Cancelable Iris template generation by aggregating patch level ordinal relations with its holistically extended performance and security analysis

https://doi.org/10.1016/j.imavis.2020.104017Get rights and content

Highlights

  • Iris Template protection.

  • Distinctive iris feature extraction based on aggregation learning.

  • Cancelable iris template generation based on ordinal filtering.

  • Cancelable iris templates exhaustive security analysis.

Abstract

Nowadays, biometric-based authentication is gaining immense popularity due to the widespread usage of digital activities. Among various biometric traits, the iris is one of the most discriminative, accurate, and popularly used biometrics. However, due to its immutable nature, it is highly vulnerable to adversarial attacks if stolen and thus poses a severe security threat. Here, in this work, we propose a cancelable iris biometric authentication system that stores a transformed version of the original iris template and thus enables cancelation and re-enrolment in case if the original template is stolen. Firstly, for extracting discriminative iris features, we have proposed a novel deep architecture based on aggregation learning. This deep architecture makes use of qualitative measure (ordinal measure), unlike popularly used quantitative measures. The usage of ordinal measures in this work enables to encode distinctive iris features quite well. Later generated iris features are protected using state-of-the-art two representative cancelable biometric techniques, namely BioHashing and 2N discretized BioPhasor. Finally, in order to justify the efficacy of the proposed architecture, we have presented rigorous and holistic security analysis. To the best of our knowledge, this is the first work that has presented such an in-depth analysis of any deep network in the context of cancelable iris biometrics. Experimental results over four datasets viz. CASIA-V3 Interval, CASIA-Lamp, IITD, and IITK demonstrate the efficacy of the proposed framework in terms of security and accuracy. Further, for better network explainability, we have also performed layer-specific heatmap and feature map analysis to ascertain what exactly our novel deep architecture is learning.

Introduction

Privacy is a growing concern in today's technocratic world, owing to many digital activities involved in day-to-day life. With the rapid deployment of cloud-based applications, cybercrimes against identity frauds have increased tremendously. Although modern cryptographic techniques provide a good solution for protecting textual data but protecting biometric templates that can be captured surreptitiously even without the knowledge of the subject is still a challenging issue. Due to the deployment of large biometric systems like Aadhar(India) [1] and Mykad(Malaysia) [2], it is essential to ensure the security of biometric templates to gain public confidence and trust in them. Even the EU General Data Protection Regulation 2016/679 [3] has defined biometric data as sensitive data. Loss of biometric identity invades personal privacy; moreover, its loss at some less secure application may incapacitate its usage at a more secure application like banking. Biometric identity theft also involves social and financial loss, and in extreme cases, can even affect personal emotional health negatively. Biometric identity can be stolen in a number of ways like an adversary can present a spoof of the biometric at the sensor level, or he can potentially stage a man-in-the-middle attack by intercepting the biometric information being transmitted. Another vulnerability of a biometric system arises when an adversary hacks into the biometric database and obtains biometric templates. Fig. 1 describes this kind of vulnerability. Here, in Fig. 1 Person A is using his biometrics for two applications having different security levels (biometric attendance and biometric banking) under two scenarios: Scenario A(Secured) and Scenario B(Unsecured). It is clearly indicated in Fig. 1 that under Scenario A biometric templates are vulnerable as an attacker can attack less secure application (attendance) and can incapacitate its usage at secure application (banking) while this is not the case under Scenario B (secured via storing a transformed version of biometric templates).

In the past decade, several techniques have been developed by the scientific community to address adversarial attacks on biometric databases. In 2011, the ISO/IEC 24745 [4] standard proposed fundamental security requirements of biometric template protection (BTP) techniques. On an abstract level, the BTP scheme stores some form of transformed data instead of the original biometric template to provide the required security level. BTP techniques are majorly classified into two main categories, namely: biometric cryptosystems [5], [6] and cancelable biometrics [7]. A detailed, comprehensive survey of various BTP schemes is presented in [8]. Here, in our work, we are dealing with this second kind of BTP technique, namely cancelable biometrics. In the case of cancelable biometrics, a pseudo biometric identity (PBI) is generated by employing some transformation function and user-specific key. This generated PBI is stored in the database instead of storing the original template. Here, matching is performed in the transformed domain. To design an effective cancelable biometric scheme, the following four criteria need to be addressed simultaneously [8], [9].

  • 1.

    Non-invertibility It should be computationally not feasible to derive the original biometric template from the stored pseudo biometric identity or, in other words, transformation function should be one way.

  • 2.

    Revocability In case PBI is compromised, it should be feasible to generate new and distinct PBI that can replace the older one.

  • 3.

    Unlinkability It should be infeasible to differentiate whether one or more PBI are generated from the same biometric user or different. This property ensures against cross-database linkage attacks.

  • 4.

    Usability perseverance of cancelable template accuracy with respect to the baseline model.

