Embed Size (px)
Citation preview
Hindawi Publishing CorporationBioMed Research InternationalVolume 2013 Article ID 623815 12 pageshttpdxdoiorg1011552013623815
Research ArticleSecure Method for Biometric-Based Recognition withIntegrated Cryptographic Functions
Shin-Yan Chiou
Department of Electrical Engineering Chang Gung University 259 Wen-Hwa 1st Road Kwei-Shan Taoyuan 333 Taiwan
Correspondence should be addressed to Shin-Yan Chiou anselmailcguedutw
Received 30 January 2013 Accepted 22 April 2013
Academic Editor Zhirong Sun
Copyright copy 2013 Shin-Yan Chiou This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
Biometric systems refer to biometric technologies which can be used to achieve authentication Unlike cryptography-basedtechnologies the ratio for certification in biometric systems needs not to achieve 100 accuracy However biometric data canonly be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniquesMoreover repeated use improper storage or transmission leaksmay compromise security Prior studies have attempted to combinecryptography and biometrics but these methods require the synchronization of internal systems and are vulnerable to poweranalysis attacks fault-based cryptanalysis and replay attacks This paper presents a new secure cryptographic authenticationmethod using biometric features The proposed system combines the advantages of biometric identification and cryptographictechniques By adding a subsystem to existing biometric recognition systems we can simultaneously achieve the security ofcryptographic technology and the error tolerance of biometric recognitionThismethod can be used for biometric data encryptionsignatures and other types of cryptographic computationThemethod offers a high degree of securitywith protection against poweranalysis attacks fault-based cryptanalysis and replay attacks Moreover it can be used to improve the confidentiality of biologicaldata storage and biodata identification processes Remote biometric authentication can also be safely applied
1 Introduction
Various aspects of everyday life are gradually being digitizedas our life experiences and creative efforts are accumulatedin personal computers digital media devices and mobiledevices People use passwords and other authenticationmethods to protect these collections of personal and poten-tially confidential information Traditional confidentialityand authentication methods (eg personal passwords) areless than secure In addition to requiring the user to remem-ber a variety of passwords which can result in user errorpasswords can be stolen and pure password authentication isvulnerable to unauthorized breach However these problemscan be resolved through the use of ldquophysiological passwordsrdquothrough unique personal biometric identification methodssuch as recognition of the userrsquos face fingerprints personalsignature or iris which are very difficult to either replicateor steal Therefore several biometrics-based remote user au-thentication schemes [1ndash9] have been designed
In general however traditional biometric identificationmethods only allow for direct comparison via a proximal end-user device and cannot be combinedwith cryptographic tech-niques As long as biometric techniques allow for a degreeof tolerance for error the data are subject to disruption ren-dering it impossible to accurately compare the scanned inputwith the original sample In addition registering the biomet-ric feature values of the original biometric data to the bio-metric device for certification may encounter the followingthreats
(1) Hackers could crack the registered biometric featuredata stored on the biometric device
(2) During matching biometric data has a tolerancefor error making it impossible to use more securemeans of encryption such as hash functions to protectbiometric data thus potentially allowing attackers tomonitor private biometric data during the process ofremote authentication
2 BioMed Research International
In 2002 Lee et al [1] proposed a type of remote authen-tication method based on fingerprints and smart cardsHowever this method required precise system time synchro-nization Later in 2003 Kim et al [10] proposed an ID-basedauthentication system integrating smart cards passwordsand fingerprints This system however was vulnerable topower analysis attacks [11] or fault-based cryptanalysis [1 12]At the same time Scott [13] showed how this system wasvulnerable to replay attacks
In 2010 Li and Hwang [7] proposed a biometrics-basedremote user authentication scheme using smart cards How-ever in 2011 Das [8] pointed out that their scheme is insecuredue to the security drawbacks in password change phase andin verification of biometrics and proposed another improvedscheme which provides mutual authentication and is secureagainst attacks of server masquerading parallel session andthe stolen password However in 2012 An [9] showed thatDasrsquos scheme [8] does not provide mutual authenticationand is vulnerable to various attacks and proposed enhancedscheme to solve their security problems
This paper presents a new secure authentication methodapplying cryptographic techniques to biometric feature Theproposed method combines the advantages of biometricidentification and cryptography By adding a subsystem toexisting biometric systems the proposed approach achievesthe high security of cryptographic techniques and the toler-ance for error of biometric recognition
For example this method can be combined with dual-factor biometric and cryptographic identification to achievesecurityThis not only simultaneously provides biometric andcryptography authentication but also during the authenti-cation process protects the biometric data through cryp-tographic encryption (eg hash) This method provides ahigh degree of security and is resistant to power analysisattacks fault-based cryptanalysis and replay attacks Becausethe proposed method can be combined with cryptographictechniques the biometric authentication can also applycryptography techniques to ensure secure remote biometricmatching
Once the method has been integrated if an attacker seeksto force access to obtain the databasersquos presaved biometricfeature data the attacker can only get access to the hashed orencrypted confidential information By applying thismethodbiometrics can be combined with a cryptographic systemthus enhancing the secure storage and use of biologicalfeature data and effectively preventing malicious programsor attackers from stealing the biometric values or posing aslegitimate users
The proposed method combines biometrics matchingto achieve cryptographic functions such as encryption au-thentication identification signature hash and key gen-eration which can be used in banks to replace IC cardsseals and other means of dual identification thus ensuringprivacy integrity nonrepudiation and so forth These tech-nologies can be implemented through hardware or softwareapplications and combine biometric systems in current useThus the contributions of the proposed method are asfollows
(1) Simultaneously achieve the functions of cryptographytechnology and biometric recognition
(2) Cryptography operations for biometric data encryp-tion signatures and so forth
(3) Error tolerance in biometric data matching(4) Easily integrated into existing biometric systems(5) Strengthens the confidentiality of biometric data stor-
age Even if an attacker accesses the registered bio-metric data stored in the biometric device he will beunable to decrypt the biometric data or impersonatean authorized user
(6) Strengthens the confidentiality of biological informa-tion in the recognition process Even if an attackerintercepts data during the biometric matching pro-cess he will be unable to decrypt the biometric dataor impersonate an authorized user
(7) Reduces vulnerability to power analysis attacks fault-based cryptanalysis and replay attacks
(8) Can be safely used to maintain confidentiality in re-mote biometric authentication Even if an attackereavesdrops during the remote authentication processhe will be unable to access biometric data or imper-sonate an authorized user
(9) Combines biometric recognition with cryptographytechnology but does not influence the error acceptrate (EAR) or error reject rate (ERR) of the originalbiometric recognition
11 Difference between Biometric Recognition and Cryptog-raphy Authentication Biometric systems refer to the use ofbiometric recognition technology to authenticate a personrsquosidentity through his or her unique biological characteristics(eg fingerprints palm prints iris personal signature) in lieuof a password This approach can thus authenticate the userrsquosidentity without requiring the user to remember multiplepasswords This authentication method usually first obtainsa threshold range to discriminate between acceptable andunacceptable inputs However repeated use improper stor-age or transmission leaks may compromise security
The difference with cryptographic technology is thatthese authentication ratios do not need to achieve 100accuracyThat is a certain degree of error in data matching istolerated (Biometric and cryptography authenticationmeth-ods are compared in Table 1)
2 Related Work
21 Traditional Biometric Methods As shown in Figure 1 theprocesses of traditional biometric methods include the fol-lowing subsystems (1) data collection (2) signal processing(3) biometric feature extraction (4) biometric feature regis-trationbiometric feature input and (5) matching and deci-sion (ie comparing biometric features to determinewhetherthey match) Generally speaking one needs to first regis-terstore biometric feature data (in the registration phase)for matching Once this is completed the biometric device
BioMed Research International 3
Datacollection
Signalprocessing
registration input
No
Biometricfeature
extraction
Registration phase Matching phase
Comparebiometric
feature
Whether thebiometric data match
each other
Authenticationsucceeded failed
Yes
Datacollection
Signalprocessing
Biometricfeature
extraction
Biometricfeature
Biometricfeature
Authentication
Figure 1 The processing of a conventional biometric method
allows the user to input his or her biometric feature data (inthematching phase) for comparison of the biometric featuresagainst those in the registration phase (in the compare bi-ometric feature function) to determine if they match Ifthe biometrics of the prestored biometric features in theregistration phase and those in the matching phase inputtedby the user are found to match then the device outputs arecognition result of ldquoAuthentication Successfulrdquo Otherwisethe biometric device outputs a recognition result of ldquoAuthen-tication Failedrdquo Generally speaking the steps in the reg-istration phase and in the matching phase are processedsimilarly For example the matching phase is divided into thefollowing steps data collection signal processing biometricfeature extraction and biometric feature input In terms ofbiometric featurematching for thematching of the biometricfeature registration data and the biometric feature input databiometric authentication usually determines acceptabilitybased on a threshold value
Biometrics differs from cryptographic techniques in thatfor biometric authentication the ratio of credential matchingdoes not need to be 100 that is the match between the twodata sets can tolerate a certain degree of error For example
Table 1 Comparison between biometrics recognition and cryptog-raphy authentication
Cryptographyauthentication
Biometricsrecognition
Authenticationmethod Digital Analog
Authenticationrule
Without errortolerance With error tolerance
Data processing Data is disordered Data is processed butnot disordered
Adoption ofcryptographytechnique
Data can beencrypted and signed
Data cannot beencrypted or signed
suppose a registered biometric feature of 35 and a thresholdvalue of 5 if the inputted biometric feature is within therange of 30 to 40 it is considered a biometric match withthe registered biometric feature However if the biometricdata is below 30 or exceeds 40 it is determined to be incon-sistent with the registered feature values In cryptographic
4 BioMed Research International
11990141198711199013119871 1199012119871
1199011119871
119901119870119871119871
119901119870119871minus1119871
11990121 1199012111990111
11990111987011
1199011198701minus11
120579119901119894
1199030
119903119871minus1
1198993 1198992
1198991
1198995
1198994
1199031198943
1199031198942
1206011198941
120572119894
1205931198941119901119894
11990311989411199031198945
1199031198944 12059311989441206011198944
Figure 2 Structural matching methods
authentication if the registered password is 35 and the inputvalue is 37 the input is considered to be inconsistent with theregistered password and the only allowable match would bean input value of 35
As shown in Figure 1 the biometric processing deviceintegrated with cryptographic technology consists of thefollowing five parts (1) data collection subsystem (2) signalprocessing subsystem (3) biometric feature extraction sub-system (4) biometric feature registrationinput subsystemand (5) matching and decision subsystem
(1) Data Collection SubsystemThe data collection subsystem collects the registeredbiometrics (eg fingerprints facial image iris image)formatching with the input biometricThe subsystemgenerally uses a biometric sensor to read one or moreaspects of the subjectrsquos biometric data
(2) Signal Processing SubsystemThe signal processing subsystem reads the biometricsand processes them through actions such as Gaussiansmoothing histogram equalization normalizationbinarization opening thinning thinning repair andfeature point retrieval
(3) Biometric Feature Extraction SubsystemA given biometric consists of many types of fea-tures such as the terminal and bifurcation points offingerprint minutiae General algorithms are usedto retrieve the terminal and bifurcation points forfeature matching The biometric feature extractionsubsystem is used to match the feature points orfeature values of the retrieved biometric features
