z., Teoh, A. B. J., Ong, T. S., and Tee, C. (2012). Fin-
gerprint template protection with minutiae-based bit-
string for security and privacy preserving. Expert sys-
tems with applications, 39(6):6157–6167.
Lee, C., Choi, J.-Y., Toh, K.-A., Lee, S., and Kim, J. (2007).
Alignment-free cancelable fingerprint templates based
on local minutiae information. IEEE Transactions on
Systems, Man, and Cybernetics, Part B (Cybernetics),
37(4):980–992.
Lee, C. and Kim, J. (2010). Cancelable fingerprint tem-
plates using minutiae-based bit-strings. Journal of
Network and Computer Applications, 33(3):236–246.
Maltoni, D., Maio, D., Jain, A., and Prabhakar, S. (2003).
Handbook of fingerprint recognition springer. New
York.
Nagar, A., Nandakumar, K., and Jain, A. K. (2010). A
hybrid biometric cryptosystem for securing finger-
print minutiae templates. Pattern Recognition Letters,
31(8):733–741.
Quan, F., Fei, S., Anni, C., and Feifei, Z. (2008). Crack-
ing cancelable fingerprint template of ratha. In Com-
puter Science and Computational Technology, 2008.
ISCSCT’08. International Symposium on, volume 2,
pages 572–575. IEEE.
Ratha, N. K., Chikkerur, S., Connell, J. H., and Bolle, R. M.
(2007). Generating cancelable fingerprint templates.
IEEE Transactions on pattern analysis and machine
intelligence, 29(4):561–572.
Thai, R. (2003). Fingerprint image enhancement and minu-
tiae extraction. The University of Western Australia.
Tulyakov, S., Farooq, F., Mansukhani, P., and Govindaraju,
V. (2007). Symmetric hash functions for secure finger-
print biometric systems. Pattern Recognition Letters,
28(16):2427–2436.
Wang, S. and Hu, J. (2012). Alignment-free cancelable
fingerprint template design: A densely infinite-to-
one mapping (ditom) approach. Pattern Recognition,
45(12):4129–4137.
ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy
366