Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System

(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December , 2012.

Detection of PARD Attack on Secure Authentication System

Based on Fingerprint Impression
Indu Verma* and A.K. Vatsa**
*AKGEC, Ghaziabad, (U.P) INDIA.
**Department of Computer Science, University of Missouri, Columbia, MO, USA
Email: induverma029@gmail.com, avimanyou@rediffmail.com

Keywords: Biometrics, Fingerprint, Security,
Authentication, PARD attack., Minutiae features,
Encoding, Decoding.
Abstract: The trustworthy information security
mechanisms are required to contend with the rising
atrociousness of identity theft in the cyber and electronic
society, the biometric like fingerprint authentication can
be used to ensure that only the legitimate user can access
to intended system. Although the biometric authentication
systems are very secured but the biometric systems are
also exposed to a number of attacks like ersatz feature
attacks, Brute force, Hill climbing attacks, Replay attacks,
Latent print attacks, worm attacks, Dead feature attacks,
Software leaks and Use of force attacks are most typical
and vital to biometric security parts, so it is important
to address the issue of secure design of the biometric
system, Therefore, in this paper a PARD attack on secure
authenticated system to identify that the system is able to
detect the attack done by the interlopers is proposed. Thus,
a combination of extracted fingerprint features and bio-
crypto key will entail generating a secure authentication
system based on fingerprint impression meant for PARD
attack using fingerprint verification through extracting
and matching minutiae, and to incorporate the instability
of the user’s biometric features into the generated key,
so as to make the key unguessable to an attacker lacking
significant knowledge of the user’s biometrics.
1. Introduction
Biometrics has gained a lot of importance; the reason is
that it is the only means of identification of a biological
entity by a non-biological entity e.g. a computer machine.
With the advent of extensive use of computer machines
for secure transactions through cyber crimes the various
important data like e-mails, e-banking, e-purchasing, etc.
and correct identification of the user is very important. The
prevalent systems use mostly passwords directly as a key
for the cryptosystem or sometimes they use the password
to get an access to the password stored in some smartcard
possessed by the user. The major loophole in using such
a security is that these passwords being very simple can
be remembered by any user and hence are prone to be
compromised as most of the time these passwords are easy
to guess. Also carrying a number of smartcards which
contain the key is very inconvenient. Using password or
key itself is very vulnerable, take credit cards for instance,
any good hacker can install key-loggers or other such
software on one’s system and can have access to credit
card number and any other information that one might not
want to share.
Another big problem with the prevalent cryptosystems
is repudiation of the illegal things done by people over the
electronic media. Either people don’t identify themselves
correctly while creating an account with some server
which they are eventually going to disavow after doing
some illegal things, or they simply escape by saying that
somebody stole their password. Biometrics completely
depicts the identity of the person and eliminates the case
of non-repudiation; also there is no need to remember long
passwords. But these benefits can be redeemed by their
proper usage only.
In forensics, criminal identification[2] and prison
security are some of the applications which employ
biometrics in a comprehensive manner. In fact, a broad
range of civilian application areas are utilizing biometrics.
Biometric system is essentially a pattern recognition
system[13] that recognizes a person by determining the
authenticity of a specific physiological and or behavioral
characteristic possessed by that person.
The generic criteria for gathering the fingerprint
credentials can be divided into five subsystems: Data
collection, Transmission, Data storage, Signal processing
and decision systems.
Data Collection: This subsystem uses a sensor or camera
to acquire the image of the fingerprint of the user.
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.
Transmission: This subsystem transmits the data collected
from data collection module after compressing it, to the
data storage and signal processing module.
Data Storage: Stores the image and template of the user.
Signal Processing: This is the most important module
of the system. It performs feature extraction by image
processing techniques and pattern matching operations.
Decision: This module performs identification or
verification by using the match scores.
There is a requirement to emphasis on the important
issues of data processing and authentication to merge
biometric and cryptography for binding and generating
bio crypt. The performance of bio crypt based systems
is dependent on the quality of the enrolled biometric.
