Summary:

In recent years, more and more intelligent terminals and information systems have integrated biometric technology and are widely used in finance, security and other fields. Once the user’s biometric information is leaked, it will seriously threaten the vital interests of the user. Based ON fuzzy extraction technology, error correction algorithm and secure hash algorithm, a privacy protection and authentication method for fingerprint biometrics is proposed. In this method, the fingerprint registration stage does not save the original information such as fingerprint images and minutiae features, but only retains the auxiliary data generated by the error correction coding algorithm and the secure hash algorithm, so as to achieve the purpose of privacy protection. During identity authentication, the image acquisition error is removed through auxiliary data combined with error correction operations and secure hash operation ciphertext comparison is performed to complete the identification of user identity.

00

introduction

In recent years, with the wide application of biometric identification technology, people are more and more concerned about the security of their own biometrics. In either case, as long as you provide your own biometric information, this biometric information is at risk of being copied and misappropriated. Moreover, human biometrics generally do not change, and once leaked, they cannot be modified or reset like a password. When the same biometric information is applied to multiple information systems, the leakage of biometric information in one system will affect the security of other systems. In October 2020, the China Academy of Information and Communications Technology, the Telecommunications Terminal Industry Association, the Internet Society of China and other units jointly published the “Research Report on Biometric Privacy Protection”. The report pointed out that it is necessary to improve my country’s biometric privacy protection standard system, accelerate the development of key standards, establish an evaluation mechanism, and improve protection.

Before the widespread application of biometric identification technology, the authentication of information systems mainly relied on passwords. In the design of password security protection, the password usually uses a secure hash algorithm, such as Secure Hash Algorithm 1 (SHA1), to perform a secure hash operation and store the hash value. During password authentication, the entered password will be hashed securely again, and the hash value will be compared with the stored hash value to determine the user’s identity. In this process, the original password is not stored in the information system. Since the secure hash algorithm is a one-way operation, even if the stored hash value is leaked, the attacker cannot obtain the original user password.

While passwords are well protected by secure hashing algorithms, this technique does not apply to biometric information. The biometric information identification system is generally divided into a registration phase and an authentication phase, because biometric information is affected by various factors such as collection conditions and environmental changes. Even for the same biological sample, the biometric information collected each time will be different. For example, when fingerprint feature collection is performed, differences in the pressure, contact range, and angle between the finger and the sensor, as well as dust, oil, etc., will cause differences in the collected biometric information. Due to the existence of these differences, the hash values of the feature information collected multiple times by the same fingerprint after the secure hash operation are different and cannot be used to determine the real identity of the user. Therefore, when designing the privacy protection scheme of biometrics, the most important The fundamental challenge is how to resolve differences arising from multiple sampling of the same biometric.

01

Dietary protection of biometric information

Biometric information is a sequence of a set of feature values generated according to a certain extraction strategy. This sequence is called a biometric template. In general, the biometric template X can be represented in the form of a picture. For any two feature templates X and Y, if there is a subset of pictures and the pictures are satisfied, the two biometric templates are considered to be matched, where the picture and the picture are the set thresholds.

The privacy protection of biometric information requires that the original biometric information cannot be restored or forged without affecting the recognition performance. In recent years, many methods have been proposed in the privacy protection of biometric information at home and abroad. These methods are mainly divided into two categories: transformation-based biometric protection schemes and auxiliary data-based biometric protection schemes.

1.1 Transformation-based biometric protection scheme

The main design idea of the transformation-based biometric protection scheme is to perform an irreversible transformation on the biometric template, such as coordinate distortion and folding. When matching, the data to be matched is also transformed in the same way before matching. In terms of fingerprint transformation protection, Ratha et al. proposed a transformation function based on Cartesian coordinates. In this transformation function, the fingerprint image is divided into several rectangular units, and each unit is re-transformed according to certain rules. In this transformation, the fingerprint image is scrambled, and two or more fingerprint feature points that were originally scattered may be gathered into adjacent areas and encoded into one feature point. Even if the attacker knows the transformation method, he cannot determine the original feature point. which area it belongs to.

The disadvantage of the transformation-based protection scheme is that it is very difficult to design a safe transformation function and parameters, and it is not easy to theoretically analyze the difficulty of inverse transformation, especially when the transformation function and parameters are leaked, this method is difficult prove its safety.

1.2 Biometric protection scheme based on auxiliary data

The main design idea of biometric protection scheme based on auxiliary data is to use biometric information to generate some auxiliary information, such as error correction code, hash value, verification data, etc. These auxiliary information will not reveal the original biometric information, but can be used to complete the identity verification during authentication. At present, the protection schemes based on auxiliary data mainly include fuzzy extraction, fuzzy promise and fuzzy vault. Fuzzy extraction and fuzzy promise require that biometric data must be ordered, and this technology has been successfully used for biometric identification such as iris. Because the minutiae features of fingerprints are disordered, the protection of minutiae features of fingerprints mostly adopts the method of fuzzy vault.The Fuzzy Vault Method Constructs a Polynomial for Privacy Preservation of Biometric Information

The polynomial is a curve on a 2-dimensional plane, and several minutiae features of the fingerprint are brought into the polynomial as image values for operation to obtain several image values. The image values of each operation form the real coordinate points on the plane. In addition to the real coordinate points, a number of false coordinate points are randomly generated to obtain the fingerprint fuzzy vault. In practical applications, the number of fake coordinate points needs to be much larger than the number of real coordinate points, making it difficult for an attacker to find out which are the real coordinate points. During authentication, only legal fingerprints can filter out real points and reconstruct polynomials to complete biometric authentication. Theoretically, when there are 24 real points, 200 fake coordinate points in the fuzzy vault, and the n value is 8, its security strength is about the picture.

