International Conference on Intelligent and Advanced Systems 2007
Multimodality to improve Security and Privacy in
Fingerprint Authentication System
Md. Rajibul Islam, Md. Shohel Sayeed, Andrews Samraj
Multimedia University, Faculty of Information Science and Technology (FIST)
Jalan Ayer Keroh lama, 75450 Melaka, Malaysia
E-mail: {md.rajibul.islam05, shohel.sayeed, andrews.samraj}@mmu.edu.my
Abstract-With the pace of increasing online transactions
and communication, the demand for security and privacy
increases. To protect confidential information and to
authenticate people electronically, several solutions already
introduced. Traditional biometric systems that are based on
single biometric usually suffer from problems like impostors’
attack or hacking, unacceptable error rates. To improve
security and privacy and system’s reliability two or more
biometrics of the same identity could be combined in a method
that enhances the efficiency of the system. The biometric
information, however, is irreplaceable information, when it is
compromised. Thereby, one must give a special attention to
protection of such information. We propose a novel protection
technique for the biometric information, especially the feature
information and the templates. The point of our proposal is
securely embeds and extracts an iris template in a fingerprint
image using a combined DWT and LSB based biometric
watermarking algorithm in each authentication. The
embedded data travel through insecure communication line
like the internet, and they are used in matching process. This
technique causes security against eavesdropping and replay
attacks on the internet, because the watermark embedded
transmitted data are used in the authentication session after
watermark extraction.
Index Termsņ Multimodal biometric, security, Biometric
authentication, Watermarking, Template protection.
I. INTRODUCTION
With the wide spread utilization of biometric
identification systems, establishing the authenticity of
biometric data itself has emerged as an important research
issue. The fact that biometric data is not replaceable and is
not secret, combined with the existence of several types of
attacks that are possible in a biometric system, make the
issue of security/integrity of biometric data extremely
critical [1]. Although there has been much research on
combining different biometrics for a variety of purposes,
however, not much work has focused on the combination of
fingerprint and iris, which are two of the characteristics that
can reach the best recognition performance for high security
applications [8].
In this paper, we propose a novel compatible scheme with
the popular biometric systems. Our main idea is to improve
the security and privacy in biometric authentication by using
multimodal biometric in an anxious environment. That is,
communicated data of the features and the templates is
embedded in every authentication session for even unique
person. The prospects of our scheme are as follows:
i) The fingerprint and the enrolled iris templates are
embedded by watermarking technique, and matching is done
by using the extracted features after extraction of iris
templates from fingerprint.
1-4244-1355-9/07/$25.00 @2007 IEEE
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 3, 2008 at 01:34 from IEEE Xplore. Restrictions apply.
ii) Because of embedded authentication data for each
authentication session, our scheme needs no apprehension
about impostors’ attack or hacking the transformed
information in the communication through untrusted
channels.
In this paper, we assume the watermarking algorithm
which is already exists, we discuss the privacy protection
and our proposed biometric authentication scheme.
If this requirement is satisfied, even though eavesdroppers
collect communication data from the attack phases shown in
Fig. 1, they cannot obtain the enrolled fingerprint or iris
templates or the extracted features. When they monitor
some person’s entire authentication, they obtain only
embedded data which has no correlation with the
authentication sessions. An authentication server which
performs matching process obtains the extracted data after
extraction the iris template from fingerprint.
In the rest of this paper, we describe in section II, attack
phases, what information should be protected in the
biometric authentication, section III, gives a definition of
Watermarking based on a combination of wavelet and LSB
and an explanation of our proposed authentication protocol.
In section IV, we explain a discussion of security in
proposed scheme. Finally, section V concludes this paper.
II. ATTACK PHASES
Many of the possible attacks in fingerprint authentication
were identified as shown in Fig. 1, [2]: (a) attack at the
sensor, (b) attack on the channel between the sensor and the
feature extraction, (c) attack during the time of feature
extraction, (d) attack on the channel between the feature
extraction and the matcher, (e) attack on the matcher, (f)
attack on the channel between the matcher and the database
of templates, (g) attack on the database of templates. These
attacks are elucidated in details in [2].
c g
a e
Feature
Scanner Extraction Matcher
Database
of
Template
b d f
Sensor Client Server
Fig. 1- Diagram of the Attack Phases
~ 753
 International Conference on Intelligent and Advanced Systems 2007