Enrolment quality can be affected by accidental or
deliberate events and environmental conditions, and the
result of low enrolment quality is almost inevitably due to
poor system performance. If the performance is poor the
security will be compromised, and there may be excessive
dependence on the fallback system.
Diverse biometric techniques that are under research
include fingerprints[14], facial[15], palm prints, retinal and
iris scans[16], and hand geometry[17], signature capture and
vocal features[18]. With the help of these information’s
the fake person and authorized person can be easily
identified. This information is related to human body
and their structure which are unique in this earth[35,36].
The fingerprints are eternally associated with a user and
cannot be replaced, through various studies it has been
observed that no two persons have the same fingerprints,
hence they are unique for every individual. Ultimately, a
cryptographic key in combination of fingerprint impression
generation is required to make the system secure, therefore
the system based on the fuzzy vault is constructed. The
cryptographic key thus generated will be irrevocable and
also will provide increased protection in cryptography
based security systems [3]
This paper is organized in Chapters. The introduction
of Bio-metric information, security and authentication
etc are discussed under the heads of the Introduction in
Chapter 1. The Backgrounds of this paper is mention
in Chapter -2 that includes the literature review of this
paper. The chapter 3 mention the proposed architecture
and mechanism for Detection of PARD attack on secure
authentication system based on fingerprint impression
under heads of Proposed Work. The Chapter-4 concluded
this paper and mention further enhancement of this paper
under heads of future scope in chapter – 5. Finally, all the
references used in this paper are included in Chapter -6
under heads of references.
2. Background
This work is motivated by variety of earlier researchers
with their work existing within the literature regarding
fingerprint biometrics, cryptography and cryptographic
key generation.
The efficient and effective mechanism for confidentiality
and authentication for biometric information[1] enhances
the speed of encryption, decryption and authentication
process. It uses arithmetic encoding scheme and public
key cryptography e.g. modified version of RSA algorithm
called RSA-2 algorithm[34], the bio-metric information is
converted into integer real values and encodes this value
with arithmetic coding[38]. Which produces integral length
code and result is in floating point number. This can
provide more security because the probability of alphabet
or decimal number is set by the user and it is known only
to authenticated person.
The fingerprint recognition can be understood by an
effort to how Fingerprint Recognition[29] is used as a form
of biometric to recognize identities of human beings. It
includes all the stages from minutiae extraction from
fingerprints to minutiae matching which generates a match
score.
The authors have presented a partial thinning scheme
to reduce the computation of thinning, and implement
a fingerprint recognition system based on this partial
thinning scheme[30]. The real time fingerprint recognition
system consists of four stages: pre-processing, image
enhancement, minutiae extraction, and minutiae
matching.
Biometric technique as an automated methodology[19]
for the recognition of a person based on behavioural or
physiological characteristics is presented. The authors
concluded that biometric technologies are now the key
to an extensive array of highly secured identification and
personal verification solutions[2].
The basics of fingerprint biometric modality[32], its
applications, and the various methods for extracting
minutiae points from input fingerprint images are presented
in detail. Further the paper represents ways for generating
the strong bio-crypt key based mostly on fingerprint.
Fingerprint biometric modality is predominantly thought
of due to its two vital characteristics uniqueness[39] and
permanence that’s ability to stay unchanged over the
lifetime.
Comparison among the traditional security systems[31]
with biometric systems is discussed. The lack of secrecy
(e.g., leaving fingerprint impressions on the surfaces we
touch), and non-replace ability (e.g., once the biometric
data is compromised, there is no way to return to a secure
situation, unlike replacing a key or password) are identified
as the main problems of biometric systems.
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.
Typical threats for a generic authentication application
are there, which may result in quite different effects for
traditional and biometrics-based systems[5]. In Denial of
Service (DoS), an attacker corrupts the authentication
system so that legitimate users cannot use it.
