High security Iris verification system based on random secret integration

High security Iris verification system based on random secret integration

Computer Vision and Image Understanding 102 (2006) 169–177 www.elsevier.com/locate/cviu High security Iris verification system based on random secret ...
Download PDF
438KB Sizes 43 Downloads 136 Views
Report

Computer Vision and Image Understanding 102 (2006) 169–177 www.elsevier.com/locate/cviu

High security Iris verification system based on random secret integration Chong Siew Chin *, Andrew Teoh Beng Jin, David Ngo Chek Ling Faculty of Information Science and Technology (FIST), Multimedia University, Jalan Ayer Keroh Lama, Bukit Beruang, Melaka 75450, Malaysia Received 29 October 2004; accepted 11 January 2006 Available online 9 March 2006

Abstract A dual-factor authentication methodology coined as S-Iris Encoding is proposed based on the iterated inner-products between the secret pseudo-random number and the iris feature, and with thresholding to produce a unique compact binary code per person. A thresholding method is devised to exclude the weak inner-product during the encoding process, and thus contribute to the improvement of performance. S-Iris Encoding is primary formulated based on the cancelable biometrics principle to protect against biometrics fabrication. The problem could be rectified by S-Iris code through the token replacement so that a new code can be generated instantly just as a new credit card number can be issued if the old one is compromised. Besides that, S-Iris code is non-invertible and can only contribute to the authentication process when both genuine biometrics template and token are presented. By applying S-Iris Encoding with weak inner-product exclusion, the original iris feature length can be greatly reduced to around 4% of the original size and a 0% of equal error rate (EER) can be attained in CASIA Iris image database.  2006 Elsevier Inc. All rights reserved. Keywords: S-Iris Encoding; Two-factor authentication; Cancelable biometrics; Iris verification; Weak inner-product exclusion

1. Introduction In recent years, with the continuous increasing demand for security and the development of information technology, intelligent personal identification based on biometrics has become a very active topic in both research and practical applications. Currently, many authentication mechanisms are based on users’ PIN, passwords, ID cards or physical key to allow them to access into secure zones or to log into a computer. Problem with these methods is that the users need to remember lots of different PIN and passwords or carry the token, which is very inconvenient and insecure. Thus, biometrics has become another alternative for secure authentication. Biometrics authentication utilizes psychological and physical characteristics that define us as an individual [1]. Biometrics information cannot be *

Corresponding author. Fax: +6062318840. E-mail addresses: [email protected] (C.S. Chin), bjteoh@ mmu.edu.my (A.T.B. Jin), [email protected] (D.N.C. Ling). 1077-3142/$ - see front matter  2006 Elsevier Inc. All rights reserved. doi:10.1016/j.cviu.2006.01.002

shared or transferred. Of all the biometrics technologies used for human authentication today, it is generally conceded that iris recognition is the most accurate. Since the iris is an overt body, iris recognition systems can be non-invasive to their users, which is a very important factor for practical applications [2]. Although biometrics is a powerful tool against repudiation, it still suffers from some inherent biometrics specific threats [3]. There is risk of being compromised by attacker where an attacker might use the biometrics information to masquerade as the person. The worst is a biometrics feature cannot be replaced once it is compromised. Recently, there is substantial research going on to find solutions on this problem. Bolle et. al. [3] has introduced the terms cancelable biometrics of which referred to an intentional distortion of a biometrics signal based on a chosen transform. The biometrics signal is distorted in the same fashion at each presentation, that is, during enrollment and for every subsequent authentication. With this approach, every instance of enrollment can use a different transform thus rendering cross-matching impossible. Furthermore, if one

