Cancelable Iris template generation by aggregating patch level ordinal relations with its holistically extended performance and security analysis
Graphical abstract
Introduction
Privacy is a growing concern in today's technocratic world, owing to many digital activities involved in day-to-day life. With the rapid deployment of cloud-based applications, cybercrimes against identity frauds have increased tremendously. Although modern cryptographic techniques provide a good solution for protecting textual data but protecting biometric templates that can be captured surreptitiously even without the knowledge of the subject is still a challenging issue. Due to the deployment of large biometric systems like Aadhar(India) [1] and Mykad(Malaysia) [2], it is essential to ensure the security of biometric templates to gain public confidence and trust in them. Even the EU General Data Protection Regulation 2016/679 [3] has defined biometric data as sensitive data. Loss of biometric identity invades personal privacy; moreover, its loss at some less secure application may incapacitate its usage at a more secure application like banking. Biometric identity theft also involves social and financial loss, and in extreme cases, can even affect personal emotional health negatively. Biometric identity can be stolen in a number of ways like an adversary can present a spoof of the biometric at the sensor level, or he can potentially stage a man-in-the-middle attack by intercepting the biometric information being transmitted. Another vulnerability of a biometric system arises when an adversary hacks into the biometric database and obtains biometric templates. Fig. 1 describes this kind of vulnerability. Here, in Fig. 1 Person A is using his biometrics for two applications having different security levels (biometric attendance and biometric banking) under two scenarios: Scenario A(Secured) and Scenario B(Unsecured). It is clearly indicated in Fig. 1 that under Scenario A biometric templates are vulnerable as an attacker can attack less secure application (attendance) and can incapacitate its usage at secure application (banking) while this is not the case under Scenario B (secured via storing a transformed version of biometric templates).
In the past decade, several techniques have been developed by the scientific community to address adversarial attacks on biometric databases. In 2011, the ISO/IEC 24745 [4] standard proposed fundamental security requirements of biometric template protection (BTP) techniques. On an abstract level, the BTP scheme stores some form of transformed data instead of the original biometric template to provide the required security level. BTP techniques are majorly classified into two main categories, namely: biometric cryptosystems [5], [6] and cancelable biometrics [7]. A detailed, comprehensive survey of various BTP schemes is presented in [8]. Here, in our work, we are dealing with this second kind of BTP technique, namely cancelable biometrics. In the case of cancelable biometrics, a pseudo biometric identity (PBI) is generated by employing some transformation function and user-specific key. This generated PBI is stored in the database instead of storing the original template. Here, matching is performed in the transformed domain. To design an effective cancelable biometric scheme, the following four criteria need to be addressed simultaneously [8], [9].
- 1.
Non-invertibility It should be computationally not feasible to derive the original biometric template from the stored pseudo biometric identity or, in other words, transformation function should be one way.
- 2.
Revocability In case PBI is compromised, it should be feasible to generate new and distinct PBI that can replace the older one.
- 3.
Unlinkability It should be infeasible to differentiate whether one or more PBI are generated from the same biometric user or different. This property ensures against cross-database linkage attacks.
- 4.
Usability perseverance of cancelable template accuracy with respect to the baseline model.
Biometric trait: Iris is considered as one of the best biometric traits owing to its unique and distinctive features [10]. It is a ring-shaped region lying between the pupil and sclera, as shown in Fig .2a. It mainly consists of two areas (1) pupillary region (an innermost region that forms the boundary of the pupil) (2) ciliary region (rest of the iris region). It has a rich pattern collection of several microstructures like crypts, furrows, collarette (a region that separates pupillary and ciliary region) that is generated through a random process before birth. It is an internal organ that is well protected against damage and age-invariant also. However, still, it suffers from many challenging issues like obscuring eyelids, eyelashes, motion-blur, reflection, contact-lenses, and many more. Moreover, it has been indicated by a report from 2014 [11], a large number of people Worldwide (around one billion) have enrolled their iris images in various databases across the globe. Thus, preventing iris templates from adversarial attacks is essential to retain public trust and confidence in them.
