**Evaluation of Biometric Systems**

**Evaluation of Biometric Systems**

Mohamad El-Abed and Christophe Charrier Additional information is available at the end of the chapter

Christophe Charrier and Christophe Rosenberger

Additional information is available at the end of the chapter

http://dx.doi.org/10.5772/52084

## **1. Introduction**

Mohamad El-Abed,

20 New Trends and Developments in Biometrics

148 New Trends and Developments in Biometrics

*Audio Processing*, 3:72–83, 1995.

*Tech. Rep. V. 7.0.0*, February 1999.

December 1998.

2004.

2006.

9:85–88, March 2002.

*Telecommunications*, 15:33–38, January/February 2004.

*Bell Syst. Tech. J.*, pages 2445–2472, September 1969.

[11] Douglas A. Reynolds and Richard C. Rose. Robust text-independent speaker identification using gaussian mixture speaker models. *IEEE Transactions on Speech and*

[12] F. Beritelli, S. Casale, and S. Serrano. A low-complexity speech-pause detection algorithm for communication in noisy environments. *European Transactions on*

[13] F. Beritelli, S. Casale, and S. Serrano. Adaptive v/uv speech detection based on acoustic noise estimation and classification. *Electronic Letters*, 43:249–251, February 2007.

[14] P. T. Brady. A model for generating on-off speech patterns in two-way conversation.

[15] ETSI. Gsm 06.94, digital cellular telecommunication system (phase 2+); voice activity detector (vad) for adaptive multi rate (amr) speech traffic channels; general description.

[17] F. Beritelli, S. Casale, and A. Cavallaro. A robust voice activity detector for wireless communications using soft computing. *IEEE J. Select. Areas Commun*, 16:1818–1829,

[18] F. Beritelli, S. Casale, G. Ruggeri, and S. Serrano. Performance evaluation and comparison of g.729/amr/fuzzy voice activity detectors. *IEEE Signal Processing Letters*,

[19] L. Couvreur and M. Laniray. Automatic noise recognition in urban environments based on artificial neural networks and hidden markov models. In *Proceedings of INTERNOISE*,

[20] F. Beritelli, S. Casale, A. Russo, and S. Serrano. A speech recognition system based on dynamic characterization of background noise. In *Proceedings of the 2006 IEEE International Symposium on Signal Processing and Information Technology*, pages 914–919,

[16] ITU-T Recommendation P. 59: Artificial conversational speech, March 1993.

Biometrics is considered as a promising solution among traditional methods based on "what we own" (such as a key) or "what we know" (such as a password). It is based on "what we are" and "how we behave". Few people know that biometrics have been used for ages for identification or signature purposes. In 1928 for example, fingerprints were used for women clerical employees of Los Angeles police department as depicted in Figure 1. Fingerprints were also already used as a signature for commercial exchanges in Babylon (-3000 before JC). Alphonse Bertillon proposed in 1879 to use anthropometric information for police investigation. Nowadays, all police forces in the world use this kind of information to resolve crimes. The first prototypes of terminals providing an automatic processing of the voice and digital fingerprints have been defined in the middle of the years 1970. Nowadays, biometric authentication systems have many applications [1]: border control, e-commerce, *etc*. The main benefits of this technology are to provide a better security, and to facilitate the authentication process for a user. Also, it is usually difficult to copy the biometric characteristics of an individual than most of other authentication methods such as passwords.

Despite the obvious advantages of biometric systems, their proliferation was not as much as attended. The main drawback is the uncertainty of the verification result. By contrast to password checking, the verification of biometric raw data is subject to errors and represented by a similarity percentage (100% is never reached). Others drawbacks related to vulnerabilities and usability issues exist. In addition, in order to be used in an industrial context, the quality of a biometric system must be precisely quantified. We need a reliable evaluation methodology in order to put into obviousness the benefit of a new biometric system. Moreover, many questions remain: Shall we be confident in this technology? What kind of biometric modalities can be used? What are the trends in this domain? The objective of this chapter is to answer these questions, by presenting an evaluation methodology of biometric systems.

Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. © 2012 El-Abed and Charrier; licensee InTech. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. © 2012 El-Abed and Charrier; licensee InTech. This is a paper distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

©2012 El-Abed et al., licensee InTech. This is an open access chapter distributed under the terms of the

Table 1 presents a comparison study of biometric modalities in terms of universality, uniqueness, permanency, collectability and acceptability. From this table, we can deduce that none biometric information satisfies simultaneously all these properties. As for example, DNA analysis is one of the most efficient techniques to verify the identity of an individual or to identify him/her. Nevertheless, it cannot be used for logical or physical access control not only for time computation reasons, but also because nobody would be ready to give some blood to make the verification. Hence, important attention should be done when choosing a

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 151

**Figure 2.** An example of biometric modalities. From left to right, top to bottom, face, fingerprint, gait, keystroke dynamics,

**Information U N P C A E** DNA Yes Yes Yes Poor Poor \*\*\*\*\* Gait Yes No Poor Yes Yes \*\*\* Keystroke dynamics Yes Yes Poor Yes Yes \*\*\*\* Voice Yes Yes Poor Yes Yes \*\*\*\* Iris Yes Yes Yes Yes Poor \*\*\*\*\* Face Yes No Poor Yes Yes \*\*\*\* Hand geometry Yes No Yes Yes Yes \*\*\*\* Fingerprint Yes Yes Yes Yes Fair \*\*\*\*

**Table 1.** Comparison study of biometric modalities in terms of universality (U), uniqueness (N), permanency (P), collectability (C), acceptability (A) and performance (E). For the performance, the number of stars is related to the modality's performance

DNA, iris, finger knuckle and hand veins information.

(i.e., EER) in the literature [3].

specific modality for a specific application and a target population.

**Figure 1.** Women clerical employees of Los Angeles Police Department getting fingerprinted and photographed in 1928 (source [2]).

The outline of the chapter is defined as follows: In Section 2, we present the general concepts of biometric systems as well as their limitations. We then present in Section 3 the evaluation aspects of biometric systems related to 1) data quality, 2) usability and 3) security. In Section 4, we focus on emerging trends in this research field. They mainly have for objective to define efficient biometric systems that respect the privacy of an individual and permit a good usability. A conclusion of the chapter is then given in Section 5.

## **2. Concepts and definitions**

## **2.1. Biometrics**

The term biometrics is originally Greek, "bios" and "metron", literally meaning "measurement of life". In its first meaning, it was defined as a *Part of biological science which applies statistical methods and probabilistic formulas to living beings*. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked.

## **2.2. Biometric modalities**

Each biometric information that can discriminate individuals is considered as a biometric modality. An example of biometric modalities is presented in Figure 2. An ideal biometric information should respect the following properties:


Table 1 presents a comparison study of biometric modalities in terms of universality, uniqueness, permanency, collectability and acceptability. From this table, we can deduce that none biometric information satisfies simultaneously all these properties. As for example, DNA analysis is one of the most efficient techniques to verify the identity of an individual or to identify him/her. Nevertheless, it cannot be used for logical or physical access control not only for time computation reasons, but also because nobody would be ready to give some blood to make the verification. Hence, important attention should be done when choosing a specific modality for a specific application and a target population.

2 New Trends and Developments in Biometrics

**2. Concepts and definitions**

that can be automatically checked.

information should respect the following properties:

• Collectability: it can be measured in an easy manner.

• Acceptability: it concerns the possibility of a real use by users.

**2.2. Biometric modalities**

individuals.

**2.1. Biometrics**

(source [2]).

**Figure 1.** Women clerical employees of Los Angeles Police Department getting fingerprinted and photographed in 1928

The outline of the chapter is defined as follows: In Section 2, we present the general concepts of biometric systems as well as their limitations. We then present in Section 3 the evaluation aspects of biometric systems related to 1) data quality, 2) usability and 3) security. In Section 4, we focus on emerging trends in this research field. They mainly have for objective to define efficient biometric systems that respect the privacy of an individual and permit a

The term biometrics is originally Greek, "bios" and "metron", literally meaning "measurement of life". In its first meaning, it was defined as a *Part of biological science which applies statistical methods and probabilistic formulas to living beings*. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics

Each biometric information that can discriminate individuals is considered as a biometric modality. An example of biometric modalities is presented in Figure 2. An ideal biometric

• Uniqueness: this information must be as dissimilar as possible for two different

• Universality: all individuals must be characterized by this information.

• Permanency: it should be present during the whole life of an individual.

good usability. A conclusion of the chapter is then given in Section 5.

**Figure 2.** An example of biometric modalities. From left to right, top to bottom, face, fingerprint, gait, keystroke dynamics, DNA, iris, finger knuckle and hand veins information.


**Table 1.** Comparison study of biometric modalities in terms of universality (U), uniqueness (N), permanency (P), collectability (C), acceptability (A) and performance (E). For the performance, the number of stars is related to the modality's performance (i.e., EER) in the literature [3].

## **2.3. The general scheme of a biometric system**

The biometric authentication process is divided into three main functionalities:

## • **Enrolment**

It constitutes the initial process of collecting biometric data samples from a person and subsequently creates a reference template representing a user's identity to be used for later comparison. An example of users' templates of different modalities is given in Figure 3.

• Storage module: It is used to store biometric individuals' templates.

similarity (or of divergence) between two biometric vectors.

to determine the identity of an individual.

**Figure 4.** Generic architecture of a biometric system (source [4]).

**2.5. Biometric systems limitations**

decrease their widespread of use such as:

that would be not accepted by users.

• Matching module: It is used to compare the extracted biometric raw data to one or more previously stored biometric templates. The module therefore determines the degree of

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 153

• Decision module: It is used to determine if the returned index of similarity is sufficient

Despite the advantages of biometric systems in terms of easy to use and to provide a better security comparing to traditional solutions, their use is limited to specific kind of applications (such as e-passport). These systems suffer from several limitations which may significantly

• Performance limitation: By contrast to password checking, the verification of biometric raw data is subject to errors and represented by a similarity percentage (100% is never reached). Verification errors are due to many reasons such as the variations of human characteristics (*e.g.*, occlusions [5]), environmental factors (*e.g.*, illuminations [6]) and cross-device matching [7]. This kind of acquisition artifacts may deeply affect the performance of biometric systems and hence, decrease their use in real life applications. • Acceptability limitations: The use of biometric systems is related its perceived acceptability and satisfaction. Table 1 shows that not all the biometric modalities are accepted. However, the acceptability is also related to its context of use and the target population. Jain et al. (2004) [1] categorize the fundamental barriers in biometrics into three main categories: 1) accuracy in terms of errors, 2) scale or size of the database and 3) usability in terms of easiness to use, acceptability, *etc*. One government can decide that an individual would be identified through a biometric data embedded in the passport. For logical or physical access control in a company, it is more difficult to impose a system

**Figure 3.** An example of biometric templates. From left to right, top to bottom, extracted minutia from a fingerprint, iris code, facial-based graph using keypoints, vocal and keystroke dynamics signals.

#### • **Verification**

It provides a matching score between the biometric sample provided by the user and his/her template. The matching score is defined between 0% and 100% (100% is quite impossible to be reached).

• **Identification**

It consists of determining the identity of an unknown individual from a database of individuals. In this case, the system can then either attribute the identity corresponding to the most similar profile found in the database to the unknown individual (or a list of the most similar profiles), or reject the individual.

## **2.4. Architecture of a biometric system**

The generic architecture of a biometric system consists of five main modules as depicted in Figure 4:


**Figure 4.** Generic architecture of a biometric system (source [4]).

## **2.5. Biometric systems limitations**

4 New Trends and Developments in Biometrics

• **Enrolment**

Figure 3.

• **Verification**

• **Identification**

Figure 4:

identification.

impossible to be reached).

**2.3. The general scheme of a biometric system**

facial-based graph using keypoints, vocal and keystroke dynamics signals.

the most similar profiles), or reject the individual.

**2.4. Architecture of a biometric system**

The biometric authentication process is divided into three main functionalities:

It constitutes the initial process of collecting biometric data samples from a person and subsequently creates a reference template representing a user's identity to be used for later comparison. An example of users' templates of different modalities is given in

**Figure 3.** An example of biometric templates. From left to right, top to bottom, extracted minutia from a fingerprint, iris code,

It provides a matching score between the biometric sample provided by the user and his/her template. The matching score is defined between 0% and 100% (100% is quite

It consists of determining the identity of an unknown individual from a database of individuals. In this case, the system can then either attribute the identity corresponding to the most similar profile found in the database to the unknown individual (or a list of

The generic architecture of a biometric system consists of five main modules as depicted in

• Capture module: It consists of capturing the biometric raw data in order to extract a numerical representation. This representation is then used for enrollment, verification or

• Signal processing module: It allows the reduction of the extracted numerical representation in order to optimize the quantity of data to store during the enrollment phase, or to facilitate the processing time during the verification and identification phases.

This module can have a quality test to control the captured biometric data.

Despite the advantages of biometric systems in terms of easy to use and to provide a better security comparing to traditional solutions, their use is limited to specific kind of applications (such as e-passport). These systems suffer from several limitations which may significantly decrease their widespread of use such as:


• Architecture limitations: Several existing works [8–11] show the vulnerability of biometric systems. Ratha *et al.* have identified eight locations of possible attacks in a generic biometric system as depicted in Figure 5. Maltoni *et al.* present several drawbacks of biometric systems related to circumvention, repudiation, contamination, collusion and coercion threats. In addition to these presented threats, several works (such as [11]) present attacks on biometric systems related to the identified points presented in Figure 5. An example of type-1 attacks (*i.e.*, sensor) is given in Figure 6.

**Figure 7.** Evaluation aspects of biometric systems: data quality, usability and security.

**Figure 8.** Quality assessment of biometric raw data: character, fidelity and utility.

approaches [12, 13].

of a biometric system.

point of view.

verification. Such information could be also used for soft biometrics and multimodal

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 155

According to the International Organization for Standardization [14], the quality assessment

of biometric raw data is divided into three points of view as illustrated in Figure 8:

• Fidelity: refers to the degree of similarity between a biometric sample and its source. • Utility: refers to the impact of the individual biometric sample on the overall performance

In biometrics, there is an international consensus on the fact that the quality of a biometric sample should be related to its recognition performance [15]. Therefore, we present in this section an overview of the existing morphological-based quality metrics related to the *utility*

Alonso-Fernandez et al. (2007) [16] present an overview of existing fingerprint quality metrics. The authors show the impact of bad quality samples on the performance of biometric systems. Many other fingerprint quality algorithms exist [17–19]. The presented methods

• Character: refers to the quality of the physical features of the individual.

**Figure 5.** Possible attack points in a generic biometric system: Ratha *et al.* model.

**Figure 6.** A prosthetic finger created out of latex at the GREYC research laboratory.

## **3. Evaluation of biometric systems**

As shown in the previous section, biometric systems have several limitations which may significantly decrease their use in real life applications. Therefore, the evaluation of biometric systems is carefully considered in the literature. Such kind of evaluation can be categorized into three main categories as depicted in Figure 7: 1) data quality, 2) usability and 3) security. In this section, we present these evaluation aspects followed by a discussion.

## **3.1. Data quality**

The quality assessment of biometric raw data is receiving more and more attention since it is considered as one of the main factors affecting the overall performance of biometric systems. This is mainly due to the acquisition artefacts such as illumination. Therefore, controlling the quality of the biometric raw data is absolutely necessary. Using the quality information, poor quality samples can be removed during the enrollment phase or rejected during the

**Figure 7.** Evaluation aspects of biometric systems: data quality, usability and security.

• Architecture limitations: Several existing works [8–11] show the vulnerability of biometric systems. Ratha *et al.* have identified eight locations of possible attacks in a generic biometric system as depicted in Figure 5. Maltoni *et al.* present several drawbacks of biometric systems related to circumvention, repudiation, contamination, collusion and coercion threats. In addition to these presented threats, several works (such as [11]) present attacks on biometric systems related to the identified points presented in Figure 5.

An example of type-1 attacks (*i.e.*, sensor) is given in Figure 6.

**Figure 5.** Possible attack points in a generic biometric system: Ratha *et al.* model.

**Figure 6.** A prosthetic finger created out of latex at the GREYC research laboratory.

As shown in the previous section, biometric systems have several limitations which may significantly decrease their use in real life applications. Therefore, the evaluation of biometric systems is carefully considered in the literature. Such kind of evaluation can be categorized into three main categories as depicted in Figure 7: 1) data quality, 2) usability and 3) security.

The quality assessment of biometric raw data is receiving more and more attention since it is considered as one of the main factors affecting the overall performance of biometric systems. This is mainly due to the acquisition artefacts such as illumination. Therefore, controlling the quality of the biometric raw data is absolutely necessary. Using the quality information, poor quality samples can be removed during the enrollment phase or rejected during the

In this section, we present these evaluation aspects followed by a discussion.

**3. Evaluation of biometric systems**

**3.1. Data quality**

verification. Such information could be also used for soft biometrics and multimodal approaches [12, 13].

According to the International Organization for Standardization [14], the quality assessment of biometric raw data is divided into three points of view as illustrated in Figure 8:


**Figure 8.** Quality assessment of biometric raw data: character, fidelity and utility.

In biometrics, there is an international consensus on the fact that the quality of a biometric sample should be related to its recognition performance [15]. Therefore, we present in this section an overview of the existing morphological-based quality metrics related to the *utility* point of view.