170

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

variant of the biometrics is compromised, then the transformation can simply be changed to create a new variant for re-enrollment. Since then [4] has listed three principal objectives of designing a cancelable biometrics: 1. Same cancelable template cannot be used in two different applications. 2. Once the biometrics template has been compromised, a new template can be reissued. 3. The template is non-invertible. The first attempt towards this direction was done by Davida et al. [5]. They proposed information hiding hash functions as one way to protect the sensitive user template. In this approach instead of storing the template T or the corresponding binary code or key C directly, an information hiding signature and hash X = H (C) is stored. There is no security requirement imposed on the hash function or on the error correcting codes. During verification the acquired biometric code C 0 is reduced to the canonical representation C using the user specific error correcting code. The user is authenticated if the signature and hash generated are identical. Juels et al. [6,7] generalized and improved Davida et al., scheme through a modification in error-correcting codes, and is hence reduced the code size and achieved higher resilience. However, the techniques did not address the first two requirements that above mentioned. Soutar et al. [8] described a different approach for generating a cancelable biometrics from fingerprints using optical computing techniques. During enrollment stage, a correlation pattern, c0 was derived from a set of training images. The correlation pattern was then hashed with a cryptographic key to produce an identification code, I0. During verification, another pattern, c1 was generated from the new fingerprint image and hashed with the same cryptographic key to produce identification code, I1. If I0 and I1 were similar, then the match was successful. However, the method does not carry rigorous security guarantees and the resulting false acceptance rate (FAR) and false reject rate (FRR) are unknown. The authors also assume that the input and database templates fingerprint images are completely aligned. It is unrealistic to acquire fingerprint images from a finger without any misalignment, even with a very constrained image acquisition system. Tuyls et al. [9,10] assume that a noise-free template X of a biometric identifier is available at the enrollment time and use this to enroll a secret S to generate a helper data W. Assume that each dimension of the template is quantized at q resolution levels. In each dimension, the process of obtaining W is equivalent to finding residuals that must be added to X to fit to odd or even grid quantum depending upon whether the corresponding S bit is zero or one. At decryption time, the (noise-prone) biometric template Y is used to decrypt to obtain a decrypted message S 0 , which is approximately the same as S. It is hoped that the relatively few errors in S 0 can be corrected using error-correction

techniques. The proposed technique assumes that the biometric representations are completely aligned and that noise in each dimension is relatively small compared to the quantization Q. Most recently, Savvides et al. [11] proposed a cancelable biometrics scheme which encrypted the training images used to synthesize the correlation filter for biometrics authentication. They demonstrated that convolving the training images with any random convolution kernel prior to building the biometric filter does not change the resulting correlation output peak-to-sidelobe ratios, thus preserving the authentication performance In other word, their work does not show any improvement in terms of performance. In this paper, a cancelable biometrics formulation, which coined as S-Iris Encoding is proposed. S-Iris Encoding combines two authentication factors (iris feature + tokenised pseudo-random number) via iterated inner-product and thresholding to render a set of cancelable binary bit string. Through the S-Iris Encoding formulation, biometrics fabrication issue can be resolved by replacing the token so that a new S-Iris code can be generated just as a new credit card can be issued if the old one is compromised. Also, S-Iris code only can contribute to the authentication process only when both the live-captured biometrics and user-specific token are presented together by their rightful owner. The inversion of S-Iris code to obtain iris feature is also impossible due to the factoring inner-product of iris feature and pseudo-random number is an intractable problem. Therefore S-Iris Encoding conforms to the above listed three cancelable biometrics criteria. S-Iris Encoding also has significant functional advantages over conventional biometrics, such as providing near zero error rate (EER). Furthermore, weak innerproduct exclusion mechanism is introduced to enhance S-Iris Encoding verification performance in the sense that the numerically small value of inner-products is expelled during the verification process. By applying S-Iris Encoding with weak inner-product exclusion, the original iris feature length can be greatly reduced to around 4% of the original size and a 0% of equal error rate (EER) can be attained. The outline of the paper is as follow: Section 2 describes the overview of S-Iris Encoding progression and its usage in the practical scenario. Sections 3–5 discuss the preprocessing, feature extraction and encoding of iris using the proposed methodology. Section 6 provides the security analysis of S-Iris Encoding. Experiments and results are reported in Section 7. Conclusion is drawn in Section 8. 2. Overview of S-Iris Encoding The S-Iris Encoding process is started with the transformation of iris image into a lower and more discriminative representation domain through 1D Log-Gabor Filtering. The filtered iris features is then combined with the specific secret pseudo-random number through the iterated

