Alignment-free Cancellable Template Generation for Fingerprint based

Authentication

Rumana Nazmul

, Md. Raﬁqul Islam

and Ahsan Raja Chowdhury

Charles Sturt University, Albury, NSW-2640, Australia

Federation University Australia, Mount Helen, VIC-3350, Australia

Keywords:

Biometric Authentication, Cancellable Template, Minutia.

Abstract:

With the emergence and extensive deployment of biometric based user authentication system, ensuring the se-

curity of biometric template is becoming a growing concern in research community. One approach of securing

biometric data is cancellable biometric which transforms the original biometric features into a non-invertible

form for enrolment and matching. However, most of the schemes for generating cancellable template are

alignment-based requiring an accurate alignment of query and enrolled images, which is very difﬁcult to

achieve. In this paper, we propose an alignment-free technique for generating revocable ﬁngerprint template

that exploits the local features i.e., minutiae details in a ﬁngerprint image. A rotation and translation invari-

ant values are extracted from the neighbouring region of each minutia. The invariant values are then used as

inputs in a transformation function and combined with a stored and a user-speciﬁc key based random vectors

using the type and orientation information of the minutiae. Hence, by varying the stored and user-speciﬁc

keys in the transformation, multiple application-speciﬁc templates can be generated to preserve users’ pri-

vacy. Besides, if the transformed template is compromised, a new template can be reissued by assigning

different keys for transformation to achieve revocability. Furthermore, the proposed approach preserves the

actual geometric relationships between the enrolled and query templates even after transformation and offers

reasonable recognition rate. Experiments conducted on FVC2000 DB1 demonstrate that the proposed method

exhibits promising performance in terms of recognition accuracy, computational complexity, security along

with diversity, revocability and non-invertibility that are the key issues of cancellable template generation.

1 INTRODUCTION

Biometrics identiﬁers, due to the distinctiveness and

permanence, have emerged as a convenient and reli-

able technology to verify the identities of the users.

However, there are several vulnerabilities (Wang and

Hu, 2012) and challenges in biometric authentication

that can lead to numeral security breaches and pri-

vacy threats. Due to the strong association between

biometric property and the user’s identity, once a bio-

metric data is compromised, it results in permanent

loss of a subject’s biometrics and consequently, the

lost biometric trait may cause serious privacy threats

(Nagar et al., 2010). Thereby, the revelation of user’s

privacy is one of the major concerns for biometric

template security (Ratha et al., 2007) which drives

the motivation of designing an effective and secure

method for biometric template protection.

Cancellable biometrics is an approach for tem-

plate protection that uses transformed biometric data

instead of the original one for user identiﬁcation and

thereby ensures security and privacy in biometrics.

Although a number of methods for biometric template

protection have been introduced, devising a tech-

nique that provides both privacy protection and ver-

iﬁcation accuracy is still challenging and must have

to satisfy the key issues (i) Diversity: The trans-

formed templates must be dissimilar to ensure non-

linkability and privacy of user’s data stored in differ-

ent databases across different applications (ii) Revo-

cability: A number of different cancellable templates

should be generated from the original biometric so

that a new template can be revoked if the transformed

one is compromised (iii) Non-invertibility: It must

be impossible or computationally hard to retrieve the

original biometric data back from the transformed

template even if the transformation method and the

transformed data are known, and (iv) Performance:

The performance while using transformed templates

should not degrade much than the performance of us-

Nazmul, R., Islam, M. and Chowdhury, A.

Alignment-free Cancellable Template Generation for Fingerprint based Authentication.

DOI: 10.5220/0006614303610366

In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pages 361-366

ISBN: 978-989-758-282-0

361

ing the original biometric template.