For a biometric authentication system, an online
authentication server that processes access can be
bombarded with many bogus access requests, to a point
where the server’s computational resources cannot handle
valid requests any more.
A detailed review of different biometric cryptosystems
has been presented in[19]. Based on this study, it is clear that
the techniques proposed in[20]–[27] have their own advantages
and limitations in terms of security, computational cost,
storage requirements, applicability to different kinds
of biometric representations and ability to handle intra-
class variations in biometric data. This paper focuses on
a specific algorithm known as fuzzy vault which was
originally proposed by Juels and Sudan in[28].
3. Proposed Work
A. Architecture and working of Detection of PARD
attack on secure authentication system based on
finger print impression:
A biometric system is embedded in the authentication
process of an identity management system. Its result is used
to decide if the individual that has delivered the biometric
data shall be recognized by the identity management
system. The flow of the data in the Fig. 2 is as follows:
z Take fingerprint impression as input.
z Extraction of Minutiae points from fingerprint is done
in four parts:
o HistoFMedian method is used to enhance the
fingerprint image
o Binarization is applied on the enhanced image.
o Region of Interest is extracted by using
morphological operations.
o Using Thinning algorithm features are extracted
from digitized data.
z On the extracted features now apply key KFV to
encode the feature vector.
z At the same time an attack named PARD attack hit the
secured system but as the features are encoded with
the key so it will be detected by the matcher.
z A Matcher is a comparison process that evaluates the
similarity between the reference templates residing
in the database and the captured data sample and that
result in a similarity score.
z Assume that the data available in Fingerprint database
is also encrypted with the same i.e by key KFV at the
time of enrollment of the person.
z If the authentication process authenticates the person
who want to use the application device, the secret
features will be extracted now and will be available to
the application devices, otherwise the authentication
process will not allow the person to use the data.
z The key will not get released just after extraction of
the features because of the security issues, in fact key
will be released on the same side of the application
device, otherwise meanwhile an attack can hit on the
secret data.
B. Working Principle:
It is divided into four parts – preprocessing of Fingerprint
Image, key generation, authentication and PARD attack.
1) Preprocessing of Fingerprint Image:
a) Fingerprint Image enhancement: This technique
is used to make the image clearer for easy further
operations. Since the fingerprint images acquired
from sensors or other Medias are not assured with
perfect quality, those enhancement methods, for
increasing the contrast between ridges and furrows
and for connecting the false broken points of ridges
due to insufficient amount of ink, are very useful for
keep a higher accuracy to fingerprint recognition.
HistoFMedian image enhancement Method is
adopted for image enhancement stage i.e for contrast
expansion, in this method histogram image array[33] is
created, divied the image into two sub images based
on median, calculate cumulative image histogram and
performed Fast Fourier Transform (FFT) according
the formula given below.
M −1 N −1 ⎧ ⎛ ux vy ⎞⎫
F (u , v)= ∑ ∑ f ( x, y )×exp⎨− j 2 π×⎜ + ⎟⎬ (1)
⎩ ⎝ M N ⎠⎭
x =0 y =0
In order to enhance a specific block by its dominant
frequencies, the FFT of the block was multiplied by its
magnitude a set of times.
Where the magnitude of the original
FFT = abs(F(u,v)) = |F(u,v)|
The enhanced block is obtained according to
g(x,y)=F-1{ F(u,v) * |F(u,v)|k} (2)
The k in formula (2) is an experimentally determined
constant, which was chosen as k = 0.45 to calculate. While
having a higher “k” improves the appearance of the ridges,
filling up small holes in ridges, having too high a “k” can
result in false joining of ridges. Thus a termination might
become a bifurcation. The transformation[32] of the two
sub images is to be computed now and after obtaining the
enhanced block rescan the image and write the output.
b) Binarization of Enhanced Image: Translation of a
grey level image into a binary image is done by a
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.