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

171

Fig. 1. S-Iris Encoding with weak inner-product exclusion mechanism.

inner-products, and with the weak inner-product exclusion and thresholding to generate a unique compact binary code per person, hereinafter known as S-Iris Code. Fig. 1 illustrates the idea of S-Iris Encoding with the weak inner-product exclusion. In one implementation scenario, S-Iris code can be stored on an off-line token during enrollment, and then used as reference for user authentication. If the token is stolen or lost, then it can be replaced using a new S-Iris code. The adopted PRN sequence is generated using a seed from a physical device (USB token or smartcard), which can be its serial number. Many PRN algorithms are publicly available, to name a few, including ad hoc schemes like ANSI X9.17 generator, and highly secure schemes such as cryptographically secure pseudorandom bit generator—RSA pseudorandom bit generator [12]. An attacker trying to recover the biometrics data from the stolen card has to perform an inversion attack against S-Iris code, which is impossible for this instance. The analysis on this aspect will be given in section 6. During the authentication stage, the acquired iris feature combines with tokenised pseudorandom number, and the resulting S-Iris code is then compared with the one stored on the user’s card for their closeness of match. 3. Iris preprocessing An iris image needs to be preprocessed before using it for the recognition purpose as the unwanted data in the image such as eyelid, pupil and specular reflections should be excluded. Therefore, preprocessing is required to segment, normalize iris and exclude the artifacts [13]. The overview of the preprocessing flow is shown in Fig. 2.

3.1. Iris segmentation Segmentation is the first stage in iris preprocessing to isolate the actual iris region from a captured iris image. Canny edge detection is performed to create an edge map to generate gradients information. Circular Hough Transform which is employed by Wildes [14], is used to detecting the iris and pupil boundaries. On the other hand, the eyelids and eyelashes can be isolated by applying Linear Hough Transform. The overall method is very efficient and reliable as it managed to segment the iris region perfectly and isolate most occluding eyelashes occurring within the iris region. 3.2. Iris normalization Normalization is a process of transforming the segmented iris region into fixed dimension. The purpose of normalization is to compensate the iris deformation, which is caused by illumination variations. Such elastic deformation in iris texture will affect the result of iris matching. The iris regions with same dimensions will be used for comparisons. For this normalization process, Daugman’s rubber sheet model [15] has been applied. Hence, from the ‘‘doughnut’’ iris region, normalization produces a 2D array with horizontal dimensions of angular resolution and vertical dimensions of radial resolution. In this paper, a template of dimension 20 · 240 is produced, where 20 is the radial resolution and 240 is the angular resolution. 4. Iris feature encoding Feature encoding is an important process in iris recognition. Its objective is to extract the underlying information

Fig. 2. The flow diagram of Iris preprocessing.

172

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

in an iris pattern, to be encoded for the matching purposes. The iris feature is generated by convolving the normalized iris pattern with 1D Log-Gabor filters. Gabor Filters based methods have been widely used as feature extractor in computer vision, especially for texture analysis [16]. Daugman [2,17] used multi-scale Gabor wavelets to extract phase structure information of the iris texture. However, Field [18] has examined that there is a disadvantage of the Gabor Filter in which the even symmetric filter will have a DC component whenever the bandwidth is larger than one octave. To overcome this disadvantage, a type of Gabor Filter known as Log-Gabor Filter, which is Gaussian on a logarithmic scale, can be used to produce zero DC component for any bandwidth. Field and Kovesi concluded that the Log-Gabor function more closely reflects the frequency response for the task of analyzing natural images and is consistent with measurement of the mammalian visual system [18,19]. The LogGabor filters are obtained by multiplying the radial and angular components together where each even and odd symmetric pair of Log-Gabor filters comprises a complex Log-Gabor filter at one scale [20]. The frequency response of a Log-Gabor Filters is given as ! 2 ðlogðf =f0 ÞÞ Gðf Þ ¼ exp ; ð1Þ 2ðlogðb=f0 ÞÞ2 where f0 represents the center frequency, and b bandwidth of the filters. In this paper, 1D Log-Gabor Filter is chosen to be the feature extractor of iris since 1D Log-Gabor Filters is an improved version of Gabor Filters. By applying 1D LogGabor Filters, 2D normalized pattern is divided into a number of 1D signals, and these 1D signals are convolved with 1D Gabor wavelets. The rows of the 2D normalized pattern are taken as the 1D signal; each row corresponds to a circular ring on the iris region. The angular direction is taken rather than the radial one, which corresponds to columns of the normalized pattern, since maximum independence occurs in the angular direction. The filter is constructed by calculating the radial filter component such as center frequency of filter and normalized radius from center of frequency plane. The resultant complex features are phased quantized and are then encoded into binary iris templates [13]. 4.1. S-Iris Encoding During the S-Iris Encoding process, a raw iris image, I 2 RN in high dimensional space is transformed to a discriminative iris feature, W 2 Rn where n < N. Discretisation and binarization of the data is then performed via an iterated inner-product of secret random number, r and w which yield a set unique binary bitstring per user—S-Iris code via ! X Sðw; rÞ ¼ sig wk rk  l and r ¼ 8 rk ; ð2Þ k