By exploiting the geometric invariant value ex-

tracted from the neighbouring region around ﬁnger-

print minutiae and hinging on a stored as well as a

user-speciﬁc key based transformation, we propose

an effective method for cancellable ﬁngerprint tem-

plate generation. The merits of the proposed method

lies in the aspects outlined as: it 1) conceals the bio-

metric data in such a way that it remains irretriev-

able even though an impostor obtains the transformed

template as well as the transformation; 2) satisﬁes

the cancelability and diversity by changing the stored

and user-speciﬁc keys in the transformation; 3) per-

forms matching in the transformed domain without

requiring alignment of the input ﬁngerprint images

prior transformation; 4) preserves the geometric rela-

tionships even after transformation and alleviates the

trade-off between security and performance in recog-

nition accuracy.

Besides, a set of extensive experiments and com-

prehensive testing on ﬁngerprint benchmark dataset

are conducted to analyse the performance, diver-

sity, revocability and non-invertibility of the proposed

method.

2 RELATED WORK

A number of research works have been proposed to

address template protection problem in biometric sys-

tems. Here we provide a brief review on several exist-

ing alignment-based and alignment-free approaches

proposed for ﬁngerprint template protection which

are based on minutiae representation.

Among these approaches, Ratha et al. (Ratha

et al., 2007) pioneered the concept of cancellable tem-

plate generation using Cartesian, polar, and functional

transformation. In Cartesian and polar transforma-

tion methods, a ﬁngerprint was divided into several

grid blocks which were scrambled subsequently. Al-

though the methods were claimed to be non-invertible

due to many-to-one mapping property, these were

successfully degenerated by the work reported in

(Quan et al., 2008) provided that the transformed tem-

plate and parameters are known to the attacker. Fur-

ther, as the minutiae were transformed according to

their positions, alignment between the enrolled and

query images was required to acquire the same trans-

formed image from different impressions of the same

ﬁnger.

A key-based transformation method was proposed

by Ang et al. (Ang et al., 2005) for ﬁngerprint tem-

plate protection. At ﬁrst a core point in the ﬁnger-

print image was determined and then a line through

the core point was speciﬁed. The orientation of the

line depends on the key, where 0 ≤key≤ π. Then by

reﬂecting the minutiae under the line to those above

the line, transformed ﬁngerprint templates were gen-

erated. However, this method required detecting the

accurate location of the core point which was not al-

ways feasible. Furthermore, by retaining the minutiae

above the line intact, the template even after transfor-

mation disclosed some information from the original

ﬁngerprint.

A hash-based transformation method has been

presented by Tulyakov et al. (Tulyakov et al., 2007).

In this method, ﬁngerprint minutiae information was

hashed and matching between enrolled and query ﬁn-

gerprint was performed in the hashed domain subse-

quently. Due to one-way transformation characteristic

of hashing function, reforming the original features

with hash values was computationally hard (Jin et al.,

2012). The method does not need pre-alignment be-

tween the enrolled and query ﬁngerprint templates.

Lee et al. (Lee et al., 2007) proposed a method

for template protection in which translation and ro-

tation invariant values were extracted from the ori-

entation information of neighbouring local region

around each minutia. The obtained invariant values

were then used as inputs into two changing functions.

These functions provided two values that were used

as parameters for translational and rotational move-

ment to transform the original minutia. Finally, the

transformed template was generated by moving each

minutia according to the movements calculated by the

changing functions. However, the performance of this

method degrades for ﬁngerprints of poor quality.

A bit-string was generated from ﬁngerprint minu-

tiae based on minutiae triplets in a method proposed

by Farooq et al. (Farooq et al., 1991). Seven invari-

ant features: the length of three sides, the three angles

between the sides and minutiae orientations and the

height of the triangles were extracted, followed by

quantization and hashing into a binary-string (bits).

To enhance the security of the template, binary-string

was further permuted and encrypted. However, this

method involves the calculation of all possible triple

invariant features which incurs high computational

costs. Jin et al. (Jin et al., 2010) proposed another

bit-string based template generation method that ex-

tracted a set of invariant features from minutiae pairs,

and then applied quantization, histogram binning and

binarization operations to generate a bit-string. Fi-

nally, using a helper data and user’s key based permu-

tation procedure the bit-string was transformed into a

non-invertible template.

