Biometric authentication systems, which recognize a person based on physical characteristics (e.g., fingerprint, finger-vein, iris) or behavioral characteristics (e.g., voice, gait), have been used for various applications (e.g., PC login, physical access control, banking). They are also expected to be applied to user authentication over networks (e.g., internet banking, online payment, membership authentication), where a client sends a biometric sample (referred to as a query sample) to a server for authentication, and the server compares it with a biometric feature enrolled in a database (referred to as a template).
However, the use of biometric authentication over networks raises severe security concerns. Specifically, since biometric features (e.g., fingerprint, finger-vein, iris) are unchangeable, they cannot be revoked (unlike passwords or tokens) if they are leaked from the server. A naive way to prevent the leakage of biometric features is to encrypt the features using a conventional encryption scheme such as AES (Advanced Encryption Standard). However, since the encrypted features have to be decrypted to perform pattern matching on the server, a skilled attacker aiming at the timing of decryption can obtain the original features.
Template protection schemes , which keep biometric features secret even during the matching phase, have been widely studied to address this issue. They can be divided into two approaches: cancelable biometrics (a.k.a. feature transformation) [34, 38, 40, 39, 46] and biometric cryptosystems [11, 12, 22, 26]. Among them, a cancelable biometric scheme called correlation-invariant random filtering (CIRF) [38, 40, 39] is known as a promising template protection scheme. CIRF transforms biometric features via the 2D number theoretic transform (NTT) and random filtering. Then it performs pattern matching without restoring the original features by multiplying the transformed template by the transformed query sample and transforming the result via the 2D inverse NTT (see Section 2.4 for details). CIRF can be applied to any kind of biometric traits whose score (distance or similarity) is measured via cross-correlation between biometric features (e.g., fingerprint , face , iris , finger-vein ) without affecting accuracy. In addition, it is proved in [40, 39] that CIRF has perfect secrecy. Specifically, according to , a cryptosystem has perfect secrecy if any ciphertext (: ciphertext space) provides no information about the plaintext (: plaintext space); i.e., for any and any . Similarly, it is proved in [40, 39] that in CIRF, the transformed template (: space of transformed templates) provides no information about the original template (: space of original templates); i.e., for any and any .
However, CIRF cannot be applied to a large-scale biometric identification system because of its high computational time during the matching phase. More specifically, biometric authentication can operate in either of the following two modes: verification and identification . In the verification mode, a user claims an identity (i.e., enters an ID number or presents a smart card) and inputs his/her query sample. Then the system compares the query sample with a template corresponding to the claimed identity (i.e., one-to-one matching). In the identification mode, a user inputs only his/her query sample. Then the system compares the query sample with many templates in the database (i.e., one-to-many matching). Based on the scores, the system identifies the user (e.g., if the system finds a template whose distance falls below a threshold, it identifies the user as the corresponding enrollee; if there is no such template, it rejects the user). Biometric identification offers a more convenient way of authentication, since a user need not enter an ID number or present a smart card. However, the response time can be very long in large-scale biometric identification, since the one-to-many matching time increases in proportion to the number of templates. This problem is particularly severe for CIRF, since the 2D inverse NTT in the matching phase requires a number of 1D inverse NTTs, which involve high computational time. For example, in our experiments in Section 4, it took ms to compute a score between two biometric features based on CIRF. This means that it takes about () seconds to identify a user when the number of templates in the database is .
, which is a simple representation of the biometric feature (e.g., binary string, vector). In the identification phase, it typically computes anapproximate score (distance or similarity) for each template using the index. In this paper, we refer to this process as an approximate matching. After the approximate matching, it sorts templates in ascending (or descending) order of the approximate distance (or similarity) and computes an “exact” score for a template according to the sorted order (e.g., if the exact distance falls below a threshold, identify the user as the corresponding enrollee; otherwise, continue to the next template). Since the index is a simple representation of the biometric feature, the approximate score is efficiently computed and is highly correlated with an exact score. Therefore, a genuine template can be found in the early stage of exact matching. Consequently, the number of exact score computations can be significantly reduced.