k

where sig (Æ) is defined as signum function and l is a preset threshold. The process flow to generate S-Iris code is as follow: 1. Raw intensity image representation, I 2 RN , with N is the image dimension. 2. Convolution is done via 1D Log-Gabor Filter that defined in (1) and I to render a set of complex feature, x 2 Cn. The magnitude of x is adopted, w 2 Rn instead of the phase information that sensitive to the subsequent inner-product process. 3. Token is used to generate a set of orthonormal pseudorandom vectors fr?i 2 Rn ji ¼ 1; . . . ; mg. Orthonormalization can be done through Gram–Schmidt algorithm. 4. Compute fa ¼ hwjr?i iji ¼ 1; . . . ; mg, where ÆÆ|Ææ indicates the inner-product operation. 5. Compute m bits S-Iris, s i 2 2m from,  0 if a 6 l si  ; m 6 n, where l is a preset threshold 1 if a > l and s = {si | i = 1,. . .,m}. From the above process flow, it has been shown that the bit length of S-Iris code, m can be either equal or less than the w feature length, m; hence the bit length of S-Iris can be reduced dramatically. This dimensional reduction helps to decrease the computation load and increase the processing speed. Normally, smaller dimension iris features leads to lower computational complexity but lower accuracy. However, S-Iris Encoding provides both high accuracy and low computational complexity demands as will be shown in the section 6. 4.2. Weak inner-product exclusion In S-Iris Encoding, the selection of preset threshold, l is crucial for thresholding inner-product features to generate stable binary S-Iris code of a user. However, the uncertainties in w, due to the lighting variation, occlusions etc will cause numerically small inner-product features and lead to the bit inversion problem. These numerically small inner-product features, which are inadequate in providing information, should be excluded to improve the verification rate. To overcome this problem, weak inner-product exclusion mechanism is devised. With reference to the previous section, an m bit of S-Iris code s 2 2m is generated from Eq. (3). On the other hand, a corresponding noise mask, sN 2 2m, can be developed by marking the weak inner-product elements in a as follow:  0 if a < l  r; a > l þ r; siN ¼ ð3Þ 1 if l  r 6 a 6 l þ r; where l, r are the average and standard deviation of a, respectively and sN = {siN | i = 1,. . .,m}. For a which falls within the weak inner-product region will be set to 1, while for those falls outside the region will be set to 0. The noise mask, sN, is used to improve the correctness in calculating Hamming Distance during the matching purpose, which will be discussed in section 5.

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

173

numbers and iris feature can contribute to the authentication process. The security analysis of this property can be carried out by representing the Eq. (1) into the matrix format as s ¼ sgnðRT w  lÞ;

Fig. 3. Population distribution of mean of iterated inner-product operation distribution  a.