process called binarization [6], i.e Fingerprint Image

Binarization is to transform the 8-bit Gray fingerprint
image to a 1-bit image with 0-value for ridges and
1-value for furrows. After the operation, ridges in the
fingerprint are highlighted with black colour while
furrows are white. A locally adaptive binarization Fig. 1: Key generation
method is performed to binarize the fingerprint image.
Such a named method comes from the mechanism of 3) Authentication Mechanism: Security of access
transforming a pixel value to 1 if the value is larger control involves authentication of user and of the
than the mean intensity value of the current block application. A user through some sensing devices like
(16x16) to which the pixel belongs. fingerprint scanners, smart card readers etc., gathers
c) ROI extraction by Morphological operations: For credentials[11]. Then the access control system offers
ROI extraction from the binary fingerprint image, authentication as security service and also many
the morphological opening and closing operations more,
are to be applied using a structuring element. The In the authentication mode, the system authenticates an
morphological operators[7] will throw away the individual by searching the templates of the users stored in
leftmost, rightmost, uppermost and bottommost the database for a match. Therefore, the system conducts
blocks out of the bound, so as to get the tightly a one-to-many comparison to authenticate an individual’s
bounded region just containing the bound and inner identity without the subject having to claim an identity.
area. The bound is the subtraction of the closed area
4) Detection and Attack: In spite their abundant
from the opened area.
advantages, biometric systems are vulnerable to
Two Morphological operations called ‘OPEN’ and attacks, which can decrease their security[4]. The
‘CLOSE’ are adopted. The ‘OPEN’ operation can expand discuessed attack system inputs synthetic minutiae
images and remove peaks introduced by background noise. sets to the matcher with the aim of gaining access to
The ‘CLOSE’ operation can shrink images and eliminate the system in place of a genuine user. Note that the
small cavities.
user’s template information is unknown to the attack
d) Feature extraction from digitized data: The minutiae system. Using the scores returned by the matcher and
points are extracted from the preprocessed fingerprint the characteristics of these minutiae sets, the attack
image using Thinning. Thinning is defined as a system tries to generate a minutia set that results
morphological operation in which the foreground in a sufficiently high matching score to achieve
pixels are eroded in succession till they are one positive identification. In this paper the PARD attack
pixel wide. The Ridge Thinning algorithm is made is discussed, the term PARD is an abbrevation to
use of in the proposed approach for Minutiae points’ four operations(Perturbing, Adding, Replacing, and
extraction. It extracts minutiae points by getting rid of Deletion) which can be performed on the secure data
the redundant pixels of ridges until the ridges become to prevent access of the authorised users, the block
just one pixel wide. diagram of the attack system is given in Fig 3.
2) Key Generation Mechanism: The biometric system
is also vulnerable to a number of adversary attacks,
it is important to address the issue of secure design
of the biometric system. Biometrics based key
generation method, is that since secret and biometric
templates are securely stored in the crypto biometric
template, the system is less vulnerable to attacks on
the template information database. When biometric
identifiers are employed as “keys” in the context of
the cryptographic system, demanding such exactitude
is impractical, that is, for the same biometric entity
that is analyzed during different acquisitions, the
extracted biometric data will significantly vary due
to acquisition characteristics. The key generation
Fig. 2: Architecture of Detection of PARD Attack
mechnism is shown in Fig 1.
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.

if(f(m,n)>Th)// f(m,n) is the pixel value located in the

mth column, nth row
G1 = f(m,n) // object pixel
else if(f(m,n)<=Th)
G2 = f(m,n) // background pixel
m1 = avg( G1) // The average of each set is
computed.
m2 = avg(G2)
Th’ = (m1 + m2)/2
if(Th(aprx)!=Th)
Fig. 3: Overview of the attack system. {
Bin_image(Th’)
C. Mechanism for Detection of attacks on secure //keep repeating until the new threshold Th’ matches
authentication system: the one before it Th.