It should be noted, however, that a biometric index leaks some information about the original biometric feature, since it is a simple representation of a biometric feature. Therefore, a biometric index needs to be protected in the same way as a biometric feature when it is used to speed up biometric identification over networks. In the following, we review previous work related to this issue.
1.1 Related Work
Biometric indexing schemes have been widely studied in the literature (a survey of them can be found in [21, 23]). They are recently studied for various kinds of biometric traits; e.g., fingerprint [7, 37, 45], iris [10, 30, 33], and finger-vein [18, 32, 42]. However, most existing biometric indexing schemes do not protect a biometric index, and cannot be securely used for biometric identification over networks. Some studies [12, 17, 20, 44, 49] proposed an indexing (or hashing) scheme that transforms or encrypts an index (or hash) and performs a query search without recovering the original index (or hash). However, these schemes do not guarantee that the transformed index leaks no information about the original index (i.e., perfect secrecy). As a different approach, a filtering technique for biometric identification based on secure multiparty computation was proposed in . In this approach, however, the original templates are stored in the server, and can be leaked by illegal access or by internal fraud.
1.2 Our contributions
In this paper, we propose a novel indexing scheme called cancelable indexing to speed up CIRF without losing its security properties. The proposed indexing scheme has perfect secrecy in that the transformed index leaks no information about the original biometric feature. To our knowledge, the proposed indexing scheme is the first to have such perfect secrecy. Our contributions are as follows:
We propose a cancelable indexing scheme based on fast computation of CIRF via low-rank approximation of biometric images and via a minimum spanning tree representation of low-rank matrices in the Fourier domain. We prove that the proposed indexing scheme computes a cross-correlation between two approximated biometric images with much less 1D inverse NTTs (Section 3.4, Theorem 1).
We then prove that the transformed index leaks no information about the original biometric feature and the original index (Section 3.4, Theorem 2). To our knowledge, the proposed indexing scheme is the first to have such perfect secrecy. Based on this property, we thoroughly discuss the security of the proposed scheme.
We evaluate the proposed scheme using the finger-vein dataset in , which includes six fingers from subjects. Our experimental results show that the proposed scheme significantly reduces the one-to-many matching time. For example, the proposed scheme requires only about one second on average when the number of templates is (whereas it takes about seconds to compute exact scores for all of the templates).
In this section, we describe details of cancelable biometrics and CIRF [38, 40, 39]. We first explain an overview of cancelable biometrics in the case of verification and identification in Sections 2.1 and 2.2, respectively. We then describe desirable properties for cancelable biometrics in Section 2.3. We finally explain details of CIRF in Section 2.4.
2.1 Cancelable biometrics for verification
Fig. 1 shows an overview of cancelable biometrics in the case of biometric verification. Let , , , , and be spaces of templates, query samples, parameters, transformed templates, and transformed query samples, respectively. We denote a template, query sample, parameter, transformed template, and transformed query sample by , , , , and , respectively. In the enrollment phase, a template is transformed via a transformation function , which is dependent on a parameter , and the transformed template is stored in an authentication server. The parameter is uniformly randomly generated, and plays a role similar to an encryption key. The parameter can be stored in a client or a parameter management server , which is administered separately from the authentication server.
In the authentication phase, a query sample is transformed via a transformation function , which is dependent on the parameter , and the transformed query sample is sent to the authentication server. The authentication server compares () with the transformed template (). Let be the set of real numbers, and be an exact score function that takes input a template and a query sample and outputs an exact score (distance or similarity) between and . The authentication server computes an exact score by comparing with without restoring and . If the distance (resp. similarity) is smaller (resp. larger) than a pre-determined threshold, the authentication server accepts the user (otherwise, it rejects the user). The transformation function is designed so that the original biometric feature cannot be recovered from the transformed template . Therefore, even if or is leaked, they can be revoked by generating a new parameter and replacing with a new transformed template . Similarly, is designed so that cannot be recovered from .