Lee et al. (Lee and Kim, 2010) proposed a

minutiae-based bit string for generating ﬁngerprint

ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy

362

template. In this method, a minutia was mapped

into a predeﬁned array which consisted of small cells.

Firstly, a minutia was chosen as reference minutiae

and other minutiae were translated and rotated in or-

der to map the minutiae into the cells based on the po-

sition and orientation of the reference minutia. Next,

each cell containing more than one minutia was set to

1 (otherwise 0) and thus a bits-string was generated

by sequentially visiting the cells in the 3D array. Fi-

nally, the resultant bit-string was permuted using user-

speciﬁc key. The method performs well, however, the

performance degrades when the key is compromised.

Another alignment-free ﬁngerprint hashing algo-

rithm (Das et al., 2012) was proposed which used a

graph, called the Minimum Distance Graph (MDG),

consisting of the inter-minutia minimum distance vec-

tors originating from the core point as a feature set.

However, the performance of this algorithm degrades

for poor quality images due to inaccurate core point

detection.

A non-invertible Randomized Graph-based Ham-

ming Embedding (RGHE) technique (Jin et al., 2014;

Jin et al., 2016) was proposed to generate a secure ﬁn-

gerprint template. This method initially constructed

a set of minutiae vicinity where each minutia vicin-

ity was decomposed into four minutiae triplets. Then

a set of nine geometric invariant features was ex-

tracted from each triplet which were projected onto

a random subspace determined by a pseudorandom

sequence. Finally, using Graph-based Hamming Em-

bedding, the randomized minutia vicinity decomposi-

tion features (RMVD) were embedded into the Ham-

ming space. However, this method requires 36 fea-

ture components for a minutia vicinity, resulting in a

N × 36 features for the entire vicinity set, which is

computationally extensive.

Hence, in the alignment-based methods alignment

between the enrolled and query ﬁngerprint images is

required prior transformation to protect the template.

However, while generating protected templates en-

rolled ﬁngerprint image is transformed in such a way

that it cannot provide any clue to a query ﬁngerprint

for alignment. To overcome this alignment issue, var-

ious alignment-free approaches have been proposed.

From the above literature review, it is noteworthy that

due to transformation applied to achieve irreversiblity,

the performance in recognition accuracy deteriorates,

hence demonstrating the inevitable trade-off between

non-invertibility and performance.

3 PROPOSED METHOD

In this section, our proposed approach for alignment-

free cancellable ﬁngerprint template generation is de-

scribed. Due to the large variation in different im-

pressions of the same ﬁnger, most of the methods re-

quire aligning input images prior to the transforma-

tion in order to obtain the same transformed template

from different impressions. The proposed method,

as a typical indirect approach, derives a set of geo-

metric invariant features from the neighbourhood of

each minutia and hence relinquishes the process of

pre-alignment prior to the transformation in response

to rotational and translational variation. The feature

set of a minutia is then used as an input to a trans-

formation function that combines the feature values

with random offsets to convert into the transformed

form. The random offsets that conceal the local topo-

logical relationship among the neighbouring minutiae

are selected from stored and user-speciﬁc key based

random vectors using the type and orientation infor-

mation of the corresponding minutiae. In the follow-

ing three subsections, we describe the three stages of

the proposed method, namely, Invariant features ex-

traction, Protected template generation and Matching

transformed templates.

3.1 Extraction of Invariant Features

from Fingerprint Minutiae

As the ﬁrst step of cancellable template generation

process, a set of minutiae M = {m

|i = 1, 2, . . . , N}

is extracted to derive the geometric invariant fea-

tures where N = N

or N

denote the number of

minutiae in the enrolled and query images, respec-

tively. To extract the geometrical invariant features,

for each minutia m

in M, a neighbourhood set ℵ

i j

| j = 1, 2, . . . , L} of L nearest neighbours (mea-

sured in terms of Euclidean distance) in its vicin-

ity is constructed. Next, for each neighbour minutia

i.e., m

∈ ℵ

, its distance with m

and with ad-

jacent minutia in ℵ

, denoted by dist

i, j

and d

j, j

respectively, are calculated. Hence, a feature vector

for m

consists of L pairs of two distance values

i.e., {(dist

i,1

, d

1,2

), (dist

i,2

, d

2,3

), . . . , (dist

i,L

, d

L,1

)} as

shown in eq.(1):