Biometric trait: Iris is considered as one of the best biometric traits owing to its unique and distinctive features [10]. It is a ring-shaped region lying between the pupil and sclera, as shown in Fig .2a. It mainly consists of two areas (1) pupillary region (an innermost region that forms the boundary of the pupil) (2) ciliary region (rest of the iris region). It has a rich pattern collection of several microstructures like crypts, furrows, collarette (a region that separates pupillary and ciliary region) that is generated through a random process before birth. It is an internal organ that is well protected against damage and age-invariant also. However, still, it suffers from many challenging issues like obscuring eyelids, eyelashes, motion-blur, reflection, contact-lenses, and many more. Moreover, it has been indicated by a report from 2014 [11], a large number of people Worldwide (around one billion) have enrolled their iris images in various databases across the globe. Thus, preventing iris templates from adversarial attacks is essential to retain public trust and confidence in them.

Problem statement: In this paper, we handle an adversarial attack on the iris database by generating cancelable iris templates using novel deep architecture based on ordinal filtering and two representatives (state-of-the-art) cancelable biometric techniques, namely BioHashing and 2N discretized BioPhasor. For generating cancelable iris templates there is mainly two class of families (1) First one, that works over binary feature vector like Bloom Filter [12] and its variants (Cuckoo Filter [13], Morton Filter [14]) (2) the second one, that works over discrete feature vectors like BioHashing and its variants [15]. Since in our work, we are extracting deep features, we are considering the second case. Moreover, another main reason of choosing BioHashing and 2N discretized BioPhasor technique is their wide applicability directly [16], [17], [18], [19], [20], [21] or in the form of its variants [15], [22], [23] in the cancelable domain.

Recently, many template protection techniques have been proposed in the literature, but there exhaustive comparative analysis in the view of new template protection metrics [24], [25], [26] is still insufficient. This further inspired us to conduct rigorous security analysis over Biohashing and 2N discretized BioPhasor technique, which is important to ascertain their vulnerability points and help researchers in mitigating them and thus security can be enhanced.

In this work, we focus on exploring three key concerns: (1) How can we use deep features for generating cancelable iris templates? (2) Efficacy tradeoff between deep and handcrafted features (3) In-depth comparative analysis (performance and security) between two cancelable techniques, BioHashing and 2N discretized BioPhasor with respect to the proposed deep features. The specific contribution of this paper is as follows:

  • 1.

    For extracting distinctive iris features, a novel deep architecture is proposed based on aggregation learning. This deep architecture is based on an ordinal measure that can encode distinctive iris features quite well. The proposed network uses fixed filters by applying domain knowledge and only learns their non-linear aggregation using (1 × 1) filters.

  • 2.

    In-depth comparative performance analysis of available state-of-the-art techniques (BioHashing and 2N discretized BioPhasor).

  • 3.

    Exhaustive security analysis of the proposed cancelable templates is performed in order to ensure three fundamental requirements (non-functional attributes) of cancelability i.e., irreversibility, revocability, and unlinkability while maintaining the functional requirement i.e., usability.

  • 4.

    A thorough experimental analysis to validate the proposed framework on CASIA-V3 Interval [27], CASIA-Lamp [28], IITD [29] and IITK iris dataset for iris recognition. Further, for qualitative assessment. Three measures are taken as performance indicators i.e., FA (false acceptance), FR (false rejection), DI (decidability index) calculated at EER, obtaining state-of-the-art comparative results.

  • 5.

    To ascertain what exactly specific layers of the proposed ordinal measure based deep network, is learning, layer-specific heatmap and feature map analysis is carried out.

This paper is organized as follows. In Section 2 we review, the state-of-the-art of cancelable iris along with the cancelable template protection metrics. In Section 3, we define our proposed methodology and design framework of our deep architecture. In Section 4, we provide details of our dataset used and experimental results. In Section 5, detailed security analysis is performed. Finally, Section 6 and Section 7 delineates major limitations, findings and concludes our paper.

Section snippets

Literature review

Due to digitization security of biometric templates used in online-authentication systems is a pressing issue of concern. Each year new cancelable techniques are developed to protect templates from adversarial attacks. With the development of new techniques, new attacks are also proposed to break them. Thus, the evaluation of existing techniques is crucial. Here, in this section, we will present a brief overview of the iris as a biometric along with detailed summarization of notable works in

Proposed methodology

Recent advancements in deep learning show superior performance of convolutional neural networks (CNNs) on large scale databases like ImageNet [51], MS-COCO [52] and CIFAR-10 [53]. The key reason behind the success of convolutional neural networks is their ability to automate the learning of generic descriptors that can represent complex images quite well, as opposed to using handcrafted features. Very recently, Ahmad et al. [54] proposed a deep network based on triplet loss for iris

Experimental analysis

This section is focused on experimental setup, result interpretation and comparative analysis. The performance of proposed architecture has been tested on four iris datasets namely IITK, CASIA-V3 Interval [27], CASIA-Lamp [28] and IITD [29]. Performance comparison is done in terms of FA (false acceptance), FR (false rejection) and DI (decidability index). Here, FA and FR are calculated at EER(equal error rate). We have considered 4 different bitmaps of sizes 32 bit, 64 bit, 128 bit and 256 bit

Security analysis

The proposed cancelable iris templates detailed security analysis on publicly available CASIA Lamp iris dataset has been done by performing unlinkability, revocability, and statistical analysis. The non-invertibility has been examined by analyzing various possible attacks such as zero effort, exhaustive, stolen biometrics, stolen template, and worst case.

