A FUZZY VAULT DEVELOPMENT BASED ON IRIS IMAGES

Biometric systems gather information from the person’s biometric attributes, used extensively to authorize the individuals. Due to the obvious convenience of using specific individual traits such as face, fingerprints, palm veins, and irises, biometric authentication is becoming more common. In particular, Iris systems are in high demand for high-assurance applications, because they contain a broad feature set and remain stable. Authentication methods based on iris biometrics are now commonly used in a variety of fields. This is due to the fact that iris biometric authentication is both safer and more comfortable than conventional passwords. Template Security is a major concern in biometric systems. The template security mechanism ensures reusable, permanent, and un-linkable models. The Fuzzy Vault strategy is one of the most popular security schemes for Template protection. Fuzzy vault has demonstrated to be an effective protection method but lacks revocability and security attacks. This article introduced an improved fuzzy vault system. The improved fuzzy vault system was introduced, which uses more than one key to protect biometric data. Different keys make the search space more detailed. The additional key was used to encrypt vault data, which stopped the intruder from accessing the information on the person’s biometry. The system was tested using CASIA.v1 and IITD.v1 datasets, and findings showed that the system ensures the protection and authentication of the iris templates without compromising performance. The proposed modification gave a 0.0 % False Accepted Rate (FAR) for both the dataset and False Rejected Rate (FRR), 0.14 % for CASIA v1 and 0.12 % for ITTD v1 False Rejected rate.


Introduction
Motivation: Biometrics is a social identity analysis to authenticate or identify substance characters. Identification of biometrics people by their biological attributes, including fingerprint, iris, retina, hand anatomy, face, palm scanning or some forms of actions such as signature, gesture, and voice. Biometric technology requires massive biometric volumes template construction data that causes severe privacy leakage [1,2]. Biometric authentication offers excellent protection because, instead of smart cards or text passwords, biometric forgery or fraud is very difficult to lose or forget. Biometric security and safety are widely used, primarily due to the precision and uniqueness of biometric features such as Iris. And there are also other attacks that the biological systems experience, such as the brute force attack, position attack, correlation attack, etc. Biological system stability is a significant threat. Thus, the safe security of biological templates caught the attention of people [1].
Contributions. This article's main aim is to propose a new improvement with an iris prototype of the fuzzy vault scheme. Typically, a biometric framework's accuracy is calculated by its False Accepted Rate (FAR) and False Rejected Rate (FRR), also known as matching accuracy [3]. To ensure accuracy, let's strive to reduce the FAR rate. Furthermore, let's aim to minimize FRR as well as time for successful authentication and usability. However, since the traditional fuzzy vault scheme uses a single biological template and the biological function parameters are stored directly in the fuzzy vault, the biological template will not be adequately protected.

Computer Sciences
To address this problem, let's propose a novel fuzzy vault scheme based on the encryption of the vault, which makes it resist the correlation and brute force attack on the fuzzy vault using the iris template. Fuzzy vault schema, first implemented in [2], was a well-known biometric system cryptographic architecture. Because of the increasing use of biometric authentication, the fuzzy vault cryptosystem has become a well-studied research field [4]. The author proposes a shift to the fuzzy vault [5]. An additional layer of security is introduced using a password to achieve a high degree of protection. This program offers a high level of security from a secure password. If the password fails, it is similar to the standard fuzzy method. Only the same password would harden the secret key derived from the same prototype. The hardening method requires the following steps. First, the recognition system has a random user password processing feature. Second, the fuzzy vault framework then protects the transformed prototype. Finally, the vault is secured by a password-based key. The author proposes to boost the fuzzy vault scheme in [6]. An iris shuffling algorithm is used in the framework to ensure the revocable iris template based on three key aims: first, no template information should be leaked from the stored data. Second, templates can be withdrawn; once they are infected, they can be released without recovering the iris. Third, the fuzzy vault against the correlation attack should be safe. Source of reference not found. So it is not possible to compare the fuzzy vaults of the same design to determine the key used for building the fuzzy vault. In [7], the author of the article suggests a new way of solving the problems of the new fuzzy vault based on CRC. An updated generator and verifier of chaff points were added. In order to create structural chaff points at the registration stage, continuous hashing and linear projection are used. As a result, the same chaff points are regenerated for the final decision during the authentication stage. The proposed system treats chaff points as a signature for the secure key and biometric template combination. Any changes on the decoded vault are detected during the authentication process to avoid the assault of mixing substitutions. The author proposed a new fuzzy vault schema method. In [8,9], the authors proposed a modified fuzzy vault framework, A 128-bit Advanced Encryption Standard (AES) key combination of iris data. Experimental results demonstrated that the 128-bit cryptographic keys and iris models with a fuzzy vault system were stable. There are two benefits and improvements to the new method. First, it was implemented as a pattern clustering method to address the variance in extracted iris features. Second, it was used to create fuzzy vault sets as an iris extraction algorithm based on the Independent Component Analysis (ICA). In [10], the author suggested that several models for a user be protected as a single entity. A fuzzy vault system was used to derive one multi-biometric template from individual templates. It shows that a multi-biometric vault offers better identification and more excellent protection than a uni-biometric vault. The proposed method achieves a better value of Genuine Accepted Rate (GAR) and False Accepted Rate (FAR) compared to the uni-biometric fuzzy vault. It also provides higher security than uni-biometric systems.