(4) Biometric Feature RegistrationInput SubsystemThe biometric feature registration subsystem storesthe processed biometric features for future identifi-cation The biometric feature input subsystem storesthe inputted and processed biometric features forcomparison in next step
Table 2 Eight types of fingerprint minutiae
Terminal Bifurcation Short ridge Crossover
Spur Dot Island Bridge
(5) Matching and Decision SubsystemThe matching and decision subsystem matches theinputted and processed biometric features with theregistered biometric features stored in the database Ifthematchmeets the required conditions thematch isvalidated
22 Fingerprint Recognition Biometric identification can beaccomplished through the recognition of various charac-teristics including fingerprints and palm prints Fingerprintminutiae are composed of the fine geometric features createdby fingerprint ridges Early on Galton proposed identifyingfingerprints based on four types of features the beginningsand ends of ridges forks islands and enclosures HoweverHrechak and Mchugh later proposed the use of eight minu-tiae terminals bifurcation short ridges crossovers spursdots islands and bridges (see Table 2)
Fingerprint recognition uses minutiae-matching algo-rithms such as the alignment-based matching algorithm[14] the Gabor filter-based approach [15] and the structuralmatching algorithm [16ndash19] Among these the structuralmatching algorithm (see Figure 2) is roughly divided into twostages The first stage uses local feature matching to identifya central feature point with a positioning effect while thesecond stage compares all the features at this central pointand calculates a matching score
BioMed Research International 5
23 Biometric-Based Cryptographic Key Generation Changet al [20] proposed using a collected number of biometrics asa training sample to achieve ldquobiometric-based cryptographickey generationrdquo As shown in Figures 3 and 4 this methoduses multiple biometrics (including those for legitimate us-ers) to find a conversion set through a mechanism whichidentifies highly distinguishing features This allows eachone-dimensional feature of the postbiometric conversion toeffectively distinguish between legitimate and illegitimateusers The average features of legitimate users are then usedto authenticate the identity of the legitimate user as a mecha-nism for generatingmultibyte passwords (This group conver-sion must be stored in the biometric database) However thisapproach must be applied to the biometric data of multipleusers to achieve differentiation Also because the error valuecalculation is determined based on the mean and varianceof each biometric therefore each user must provide multiplebiometric samples to generate the associated means andvariances
24 Fuzzy Extractors Dodis et al [21] proposed a crypto-graphic key generation mechanism called fuzzy extractorsThis system uses biometric values and self-selected authen-tication values as input data During recognition it uses acryptographic key and self-selected authentication values torecognize biometric values within a set error range Fur-thermore this system can use cryptographic keys and inputbiometric values (within a predetermined error range) torestore the original biometric values
As shown in Figure 5 this method first selects an au-thentication value 119909 and then uses the Gen function with 119909
and the registered biometric value 119908 to generate a key V asfollows
Gen V = 119908 oplus 119862 (119909) (1)where 119862(sdot) is the encoding function of a type of errorcorrection code (eg Hamming code)
Next within an error range 119905 using the Rep functioncauses V and 119909 to recognize the inputted biometric value1199081015840 (where distance (119908 119908
1015840) le 119905) The Rep function is as
follows
Rep 119863 (1199081015840oplus V) = 119909 (2)
where119863(sdot) is a type of error correction decoding functionIn case the original biometric value 119908 is lost 119908 can be
restored through inputting biometric value 1199081015840 of the crypto-graphic key V and the error range 119905 through the Rec functionThe Rec function is as follows
Rec Rec (1199081015840 V) = V oplus 119862 (119863 (1199081015840oplus V)) = 119908
∘ (3)
However this method cannot be integrated into currentbiometric systems Moreover this methodrsquos operating systemnot only requires the use of key V and authentication value119909 to perform authentication (and thus requires the storageof key V) but this comparison method is also vulnerable toleaking biometric value119908 (through the use of biometric value1199081015840 and key V)
Distinguishablefeature
generationStable keygeneration
Uniquekey
Biometricfeatures
Figure 3 Structure of cryptography key generation based on bio-metric features
25 Application to Combine Iris Recognition and Cryptogra-phy Hao et al [22] proposed an application combining irisrecognition and cryptography (see Figure 6)The concept forthis method is similar to that of the fuzzy extractor in thatthey both use an error control code to accept biometric valueswithin a range of errors
This system first uses a cryptographic key 120581 and the irisbiometric value 120579ref to obtain the authentication value 120579lockand stores 120579lock and the keyrsquos hash value ℎ(120581) in the IC cardbased on the following relationship
120579lock = 120579ps oplus 120579ref (4)
where 120579ps is the value for the key 120581 via RS and Hadamarkcoding
During recognition the XOR value of 120579lock and the in-putted iris biometric value 120579sam can be decoded as 1205811015840 throughRS and Hadamark decoding to determine if ℎ(1205811015840) is equalto ℎ(120581) If the difference between the inputted iris biometricvalue 120579sam and the original iris biometric value 120579ref is less thanor equal to a tolerable error range of the error control codethus the input will be decoded as the original 120581 value andconsidered correct
However this method is only suitable for iris matchingand cannot be directly combined with existing systems TheRS code is used as a means to calculate network transmissionerrors for each byte which differs from error calculationmethods in other biometric environments
3 Proposed Scheme
Thispaper presents a secure cryptography-integrated biomet-ric recognition method with cryptographic functions Thismethod is able to integrate biometric matching with cryp-tographic technology to achieve dual-factor authenticationThis integrated technology can also be combined with moreadvanced cryptographic techniques to produce more secureand diverse applications The proposed method is dividedinto two parts for description purposes The first part isbasic process of improved biometric security (IBS) while thesecond part is advanced process of integrated cryptographictechnology (ICT)
The IBS process is divided into two phases the registra-tion phase and the matching phase The registration phasefirst provides a set of biometric data Based on a thresholdvalue 119905 we define several numerical ranges each of whichhas a quantization value If the biometric data fall within oneof these numerical ranges then the quantized value for thatnumerical range is used as a quantized feature data to replacethe biometric feature dataNext one-way function operationsare used to convert the quantized feature data to hashedfeature data (119867
119865)Then the difference between the quantized
6 BioMed Research International
000 001 010 011 100 101 110 111
LBAuthentic
region RB
Global featuredistribution
Authentic featuredistribution
Featurespace
119898119892 minus 119896119892120590119892 119898119886 minus 119896119886120590119886 119898119886 + 119896119886120590119886119898119892 + 119896119892120590119892
Figure 4 Example of cryptography key generation mechanism
Gen
Rec
Rep
119908 119909 119908998400
Figure 5 Fuzzy exactor
feature data and the biometric data is calculated to obtain anadjustment value (119881AD) Finally this adjustment value119881AD isstored with the hashed feature data119867
119865
Matching phase and registration phase are largely similarFirst we provide a registered hashed feature data 119867
119865and
adjustment value 119881AD and the biometric data is then cap-turedThebiometric data is adjusted based on this adjustmentvalue 119881AD Next (similarly) based on the threshold value 119905multiple numerical ranges are defined each of which is aquantized value If the adjusted biometric data fall withinone of the numerical ranges then the quantized value ofthis value range is taken as the quantized feature to replacethe adjusted biometric data This is followed by one-wayfunction operations to convert the quantized feature intohashed feature data1198671015840
119865 Finally the registered hashed data119867
119865
is compared with the hashed feature data1198671015840119865
In the ICT process the biometric data must first gothrough IBS process before it can be used in this processThisprocess integrates the cryptography technology for signatureapplication using the biometric data which is composed ofthe ldquoregistrationrdquo and ldquosignature and verificationrdquo stages Theapplication provides biometric-based cryptographic fields forthe signatory and the verifier
Before describing the processes of IBS and ICT we definethe notations used in our proposed protocol in Table 3
31 Process of Improved Biometric Security (IBS) To improvethe security of storage of biometric feature data biometricfeature values must first be processed before being integrated
Table 3 Notations
Notations Meaning119905 Threshold value
119901
The interval of the quantitativemode
1199081199081015840 Biometric feature extraction data1199081199021199081015840119902
Data after value quantization119908119886
Fine-tuned valuesID119860
The ID of user APK119860
The public key of user A
119882119864
Internal registered biodata to berecognized
119882119868
Input biodata for matching theinternal biodata
119882(119895)
119864119882(119895)
119868119882119864119882119868in the stage j
119882(119895)
119864119894119882(119895)119868119894
Related data value of the ith pointof119882(119895)119864119882(119895)119868
cert119860
Certificate of user Atime Validity period of certificate
119899119860
Product of two large primes as Arsquosparameters
ℎ(sdot)
Cryptographic one-way hashfunction
lfloorsdotrfloor Floor function
[sdot]PKEncryption function using publickey PK
sigSK(sdot) Signature using private key SK
with cryptography technology This method uses numeri-cal quantization and quantization adjustment processes toensure that all acceptable values within the threshold arequantified to the same value without compromising securityThis quality can use hash or encryption functions to preventthe theft or leakage of the registered data prestored in thedatabaseDuringmatching the valuesmust be exactly correctin order to pass thus improving the comparison rate of
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
2 BioMed Research International
In 2002 Lee et al [1] proposed a type of remote authen-tication method based on fingerprints and smart cardsHowever this method required precise system time synchro-nization Later in 2003 Kim et al [10] proposed an ID-basedauthentication system integrating smart cards passwordsand fingerprints This system however was vulnerable topower analysis attacks [11] or fault-based cryptanalysis [1 12]At the same time Scott [13] showed how this system wasvulnerable to replay attacks
In 2010 Li and Hwang [7] proposed a biometrics-basedremote user authentication scheme using smart cards How-ever in 2011 Das [8] pointed out that their scheme is insecuredue to the security drawbacks in password change phase andin verification of biometrics and proposed another improvedscheme which provides mutual authentication and is secureagainst attacks of server masquerading parallel session andthe stolen password However in 2012 An [9] showed thatDasrsquos scheme [8] does not provide mutual authenticationand is vulnerable to various attacks and proposed enhancedscheme to solve their security problems
This paper presents a new secure authentication methodapplying cryptographic techniques to biometric feature Theproposed method combines the advantages of biometricidentification and cryptography By adding a subsystem toexisting biometric systems the proposed approach achievesthe high security of cryptographic techniques and the toler-ance for error of biometric recognition
For example this method can be combined with dual-factor biometric and cryptographic identification to achievesecurityThis not only simultaneously provides biometric andcryptography authentication but also during the authenti-cation process protects the biometric data through cryp-tographic encryption (eg hash) This method provides ahigh degree of security and is resistant to power analysisattacks fault-based cryptanalysis and replay attacks Becausethe proposed method can be combined with cryptographictechniques the biometric authentication can also applycryptography techniques to ensure secure remote biometricmatching
Once the method has been integrated if an attacker seeksto force access to obtain the databasersquos presaved biometricfeature data the attacker can only get access to the hashed orencrypted confidential information By applying thismethodbiometrics can be combined with a cryptographic systemthus enhancing the secure storage and use of biologicalfeature data and effectively preventing malicious programsor attackers from stealing the biometric values or posing aslegitimate users
The proposed method combines biometrics matchingto achieve cryptographic functions such as encryption au-thentication identification signature hash and key gen-eration which can be used in banks to replace IC cardsseals and other means of dual identification thus ensuringprivacy integrity nonrepudiation and so forth These tech-nologies can be implemented through hardware or softwareapplications and combine biometric systems in current useThus the contributions of the proposed method are asfollows
(1) Simultaneously achieve the functions of cryptographytechnology and biometric recognition
(2) Cryptography operations for biometric data encryp-tion signatures and so forth