Note that the original template can be recovered from and , if is a bijective (one-to-one) function. Even if is a many-to-one function, it is possible to recover from and , as shown in [28, 31]. Therefore, if both and are leaked, can be recovered from them. It is important to note, however, that if the parameter is managed separately from the transformed template (e.g., is stored in the client or the parameter management server ), the risk of simultaneous leakage of and can be significantly reduced. If we store in a client that can be accessed by any user (e.g., ATM, POS, kiosk terminal), there might be a high risk that is leaked from the client. Thus, a more secure way would be to use a parameter management server . In this model, a parameter management server securely manages . The parameter management server and the authentication server are administered separately by different administrators or organizations, and they do not collude with each other. Since users cannot access the parameter management server, the risk of the leakage of is much smaller (for details of the authentication protocol in this model, see ).
Separate and secure management and periodic revocation of and play important roles in protecting templates.
2.2 Cancelable biometrics for identification
We now explain cancelable biometrics in the case of biometric identification. Let be the set of natural numbers, be the number of templates, be the -th template, and be the -th transformed template (). Let further be a parameter for the -th template . Regarding parameters , we consider the following two scenarios: (i) are independently and uniformly generated (i.e., a parameter is different from template to template); (ii) a common parameter (), which is uniformly generated, is used for all templates. We refer to the former scenario as an individual parameter scenario, and the latter as a common parameter scenario.
In the individual parameter scenario, the -th template is transformed using the -th parameter : (). If we store all parameters in the client, the client transforms a query sample using each of in the authentication phase. Let be the -th transformed query sample. The client sends transformed query samples to the authentication server. Then the authentication server computes a score between (= ) and () (). In this case, the communication cost between the client and the authentication server is proportional to . Similarly, if we store in the parameter management server , the communication cost between the parameter management server and the authentication server is proportional to .
The common parameter scenario is much more efficient in terms of the communication cost. In this case, the -th template is transformed using a common parameter : (). At the authentication phase, we only have to transform a query sample using and send the transformed query sample to the authentication server. Then the authentication server computes a score between () and (). In this case, the communication cost does not depend on . However, since we use the same parameter for all templates in this case, we need to thoroughly discuss its security. In this paper, we propose a cancelable indexing scheme for both the individual parameter scenario and the common parameter scenario, and thoroughly discuss the communication cost and the security in both cases in Section 3.4.
2.3 Desirable properties for cancelable biometrics
Security (irreversibility): It should be impossible or computationally hard to recover the original biometric feature from the transformed feature.
Diversity (unlinkability): The transformed feature should not allow cross-matching across databases.
Revocability: It should be straightforward to revoke a compromised template and reissue a new one based on the same biometric data.
Accuracy: FAR (False Acceptance Rate) and FRR (False Rejection Rate) should not be degraded by transforming biometric features.
In biometric identification, an ideal cancelable biometric system should also have the following property:
Response time: The one-to-many matching time should be small (e.g., one second).
Regarding the security (irreversibility) in biometric identification, we consider attackers of the following three types:
Attacker A who obtains one transformed template, which corresponds to the -th template .
Attacker B who obtains transformed templates, which corresponds to the templates .
Attacker C who obtains all transformed features, which corresponds to the templates and the query sample .
Typically, Attackers A and B are outsiders who obtain the transformed template(s) leaked from the authentication server (i.e., external attackers), whereas Attacker C is a malicious server (i.e., internal attacker). For the cancelable indexing scheme proposed in Section 3, we assume that these attackers obtain transformed indexes in addition to transformed features.
2.4 Correlation-invariant Random Filtering (CIRF)
We assume that a biometric feature is represented as an image with (height) (width) pixels (as shown in Fig. 2), and each pixel value is a nonnegative integer less than ( is a sufficiently large prime, which is described later in detail). Let be the set of nonnegative integers less than ; i.e., . Then, a template and a query sample can be expressed as and , respectively; i.e., . Let and () be the -th pixel of and , respectively. We assume that an exact score between and is computed using cyclic cross-correlation :
where and are maximum allowable shift lengths between and . can also be expressed as cyclic convolution , where denotes a flipped image of :
. Since linear cross-correlation can be computed using cyclic cross-correlation with the help of zero-padding, this assumption is valid for any kind of biometric traits whose scoreis measured via linear cross-correlation [4, 9, 14, 25]. Examples of such scores include the minimum of the Hamming distances of overlapped binary images over all values of and (see A for details).