[

j=1

i j

(1)

where D

i j

= (dist

i, j

, d

j, j

). This process is con-

tinued for all the minutia in M and all the feature vec-

tors are stacked into a matrix V of size N × L in which

Alignment-free Cancellable Template Generation for Fingerprint based Authentication

363

each row corresponds to the feature vector of a minu-

tia and can be deﬁned as follows:

V =

[

i=1

[

j=1

i, j

(2)

Here, V generated from enrolled or query images

are represented by V

and V

, respectively.

3.2 Protected Template Generation

To generate the cancellable template, the extracted

features that are robust to geometric transformation

are combined with stored and user speciﬁc key-based

random vectors by using the type and orientation in-

formation of minutiae in the region. Let’s consider

be the transformed feature vector of m

as shown

in eq. (3).

[

j=1

i j

(3)

where D

i j

= (dist

i, j

, d

j, j

) and dist

i, j

, d

j, j

can be

deﬁned as follows:

dist

i, j

= dist

i, j

+ M dist

i, j

j, j

= d

j, j

+ M d

j, j

(4)

Here, M dist

i, j

and M d

j, j

are random offsets se-

lected by a transformation function RndTrans. The

extracted feature vector ϑ

along with the type and ori-

entation information of m

and its neighbouring minu-

tiae are used as inputs in RndTr ans. Next, the random

offsets are selected by RndTrans from random vec-

tors generated using two keys as seeds; a stored key

(i.e., PIN)and a user-speciﬁc key (i.e., UPIN). The

entire process is accomplished for N

in the enrollled

image before enrolment and the obtained matrix of

transformed feature vectors V

is considered as the

protected template. In the authentication phase, the

same process repeats for the query image to obtain

. Thus, by storing the transformed feature vector

the proposed technique offers high level of privacy

and protection as the biometric data, i.e., location and

orientation of the minutiae, are not directly revealed.

3.3 Matching Transformed Templates

In authentication phase,the matching algorithm ﬁrst

obtains the correspondence between V

and V

Since an exact one-to-one mapping between V

and

may not be obtained, ﬁnding the maximum possi-

ble κ matched pairs, where κ ≤ min(N

, N

) is the ob-

jective of the matching algorithm. Firstly, each trans-

formed feature vector ϑ

in V

for p = 1, 2, . . . , N

is compared with each vector ϑ

for q = 1, 2, . . . , N

in V

. Let ϑ

and ϑ

be the feature vectors in V

and V

extracted from p-th and q-th minutia of the

enrolled and query images, respectively. Next, if the

number of matched elements (Φ

p,q

) between ϑ

and

is greater than a predeﬁned threshold value, (p, q)

is stored as a matched minutia pair. The whole pro-

cess repeats for each of N

× N

pairs. Subsequently,

a set F is constructed by selecting the best distinct κ

out of N

× N

pairs having number of matched pairs

greater than 1. Finally, if the ratio of the number of

matched elements κ in F and the number of minu-

tiae N

in the query image is more than a threshold

value δ

T h

, the authentication is accepted, otherwise

rejected.

4 EXPERIMENTAL RESULT AND

ANALYSIS

In our experiments, the proposed method is evaluated

in terms of performance in veriﬁcation accuracy and

template security. While evaluating the ﬁrst criteria, it

has been tested how the recognition accuracy varies in

the transformed templates used for matching. In addi-

tion, the proposed method has been examined against

three criteria, namely revocability, diversity and non-

invertibility to evaluate its performance in template

security.