Materials and methods
Fuzzy vault is the primary biometric binding cryptographic in different applications; the fuzzy vault method has been widely studied and considered. Fuzzy vault only receives unordered input. A fuzzy vault must be translated into an unordered set of biometrics with features in an ordered set. Assume that B is a biometric prototype with f-points. A secret key K is selected and is encrypted, say as coefficients, into a polynomial P with a degree d. Biometric prototype characteristics are now based on the polynomial. Any random points are introduced to cover the genuine elements, which do not cheat on the P polynomial. As shown in Fig. 1, such random points are named chaff points [2,11].
When the user submits a biometric request B, authentication is completed if the key K is regenerated only if B overlaps with A and authentication is successful, as shown in Fig. 2 below.
On the opposite, regeneration of K is unlikely if there is insufficient overlap between A and B, authentication is ineffective. Reed Solomon (RS) procedures are used to correct the polynomial error. The inefficiency of the polynomial reconstruction is based on the non-vulnerability of this approach.

1. Proposed System
This section explains the formal structure of our proposed scheme. The framework contains the following modules.

1. 1. Vault Encoding
The method of vault encoding or registration is implemented as follows in our cryptosystem. Fig. 3 demonstrates the registration process of the device model proposed.
Iris image template extraction. The user's iris image is provided as an input in the registration process. The grey level co-occurrence matrix (GLCM) texture extraction methods [13][14][15] have been used to extract iris textures features.
Chaff Points Generation. To hide the real points of a potential attacker, random chaffs points are produced to provide a fair balance between the complexity and the performance of brute force attacks.
Polynomial Projection. The fuzzy vault system is a set of (X, Y) tuples, defining (X, Y) the system coordinate. The first dimension of a tuple vault, X, has a fixed value. The second dimension, Y, is generated randomly under certain conditions. Any genuine point X is drawn to the secret polynomial p, and the resulting value is saved as the second tuple variable, i. e., Y = p(X). The polynomial mapping is carried out in a Galois field (GF) so that exact polynomial interpolation is possible in vault decoding. Then, in the potential results space of polynomial projection, the chaff points are randomly mapped to a number in order not to lie on the polynomial. This mapping gives the second tuple element, Y, where Y corresponds to p(X) [16,17].

Fig. 3. Modified fuzzy vault schema
Vault encryption. The proposed change uses vault encryption. There is a suggested improvement that uses more than one key to protect encrypted biometric information. The additional keys (K2) used to encrypt vault data expand the search space. An attacker could not use the decoding algorithms to obtain information about user biometrics by inserting the extra key. The keyspace for the cryptographic scheme is the cumulative number of separate keys that need to be used. The safety of the algorithm depends on the key size. The high length key, the more secure the algorithm will be against a brute force attack. The main length is represented uniformly as a number of key bits [17]. A key N-bit length has the 2 N keyspace choices. The keyspace size should not be less than 2 100 from the cryptographic perspective to provide a high degree of security [18].
Vault Scrambling and permutation. The Vault tuples with genuine points can't be separated from the tuples with chaff points by fusing the encrypted vault.

Vault Decoding
Vault decoding or authentication is applied, as seen in Fig. 4.

Fig. 4. Authentication in the proposed system
Iris Image and Fuzzy Vault. The iris image template is extracted from GLCM in the registration process, and the actual (claimed) user's fuzzy vault provided from the database (DB) by using its unique identifier (id) as an input to the verification algorithm. Computer Sciences Vault Decryption. A particular key (K2) was used during the validation process to decrypt the locked vault during the enrollment phase.
Polynomial Interpolation. Polynomial interpolation shall be performed unless the size of a candidate set at the end of one iteration with two different bases is greater than polynomial degree plus one (n+1). The hidden polynomial can't be interpolated if fewer candidates are found. In the case of sufficiently vault tuples, all sub-sets of size n+1 must be evaluated, as not all candidate vertices have genuine points. The interpolation of Lagrange in a Galois field (GF) (2 32 ) for each sub-set is achieved by using n+1 vault tuple, interpreted as (X, Y ) sample points with X and Y being respectively, the first and second variable for the vault tuple.
Correct Secret. When no intrusion is encountered, the proper secret key (k1) is found as well as the user is tested successfully.