Alonso-Fernandez et al. (2007) [16] present an overview of existing fingerprint quality metrics. The authors show the impact of bad quality samples on the performance of biometric systems. Many other fingerprint quality algorithms exist [17–19]. The presented methods have shown their efficiency in predicting the quality of fingerprints images. An example of these metrics is the NIST Fingerprint Image Quality metric (NFIQ) [20] proposed by the NIST. NFIQ metric is dedicated to fingerprint quality evaluation.

**3.2.1.1 Metrics**

1. Fundamental performance metrics

of sufficient quality.

memory allocated.

given by:

Figure 9.

2. Verification system performance metrics

accept rate would be given by:

performance of the target system. 3. Identification system performance metrics

identifier is among those returned.

• Failure-to-enroll rate (FTE): proportion of the user population for whom the biometric system fails to capture or extract usable information from the biometric sample. • Failure-to-acquire rate (FTA): proportion of verification or identification attempts for which a biometric system is unable to capture a sample or locate an image or signal

• False-match-rate (FMR): the rate for incorrect positive matches by the matching

• False-non-match rate (FNMR): the rate for incorrect negative matches by the matching

In addition to these error metrics, other performance metrics are used in order to ensure the operational use of biometric systems such as: 1) average enrollment time, 2) average verification time, 3) average and maximum template size and 4) maximum amount of

• False rejection rate (FRR): proportion of authentic users that are incorrectly denied. If a verification transaction consists of a single attempt, the false reject rate would be

• False acceptation rate (FAR): proportion of impostors that are accepted by the biometric system. If a verification transaction consists of a single attempt, the false

• Receiver operating characteristic curve (ROC): plot of the rate of FMR as well as FAR (*i.e.*, accepted impostor attempts) on the x-axis against the corresponding rate of FNMR as well as FRR (*i.e.*, rejected genuine attempts) on the y-axis plotted parametrically as a function of the decision threshold. An illustration of a ROC curve is presented in

• Equal Error Rate (EER): this error rate corresponds to the point at which the FAR and FRR cross (compromise between FAR and FRR). It is widely used to evaluate and to compare biometric authentication systems. More the EER is near to 0%, better is the

• Identification rate (IR): the identification rate at rate *r* is defined as the proportion of identification transactions by users enrolled in the system in which the user's correct

*FRR*(*τ*) = *FTA* + *FNMR*(*τ*) ∗ (1 − *FTA*) (1)

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 157

*FAR*(*τ*) = *FMR*(*τ*) ∗ (1 − *FTA*) (2)

algorithm for single template comparison attempts.

algorithm for single template comparison attempts.

Krichen et al. (2007) [5] present a probabilistic iris quality measure based on a Gaussian Mixture Model (GMM). The authors compared the efficiency of their metric with existing ones according two types of alterations (occlusions and blurring) which may significantly decrease the performance of iris recognition systems. Other iris quality metrics are presented in [21, 22].

He et al. (2008) [23] present a hierarchical model to compute the biometric sample quality at three levels: database, class and image quality levels. The method is based on the quantiles of genuine and impostor matching score distributions.

Zhang & Wang (2009) [6] present an asymmetry-based quality assessment method of face images. The method uses SIFT descriptor for quality assessment. The presented method has shown its robustness against illumination and pose variations. Another asymmetry-based method is presented in [24, 25].

Abed, Giot, Hemery, Charrier & Rosenberger (2011) [26] present a quality assessment method based on the use of two types of information: 1) image quality and 2) pattern-based quality using the SIFT descriptor. The presented metric has the advantages of being multimodal (face, fingerprint and hand veins), and independent from the used authentication system.

## **3.2. Usability**

According to ISO 13407:1999 (1999), usability is defined as "*The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use*".


We present in Section 3.2.1 the existing works related to performance (Efficiency and Effectiveness), whereas in Section 3.2.2 the acceptance and users' satisfaction aspect.

#### *3.2.1. Performance*

As shown in Section 2.5, biometric systems are subject to several kinds of errors. We present in this section an overview of the most used performance metrics [4, 28] in the literature, followed by a presentation of the existing evaluation competitions and platforms.

#### **3.2.1.1 Metrics**

8 New Trends and Developments in Biometrics

method is presented in [24, 25].

in [21, 22].

**3.2. Usability**

*specified context of use*".

*3.2.1. Performance*

have shown their efficiency in predicting the quality of fingerprints images. An example of these metrics is the NIST Fingerprint Image Quality metric (NFIQ) [20] proposed by the

Krichen et al. (2007) [5] present a probabilistic iris quality measure based on a Gaussian Mixture Model (GMM). The authors compared the efficiency of their metric with existing ones according two types of alterations (occlusions and blurring) which may significantly decrease the performance of iris recognition systems. Other iris quality metrics are presented

He et al. (2008) [23] present a hierarchical model to compute the biometric sample quality at three levels: database, class and image quality levels. The method is based on the quantiles

Zhang & Wang (2009) [6] present an asymmetry-based quality assessment method of face images. The method uses SIFT descriptor for quality assessment. The presented method has shown its robustness against illumination and pose variations. Another asymmetry-based

Abed, Giot, Hemery, Charrier & Rosenberger (2011) [26] present a quality assessment method based on the use of two types of information: 1) image quality and 2) pattern-based quality using the SIFT descriptor. The presented metric has the advantages of being multimodal (face, fingerprint and hand veins), and independent from the used authentication system.

According to ISO 13407:1999 (1999), usability is defined as "*The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a*

• Efficiency which means that users must be able to accomplish the tasks easily and in a

• Effectiveness which means that users are able to complete the desired tasks without too much effort. It is generally measured by common metrics including completion rate and

• User satisfaction which measures users' acceptance and satisfaction regarding the system. It is generally measured by studying several properties such as easiness to use, trust, *etc.*

We present in Section 3.2.1 the existing works related to performance (Efficiency and

As shown in Section 2.5, biometric systems are subject to several kinds of errors. We present in this section an overview of the most used performance metrics [4, 28] in the literature,

Effectiveness), whereas in Section 3.2.2 the acceptance and users' satisfaction aspect.

followed by a presentation of the existing evaluation competitions and platforms.

NIST. NFIQ metric is dedicated to fingerprint quality evaluation.

of genuine and impostor matching score distributions.

timely manner. It is generally measured as a task time.

number of errors such failure-to-enroll rate (FTE).

	- Failure-to-enroll rate (FTE): proportion of the user population for whom the biometric system fails to capture or extract usable information from the biometric sample.
	- Failure-to-acquire rate (FTA): proportion of verification or identification attempts for which a biometric system is unable to capture a sample or locate an image or signal of sufficient quality.
	- False-match-rate (FMR): the rate for incorrect positive matches by the matching algorithm for single template comparison attempts.
	- False-non-match rate (FNMR): the rate for incorrect negative matches by the matching algorithm for single template comparison attempts.

In addition to these error metrics, other performance metrics are used in order to ensure the operational use of biometric systems such as: 1) average enrollment time, 2) average verification time, 3) average and maximum template size and 4) maximum amount of memory allocated.

	- False rejection rate (FRR): proportion of authentic users that are incorrectly denied. If a verification transaction consists of a single attempt, the false reject rate would be given by:

$$FRR(\tau) = FTA + FNMR(\tau) \* (1 - FTA) \tag{1}$$

• False acceptation rate (FAR): proportion of impostors that are accepted by the biometric system. If a verification transaction consists of a single attempt, the false accept rate would be given by:

$$FAR(\pi) = FMR(\pi) \* (1 - FTA) \tag{2}$$

	- Identification rate (IR): the identification rate at rate *r* is defined as the proportion of identification transactions by users enrolled in the system in which the user's correct identifier is among those returned.

**Figure 9.** Example of a ROC curve: FAR against FRR.

• False-negative identification-error rate (FNIR): proportion of identification transactions by users enrolled in the system in which the user's correct identifier is not among those returned. For an identification transaction consisting of one attempt against a database of size *N*, it is defined as:

$$FNIR(\tau) = FTA + (1 - FTA) \* FNMR(\tau) \tag{3}$$

**3.2.1.2 Competitions**

1. Monomodal competitions

and ROC curves.

2. Multimodal competitions

modalities.

ROC curves and the FTA rate.

**3.2.1.3 Platforms**

Several biometric competitions are done in order to compare the performance of biometric systems and are divided into two categories: 1) monomodal and 2) multimodal competitions.

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 159

• Signature Verification Competition (SVC) [29]: It is a dynamic signature-based competition organized with the International Conference on Biometric Authentication

• Fingerpint Verification Competition (FVC): It consists of a series of fingerprint-based competitions (http://bias.csr.unibo.it/fvc2006/) organized in 2000, 2002, 2004 and 2006. The participants have tested their algorithms by providing both executables corresponding to the *enrollment* and *verification* phases. Four databases, three real and one synthetic using *SFinGe* software, are used during FVC2006 competition. Different performance metrics are used such as: the distribution of genuine and impostor scores, average and maximum template size, average enrollment and verification time, FTE

• Face Recognition Vendor Test (FRVT) and Iris Challenge Evaluation (ICE): both competitions were organized by the National Institute of Standards and Technology

• Speaker Recognition Evaluation (SRE): It consists of a series of voice-based competitions organized by the NIST (http://www.itl.nist.gov/iad/mig/tests/sre/).

• BioSecure Multimodal Evaluation Campaign (BMEC): It is a competition organized by BioSecure (http://biosecure.it-sudparis.eu) in 2007. The BioSecure multimodal database [30] is used within the competition. The used experimental protocol and

• Multiple Biometric Grand Challenge (MBGC) [32]: It is a multimodal competition organized by the NIST in 2009. The main goal of this competition is to enhance the performance of face and iris-based systems over several acquisition conditions. It also consists of evaluating multimodal algorithms (image and score levels) of both

• BioSecure Reference and Evaluation framework: BioSecure presents in [33] an evaluation framework based on open-source reference systems, publicly available databases, evaluation protocols and benchmarking results. The framework is available at http: //svnext.it-sudparis.eu/svnview2-eph/ref\_syst/ and has been used for the first time during the BioSecure Multimodal Evaluation Campaign (BMEC) in 2007. ROC curves

• GREYC-Keystroke: It is a keystroke-based evaluation platform [34] developed at the GREYC research laboratory. GREYC-Keystroke software is also used to create keystroke databases in order to compare keystroke dynamics algorithms in the literature. Several performance metrics are used such as: the distribution of genuine and impostor scores,

(ICBA) in 2004. The EER is used as a performance metric.

(NIST). The ROC curves are used as a performance metric.

the results are detailed by by Mayoue et al. (2009) [31].

and their corresponding EERs are used as a performance indicator.

• False-positive identification-error rate (FPIR): proportion of identification transactions by users not enrolled in the system, where an identifier is returned. For an identification transaction consisting of one attempt against a database of size *N*, it is defined as:

$$FPIR = (1 - FTA) \* (1 - (1 - FMR)^N) \tag{4}$$

• Cumulative match characteristic curve (CMC): graphical presentation of results of an identification task test, plotting rank values on the x-axis and the probability of correct identification at or below that rank on the y-axis. Examples of CMC curves are given in Figure 10.

**Figure 10.** Examples of CMC curves of three biometric systems.

#### **3.2.1.2 Competitions**

10 New Trends and Developments in Biometrics

**Figure 9.** Example of a ROC curve: FAR against FRR.

of size *N*, it is defined as:

is defined as:

in Figure 10.

**Figure 10.** Examples of CMC curves of three biometric systems.

• False-negative identification-error rate (FNIR): proportion of identification transactions by users enrolled in the system in which the user's correct identifier is not among those returned. For an identification transaction consisting of one attempt against a database

• False-positive identification-error rate (FPIR): proportion of identification transactions by users not enrolled in the system, where an identifier is returned. For an identification transaction consisting of one attempt against a database of size *N*, it

• Cumulative match characteristic curve (CMC): graphical presentation of results of an identification task test, plotting rank values on the x-axis and the probability of correct identification at or below that rank on the y-axis. Examples of CMC curves are given

*FNIR*(*τ*) = *FTA* + (1 − *FTA*) ∗ *FNMR*(*τ*) (3)

*FPIR* = (<sup>1</sup> − *FTA*) ∗ (<sup>1</sup> − (<sup>1</sup> − *FMR*)*N*) (4)

Several biometric competitions are done in order to compare the performance of biometric systems and are divided into two categories: 1) monomodal and 2) multimodal competitions.

	- Signature Verification Competition (SVC) [29]: It is a dynamic signature-based competition organized with the International Conference on Biometric Authentication (ICBA) in 2004. The EER is used as a performance metric.
	- Fingerpint Verification Competition (FVC): It consists of a series of fingerprint-based competitions (http://bias.csr.unibo.it/fvc2006/) organized in 2000, 2002, 2004 and 2006. The participants have tested their algorithms by providing both executables corresponding to the *enrollment* and *verification* phases. Four databases, three real and one synthetic using *SFinGe* software, are used during FVC2006 competition. Different performance metrics are used such as: the distribution of genuine and impostor scores, average and maximum template size, average enrollment and verification time, FTE and ROC curves.
	- Face Recognition Vendor Test (FRVT) and Iris Challenge Evaluation (ICE): both competitions were organized by the National Institute of Standards and Technology (NIST). The ROC curves are used as a performance metric.
	- Speaker Recognition Evaluation (SRE): It consists of a series of voice-based competitions organized by the NIST (http://www.itl.nist.gov/iad/mig/tests/sre/).
	- BioSecure Multimodal Evaluation Campaign (BMEC): It is a competition organized by BioSecure (http://biosecure.it-sudparis.eu) in 2007. The BioSecure multimodal database [30] is used within the competition. The used experimental protocol and the results are detailed by by Mayoue et al. (2009) [31].
	- Multiple Biometric Grand Challenge (MBGC) [32]: It is a multimodal competition organized by the NIST in 2009. The main goal of this competition is to enhance the performance of face and iris-based systems over several acquisition conditions. It also consists of evaluating multimodal algorithms (image and score levels) of both modalities.

#### **3.2.1.3 Platforms**


• Fingerprint Verification Competition-onGoing (FVC-onGoing): FVC-onGoing is an online fingerprint-based evaluation tool accessible at https://biolab.csr.unibo.it/FVCOnGoing. It is the evolution of the series of FVC competitions presented in the previous section. The used performance metrics are: acquisition errors (FTE and FTA), FNMR for a fixed FMR and vice-versa, average enrollment and verification time, maximum template size, genuine and impostor scores distribution, ROC curves and their corresponding EERs.

• Abed *et al.* [40] present a modality-independent evaluation methodology to study users' acceptance and satisfaction of biometric systems. It uses a survey questionnaire for data collection, and some data mining tools for their analysis. Three factors are identified as possible factors influencing respondents' acceptance and satisfaction: 1) the robustness of a systems against attacks, 2) its easiness to use and 3) the computation time during the verification phase. The authors then argue that even if the performance of a biometric system outperformed another one, it will not necessarily mean that it will be more

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 161

• Other studies presented in [41–48] have highlighted several points about biometric

include stalking or assaulting individuals to steal their biometric information. • Individuals complain that once the biometric template is stolen, it is compromised forever. There are also concerns about hygiene with touching such devices and health

As shown in Section 2.5, biometric systems present several drawbacks which may significantly decrease their use in a an accurate way. Therefore, it is important that biometric systems be designed to withstand the presented threats when employed in security-critical applications and to achieve an end to end security. Despite the vulnerabilities of biometric systems, few are the works exist in comparison to the performance and quality aspects. Here

The International Organization for Standardization ISO/IEC FCD 19792 [49] presents a list of several threats and vulnerabilities of biometric systems. The standard also addresses privacy concerns when dealing with biometric systems. The standard does not present a security evaluation of biometric systems. It aims to guide the evaluators by giving suggestions and

The Common Criteria Biometric Evaluation Working Group [50] presents a list of threats that

Dimitriadis & Polemi (2004) [51] present a security comparison study of several biometric technologies in order to be used as an access control system for stadiums. The presented method can be used easily in comparing biometric systems since it is a quantitative-based

Attack tree technique introduced by [52], provides a structure tree to conduct security analysis of protocols, applications and networks. However, attack trees are dependent from the intended system and its context of use. Therefore, it is infeasible to be used for a generic evaluation purpose. An example of its use for the security evaluation of fingerprint

risks for more advanced technologies such as iris or retina.

is an overview of the works related to the security issue of biometric systems.

recommendations that should be taken into account during the evaluation process.

may need to be considered when evaluating biometric systems.

recognition systems is presented by [53].

• Acceptance is linked to the number of uses of the biometrics in general, and information provided by the biometric device can also improve user acceptance. • There is a potential concern about the misuse of personal data (*i.e.*, templates) which is seen as violating users' privacy and civil liberties. Another important concern is the probability that criminals may perpetrate heinous acts to gain access. This could

operational or acceptable.

systems such as:

**3.3. Security**

method.