4.1 Experimental Setup

The proposed method has been evaluated using vari-

ous sample ﬁngerprint images available in public do-

main databases (Maltoni et al., 2003), namely, DB1

in FVC-2000. The database comprises of 10 users

having 8 impressions per user and 80 (10 × 8) ﬁn-

gerprint images in total. The ﬁrst impression from

each ﬁnger is considered as the template and the

seven other impressions are used as the query im-

ages. In the proposed method, minutiae points are

extracted from each image in the databases using

the method of (Thai, 2003) that involves image en-

hancement, binarization and thinning as preprocess-

ing steps. In our experiment, the performance of

the proposed method has been measured using False

Acceptance Rate (FAR), Genuine Acceptance Rate

(GAR), False Rejection Rate (FRR) and Equal Er-

ror Rate (ERR). To calculate FRR and GAR, exper-

iments are conducted by comparing the image from

the template set to the corresponding impressions in

the query set. FAR is measured by comparing each

image from the template set to all the images in

ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy

364

the query set except with the impressions from the

same ﬁnger. Apart from these, two more performance

measures namely, Receiver Operating Characteristic

(ROC) curve and genuine-impostor distributions are

used to demonstrate the performance of the proposed

method. The genuine distribution is the score calcu-

lated by comparing the template of each user with the

other impressions of the ﬁngerprint from the same in-

dividual. On the contrary, the imposter distribution

is generated by comparing the template of each user

with the impressions of all other users’ in the query

set (Jin et al., 2012). A clear separability between the

genuine and impostor distributions implies good per-

formance while strong overlapping between the two

indicates poor performance.

4.2 Performance Evaluation in

Recognition Accuracy

As mentioned above, we have investigated the recog-

nition performance before and after the transforma-

tion of the ﬁngerprint images. The FAR vs FRR graph

for the images in FVC2002 DB1-B before and after

transformation are shown in Figure. 1 (a) and 1 (b),

respectively.

100

0 10 20 30 40 50 60

Error Rate

Score

FAR(Before Transformation)

FRR(Before Transformation)

(a) Before Transformation

100

0 10 20 30 40 50 60

Error Rate

Score

FAR(Different key)

FRR(Different key)

(b) After Transformation

Figure 1: (a) The FAR and FRR curve before and (b) after

transformation in FVC2002 DB1-B where EER is denoted

by the intersecting point.

From the experiments we found that the EER be-

fore and after the transformation is 1% and 2%, re-

spectively, which shows that the performance degra-

0.4

0.5

0.6

0.7

0.8

0.9

1.0

0 0.01 0.02 0.03 0.04 0.05 0.06 0.07

GAR (%)

FAR (%)

FVC 2002 DB1-B

Figure 2: ROC Curve for different keys in FVC2002 DB1-

dation in matching caused by transformation is rather

insigniﬁcant for DB1 in FVC-2002. To illustrate the

recognition performance of the proposed method, the

ROC curve in the actual scenario, where each user in

the databases is assigned a different key, is shown in

Figure. 2. Finally, the genuine and the impostor dis-

tributions using different keys are plotted in Figure.

3, which depict that individual users are clearly dis-

tinct from one another. Hence, the experimental result

presented in this section signiﬁes the preservation of

the actual geometric relationship between the original

ﬁngerprint and the transformed templates even after

transformation.

0.00

0.02

0.04

0.06

0.08

0.10

0.12

0.14

0.16

0.00 0.10 0.20 0.30 0.40 0.50 0.60

Distribution (in %)

Score

(a) Genuine Distribution

0.0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.0

0.00 0.10 0.20 0.30 0.40 0.50 0.60

Distribution (in %)

Score

(b) Imposter Distribution

Figure 3: (a) Genuine and (b) Imposter distributions in

FVC2002 DB1-B where all the users are assigned different

keys.

Alignment-free Cancellable Template Generation for Fingerprint based Authentication

365

5 CONCLUSION

In this paper, we have proposed a method for

generating cancellable ﬁngerprint templates to pro-

vide protection to minutiae-based ﬁngerprint data.