(3) Error tolerance in biometric data matching(4) Easily integrated into existing biometric systems(5) Strengthens the confidentiality of biometric data stor-
age Even if an attacker accesses the registered bio-metric data stored in the biometric device he will beunable to decrypt the biometric data or impersonatean authorized user
(6) Strengthens the confidentiality of biological informa-tion in the recognition process Even if an attackerintercepts data during the biometric matching pro-cess he will be unable to decrypt the biometric dataor impersonate an authorized user
(7) Reduces vulnerability to power analysis attacks fault-based cryptanalysis and replay attacks
(8) Can be safely used to maintain confidentiality in re-mote biometric authentication Even if an attackereavesdrops during the remote authentication processhe will be unable to access biometric data or imper-sonate an authorized user
(9) Combines biometric recognition with cryptographytechnology but does not influence the error acceptrate (EAR) or error reject rate (ERR) of the originalbiometric recognition
11 Difference between Biometric Recognition and Cryptog-raphy Authentication Biometric systems refer to the use ofbiometric recognition technology to authenticate a personrsquosidentity through his or her unique biological characteristics(eg fingerprints palm prints iris personal signature) in lieuof a password This approach can thus authenticate the userrsquosidentity without requiring the user to remember multiplepasswords This authentication method usually first obtainsa threshold range to discriminate between acceptable andunacceptable inputs However repeated use improper stor-age or transmission leaks may compromise security
The difference with cryptographic technology is thatthese authentication ratios do not need to achieve 100accuracyThat is a certain degree of error in data matching istolerated (Biometric and cryptography authenticationmeth-ods are compared in Table 1)
2 Related Work
21 Traditional Biometric Methods As shown in Figure 1 theprocesses of traditional biometric methods include the fol-lowing subsystems (1) data collection (2) signal processing(3) biometric feature extraction (4) biometric feature regis-trationbiometric feature input and (5) matching and deci-sion (ie comparing biometric features to determinewhetherthey match) Generally speaking one needs to first regis-terstore biometric feature data (in the registration phase)for matching Once this is completed the biometric device
BioMed Research International 3
Datacollection
Signalprocessing
registration input
No
Biometricfeature
extraction
Registration phase Matching phase
Comparebiometric
feature
Whether thebiometric data match
each other
Authenticationsucceeded failed
Yes
Datacollection
Signalprocessing
Biometricfeature
extraction
Biometricfeature
Biometricfeature
Authentication
Figure 1 The processing of a conventional biometric method
allows the user to input his or her biometric feature data (inthematching phase) for comparison of the biometric featuresagainst those in the registration phase (in the compare bi-ometric feature function) to determine if they match Ifthe biometrics of the prestored biometric features in theregistration phase and those in the matching phase inputtedby the user are found to match then the device outputs arecognition result of ldquoAuthentication Successfulrdquo Otherwisethe biometric device outputs a recognition result of ldquoAuthen-tication Failedrdquo Generally speaking the steps in the reg-istration phase and in the matching phase are processedsimilarly For example the matching phase is divided into thefollowing steps data collection signal processing biometricfeature extraction and biometric feature input In terms ofbiometric featurematching for thematching of the biometricfeature registration data and the biometric feature input databiometric authentication usually determines acceptabilitybased on a threshold value
Biometrics differs from cryptographic techniques in thatfor biometric authentication the ratio of credential matchingdoes not need to be 100 that is the match between the twodata sets can tolerate a certain degree of error For example
Table 1 Comparison between biometrics recognition and cryptog-raphy authentication
Cryptographyauthentication
Biometricsrecognition
Authenticationmethod Digital Analog
Authenticationrule
Without errortolerance With error tolerance
Data processing Data is disordered Data is processed butnot disordered
Adoption ofcryptographytechnique
Data can beencrypted and signed
Data cannot beencrypted or signed
suppose a registered biometric feature of 35 and a thresholdvalue of 5 if the inputted biometric feature is within therange of 30 to 40 it is considered a biometric match withthe registered biometric feature However if the biometricdata is below 30 or exceeds 40 it is determined to be incon-sistent with the registered feature values In cryptographic
4 BioMed Research International
11990141198711199013119871 1199012119871
1199011119871
119901119870119871119871
119901119870119871minus1119871
11990121 1199012111990111
11990111987011
1199011198701minus11
120579119901119894
1199030
119903119871minus1
1198993 1198992
1198991
1198995
1198994
1199031198943
1199031198942
1206011198941
120572119894
1205931198941119901119894
11990311989411199031198945
1199031198944 12059311989441206011198944
Figure 2 Structural matching methods
authentication if the registered password is 35 and the inputvalue is 37 the input is considered to be inconsistent with theregistered password and the only allowable match would bean input value of 35
As shown in Figure 1 the biometric processing deviceintegrated with cryptographic technology consists of thefollowing five parts (1) data collection subsystem (2) signalprocessing subsystem (3) biometric feature extraction sub-system (4) biometric feature registrationinput subsystemand (5) matching and decision subsystem
(1) Data Collection SubsystemThe data collection subsystem collects the registeredbiometrics (eg fingerprints facial image iris image)formatching with the input biometricThe subsystemgenerally uses a biometric sensor to read one or moreaspects of the subjectrsquos biometric data
(2) Signal Processing SubsystemThe signal processing subsystem reads the biometricsand processes them through actions such as Gaussiansmoothing histogram equalization normalizationbinarization opening thinning thinning repair andfeature point retrieval
(3) Biometric Feature Extraction SubsystemA given biometric consists of many types of fea-tures such as the terminal and bifurcation points offingerprint minutiae General algorithms are usedto retrieve the terminal and bifurcation points forfeature matching The biometric feature extractionsubsystem is used to match the feature points orfeature values of the retrieved biometric features
(4) Biometric Feature RegistrationInput SubsystemThe biometric feature registration subsystem storesthe processed biometric features for future identifi-cation The biometric feature input subsystem storesthe inputted and processed biometric features forcomparison in next step
Table 2 Eight types of fingerprint minutiae
Terminal Bifurcation Short ridge Crossover
Spur Dot Island Bridge
(5) Matching and Decision SubsystemThe matching and decision subsystem matches theinputted and processed biometric features with theregistered biometric features stored in the database Ifthematchmeets the required conditions thematch isvalidated
22 Fingerprint Recognition Biometric identification can beaccomplished through the recognition of various charac-teristics including fingerprints and palm prints Fingerprintminutiae are composed of the fine geometric features createdby fingerprint ridges Early on Galton proposed identifyingfingerprints based on four types of features the beginningsand ends of ridges forks islands and enclosures HoweverHrechak and Mchugh later proposed the use of eight minu-tiae terminals bifurcation short ridges crossovers spursdots islands and bridges (see Table 2)
Fingerprint recognition uses minutiae-matching algo-rithms such as the alignment-based matching algorithm[14] the Gabor filter-based approach [15] and the structuralmatching algorithm [16ndash19] Among these the structuralmatching algorithm (see Figure 2) is roughly divided into twostages The first stage uses local feature matching to identifya central feature point with a positioning effect while thesecond stage compares all the features at this central pointand calculates a matching score
BioMed Research International 5
23 Biometric-Based Cryptographic Key Generation Changet al [20] proposed using a collected number of biometrics asa training sample to achieve ldquobiometric-based cryptographickey generationrdquo As shown in Figures 3 and 4 this methoduses multiple biometrics (including those for legitimate us-ers) to find a conversion set through a mechanism whichidentifies highly distinguishing features This allows eachone-dimensional feature of the postbiometric conversion toeffectively distinguish between legitimate and illegitimateusers The average features of legitimate users are then usedto authenticate the identity of the legitimate user as a mecha-nism for generatingmultibyte passwords (This group conver-sion must be stored in the biometric database) However thisapproach must be applied to the biometric data of multipleusers to achieve differentiation Also because the error valuecalculation is determined based on the mean and varianceof each biometric therefore each user must provide multiplebiometric samples to generate the associated means andvariances
24 Fuzzy Extractors Dodis et al [21] proposed a crypto-graphic key generation mechanism called fuzzy extractorsThis system uses biometric values and self-selected authen-tication values as input data During recognition it uses acryptographic key and self-selected authentication values torecognize biometric values within a set error range Fur-thermore this system can use cryptographic keys and inputbiometric values (within a predetermined error range) torestore the original biometric values
As shown in Figure 5 this method first selects an au-thentication value 119909 and then uses the Gen function with 119909
and the registered biometric value 119908 to generate a key V asfollows
Gen V = 119908 oplus 119862 (119909) (1)where 119862(sdot) is the encoding function of a type of errorcorrection code (eg Hamming code)
Next within an error range 119905 using the Rep functioncauses V and 119909 to recognize the inputted biometric value1199081015840 (where distance (119908 119908
1015840) le 119905) The Rep function is as
follows
Rep 119863 (1199081015840oplus V) = 119909 (2)
where119863(sdot) is a type of error correction decoding functionIn case the original biometric value 119908 is lost 119908 can be
restored through inputting biometric value 1199081015840 of the crypto-graphic key V and the error range 119905 through the Rec functionThe Rec function is as follows
Rec Rec (1199081015840 V) = V oplus 119862 (119863 (1199081015840oplus V)) = 119908
∘ (3)
However this method cannot be integrated into currentbiometric systems Moreover this methodrsquos operating systemnot only requires the use of key V and authentication value119909 to perform authentication (and thus requires the storageof key V) but this comparison method is also vulnerable toleaking biometric value119908 (through the use of biometric value1199081015840 and key V)
Distinguishablefeature
generationStable keygeneration
Uniquekey
Biometricfeatures
Figure 3 Structure of cryptography key generation based on bio-metric features
25 Application to Combine Iris Recognition and Cryptogra-phy Hao et al [22] proposed an application combining irisrecognition and cryptography (see Figure 6)The concept forthis method is similar to that of the fuzzy extractor in thatthey both use an error control code to accept biometric valueswithin a range of errors
This system first uses a cryptographic key 120581 and the irisbiometric value 120579ref to obtain the authentication value 120579lockand stores 120579lock and the keyrsquos hash value ℎ(120581) in the IC cardbased on the following relationship
120579lock = 120579ps oplus 120579ref (4)
where 120579ps is the value for the key 120581 via RS and Hadamarkcoding
During recognition the XOR value of 120579lock and the in-putted iris biometric value 120579sam can be decoded as 1205811015840 throughRS and Hadamark decoding to determine if ℎ(1205811015840) is equalto ℎ(120581) If the difference between the inputted iris biometricvalue 120579sam and the original iris biometric value 120579ref is less thanor equal to a tolerable error range of the error control codethus the input will be decoded as the original 120581 value andconsidered correct
However this method is only suitable for iris matchingand cannot be directly combined with existing systems TheRS code is used as a means to calculate network transmissionerrors for each byte which differs from error calculationmethods in other biometric environments
3 Proposed Scheme
Thispaper presents a secure cryptography-integrated biomet-ric recognition method with cryptographic functions Thismethod is able to integrate biometric matching with cryp-tographic technology to achieve dual-factor authenticationThis integrated technology can also be combined with moreadvanced cryptographic techniques to produce more secureand diverse applications The proposed method is dividedinto two parts for description purposes The first part isbasic process of improved biometric security (IBS) while thesecond part is advanced process of integrated cryptographictechnology (ICT)
The IBS process is divided into two phases the registra-tion phase and the matching phase The registration phasefirst provides a set of biometric data Based on a thresholdvalue 119905 we define several numerical ranges each of whichhas a quantization value If the biometric data fall within oneof these numerical ranges then the quantized value for thatnumerical range is used as a quantized feature data to replacethe biometric feature dataNext one-way function operationsare used to convert the quantized feature data to hashedfeature data (119867