With reference to the Fig. 3, which is based on a sample dataset, the distribution of mean of iterated inner-product operation distribution a has been shown. The mean, al  0 and standard deviation, ar ¼ 0:0002 of the iterated innerproduct distribution is computed. As such, the threshold parameters, l and r could be assigned 0 and 0.0002, respectively. The region of which weak inner-product occurs is in between 0.0002 and 0.0002.

ð5Þ

where R is a p · m random matrix that is constructed by the m random column vectors. From Eq. (5), we have v = RTw where R 2 Rpxm with m < p and w 2 Rp . v can be regarded as a set of underdetermined systems of linear equations (more unknowns than equations). Therefore, it is impossible to find the exact values of all the elements in w by solving an underdetermined linear equation system in v = RTw if m < p, based on the premise that the possible solutions are infinite. More formally, assume both R and v are known, the system can be analyzed by the QR factorization of RT such that  R ; ð6Þ RT ¼ Q 0  is a m · m where Q is an p · p orthogonal matrix and R upper triangular matrix. If R is full rank, i.e., rank (R) = m, there is a unique solution wmin_norm that minimizes ||w||2: !  T1 v R xmin norm ¼ Q 0  R  T  1 ¼Q ðR RÞ v 0 ¼ RT ðRRT Þ1 v

5. Matching Matching is a process to determine whether two iris templates are from the same individual. In the matching process, revised version of Hamming Distance is devised as a metric for recognition since bit-wise comparisons are necessary. To be more accurate in calculating the Hamming Distance between two iris templates, sN is applied to exclude the insignificant bits which caused by weak inner-product. Masks of both iris patterns will be used in calculating the Hamming Distance. The formula of modified Hamming Distance is calculated as below: m X 1 HD ¼ sXj  sYj ^ sXN j ^ sYN j ; ð4Þ m P X Y m sN k _ sN k j¼1 k¼1

sXj

where and sYj are the two bit-wise templates to compare, sXN j and sYN j are the corresponding noise masks for sXj and sYj , and m is the number of bits represents by each template.

¼ Ry v; where R is the pseudo-inverse of RÆwmin_norm may serve as a starting point to the underdetermined system, v = RTw. The complete solution set can be characterized by adding an arbitrary vector from the null space of R, which can be constructed by the national basis for the null space of R, denoted by W [21]. It can be confirmed that RW = 0 and that any vector v where w ¼ wmin

norm

þ wv

ð7Þ

for an arbitrary vector v satisfies v = Rw. This result prove that even if the random matrix, R is known to the adversary, it is impossible to find the exact values of all the elements in vector w of each underdetermined system of linear equations. The best we can do is to find the minimum norm solution. To add to complication, S-Iris code is presented in binary format. 7. Experimental and discussion

6. S-Iris Encoding security analysis One of the prominent features that found in S-Iris Encoding is its non-invertible property. It is crucial that the iris feature recovery from S-Iris code is infeasible and thus ensure that only the combination of pseudo-random

The main purpose of an iris recognition system is to minimize the intra-class variation whilst maximize the inter-class variation. This is corresponding to achieve a distinct separation of genuine class and imposter class hamming distance distribution. The system performance can

174

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

be addressed through the mean and variance of genuine and imposter population, respectively, decidability (d 0 ), false accept rate (FAR), false reject rate (FRR), and equal error rate (EER). Decidability d 0 is measured by comparing the difference between the mean of genuine distribution lg and the mean of the imposter distribution li and also the variance of the genuine and imposter distribution, r2g and r2i , respectively [2]. jlg  li j d 0 ¼ qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi . ðr2g þ r2i Þ=2

ð8Þ

As defined by the theory of decidability, d 0 , the higher the decidability, the greater the separation of genuine class and imposter class distributions, which allows for more accurate recognition. A decision can be made as to whether two templates were created from different irises, with a predetermined separation Hamming Distance. However, the genuine class and imposter class distribuTable 1 Different filter parameters using CASIA Iris image database with template size 20 · 240 F

k

m

b

FAR (%)

FRR (%)

EER (%)