The notable contributions of our method are two

folds: alignment-free and excellent recognition per-

formance. The proposed construct preserves the ge-

ometric relationships among the original ﬁngerprint

image in the transformed templates and hence does

not cause performance degradation. Further, the pro-

posed scheme ensures strong security in that given

both the user key and the transformed template, re-

vealing raw ﬁngerprint data is not be feasible. The

stored and user-speciﬁc keys are employed to trans-

form the invariant feature vector and thus diversity

and revocability can be vindicated. Experiments con-

ducted on the public domain database FVC2002-DB1

demonstrate the excellent performance of the pro-

posed method in recognition accuracy, computational

complexity and security.

REFERENCES

Ang, R., Safavi-Naini, R., and McAven, L. (2005). Cance-

lable key-based ﬁngerprint templates. In Australasian

conference on information security and privacy, pages

242–252. Springer.

Das, P., Karthik, K., and Garai, B. C. (2012). A robust

alignment-free ﬁngerprint hashing algorithm based

on minimum distance graphs. Pattern Recognition,

45(9):3373–3388.

Farooq, S. T. F., Mansukhani, P., and Govindaraju, V.

(1991). Symmetric hash functions for secure ﬁnger-

print biometric systems. In Pattern Recognition Let-

ters.

Jin, Z., Lim, M.-H., Teoh, A. B. J., and Goi, B.-M. (2014).

A non-invertible randomized graph-based hamming

embedding for generating cancelable ﬁngerprint tem-

plate. Pattern Recognition Letters, 42:137–147.

Jin, Z., Teoh, A. B. J., Goi, B.-M., and Tay, Y.-H. (2016).

Biometric cryptosystems: A new biometric key bind-

ing and its implementation for ﬁngerprint minutiae-

based representation. Pattern Recognition, 56:50–62.

Jin, Z., Teoh, A. B. J., Ong, T. S., and Tee, C. (2010). A

revocable ﬁngerprint template for security and privacy

preserving. TIIS, 4(6):1327–1342.

Jin, Z., Teoh, A. B. J., Ong, T. S., and Tee, C. (2012). Fin-

gerprint template protection with minutiae-based bit-

string for security and privacy preserving. Expert sys-

tems with applications, 39(6):6157–6167.

Lee, C., Choi, J.-Y., Toh, K.-A., Lee, S., and Kim, J. (2007).

Alignment-free cancelable ﬁngerprint templates based

on local minutiae information. IEEE Transactions on

Systems, Man, and Cybernetics, Part B (Cybernetics),

37(4):980–992.

Lee, C. and Kim, J. (2010). Cancelable ﬁngerprint tem-

plates using minutiae-based bit-strings. Journal of

Network and Computer Applications, 33(3):236–246.

Maltoni, D., Maio, D., Jain, A., and Prabhakar, S. (2003).

Handbook of ﬁngerprint recognition springer. New

York.

Nagar, A., Nandakumar, K., and Jain, A. K. (2010). A

hybrid biometric cryptosystem for securing ﬁnger-

print minutiae templates. Pattern Recognition Letters,

31(8):733–741.

Quan, F., Fei, S., Anni, C., and Feifei, Z. (2008). Crack-

ing cancelable ﬁngerprint template of ratha. In Com-

puter Science and Computational Technology, 2008.

ISCSCT’08. International Symposium on, volume 2,

pages 572–575. IEEE.

Ratha, N. K., Chikkerur, S., Connell, J. H., and Bolle, R. M.

(2007). Generating cancelable ﬁngerprint templates.

IEEE Transactions on pattern analysis and machine

intelligence, 29(4):561–572.

Thai, R. (2003). Fingerprint image enhancement and minu-

tiae extraction. The University of Western Australia.

Tulyakov, S., Farooq, F., Mansukhani, P., and Govindaraju,

V. (2007). Symmetric hash functions for secure ﬁnger-

print biometric systems. Pattern Recognition Letters,

28(16):2427–2436.

Wang, S. and Hu, J. (2012). Alignment-free cancelable

ﬁngerprint template design: A densely inﬁnite-to-

one mapping (ditom) approach. Pattern Recognition,

45(12):4129–4137.

ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy

366