Results and discussions
The simulation parameters used for implementation are presented in this section. It also analyzes the attack by brute force and the attack by correlation to show the consistency of the proposed method.
CASIA v1 consists of 756 iris images of 108 persons and seven images each taken during two separate sessions with a difference of at least one month. Both 8-bit grey images are 320 to 280 resolution and preserved in bitmap format [19].
In our experiments, let's use two key images, one for registration and the other for testing.  The IITD.v1 image database mainly consists of iris pictures obtained from IIT Delhi students and staff. This database was compiled by JIRIS, JPC1000, and digital CMOS camera in the Biometrics Research Laboratory from January to July 2007. The collected images have been stored in bitmap format. The database includes 2,240 images from 224 different users that are freely available to researchers. In the sample, all subjects aged 14-55 years consist of 176 men and 48 women. These pictures are 320×240 pixels in size, and all these photographs have been acquired indoors [20].

1. 2. Parameter Values
Different parameters settings can be seen in Table 1.
In Table 1, there are the variables used in the proposed system for evaluation and analysis.

1. Performance
With the False Accept (FAR) and False Reject Ratios (FRR), the performance of the proposed iris-based fuzzy vault system was assessed, as seen in Table 2. FAR represents the number of accurate key retrievals by non-authentic device users. FRR represents the number of refusals for actual machine users [21].

1. 4. Security Analysis
To extract a hidden polynomial P(x) with a polynomial degree (n), a subset of (n+1) vault pairs shall be required. In this case, all (n+1) pairs of vault elements must contain genuine points (g), and Chaff points (c) are not concealed. In all (v = g+c), vault pairs are assumed in the fuzzy vault where (v) is the total number of points in the vault, (g) is the number of genuine points, and (c) is the number of chaff points identified in vault formation. This makes it possible for the attacker v s = (n+1) V vault size pair sub-sets (n+1) overall. g s = (n+1) g subgroups contain genuine points from these sets, which can be used to interpolate the hidden polynomial properly. This leaves (c s = v s -g s ) pair subsets were containing genuine pairs but include at least one pair of pairs of vaults. If the chaff vault pair is only one member of the candidate sub-set (n+1), the secret polynomial fails because the chaff vault pair does not lie on the secret polynomial [10]. The attacker doesn't know which vault pairs have genuine points, so they can only pick one sub-set, again and again, to interpolate at random.
An attacker needs to find an appropriate subset for accurate interpolation of the secret key to determine the estimated number of attempts [21,22]: Let's also note from (1), which shows the number of attempts the attacker needs to break the system and obtain sensitive user information. Therefore, the proposed modification to the fuzzy vault method ensures that the number of attempts increases in a balanced manner consistent with the length of the key (K2) used in the fuzzy vaults encryption, which gives additional strength and protection to sensitive information. Therefore, (2) is as follows: . v g n g n g encryption key K length (2) To determine the expected time for a potential attacker to access a fuzzy vault by subset interpolation randomly, let's multiply the estimated time (T) to select a genuine portion with the average time per subset of Lagrange interpolation:

Computer Sciences
Let's recognize, the average duration of interpolation increases with the polynomial degree (n). Let's summarize the effect of the (g, c, and n) parameters on the estimated time an attacker has to release the secret and present the expected value total attempts E(g s , c s ) with expanded polynomial coefficients to better display the security impact.
The expected value total attempts E(g s , c s ) decreases as only the denominator increases, so protection decreases. The expected value total attempts E(g s , c s ) increase as encryption key length increased. Expanding the number of chaff points c, total attempts E(g s , c s ) also increases, with (v = g+c) increasing in the nominator. The attacker, therefore, requires further attempts to open the vault on average. Both binomial coefficients of nominators and denominators change by increasing the polynomial degree n.

2. Biometric systems attacks
A variety of attacks are introduced in the biometrics framework. However, attacks on safe models significantly reduce the reliability of the biometric system. The attacks based on the template are either brute force, correlation, known key, replacement, or hill climb attacks. This work focused on both brute force and correlation attacks.

2. 1. Brute force attack
An attacker tries every possible bit mixture in this type of attack before the correct data is calculated or the key is retrieved for the original function. The basic fuzzy vault depends on the degree of the polynomial. The attacker can quickly restore a lower polynomial degree. Higher degree polynomial provides increased stability [23,24]. Polynomial degree n in the fuzzy vault, the attacker has to try for brute force (g, n+1) of g +1 element combinations, as seen in (1). The proposed modification to the standard fuzzy vault method should increase the number of attempts that the attacker makes to obtain sensitive information, as shown in (2); therefore, getting sensitive information for the user takes a very long time, as shown in (3).