119865)Then the difference between the quantized
6 BioMed Research International
000 001 010 011 100 101 110 111
LBAuthentic
region RB
Global featuredistribution
Authentic featuredistribution
Featurespace
119898119892 minus 119896119892120590119892 119898119886 minus 119896119886120590119886 119898119886 + 119896119886120590119886119898119892 + 119896119892120590119892
Figure 4 Example of cryptography key generation mechanism
Gen
Rec
Rep
119908 119909 119908998400
Figure 5 Fuzzy exactor
feature data and the biometric data is calculated to obtain anadjustment value (119881AD) Finally this adjustment value119881AD isstored with the hashed feature data119867
119865
Matching phase and registration phase are largely similarFirst we provide a registered hashed feature data 119867
119865and
adjustment value 119881AD and the biometric data is then cap-turedThebiometric data is adjusted based on this adjustmentvalue 119881AD Next (similarly) based on the threshold value 119905multiple numerical ranges are defined each of which is aquantized value If the adjusted biometric data fall withinone of the numerical ranges then the quantized value ofthis value range is taken as the quantized feature to replacethe adjusted biometric data This is followed by one-wayfunction operations to convert the quantized feature intohashed feature data1198671015840
119865 Finally the registered hashed data119867
119865
is compared with the hashed feature data1198671015840119865
In the ICT process the biometric data must first gothrough IBS process before it can be used in this processThisprocess integrates the cryptography technology for signatureapplication using the biometric data which is composed ofthe ldquoregistrationrdquo and ldquosignature and verificationrdquo stages Theapplication provides biometric-based cryptographic fields forthe signatory and the verifier
Before describing the processes of IBS and ICT we definethe notations used in our proposed protocol in Table 3
31 Process of Improved Biometric Security (IBS) To improvethe security of storage of biometric feature data biometricfeature values must first be processed before being integrated
Table 3 Notations
Notations Meaning119905 Threshold value
119901
The interval of the quantitativemode
1199081199081015840 Biometric feature extraction data1199081199021199081015840119902
Data after value quantization119908119886
Fine-tuned valuesID119860
The ID of user APK119860
The public key of user A
119882119864
Internal registered biodata to berecognized
119882119868
Input biodata for matching theinternal biodata
119882(119895)
119864119882(119895)
119868119882119864119882119868in the stage j
119882(119895)
119864119894119882(119895)119868119894
Related data value of the ith pointof119882(119895)119864119882(119895)119868
cert119860
Certificate of user Atime Validity period of certificate
119899119860
Product of two large primes as Arsquosparameters
ℎ(sdot)
Cryptographic one-way hashfunction
lfloorsdotrfloor Floor function
[sdot]PKEncryption function using publickey PK
sigSK(sdot) Signature using private key SK
with cryptography technology This method uses numeri-cal quantization and quantization adjustment processes toensure that all acceptable values within the threshold arequantified to the same value without compromising securityThis quality can use hash or encryption functions to preventthe theft or leakage of the registered data prestored in thedatabaseDuringmatching the valuesmust be exactly correctin order to pass thus improving the comparison rate of
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
BioMed Research International 3
Datacollection
Signalprocessing
registration input
No
Biometricfeature
extraction
Registration phase Matching phase
Comparebiometric
feature
Whether thebiometric data match
each other
Authenticationsucceeded failed
Yes
Datacollection
Signalprocessing
Biometricfeature
extraction
Biometricfeature
Biometricfeature
Authentication
Figure 1 The processing of a conventional biometric method
allows the user to input his or her biometric feature data (inthematching phase) for comparison of the biometric featuresagainst those in the registration phase (in the compare bi-ometric feature function) to determine if they match Ifthe biometrics of the prestored biometric features in theregistration phase and those in the matching phase inputtedby the user are found to match then the device outputs arecognition result of ldquoAuthentication Successfulrdquo Otherwisethe biometric device outputs a recognition result of ldquoAuthen-tication Failedrdquo Generally speaking the steps in the reg-istration phase and in the matching phase are processedsimilarly For example the matching phase is divided into thefollowing steps data collection signal processing biometricfeature extraction and biometric feature input In terms ofbiometric featurematching for thematching of the biometricfeature registration data and the biometric feature input databiometric authentication usually determines acceptabilitybased on a threshold value
Biometrics differs from cryptographic techniques in thatfor biometric authentication the ratio of credential matchingdoes not need to be 100 that is the match between the twodata sets can tolerate a certain degree of error For example
Table 1 Comparison between biometrics recognition and cryptog-raphy authentication
Cryptographyauthentication
Biometricsrecognition
Authenticationmethod Digital Analog
Authenticationrule
Without errortolerance With error tolerance
Data processing Data is disordered Data is processed butnot disordered
Adoption ofcryptographytechnique
Data can beencrypted and signed
Data cannot beencrypted or signed
suppose a registered biometric feature of 35 and a thresholdvalue of 5 if the inputted biometric feature is within therange of 30 to 40 it is considered a biometric match withthe registered biometric feature However if the biometricdata is below 30 or exceeds 40 it is determined to be incon-sistent with the registered feature values In cryptographic
4 BioMed Research International
11990141198711199013119871 1199012119871
1199011119871
119901119870119871119871
119901119870119871minus1119871
11990121 1199012111990111
11990111987011
1199011198701minus11
120579119901119894
1199030
119903119871minus1
1198993 1198992
1198991
1198995
1198994
1199031198943
1199031198942
1206011198941
120572119894
1205931198941119901119894
11990311989411199031198945
1199031198944 12059311989441206011198944
Figure 2 Structural matching methods
authentication if the registered password is 35 and the inputvalue is 37 the input is considered to be inconsistent with theregistered password and the only allowable match would bean input value of 35
As shown in Figure 1 the biometric processing deviceintegrated with cryptographic technology consists of thefollowing five parts (1) data collection subsystem (2) signalprocessing subsystem (3) biometric feature extraction sub-system (4) biometric feature registrationinput subsystemand (5) matching and decision subsystem
(1) Data Collection SubsystemThe data collection subsystem collects the registeredbiometrics (eg fingerprints facial image iris image)formatching with the input biometricThe subsystemgenerally uses a biometric sensor to read one or moreaspects of the subjectrsquos biometric data
(2) Signal Processing SubsystemThe signal processing subsystem reads the biometricsand processes them through actions such as Gaussiansmoothing histogram equalization normalizationbinarization opening thinning thinning repair andfeature point retrieval
(3) Biometric Feature Extraction SubsystemA given biometric consists of many types of fea-tures such as the terminal and bifurcation points offingerprint minutiae General algorithms are usedto retrieve the terminal and bifurcation points forfeature matching The biometric feature extractionsubsystem is used to match the feature points orfeature values of the retrieved biometric features
(4) Biometric Feature RegistrationInput SubsystemThe biometric feature registration subsystem storesthe processed biometric features for future identifi-cation The biometric feature input subsystem storesthe inputted and processed biometric features forcomparison in next step
Table 2 Eight types of fingerprint minutiae
Terminal Bifurcation Short ridge Crossover
Spur Dot Island Bridge
(5) Matching and Decision SubsystemThe matching and decision subsystem matches theinputted and processed biometric features with theregistered biometric features stored in the database Ifthematchmeets the required conditions thematch isvalidated
22 Fingerprint Recognition Biometric identification can beaccomplished through the recognition of various charac-teristics including fingerprints and palm prints Fingerprintminutiae are composed of the fine geometric features createdby fingerprint ridges Early on Galton proposed identifyingfingerprints based on four types of features the beginningsand ends of ridges forks islands and enclosures HoweverHrechak and Mchugh later proposed the use of eight minu-tiae terminals bifurcation short ridges crossovers spursdots islands and bridges (see Table 2)
Fingerprint recognition uses minutiae-matching algo-rithms such as the alignment-based matching algorithm[14] the Gabor filter-based approach [15] and the structuralmatching algorithm [16ndash19] Among these the structuralmatching algorithm (see Figure 2) is roughly divided into twostages The first stage uses local feature matching to identifya central feature point with a positioning effect while thesecond stage compares all the features at this central pointand calculates a matching score
BioMed Research International 5
23 Biometric-Based Cryptographic Key Generation Changet al [20] proposed using a collected number of biometrics asa training sample to achieve ldquobiometric-based cryptographickey generationrdquo As shown in Figures 3 and 4 this methoduses multiple biometrics (including those for legitimate us-ers) to find a conversion set through a mechanism whichidentifies highly distinguishing features This allows eachone-dimensional feature of the postbiometric conversion toeffectively distinguish between legitimate and illegitimateusers The average features of legitimate users are then usedto authenticate the identity of the legitimate user as a mecha-nism for generatingmultibyte passwords (This group conver-sion must be stored in the biometric database) However thisapproach must be applied to the biometric data of multipleusers to achieve differentiation Also because the error valuecalculation is determined based on the mean and varianceof each biometric therefore each user must provide multiplebiometric samples to generate the associated means andvariances
24 Fuzzy Extractors Dodis et al [21] proposed a crypto-graphic key generation mechanism called fuzzy extractorsThis system uses biometric values and self-selected authen-tication values as input data During recognition it uses acryptographic key and self-selected authentication values torecognize biometric values within a set error range Fur-thermore this system can use cryptographic keys and inputbiometric values (within a predetermined error range) torestore the original biometric values
As shown in Figure 5 this method first selects an au-thentication value 119909 and then uses the Gen function with 119909
and the registered biometric value 119908 to generate a key V asfollows
Gen V = 119908 oplus 119862 (119909) (1)where 119862(sdot) is the encoding function of a type of errorcorrection code (eg Hamming code)
Next within an error range 119905 using the Rep functioncauses V and 119909 to recognize the inputted biometric value1199081015840 (where distance (119908 119908
1015840) le 119905) The Rep function is as
follows
Rep 119863 (1199081015840oplus V) = 119909 (2)
where119863(sdot) is a type of error correction decoding functionIn case the original biometric value 119908 is lost 119908 can be
restored through inputting biometric value 1199081015840 of the crypto-graphic key V and the error range 119905 through the Rec functionThe Rec function is as follows
Rec Rec (1199081015840 V) = V oplus 119862 (119863 (1199081015840oplus V)) = 119908
∘ (3)
However this method cannot be integrated into currentbiometric systems Moreover this methodrsquos operating systemnot only requires the use of key V and authentication value119909 to perform authentication (and thus requires the storageof key V) but this comparison method is also vulnerable toleaking biometric value119908 (through the use of biometric value1199081015840 and key V)
Distinguishablefeature
generationStable keygeneration
Uniquekey
Biometricfeatures
Figure 3 Structure of cryptography key generation based on bio-metric features
25 Application to Combine Iris Recognition and Cryptogra-phy Hao et al [22] proposed an application combining irisrecognition and cryptography (see Figure 6)The concept forthis method is similar to that of the fuzzy extractor in thatthey both use an error control code to accept biometric valueswithin a range of errors
This system first uses a cryptographic key 120581 and the irisbiometric value 120579ref to obtain the authentication value 120579lockand stores 120579lock and the keyrsquos hash value ℎ(120581) in the IC cardbased on the following relationship
120579lock = 120579ps oplus 120579ref (4)
where 120579ps is the value for the key 120581 via RS and Hadamarkcoding
During recognition the XOR value of 120579lock and the in-putted iris biometric value 120579sam can be decoded as 1205811015840 throughRS and Hadamark decoding to determine if ℎ(1205811015840) is equalto ℎ(120581) If the difference between the inputted iris biometricvalue 120579sam and the original iris biometric value 120579ref is less thanor equal to a tolerable error range of the error control codethus the input will be decoded as the original 120581 value andconsidered correct