The proposed mechanism is described in following }
four phases: }
Phase - 1: Fingerprint Impression as input for
Authentication: Step –IV: Segmentation of digitized values
Step-I: Take samples of finger print Impression for ROI extraction by Morphological operations: To extract
authentication of intended user. the ROI, a two-step method is used. The first step is block
Step-II: Fingerprint Image Enhancement direction estimation and direction variety check, while the
second is intrigued from some Morphological methods.
z Create and initialize histogram array.
z Scanning the skeleton of finger print image left to
z Calculate the Histogram median (HMD).
right and top to bottom
z Divide the image array H of a section with gray level
o Bound = openArea - closedArea
of H = HT, and two sub images will be HL and HU
o L2R = sum(Bound)
based on the median HMD.
o roiCol = find(L2R>0)
o H = Hl U Hu, Here HL=(H (i,j)|H (i,j)< HT, ∀
o left=min(roiCol) , right = max(roiCol)
H(i,j) ∈H) (H (i,j) | H (i,j)≥ HT, ∀ H (i,j) ∈H )
o tr_bound = bound’
z Scan every pixel and increment count.
o top2dw=sum(tr_bound)
o Count++
o roiRow = find(top2dw>0)
z Form the cumulative image histogram.
k
o top = min(roiRow),bottom =max(roiRow)
o CL (HK) = 1/p ∑ pi, k = 0,1,2,…., T-1… z Cut out the ROI region image and show background,
i=0 bound, innerArea with different grey intensity by
l-1 setting it equal to 0,100,200
o CU (HK) = 1/p-1 ∑ pi, k = T, T+1,..…, L-1 ◘ for i = top to bottom
i=0
for j = left to right
z Perform Fourier Transform according to the formula if (Bound(i,j) == 1)
and find FFT. tmplate(top,bottom,left,right) = 200;
z Multiply FFT by its magnitude.
tmp(top,bottom,left,right) = 1;
z Compute transform of the two sub images.
elseif inArea(i,j) == 1 & inBound(i,j) ~=1
FL (HK) = H0 + (HT–1 - H0) c (Hk), k = 0 ,1, …T - 1 tmplate(top,bottom,left,right) = 100;
FU (Hk) = HT + (Hl-1 - HT) c (Hk), k = T,T+1,…..L-1 tmp(top,bottom,left,right ) = 1;
Obtain enhanced block and rescan the image and write end loop
output image with gray level. end loop
Step – III: Binarization of enhanced Image z Calculate roiBound = Bound(top to bottom, left to
z An initial threshold (Th) is chosen randomly. right)
z Bin_image(Th) z Set roiArea = inArea(top to bottom, left to right)
{// The image is segmented into object and background Step – V: Feature extraction from digitized data
pixels, into two sets: G1 and G2 i. Scanning the skeleton of fingerprint image row by
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.

row from top-left to bottom-right. Check if the pixel
is 1.
ii. Count its four connected neighbors.
iii. If the sum is greater than two, mark it as an erroneous
pixel.
iv. Remove the erroneous pixel.
v. Repeat steps i to iv until whole of the image is scanned
and the erroneous pixels are removed.
Phase – II: Encoding and Decoding with Key Generation
Mechanism: It can be summarized a biometric (fingerprint)
key generation system, a cryptographic construct called
the fuzzy vault[3]. For simplicity, assume that the system
uses 8-bit –coordinates of fingerprint minutiae features but
it can be (and has been) extended to include other minutiae
information as well. Further assume that x-coordinates
have been appropriately coarsely quantized (e.g., to the
nearest number divisible by 5).
Encoding: Fig 4 shows the Encoding process, Secret S
is any secret data that needs to be protected (e.g., secret
encryption key).
Fig. 4: Encoding
Step –I: The fuzzy vault begins by concatenating 16-
bits CRC data C from the initial secret S (56-bits key)
to produce SC (72 bits). (This concatenation reduces the
chance of a random error being undetected (i.e., failing to
identify incorrect decoding)).