## *3.2.2. Users' acceptance and satisfaction*

Traditional evaluation methods have worked well to evaluate emerging technologies, new biometric modalities, and algorithm revisions. Many databases have been collected (such as ENSIB face database [35]), many competitions and platforms have been proposed whose objective is mainly to compare enrollment and verification/identification algorithms in the literature. Many metrics have been defined by the International Organization for Standardization ISO/IEC 19795-1 (2006) [4] in terms of error computations, time computation, memory allocations, *etc*. These statistical measures allow in general a precise performance characterization of a biometric system. Nevertheless, these works are dedicated to quantify the system performance (algorithms, processing time, *etc.*) without taking into account user' view within the evaluation process. However, the biometric process is considered as a two-way interaction, between the user and the system. Therefore, taking into account user's view when designing biometric systems is considered as a crucial requirement to the widespread of use of this technology.

According to Smith (2003) [36], some members of the human-computer interaction (HCI) community believe that interfaces of security systems do not reflect good thinking in terms of creating a system that is easy to use, while maintaining an acceptable level of security. Nowadays, several studies have been done to quantify users' acceptability and satisfaction of biometric systems such as:

	- Acceptance is linked to the number of uses of the biometrics in general, and information provided by the biometric device can also improve user acceptance.
	- There is a potential concern about the misuse of personal data (*i.e.*, templates) which is seen as violating users' privacy and civil liberties. Another important concern is the probability that criminals may perpetrate heinous acts to gain access. This could include stalking or assaulting individuals to steal their biometric information.
	- Individuals complain that once the biometric template is stolen, it is compromised forever. There are also concerns about hygiene with touching such devices and health risks for more advanced technologies such as iris or retina.

## **3.3. Security**

12 New Trends and Developments in Biometrics

*3.2.2. Users' acceptance and satisfaction*

to the widespread of use of this technology.

biometric systems such as:

details).

• Fingerprint Verification Competition-onGoing (FVC-onGoing): FVC-onGoing is an online fingerprint-based evaluation tool accessible at https://biolab.csr.unibo.it/FVCOnGoing. It is the evolution of the series of FVC competitions presented in the previous section. The used performance metrics are: acquisition errors (FTE and FTA), FNMR for a fixed FMR and vice-versa, average enrollment and verification time, maximum template size, genuine and impostor scores distribution, ROC curves and their corresponding EERs.

Traditional evaluation methods have worked well to evaluate emerging technologies, new biometric modalities, and algorithm revisions. Many databases have been collected (such as ENSIB face database [35]), many competitions and platforms have been proposed whose objective is mainly to compare enrollment and verification/identification algorithms in the literature. Many metrics have been defined by the International Organization for Standardization ISO/IEC 19795-1 (2006) [4] in terms of error computations, time computation, memory allocations, *etc*. These statistical measures allow in general a precise performance characterization of a biometric system. Nevertheless, these works are dedicated to quantify the system performance (algorithms, processing time, *etc.*) without taking into account user' view within the evaluation process. However, the biometric process is considered as a two-way interaction, between the user and the system. Therefore, taking into account user's view when designing biometric systems is considered as a crucial requirement

According to Smith (2003) [36], some members of the human-computer interaction (HCI) community believe that interfaces of security systems do not reflect good thinking in terms of creating a system that is easy to use, while maintaining an acceptable level of security. Nowadays, several studies have been done to quantify users' acceptability and satisfaction of

• The Opinion Research Corporation International ORC (2002) [37] presents the results of a phone survey conducted on 2001 and 2002. The survey has been conducted among national probability samples of 1017 and 1046 adults, respectively, living in United States. The 2001 study showed that 77% of individuals feel that finger-imaging protects individuals against fraud. For privacy issues, 87% in 2001 and 88% in 2002 are worried for the misuse of personal information. The study indicates a good percentage of acceptance, more than 75%, for U.S. law enforcement authorities requiring fingerprint scans to verify identity for passports, at airport check-ins and to obtain a driver license (see [37] for more

• The National Institute of Standards and Technology (NIST) has performed a usability test on fingerprints [38]. The survey was conducted on 300 adults recruited from a pool of 10,000 people. There were 151 women and 149 men ranging in ages from 18 to over 65 years. 77% of participants were in favor to provide fingerprint images as a mean of establishing identity for passport purposes. 2% of participants have expressed concerns about the cleanliness of the devices with which they would have physical contact. Another study has been done by NIST to examine the impact on fingerprint capture performance of angling the fingerprint scanners (flat, 10, 20 and 30 degrees) on the existing counter

heights (99, 114.3 and 124.5 cm) is presented in in Theofanos et al. (2008) [39].

As shown in Section 2.5, biometric systems present several drawbacks which may significantly decrease their use in a an accurate way. Therefore, it is important that biometric systems be designed to withstand the presented threats when employed in security-critical applications and to achieve an end to end security. Despite the vulnerabilities of biometric systems, few are the works exist in comparison to the performance and quality aspects. Here is an overview of the works related to the security issue of biometric systems.

The International Organization for Standardization ISO/IEC FCD 19792 [49] presents a list of several threats and vulnerabilities of biometric systems. The standard also addresses privacy concerns when dealing with biometric systems. The standard does not present a security evaluation of biometric systems. It aims to guide the evaluators by giving suggestions and recommendations that should be taken into account during the evaluation process.

The Common Criteria Biometric Evaluation Working Group [50] presents a list of threats that may need to be considered when evaluating biometric systems.

Dimitriadis & Polemi (2004) [51] present a security comparison study of several biometric technologies in order to be used as an access control system for stadiums. The presented method can be used easily in comparing biometric systems since it is a quantitative-based method.

Attack tree technique introduced by [52], provides a structure tree to conduct security analysis of protocols, applications and networks. However, attack trees are dependent from the intended system and its context of use. Therefore, it is infeasible to be used for a generic evaluation purpose. An example of its use for the security evaluation of fingerprint recognition systems is presented by [53].

Matyás & Ríha (2002) [54] propose a security classification of biometric systems. Their proposal classifies biometric systems into four categories according to their security level. However, their model could not be considered as discriminative to compare the security level of biometric systems.

works aim to present a better recognition algorithm in terms of performance (*e.g.*, using the EER) without taking into account the other evaluation aspects in terms of data quality, users' acceptance and security. From the presented evaluation works, we can put into obvious these

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 163

• For the quality aspect, we see that most of the existing quality metrics are modality-dependent (such as NFIQ metric). A step forward is presented by Abed *et al.* which present a multimodal quality metric to evaluate the quality of biometric raw data. However, the presented quality metric do not detect luminance alteration which is considered as an important alteration especially in a facial-based modality. In addition, we believe that more works are required to be done in this evaluation aspect to ensure the accuracy of applications using **only one** biometric information as a reference (*e.g.*, one

• For the security aspect, we see also that most of the existing works aim to present scenarios of attacks (such as hill-climbing attacks) on biometric systems. Few are the works dedicated to the security evaluation of such systems. We believe that more works should be done in this research area in order to ensure the accuracy of biometric systems.

Finally, we believe that taking into account simultaneously the presented evaluation aspects is important when evaluating and comparing biometric systems. In other words, a biometric systems providing 0% errors but not easy to use is not really important (such as DNA-based

In this section, we present some future trends in biometrics research field. We focus only on

In order to increase the performance of biometric systems, it is possible to combine different information for the decision making [56]. Different alternatives are available such as combining two different biometric systems (*e.g.*, face and fingerprint), using two sensors of the same modality (optical and sweeping fingerprint sensors), using two different algorithms given a single capture, exploiting different representations of a single biometric modality (2D and 3D face information) . . . Of course, the combination of the decision results given by these multiple biometric sensors can be realized by different techniques from the easiest way based on a logical combination (conjunction) to more complicated methods such as those based on

Even if the global performance of multi-modal biometric systems is improved, two main drawbacks make this solution rarely used in our daily life. The first one is due to the cost that is, of course, increased as many sensors are necessary. The second one concerns the

usability for users that have to make many operations to be authenticated.

points:

facial image in e-passport).

authentication systems).

those related to the evaluation of biometric systems.

**4.1. Evaluation of multimodal-based biometric systems**

**4. Future trends**

fuzzy logic [57].

Abed et al. (2012) [55] present an on-line platform (*Security EvaBio*) to the security evaluation of biometric systems available at: http://www.epaymentbiometrics.ensicaen.fr/ securityEvaBio/. A snapshot of the on-line platform is given in Figure 11. The platform implements a quantitative-based security assessment method based on the notion of risk factors, to allow easily the evaluation and comparison of biometric systems. It also contains a database of common threats and vulnerabilities of biometric systems which may be used by other researchers to quantify their developed systems in a quantitative or qualitative way.

**Figure 11.** A snapshot of the Security EvaBio platform [55] developed at the GREYC research laboratory.

#### **3.4. Discussion**

Biometric systems are shown as a promising solution to authenticate individuals. However, their proliferation is not as much as attended. In this chapter, we see that biometric technology presents several drawbacks which may decrease their widespread of use in real life applications. Therefore, the evaluation of such systems is considered as a key challenge in this research field. Despite this, few are the works that address the evaluation aspects in comparison to recognition algorithms. More generally speaking, most of the existing works aim to present a better recognition algorithm in terms of performance (*e.g.*, using the EER) without taking into account the other evaluation aspects in terms of data quality, users' acceptance and security. From the presented evaluation works, we can put into obvious these points:


Finally, we believe that taking into account simultaneously the presented evaluation aspects is important when evaluating and comparing biometric systems. In other words, a biometric systems providing 0% errors but not easy to use is not really important (such as DNA-based authentication systems).

## **4. Future trends**

14 New Trends and Developments in Biometrics

level of biometric systems.

**3.4. Discussion**

Matyás & Ríha (2002) [54] propose a security classification of biometric systems. Their proposal classifies biometric systems into four categories according to their security level. However, their model could not be considered as discriminative to compare the security

Abed et al. (2012) [55] present an on-line platform (*Security EvaBio*) to the security evaluation of biometric systems available at: http://www.epaymentbiometrics.ensicaen.fr/ securityEvaBio/. A snapshot of the on-line platform is given in Figure 11. The platform implements a quantitative-based security assessment method based on the notion of risk factors, to allow easily the evaluation and comparison of biometric systems. It also contains a database of common threats and vulnerabilities of biometric systems which may be used by other researchers to quantify their developed systems in a quantitative or qualitative way.

**Figure 11.** A snapshot of the Security EvaBio platform [55] developed at the GREYC research laboratory.

Biometric systems are shown as a promising solution to authenticate individuals. However, their proliferation is not as much as attended. In this chapter, we see that biometric technology presents several drawbacks which may decrease their widespread of use in real life applications. Therefore, the evaluation of such systems is considered as a key challenge in this research field. Despite this, few are the works that address the evaluation aspects in comparison to recognition algorithms. More generally speaking, most of the existing In this section, we present some future trends in biometrics research field. We focus only on those related to the evaluation of biometric systems.

## **4.1. Evaluation of multimodal-based biometric systems**

In order to increase the performance of biometric systems, it is possible to combine different information for the decision making [56]. Different alternatives are available such as combining two different biometric systems (*e.g.*, face and fingerprint), using two sensors of the same modality (optical and sweeping fingerprint sensors), using two different algorithms given a single capture, exploiting different representations of a single biometric modality (2D and 3D face information) . . . Of course, the combination of the decision results given by these multiple biometric sensors can be realized by different techniques from the easiest way based on a logical combination (conjunction) to more complicated methods such as those based on fuzzy logic [57].

Even if the global performance of multi-modal biometric systems is improved, two main drawbacks make this solution rarely used in our daily life. The first one is due to the cost that is, of course, increased as many sensors are necessary. The second one concerns the usability for users that have to make many operations to be authenticated.

## **4.2. Evaluation of privacy by design biometric systems**

One of the main drawbacks of biometrics is the impossibility to revoke the biometric data of a user if they are compromised [58]. Another problem, which is related to the acceptance by the users, is the respect of privacy: how can people be sure that their personal data collected during the enrollment will not be stolen or diverted and used for other purposes?

**Acknowledgment**

**Author details** Mohamad El-Abed1,

**References**

Christophe Charrier2 and Christophe Rosenberger<sup>2</sup>

2 Université de Caen Basse-Normandie, Caen, France

this work.

The authors would like to thank the French Research Ministry for their financial support of

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 165

1 College of Science & Information Systems, Rafic Hariri University, Meshref Lebanon

[2] Women clerks –california–los angeles county. digital2.library.ucla.edu, 1928.

*Encyclopedia of Information Science and Technology*, pages 346–354, 2008.

reporting – part 1: Principles and framework, 2006.

volume 5876, pages 499–508, 2009.

*Man, and Cybernetics*, 40:539–554, 2010.

Springer-Verlag, 2003.

*Theory, Applications and Systems (BTAS)*, pages 1–6, 2007.

*Advanced Applications*, volume 31, pages 289–306, 2000.

[1] A. K. Jain, S. Pankanti, S. Prabhakar, L. Hong, and A. Ross. Biometrics: A grand challenge. *International Conference on Pattern Recognition (ICPR)*, 2:935–942, 2004.

[3] J. Mahier, M. Pasquet, C. Rosenberger, and F. Cuozzo. Biometric authentication.

[4] ISO/IEC 19795-1. Information technology – biometric performance testing and

[5] E. Krichen, S. Garcia Salicetti, and B. Dorizzi. A new probabilistic iris quality measure for comprehensive noise detection. In *IEEE Third International Conference on Biometrics :*

[6] G. Zhang and Y. Wang. Asymmetry-based quality assessment of face images. In *Proceedings of the 5th International Symposium on Advances in Visual Computing (ISVC)*,

[7] N. Poh, J.V. Kittler, and T. Bourlai. Quality-based score normalization with device qualitative information for multimodal biometric fusion. *IEEE Transactions on Systems,*

[8] N. K. Ratha, J. H. Connell, and R. M. Bolle. An analysis of minutiae matching strength. In *Audio- and Video-Based Biometric Person Authentication*, pages 223–228, 2001.

[9] T. V. der Putte and J. Keuning. Biometrical fingerprint recognition: Don't get your fingers burned. In *Proceedings of the Fourth Working Conference on Smart Card Research and*

[10] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar. *Handbook of Fingerprint Recognition*.

Over the last decade, a new innovative research field has emerged, trying to protect biometric templates. Nowadays, several protection schemes exist, but unfortunately not yet mature for large scale deployment. Examples of such schemes are fuzzy commitment [59], fuzzy vault scheme [60], and the BioHashing principle presented in several works by [61] and [62].

## **4.3. Quality assessment of 3D-based face data**

In comparison to the 2D-based face recognition, 3D technology is considered as a promising solution to enhance the performance of biometric systems [63]. We believe also that this technology is an efficient solution to detect type-1 fakes (*e.g.*, presentation of a face image of good quality to the sensor). Moreover, quality assessment is required nowadays especially after the growing of this technology (such as 3D films like Avatar, *etc.*).

Despite the advantages of 3D technology in comparison to the 2D, none of the works exist to assess the quality of 3D biometric raw data. In addition, very few are the works addressing the quality assessment of 3D images/videos content. We can cite paired comparison is one of the standardized test methodologies toward the quality assessment of 3D images/videos. We can cite also a recent method toward the 3D quality assessment presented by [64].

## **5. Conclusion**

Biometric systems are increasingly used in our daily life to manage the access of several resources. Several biometric technologies exist toward this goal, going from physiological-based features (such as face) to behavioral-based features (such as keystroke dynamics). However, a key issue to be considered is the evaluation of such systems. This is mainly important to ensure efficient biometric systems that respect the privacy of an individual, and to permit a good usability. In this chapter, we have presented an overview of the existing evaluation aspects of biometric systems based on: 1) **Data quality** which ensures that the quality of the acquired biometric raw data is of sufficient quality. This is mainly important for applications using only one biometric information as a reference (*e.g.*, e-passport); 2) **Usability** which ensures the operational use of the biometric system in terms of users' acceptability and satisfaction; and 3) **Security** which ensures the use of the system in an accurate way by avoiding well known attacks (such as a dummy finger). We have seen in this chapter the limitations of biometric systems, which constitute a main drawback to its proliferation. We have seen also that the existing evaluation works related to the data quality and security aspects are very few in comparison to the performance ones. Therefore, it is important to take more attention to these both evaluation aspects (data quality and security). Finally, we believe that the three evaluation aspects should be take into account simultaneously when evaluating and comparing biometric systems.

## **Acknowledgment**

16 New Trends and Developments in Biometrics

**5. Conclusion**

**4.2. Evaluation of privacy by design biometric systems**

**4.3. Quality assessment of 3D-based face data**

after the growing of this technology (such as 3D films like Avatar, *etc.*).

simultaneously when evaluating and comparing biometric systems.

One of the main drawbacks of biometrics is the impossibility to revoke the biometric data of a user if they are compromised [58]. Another problem, which is related to the acceptance by the users, is the respect of privacy: how can people be sure that their personal data collected

Over the last decade, a new innovative research field has emerged, trying to protect biometric templates. Nowadays, several protection schemes exist, but unfortunately not yet mature for large scale deployment. Examples of such schemes are fuzzy commitment [59], fuzzy vault scheme [60], and the BioHashing principle presented in several works by [61] and [62].