However this method is only suitable for iris matchingand cannot be directly combined with existing systems TheRS code is used as a means to calculate network transmissionerrors for each byte which differs from error calculationmethods in other biometric environments
3 Proposed Scheme
Thispaper presents a secure cryptography-integrated biomet-ric recognition method with cryptographic functions Thismethod is able to integrate biometric matching with cryp-tographic technology to achieve dual-factor authenticationThis integrated technology can also be combined with moreadvanced cryptographic techniques to produce more secureand diverse applications The proposed method is dividedinto two parts for description purposes The first part isbasic process of improved biometric security (IBS) while thesecond part is advanced process of integrated cryptographictechnology (ICT)
The IBS process is divided into two phases the registra-tion phase and the matching phase The registration phasefirst provides a set of biometric data Based on a thresholdvalue 119905 we define several numerical ranges each of whichhas a quantization value If the biometric data fall within oneof these numerical ranges then the quantized value for thatnumerical range is used as a quantized feature data to replacethe biometric feature dataNext one-way function operationsare used to convert the quantized feature data to hashedfeature data (119867
119865)Then the difference between the quantized
6 BioMed Research International
000 001 010 011 100 101 110 111
LBAuthentic
region RB
Global featuredistribution
Authentic featuredistribution
Featurespace
119898119892 minus 119896119892120590119892 119898119886 minus 119896119886120590119886 119898119886 + 119896119886120590119886119898119892 + 119896119892120590119892
Figure 4 Example of cryptography key generation mechanism
Gen
Rec
Rep
119908 119909 119908998400
Figure 5 Fuzzy exactor
feature data and the biometric data is calculated to obtain anadjustment value (119881AD) Finally this adjustment value119881AD isstored with the hashed feature data119867
119865
Matching phase and registration phase are largely similarFirst we provide a registered hashed feature data 119867
119865and
adjustment value 119881AD and the biometric data is then cap-turedThebiometric data is adjusted based on this adjustmentvalue 119881AD Next (similarly) based on the threshold value 119905multiple numerical ranges are defined each of which is aquantized value If the adjusted biometric data fall withinone of the numerical ranges then the quantized value ofthis value range is taken as the quantized feature to replacethe adjusted biometric data This is followed by one-wayfunction operations to convert the quantized feature intohashed feature data1198671015840
119865 Finally the registered hashed data119867
119865
is compared with the hashed feature data1198671015840119865
In the ICT process the biometric data must first gothrough IBS process before it can be used in this processThisprocess integrates the cryptography technology for signatureapplication using the biometric data which is composed ofthe ldquoregistrationrdquo and ldquosignature and verificationrdquo stages Theapplication provides biometric-based cryptographic fields forthe signatory and the verifier
Before describing the processes of IBS and ICT we definethe notations used in our proposed protocol in Table 3
31 Process of Improved Biometric Security (IBS) To improvethe security of storage of biometric feature data biometricfeature values must first be processed before being integrated
Table 3 Notations
Notations Meaning119905 Threshold value
119901
The interval of the quantitativemode
1199081199081015840 Biometric feature extraction data1199081199021199081015840119902
Data after value quantization119908119886
Fine-tuned valuesID119860
The ID of user APK119860
The public key of user A
119882119864
Internal registered biodata to berecognized
119882119868
Input biodata for matching theinternal biodata
119882(119895)
119864119882(119895)
119868119882119864119882119868in the stage j
119882(119895)
119864119894119882(119895)119868119894
Related data value of the ith pointof119882(119895)119864119882(119895)119868
cert119860
Certificate of user Atime Validity period of certificate
119899119860
Product of two large primes as Arsquosparameters
ℎ(sdot)
Cryptographic one-way hashfunction
lfloorsdotrfloor Floor function
[sdot]PKEncryption function using publickey PK
sigSK(sdot) Signature using private key SK
with cryptography technology This method uses numeri-cal quantization and quantization adjustment processes toensure that all acceptable values within the threshold arequantified to the same value without compromising securityThis quality can use hash or encryption functions to preventthe theft or leakage of the registered data prestored in thedatabaseDuringmatching the valuesmust be exactly correctin order to pass thus improving the comparison rate of
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
4 BioMed Research International
11990141198711199013119871 1199012119871
1199011119871
119901119870119871119871
119901119870119871minus1119871
11990121 1199012111990111
11990111987011
1199011198701minus11
120579119901119894
1199030
119903119871minus1
1198993 1198992
1198991
1198995
1198994
1199031198943
1199031198942
1206011198941
120572119894
1205931198941119901119894
11990311989411199031198945
1199031198944 12059311989441206011198944
Figure 2 Structural matching methods
authentication if the registered password is 35 and the inputvalue is 37 the input is considered to be inconsistent with theregistered password and the only allowable match would bean input value of 35
As shown in Figure 1 the biometric processing deviceintegrated with cryptographic technology consists of thefollowing five parts (1) data collection subsystem (2) signalprocessing subsystem (3) biometric feature extraction sub-system (4) biometric feature registrationinput subsystemand (5) matching and decision subsystem
(1) Data Collection SubsystemThe data collection subsystem collects the registeredbiometrics (eg fingerprints facial image iris image)formatching with the input biometricThe subsystemgenerally uses a biometric sensor to read one or moreaspects of the subjectrsquos biometric data
(2) Signal Processing SubsystemThe signal processing subsystem reads the biometricsand processes them through actions such as Gaussiansmoothing histogram equalization normalizationbinarization opening thinning thinning repair andfeature point retrieval
(3) Biometric Feature Extraction SubsystemA given biometric consists of many types of fea-tures such as the terminal and bifurcation points offingerprint minutiae General algorithms are usedto retrieve the terminal and bifurcation points forfeature matching The biometric feature extractionsubsystem is used to match the feature points orfeature values of the retrieved biometric features
(4) Biometric Feature RegistrationInput SubsystemThe biometric feature registration subsystem storesthe processed biometric features for future identifi-cation The biometric feature input subsystem storesthe inputted and processed biometric features forcomparison in next step
Table 2 Eight types of fingerprint minutiae
Terminal Bifurcation Short ridge Crossover
Spur Dot Island Bridge
(5) Matching and Decision SubsystemThe matching and decision subsystem matches theinputted and processed biometric features with theregistered biometric features stored in the database Ifthematchmeets the required conditions thematch isvalidated
22 Fingerprint Recognition Biometric identification can beaccomplished through the recognition of various charac-teristics including fingerprints and palm prints Fingerprintminutiae are composed of the fine geometric features createdby fingerprint ridges Early on Galton proposed identifyingfingerprints based on four types of features the beginningsand ends of ridges forks islands and enclosures HoweverHrechak and Mchugh later proposed the use of eight minu-tiae terminals bifurcation short ridges crossovers spursdots islands and bridges (see Table 2)
Fingerprint recognition uses minutiae-matching algo-rithms such as the alignment-based matching algorithm[14] the Gabor filter-based approach [15] and the structuralmatching algorithm [16ndash19] Among these the structuralmatching algorithm (see Figure 2) is roughly divided into twostages The first stage uses local feature matching to identifya central feature point with a positioning effect while thesecond stage compares all the features at this central pointand calculates a matching score
BioMed Research International 5
23 Biometric-Based Cryptographic Key Generation Changet al [20] proposed using a collected number of biometrics asa training sample to achieve ldquobiometric-based cryptographickey generationrdquo As shown in Figures 3 and 4 this methoduses multiple biometrics (including those for legitimate us-ers) to find a conversion set through a mechanism whichidentifies highly distinguishing features This allows eachone-dimensional feature of the postbiometric conversion toeffectively distinguish between legitimate and illegitimateusers The average features of legitimate users are then usedto authenticate the identity of the legitimate user as a mecha-nism for generatingmultibyte passwords (This group conver-sion must be stored in the biometric database) However thisapproach must be applied to the biometric data of multipleusers to achieve differentiation Also because the error valuecalculation is determined based on the mean and varianceof each biometric therefore each user must provide multiplebiometric samples to generate the associated means andvariances
24 Fuzzy Extractors Dodis et al [21] proposed a crypto-graphic key generation mechanism called fuzzy extractorsThis system uses biometric values and self-selected authen-tication values as input data During recognition it uses acryptographic key and self-selected authentication values torecognize biometric values within a set error range Fur-thermore this system can use cryptographic keys and inputbiometric values (within a predetermined error range) torestore the original biometric values
As shown in Figure 5 this method first selects an au-thentication value 119909 and then uses the Gen function with 119909
and the registered biometric value 119908 to generate a key V asfollows
Gen V = 119908 oplus 119862 (119909) (1)where 119862(sdot) is the encoding function of a type of errorcorrection code (eg Hamming code)
Next within an error range 119905 using the Rep functioncauses V and 119909 to recognize the inputted biometric value1199081015840 (where distance (119908 119908
1015840) le 119905) The Rep function is as
follows
Rep 119863 (1199081015840oplus V) = 119909 (2)
where119863(sdot) is a type of error correction decoding functionIn case the original biometric value 119908 is lost 119908 can be
restored through inputting biometric value 1199081015840 of the crypto-graphic key V and the error range 119905 through the Rec functionThe Rec function is as follows
Rec Rec (1199081015840 V) = V oplus 119862 (119863 (1199081015840oplus V)) = 119908
∘ (3)
However this method cannot be integrated into currentbiometric systems Moreover this methodrsquos operating systemnot only requires the use of key V and authentication value119909 to perform authentication (and thus requires the storageof key V) but this comparison method is also vulnerable toleaking biometric value119908 (through the use of biometric value1199081015840 and key V)
Distinguishablefeature
generationStable keygeneration
Uniquekey
Biometricfeatures
Figure 3 Structure of cryptography key generation based on bio-metric features
25 Application to Combine Iris Recognition and Cryptogra-phy Hao et al [22] proposed an application combining irisrecognition and cryptography (see Figure 6)The concept forthis method is similar to that of the fuzzy extractor in thatthey both use an error control code to accept biometric valueswithin a range of errors
This system first uses a cryptographic key 120581 and the irisbiometric value 120579ref to obtain the authentication value 120579lockand stores 120579lock and the keyrsquos hash value ℎ(120581) in the IC cardbased on the following relationship
120579lock = 120579ps oplus 120579ref (4)
where 120579ps is the value for the key 120581 via RS and Hadamarkcoding
During recognition the XOR value of 120579lock and the in-putted iris biometric value 120579sam can be decoded as 1205811015840 throughRS and Hadamark decoding to determine if ℎ(1205811015840) is equalto ℎ(120581) If the difference between the inputted iris biometricvalue 120579sam and the original iris biometric value 120579ref is less thanor equal to a tolerable error range of the error control codethus the input will be decoded as the original 120581 value andconsidered correct
However this method is only suitable for iris matchingand cannot be directly combined with existing systems TheRS code is used as a means to calculate network transmissionerrors for each byte which differs from error calculationmethods in other biometric environments
3 Proposed Scheme
Thispaper presents a secure cryptography-integrated biomet-ric recognition method with cryptographic functions Thismethod is able to integrate biometric matching with cryp-tographic technology to achieve dual-factor authenticationThis integrated technology can also be combined with moreadvanced cryptographic techniques to produce more secureand diverse applications The proposed method is dividedinto two parts for description purposes The first part isbasic process of improved biometric security (IBS) while thesecond part is advanced process of integrated cryptographictechnology (ICT)
The IBS process is divided into two phases the registra-tion phase and the matching phase The registration phasefirst provides a set of biometric data Based on a thresholdvalue 119905 we define several numerical ranges each of whichhas a quantization value If the biometric data fall within oneof these numerical ranges then the quantized value for thatnumerical range is used as a quantized feature data to replacethe biometric feature dataNext one-way function operationsare used to convert the quantized feature data to hashedfeature data (119867