Step –II: SC is used to find the coefficients of the polynomial
P: 72-bits SC can be represented as a polynomial with 8
(72/9) coefficients, with degree D=7, p(x) = c7x7 + c6x6 +
… + c1x + c0, by decomposing SC into non overlapping
9-bit segments, and each segment is declared as a specific
coefficient ci, i= 0,1,2,. . . ., 7.
Step –III: Find a set of ordered pairs G = {(x1, p(x1)), (x2,
p(x2)), …(xN, p(xN))}, assuming that there are N unique
template minutiae (x1, x2, …, xN)
Step –IV: A second set of ordered pairs, called the chaff set
C, is then generated from random x-coordinates c1,c2, …,
cM (distinct from x1,x2, ….., xN) such that C = {(c1,d1),
(c2,d2), …..,(cM, dM)} and di != p(ci), ∀i. The union of
these two sets G ∪ C is randomized to produce vault set
V S.
Thereafter, a user tries to unlock the vault V using the
query minutiae features.
Decoding: The decoding process can be described by
Fig.5
Fig. 5: Decoding
Step-I: Given N query minutiae (Q) x1*, x2*, ….., xN*, the
points to be used in polynomial reconstruction are found
by comparing xi*, i =1,2,…….., N, with the abscissa
values of the vault V, namely vl = 1, 2, ….. , (M+N):
if any xi*, i=1,2, ….. ,N is equal to vl l= 1, 2, ….. ,
(M+N), the corresponding vault point (vl, wl) is added to
the list of points to be used, Assume that this list has K
points, where K<=N.
Step-II: (For decoding a degree D polynomial, (D+1) unique
projections are necessary). All possible combinations of
(D+1) points, among the list with size K are considered,
resulting in (k/D+1) combinations. For each of these
combinations, the Lagrange interpolating polynomial is
constructed. For a specific combination set given as L=
{(v1,w1), (v2,w2), …..,(vD+1, wD+1)}, the corresponding
polynomial is yielding.
p*(x) = c7* x7 + c6* x6 + ….. + c1* x + c0*. The
coefficients are mapped back to the decoded secret SC*.
z If the CRC remainder on SC* is not zero,
It is certain that there are errors.
z If the remainder is zero, with very high probability,
There are no errors.
Step-III: SC* is segmented into two parts:
The first 56 bits denote S* while
The remaining 16 bits are CRC data.
Finally, the system outputs S*. If the query minutiae
list overlaps with the template minutiae list in at least
(D+1) points, for some combinations, the correct secret
will be decoded, namely, S* =S will be obtained.
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.
This denotes the desired outcome when the query and
template fingerprints are from the same finger.
Phase – III: Detection and Attack: The notations are as
follows:
Di: The database template corresponding to user i
, i =1, 2,3,....N, where N is the total number of users
registered in the system. It is assumed that the attacking
system knows the format of this template, but it cannot
access the template itself.
z ni : The total number of minutiae in Di. Note that the
attacking system does not know this value.
z Ti j : The jth synthetic template generated by the
attacking system for user i. This template has the same
format as database templates; it can be represented as
⎡ 1c j 1
ri j 1 ⎤
θij ⎥
⎢ i
⎢2 j 2 2 j ⎥
j c ri j θi ⎥ (1)
Ti =⎢ i
⎢ # # # ⎥
⎢ ⎥
⎢
⎣ nij cij nij
cij nij j ⎥
θi ⎦
Where each row represents column index, row index
and orientation associated with a minutia; upper left hand
subscript denotes the minutiae index, so the total number
of minutiae in Tij is nij.
z S (Di, Ti j) : The matching score between Di and Ti j.
Sthreshold : The decision threshold used by the
matcher. Note that the attacking system does not know
this value.