In comparison to the 2D-based face recognition, 3D technology is considered as a promising solution to enhance the performance of biometric systems [63]. We believe also that this technology is an efficient solution to detect type-1 fakes (*e.g.*, presentation of a face image of good quality to the sensor). Moreover, quality assessment is required nowadays especially

Despite the advantages of 3D technology in comparison to the 2D, none of the works exist to assess the quality of 3D biometric raw data. In addition, very few are the works addressing the quality assessment of 3D images/videos content. We can cite paired comparison is one of the standardized test methodologies toward the quality assessment of 3D images/videos. We can cite also a recent method toward the 3D quality assessment presented by [64].

Biometric systems are increasingly used in our daily life to manage the access of several resources. Several biometric technologies exist toward this goal, going from physiological-based features (such as face) to behavioral-based features (such as keystroke dynamics). However, a key issue to be considered is the evaluation of such systems. This is mainly important to ensure efficient biometric systems that respect the privacy of an individual, and to permit a good usability. In this chapter, we have presented an overview of the existing evaluation aspects of biometric systems based on: 1) **Data quality** which ensures that the quality of the acquired biometric raw data is of sufficient quality. This is mainly important for applications using only one biometric information as a reference (*e.g.*, e-passport); 2) **Usability** which ensures the operational use of the biometric system in terms of users' acceptability and satisfaction; and 3) **Security** which ensures the use of the system in an accurate way by avoiding well known attacks (such as a dummy finger). We have seen in this chapter the limitations of biometric systems, which constitute a main drawback to its proliferation. We have seen also that the existing evaluation works related to the data quality and security aspects are very few in comparison to the performance ones. Therefore, it is important to take more attention to these both evaluation aspects (data quality and security). Finally, we believe that the three evaluation aspects should be take into account

during the enrollment will not be stolen or diverted and used for other purposes?

The authors would like to thank the French Research Ministry for their financial support of this work.

## **Author details**

Mohamad El-Abed1, Christophe Charrier2 and Christophe Rosenberger<sup>2</sup>

1 College of Science & Information Systems, Rafic Hariri University, Meshref Lebanon 2 Université de Caen Basse-Normandie, Caen, France

## **References**


[11] U. Uludag and A. K. Jain. Attacks on biometric systems: A case study in fingerprints. In *Proc. SPIE-EI 2004, Security, Seganography and Watermarking of Multimedia Contents VI*, volume 5306, pages 622–633, 2004.

[25] J. Sang, Z. Lei, and S. Z. Li. Face image quality evaluation for ISO/IEC standards 19794-5 and 29794-5. In *Proceedings of the Third International Conference on Advances in Biometrics*

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 167

[26] M. El Abed, R. Giot, B. Hemery, C. Charrier, and C. Rosenberger. A SVM-based model for the evaluation of biometric sample quality. In *IEEE International Workshop on Computational Intelligence in Biometrics and Identity Management*, pages 115–122, 2011.

[28] James P. Egan. Signal detection theory and ROC-analysis. by Academic Press, New

[29] D.Y. Yeung, H. Chang, Y.M. Xiong, S. George, R. Kashi, T. Matsumoto, and G. Rigoll. SVC2004: First International Signature Verification Competition. In *International*

[30] BIOSECURE. Biosecure Multimodal Biometric Database. http://www.biosecure.info/,

[31] A. Mayoue, B. Dorizzi, L. Allano, G. Chollet, J. Hennebert, D. Petrovska-Delacrétaz, and F. Verdet. *Guide to biometric reference systems and performance evaluation*, chapter The BioSecure multimodal evaluation campaign 2007 (BMEC'2007), pages 327–372. 2009.

[32] P. J. Phillips, P. J. Flynn, J. R. Beveridge, W. T. Scruggs, A. J. O'Toole, D. S. Bolme, K. W. Bowyer, B. A. Draper, G. H. Givens, Y. M. Lui, H. Sahibzada, J. A. Scallan, and S. Weimer. Overview of the multiple biometrics grand challenge. In *International Conference on*

[33] D. Petrovska and A. Mayoue. Description and documentation of the biosecure software

[34] R. Giot, M. El Abed, and C. Rosenberger. Greyc keystroke : a benchmark for keystroke dynamics biometric systems. In *IEEE Third International Conference on Biometrics : Theory,*

[35] B. Hemery, C. Rosenberger, and H. Laurent. The ENSIB database : a benchmark for face recognition. In *International Symposium on Signal Processing and its Applications (ISSPA), special session "Performance Evaluation and Benchmarking of Image and Video Processing"*,

[36] S. Smith. Humans in the loop: Human computer interaction and security. *IEEE Security*

[37] ORC. Public Attitudes Toward the Uses of Biometric Identification Technologiesby Government and the Private Sector. Technical report, Opinion Research Corporation

[27] ISO 13407:1999. Human centred design process for interactive systems, 1999.

*Conference on Biometric Authentication (ICBA'04)*, pages 16 – 22, 2004.

*Biometrics (ICB'09)*, pages 705 – 714, 2009.

library. Technical report, BioSecure, 2007.

*Applications and Systems (BTAS)*, pages 1–6, 2009.

*(ICB)*, pages 229–238, 2009.

York, 1975.

2008.

2007.

*& Privacy*, 3:75–79, 2003.

International (ORC), 2002.


1094–1105, 2010.

group 3, 2006.

volume 5306, pages 622–633, 2004.

*and Security*, 4(4):849–866, 2009.

[11] U. Uludag and A. K. Jain. Attacks on biometric systems: A case study in fingerprints. In *Proc. SPIE-EI 2004, Security, Seganography and Watermarking of Multimedia Contents VI*,

[12] N. Poh, T. Bourlai, and J. Kittler. A multimodal biometric test bed for quality-dependent, cost-sensitive and client-specific score-level fusion algorithms. *Pattern Recognition*, pages

[13] N. Poh, T. Bourlai, J. Kittler, L. Allano, F. Alonso-Fernandez, O. Ambekar, J. Baker, B. Dorizzi, O. Fatukasi, J. Fierrez, H. Ganster, J. Ortega-Garcia, D. Maurer, A. A. Salah, T. Scheidat, and C. Vielhauer. Benchmarking quality-dependent and cost-sensitive score-level multimodal biometric fusion algorithms. *Transactions on Information Forensics*

[14] ISO/IEC 29794-1. Biometric quality framework standard, first ed. jtc1/sc37/working

[15] P. Grother and E. Tabassi. Performance of biometric quality measures. *IEEE Transactions*

[16] F. Alonso-Fernandez, J. Fierrez, J. Ortega-Garcia, J. Gonzalez-Rodriguez, H. Fronthaler, K. Kollreider, and J. Bigun. A comparative study of fingerprint image-quality estimation methods. *IEEE Transactions on Information Forensics and Security*, 2:734–743, 2007.

[17] L. Shen, A. C. Kot, and W. M. Koo. Quality measures of fingerprint images. In *Proceedings of the 3rd International Conference on Audio- and Video-Based Biometric Person*

[18] Y. Chen, S. C. Dass, and A. K. Jain. Fingerprint quality indices for predicting authentication performance. In *5th International Conference Audio- and Video-Based*

[19] S. Lee, C. Lee, and J. Kim. Model-based quality estimation of fingerprint images. In *IAPR/IEEE International Conference on Biometrics (ICB'06)*, pages 229–235, 2006.

[20] E. Tabassi and C.L. Wilson. A novel approach to fingerprint image quality. In

[21] Y. Chen, S.C. Dass, and A.K. Jain. Localized iris image quality using 2-d wavelets. In

[22] N. D. Kalka, J. Zuo, N. A. Schmid, and B. Cukic. Image quality assessment for iris

[23] Q. He, Z.A. Sun, T.N. Tan, and Y. Zou. A hierarchical model for the evaluation of biometric sample quality. In *International Conference on Pattern Recognition (ICPR)*, pages

[24] X.F. Gao, S.Z. Li, R. Liu, and P.R. Zhang. Standardization of face image sample quality.

In *International Conference on Biometrics (ICB'07)*, pages 242–251, 2007.

*Biometric Person Authentication (AVBPA)*, volume 3546, pages 160–170, 2005.

*International Conference on Image Processing (ICIP)*, pages 37–40, 2005.

*on Pattern Analysis and Machine Intelligence*, 29:531–543, 2007.

*Authentication (AVBPA)*, pages 266–271, 2001.

*International Conference on Biometrics (ICB)*, 2006.

biometric. In *Proc. SPIE 6202*, 2006.

1–4, 2008.


[38] M. Theofanos, B. Stanton, S. Orandi, R. Micheals, and N.F. Zhang. Usability testing of ten-print fingerprint capture. Technical report, National Institute of Standards and Technology (NIST), 2007.

[53] O. Henniger, D. Scheuermann, and T. Kniess. On security evaluation of fingerprint recognition systems. In *Internation Biometric Performance Testing Conference (IBPC)*, pages

Evaluation of Biometric Systems http://dx.doi.org/10.5772/52084 169

[54] V. Matyás and Z. Ríha. Biometric authentication - security and usability. In *Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia*

[55] M. El Abed, P. Lacharme, and C. Rosenberger. Security evabio: An analysis tool for the security evaluation of biometric authentication systems. In *the 5th IAPR/IEEE*

[56] A. Ross, K. Nandakumar, , and A.K. Jain. *Handbook of Multibiometrics*. Springer, 2006.

[57] A. Azzini, S. Marrara, R. Sassi, and F. Scotti. A fuzzy approach to multimodal biometric authentication. In *Knowledge-Based Intelligent Information and Engineering*

[58] A. K. Jain, K. Nandakumar, and A. Nagar. Biometric template security. *EURASIP Journal*

[59] A. Juels and M. Wattenberg. A fuzzy commitment scheme. In *ACM Conference on*

[60] A. Juels and M. Sudan. A fuzzy vault scheme. In *IEEE International Symposium on*

[61] A. Goh and C. Ngo. *Computation of Cryptographic Keys from Face Biometrics*. Lecture

[62] R. Belguechi, C. Rosenberger, and S.A. Aoudia. Biohashing for securing minutia template. In *Proceedings of the 20th International Conference on Pattern Recognition*

[63] S. Berretti, A. D. Bimbo, P. Pala, B. B. Amor, and M. Daoudi. A set of selected sift features for 3D facial expression recognition. In *Proceedings of the 20th International Conference on*

[64] J. Lee, L. Goldman, and T. Ebrahimi. A new analysis method for paired comparison and its application to 3d quality assessment. In *Proceedings of the 19th ACM International*

*International Conference on Biometrics (ICB)*, pages 1–6, 2012.

1–10, 2010.

*Security*, pages 227–239, 2002.

*Systems*, number 8, pages 801–808, 2007.

*Information Theory*, pages 237–257, 2001.

*(ICPR'10)*, pages 1168–1171, 2010.

*on Advances in Signal Processing*, 2008:1–17, 2007.

Notes in Computer Science. Springer, Berlin, 2003.

*Pattern Recognition (ICPR)*, pages 4125–4128, 2010.

*Conference on Multimedia*, pages 1281–1284, 2011.

*Computer and Communication Security*, pages 28–36, 1999.


[53] O. Henniger, D. Scheuermann, and T. Kniess. On security evaluation of fingerprint recognition systems. In *Internation Biometric Performance Testing Conference (IBPC)*, pages 1–10, 2010.

20 New Trends and Developments in Biometrics

Technology (NIST), 2007.

pages 1–26, 2011.

91–98, 2007.

pages 172–179, 2009.

of biometrics, 2008.

*Technology (ICCST)*, pages 170–178, 2010.

volume 1, pages 753–761, 2004.

[38] M. Theofanos, B. Stanton, S. Orandi, R. Micheals, and N.F. Zhang. Usability testing of ten-print fingerprint capture. Technical report, National Institute of Standards and

[39] M. Theofanos, B. Stanton, C. Sheppard, R. Micheals, N. Zhang, J. Wydler, L. Nadel, and W. Rubin. Usability testing of height and angles of ten-print fingerprint capture.

[40] M. El Abed, R. Giot, B. Hemery, and C. Rosenberger. Evaluation of biometric systems: A study of users' acceptance and satisfaction. *Inderscience International Journal of Biometrics*,

[41] F. Deane, K. Barrelle, R. Henderson, and D. Mahar. Perceived acceptability of biometric

[42] L. Coventry, A. De Angeli, and G. Johnson. Honest it's me! self service verification. In *The ACM Conference on Human Factors in Computing Systems (CHI)*, pages 1–4, 2003.

[43] J. Moody. Public perceptions of biometric devices: The effect of misinformation on acceptance and use. In *the Informing Science and Information Technology Education*,

[44] L. A. Jones, A. I. Antón, and J. B. Earp. Towards understanding user perceptions of authentication technologies. In *ACM Workshop on Privacy in the Electronic Society*, pages

[45] S. J. Elliott, S. A. Massie, and M. J. Sutton. The perception of biometric technology: A

[46] A. P. Pons and P. Polak. Understanding user perspectives on biometric technology. *Communications of the Association for Computing Machinery (ACM)*, 51(9):115–118, 2008.

[47] R. Giot, M. El Abed, and C. Rosenberger. Keystroke dynamics authentication for collaborative systems. *Collaborative Technologies and Systems, International Symposium*,

[48] M. El Abed, R. Giot, B. Hemery, and C. Rosenberger. A study of users' acceptance and satisfaction of biometric systems. In *International Carnahan Conference on Security*

[49] ISO/IEC FCD 19792. Information technology – security techniques – security evaluation

[50] Common criteria for information technology security evaluation. Technical report, 1999.

[51] C. Dimitriadis and D. Polemi. Application of multi-criteria analysis for the creation of a risk assessment knowledgebase for biometric systems. In *international conference on*

*biometric authentication (ICB)*, volume 3072, pages 724–730, 2004.

[52] B. Schneier. Attack trees. *Dr. Dobb's Journ. of Softw. Tools*, 1999.

survey. *Automatic Identification Advanced Technologies*, pages 259–264, 2007.

security systems. *Computers & Security*, 14:225–231, 1995.

Technical report, National Institute of Standards and Technology (NIST), 2008.


**Section 3**

**Security and Template Protection**

**Security and Template Protection**

**Chapter 8**

**Provisional chapter**

**Multi-Biometric Template Protection:**

**Multi-Biometric Template Protection:**

The term biometrics refers to "automated recognition of individuals based on their behavioral and biological characteristics" (ISO/IEC JTC1 SC37). Several physiological (static) as well as behavioral (non-static) biometric characteristics have been exploited [1] such as fingerprints, iris, face, hand, voice, gait, keystroke dynamics, etc., depending on distinct types of applications (see Figure 1). Biometric traits are acquired applying adequate sensors and distinctive feature extractors are utilized in order to generate a biometric template (reference data) in the enrollment process. During verification (authentication process) or identification (identification can be handled as a sequence of biometric comparisons against the enrollment records in a reference databse) the system processes another biometric measurement from which an according template is extracted and compared against the stored template(s)

The presented work is motivated by very recent advances in the fields of *multi-biometric recognition* [2] and *biometric template protection* [3]. Automatic recognition systems based on a single biometric indicator often have to contend with unacceptable error rates [4]. Multi-biometric systems have improved the accuracy and reliability of biometric systems [2]. Biometric vendors are already deploying multi-biometric systems (e.g. fingerprint and finger vein by SAFRAN Morpho1) and multi-biometric recognition is performed on large-scale datasets (e.g. within the Aadhaar project [5] by the Unique Identification Authority of India (UIDAI)). However, security of multi-biometric templates is especially crucial as they contain information regarding multiple traits of the same subject [6]. The leakage of any kind of template information to unauthorized individuals constitutes serious security and privacy risks, e.g. permanent tracking of subjects without consent [7] or reconstruction of original biometric traits (e.g. fingerprints [8] or iris textures [9]) might become a realistic threat. Therefore, biometric template protection technologies have been developed in order to protect privacy and integrity of stored biometric data. However, so far, template protection schemes which provide provable security/ privacy, and achieve practical recognition rates

> ©2012 Rathgeb and Busch, licensee InTech. This is an open access chapter distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. © 2012 Rathgeb and Busch; licensee InTech. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

© 2012 Rathgeb and Busch; licensee InTech. This is a paper distributed under the terms of the Creative Commons

**Issues and Challenges**

**Issues and Challenges**

Christian Rathgeb and Christoph Busch

http://dx.doi.org/10.5772/52152

**1. Introduction**

Christian Rathgeb and Christoph Busch

Additional information is available at the end of the chapter

yielding acceptance/ rejection or hit/ no-hit, respectively.