1 1 1 1 1 1 1 1 1 1 1 2 2 1 2

4 8 12 13 14 15 16 17 18 19 20 12 12 12 12

1 1 1 1 1 1 1 1 1 1 1 1 2 1 2

0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.3 0.3

0.01 0.21 1.43 1.98 2.89 4.00 2.99 2.25 3.36 2.75 3.85 1.87 2.66 4.70 3.55

26.46 5.64 3.75 3.48 3.35 3.22 3.48 3.88 3.40 3.84 3.53 3.79 3.22 3.53 4.89

13.23 2.92 2.59 2.73 3.12 3.61 3.24 3.06 3.38 3.29 3.69 2.83 2.94 4.11 4.22

tions may have some overlap, which would result in a number of incorrect matches or false accepts or false rejects. On the contrary, zero error rate is attained when both genuine and imposter distributions are clearly separated. In the experiments, the Chinese Academy of Sciences—Institute of Automation (CASIA) eye image database [22] is used. The CASIA Iris Image database consists 756 grey scale eye images with 108 individuals and 7 images each. For the FAR test and imposter population distribution as well, the first image of each iris in the testing set is matched against the first impression of all other irises and the same matching process was repeated for subsequent images, leading to 40,446 imposter attempts. For the FRR test and genuine population distribution creation, each image of each iris is matched against all other images of the same iris, leading to 2268 genuine attempts. 7.1. Selection of optimal 1D Log-Gabor filter parameters There are a number of parameters required in processing feature extraction using 1D Log-Gabor Filters. Optimum settings for these parameters are needed to attain the best verification rate. These parameters include number of filters, F, base wavelength, k, Filter bandwidths, b and multiplicative factor between center wavelengths of successive filters, t. In the process of feature extraction, the outputs of each filter should be independent, so that there is no correlation in the encoded template, otherwise the redundancy of filters may occur. To maximize the independence, the bandwidths of each filter must not overlap in the frequency domain, and also the center frequency must be spread out. Thus, in the first experiment, various values of filter parameters are examined to find out the best filter parameters to assure the accuracy and ease of further testing purposes. The results of employing various parameters to

Fig. 4. LG, ILG, and IWLG performance comparisons in term of EER for various bit length. Note that LG only has 9600 bits.

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

extract the iris features are presented in Table 1. The optimum values of 1D Log-Gabor Filters parameters can be achieved with bandwidth b of 0.5, number of filter of 1, center wavelength k of 12 pixels and multiplicative factor of 1. The above filter parameters give the optimum EER, which is 2.59%. The template size with radial resolution of 20 pixels and angular resolution of 240 pixels was chosen. These parameters generate an iris template that contains 9600 bits of information.

175

Table 2 shows the means and variances of genuine and imposter distributions for LG, ILG, and IWLG in different bit lengths, m. The decidability d 0 indicates less overlapping

7.2. S-Iris Encoding and weak inner-product exclusion In this section, comparisons have been made between 1D Log-Gabor Filters and the proposed methodology by utilized the optimum parameters that obtained from section 7.1. Following are the abbreviations used for brevity in this paper: • 1D Log-Gabor Filters (LG) [13] • S-Iris Encoding, with threshold l = 0 (ILG-m, where m is the bit length) • S-Iris Encoding with Weak Inner-product Exclusion, l and r are 0 and 0.0002, respectively. (IWLG-m, where m is the bit length) Fig. 4 illustrates the performance comparisons of LG, ILG, and IWLG for different bit lengths. In the experiment, various bit lengths, m = 100, 150, 200, 300, and 350 are used for ILG and IWLG. The results show that ILG and IWLG is able to achieve a near zero and zero EER, respectively with the bit length 350 bits. Extremely low EER of 0.0025 and 0% reveal the robustness of ILG and IWLG in the verification task. Other bit lengths of ILG and IWLG gives the EER not more than 1% whilst LG gives the poorest EER of 2.59%. Besides that, ILG and IWLG greatly reduce the bit length of iris template to around 4% of the original feature length 9600 bits. The experiment concludes that ILG and IWLG have better performance than LG from the viewpoint of accuracy, computational speed, and dimension reduction.