In this paper, we focus on all of this attack. To evade the approximation band is not modified during
possible threats caused by this attack, we have used embedding or extraction.
multimodal biometric specially fingerprint and iris. In the Step 2: The detailed sub-bands are divided into
next section we have presented our proposed approach. blocks I 1 ,I2 ,…,Ir of size M x N and the coefficients in
each block are numbered in raster scan order. From each
A. Complexities in this work
block, the first wavelet coefficient that has a positive phase
Biometric authentication has two phases of processing,
and whose value is less than threshold Ș is selected. The
that is, enrollment and authentication. In the enrollment
second LSB of the selected coefficient is replaced by one
phase sensor device acquires a user’s biometric raw data.
bit from the iris template. This process is written as
Next step is feature extraction of the biometric raw data.
follows
The obtained features are enrolled as templates in the
database. ­
° (i, j )) = F ( x, y )
On the other hands, in the authentication phase, capture ′ (i, j ) = ® LSB2 ( Iifw Phase
Iw ( I w ( i , j ))≥0 & I w ( i , j )<η
process and feature extraction process are in common with
°̄ I w (i , j )if Phase( I w (i , j ))<0 (1)
enrollment. The matching process performs comparison
between the extracted features and the enrolled templates.
where Iƍw(i,j) are the wavelet coefficients in block Ir.
The matching process evaluates the judgment result and
F(x,y) is the iris template, Iw(i,j) is the wavelet decomposed
calls the user accept or reject referring authentication policy.
fingerprint image, Ș is the threshold which decides whether
When we apply this biometric authentication to internet
the watermark bit is inserted or not, and LSB2 denotes the
services, we must consider a part or all of the above five
second_LSB.
processes are included in separate entities distributed in
Step 3: If the number of bits in the iris template F(x, y)
internet. Because the biometrics on the internet services
is less than the number of blocks in the fingerprint image,
requires communication of the authentication information
then all bits of the iris template can be embedded.
like the feature information, the template information, the
Otherwise, the following procedure is used to embed the
authentication results etc. between the five processes
remaining bits of the iris template:
through the internet. Since the internet is not safe against
(a) For each block Ir, a message block MBr is formed by
replacement, eavesdropping and imposture, we must
selecting few high order bits from each pixel of Ir. A key K
appreciate that inadequate security for the above
is appended to message block MB r . The value K is
information compromises the user’s biometric information
sufficiently large to prevent an attacker from using
as one of the personal information. Because biometric
brute force to remove the watermark.
information is unique in general, the user is unable to re-
(b) The key K is used to compute a cryptographic hash
enroll to the biometric authentication system [5]. Also
of the message block
assume that, even if eavesdroppers obtained only encrypted
biometric information, their replay attacks can menace the
H r = H(MB r )K (2)
biometric system. Thus, protection of the biometric
information from these attacks is one of the major problems
(c) The value of [Hr mod (M × N)] gives the pixel position
in the biometric authentication as well as privacy protection.
for embedding the watermark bit. The watermark bit is
In the next section, we focus protection of the feature
embedded depending on the value of the most significant
information and the template information using multimodal
bit (MSB) of the hash value Hr. If the MSB of Hr is 0
biometric embedding by watermarking based on a
then the facial bit is inserted unchanged; otherwise the
combination of wavelet and LSB. This model gives the
complement of the iris bit is inserted.
impression to be a practical implementation as a remote
Step 4: After embedding all the bits from the iris
biometric authentication. In this model, we must save the
template. Inverse Discrete Wavelet Transformation
features and the templates as personal information from
(IDWT) is applied on the watermarked fingerprint
challengers.
coefficients to generate the final secure watermarked
III. WATERMARKING ALGORITHM fingerprint image. Fig. 2 shows the watermark embedding
For watermarking, the fingerprint image is used as the process.
base or the cover image and the iris features are used as Any change in the value of Ir produces an entirely
the watermark [4]. These features are the iris template [3] different hash and can make the watermark undetectable.
obtained by convolving the iris image with 2D Gabor filter. Since the attacker does not know the key K, it is not
The algorithm is divided into two parts, watermark possible to compute the hash value Hr . Also, high
embedding and watermark extraction. order bits are chosen for watermark insertion because
any change in these values will degrade the quality of the
A. Watermark Embedding Algorithm image and hence the biometric verification performance.
Step 1: Two-level Discrete Wavelet Transform (DWT) is
applied on the original fingerprint image I. The
coefficients of the approximation band of the DWT image
contain significant details of the fingerprint image. Hence