<sup>1</sup> SAFRAN Morpho, France, http://www.morpho.com/

Additional information is available at the end of the chapter

**Provisional chapter**

## **Multi-Biometric Template Protection: Issues and Challenges Multi-Biometric Template Protection: Issues and Challenges**

Christian Rathgeb and Christoph Busch Christian Rathgeb and Christoph Busch

Additional information is available at the end of the chapter Additional information is available at the end of the chapter

http://dx.doi.org/10.5772/52152

## **1. Introduction**

The term biometrics refers to "automated recognition of individuals based on their behavioral and biological characteristics" (ISO/IEC JTC1 SC37). Several physiological (static) as well as behavioral (non-static) biometric characteristics have been exploited [1] such as fingerprints, iris, face, hand, voice, gait, keystroke dynamics, etc., depending on distinct types of applications (see Figure 1). Biometric traits are acquired applying adequate sensors and distinctive feature extractors are utilized in order to generate a biometric template (reference data) in the enrollment process. During verification (authentication process) or identification (identification can be handled as a sequence of biometric comparisons against the enrollment records in a reference databse) the system processes another biometric measurement from which an according template is extracted and compared against the stored template(s) yielding acceptance/ rejection or hit/ no-hit, respectively.

The presented work is motivated by very recent advances in the fields of *multi-biometric recognition* [2] and *biometric template protection* [3]. Automatic recognition systems based on a single biometric indicator often have to contend with unacceptable error rates [4]. Multi-biometric systems have improved the accuracy and reliability of biometric systems [2]. Biometric vendors are already deploying multi-biometric systems (e.g. fingerprint and finger vein by SAFRAN Morpho1) and multi-biometric recognition is performed on large-scale datasets (e.g. within the Aadhaar project [5] by the Unique Identification Authority of India (UIDAI)). However, security of multi-biometric templates is especially crucial as they contain information regarding multiple traits of the same subject [6]. The leakage of any kind of template information to unauthorized individuals constitutes serious security and privacy risks, e.g. permanent tracking of subjects without consent [7] or reconstruction of original biometric traits (e.g. fingerprints [8] or iris textures [9]) might become a realistic threat. Therefore, biometric template protection technologies have been developed in order to protect privacy and integrity of stored biometric data. However, so far, template protection schemes which provide provable security/ privacy, and achieve practical recognition rates

<sup>1</sup> SAFRAN Morpho, France, http://www.morpho.com/

Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. © 2012 Rathgeb and Busch; licensee InTech. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. © 2012 Rathgeb and Busch; licensee InTech. This is a paper distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

©2012 Rathgeb and Busch, licensee InTech. This is an open access chapter distributed under the terms of the

Feature Extraction

Biometric Input

Biometric Input

**2.2. Advantages**

features, fusion type, etc.

**2.3. Issues**

Feature Extraction

(a) Feature Level

(convenience) of the entire system [2].

Templates Comparator

**Figure 2.** Biometric fusion: different levels of fusion within a biometric recognition system.

Fusion

Fusion

Decision

(c) Decision Level

Decision

http://dx.doi.org/10.5772/52152

175

Comparator

Template

(b) Score Level

3. *Decision Level Fusion*: a fusion of final decisions (in general accept/ reject) is referred to as decision level fusion. Various final decisions of independent subsystems can be fused (e.g. by applying a majority voting) in order to increase the accuracy (security) or universality

Multi-biometric recognition systems offer several advantages compared to conventional biometric systems. There is a common and intuitive assumption that the combination of multiple biometrics improves performance as multiple multiple sources of information are involved. By combining multiple sources of information, it is possible to improve systems biometric performance, increase population coverage, deter spoofing, and facilitate indexing [10]. While several fusion levels are possible in multi-biometric systems (see Chapter 2.1), biometric fusion on the score level represents the most popular one due to the ease in accessing and consolidating comparison scores. Performance gain is achieved in case uncorrelated traits are applied in a multi-biometric recognition systems. Incorporating

However, in case a strong (highly discriminative) biometric characteristic is combined with a weak one, the resulting decision environment is in a sense averaged, and the combined performance will lie somewhere between that of the two tests conducted individually. Hence, biometric fusion is not straight forward, but highly depends on the choice of characteristics,

Besides common issues like requirements for stronger user incorporation of feature level fusion of different feature representations, one major issue regarding multi-biometric recognition we want to emphasize on is the central storage of multiple biometric templates of a single subject. Compared to conventional biometric systems based on a single biometric indicator, multiple sources of information, i.e. more biometric reference data, has to be stored for each subject registered with a multi-biometric system. In a multi-biometric system the overall complexity increases as multiple SDK need to be maintained and the use of multiple

subject-specific parameters may further increase accuracy of these systems.

Comparator

Template

Multi-Biometric Template Protection: Issues and Challenges

Fusion

**Figure 1.** Examples of physiological (static) biometric characteristics.

have remained elusive, even on small datasets. This bookchapter provides a comprehensive overview of biometric fusion, biometric template protection, and, in particular, possible ways of how to combine these technologies.

The remainder of this bookchapter is organized as follows: Section 2 briefly summarizes advantages and issues of multi-biometric recognition. Template protection technologies are reviewed in Section 3. In Section 4 multi-biometrics and template protection are combined and related works are summarized. Subsequently, a theoretical framework for multi-biometric template protection is introduced and major issues and challenges evolving from incorporating biometric fusion to template protection technologies are discussed in detail in Section 5. Finally, a summary is given in Section 6.

## **2. Multi-biometric recognition**

Whenever biometric verification systems based on single biometric indicators have to deal with noisy sensor acquisition, restricted degrees-of-freedom, or non-universality unpractical performance rates are yielded [4]. Such drawbacks, which represent common scenarios when operating biometric recognition systems, raise the need for multi-biometric recognition [2] or other approaches that can increase the recognition accuracy. As previously mentioned, a fusion of multiple biometric indicators have been shown to improved the accuracy and reliability of biometric systems.

## **2.1. Categorization**

Fusion in biometric systems is commonly categorized according to the level within which the fusion is performed. ISO/IEC TR 24722:2007 coarsely distinguishes three possible levels of fusion: (1) fusion at feature level, (2) fusion at score level, and (3) fusion at decision level. Figure 2 illustrates these different types of biometric fusion.


**Figure 2.** Biometric fusion: different levels of fusion within a biometric recognition system.

3. *Decision Level Fusion*: a fusion of final decisions (in general accept/ reject) is referred to as decision level fusion. Various final decisions of independent subsystems can be fused (e.g. by applying a majority voting) in order to increase the accuracy (security) or universality (convenience) of the entire system [2].

## **2.2. Advantages**

2 New Trends and Developments in Biometrics

**Figure 1.** Examples of physiological (static) biometric characteristics.

detail in Section 5. Finally, a summary is given in Section 6.

Figure 2 illustrates these different types of biometric fusion.

normalized scores leads to a more accurate overall system.

more discriminative than each single one [4].

of how to combine these technologies.

**2. Multi-biometric recognition**

reliability of biometric systems.

**2.1. Categorization**

(a) Iris (b) Fingerprint (c) Face (d) Palmprint

have remained elusive, even on small datasets. This bookchapter provides a comprehensive overview of biometric fusion, biometric template protection, and, in particular, possible ways

The remainder of this bookchapter is organized as follows: Section 2 briefly summarizes advantages and issues of multi-biometric recognition. Template protection technologies are reviewed in Section 3. In Section 4 multi-biometrics and template protection are combined and related works are summarized. Subsequently, a theoretical framework for multi-biometric template protection is introduced and major issues and challenges evolving from incorporating biometric fusion to template protection technologies are discussed in

Whenever biometric verification systems based on single biometric indicators have to deal with noisy sensor acquisition, restricted degrees-of-freedom, or non-universality unpractical performance rates are yielded [4]. Such drawbacks, which represent common scenarios when operating biometric recognition systems, raise the need for multi-biometric recognition [2] or other approaches that can increase the recognition accuracy. As previously mentioned, a fusion of multiple biometric indicators have been shown to improved the accuracy and

Fusion in biometric systems is commonly categorized according to the level within which the fusion is performed. ISO/IEC TR 24722:2007 coarsely distinguishes three possible levels of fusion: (1) fusion at feature level, (2) fusion at score level, and (3) fusion at decision level.

1. *Feature Level Fusion*: biometric fusion on feature level comprises the construction of a new feature vector of higher dimensionality composed of (a selection of) feature elements of various feature vectors generated a priori. The new feature vector should turn out to be

2. *Score Level Fusion*: on this level of fusion matching scores are returned by each individual subsystem and obtained scores are combined. Once scores are properly normalized they can be combined in different ways (e.g. by weighted sum-rule) such that the fusion of Multi-biometric recognition systems offer several advantages compared to conventional biometric systems. There is a common and intuitive assumption that the combination of multiple biometrics improves performance as multiple multiple sources of information are involved. By combining multiple sources of information, it is possible to improve systems biometric performance, increase population coverage, deter spoofing, and facilitate indexing [10]. While several fusion levels are possible in multi-biometric systems (see Chapter 2.1), biometric fusion on the score level represents the most popular one due to the ease in accessing and consolidating comparison scores. Performance gain is achieved in case uncorrelated traits are applied in a multi-biometric recognition systems. Incorporating subject-specific parameters may further increase accuracy of these systems.

However, in case a strong (highly discriminative) biometric characteristic is combined with a weak one, the resulting decision environment is in a sense averaged, and the combined performance will lie somewhere between that of the two tests conducted individually. Hence, biometric fusion is not straight forward, but highly depends on the choice of characteristics, features, fusion type, etc.

## **2.3. Issues**

Besides common issues like requirements for stronger user incorporation of feature level fusion of different feature representations, one major issue regarding multi-biometric recognition we want to emphasize on is the central storage of multiple biometric templates of a single subject. Compared to conventional biometric systems based on a single biometric indicator, multiple sources of information, i.e. more biometric reference data, has to be stored for each subject registered with a multi-biometric system. In a multi-biometric system the overall complexity increases as multiple SDK need to be maintained and the use of multiple

**Advantage Description**

**Table 1.** Major advantages of technologies of biometric template protection.

Revocability and renewability of

arise deploying these technologies [13].

reconstruction, has to be stored [3].

templates

**3.2. Advantages**

**3.3. Issues**

Privacy protection Within biometric cryptosystems and cancelable

Secure key release Biometric cryptosystems provide key release

Pseudonymous authentication Authentication is performed in the encrypted domain

Increased security Biometric cryptosystems and cancelable biometrics

biometric systems. More social acceptance Biometric cryptosystems and cancelable biometrics

Biometric cryptosystems and cancelable biometrics offer several advantages over generic biometric systems. Most important advantages are summarized in Table 1. These major advantages over conventional biometric systems call for several applications. In order to underline the potential of both technologies two essential use cases are discussed in detail. With respect to the design goals, biometric cryptosystems and cancelable biometrics offer significant advantages to enhance the privacy and security of biometric systems, providing reliable biometric authentication at an high security level. Several new issues and challenges

One fundamental challenge, regarding template protection, represents the issue of alignment, which significantly effects recognition performance. Biometric templates are obscured within both technologies, i.e. alignment of obscured templates without leakage is highly non-trivial. For instance, if iris biometric textures or templates (iris-codes) are transformed in a non-row-wise manner, e.g. block permutation of preprocessed textures or a permutation of iris-code bits. Consequentially, additional information, which must not lead to template

Focusing on biometric template protection technologies it is not actually clear which biometric characteristics to apply in which type of application. In fact it has been shown that even the iris may not exhibit enough reliable information to bind or extract sufficiently long keys providing acceptable trade-offs between accuracy and security. Stability of biometric features is required to limit information leakage of stored helper data. In addition, feature adaptation schemes that preserve accuracy have to be utilized in order to obtain common representations of arbitrary biometric characteristics (several approaches to extract

fixed-length binary fingerprint templates have been proposed, e.g. [15, 16]).

biometric applications.

identifier.

generated.

biometrics the original biometric template is obscured

Multi-Biometric Template Protection: Issues and Challenges

http://dx.doi.org/10.5772/52152

177

and, thus, the biometric reference is a pseudonymous

Several instances of secured templates can be

prevent from several traditional attacks against

are expected to increase the social acceptance of

such that a reconstruction is hardly feasible.

mechanisms based on biometrics.

**Figure 3.** Biometric template protection: properties of (a) irreversibility and (b) unlinkability.

sensors results in a stronger dependency on fully operational hardware. Biometric system can be compromised in a number of ways [7], and leakage of biometric template information to unauthorized individuals constitutes serious security and privacy threats [6]. For instance, in case *n* different comparison scores are combined performing score level fusion, *n* different biometric templates have to be stored for each subject registered with the system.

This major drawback of biometric fusion raises the need for multi-biometric template protection. More precisely, the storage of multiple biometric records of a fused template of biometric features extracted from different biometric traits has to be protected.

## **3. Template protection**

The industry has long claimed that one of the primary benefits of biometric templates is that original biometric signals acquired to enroll a data subject cannot be reconstructed from stored templates. Several techniques (e.g. [8, 11]) have proven this claim wrong. Since most biometric characteristics are largely immutable, a compromise of raw biometric data or biometric templates might result in a situation that a subject's biometric characteristics are essentially *burned* and not usable any longer from the security perspective. Biometric template protection technologies offer significant advantages to enhance the privacy and security of biometric systems, providing reliable biometric authentication at a high security level.

## **3.1. Categorization**

Biometric template protection schemes are commonly categorized as (1) biometric cryptosystems (also referred to as helper data-based schemes) and (2) cancelable biometrics (also referred to as feature transformation). Biometric cryptosystems are designed to securely bind a digital key to a biometric or generate a digital key from a biometric [12], offering solutions to biometric-dependent key-release and biometric template protection [13, 14]. Cancelable biometrics consist of intentional, repeatable distortions of biometric signals based on transforms which provide a comparison of biometric templates in the transformed domain [7]. Both technologies are designed to meet two major requirements of biometric information protection (ISO/IEC 24745): (1) *irreversibility*, i.e. it should be computationally hard to reconstruct the original biometric template from the stored reference data (protected template), while it should be easy to generate the protected biometric template; (2) *unlinkability*, i.e. different versions of protected biometric templates can be generated based on the same biometric data (renewability), while protected templates should not allow cross-matching (diversity). Schematic illustrations of both properties are shown in Figure 3(a) and Figure 3(b).


**Table 1.** Major advantages of technologies of biometric template protection.

#### **3.2. Advantages**

4 New Trends and Developments in Biometrics

**3. Template protection**

level.

**3.1. Categorization**

Figure 3(a) and Figure 3(b).

Template Generation

hard (a) Irreversibility

easy

Protected Template Protected

**Figure 3.** Biometric template protection: properties of (a) irreversibility and (b) unlinkability.

sensors results in a stronger dependency on fully operational hardware. Biometric system can be compromised in a number of ways [7], and leakage of biometric template information to unauthorized individuals constitutes serious security and privacy threats [6]. For instance, in case *n* different comparison scores are combined performing score level fusion, *n* different

This major drawback of biometric fusion raises the need for multi-biometric template protection. More precisely, the storage of multiple biometric records of a fused template

The industry has long claimed that one of the primary benefits of biometric templates is that original biometric signals acquired to enroll a data subject cannot be reconstructed from stored templates. Several techniques (e.g. [8, 11]) have proven this claim wrong. Since most biometric characteristics are largely immutable, a compromise of raw biometric data or biometric templates might result in a situation that a subject's biometric characteristics are essentially *burned* and not usable any longer from the security perspective. Biometric template protection technologies offer significant advantages to enhance the privacy and security of biometric systems, providing reliable biometric authentication at a high security

Biometric template protection schemes are commonly categorized as (1) biometric cryptosystems (also referred to as helper data-based schemes) and (2) cancelable biometrics (also referred to as feature transformation). Biometric cryptosystems are designed to securely bind a digital key to a biometric or generate a digital key from a biometric [12], offering solutions to biometric-dependent key-release and biometric template protection [13, 14]. Cancelable biometrics consist of intentional, repeatable distortions of biometric signals based on transforms which provide a comparison of biometric templates in the transformed domain [7]. Both technologies are designed to meet two major requirements of biometric information protection (ISO/IEC 24745): (1) *irreversibility*, i.e. it should be computationally hard to reconstruct the original biometric template from the stored reference data (protected template), while it should be easy to generate the protected biometric template; (2) *unlinkability*, i.e. different versions of protected biometric templates can be generated based on the same biometric data (renewability), while protected templates should not allow cross-matching (diversity). Schematic illustrations of both properties are shown in

biometric templates have to be stored for each subject registered with the system.

of biometric features extracted from different biometric traits has to be protected.

Biometric Input Protected Templates

Application 1

Application 2 . . . (b) Unlinkability

. . .

Biometric Input

Biometric cryptosystems and cancelable biometrics offer several advantages over generic biometric systems. Most important advantages are summarized in Table 1. These major advantages over conventional biometric systems call for several applications. In order to underline the potential of both technologies two essential use cases are discussed in detail. With respect to the design goals, biometric cryptosystems and cancelable biometrics offer significant advantages to enhance the privacy and security of biometric systems, providing reliable biometric authentication at an high security level. Several new issues and challenges arise deploying these technologies [13].

### **3.3. Issues**

One fundamental challenge, regarding template protection, represents the issue of alignment, which significantly effects recognition performance. Biometric templates are obscured within both technologies, i.e. alignment of obscured templates without leakage is highly non-trivial. For instance, if iris biometric textures or templates (iris-codes) are transformed in a non-row-wise manner, e.g. block permutation of preprocessed textures or a permutation of iris-code bits. Consequentially, additional information, which must not lead to template reconstruction, has to be stored [3].