Table 2 Mean and variance of genuine class and imposter class of CASIA Iris image database using various filter extractors tested on different bit length

LG

Bit length, m

lg

r2g

li

r2i

d0

9600

0.35

0.0021

0.50

0.0000

4.56

ILG-m

100 150 200 300 350

0.23 0.24 0.23 0.24 0.24

0.0039 0.0033 0.0027 0.0026 0.0025

0.50 0.50 0.50 0.50 0.50

0.0025 0.0017 0.0013 0.0008 0.0007

4.70 5.32 6.02 6.42 6.55

IWLG-m

100 150 200 300 350

0.22 0.23 0.23 0.23 0.23

0.0040 0.0033 0.0028 0.0026 0.0024

0.50 0.50 0.50 0.50 0.50

0.0026 0.0017 0.0013 0.0009 0.0007

4.80 5.46 6.04 6.58 6.85

Fig. 5. Genuine and imposter class population distribution for (A) LG, (B) ILG-350, and (C) IWLG-350.

176

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

Fig. 6. Receiver operating curve.

between the genuine and imposter for ILG and IWLG compare to LG (d 0 = 4.56). We observed that d 0 of ILG with even the smallest m, such as m = 100 (d 0 = 4.7) is able to compete with LG. The result can be visualized by using genuine-imposter distribution plot as shown in Fig. 5. Fig. 5C shows that genuine and imposter distributions are clearly separated, which suggest that IWLG achieves zero EER with m = 350 with d 0 = 6.85. This echoes that IWLG performs the best in terms of verification if compare to ILG with same m. This observation proves that the exclusion of weak inner-product features is necessary to achieve better verification rate. For ILG and IWLG, we note that the performance in terms of EER and d’ is keep increasing when m grows large. From Table 2, we can observe that the lg is stable and li is adhered at 0.5 for any m. On the other hand, r2g and r2i are shrunk when m grows. This explains the separation of genuine-imposter distribution as small r2g and r2i reduce the overlapping region of two distributions. At certain of point, two distributions become clearly apart and thus contribute to zero error rate. On the other hand, variances reduction of genuine and imposter distributions imply the decreasing of intra-class variation and the inter-class variation enhancement. Iris’s intra-class variation is normally caused by lighting problems and imperfection of acquisition device during the iris acquisition, improper handling in iris segmentation, such as occlusion, misalignment and rotation. Therefore, the S-Iris Encoding formulation is able to tackle the performance degradation due to the abovementioned problems through the increment of m. Fig. 6 shows the Receiver Operating Curves (ROC) for LG, ILG-100, ILG-350, IWLG-100, IWLG-350 and Daugman’s Iris Code [2]. From the figure, it is observable that the proposed method, ILG-350 and IWLG-350 have the best performance whereas LG shows the poorest performance among all. ILG-100 and IWLG-100 are not as good

as ILG-350 and IWLG-350 since the code contains fewer bits which are not very sufficient to represent a person. However, ILG-100 and IWLG-100 still are better than LG. Daugman’s Iris code has achieved an average performance in the study which is better than LG, ILG-100, and IWLG-100 but poorer than ILG-350 and IWLG-350. 8. Conclusion This paper described a new Iris based authentication approach coined as S-Iris Encoding which is carried out by iterated inner-product between the iris feature and user-specific secret pseudo-random number, and finally deciding each bit on the sign based on a predefined threshold. The weak inner-product exclusion mechanism is also performed to overcome the bit inversion problem and thus further enhance the verification rate. S-Iris Encoding is primary formulated based on the cancelable biometrics principle to protect against biometrics fabrication. The problem could be rectified by S-Iris code through the token replacement so that a new template can be generated instantly just as a new credit card number can be issued if the old one is compromised. Besides that, S-Iris code is non-invertible and can only contribute to the authentication process when both genuine biometrics template and token are presented. In term of authentication performance, S-Iris code has significant functional advantages over solely biometrics or token usage, which can be shown by the experimental result in achieving a 0% of EER. An extremely clear separation of the genuine and imposter populations also proved the effectiveness of the proposed methodology. This is accomplished through the shrinking of genuine and imposter variances and thus produces the clear separation of genuine and imposter distribution. In general, the higher the number of bit length, m, the better S-Iris code performance.