Problem statement: In this paper, we handle an adversarial attack on the iris database by generating cancelable iris templates using novel deep architecture based on ordinal filtering and two representatives (state-of-the-art) cancelable biometric techniques, namely BioHashing and 2N discretized BioPhasor. For generating cancelable iris templates there is mainly two class of families (1) First one, that works over binary feature vector like Bloom Filter [12] and its variants (Cuckoo Filter [13], Morton Filter [14]) (2) the second one, that works over discrete feature vectors like BioHashing and its variants [15]. Since in our work, we are extracting deep features, we are considering the second case. Moreover, another main reason of choosing BioHashing and 2N discretized BioPhasor technique is their wide applicability directly [16], [17], [18], [19], [20], [21] or in the form of its variants [15], [22], [23] in the cancelable domain.
Recently, many template protection techniques have been proposed in the literature, but there exhaustive comparative analysis in the view of new template protection metrics [24], [25], [26] is still insufficient. This further inspired us to conduct rigorous security analysis over Biohashing and 2N discretized BioPhasor technique, which is important to ascertain their vulnerability points and help researchers in mitigating them and thus security can be enhanced.
In this work, we focus on exploring three key concerns: (1) How can we use deep features for generating cancelable iris templates? (2) Efficacy tradeoff between deep and handcrafted features (3) In-depth comparative analysis (performance and security) between two cancelable techniques, BioHashing and 2N discretized BioPhasor with respect to the proposed deep features. The specific contribution of this paper is as follows:
- 1.
For extracting distinctive iris features, a novel deep architecture is proposed based on aggregation learning. This deep architecture is based on an ordinal measure that can encode distinctive iris features quite well. The proposed network uses fixed filters by applying domain knowledge and only learns their non-linear aggregation using (1 × 1) filters.
- 2.
In-depth comparative performance analysis of available state-of-the-art techniques (BioHashing and 2N discretized BioPhasor).
- 3.
Exhaustive security analysis of the proposed cancelable templates is performed in order to ensure three fundamental requirements (non-functional attributes) of cancelability i.e., irreversibility, revocability, and unlinkability while maintaining the functional requirement i.e., usability.
- 4.
A thorough experimental analysis to validate the proposed framework on CASIA-V3 Interval [27], CASIA-Lamp [28], IITD [29] and IITK iris dataset for iris recognition. Further, for qualitative assessment. Three measures are taken as performance indicators i.e., FA (false acceptance), FR (false rejection), DI (decidability index) calculated at EER, obtaining state-of-the-art comparative results.
- 5.
To ascertain what exactly specific layers of the proposed ordinal measure based deep network, is learning, layer-specific heatmap and feature map analysis is carried out.
This paper is organized as follows. In Section 2 we review, the state-of-the-art of cancelable iris along with the cancelable template protection metrics. In Section 3, we define our proposed methodology and design framework of our deep architecture. In Section 4, we provide details of our dataset used and experimental results. In Section 5, detailed security analysis is performed. Finally, Section 6 and Section 7 delineates major limitations, findings and concludes our paper.
Section snippets
Literature review
Due to digitization security of biometric templates used in online-authentication systems is a pressing issue of concern. Each year new cancelable techniques are developed to protect templates from adversarial attacks. With the development of new techniques, new attacks are also proposed to break them. Thus, the evaluation of existing techniques is crucial. Here, in this section, we will present a brief overview of the iris as a biometric along with detailed summarization of notable works in
Proposed methodology
Recent advancements in deep learning show superior performance of convolutional neural networks (CNNs) on large scale databases like ImageNet [51], MS-COCO [52] and CIFAR-10 [53]. The key reason behind the success of convolutional neural networks is their ability to automate the learning of generic descriptors that can represent complex images quite well, as opposed to using handcrafted features. Very recently, Ahmad et al. [54] proposed a deep network based on triplet loss for iris
Experimental analysis
This section is focused on experimental setup, result interpretation and comparative analysis. The performance of proposed architecture has been tested on four iris datasets namely IITK, CASIA-V3 Interval [27], CASIA-Lamp [28] and IITD [29]. Performance comparison is done in terms of FA (false acceptance), FR (false rejection) and DI (decidability index). Here, FA and FR are calculated at EER(equal error rate). We have considered 4 different bitmaps of sizes 32 bit, 64 bit, 128 bit and 256 bit
Security analysis
The proposed cancelable iris templates detailed security analysis on publicly available CASIA Lamp iris dataset has been done by performing unlinkability, revocability, and statistical analysis. The non-invertibility has been examined by analyzing various possible attacks such as zero effort, exhaustive, stolen biometrics, stolen template, and worst case.
- 1.