Focusing on biometric template protection technologies it is not actually clear which biometric characteristics to apply in which type of application. In fact it has been shown that even the iris may not exhibit enough reliable information to bind or extract sufficiently long keys providing acceptable trade-offs between accuracy and security. Stability of biometric features is required to limit information leakage of stored helper data. In addition, feature adaptation schemes that preserve accuracy have to be utilized in order to obtain common representations of arbitrary biometric characteristics (several approaches to extract fixed-length binary fingerprint templates have been proposed, e.g. [15, 16]).


**Author(s) Applied Technique Modality FRR / FAR (%) Remarks** [19] Fuzzy Commitment Iris 0.42 / 0.0 small test set [34] 5.62 / 0.0 short key

[23] 4.0 / 0.004 >1 enroll sam. [35] Iris 5.5 / 0.0 –

[36] Quantization Online Sig. 28.0 / 1.2 <sup>&</sup>gt;1 enroll sam. [24] 7.05 / 0.0 short key [26] Password-Hardening Voice >2.0 / 2.0 short key [37] BioHashing Face 0.0 / 0.0 non-stolen token

– Surface Folding <sup>∼</sup>15 / 10−<sup>4</sup>

[33] BioHashing Face 0.0002 EER non-stolen token

(e.g. [24, 25]) have been applied to several physiological and behavioral biometrics, while focusing on reported performance rates, these schemes require further studies in order to improve accuracy. Besides, approaches which aim at "salting" existing passwords with biometric features have been proposed [26]. Within the BioHashing approach [27] biometric features are projected onto secret domains applying user-specific tokens prior to a key-binding process. Variants of this approach have been exposed to reveal unpractical performance rates under the stolen-token scenario [28]. With respect to recognition rates, the vast majority of biometric template protection schemes are by no means comparable to conventional biometric systems. While numerous approaches to biometric cryptosystems generate rather short keys at unacceptable performance rates, several enrollment samples may be required as well, (e.g. four samples in [21]). Approaches which report practical recognition rates are tested on rather small datasets (e.g. 70 persons in [19]) which must not be interpreted as significant. In addition, the introduction of additional tokens, be it random

First approaches to non-invertible transforms [7] (representing an instance of cancelable biometrics), which have been applied to face and fingerprints, include block-permutation and surface-folding. Diverse proposals (e.g. [29, 30]) have shown that recognition performance decreases noticeably compared to original biometric systems. Additionally, it is doubtable if sample images of transformed biometric images are non-invertible. BioHashing [27] (without key-binding) represents the most popular instance of biometric salting yielding a two-factor authentication scheme. Since additional tokens have to be kept secret (e.g. [31, 32]) result reporting turns out to be problematic. Perfect recognition rates have been reported (e.g. in

Focusing on the incorporation of multiple biometrics in template protection schemes several approaches have been proposed. Most notable approaches are summarized in Table 3. One of the first approach to a multi-biometric cryptosystem based on the fuzzy commitment scheme was proposed by [40], in which binary fingerprint and face features are combined. In [41] two different feature extraction algorithms are applied to 3D face data yielding a single

[33]) while the opposite was found to be true [28] within the stolen-token scenario.

[39] BioConvolving Online Sig. 10.81 EER –

[38] Block Permutation, Fingerprints <sup>∼</sup>35 / 10−<sup>4</sup>

**Table 2.** Experimental results of key approaches to biometric template protection schemes.

numbers or secret PINs, often clouds the picture of reported results.

Fuzzy Vault Fingerprints 20-30 / 0.0 pre-alignment,

>1 enroll sam.

http://dx.doi.org/10.5772/52152

179

Multi-Biometric Template Protection: Issues and Challenges

[21]

**Figure 4.** Privacy/ accuracy relation: multi-biometrics and template protection systems.

As plenty different approaches to biometric cryptosystems and cancelable biometrics have been proposed a large number of pseudonyms and acronyms have been dispersed across literature such that attempts to represented biometric template protection schemes in unified architectures have been made [17]. Standardization on biometric template protection has been achieved in the ISO/IEC 24745 standard providing guidance on the protection of an individual's privacy during the processing of biometric information.

## **4. Multi-biometric template protection**

As previously mentioned, a lack of security represents a major drawback of multi-biometric recognition systems [6]. On the other hand, biometric template protection technologies generally reveal unpractical accuracy compared to underlying recognition algorithms [3]. These facts motivate the incorporation of template protection technologies to multi-biometric recognition systems, and vice versa.

## **4.1. Combining the best of two worlds**

With respect to the described design goals, i.e. *breaking the trade-off* between accuracy and security, multi-biometric template protection systems offer significant advantages, improving public confidence and acceptance of biometrics. In addition, multi-biometrics provide low error rates compared to uni-biometric systems even under unconstrained circumstances paving the way for practical deployment of template protection systems. The relation between approaches to multi-biometric recognition and biometric template protection is schematically illustrated in Figure 4, highlighting the potential of multi-biometric template protection.

## **4.2. Related work**

Focusing on the current state-of-the-art in biometric template protection key approaches to biometric cryptosystems and cancelable biometrics are summarized in Table 2. Representing one of the simplest key binding approaches the fuzzy commitment scheme [18] has been successfully applied to iris [19] (and other biometrics). The fuzzy vault scheme [20] which represents one of the most popular biometric cryptosystem has frequently been applied to fingerprints. Early approaches (e.g. [21]), which required a pre-alignment of biometric templates, have demonstrated the potential of this concept. Several techniques (e.g. [22, 23]) to overcome the shortcoming of pre-alignment have been proposed. Quantization schemes


**Table 2.** Experimental results of key approaches to biometric template protection schemes.

6 New Trends and Developments in Biometrics

Existing approaches:

template protection (M-BTP)

Multi-biometric

**Figure 4.** Privacy/ accuracy relation: multi-biometrics and template protection systems.

individual's privacy during the processing of biometric information.

**4. Multi-biometric template protection**

recognition systems, and vice versa.

protection.

**4.2. Related work**

**4.1. Combining the best of two worlds**

Template protection systems (TPS) Multi-biometric systems (M-BS)

As plenty different approaches to biometric cryptosystems and cancelable biometrics have been proposed a large number of pseudonyms and acronyms have been dispersed across literature such that attempts to represented biometric template protection schemes in unified architectures have been made [17]. Standardization on biometric template protection has been achieved in the ISO/IEC 24745 standard providing guidance on the protection of an

As previously mentioned, a lack of security represents a major drawback of multi-biometric recognition systems [6]. On the other hand, biometric template protection technologies generally reveal unpractical accuracy compared to underlying recognition algorithms [3]. These facts motivate the incorporation of template protection technologies to multi-biometric

With respect to the described design goals, i.e. *breaking the trade-off* between accuracy and security, multi-biometric template protection systems offer significant advantages, improving public confidence and acceptance of biometrics. In addition, multi-biometrics provide low error rates compared to uni-biometric systems even under unconstrained circumstances paving the way for practical deployment of template protection systems. The relation between approaches to multi-biometric recognition and biometric template protection is schematically illustrated in Figure 4, highlighting the potential of multi-biometric template

Focusing on the current state-of-the-art in biometric template protection key approaches to biometric cryptosystems and cancelable biometrics are summarized in Table 2. Representing one of the simplest key binding approaches the fuzzy commitment scheme [18] has been successfully applied to iris [19] (and other biometrics). The fuzzy vault scheme [20] which represents one of the most popular biometric cryptosystem has frequently been applied to fingerprints. Early approaches (e.g. [21]), which required a pre-alignment of biometric templates, have demonstrated the potential of this concept. Several techniques (e.g. [22, 23]) to overcome the shortcoming of pre-alignment have been proposed. Quantization schemes

TPS M-BS M-BTP

System

Privacy Accuracy

high high

high

low

high

low

Accuracy

Privacy

(e.g. [24, 25]) have been applied to several physiological and behavioral biometrics, while focusing on reported performance rates, these schemes require further studies in order to improve accuracy. Besides, approaches which aim at "salting" existing passwords with biometric features have been proposed [26]. Within the BioHashing approach [27] biometric features are projected onto secret domains applying user-specific tokens prior to a key-binding process. Variants of this approach have been exposed to reveal unpractical performance rates under the stolen-token scenario [28]. With respect to recognition rates, the vast majority of biometric template protection schemes are by no means comparable to conventional biometric systems. While numerous approaches to biometric cryptosystems generate rather short keys at unacceptable performance rates, several enrollment samples may be required as well, (e.g. four samples in [21]). Approaches which report practical recognition rates are tested on rather small datasets (e.g. 70 persons in [19]) which must not be interpreted as significant. In addition, the introduction of additional tokens, be it random numbers or secret PINs, often clouds the picture of reported results.

First approaches to non-invertible transforms [7] (representing an instance of cancelable biometrics), which have been applied to face and fingerprints, include block-permutation and surface-folding. Diverse proposals (e.g. [29, 30]) have shown that recognition performance decreases noticeably compared to original biometric systems. Additionally, it is doubtable if sample images of transformed biometric images are non-invertible. BioHashing [27] (without key-binding) represents the most popular instance of biometric salting yielding a two-factor authentication scheme. Since additional tokens have to be kept secret (e.g. [31, 32]) result reporting turns out to be problematic. Perfect recognition rates have been reported (e.g. in [33]) while the opposite was found to be true [28] within the stolen-token scenario.

Focusing on the incorporation of multiple biometrics in template protection schemes several approaches have been proposed. Most notable approaches are summarized in Table 3. One of the first approach to a multi-biometric cryptosystem based on the fuzzy commitment scheme was proposed by [40], in which binary fingerprint and face features are combined. In [41] two different feature extraction algorithms are applied to 3D face data yielding a single


Biometric

. .

. .

**5. Issues and challenges**

feature level fusion) could look like.

template protection system several issues evolve.

Inputs Representation

Template 1

Template 2

Template n

n templates of k representations, generated by t feature extractors.

.

1 2 k

. .

**Figure 5.** A framework of a generic multi-biometric template protection at feature level.

distribution of errors improves the overall accuracy of the system.

a coarse level different evolving issues will be discussed in detail.

**5.1. Generic framework for multi-biometric template protection**

. . .

Fusion Module

. .

That is, a rearrangement of biometric feature vectors in order to provide a uniform

Besides already mentioned issues of multi-biometric recognition (see Chapter 2.3) and template protection technologies (see Chapter 3.3), which may be solved through multi-biometric template protection, several further issues might occur which have to be dealt with. From designing a generic framework for multi-biometric template protection at

The major goal of research in the area of multi-biometric template protection is to generate a *generic framework* of constructing multi-biometric template protection schemes, i.e. a code of practice according to various aspects for incorporating different biometric templates in one or more template protection system(s), yielding multi-biometric template protection. From existing research it appears that biometric fusion on feature level is most suitable for template protection schemes [6, 40–42]. While preliminary scores are not available within the vast majority of biometric cryptosystems, cancelable biometric systems based on score level fusion can be constructed analogue to conventional biometric systems. For both technologies biometric fusion based on decision level can easily be implemented combining final decisions. Figure 5 shows a schematic impression of how such a framework (based on

In order to provide generic multi-biometric template protection the system should be capable of incorporating *n* different biometric templates, which need not exhibit a common feature representation, i.e. *k* different representation may be involved. In a fusion module a common representation of feature vectors is established and feature vectors are combined in a sensible manner. Subsequently, an adequate template protection scheme is applied to protect the multi-biometric template. Focusing on a generic fusion of multiple biometric templates in a

Protected Template

feature vectors are fused into one single template

Generic Multi-Biometric Template Protection System

Template Protection Scheme

Multi-Biometric Template Protection: Issues and Challenges

Database

suitable scheme(s)

http://dx.doi.org/10.5772/52152

181

**Table 3.** Experimental results of approaches to multi-biometric template protection schemes.

sensor scenario2. The authors provide results for feature level, score level and decision level fusion. In order to obtain a comparison score the number of errors corrected by the error correction code are estimated, i.e. scores are only available in case of successful decoding. Best results are obtained for the multi-algorithm fusion at feature level. [42] propose a sensible rearrangement of bits in iris codes in order to provide a uniform distribution of error probabilities. The rearrangement allows a more efficient execution of error correction codes combining the most reliable bits generated by different feature extraction algorithms. [43] proposed a multi-biometric cryptosystem fuzzy vault based on fingerprint and iris. The authors demonstrate that a combination of biometric modalities leads to increased accuracy and, thus, higher security. A FRR of 1.8% at a FAR of ∼0.01% is obtained, while the corresponding FRR values of the iris and fingerprint fuzzy vaults are 12% and 21.2%, respectively. [44] combine two different feature extraction methods to achieve cancelable face biometrics. PCA and ICA (independent component analysis) coefficients are extracted and both feature vectors are randomly scrambled and added in order to create a transformed template. In rather recent work [6] report results on multi-biometric fuzzy commitment schemes and fuzzy vault schemes based on fingerprint, face and iris. In order to obtain a common feature representation for each type of template protection scheme the authors propose different embedding algorithms, e.g. for mapping a binary string to a point set. best results are obtained for a multi-biometric fuzzy vault scheme. Compared to feature level fusion and score level fusion, recently [45] proposed a multi-biometric template protection system employing decision level fusion of multiple protected fingerprint templates.

Several other ideas of using a set of multiple biometric characteristics within biometric template protections schemes have been proposed [46–51].

<sup>2</sup> Note that in general single sensor scenarios are more challenging than those based on multiple sensors, since, in case of noise occurrence, each feature extractor has to deal with signal degradation.

**Figure 5.** A framework of a generic multi-biometric template protection at feature level.

That is, a rearrangement of biometric feature vectors in order to provide a uniform distribution of errors improves the overall accuracy of the system.

## **5. Issues and challenges**

8 New Trends and Developments in Biometrics

**Author(s) Applied Technique Modality FRR / FAR (%) Remarks**

[40] Fingerprint 0.92 / <sup>&</sup>gt;0.001 – and Face

[43] Fingerprint 1.8 / 0.01 – Multi-biometric and Iris

[6] Fuzzy Vault Fingerprint, 1.0 / 0.0 – Face and Iris

**Table 3.** Experimental results of approaches to multi-biometric template protection schemes.

[41] Multi-biometric 3D Face <sup>∼</sup> 2.5 EER single sensor Fuzzy Commitment and 3D Face scenario

[42] Iris 5.56 / 0.01 single sensor

[44] Token-based Face <sup>∼</sup> 15.0 EER single sensor

sensor scenario2. The authors provide results for feature level, score level and decision level fusion. In order to obtain a comparison score the number of errors corrected by the error correction code are estimated, i.e. scores are only available in case of successful decoding. Best results are obtained for the multi-algorithm fusion at feature level. [42] propose a sensible rearrangement of bits in iris codes in order to provide a uniform distribution of error probabilities. The rearrangement allows a more efficient execution of error correction codes combining the most reliable bits generated by different feature extraction algorithms. [43] proposed a multi-biometric cryptosystem fuzzy vault based on fingerprint and iris. The authors demonstrate that a combination of biometric modalities leads to increased accuracy and, thus, higher security. A FRR of 1.8% at a FAR of ∼0.01% is obtained, while the corresponding FRR values of the iris and fingerprint fuzzy vaults are 12% and 21.2%, respectively. [44] combine two different feature extraction methods to achieve cancelable face biometrics. PCA and ICA (independent component analysis) coefficients are extracted and both feature vectors are randomly scrambled and added in order to create a transformed template. In rather recent work [6] report results on multi-biometric fuzzy commitment schemes and fuzzy vault schemes based on fingerprint, face and iris. In order to obtain a common feature representation for each type of template protection scheme the authors propose different embedding algorithms, e.g. for mapping a binary string to a point set. best results are obtained for a multi-biometric fuzzy vault scheme. Compared to feature level fusion and score level fusion, recently [45] proposed a multi-biometric template protection

system employing decision level fusion of multiple protected fingerprint templates.

template protections schemes have been proposed [46–51].

of noise occurrence, each feature extractor has to deal with signal degradation.

Several other ideas of using a set of multiple biometric characteristics within biometric

<sup>2</sup> Note that in general single sensor scenarios are more challenging than those based on multiple sensors, since, in case

Scrambling and Face scenario

and Iris scenario

Besides already mentioned issues of multi-biometric recognition (see Chapter 2.3) and template protection technologies (see Chapter 3.3), which may be solved through multi-biometric template protection, several further issues might occur which have to be dealt with. From designing a generic framework for multi-biometric template protection at a coarse level different evolving issues will be discussed in detail.

## **5.1. Generic framework for multi-biometric template protection**

The major goal of research in the area of multi-biometric template protection is to generate a *generic framework* of constructing multi-biometric template protection schemes, i.e. a code of practice according to various aspects for incorporating different biometric templates in one or more template protection system(s), yielding multi-biometric template protection. From existing research it appears that biometric fusion on feature level is most suitable for template protection schemes [6, 40–42]. While preliminary scores are not available within the vast majority of biometric cryptosystems, cancelable biometric systems based on score level fusion can be constructed analogue to conventional biometric systems. For both technologies biometric fusion based on decision level can easily be implemented combining final decisions. Figure 5 shows a schematic impression of how such a framework (based on feature level fusion) could look like.