C.S. Chin et al. / Computer Vision and Image Understanding 102 (2006) 169–177

In addition, the template length can be greatly reduced to around 4% of the original size. Therefore, the computational load is significantly decreased if S-Iris Encoding is to be compared with the use of original feature extractor such as 1D Log-Gabor Filters in this paper. References [1] A.K. Jain, A. Ross, S. Prabhakar, An introduction to biometrics recognition, IEEE Trans. on Circuits Systems Video Technology 14 (1) (2004). [2] J.G. Daugman, High confidence visual recognition of persons by a test of statistical independence, IEEE Trans. Pattern Anal. Mach. Intell. 15 (11) (1993) 1148–1161. [3] R.M. Bolle, J.H. Connel, N.K. Ratha, Biometrics perils and patches, Pattern Recognit. 35 (2002) 2727–2738. [4] D. Maltoni, D. Maio, A.K. Jain, S. Prabhakar, Handbook of Fingerprint Recognition, Springer, New York, 2003, pp. 301-307. [5] G. Davida, Y. Frankel, B.J. Matt, On enabling secure applications through off-line biometrics identification, Proc. Symp. on Privacy and Security (1998) 148–157. [6] A. Juels, M.A Wattenberg, Fuzzy Commitment Scheme, ACM Conference on Computer and Communications Security, CCS 1999 (1999). [7] A. Juels, M.A Sudan, Fuzzy Vault Scheme, ACM Conference on Computer and Communications Security, CCS 2002, (2002). [8] C. Soutar, D. Roberge, A.R. Stoianov, Gilroy, V. Kumar, Biometrics encryption, in: R.K. Nichols (Ed.), ICSA Guide to Cryptography, McGraw-Hill, New York, 1999, pp. 649–675. [9] J.-P. Linnartz, P. Tuyls, New shielding functions to enhance privacy and prevent misuse of biometric templates, in: Proc. Fourth Int. Conf. on Audio- And Video-Based Biometric Person Authentication, 2003, pp. 393–402.

177

[10] E. Verbitskiy, P. Tuyls, D. Denteneer, J.P. Linnartz, Reliable biometric authentication with privacy protection, presented at the SPIE Biometric Technology for Human Identification Conf., Orlando, FL, 2004. [11] M. Savvides, B.V.K. Vijaya Kumar, P.K. Khosla, Cancelable biometrics filters for face recognition, Int. Conf. Pattern Recognit. 3 (2004) 922–925. [12] A. Menezes, P.V. Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, 1996. [13] L. Masek, Recognition of Human Iris Patterns for Biometrics Identification, B.Eng’s thesis, University of Western Australia (2003). [14] R. Wildes, Iris recognition: an emerging biometrics technology, Proc. IEEE 85 (9) (1997). [15] J. Daugman, How Iris Recognition Works, in: Proceedings of 2002 International Conference On Image Processing, vol. 1, 2002. [16] Li Ma, Yunhong Wang, Tien Iu Tan. Iris recognition based on multichannel Gabor filtering, in: The Fifth Asian Conference on Computer Vision, Melbourne, Australia, 2002, pp. 23–25. [17] J.G. Daugman, The importance of being random: statistical principles of Iris recognition, Pattern Recognit. 36 (2) (2003) 279–291. [18] D. Field, Relations between the statistics of natural images and the response properties of cortical cells, J. Opt. Soc. Am. (1987). [19] Peter Kovesi, Edges Are Not Just Steps, in: Proc. of Asian Conf. on Computer Vision, Melbourne, 2002, pp. 822-827. [20] Junzhou Huang, Li Ma, Yunhong Wang, Tieniu Tan, Iris Model Based on Local Orientation Description, National Laboratory of Pattern Recognition, Beijing, China. [21] J.W. Demmel, N.J. Higham, 1990. Improved Error Bounds for Underdetermineded System Solvers, Computer Science Department, University of Tennessee, Knoxville, TN, Tech. Rep. CS-90-113, 1990. [22] CASIA Iris Image Database, Version 1.0. .