119865)Then the difference between the quantized
6 BioMed Research International
000 001 010 011 100 101 110 111
LBAuthentic
region RB
Global featuredistribution
Authentic featuredistribution
Featurespace
119898119892 minus 119896119892120590119892 119898119886 minus 119896119886120590119886 119898119886 + 119896119886120590119886119898119892 + 119896119892120590119892
Figure 4 Example of cryptography key generation mechanism
Gen
Rec
Rep
119908 119909 119908998400
Figure 5 Fuzzy exactor
feature data and the biometric data is calculated to obtain anadjustment value (119881AD) Finally this adjustment value119881AD isstored with the hashed feature data119867
119865
Matching phase and registration phase are largely similarFirst we provide a registered hashed feature data 119867
119865and
adjustment value 119881AD and the biometric data is then cap-turedThebiometric data is adjusted based on this adjustmentvalue 119881AD Next (similarly) based on the threshold value 119905multiple numerical ranges are defined each of which is aquantized value If the adjusted biometric data fall withinone of the numerical ranges then the quantized value ofthis value range is taken as the quantized feature to replacethe adjusted biometric data This is followed by one-wayfunction operations to convert the quantized feature intohashed feature data1198671015840
119865 Finally the registered hashed data119867
119865
is compared with the hashed feature data1198671015840119865
In the ICT process the biometric data must first gothrough IBS process before it can be used in this processThisprocess integrates the cryptography technology for signatureapplication using the biometric data which is composed ofthe ldquoregistrationrdquo and ldquosignature and verificationrdquo stages Theapplication provides biometric-based cryptographic fields forthe signatory and the verifier
Before describing the processes of IBS and ICT we definethe notations used in our proposed protocol in Table 3
31 Process of Improved Biometric Security (IBS) To improvethe security of storage of biometric feature data biometricfeature values must first be processed before being integrated
Table 3 Notations
Notations Meaning119905 Threshold value
119901
The interval of the quantitativemode
1199081199081015840 Biometric feature extraction data1199081199021199081015840119902
Data after value quantization119908119886
Fine-tuned valuesID119860
The ID of user APK119860
The public key of user A
119882119864
Internal registered biodata to berecognized
119882119868
Input biodata for matching theinternal biodata
119882(119895)
119864119882(119895)
119868119882119864119882119868in the stage j
119882(119895)
119864119894119882(119895)119868119894
Related data value of the ith pointof119882(119895)119864119882(119895)119868
cert119860
Certificate of user Atime Validity period of certificate
119899119860
Product of two large primes as Arsquosparameters
ℎ(sdot)
Cryptographic one-way hashfunction
lfloorsdotrfloor Floor function
[sdot]PKEncryption function using publickey PK
sigSK(sdot) Signature using private key SK
with cryptography technology This method uses numeri-cal quantization and quantization adjustment processes toensure that all acceptable values within the threshold arequantified to the same value without compromising securityThis quality can use hash or encryption functions to preventthe theft or leakage of the registered data prestored in thedatabaseDuringmatching the valuesmust be exactly correctin order to pass thus improving the comparison rate of
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
BioMed Research International 5
23 Biometric-Based Cryptographic Key Generation Changet al [20] proposed using a collected number of biometrics asa training sample to achieve ldquobiometric-based cryptographickey generationrdquo As shown in Figures 3 and 4 this methoduses multiple biometrics (including those for legitimate us-ers) to find a conversion set through a mechanism whichidentifies highly distinguishing features This allows eachone-dimensional feature of the postbiometric conversion toeffectively distinguish between legitimate and illegitimateusers The average features of legitimate users are then usedto authenticate the identity of the legitimate user as a mecha-nism for generatingmultibyte passwords (This group conver-sion must be stored in the biometric database) However thisapproach must be applied to the biometric data of multipleusers to achieve differentiation Also because the error valuecalculation is determined based on the mean and varianceof each biometric therefore each user must provide multiplebiometric samples to generate the associated means andvariances
24 Fuzzy Extractors Dodis et al [21] proposed a crypto-graphic key generation mechanism called fuzzy extractorsThis system uses biometric values and self-selected authen-tication values as input data During recognition it uses acryptographic key and self-selected authentication values torecognize biometric values within a set error range Fur-thermore this system can use cryptographic keys and inputbiometric values (within a predetermined error range) torestore the original biometric values
As shown in Figure 5 this method first selects an au-thentication value 119909 and then uses the Gen function with 119909
and the registered biometric value 119908 to generate a key V asfollows
Gen V = 119908 oplus 119862 (119909) (1)where 119862(sdot) is the encoding function of a type of errorcorrection code (eg Hamming code)
Next within an error range 119905 using the Rep functioncauses V and 119909 to recognize the inputted biometric value1199081015840 (where distance (119908 119908
1015840) le 119905) The Rep function is as
follows
Rep 119863 (1199081015840oplus V) = 119909 (2)
where119863(sdot) is a type of error correction decoding functionIn case the original biometric value 119908 is lost 119908 can be
restored through inputting biometric value 1199081015840 of the crypto-graphic key V and the error range 119905 through the Rec functionThe Rec function is as follows
Rec Rec (1199081015840 V) = V oplus 119862 (119863 (1199081015840oplus V)) = 119908
∘ (3)
However this method cannot be integrated into currentbiometric systems Moreover this methodrsquos operating systemnot only requires the use of key V and authentication value119909 to perform authentication (and thus requires the storageof key V) but this comparison method is also vulnerable toleaking biometric value119908 (through the use of biometric value1199081015840 and key V)
Distinguishablefeature
generationStable keygeneration
Uniquekey
Biometricfeatures
Figure 3 Structure of cryptography key generation based on bio-metric features
25 Application to Combine Iris Recognition and Cryptogra-phy Hao et al [22] proposed an application combining irisrecognition and cryptography (see Figure 6)The concept forthis method is similar to that of the fuzzy extractor in thatthey both use an error control code to accept biometric valueswithin a range of errors
This system first uses a cryptographic key 120581 and the irisbiometric value 120579ref to obtain the authentication value 120579lockand stores 120579lock and the keyrsquos hash value ℎ(120581) in the IC cardbased on the following relationship
120579lock = 120579ps oplus 120579ref (4)
where 120579ps is the value for the key 120581 via RS and Hadamarkcoding
During recognition the XOR value of 120579lock and the in-putted iris biometric value 120579sam can be decoded as 1205811015840 throughRS and Hadamark decoding to determine if ℎ(1205811015840) is equalto ℎ(120581) If the difference between the inputted iris biometricvalue 120579sam and the original iris biometric value 120579ref is less thanor equal to a tolerable error range of the error control codethus the input will be decoded as the original 120581 value andconsidered correct
However this method is only suitable for iris matchingand cannot be directly combined with existing systems TheRS code is used as a means to calculate network transmissionerrors for each byte which differs from error calculationmethods in other biometric environments
3 Proposed Scheme
Thispaper presents a secure cryptography-integrated biomet-ric recognition method with cryptographic functions Thismethod is able to integrate biometric matching with cryp-tographic technology to achieve dual-factor authenticationThis integrated technology can also be combined with moreadvanced cryptographic techniques to produce more secureand diverse applications The proposed method is dividedinto two parts for description purposes The first part isbasic process of improved biometric security (IBS) while thesecond part is advanced process of integrated cryptographictechnology (ICT)
The IBS process is divided into two phases the registra-tion phase and the matching phase The registration phasefirst provides a set of biometric data Based on a thresholdvalue 119905 we define several numerical ranges each of whichhas a quantization value If the biometric data fall within oneof these numerical ranges then the quantized value for thatnumerical range is used as a quantized feature data to replacethe biometric feature dataNext one-way function operationsare used to convert the quantized feature data to hashedfeature data (119867
119865)Then the difference between the quantized
6 BioMed Research International
000 001 010 011 100 101 110 111
LBAuthentic
region RB
Global featuredistribution
Authentic featuredistribution
Featurespace
119898119892 minus 119896119892120590119892 119898119886 minus 119896119886120590119886 119898119886 + 119896119886120590119886119898119892 + 119896119892120590119892
Figure 4 Example of cryptography key generation mechanism
Gen
Rec
Rep
119908 119909 119908998400
Figure 5 Fuzzy exactor
feature data and the biometric data is calculated to obtain anadjustment value (119881AD) Finally this adjustment value119881AD isstored with the hashed feature data119867
119865
Matching phase and registration phase are largely similarFirst we provide a registered hashed feature data 119867
119865and
adjustment value 119881AD and the biometric data is then cap-turedThebiometric data is adjusted based on this adjustmentvalue 119881AD Next (similarly) based on the threshold value 119905multiple numerical ranges are defined each of which is aquantized value If the adjusted biometric data fall withinone of the numerical ranges then the quantized value ofthis value range is taken as the quantized feature to replacethe adjusted biometric data This is followed by one-wayfunction operations to convert the quantized feature intohashed feature data1198671015840
119865 Finally the registered hashed data119867
119865
is compared with the hashed feature data1198671015840119865
In the ICT process the biometric data must first gothrough IBS process before it can be used in this processThisprocess integrates the cryptography technology for signatureapplication using the biometric data which is composed ofthe ldquoregistrationrdquo and ldquosignature and verificationrdquo stages Theapplication provides biometric-based cryptographic fields forthe signatory and the verifier
Before describing the processes of IBS and ICT we definethe notations used in our proposed protocol in Table 3
31 Process of Improved Biometric Security (IBS) To improvethe security of storage of biometric feature data biometricfeature values must first be processed before being integrated
Table 3 Notations
Notations Meaning119905 Threshold value
119901
The interval of the quantitativemode
1199081199081015840 Biometric feature extraction data1199081199021199081015840119902
Data after value quantization119908119886
Fine-tuned valuesID119860
The ID of user APK119860
The public key of user A
119882119864
Internal registered biodata to berecognized
119882119868
Input biodata for matching theinternal biodata
119882(119895)
119864119882(119895)
119868119882119864119882119868in the stage j
119882(119895)
119864119894119882(119895)119868119894
Related data value of the ith pointof119882(119895)119864119882(119895)119868
cert119860
Certificate of user Atime Validity period of certificate
119899119860
Product of two large primes as Arsquosparameters
ℎ(sdot)
Cryptographic one-way hashfunction
lfloorsdotrfloor Floor function
[sdot]PKEncryption function using publickey PK
sigSK(sdot) Signature using private key SK
with cryptography technology This method uses numeri-cal quantization and quantization adjustment processes toensure that all acceptable values within the threshold arequantified to the same value without compromising securityThis quality can use hash or encryption functions to preventthe theft or leakage of the registered data prestored in thedatabaseDuringmatching the valuesmust be exactly correctin order to pass thus improving the comparison rate of
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
6 BioMed Research International
000 001 010 011 100 101 110 111
LBAuthentic
region RB
Global featuredistribution
Authentic featuredistribution
Featurespace
119898119892 minus 119896119892120590119892 119898119886 minus 119896119886120590119886 119898119886 + 119896119886120590119886119898119892 + 119896119892120590119892
Figure 4 Example of cryptography key generation mechanism
Gen
Rec
Rep
119908 119909 119908998400
Figure 5 Fuzzy exactor
feature data and the biometric data is calculated to obtain anadjustment value (119881AD) Finally this adjustment value119881AD isstored with the hashed feature data119867
119865
Matching phase and registration phase are largely similarFirst we provide a registered hashed feature data 119867
119865and
adjustment value 119881AD and the biometric data is then cap-turedThebiometric data is adjusted based on this adjustmentvalue 119881AD Next (similarly) based on the threshold value 119905multiple numerical ranges are defined each of which is aquantized value If the adjusted biometric data fall withinone of the numerical ranges then the quantized value ofthis value range is taken as the quantized feature to replacethe adjusted biometric data This is followed by one-wayfunction operations to convert the quantized feature intohashed feature data1198671015840