The disadvantage of the fuzzy vault is that when the same biometric information is used for two or more fuzzy vaults, if the fuzzy vault data is obtained by the attacker, the attacker can easily find out the real point in the fuzzy vault by cross-matching, Crack the fuzzy vault. In addition, Fuzzy Vault also has problems that are difficult to solve, such as multi-template attacks, substitution attacks, and key reverse attacks, and there are certain limitations in security.

02

A Privacy Protection Method for Fingerprint Biometrics

Fingerprint recognition based on minutiae feature matching is currently the mainstream technical solution for fingerprint identity authentication. However, due to the disorder of the fingerprint minutiae, the correspondence between the registered minutiae and the matched minutiae is not known before the matching is completed. At the same time, due to various factors, the number of obtained detail points is likely to be different when sampling twice.

In order to solve the problem that the minutiae features of fingerprints cannot be directly protected by fuzzy commitments, many studies have been carried out at home and abroad and some methods have been proposed, such as the construction of the amplitude spectrum and phase spectrum of the minutiae information of fingerprints based on Fourier transform and filter transformation. Ambiguous commitment scheme.

Different from the above methods, starting from the distribution structure of fingerprint feature minutiae, this paper designs a fingerprint minutiae feature binarization method, and combines error correction algorithm and secure hash algorithm to complete the privacy protection of fingerprint biometric information.

2.1 Binarization method of fingerprint feature based on minutiae distribution

According to the “Technical Specifications for Fingerprint Collection and Comparison of Resident Identity Cards” promulgated by the People’s Republic of China, the minutiae points of fingerprints are generally composed of central points and common feature points. The number of fingerprint center points is at most 3, and the number of feature points is at most 120, of which the center point is represented by picture coordinates, and the feature points are represented by pictures. The fingerprint feature binarization method based on minutiae distribution adopts the method of dividing the fingerprint area and combining the angle of feature points for binarization.

Initially, a Cartesian coordinate system needs to be established in the fingerprint image. When the fingerprint image has a center point, the coordinate system takes the center point as the origin, and the direction of the line connecting the origin and the nearest feature point as the image axis. When there are two center points in the fingerprint image, the coordinate system takes the center point between the two center points as the origin, and the direction of the connection between the two center points as the picture axis. When there are three center points in the fingerprint image, the coordinate system takes the image value of the three center points and the average value of the image value as the origin, and the connection direction between the two closest center points is the image axis. Since the position and angle of the homologous fingerprint feature will be different when sampling multiple times, the fingerprint minutiae information needs to be aligned according to the Cartesian coordinate origin, that is, rotate and translate the fingerprint minutiae, move the origin position to the picture coordinates, and set the The picture axis is moved to the horizontal direction. The formulas for minutiae rotation and translation are as follows:

In the formula: the picture is the feature value of the detail point before the rotation and translation; the picture is the origin coordinate; the picture is the angle that needs to be rotated to move the picture axis to the horizontal direction; the picture is the feature value of the detail point after the rotation and translation.

After the Cartesian coordinate system is established, the fingerprint image needs to be segmented, as shown in Figure 1. The specific implementation method is that in the Cartesian coordinate system, the origin is the center, the picture is the spacing, and the picture is the sector angle division area.

Fig. 1 The method of binarizing the fingerprint feature to divide the region

After the region division of the fingerprint image is completed, the fingerprint features can be binarized according to whether there are fingerprint feature points in the region and the angle of the feature points. During binarization, the angle and distance between each area and the origin, and whether there are feature points within a certain image angle range, can construct a 3-dimensional array, as shown in Figure 2.

Figure 2 Binarization matrix of fingerprint feature

When there is a feature point in a certain position in the 3-dimensional array, the matrix is coded as 1, which is represented by black, otherwise it is coded as 0, which is represented by white. After all positions in the matrix are encoded, the encoded values are arranged according to certain rules, and the binarization of fingerprint features can be completed.

The fingerprint feature binarization method based on minutiae distribution eliminates the deviation caused by the different positions and angles of homologous fingerprints when sampling multiple times, and realizes the alignment and binarization of fingerprints. The resulting deviation of any two binarizations can be represented by the Hamming distance. When the project is implemented, the picture value, picture value and picture value can be adjusted to minimize the binarized Hamming distance between homologous fingerprints and increase the Hamming distance between non-homologous fingerprints. When picture, picture, picture, the binarized eigenvalue Hamming distance between 40 fingerprint images is tested as shown in Figure 3.