CIRF transforms a template via the 2D number theoretic transform (NTT)
, a kind of 2D discrete Fourier transform (DFT) over the Galois field:
are elements of the Galois field whose orders are and , respectively. is a prime that satisfies
(i.e., and divide ), and is larger than the maximum of the cyclic cross-correlation between two biometric features . Hereinafter, we assume that all numerical operations are performed over , and omit the notation “”.
After computing , CIRF computes , where denotes a pixel-wise multiplication (i.e., Hadamard product) and is a parameter (random filter) uniformly randomly generated from (). In other words, the space of parameters is . As for the query sample , CIRF computes , where denotes a pixel-wise inverse of . Thus, the transformed template and the transformed query sample are and , respectively, and .
In the matching phase, CIRF computes ( is the 2D inverse NTT), which can be written as follows:
In other words, CIRF computes cross-correlation without restoring the original biometric features and . Therefore, CIRF can be applied to any kind of biometric traits whose score is measured via without affecting accuracy.
It is proved that the transformed template leaks no information about the original template : for any and any (i.e., perfect secrecy) [40, 39]. Similarly, leaks no information about : for any and any . If the transformed template or the parameter is leaked, they can be revoked by generating a new parameter and issuing a new transformed template as follows: .
In addition, it is proved that two transformed templates and generated from the same biometric feature are independent: if and are independently and uniformly generated . Therefore, the attacker cannot perform cross-matching across databases.
In summary, CIRF is a promising scheme with regard to the properties (i), (ii), (iii), and (iv) in Section 2.3.
3 Cancelable indexing based on Low-rank Approximation of CIRF
A major shortcoming of CIRF is that it cannot be applied to a large-scale biometric identification because of high computational cost in the matching phase (i.e., it does not have the property (v) in Section 2.3). In particular, the 2D inverse NTT of requires high computational cost (we confirmed that the time to compute the 2D inverse NTT accounts for most of the matching time). The 2D inverse NTT of requires separate 1D inverse NTTs, even with the aid of the row-column algorithm. Therefore, we propose a cancelable indexing scheme that significantly reduces the number of the 1D inverse NTTs.
We first explain an overview of the proposed indexing scheme in Section 3.1. We then describe an algorithm for the proposed indexing scheme in Sections 3.2 and 3.3. We finally explain its theoretical properties in Section 3.4.
We begin by briefly explaining an overview of the proposed indexing scheme. Let be the number of transformed template stored in an authentication server, be the -th template, and be a query sample.
The proposed indexing scheme is based on our findings that the number of the 1D inverse NTTs in CIRF can be significantly reduced by approximating biometric images by low-rank matrices. Specifically, the proposed scheme approximates and by low-rank matrices and , respectively, and factorizes each of them into small matrices using matrix factorization [8, 35, 50]. Then it uses small matrices computed from and as indexes of and , respectively. The proposed scheme performs pattern matching for the indexes in an analogous way to CIRF. More specifically, it transforms the indexes via the 1D NTT and random filtering, and computes the cross-correlation from the transformed indexes (without restoring the original indexes) via a small number of 1D inverse NTTs. Fig. 3 shows , , and (, , , and are small matrices, which are described in detail in Section 3.2).
It should be noted that since and approximate and , respectively, also approximates . Let be an approximate score function that takes input and and outputs an approximate score (distance or similarity) between and . The proposed scheme computes an approximate score using , and sorts transformed templates in ascending (or descending) order of the approximate distance (or similarity) . Then it computes an exact score according to the sorted order. Since is highly correlated with , a genuine template can be found in the early stage of exact matching.
The proposed indexing scheme can be applied to any kind of biometric traits whose score is measured via cross-correlation. In this paper, we use CIRF to compute an exact score, since it is promising with regard to the properties (i), (ii), (iii), and (iv).
