Protection of the Fingerprint Minutiae

Abstract

With a growing concern regarding security, interest in biometrics is increasing. Since biometrics utilizes a user’s physiological or behavioral characteristic, which is unique and immutable, the compromise of biometric templates is a serious problem. Fingerprint authentication system is one of the most widely used biometric authentication systems. In general, in the enrollment procedure, the features are extracted from the enrollment image and are stored as a template. The template is compared to the features extracted from the verification image. Unlike passwords, however, biometrics has no or little substitutions. For example, if one’s fingerprint template is compromised, he or she cannot use that fingerprint for any other fingerprint authentication system from then on. Ratha et al. have introduced cancelable biometrics as a remedy for the problem of compromised templates (Bolle et al., 2002; Ratha et al., 2001). Cancelable biometrics distorts or transforms a user’s template using some non-invertible functions to obscure the user’s raw physical characteristics, and its matching is performed in a transformed domain. When a template is compromised, a new biometric template is issued (like a new enrollment of a new user) by distorting the biometric traits in a different way using a new instance of the non-invertible function. Ratha et al. proposed the surface folding scheme for cancelable fingerprint templates (Ratha et al., 2007). They proposed a one-way transformation which moves minutia positions using two-dimensional Gaussian functions defined over the feature domain. However, if an attacker obtains two transformed templates and transformation parameters, the original template is recovered by a dictionary attack (Shin et al., 2009). Fuzzy vault is a crypto-biometric algorithm proposed by Juels et al. (Juels & Sudan, 2002). It gives a promising solution to personal privacy and fingerprint template security problems. Clancy et al. and Uludag et al. suggested the method for applying the fuzzy vault to fingerprint authentication, which is named as fuzzy fingerprint vault (Clancy et al, 2003; Uludag et al., 2005). It generates a lot of chaff minutiae and mixes them up with the real minutiae. Then, the real minutiae are projected on a randomly generated polynomial, and the chaff minutiae are projected off the polynomial. The polynomial is successfully reconstructed using either brute-force search or Reed-Solomon code if a sufficient number of real minutiae are chosen. The genuine user can choose a sufficient number of real minutiae by presenting his or her fingerprint while the impostors cannot. Some researchers have implemented the fuzzy vault for fingerprints, and have protected the fingerprint minutiae by adding chaff points into the vault (Chung et al., 2006; Clancy et al., 2003; Dodis et al.,