Unlinkability Analysis: It is done to analyze the linkability of the stored biometric templates across various databases. Linkage across
Limitation
One of the limitations of the proposed architecture is in the scenario where the number of subjects enrolled in the system is not fixed but kept on changing with time. Since the deep features in our proposed framework are learned in a joint manner, enrolling a new subject involves re-training an entire network, which is quite a time-consuming task. A possible solution for the aforementioned problem is to use different deep networks for a set of subjects, and when a new subject is enrolled, add
Conclusion
In this paper, we focused on generating cancelable iris templates using two representative state-of-the-art techniques. This framework address two challenging issues (1) extracting distinctive iris features using novel proposed deep-learning network OMIFNet based on ordinal measures (2) exhaustive security analysis of two representative state-of-the-art techniques BioHashing and 2N discretized BioPhasor. To the best of our knowledge, this is the first attempt in which deep-features are used for
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (81)
- et al.
Cancellable iris template generation based on indexing-first-one hashing
Pattern Recogn.
(2017) - et al.
A novel cancelable iris recognition system based on feature learning techniques
Inf. Sci.
(2017) - et al.
Biohashing: two factor authentication featuring fingerprint data and tokenised random number
Pattern Recogn.
(2004) - et al.
Empirical tests on biohashing
Neurocomputing
(2006) - et al.
Palmhashing: a novel approach for cancelable biometrics
Inf. Process. Lett.
(2005) - et al.
Comparison and combination of iris matchers for reliable personal authentication
Pattern Recogn.
(2010) - et al.
Deepiris: learning pairwise filter bank for heterogeneous iris verification
Pattern Recogn. Lett.
(2016) - et al.
Unlinkable and irreversible biometric template protection based on bloom filters
Inf. Sci.
(2016) - et al.
A privacy-preserving cancelable iris template generation scheme using decimal encoding and look-up table mapping
Comput. Secur.
(2017) - et al.
An efficient and robust iris segmentation algorithm using deep learning
Mob. Inf. Syst.
(2019)
Multi-biometric template protection based on bloom filters
Inform. Fusion
Unique identification authority of india
Malaysia identity card
European council, regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation)
ISO/IEC JTC1 SC27 security techniques, ISO/IEC 24745:2011
Biometric encryption using image processing
On Enabling Secure Applications through off-Line Biometric Identification, in: Security and Privacy - IEEE Symposium on Security and Privacy
Enhancing security and privacy in biometrics-based authentication systems
IBM Syst. J.
Cancelable biometrics: a review
IEEE Signal Process. Mag.
A human identification technique using images of the iris and wavelet transform
IEEE Trans. Signal Process.
Major International Deployments of the Iris Recognition Algorithms: A Billion Persons
Towards bloom filter-based indexing of iris biometric data
Towards reducing the error rates in template protection for iris recognition using custom cuckoo filters
Morton filters for iris template protection - an incremental and superior approach over bloom filters
Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs
IEEE Trans. Pattern Anal. Mach. Intell.
Biometric hash: high-confidence face recognition
IEEE Tras. Circuits Syst. Video Techn.
Discriminative projection selection based face image hashing
EICE Trans.
2N Discretisation of Biophasor in Cancellable Biometrics, in: Advances in Biometrics
Improved biohashing method based on most intensive histogram block location
General framework to evaluate unlinkability in biometric template protection systems
IEEE Trans. Inform. Foren. Secur.
Evaluation of biometric template protection schemes based on a transformation
A genetic algorithm enabled similarity-based attack on cancellable biometrics
Casia iris image database version 3.0
Casia iris lamp database
Iris encoding and recognition using gabor wavelets
Recognition of Human Iris Patterns for Biometric Identification, Master Thesis
Efficient iris recognition by characterizing key local variations
IEEE Trans. Image Process.
Radial correlations in iris patterns, and mutual information within iriscodes
IET Biometrics
Towards more accurate iris recognition using deeply learned spatially corresponding features
Alignment free and distortion robust iris recognition
Cited by (12)
Feature decoupling and interaction network for defending against adversarial examples
2024, Image and Vision ComputingBiometric template attacks and recent protection mechanisms: A survey
2024, Information FusionA novel cancelable finger vein templates based on LDM and RetinexGan
2023, Pattern RecognitionA generic framework for deep incremental cancelable template generation
2022, NeurocomputingEditorial to special issue on novel insights on ocular biometrics
2021, Image and Vision ComputingAn iris segmentation scheme based on bendlets
2024, Signal, Image and Video Processing