2. 2 Correlation attack
In the case of a correlation attack, at least two vaults belong to one individual. Two different ways can generate the vaults: (1) the fuzzy vault is formed using similar genuine points with different hidden key(k1). (2) equivalent genuine points with various chaff points. Let the assailant two vaults be intercepted containing two points (pts) and (pts¢). An attacker's goal is to find some transformation on points (pts¢). i. e (Transform (pts¢)). Whether distance< = threshold (Th), transformed characteristics of {Transform (pts¢), (pts¢)} correlate with (pts). Let V consists of fuzzy pairs of vaults {pts} with distance(pts, Transform(pts¢)< = Th). The error-correcting procedure, Reed Solomon decoder (RS), can be used to open the vault when matching pairs of (pts, pts¢) is lower than pairs not paired [24,25]. Assume that genuine and chaff (pts) and (pts¢) are equal in size. There are points of (pts) genuine and chaff points of (pts¢). The proposed modification to the fuzzy vault method should prevent a correlation attack, as encryption for the data prevents interconnection Computer Sciences between the data, as it is possible to encrypt the data of each user with a random key that differs from the other user, which helps prevent penetration and protect the iris template. Table 3 compares the proposed Fuzzy Vault with the current polynomial degree 8 methods with the CASIA v1 dataset. Genuine Acceptance Rate (GAR) is defined as a percentage of the system's approved genuine users. It is given by GAR = 100-FRR [26][27][28]. Through Table 3, it is clear that the proposed method gives good results compared to other methods and provides solutions for correlation and brute force attacks.
The results of the proposed system displayed in Table 2 are greatly influenced by the threshold value used. It represents the difference between enrolled template and query template so it must be chosen carefully. Specific use and security considerations must be taken into account when choosing the optimal parameters. For good performance, various thresholds have been made. It always depends on the context of use to decide between security and usability. There is some degradation in the GAR because of in some cases, features could not be reliably extracted from a relatively large region in the iris pattern due to factors like occlusion reflection, motion blur, contrast variation, pupil dilation, blurred image, partially open eye and defocused image. This problem can be compensated by overlooks the occluded regions in the Euclidean distance calculation. However, this problem can't be handled effectively by the proposed system leading to further false rejections. Both CASIA.1 and ITTD.1 has (0.0 %) FAR, making it suitable for a high-security application.
The main advantage of the proposed modification of fuzzy vaults adds a second layer of security against the attacker, even if the attacker succeeds in unlocking the vaults and receiving the key but still can't receive the original template as the encrypted template version has to be solved to get feature points and adds more complexity in our fuzzy vault. The proposed modification ensures that the attacker will increase the number of attempts needed to break the system and obtain sensitive user information, thus providing an effective solution to the brute force attack and correlation attack. This increase in the number of attempts depends the key length (K2) used to encrypt fuzzy vault, giving additional strength and protection to sensitive information.
From a cryptographic standpoint, it's worth noting that the fuzzy vault architecture solves the key management problem, which is a big problem in real-world cryptosystems. The prototype implementation and experimental results indicate that a realistic application of this cryptosystem is possible, as it is more secure than commonly used iris recognition algorithms without compromising quality or runtime efficiency. At the same time, it increases the stability of existing cryptosystems by resisting correlation and brute force attacks. As a consequence, let's assume it is a viable alternative for safe and functional distributed authentication. Despite the apparent benefit of the proposed modification, it adds some complexity and extra time to encrypt and decrypt data, which is one of the disadvantages of the proposed system. Fuzzy vault is most importantly secure due to the complexity of polynomial reconstruction and the number of randomly generated chaff points. However, the proposed system's security is also largely dependent on the encryption key length. Clearly, the higher the degree polynomial and the more chaff points, the more difficult it is to recover the true polynomial P(x) for the fusion points. The addition of more chaff points or polynomial degrees will have a direct influence on runtime. The balance between security and the best usage should be determined on each specific application.

Computer Sciences
As a biometric, the proposed system is based only on the iris. Using multiple biometrics to generate fuzzy vaults that all have to be matched to authenticate is one way to improve security. Using passwords plus biometrics will enhance the system's efficiency.

Conclusion
This research has developed and constructed a biometric cryptosystem based on a fuzzy vault that can be utilized for authentication with strong privacy and protection. The implemented scheme uses another hidden based encryption layer to protect the vault data in the original fuzzy vault schema. The proposed system would increase the search space to make the intruder more complicated and challenging to use the template data. When testing the proposed system, it gave 0.0 % acceptable error rate (FAR) for both dataset and false rejection rate (FRR), 0.14 % for CASIA v1 and 0.12 % for ITTD v1 as well as solving the problem of brute force attack and correlation attack on the contrary, to the rest of the previous systems that give a higher FRR, but do not put solutions to these attacks.