119865 Finally the registered hashed data119867
119865
is compared with the hashed feature data1198671015840119865
In the ICT process the biometric data must first gothrough IBS process before it can be used in this processThisprocess integrates the cryptography technology for signatureapplication using the biometric data which is composed ofthe ldquoregistrationrdquo and ldquosignature and verificationrdquo stages Theapplication provides biometric-based cryptographic fields forthe signatory and the verifier
Before describing the processes of IBS and ICT we definethe notations used in our proposed protocol in Table 3
31 Process of Improved Biometric Security (IBS) To improvethe security of storage of biometric feature data biometricfeature values must first be processed before being integrated
Table 3 Notations
Notations Meaning119905 Threshold value
119901
The interval of the quantitativemode
1199081199081015840 Biometric feature extraction data1199081199021199081015840119902
Data after value quantization119908119886
Fine-tuned valuesID119860
The ID of user APK119860
The public key of user A
119882119864
Internal registered biodata to berecognized
119882119868
Input biodata for matching theinternal biodata
119882(119895)
119864119882(119895)
119868119882119864119882119868in the stage j
119882(119895)
119864119894119882(119895)119868119894
Related data value of the ith pointof119882(119895)119864119882(119895)119868
cert119860
Certificate of user Atime Validity period of certificate
119899119860
Product of two large primes as Arsquosparameters
ℎ(sdot)
Cryptographic one-way hashfunction
lfloorsdotrfloor Floor function
[sdot]PKEncryption function using publickey PK
sigSK(sdot) Signature using private key SK
with cryptography technology This method uses numeri-cal quantization and quantization adjustment processes toensure that all acceptable values within the threshold arequantified to the same value without compromising securityThis quality can use hash or encryption functions to preventthe theft or leakage of the registered data prestored in thedatabaseDuringmatching the valuesmust be exactly correctin order to pass thus improving the comparison rate of
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
BioMed Research International 7
Discarded EncodingReference
RS and Hadencoding
2048-bit
120579ref
120579lock
Smart card Had and RSdecoding
Sample
120579samDecoding
⨁ ⨁
120581
Figure 6 Iris recognition combining cryptography
Datacollection
Datacollection
Signalprocessing
Quantization
ADJ
Hash
Biometricfeature
extraction
Threshold
Authenticationsucceeds
NoYes
Registration phase Matching phase
Datacollection
Signalprocessing
Biometricfeature
extraction
Quantization
ADJ998400
Hash
Authenticationfails
Threshold
119908 119908998400
119908119886
[119905]119908119902
119908998400119901(= 119908998400 + 119908119886)
119908119886(= 119908119902 minus 119908) 119908998400119902
[119905]
ℎ(119908119902) 119908119886 ℎ(119908998400119902)
ℎ(119908119902) = ℎ(119908998400119902)
Figure 7 Schematic diagram of the processing of the proposed method
hardware or software Because some biometric values arequantized to a correct value without error these values notonly can use hash or encryption functions for protectionbut can also be further applied through other cryptographictechniques or other numerical derivations such as signatureskey generation and key exchange
Figure 7 shows a schematic diagram of the biometricprocessingmethods of the proposed cryptography-integratedtechnology The processed values can be directly appliedto biometric recognition This processing mode (shown inFigure 7) can be divided into eight parts as follows (1)data collection subsystem (2) signal processing subsystem
(3) biometric feature extraction subsystem (4) numericalquantization subsystem (5) adjustment subsystem (6) hashsubsystem (7) biometric feature registrationinput subsys-tem and (8) matching and decision subsystem where (1) thedata collection subsystem (2) the signal processing subsys-tem and (3) the biometric feature extraction subsystem arethe same as those mentioned in Section 21 Thus below welimit our explanation to subsystems (4)ndash(8)
(4) Numerical Quantization SubsystemThe numerical quantization subsystem performs val-uequantizationon theprocessedsignal (as119908
119902and1199081015840
119902)
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
8 BioMed Research International
These quantized values can then be used with cryp-tographic techniques Assume that the signal com-parison allows for an error range of plus or minus119905 and a sampling value range between (0 119871) Thenthe interval of the quantitative mode is 119901 the signalvalue is quantized as 0 119901 2119901 119899119901 where 119901 = 2119905119899 = lfloor119871119901rfloor (where lfloorsdotrfloor is a floor function) If asignal value 119908 between (0 119871) satisfies (119896119901 minus 1199012) le
119908 lt (119896119901 + 1199012) then this signal value 119908 should bequantized as 119908
119902= 119896119901 For example for some signal
value (28 37 19 62 54) and 119905 = 5 (ie 119901 = 10)the signal value is quantized as (30 40 20 60 50)(Generally speaking if a biometric value allows anerror range ofplusmn119905 then119901 = 2119905 can be used to obtain thequantization interval) If the quantized range definedby the threshold is used for quantization then theERR and EAR obtained using this method will haveno impact
(5) Adjustment SubsystemThe adjustment subsystem records the fine-tunedvalue119908
119886from the quantizing processThis fine-tuned
value can be quantized to restore the reduced recogni-tion rate to the original recognition rate without com-promising security The recommended calculationmethod for the fine-tuned value is 119908
119886= 119908119902minus 119908 For
example given a signal value 119908 = (28 37 19 62 54)
and 119901 = 10 the signal value is quantized as 119908119902= (30
40 20 60 50) then the adjustment value 119908119886is (2 3
1 minus2 minus4) Given an inputted value1199081015840 = (24 33 21 6658) 119901 = 10 and the adjustment value119908
119886= (2 3 1 minus2
minus4) then the adjusted value 1199081015840119901= (26 36 22 64 54)
which is quantized as 1199081015840119902= (30 40 20 60 50)
Using the numerical quantization and adjustmentprocess guarantees that all accepted values remainwithin the threshold value and are quantized at thesame level of quality without compromising security(Given an acceptable error range of plus or minus119905 correctly guessing a value between a samplingvalue (0 119871) has a probability of approximately 2119905119871following quantization correctly guessing the quan-tized value between a sampling value of (0 119871) has aprobability of approximately 1119899 where 119899 = lfloor119871119901rfloor =
lfloor1198712119905rfloor The probability of correctly guessing the un-quantized value is identical to that of the quantizedvalue therefore the quantized action does not com-promise security)
(6) Hash SubsystemThe value 119908
119902produced by the hash function is ℎ(119908
119902)
Using the hash function can maintain biometricconfidentiality and prevent leaking or theft of the pre-saved registered feature values stored in the databaseBecause a hacker would only be able to manage theregistered feature data stored in the biometric devicehe would be unable to obtain the original biometricvalue During comparison the values must be exactlycorrect in order to pass thus improving the hardwareor software comparison rate Other functions (eg
User 119860 CAreg = ID119860 PK119860
cert119860cert119860 = reg timesigSKCA(regtime)
[119882119864]PK119860
Figure 8 Registration phase
encryption functions) can be used to substitute forthis hash function
(7) Biometric Feature RegistrationInput SubsystemApplied to the proposedmethod the stored values forregistration are ℎ(119908
119902) and119908
119886 This function is similar
to the one previously described in Section 21(8) Matching and Decision Subsystem
Applied to the proposed method this systemrsquos com-parison mode determines whether ℎ(119908
119902) and ℎ(119908
1015840
119902)
are the same This function is similar to the one pre-viously described in Section 21
Figure 1 shows the processing of a conventional biometricmethod while Figure 7 demonstrates schematic diagramof the processing of the proposed method As shown inFigure 1 a threshold value and a biometric matching methoddecide the EAR and ERR We combine threshold and quan-tization (as shown in Figure 7) to quantify registered andinput biodata within threshold to the same value and usebiometric matching methods to compare data after hashingthese values Therefore the hashed values can be applied tocryptography technology and the combination of biometricrecognition and cryptography technology does not influencethe EAR or ERR of the original biometric recognition
32 Process of Integrated Cryptographic Technology (ICT)Once the complete quantified features have been hashed (inbiometric feature registration subsystem) dual authentica-tion can be achieved through the integration of cryptographictechniquesThismethod can be separated into a ldquoregistrationrdquophase and a ldquosignature and authenticationrdquo phase as follows
321 Registration Phase As seen in Figure 8 user 119860 firstpersonally registers with CA and transmits message reg =
ID119860PK119860 [119882119864]PK119860 to CA where ID
119860is the ID of user 119860
PK119860is user119860rsquos public key119882
119864is the registered and internally
stored biodata to be recognized and [119882119864]PK119860 represents the
encrypted signal 119882119864using the userrsquos public key PK
119860 Next
CArsquos certificate cert119860
= regtimesigSKCA(regtime) is trans-
mitted to user 119860 where sigSKCA(119872) represents the signature
of signal119872 using CArsquos private key SKCA and time representsthe certificatersquos validity period
322 Signature and Verification Phase Generally speakinga single type of biometric comparison may have more thanone matching stage (eg structural comparison has a dual-stage comparison) Assume that this biometric has two stages
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
BioMed Research International 9
VerifierUser 119860
Check cert119860Choose random 1199031 lt 1198991198601199031
11990411199041 = sigSK119860(1199031) middot 119882(1)
119868 mod 119899119860
= [1199041]PK119860
= 1199031 middot [119882(1)119864 ]PK119860 mod 119899119860
check if there exists a match point 119901119898(4) If no failed if yes go to phase 2
cert119860
(1) Computecp1(2) Computecp998400
1(3) Compare cp1 and cp998400
1
Figure 9 Comparison process of first stage
VerifierUser
Choose random 1199032 lt 1198991198601199032 119901119898
1199042 = [1199032]SK119860 middot 119882(2)119868119894 mod119899119860
Assume 119901119898 is the 119894th point of 119882119868
1199042
= [1199042]PK119860
(2) Assume 119901119898 is the 119890th point of 119882119864= 1199032 middot [119882(2)
119864119890 ]PK119860
evaluate matching score 119878mod119899119860
(1) Computecp2
if 119878 lt threshold fail Else success(3) From cp2 and cp998400
2
compute cp9984002
Figure 10 Comparison process of second stage
the stage 119895 matching requires data 119882(119895)119864
and 119882(119895)
119868 where 119882
119864
is the internal registered data and 119882119868is the input biometric
data used for matching the internal data(1) First stage comparison
As seen in Figure 9 user 119860 first sends cert119860to the
verifier Then the verifier confirms the accuracy ofcert119860and selects a random number 119903
1to send to user
119860 Next 119860 calculates 1199041= sigSK119860(1199031) sdot 119882
(1)
119868mod 119899
119860
and sends this to the verifier where 119899119860is the product
of two large prime numbers used as one of 119860rsquos publickeys Finally the verifier separately calculates cp
1=
[1199041]PK119860 and cp1015840
1= 1199031sdot [119882(1)
119882]PK119860 mod 119899
119860 and com-
pares cp1and cp1015840
1 to determine whether there exists
a match point 119901119898 If there exists a match point go to
the second stage otherwise terminate this stage(2) Second stage comparison
As seen in Figure 10 the verifier first selects a randomnumber 119903
2 which it sends with 119901
119898to 119860 Assume that
119901119898is the 119894th point in 119882
(1)
119868 then 119860 calculates 119904
2=
[1199032]SK119860 sdot 119882
(2)
119868119894mod 119899
119860 and sends 119904
2to the verifier
where119882(2)119868119894
is related data value of the 119894th point of119882(2)119868
for119882119868in the second stage matching
Next the verifier calculates cp2
= [1199042]PK119860 Assume 119901
119898
is the 119890th point in 119882119864 then the verifier calculates cp1015840
2=
1199032sdot [119882(2)
119864119890]PK119860 mod 119899
119860and compares cp
2and cp1015840
2to calculate
a matching score 119878 If 119878 is smaller than the threshold thenverification fails otherwise verification is successful
If a biometric matching method has only one stagethen the first stage matching allows for the calculation of amatching score If a biometric matching method has threefour or more stages then after the second stage the verifiercontinues to select and send random numbers 119903
3 1199034 and so
forth to the userThe user then similarly calculates and sends1199043 1199044 and so forth to the verifier to obtain a final matching
score
4 Analysis of Proposed Scheme
41 Security Analysis We analyze the security of our proto-cols according to the requirements of contributions expressedin Section 1 as follows
411 Strengthens theConfidentiality of BiometricData StorageSince only ℎ(119908
119902) and 119908
119886are registered and stored even if an
attacker accesses the registered biometric data stored in thebiometric device he will be unable to decrypt the biometricdata or impersonate an authorized user
412 Strengthens the Confidentiality of Biological Informationin the Recognition Process Because only 119908