754 ~

Authorized licensed use limited to: IEEE Xplore. Downloaded on December 3, 2008 at 01:34 from IEEE Xplore. Restrictions apply.
 International Conference on Intelligent and Advanced Systems 2007

Iris Fingerprint Watermarked Fingerprint Image

Key K
Key K

2D Gabor DWT Image Synchronization

Hash Table
Hash Table Synchronized
Image
Embedding
Iris Iris Template e
Template e in Fingerprint
DWT

IDWT Extraction
of Iris
Template
from
Fingerprint

Watermarked Fingerprint Image

Fig. 2 – Watermark Embedding Process

B. Watermark Extraction Algorithm

Step 1: The image is first synchronized with the block Extracted Extracted Iris
boundaries. The synchronization is performed Fingerprint Image Template
corresponding to the blocks of size M × N formed during the
embedding process. DWT is first applied on the image Fig. 3: Watermark Extraction Process
and the detailed sub-bands are divided into blocks of size
C. Requirements of the authentication system using
(2M-1) × (2N -1).
Watermarking Technique
Step 2: For each block of size M×N, the following steps
For construction of the authentication system, we suppose
are performed for synchronization of block boundaries:
five entities which are sensor, client, authentication server,
(a) Similar to the embedding process, a
database storing templates, watermark extraction generator
corresponding message block MBr is formed by selecting
and time-stamp server as shown in Fig. 4. In Fig. 4, the
few high order bits from each pixel of that block and a key
watermark extraction generator and the time-stamp server
K is appended to it.
are TTP. Below are the requirements for watermark
(b) The cryptographic hash of MBT is computed as
extraction generator: Algorithm of the watermark based on a
before using Equation 2.
combination of wavelet and LSB and input values of
(c) The synchronized block boundaries are identified
embedded fingerprint and iris template. In order to give time
by comparing the last few bits of the hash value Hr with
dependency to watermark extraction generator, the input
the LSBs of pixels in every block and its neighboring
values are authentication session ID with time-stamp data
blocks.
signed by time-stamp server and extracted value of
Step 3: From each synchronized block, the first coefficient
watermark extraction generator.
with positive phase and whose value is less than the
threshold Ș is identified. The watermark bit is extracted D. Proposed protocols of the biometric authentication
from this coefficient. using watermarking technique
Step 4: The remaining bits of the watermark are We present an authentication protocol using
extracted by computing the pixel position for each block watermarking technique here. In the section, (1) - (19)
where the bit was embedded. The pixel positions are denote numeral notations shown in Fig. 4.
calculated using the expression [Hr mod (M × N)]. The MSB a) In process (1), client sends a request to sensor and (2)
of Hr is analyzed to determine if the actual value or its and (3) denote capturing fingerprint and iris, then generates
complement was inserted and the bit is extracted. watermark embedding process. In (4), client receives the
Step 5: These extracted bits are arranged to form the watermarked embedded fingerprint image.
iris template and IDWT is applied on the fingerprint
image to generate the watermark extracted fingerprint
image. Fig. 3 shows the extraction process of the
fingerprint and the iris template from the watermarked
fingerprint image.