We now describe details of the proposed indexing scheme. We regard the -th template and the query sample as rank-k matrices with very small (; in our experiments, or ), and approximate them as follows:
where , , , , , and .
We define and as follows:
and use them as an index of and , respectively. To compute and from and , we use a matrix factorization method such as NMF (Non-negative Matrix Factorization)  and BMF (Boolean Matrix Factorization) [35, 50].
(, , , ; and are random vectors) as a parameter (random filter) for the index (). For the first index , we also use
(, ; they are random vectors) as an additional parameter. is required (in addition to ) to compute the cyclic convolution , as explained later in detail. () and are stored in a client or a parameter management server . Fig. 4 shows , , , and . In the following, we describe the proposed algorithm in the individual parameter scenario, where () and are independently and uniformly generated. The algorithm below can easily be extended to the common parameter scenario by setting and using as a common parameter ( is also used in the common parameter scenario in the same way as the individual parameter scenario).
Fig. 5 shows the process of the proposed indexing scheme in the enrollment/authentication phase. In the enrollment phase, the proposed indexing scheme performs the following process:
Compute transformed indexes from , , and as follows:
(13) (14) (15) (16)
and denotes the 1D NTT.
Store the transformed indexes in the database of the authentication server (along with the transformed templates ).
In the step 1, we compute (resp. ) in (13) (resp. (14)) by transforming (resp. ()) via the 1D NTT and filtering (resp. ). We also compute (resp. ) in (15) (resp. (16)) by filtering an additional parameter (resp. ). The size of is pixels in total.
In the authentication phase, the proposed scheme performs the following process:
Compute transformed indexes from , , and as follows:
(18) (19) (20) (21)
and is a flipped vector of (i.e., , ).
Compute matrices and (), which are given by
where is the 1D inverse NTT and is a matrix of columns, whose ()-th column is given by . We can compute and from and via minimum spanning trees, as described in Section 3.3.
Compute the following matrix ():
As we prove later, (Section 3.4, Theorem 1). In other words, approximates the cross-correlation , and therefore we can compute an approximate score based on .
Sort transformed templates in ascending (or descending) order of the approximate distance (or similarity) .
Then, the proposed scheme computes an exact score based on according to the sorted order. If the exact distance (or similarity) falls below (or exceeds) a threshold (i.e., if a genuine template is found), it identifies the user as the corresponding enrollee and terminates the identification process. If a genuine template is not found after matching all the templates, it rejects the user.
3.3 Computation of and via minimum spanning trees
We now explain how to compute and () in (22) and (23) using the transformed indexes and (), which are given by (12) and (17), respectively. We begin by explaining how to compute () in detail (since can be computed in the same way as ).
First, we compute
using and (see (13), (15), (18), and (20)). It is important to note that (25) and (26) form a minimum spanning tree , whose vertices represent and (), and whose edges represent their Hadamard products. Fig. 6 shows the minimum spanning tree formed from (25) and (26) in the case where .
using the minimum spanning tree. Specifically, we compute the Hadamard product of and () other than (25) and (26) by tracking the path from to via and . In other words, we compute using (25) and (26) as follows:
Similarly, we compute () in (23) using the minimum spanning tree. Specifically, we compute
3.4 Theoretical properties
We show some theoretical properties of the proposed indexing scheme. We begin with the following theorem:
The proof is given in B. Theorem 1 means that approximates . By sorting transformed templates in ascending (or descending) order of an approximate distance (or similarity) based on , we can find a genuine template in the early stage of exact matching.
We then consider the security of the proposed indexing scheme against Attackers A, B, and C in Section 2.3. We assume that these attackers obtain transformed indexes in addition to transformed features, as described in Section 2.3. Let and be sets of transformed templates and transformed indexes, respectively. Attacker A obtains and . whereas Attacker B obtains and . Let further and be sets of transformed query samples and transformed indexes, respectively. Attacker C obtains , , , and . Table 2 summarizes the information available to each attacher.
Let , , , and be spaces of