119886is transmitted
and ℎ(119908119902) is compared during the biometric matching
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
10 BioMed Research International
cp1 cp9984001
1199031[ℎ(1)1198681-123]
PK 1199031[ℎ(1)
1198681-4]PK
1199031[ℎ(1)1198681-5]
PK
1199031[ℎ(1)1198682-123]
PK 1199031[ℎ(1)
1198682-4]PK
1199031[ℎ(1)1198682-5]
PK
1199031[ℎ(1)1198683-123]
PK 1199031[ℎ(1)
1198683-4]PK
1199031[ℎ(1)1198683-5]
PK
1199031[ℎ(1)1198641-123]
PK 1199031[ℎ(1)
1198641-4]PK
1199031[ℎ(1)1198641-5]
PK
1199031[ℎ(1)1198642-123]
PK 1199031[ℎ(1)
1198642-4]PK
1199031[ℎ(1)1198642-5]
PK
1199031[ℎ(1)1198643-123]
PK 1199031[ℎ(1)
1198643-4]PK
1199031[ℎ(1)1198643-5]
PK
1199031[ℎ(1)119868119899119868-123]
PK 1199031[ℎ(1)
119868119899119868-4]PK
1199031[ℎ(1)119868119899119868-5]
PK 1199031[ℎ(1)119864119899119864-123]
PK 1199031[ℎ(1)
119864119899119864-4]PK
1199031[ℎ(1)119864119899119864-5]
PK
Figure 11 First stage matching content
process even if an attacker intercepts data during the processhe will be unable to decrypt the biometric data or imperson-ate an authorized user
413 Reduces Vulnerability to Power Analysis Attacks Fault-Based Cryptanalysis and Replay Attacks Since only ℎ(119908
119902)
and 119908119886are registered and stored an attacker will be unable
to use power analysis attacks or fault-based cryptanalysisto break the system Moreover because different randomnumbers 119903
119894are used in each matching process (as seen in
Figures 9 and 10) even if an attacker eavesdrops duringthe process he will be unable to use these data to accessbiometric data or impersonate an authorized user Thereforethis system is replay-attack resistant
414 Can Be Safely Used to Maintain Confidentiality inRemote Biometric Authentication As only 119908
119886is transmitted
and different random numbers 119903119894are used to protect biomet-
ric data during remote biometric authentication process (asshown in Figures 9 and 10) even if an attacker eavesdropsduring the process he will be unable to access biometric dataor impersonate an authorized user
42 Comparison According to the nine contributions ex-pressed in Section 1 we compare our protocol with theprotocols of biometric-based cryptographic key generation(BCKG) [20] fuzzy extractors (FZ) [21] and application tocombine iris recognition and cryptography (ACIRC) [22]The results are summarized in Table 4 where Tech and (1)ndash(9) respectively denote technique and the nine contributionsdescribed in Section 1 As seen in Table 4 all schemes offerthe error tolerance in biometric data matching (as shownin item (3)) because the main usage of these schemes are inbiometric matching As seen in items (2) (4) (8) and (9)only the proposed scheme provides these functions since ourscheme is used to integrate into existing biometric systemswith confidentiality and cryptography technologies
5 Applications of the Proposed Method inStructural Comparison
Somemethods for biometric identification are suitable for usein the proposed method (eg minutiae matching algorithmssuch as structural matching algorithm [23 24] the improved
Table 4 Comparison of functions
Tech BCKG FZ ACIRC Proposed scheme(1) radic radic
(2) radic
(3) radic radic radic radic
(4) radic
(5) radic radic radic
(6) radic radic radic
(7) radic radic radic
(8) radic
(9) radic
structural matching algorithm [25 26] and the onion layeralgorithm [27ndash29])
If the proposedmethod is used in the structural matchingalgorithm the first stage matching content is hashed beforematching and the first stage matching results obtain theoptimal core position which is then used in the second stagematching Similarly the second stage matching content canalso be hashed before matching If the quantitative range setby the threshold is used for quantization then the ERR andEAR will not change with the application of this method Asan example the structural matching algorithm is applied tothe proposed method
The structural matching algorithm is divided into twostages The first stage matches local features to identify a corepoint with the positioning effect The second stage uses thiscore point to conduct overall feature matching and obtain amatching score
For example assume that the number of feature pointsof the input and registered fingerprint are 119899
119868and 119899
119864
respectively and assume that first stage takes five match-ing data Then 119882
(1)
119868= 119882
(1)
1198681||119882(1)
1198682|| sdot sdot sdot ||119882
(1)
119868119899119868and 119882
(1)
119864=
119882(1)
1198641||119882(1)
1198642|| sdot sdot sdot ||119882
(1)
119864119899119864where119882(1)
119868119895= 119908(1)
1198681198951||119908(1)
1198681198952||119908(1)
1198681198953||119908(1)
1198681198954||119908(1)
1198681198955
and 119882(1)
119864119895= 119908(1)
1198641198951||119908(1)
1198641198952||119908(1)
1198641198953||119908(1)
1198641198954||119908(1)
1198641198955 Using the hash
function we can let ℎ(1)
119864119895-123 = hash(119908(1119902)1198641198951
||119908(1119902)
1198641198952||119908(1119902)
1198641198953)
ℎ(1)
119864119895-4 = hash(119908(1119902)1198641198954
) ℎ(1)119864119895-5 = hash(119908(1119902)
1198641198955) and ℎ
(1)
119868119895-123 =
hash(119908(1119902)1198681198951
||119908(1119902)
1198681198952||119908(1119902)
1198681198953)ℎ(1)119868119895-4 = hash(119908(1119902)
1198681198954)ℎ(1)119868119895-5 = hash(119908(1119902)
1198681198955)
where 119908(1119902) represents the quantized value of 119908
(1) ThenFigure 11 shows the matching of cp
1and cp1015840
1
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
BioMed Research International 11
In the second stage matching we can let 119882(2)
119868119895=
hash(119908(2119902)1198681198951
)||hash(119908(2119902)1198681198952
)|| sdot sdot sdot ||hash(119908(2119902)119868119895119899119868
) minus hash(119908(2119902)119868119895119895
)119882(2)
119864119895= hash(119908(2119902)
1198641198951)||hash(119908(2119902)
1198641198952)|| sdot sdot sdot ||hash(119908(2119902)
119864119895119899119864)minushash(119908(2119902)
119864119895119895)
where 119908(2)
119868119895119897and 119908
(2)
119864119895119897are the relationship values between the
core point (the 119895th point) and its neighboring feature point(the 119897th point) (eg type distance relationship angle etc)for the input fingerprint and the registered fingerprintrespectively in second stage matching and 119908
(2119902)
119909represents
the quantized value of 119908(2)119909
6 Conclusions
This paper proposes a new biometric authentication methodwith the security of cryptographic technology simultane-ously achieving the functions of cryptographic technologyand biometric recognition This method is very simple toimplement through the addition of a subsystem to existingbiometric systems The proposed method offers increasedsecurity with resistance to power analysis attacks fault-based cryptanalysis and replay attacksThis method can alsostrengthen the confidentiality of stored biometric data andrecognition processes and also offers secure remote biometricidentity authentication Fingerprint structural matching ispresented as an application example for reference of a techni-cal implementation The proposed concept can be applied toany combination of biometrics and cryptographic techniquesto securely exploit the advantages of both technologies
Acknowledgments
This work was partially supported by the National ScienceCouncil under Grant NSC 101-2221-E-182-071 and by theCGURP project under Grant UERPD2B0021 The authorsalso gratefully acknowledge the helpful comments and sug-gestions of the reviewers which have improved the presenta-tion
References
[1] J K Lee S R Ryu and K Y Yoo ldquoFingerprint-based remoteuser authentication scheme using smart cardsrdquo ElectronicsLetters vol 38 no 12 pp 554ndash555 2002
[2] W C Ku S T Chang andMH Chiang ldquoFurther cryptanalysisof fingerprint-based remote user authentication scheme usingsmartcardsrdquo Electronics Letters vol 41 no 5 pp 240ndash241 2005
[3] MK Khan and J Zhang ldquoAn efficient and practical fingerprint-based remote user authentication scheme with smart cardsrdquoin Information Security Practice and Experience vol 3903 ofLecture Notes in Computer Science pp 260ndash268 2006
[4] A Baig A Bouridane F Kurugollu and G Qu ldquoFingerprint-Iris fusion based identification system using a single hammingdistance matcherrdquo International Journal of Bio-Science and Bio-Technology vol 1 no 1 pp 47ndash58 2009
[5] J Pedraza M A Patricio A de Asıs and J MMolina ldquoPrivacyand legal requirements for developing biometric identificationsoftware in context-based applicationsrdquo International Journalof Bio-Science and Bio-Technology vol 2 no 1 pp 13ndash242010
[6] C C Chang S C Chang and Y W Lai ldquoAn improvedbiometrics-based user authentication scheme without concur-rency systemrdquo International Journal of Intelligent InformationProcessing vol 1 no 1 pp 41ndash49 2010
[7] C T Li and M S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[8] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 541ndash552 2011
[9] Y An ldquoSecurity analysis and enhancements of an effectivebiometric-based remote user authentication scheme usingsmart cardsrdquo Journal of Biomedicine and Biotechnology vol2012 Article ID 519723 6 pages 2012
[10] H S Kim S W Lee and K Y Yoo ldquoID-based passwordauthentication scheme using smart cards and fingerprintsrdquoACM Operating Systems Review vol 37 no 4 pp 32ndash41 2003
[11] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002
[12] S M Yen and M Joye ldquoChecking before output may not beenough against fault-based cryptanalysisrdquo IEEE Transactions onComputers vol 49 no 9 pp 967ndash970 2000
[13] M Scott ldquoCryptanalysis of an ID-based password authentica-tion scheme using smart cards and fingerprintsrdquo ACM SIGOPSOperation System Review vol 38 no 2 pp 73ndash75 2004
[14] N K Ratha K Karu S Chen and A K Jain ldquoA real-time matching system for large fingerprint databasesrdquo IEEETransactions on Pattern Analysis and Machine Intelligence vol18 no 8 pp 799ndash813 1996
[15] C J Lee and S D Wang ldquoGabor filter-based approach tofingerprint recognitionrdquo in Proceedings of the IEEE Workshopon Signal Processing Systems (SiPS rsquo99) pp 371ndash378 1999
[16] G Cao Y Mei Z Mao and Q S Sun ldquoFingerprint matchingusing local alignment based on multiple pairs of referenceminutiaerdquo Journal of Electronic Imaging vol 18 no 4 ArticleID 043002 2009
[17] A K Hrechak and J A McHugh ldquoAutomated fingerprintrecognition using structural matchingrdquo Pattern Recognitionvol 23 no 8 pp 893ndash904 1990
[18] L C Jain ldquoAn automated matching technique for fingerprintidentificationrdquo in Proceedings of the 1st International Conferenceon Knowledge-Based Intelligent Electronic Systems pp 21ndash23May 1997
[19] A Wahab S H Chin and E C Tan ldquoNovel approach toautomated fingerprint recognitionrdquo IEE Proceedings VisionImage amp Signal Processing vol 145 no 3 pp 160ndash166 1998
[20] Y J Chang W Zhang and T Chen ldquoBiometrics-based crypto-graphic key generationrdquo in Proceedings of the IEEE InternationalConference onMultimedia and Expo (ICME rsquo04) pp 2203ndash2206June 2004
[21] Y Dodis L Reyzin and A Smith ldquoFuzzy extractors how togenerate strong keys from biometrics and other noisy datardquo inProceedings of the International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo04)Interlaken Switzerland May 2004
[22] F Hao R Anderson and J Daugman ldquoCombining cryptogra-phy with biometrics effectivelyrdquo Tech Rep UCAMCL-TR-640University of Cambridge Computer Laboratory CambridgeUK 2005
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
12 BioMed Research International
[23] W Shalaby and M O Ahmad ldquoA multilevel structural tech-nique for fingerprint representation and matchingrdquo SignalProcessing vol 93 no 1 pp 56ndash69 2012
[24] Q Wang G Liu Z Guo J Guo and X Chen ldquoStructuralfingerprint based hierarchical filtering in song identificationrdquo inProceedings of the IEEE International Conference onMultimediaand Expo (ICME rsquo11) pp 1ndash4 IEEE 2011
[25] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer 2009
[26] Q Tong and J Zhu ldquoResearch of improved gabor based onfingerprint image enhanced algorithm in wavelet domainrdquo inProceedings of the International Conference on ComputationalProblem-Solving (ICCP rsquo12) pp 17ndash18 IEEE 2012
[27] H Khazaei and A Mohades ldquoFingerprint matching and clas-sification using an onion layer algorithm of computationalgeometryrdquo in Proceedings of the 13th International CSI ComputerConference 2008
[28] A Panchenko LNiessenA Zinnen andT Engel ldquoWebsite fin-gerprinting in onion routing based anonymization networksrdquoin Proceedings of the 10th Annual ACMWorkshop on Privacy inthe Electronic Society pp 103ndash114 ACM 2011
[29] S Mazaheri B S Bigham and R M Tayebi ldquoFingerprintmatching using an onion layer algorithm of computationalgeometry based on level 3 featuresrdquo Communications in Com-puter and Information Science vol 166 no 1 pp 302ndash314 2011
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Anatomy Research International
PeptidesInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
International Journal of
Volume 2014
Zoology
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Molecular Biology International
GenomicsInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioinformaticsAdvances in
Marine BiologyJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Signal TransductionJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
BioMed Research International
Evolutionary BiologyInternational Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Biochemistry Research International
ArchaeaHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Genetics Research International
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Advances in
Virolog y
Hindawi Publishing Corporationhttpwwwhindawicom
Nucleic AcidsJournal of
Volume 2014
Stem CellsInternational
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Enzyme Research
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Microbiology