In order to provide generic multi-biometric template protection the system should be capable of incorporating *n* different biometric templates, which need not exhibit a common feature representation, i.e. *k* different representation may be involved. In a fusion module a common representation of feature vectors is established and feature vectors are combined in a sensible manner. Subsequently, an adequate template protection scheme is applied to protect the multi-biometric template. Focusing on a generic fusion of multiple biometric templates in a template protection system several issues evolve.

certain assumptions [53]). The fact that false rejection rates are lower bounded by error correction capacities [54] emerges a great challenge since unbounded use of error correction (if applicable) makes the system even more vulnerable [55]. Other characteristics such as voice or keystroke dynamics (especially behavioral characteristics) were found to reveal only a small amount of stable information [26], but can still be applied to improve the security of an existing secret. While for some characteristics extracting of a sufficient amount of reliable features seems to be feasible it still remains questionable if these features exhibit enough entropy. In case extracted features do not meet requirements of discriminativity, systems become vulnerable to several attacks (e.g. false acceptance attacks). In addition, stability of biometric features is required to limit information leakage of stored helper data as well as a sufficient secret length. Focusing on multi-biometric template protection schemes which perform biometric fusion at feature level a single sensor fusion scenario could be applied in order to overcome the issue of alignment. Any combination of biometric feature vectors extracted from a single biometric signal alleviates the construction of a multi-biometric template protection scheme, in case these feature extractors apply the same mode of operation when analyzing biometric data. For instance, if two different iris biometric feature extractors extract binary iris-codes from pre-processed textures and operate on same block sizes extracting the same number of bits per block, a single optimal alignment for both

Multi-Biometric Template Protection: Issues and Challenges

http://dx.doi.org/10.5772/52152

183

Due to the sensitivity of template protection schemes multiple enrollment samples are required and thus, compared to conventional biometric systems, more user-cooperation (compared to conventional biometric systems) is demanded in order to decrease intra-class variation, while sensoring and preprocessing require improvement as well. Furthermore, from the usability side of view it has to be analyzed which combinations of biometric modalities are applicable (e.g. iris and face or fingerprint and hand geometry) [2]. In order to keep the multi-biometric system usable only those modalities should be combined that allow acquisition of multiple samples with "one" single capture device (e.g. capturing two iris images and one face image with multiple cameras that are integrated in one capture device). Only then the capture time and consequently the transaction time will remain constant.

While different template protection systems incorporating multiple biometric traits have been proposed, these turn out to be custom-built according to applied biometric feature representations and applied template protection schemes. Multi-biometric template protection schemes in literature have been proposed for numerous types of template protection requiring different feature representations (a detailed overview can be found in [3]). While some techniques have been applied to distinct template protection systems (e.g. fuzzy commitment scheme or fuzzy vault scheme) a detailed analysis of pros and cons of these schemes regarding the application of multi-biometrics has remained elusive. Such investigation involves factors such as scalability, i.e. the vast majority of template protection schemes require fixed-length feature vectors and are only scalable in discrete iterations (e.g. by adding a distinct number of chunks of error correction codewords). Biometric template protection schemes are designed for a distinct representation of feature vectors, e.g. fuzzy commitment schemes require binary biometric templates as input while fuzzy vault schemes require real-valued biometric templates. A fusion of binary iris-codes and

extracted feature vectors exists.

**5.4. Feature representation**

**Figure 6.** Template alignment within a multi-biometric template protection scheme.

## **5.2. Template alignment**

Focusing on distinct biometric characteristics, e.g. iris, alignment within a template protection scheme can still be feasible. For instance, within an iris biometric fuzzy commitment scheme template alignment can be achieved by applying decommitments at various shifting positions. Within conventional biometric systems align-invariant approaches have been proposed for several biometric characteristics. So far, hardly any suggestions have been made to construct align-invariant biometric cryptosystems or cancelable biometrics. Still, focusing on technologies of biometric template protection, feature alignment significantly effects recognition performance. Biometric templates are obscured within template protection systems, i.e. alignment of protected templates is highly non-trivial [52]. Feature level fusion of biometric templates potentially aggravates a proper alignment of protected templates (optimal alignments vary for incorporated templates), while auxiliary data for the use of alignment may leak information on stored templates. More precisely, a combined feature vector may consist of *t* chunks of feature elements generated by *t* diverse feature extractors. In order to establish a proper alignment of the entire feature vector, chunks of feature elements need to be aligned individually. In general a common optimal alignment which is valid for all chunks of feature elements is rather unlikely. Hence, additional helper data is required which at least has to mark start and end points of such chunks. Figure 6 provides an schematic illustration of this issue.

As previously mentioned an adaption of biometric feature vectors to template protection schemes is considered inevitable in order to achieve practical recognition rates. However, generally a rearrangement of features within biometric templates makes conventional template alignment infeasible. Again, in order to align protected templates properly, additional helper data (e.g. reverse permutations) need to be stored (cf. [22, 23]), in a global or subject-specific manner. The additional storage of helper data is essential but will cause information leakage, i.e. potential impostors may utilize the additional helper data in order to compromise or cross-match protected templates, in case of subject-specific helper data.

## **5.3. Combination of modalities**

In fact it has been shown that distinct biometric modalities (e.g. fingerprint or iris) exhibit enough reliable information to bind or extract sufficiently long keys providing acceptable trade-offs between accuracy and security, where the best performing schemes are based on fuzzy commitment and fuzzy vault. However, practical error correction codes are designed for communication and data storage purposes such that a perfect error correction code for a desired code length has remained evasive (optimal codes exist only theoretically under certain assumptions [53]). The fact that false rejection rates are lower bounded by error correction capacities [54] emerges a great challenge since unbounded use of error correction (if applicable) makes the system even more vulnerable [55]. Other characteristics such as voice or keystroke dynamics (especially behavioral characteristics) were found to reveal only a small amount of stable information [26], but can still be applied to improve the security of an existing secret. While for some characteristics extracting of a sufficient amount of reliable features seems to be feasible it still remains questionable if these features exhibit enough entropy. In case extracted features do not meet requirements of discriminativity, systems become vulnerable to several attacks (e.g. false acceptance attacks). In addition, stability of biometric features is required to limit information leakage of stored helper data as well as a sufficient secret length. Focusing on multi-biometric template protection schemes which perform biometric fusion at feature level a single sensor fusion scenario could be applied in order to overcome the issue of alignment. Any combination of biometric feature vectors extracted from a single biometric signal alleviates the construction of a multi-biometric template protection scheme, in case these feature extractors apply the same mode of operation when analyzing biometric data. For instance, if two different iris biometric feature extractors extract binary iris-codes from pre-processed textures and operate on same block sizes extracting the same number of bits per block, a single optimal alignment for both extracted feature vectors exists.

Due to the sensitivity of template protection schemes multiple enrollment samples are required and thus, compared to conventional biometric systems, more user-cooperation (compared to conventional biometric systems) is demanded in order to decrease intra-class variation, while sensoring and preprocessing require improvement as well. Furthermore, from the usability side of view it has to be analyzed which combinations of biometric modalities are applicable (e.g. iris and face or fingerprint and hand geometry) [2]. In order to keep the multi-biometric system usable only those modalities should be combined that allow acquisition of multiple samples with "one" single capture device (e.g. capturing two iris images and one face image with multiple cameras that are integrated in one capture device). Only then the capture time and consequently the transaction time will remain constant.

## **5.4. Feature representation**

10 New Trends and Developments in Biometrics

**5.2. Template alignment**

... Probe Feature Vector Chunk 1 Chunk 2 Chunk <sup>t</sup>

... Reference Template Chunk 1 Chunk 2 Chunk <sup>t</sup>

**Figure 6.** Template alignment within a multi-biometric template protection scheme.

provides an schematic illustration of this issue.

**5.3. Combination of modalities**

Alignment 1 Alignment 2 ... Alignment <sup>t</sup>

Focusing on distinct biometric characteristics, e.g. iris, alignment within a template protection scheme can still be feasible. For instance, within an iris biometric fuzzy commitment scheme template alignment can be achieved by applying decommitments at various shifting positions. Within conventional biometric systems align-invariant approaches have been proposed for several biometric characteristics. So far, hardly any suggestions have been made to construct align-invariant biometric cryptosystems or cancelable biometrics. Still, focusing on technologies of biometric template protection, feature alignment significantly effects recognition performance. Biometric templates are obscured within template protection systems, i.e. alignment of protected templates is highly non-trivial [52]. Feature level fusion of biometric templates potentially aggravates a proper alignment of protected templates (optimal alignments vary for incorporated templates), while auxiliary data for the use of alignment may leak information on stored templates. More precisely, a combined feature vector may consist of *t* chunks of feature elements generated by *t* diverse feature extractors. In order to establish a proper alignment of the entire feature vector, chunks of feature elements need to be aligned individually. In general a common optimal alignment which is valid for all chunks of feature elements is rather unlikely. Hence, additional helper data is required which at least has to mark start and end points of such chunks. Figure 6

As previously mentioned an adaption of biometric feature vectors to template protection schemes is considered inevitable in order to achieve practical recognition rates. However, generally a rearrangement of features within biometric templates makes conventional template alignment infeasible. Again, in order to align protected templates properly, additional helper data (e.g. reverse permutations) need to be stored (cf. [22, 23]), in a global or subject-specific manner. The additional storage of helper data is essential but will cause information leakage, i.e. potential impostors may utilize the additional helper data in order to compromise or cross-match protected templates, in case of subject-specific helper data.

In fact it has been shown that distinct biometric modalities (e.g. fingerprint or iris) exhibit enough reliable information to bind or extract sufficiently long keys providing acceptable trade-offs between accuracy and security, where the best performing schemes are based on fuzzy commitment and fuzzy vault. However, practical error correction codes are designed for communication and data storage purposes such that a perfect error correction code for a desired code length has remained evasive (optimal codes exist only theoretically under

Database

While different template protection systems incorporating multiple biometric traits have been proposed, these turn out to be custom-built according to applied biometric feature representations and applied template protection schemes. Multi-biometric template protection schemes in literature have been proposed for numerous types of template protection requiring different feature representations (a detailed overview can be found in [3]). While some techniques have been applied to distinct template protection systems (e.g. fuzzy commitment scheme or fuzzy vault scheme) a detailed analysis of pros and cons of these schemes regarding the application of multi-biometrics has remained elusive. Such investigation involves factors such as scalability, i.e. the vast majority of template protection schemes require fixed-length feature vectors and are only scalable in discrete iterations (e.g. by adding a distinct number of chunks of error correction codewords). Biometric template protection schemes are designed for a distinct representation of feature vectors, e.g. fuzzy commitment schemes require binary biometric templates as input while fuzzy vault schemes require real-valued biometric templates. A fusion of binary iris-codes and minutiae triples can still be performed without a successive application of different types of template protection schemes (e.g. in [43]). However, as this is not the case in general, embedding functions are required in order to perform mappings between different feature representations; such mappings must not cause a drastic loss of information.

In the vast majority of approaches to biometric template protection schemes provided security is put on a level with obtained recognition performance, i.e. obtained FAR at a targeted FRR. While analysis with respect to irreversibility and unlinkability is rarely done, some quantities to measure the security of template protection systems have been suggested, e.g. key entropy [56], maximum key size [57], or information leakage of stored helper data [58, 59]. These analysis need to be adapted and extended in order to establish a generic methodology of measuring the security of multi-biometric template protection systems.

Multi-Biometric Template Protection: Issues and Challenges

http://dx.doi.org/10.5772/52152

185

Focusing on security/ privacy of template protection schemes several magnitudes have been proposed for uni-biometric template protection schemes (e.g. [56, 58]). With respect to multi-biometric template protection schemes security measures need to be reformulated and extended since additional factors, such as a separate storage of protected templates, take influence on the security provided by the system [6]. We plan to establish a generic modus operandi of estimating the security of any multi-biometric template protection scheme in an information theoretic way. Emphasis will also be put on irreversibility and unlinkability

The presented bookchapter provides an overview of multi-biometric template protection. While both technologies, multi-biometric recognition [2] and biometric template protection [3], suffer from serious drawbacks a sensible combination of these could eliminate individual disadvantages. Different template protection systems incorporating multiple biometric traits, which have been proposed in literature, are summarized. While, at first glance, multi-biometric template protection seems to solve several drawbacks, diverse issues arise. Based on a theoretical framework for multi-biometric template protection several issues, e.g. template alignment at feature level, are elaborated and discussed in detail. While generic approaches to the construction of multi-biometric template protection schemes have remained elusive we provide several suggestions for designing multi-biometric template

This work has been supported by the Center for Advanced Security Research Darmstadt

da/sec – Biometrics and Internet Security Research Group, Hochschule Darmstadt,

analysis, which is rarely done in existing literature (e.g. in [39]).

**6. Summary**

protection systems.

**Author details**

Darmstadt, Germany

Christian Rathgeb<sup>⋆</sup> and Christoph Busch

<sup>⋆</sup> Address all correspondence to: christian.rathgeb@cased.de

(CASED).

**Acknowledgement**

Since different template protection schemes require distinct feature representations a generic framework for multi-biometric template protection should be able to handle diverse inputs of feature vectors. This issue can be solve in two ways:


It is expected that the first opportunity degrades discriminativity of feature vectors while the second is expected to cause security vulnerabilities of protected templates. In order to prevent impostors from attacking separately stored protected templates biometric fusion can be performed at "secret level", i.e. each applied template protection scheme contributed a chunk of bits while the final secret is constructed from calculating a hash of the concatenation of all bit chunks. Still, representation of feature vectors represents one of the most critical issues.

## **5.5. System security**

Focusing on the possible levels of fusion existing approaches to feature-level fusion in template protection systems merely involve a trivial concatenation of biometric templates (e.g. [40, 41]). It has been demonstrated, to some extent, that a more-sophisticated feature-level fusion leads to improved accuracy as well as template security [42]. However, more detailed analysis of adapting multiple biometric templates (based on different feature representations) to according template protection schemes on feature level is demanded. While approaches to cancelable biometrics provide a comparison score for each authentication attempt (offering trivial score-level fusion), within biometric cryptosystems subjects are authenticated indirectly via key validities, i.e. comparison scores are not explicitly available. For instance, in [41] comparison scores are equalized with required error correction capacities, however, more sophisticated approaches to multi-biometric cryptosystems based on score level fusion are non-existent. Biometric fusion at decision level implies the incorporation of a significant amount of biometric templates (e.g. to enable majority voting) in a template protection system. For both technologies, biometric cryptosystems and cancelable biometrics, biometric fusion on decision level can be implemented straight-forward. With respect to biometric cryptosystems a way of performing biometric fusion on secret level could be implemented by a (bit-wise) majority vote of released keys. Even tough approaches to cancelable biometric may easily be fused at decision level, recognition performance does not necessarily correlate with results reported for traditional multi-biometric systems. However, by definition, this level of fusion is restricting the system to a separate protection of multiple templates, which need to be secured individually, and can cause further security risks [6].

In the vast majority of approaches to biometric template protection schemes provided security is put on a level with obtained recognition performance, i.e. obtained FAR at a targeted FRR. While analysis with respect to irreversibility and unlinkability is rarely done, some quantities to measure the security of template protection systems have been suggested, e.g. key entropy [56], maximum key size [57], or information leakage of stored helper data [58, 59]. These analysis need to be adapted and extended in order to establish a generic methodology of measuring the security of multi-biometric template protection systems.

Focusing on security/ privacy of template protection schemes several magnitudes have been proposed for uni-biometric template protection schemes (e.g. [56, 58]). With respect to multi-biometric template protection schemes security measures need to be reformulated and extended since additional factors, such as a separate storage of protected templates, take influence on the security provided by the system [6]. We plan to establish a generic modus operandi of estimating the security of any multi-biometric template protection scheme in an information theoretic way. Emphasis will also be put on irreversibility and unlinkability analysis, which is rarely done in existing literature (e.g. in [39]).

## **6. Summary**

12 New Trends and Developments in Biometrics

minutiae triples can still be performed without a successive application of different types of template protection schemes (e.g. in [43]). However, as this is not the case in general, embedding functions are required in order to perform mappings between different feature

Since different template protection schemes require distinct feature representations a generic framework for multi-biometric template protection should be able to handle diverse inputs

1. *Unified representation*: by establishing a common representation of biometric features (e.g.