~ 755

Authorized licensed use limited to: IEEE Xplore. Downloaded on December 3, 2008 at 01:34 from IEEE Xplore. Restrictions apply.
 International Conference on Intelligent and Advanced Systems 2007

1. Request
5. Request of
authentication
session
4.watermarked
fingerprint 6. Accept and
image. start
authentication

Watermark extraction generator

7.
Confirmation
of start.

Authentication Server

Database of Template
Time stamp Server
8. 8.
Authentication Authentication
session session
Sensor

Client

10.
Authentication
session ID

11. Session ID

13. Watermark
13. Watermark extraction
extraction process
process
16. Signal of
finish
17. Request of watermark 17. Request of
extracted data extraction extracted data

18. Extracted 18. Extracted

data data

9. Verification of
2. Acquisition 14. Extract iris the received data 19. Feature 15. Extract iris
fingerprint and template from from client and matching and template from
iris. fingerprint authentication judgment fingerprint
3. Watermark image server. image
embedded 12. Generating
process. watermark
extraction process

Fig. 4: Proposed protocol of the authentication session using watermark based on a combination of wavelet and LSB to sending
extracted fingerprint features and extracted iris template

b) Processes from (5) to (7) signify negotiation for
beginning the authentication. After these steps, the client and
the authentication server share the authentication session ID.
c) Process (8) shows, watermark extraction generator
receives request of generating watermark extraction process
with the session ID from both of the client and the
authentication server.
d) Process (9) is a verification of the received data of the
authentication session. In (10) and (11), the watermark
extraction generator obtains timestamped data of the above
session ID. The timestamped data is used for a parameter of
watermark extraction process generation and a confirmation
of the session performed.
e) About process (12), please refer the discussion in
subsection 3.2.
f) In (13), the watermark extraction generator sends the
generation process to both of the client and the database of
enrolled templates.
g) In (14) and (15), the client and the database apply the
watermark extraction process to the embedded data
respectively. In order to end the generation process, the
watermark extraction generator sends signal of the end to the
authentication server in process (16).
h) In (17)-(19) the authentication server obtains the
extracted fingerprint data and iris templates. After the above
protocols finished, the authentication server performs
matching process and judgment process.
i) The authentication server calculates the matching score
based on minutiae. In judgment process, the authentication
server decides accept or reject by comparing minutiae of the
fingerprint obtained from database of template with live
captured fingerprint image.
IV. DISCUSSIONS OF SECURITY OF THE PROPOSED
AUTHENTICATION SCHEME
The analysis of potential vulnerability of Biometric
Authentication against attacks has been largely overlooked.
That means a sophisticated attacker could gain access to both
the embedded templates and the whole attack phases
described in section 2.0 (see Fig. 1). The only thing he
cannot obtain is a user’s biometric. Such an attacker, fully