  • 1.

    Unlinkability Analysis: It is done to analyze the linkability of the stored biometric templates across various databases. Linkage across

Limitation

One of the limitations of the proposed architecture is in the scenario where the number of subjects enrolled in the system is not fixed but kept on changing with time. Since the deep features in our proposed framework are learned in a joint manner, enrolling a new subject involves re-training an entire network, which is quite a time-consuming task. A possible solution for the aforementioned problem is to use different deep networks for a set of subjects, and when a new subject is enrolled, add

Conclusion

In this paper, we focused on generating cancelable iris templates using two representative state-of-the-art techniques. This framework address two challenging issues (1) extracting distinctive iris features using novel proposed deep-learning network OMIFNet based on ordinal measures (2) exhaustive security analysis of two representative state-of-the-art techniques BioHashing and 2N discretized BioPhasor. To the best of our knowledge, this is the first attempt in which deep-features are used for

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (81)

  • M. Gomez-Barrero et al.

    Multi-biometric template protection based on bloom filters

    Inform. Fusion

    (2018)
  • Unique identification authority of india

    (2020)
  • Malaysia identity card

    (2020)
  • European council, regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation)

    (2016)
  • ISO/IEC JTC1 SC27 security techniques, ISO/IEC 24745:2011

  • C. Soutar et al.

    Biometric encryption using image processing

  • G.I. Davida et al.

    On Enabling Secure Applications through off-Line Biometric Identification, in: Security and Privacy - IEEE Symposium on Security and Privacy

    (1998)
  • N.K. Ratha et al.

    Enhancing security and privacy in biometrics-based authentication systems

    IBM Syst. J.

    (2001)
  • V.M. Patel et al.

    Cancelable biometrics: a review

    IEEE Signal Process. Mag.

    (2015)
  • W.W. Boles et al.

    A human identification technique using images of the iris and wavelet transform

    IEEE Trans. Signal Process.

    (1998)
  • J. Daugman

    Major International Deployments of the Iris Recognition Algorithms: A Billion Persons

    (2014)
  • C. Rathgeb et al.

    Towards bloom filter-based indexing of iris biometric data

  • K.B. Raja et al.

    Towards reducing the error rates in template protection for iris recognition using custom cuckoo filters

  • K.B. Raja et al.

    Morton filters for iris template protection - an incremental and superior approach over bloom filters

  • A.T.B. Jin et al.

    Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs

    IEEE Trans. Pattern Anal. Mach. Intell.

    (2006)
  • D.N.C. Ling et al.

    Biometric hash: high-confidence face recognition

    IEEE Tras. Circuits Syst. Video Techn.

    (2006)
  • C. Karabat et al.

    Discriminative projection selection based face image hashing

    EICE Trans.

    (2012)
  • A.T.B. Jin et al.

    2N Discretisation of Biophasor in Cancellable Biometrics, in: Advances in Biometrics

    (2007)
  • M.A. Syarif et al.

    Improved biohashing method based on most intensive histogram block location

  • M. Gomez-Barrero et al.

    General framework to evaluate unlinkability in biometric template protection systems

    IEEE Trans. Inform. Foren. Secur.

    (2018)
  • C. Rosenberger

    Evaluation of biometric template protection schemes based on a transformation

  • X. Dong et al.

    A genetic algorithm enabled similarity-based attack on cancellable biometrics

    (2019)
  • Casia iris image database version 3.0

    (2020)
  • Casia iris lamp database

    (2020)
  • J. Daugman

    Iris encoding and recognition using gabor wavelets

  • L. Masek

    Recognition of Human Iris Patterns for Biometric Identification, Master Thesis

    (2003)
  • L. Ma et al.

    Efficient iris recognition by characterizing key local variations

    IEEE Trans. Image Process.

    (2004)
  • J. Daugman et al.

    Radial correlations in iris patterns, and mutual information within iriscodes

    IET Biometrics

    (2019)
  • Z. Zhao et al.

    Towards more accurate iris recognition using deeply learned spatially corresponding features

  • M. Ren et al.

    Alignment free and distortion robust iris recognition

  • Cited by (12)

    • An iris segmentation scheme based on bendlets

      2024, Signal, Image and Video Processing
    View all citing articles on Scopus
    View full text