2. *Different template protection schemes*: by combining different types of template protection schemes according to the provided feature vectors (e.g. fuzzy commitment scheme and

It is expected that the first opportunity degrades discriminativity of feature vectors while the second is expected to cause security vulnerabilities of protected templates. In order to prevent impostors from attacking separately stored protected templates biometric fusion can be performed at "secret level", i.e. each applied template protection scheme contributed a chunk of bits while the final secret is constructed from calculating a hash of the concatenation of all bit chunks. Still, representation of feature vectors represents one of the most critical

Focusing on the possible levels of fusion existing approaches to feature-level fusion in template protection systems merely involve a trivial concatenation of biometric templates (e.g. [40, 41]). It has been demonstrated, to some extent, that a more-sophisticated feature-level fusion leads to improved accuracy as well as template security [42]. However, more detailed analysis of adapting multiple biometric templates (based on different feature representations) to according template protection schemes on feature level is demanded. While approaches to cancelable biometrics provide a comparison score for each authentication attempt (offering trivial score-level fusion), within biometric cryptosystems subjects are authenticated indirectly via key validities, i.e. comparison scores are not explicitly available. For instance, in [41] comparison scores are equalized with required error correction capacities, however, more sophisticated approaches to multi-biometric cryptosystems based on score level fusion are non-existent. Biometric fusion at decision level implies the incorporation of a significant amount of biometric templates (e.g. to enable majority voting) in a template protection system. For both technologies, biometric cryptosystems and cancelable biometrics, biometric fusion on decision level can be implemented straight-forward. With respect to biometric cryptosystems a way of performing biometric fusion on secret level could be implemented by a (bit-wise) majority vote of released keys. Even tough approaches to cancelable biometric may easily be fused at decision level, recognition performance does not necessarily correlate with results reported for traditional multi-biometric systems. However, by definition, this level of fusion is restricting the system to a separate protection of multiple templates, which need to be

representations; such mappings must not cause a drastic loss of information.

of feature vectors. This issue can be solve in two ways:

secured individually, and can cause further security risks [6].

by quantizing feature vectors [24]) or

fuzzy vault scheme [43]).

issues.

**5.5. System security**

The presented bookchapter provides an overview of multi-biometric template protection. While both technologies, multi-biometric recognition [2] and biometric template protection [3], suffer from serious drawbacks a sensible combination of these could eliminate individual disadvantages. Different template protection systems incorporating multiple biometric traits, which have been proposed in literature, are summarized. While, at first glance, multi-biometric template protection seems to solve several drawbacks, diverse issues arise. Based on a theoretical framework for multi-biometric template protection several issues, e.g. template alignment at feature level, are elaborated and discussed in detail. While generic approaches to the construction of multi-biometric template protection schemes have remained elusive we provide several suggestions for designing multi-biometric template protection systems.

## **Acknowledgement**

This work has been supported by the Center for Advanced Security Research Darmstadt (CASED).

## **Author details**

Christian Rathgeb<sup>⋆</sup> and Christoph Busch

<sup>⋆</sup> Address all correspondence to: christian.rathgeb@cased.de

da/sec – Biometrics and Internet Security Research Group, Hochschule Darmstadt, Darmstadt, Germany

## **7. References**


[16] H. Xu and R. N.J. Veldhuis. Binary representations of fingerprint spectral minutiae features. In *Proc. of the 20th Int. Conf. on Pattern Recognition (ICPR'10)*, pages 1212–1216,

Multi-Biometric Template Protection: Issues and Challenges

http://dx.doi.org/10.5772/52152

187

[17] J. Breebaart, C. Busch, J. Grave, and E. Kindt. A reference architecture for biometric template protection based on pseudo identities. In *Proc. of the BIOSIG 2008: Biometrics*

[18] A. Juels and M. Wattenberg. A fuzzy commitment scheme. *6th ACM Conf. on Computer*

[19] F. Hao, R. Anderson, and J. Daugman. Combining Cryptography with Biometrics

[20] A. Juels and M. Sudan. A fuzzy vault scheme. *Proc. 2002 IEEE Int. Symp. on Information*

[21] T. C. Clancy, N. Kiyavash, and D. J. Lin. Secure smartcard-based fingerprint authentication. *Proc. ACM SIGMM 2003 Multimedia, Biometrics Methods and Applications*

[22] U. Uludag and A. K. Jain. Fuzzy fingerprint vault. *Proc. Workshop: Biometrics: Challenges*

[23] K. Nandakumar, A. K. Jain, and S. Pankanti. Fingerprint-based Fuzzy Vault: Implementation and Performance. *in IEEE Transactions on Information Forensics And*

[24] C. Vielhauer, R. Steinmetz, and A. Mayerhöfer. Biometric hash based on statistical features of online signatures. In *ICPR '02: Proc. of the 16 th Int. Conf. on Pattern Recognition*

[25] Y. Sutcu, H. T. Sencar, and N. Memon. A secure biometric authentication scheme based on robust hashing. *MMSec '05: Proc. of the 7th Workshop on Multimedia and Security*, pages

[26] F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel. Using Voice to Generate Cryptographic Keys. *Proc. 2001: A Speaker Odyssey, The Speech Recognition Workshop*, 2001. 6 pages.

[27] A. Goh and D. C. L. Ngo. Computation of cryptographic keys from face biometrics. In

[28] A. Kong, K.-H. Cheunga, D. Zhanga, M. Kamelb, and J. Youa. An analysis of BioHashing

[29] J. Zuo, N. K. Ratha, and J. H. Connel. Cancelable iris biometric. *In Proc. of the 19th Int.*

*Communications and Multimedia Security (LNCS: 2828)*, pages 1–13, 2003.

and its variants. *Pattern Recognition*, 39:1359–1368, 2006.

*Conf. on Pattern Recognition 2008 (ICPR'08)*, pages 1–4, 2008.

Effectively. *IEEE Transactions on Computers*, 55(9):1081–1088, 2006.

*and Electronic Signatures*, pages 25–38, 2008.

*Theory*, page 408, 2002.

*Workshop*, pages 45–52, 2003.

*Security*, 2:744–757, 2007.

111–116, 2005.

*(ICPR'02) Volume 1*, page 10123, 2002.

*and Communications Security*, pages 28–36, 1999.

*Arising from Theory to Practice*, pages 13–16, 2004.

2010.


[16] H. Xu and R. N.J. Veldhuis. Binary representations of fingerprint spectral minutiae features. In *Proc. of the 20th Int. Conf. on Pattern Recognition (ICPR'10)*, pages 1212–1216, 2010.

14 New Trends and Developments in Biometrics

24:2115–2125, 2003.

29(9):1489–1503, 2007.

*Intelligence*, 29(4):544–560, 2007.

*and systems (BTAS'10)*, pages 1–6, 2010.

Springer Verlag, 2009.

[1] A. K. Jain, P. J. Flynn, and A. A. Ross. *Handbook of Biometrics*. Springer-Verlag, 2008.

*on Biometrics)*. Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006.

[5] Unique Identification Authority of India. Aadhaar, 2012. retrieved May, 2012.

*EURASIP Journal on Information Security*, 2011(3), 2011.

[2] A. Ross, K. Nandakumar, and A. K. Jain. *Handbook of Multibiometrics (International Series*

[3] C. Rathgeb and A. Uhl. A survey on biometric cryptosystems and cancelable biometrics.

[4] A. Ross and A. K. Jain. Information fusion in biometrics. *Pattern Recognition Letters*,

[6] A. Nagar, K. Nandakumar, and A. K. Jain. Multibiometric cryptosystems based on feature level fusion. *IEEE Transactions on Information Forensics and Security*, 7(1):255–268,

[7] N. K. Ratha, J. H. Connell, and R. M. Bolle. Enhancing security and privacy in biometrics-based authentication systems. *IBM Systems Journal*, 40:614–634, 2001.

[8] R. Cappelli, A. Lumini, D. Maio, and D. Maltoni. Fingerprint image reconstruction from standard templates. *IEEE Transactions on Pattern Analysis and Machine Intelligence*,

[9] S. Venugopalan and M. Savvides. How to generate spoofed irises from an iris code

[10] A. Ross and A. K. Jain. Multimodal biometrics: An overview. In *Proc. of 12th European*

[11] Arun Ross, Jidnya Shah, and Anil K. Jain. From template to image: Reconstructing fingerprints from minutiae points. *IEEE Transactions on Pattern Analysis and Machine*

[12] A. Cavoukian and A. Stoianov. Biometric encryption. In *Encyclopedia of Biometrics*.

[13] A. Cavoukian and A. Stoianov. Biometric encryption: The new breed of untraceable

[14] A. K. Jain, A. Ross, and U. Uludag. Biometric template security: Challenges and

[15] J. Bringer and V. Despiegel. Binary feature vector fingerprint representation from minutiae vicinities. In *Proc. of the 4th IEEE Int. Conf. on Biometrics: Theory, applications*

biometrics. In *Biometrics: fundamentals, theory, and systems*. Wiley, 2009.

solutions. *in Proc. of European Signal Processing Conf. (EUSIPCO)*, 2005.

template. *Trans. Information Forensics and Security*, 6:385–395, 2011.

*Signal Processing Conf. (EUSIPCO'04)*, pages 1221–1224, 2004.

**7. References**

2012.


[30] J. Hämmerle-Uhl, E. Pschernig, , and A.Uhl. Cancelable iris biometrics using block re-mapping and image warping. *In Proc. of the Information Security Conf. 2009 (ISC'09) LNCS: 5735*, pages 135–142, 2009.

[43] K. Nandakumar and A. K. Jain. Multibiometric template security using fuzzy vault. In *IEEE 2nd Int. Conf. on Biometrics: Theory, Applications, and Systems, BTAS '08*, pages 1–6,

Multi-Biometric Template Protection: Issues and Challenges

http://dx.doi.org/10.5772/52152

189

[44] M. Y. Jeong, C. Lee, J. Kim, J. Y. Choi, K. A. Toh, and J. Kim. Changeable biometrics for appearance based face recognition. In *Proc. of Biometric Consortium Conf., 2006 Biometrics*

[45] B. Yang, C. Busch, K. de Groot, H. Xu, and R. N. J. Veldhuis. Performance evaluation of fusing protected fingerprint minutiae templates on the decision level. *Sensor-Journal, Special Issue: Hand-Based Biometrics Sensors and Systems*, 2012(12):5246–5272, 2012.

[46] K. Voderhobli, C. Pattinson, and H. Donelan. A schema for cryptographic key generation using hybrid biometrics. *7th annual postgraduate symp.: The convergence of*

[47] S. Cimato, M. Gamassi, V. Piuri, R. Sassi, and F. Scotti. A multi-biometric verification system for the privacy protection of iris templates. *Proc. of the Int. Workshop on Computational Intelligence in Security for Information Systems CISIS'08*, pages 227–234,

[48] S. Kanade, D. Petrovska-Delacretaz, and B. Dorizzi. Multi-biometrics based cryptographic key regeneration scheme. In *IEEE 3rd Int. Conf. on Biometrics: Theory,*

[49] V. S. Meenakshi and G. Padmavathi. Security analysis of password hardened multimodal biometric fuzzy vault. *World Academy of Science, Engineering and Technology*,

[50] A. Jagadeesan, T.Thillaikkarasi, and K.Duraiswamy. Cryptographic key generation from multiple biometric modalities: Fusing minutiae with iris feature. *Int. Journal of Computer*

[51] M. Zhang, B. Yang, W. Zhang, and T. Takagi. Multibiometric based secure encryption and authentication scheme with fuzzy extractor. *Int. Journal of Network Security*,

[52] Anil K. Jain, Karthik Nandakumar, and Abhishek Nagar. Biometric template security.

[53] F. Willems and T. Ignatenko. Identification and secret-key binding in binary-symmetric template-protected biometric systems. In *Proc. of IEEE Workshop on Information Forensics*

[54] E. J. C. Kelkboom, G. G. Molina, J. Breebaart, R. N. J. Veldhuis, T. A. M. Kevenaar, and W. Jonker. Binary biometrics: An analytic framework to estimate the performance curves under gaussian assumption. *Trans. on System, Man, and Cybernetics-Part A: Systems and*

*telecommunications, networking and broadcasting, Liverpool*, 2006.

*Applications, and Systems, BTAS '09*, pages 1–7, 2009.

*EURASIP J. Adv. Signal Process*, 2008:1–17, 2008.

2008.

2008.

56, 2009.

*Applications*, 2(6):16–26, 2010.

*and Security (WIFS)*, 2010.

*Humans*, 40(3):555–571, 2010.

12(1):50–57, 2011.

*Symposium*, pages 1–5, 2006.


[43] K. Nandakumar and A. K. Jain. Multibiometric template security using fuzzy vault. In *IEEE 2nd Int. Conf. on Biometrics: Theory, Applications, and Systems, BTAS '08*, pages 1–6, 2008.

16 New Trends and Developments in Biometrics

3:922–925, 2004.

11–13, 2007.

pages 1–6, 2007.

2007.

1–6, 2007.

*LNCS: 5735*, pages 135–142, 2009.

*Anal. Mach. Intell.*, 28(12):1892–1901, 2006.

[30] J. Hämmerle-Uhl, E. Pschernig, , and A.Uhl. Cancelable iris biometrics using block re-mapping and image warping. *In Proc. of the Information Security Conf. 2009 (ISC'09)*

[31] M. Savvides, B.V.K.V. Kumar, and P.K. Khosla. Cancelable biometric filters for face recognition. *ICPR '04: Proc. of the Pattern Recognition, 17th Int. Conf. on (ICPR'04)*,

[32] Y. Wang and K.N. Plataniotis. Face based biometric authentication with changeable and privacy preservable templates. In *Proc. of the IEEE Biometrics Symposium 2007*, pages

[33] A. Goh, A. B. J. Teoh, and D. C. L. Ngo. Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs. *IEEE Trans. Pattern*

[34] J. Bringer, H. Chabanne, G. Cohen, B. Kindarji, and G. Zémor. Optimal iris fuzzy sketches. *in Proc. 1st IEEE Int. Conf. on Biometrics: Theory, Applications, and Systems.*,

[35] X. Wu, N. Qi, K. Wang, and D. Zhang. A Novel Cryptosystem based on Iris Key Generation. *Fourth Int. Conf. on Natural Computation (ICNC'08)*, pages 53–56, 2008.

[36] H. Feng and C. C. Wah. Private key generation from on-line handwritten signatures.

[37] A. B. J. Teoh, D. C. L. Ngo, and A. Goh. Personalised cryptographic key generation

[38] N. K. Ratha, J. H. Connell, and S. Chikkerur. Generating cancelable fingerprint templates. *IEEE Transactions on Pattern Analysis and Machine Intelligence*, 29(4):561–572,

[39] E. Maiorana, P. Campisi, J. Fierrez, J. Ortega-Garcia, and A. Neri. Cancelable templates for sequence-based biometrics with application to on-line signature recognition. *Trans. on System, Man, and Cybernetics-Part A: Systems and Humans*, 40(3):525–538, 2010.

[40] Y. Sutcu, Q. Li, and N. Memon. Secure biometric templates from fingerprint-face features. In *IEEE Conf. on Computer Vision and Pattern Recognition, CVPR '07*, pages

[41] E. J. C. Kelkboom, X. Zhou, J. Breebaart, R. N. S. Veldhuis, and C. Busch. Multi-algorithm fusion with template protection. In *Proc. of the 3rd IEEE Int. Conf. on*

[42] C. Rathgeb, A. Uhl, and P. Wild. Reliability-balanced feature level fusion for fuzzy commitment scheme. In *Proc. of the Int. Joint Conf. on Biometrics (IJCB'11)*, 2011. 1–7.

*Biometrics: Theory, applications and systems (BTAS'09)*, pages 1–7, 2009.

*Information Management and Computer Security*, 10(18):159–164, 2002.

based on FaceHashing. *Computers And Security*, 2004(23):606–614, 2004.


[55] A. Stoianov, T. Kevenaar, and M. van der Veen. Security issues of biometric encryption. In *Proc. of the Toronto Int. Conf. Science and Technology for Humanity (TIC-STH)*, pages 34–39, 2009.

**Chapter 9**

**Generation of Cryptographic Keys from Personal**

**Biometrics: An Illustration Based on Fingerprints**

Biometric approach for authentication is appealing because of its convenience and possibili‐ ty to offer security with non-repudiation. However, additional hardware such as biometric scanners and complex software for feature extraction and biometric template matching are required if biometric approach is to provide security for protecting sensitive data such as

Cryptographic approach, on the other hand, ties data protection mathematically to the *Key* that is utilized to protect it. This allows a data owner to have complete control over one's personal information without relying on, or relinquishing control to, a third party authority. The protection of personal sensitive information is also not tied to complex software and

Biometric authentication and authorization for data protection could be thought of as ena‐ bling security based on "what one is." The lynchpin of biometric security is the use of suffi‐ ciently unique, but often imprecise, physiological or behavioral traits to characterize an individual for authentication and identification purposes. The characterization is expressed in form of some biometric signature, which often can be reduced to some feature vector or matrix representation. For example, a biometric face could be expressed in terms of a linear‐ ized vector of color distribution [1], EigenMap [2], or Eigen Face components [3]. In our re‐ search a fingerprint is expressed in terms of a 320x1 vector of integers containing minutia point information, and a voice signature is expressed in terms of a 20x1 mean vector and a 20x20 covariance matrix of Mel cepstrum characterizing the multi-variant Gaussian distribu‐ tion of an individual's voiceprint [4]. The security parameter for assessing the strength of a biometrically based approach is typically related to the size of the underlying feature vector (or matrix) and the number of bits for representing a value, as well as the biometric data dis‐

> © 2012 Sy and Kumara Krishnan; licensee InTech. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

© 2012 Sy and Kumara Krishnan; licensee InTech. This is a paper distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use,

distribution, and reproduction in any medium, provided the original work is properly cited.

Bon K. Sy and Arun P. Kumara Krishnan

http://dx.doi.org/10.5772/51372

personal health information.

**1. Introduction**

Additional information is available at the end of the chapter

hardware systems that may need constant patches.