Figure 3 Hamming distance of binarized eigenvalues of 40 fingerprint images

In Fig. 3, the abscissa represents the size of the Hamming distance, and the ordinate represents the number of occurrences. It can be seen from the figure that after the binarization of the fingerprint area combined with the angle of the feature points, the Hamming distance of the binarized eigenvalues of the homologous fingerprints is obviously smaller than the Hamming distance of the binarized eigenvalues of the non-homologous fingerprints. To achieve the purpose of clearly distinguishing homologous fingerprints and non-homologous fingerprints.

2.2 Privacy Protection of Fingerprint Feature Information

The binarized eigenvalues of fingerprints reflect the distribution of feature points of fingerprints and must be protected. The method of encrypting and storing fingerprint data using a cryptographic algorithm cannot fundamentally solve the problem. Because once the key is lost, the attacker can also restore the fingerprint data through decryption. Moreover, every time the biometric matching is performed, no matter whether the matching is successful or not, the encrypted fingerprint data needs to be decrypted to obtain the plaintext of the fingerprint feature, which poses a security risk. This problem is completely avoided by adopting a privacy protection scheme based on auxiliary data.

In the privacy protection scheme based on auxiliary data, in the fingerprint feature information registration stage, the error correction algorithm is used to generate the error correction code of the binarized feature value of the registered fingerprint, and the secure hash algorithm is used to generate the hash value of the binary feature value of the registered fingerprint. . Error correction coding is used to correct the error between two measurements of homologous fingerprints, and the hash value is used for authentication. After the registration is completed, only the error correction code and hash value need to be retained to form auxiliary data, and other data such as the original fingerprint binarization feature value are destroyed. Since the reverse calculation of the secure hashing algorithm is mathematically infeasible, the attacker cannot recover the original fingerprint binarized eigenvalues even if the auxiliary data is obtained. The registration process of the auxiliary data-based privacy protection scheme is shown in Figure 4.

Figure 4 The registration process of the privacy protection scheme based on auxiliary data

In the authentication stage, the fingerprint image to be authenticated obtains the binarized feature value through binarization extraction, and then tries to perform error correction operation on the binarized feature value through the error correction code in the auxiliary data. If the error correction operation fails, the authentication fails. If the error correction is successful, use the secure hash algorithm to calculate the to-be-authenticated hash value of the binarized eigenvalue after error correction, and compare it with the hash value in the auxiliary data. The authentication is considered successful only when the hash values in the data are consistent. The authentication process of the auxiliary data-based privacy protection scheme is shown in Figure 5.

Figure 5 Authentication process of the privacy protection scheme based on auxiliary data

03

Test Results

Based on the fingerprint sample database FVC2002_DB2B, this paper tests the fingerprint recognition reliability of the fingerprint feature binarization method based on minutiae distribution. During the test, the fingerprint data in the sample database is first processed into a fingerprint data structure that conforms to the national second-generation resident ID card fingerprint collection and comparison technical specifications, and then binarized based on the distribution characteristics of minutiae points, and finally combined with a binary Linear loop Code (BCH) and SM3 secure hash algorithm to complete the privacy protection of fingerprint data.

The true matching experiment is to use any image of each finger in the fingerprint image library as a template, and the other homologous fingerprints are used as samples for comparison, and the recognition rate is calculated; the false matching experiment is to select an image of any finger as a template, and the other All pictures of different fingers are compared to calculate the misrecognition rate.

During the test, the reliability of fingerprint recognition under different conditions was tested by adjusting the picture and the number of error correction bits, as shown in Table 1.

Table 1 Reliability of fingerprint recognition under different configurations

In practical applications, different parameters can be selected according to different application scenarios to meet different identification reliability requirements.

literature[15]The recognition rate and misrecognition rate of middle fingerprints are 73.32% and 0.23%, respectively.literature[16]When the fingerprint recognition rate is 86.712%, the misrecognition rate is 0.106%; when the recognition rate is 90.804%, the misrecognition rate is 1.236%. Compared with the fuzzy commitment scheme based on the amplitude spectrum and the phase spectrum, the method proposed in this paper has improved the recognition reliability, and the computational complexity is reduced under the premise of ensuring the recognition reliability.

In summary, this scheme has the following characteristics:

(1) The fingerprint feature information used for identification is used to calculate the hash value through the secure hash algorithm. This process is irreversible, so the attacker cannot restore the original fingerprint minutiae information;

(2) When the same fingerprint feature is used in multiple devices or software, different hash values can be generated by configuring different secure hash algorithm keys (such as hardware ID, password, random variable, etc.) When feature information is applied to multiple information systems, the leakage of biometric information in one system will not affect the security of other systems.

04

Epilogue

The privacy protection and authentication method of fingerprint biometric information proposed in this paper realizes the privacy protection of fingerprint biometric information in a relatively simple way, and also has good fingerprint recognition reliability. The method proposed in this paper can directly use the fingerprint features extracted by the existing mature fingerprint recognition technology, such as the fingerprint features that meet the national second-generation resident ID card fingerprint collection and comparison technical specifications, and can be extended to in the existing fingerprint identification system.