756 ~

Authorized licensed use limited to: IEEE Xplore. Downloaded on December 3, 2008 at 01:34 from IEEE Xplore. Restrictions apply.
 International Conference on Intelligent and Advanced Systems 2007
familiar with the system and exploiting its weaknesses, will
not be doing just a watermark extraction process in order to
break the embedded template. As an alternative, he will
devise various attacks that can be run in a realistic time
frame. The watermarking algorithm must be flexible against
those on-line attacks.
Here, we discuss the security of the above proposal. First,
we mention the security of the framework of the proposed
authentication scheme. If challengers’ success to steal the
value stored in the watermark extraction generator, they can
become impostor of the watermark extraction generator.
After that, the watermark extraction generator loses trust
from other entities in Fig. 4. However, even if adversaries
hijack the watermark extraction generator, because it
receives no personal information, of course including the
original template and the extracted feature, the takeover does
not threaten the user’s privacy. Then we consider the case of
a malicious authentication server collects information. In this
structure, it receives embedded transformed data. As
abovementioned, they imply no information before
extraction the embedded data. Besides, the malicious sever
cannot know the corresponding watermark embedded
process. Hence, the malicious server obtains no information
about original templates and extracted features.
Next, we consider security of the information transformed
by watermarking against hill-climbing attack [6], [7], replay
attack, collusion attack. Hill-climbing attack uses of replied
matching score in order to make a fake. When the
application server sends the matching score to client
(adversary) in Fig. 4, the adversary transforms embedded
feature data selected from database which the adversary
constructs.
The adversary sends the transformed features to the
authentication server. Because this system changes the
calculation algorithm of matching score and threshold for it
according to minutiae, it is difficult for the adversary to
improve the fake from the replied matching score. Therefore,
the probability of the adversary’s success on our proposed
authentication scheme becomes less than conventional
biometric authentication.
In general, replay attack is impossible, if previously
obtained information is not reusable. When adversaries
eavesdrop on the communication between the client and the
authentication server, they obtain only embedded
transformed features which are not reusable. Hence, no
adversary successes replay attack on the proposed
authentication scheme. If the adversaries can listen to the
communication from the watermark extraction generator,
they obtain the information of watermark extraction process.
When they reuse this information, the client and the database
can detect replay attack by verifying the difference among
the information of watermark extraction used in former
authentication sessions.
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 3, 2008 at 01:34 from IEEE Xplore. Restrictions apply.
Two cases of conspiracy attack establish possibly. The one
of case is that the client conspires with the watermark
extraction generator. In this case, the client can obtain not
only watermark extraction process but also information of
evaluation function. Therefore, adversaries who can perform
normal hill-climbing attack success the conspiracy attack.
The other one is that the authentication server stands in with
the watermark extraction generator. The manner of attack is
same as the above one.
V. CONCLUSION
In this paper, we focus the problems of the current studies
of the template protection. As a countermeasure, we
proposed the authentication scheme to protect the biometric
templates and the extracted features. The main concept of the
proposed authentication scheme is that stolen biometric
information is not reusable by using a combined DWT and
LSB based biometric watermarking algorithm, in every
authentication for even same person. As a result, we obtained
the view of the security of our proposed authentication
scheme against hill-climbing attack and replay attack during
the watermark extraction generator keeps security.
This paper described only concept of such authentication
scheme. As future works, we should study practical
generating algorithm. In addition, we should research formal
analysis of information theoretic security and time of
calculation in this proposed authentication scheme.
ACKNOWLEDGMENT
The author would like to express his sincere gratitude to
his project supervisor Md. Shohel Sayeed and his co
supervisor Andrews Samraj for all their helpful guidance and
advice.
REFERENCES
[1] A. Jain and U. Uludag, “Hiding Biometric Data”, IEEE Transactions
on Pattern Analysis and Machine Intelligence, Vol. 25, No. 11, pp.
1494-1498, 2003.
[2] D. Maltoni, et al., Handbook of Fingerprint Recognition, Springer,
2003.
[3] N. Petkov and M.B. Wieling, “Gabor filter for image processing and
computer vision” (On line),
http://matlabserver.cs.rug.nl/edgedetectionweb/web/index.html
[4] Mayank Vasta, Richa Singh, Afzel Noore, Max M. Houck and Morris,
“Robust biometric image watermarking for fingerprint and face
template protection”. IEICE Electronics Express, Vol.3, No.2, pp. 23-
28, 2006
[5] P. Reid, “Biometric for Network Security”, Prentice Hall, 2004.
[6] C. Soutar, “Biometric System Security”, Secure No. 5, pp. 46-49, 2002
(URL: http://www.silicontrust.com/pdf/secure_5/46_techno_4.pdf)
[7] A. Dimovski, D. Gilogoroski, “Generating highly nonlinear Boolean
function using a genetic algorithm”, 1st Balkan Conference on
Informatics, 2003.
[8] Alessandra Lumini and Loris Nanni, “When Fingerprints Are
Combined with Iris – A Case Study: FVC2004 and CASIA”,
International Journal of Network Security, Vol. 4, No.1, PP. 27–34,
Jan. 2007.
~ 757