For attacking a specific user’s (i) account, the attacking
system follows the following five steps:
z Step 1 (Initial guessing): Generate a fixed number of
synthetic templates. In the current implementation,
100 random minutia templates (Ti1, Ti2, Ti3, … ,Ti100)
are created.
z Step 2 (Try initial guesses): Attack user i account with
the templates generated in Step 1; accumulate the
corresponding matching scores (S(Di, Ti1), S(Di, Ti2),
S(Di, Ti3 ),..., S(Di, Ti100)).
z Step 3 (Pick the best initial guess): Declare the best
guess (Ti best) to be the template resulting in the highest
matching score. Declare the best score (Sbest (Di)) to
be the highest matching score.
z Step 4 (Try modification set): Modify Tibest by (i)
perturbing an existing minutia, (ii) adding a new
minutia, (iii) replacing an existing minutia, and (iv)
Deleting an existing minutia. If for any one of these
attempts, the matching score is larger than Sbest
(Di), declare the modified template as Ti best, and
update Sbest(Di) accordingly. Else, do not change the
parameters of Ti best.
z Step 5 (Obtaining result): If the current best score
is accepted by the matcher (namely, S best (Di) >
SThreshold), stop the attack; else, go to Step 4.
It is assumed that the resolution in dpi and size in
pixels of the images generating the original templates is
known to the attacking system. The sensor manufacturers
announced these values.
The image size is used for generating the location of
synthetic minutiae; the resolution determines the inter
ridge distance (9 pixels for 500 dpi) associated with the
fingerprints. For eliminating the generation of minutiae
too close to each other, first create a rectangular grid.
Then, the 2D location of a minutia, (c, r), is created to be
in the center of those cells, where the cells to be occupied
are selected randomly. Hence, the attacking program does
not create minutiae that are closer than the inter-ridge
distance. This helps is creating dispersed minutiae sets.
Phase IV: Authentication:
i. A sensor and some pre-processing functions, to
capture the fingerprint impression from an individual
as input data.
ii. A comparison process that evaluates the similarity
between the stored reference templates and the captured
data sample and that result in a similar score.
iii. A storage entity with the fingerprint impression
samples of the enrolled individuals that is linked to or
integrated in a database with the identity information
of the corresponding individuals
iv. A decision function that decides if a fingerprint sample
matches to a certain reference template or not.
4. Conclusion
The basics of fingerprint biometric authentication system
and its combination with crypto key generation methods
to provide elevated security is presented in this paper. The
methods and mechanisms for extracting minutiae points
from input fingerprint images are discussed in detail,
also architecture for designing a biometric cryptosystem
through which a user can securely access and receive
information only by using his fingerprint impressions is
discussed, which is very efficient and effective mechanism
to authenticate the legitimate users only by successful
detection of a kind of attack named PARD attack.
5. Future Scope
This paper presents a secure authentication system which
provides protection to the data by using bio-crypto system
based on fuzzy vault. Through this mechanism this
system can prevent the access of unauthorised users. The
issue of prevention from those attacks can be handled
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.

in future also work can be done in the direction to find [11] Ruud M. Bolle,Jonathan H. Connell, Sharath
better transformations used in the system for security, i.e Pankanti, Nalini K.Ratha, Andrew W. Senior, “Guide
more discriminable fingerprint features can be designed to to Biometrics”. New York: Springer-Verlag, 2004.
improve the security. [12] John Chirillo and Scott Blaul, “Implementing
Biometric Security,” Wiley Red Books, ISBN:978-
References 0764525025, April 2003.
[13] A.K.Jain, A.Ross, S. Prabhakar,”An introduction
[1] Raju Singh, A.K.Vatsa, “Confidentiality &
to biometric recognition,” IEEE Transactions on
Authentication Mechanism for Biometric Information
Circuits and Systems for Video Technology, Vol. 14,
Transmitted over Low Bandwidth & Unreliable
No. 1, pp: 4- 20, 2004.
channel”, International Journal of Network Security
[14] T.C. Clancy, N. Kiyavash and D.J. Lin, “Secure smart
& Its Applications (IJNSA), Volume 3, No.2,pp. 67-
card-based fingerprint authentication,” Proceedings
76, March 2011.
of the 2003 ACM SIGMM Workshop on Biometrics
[2] A. Jaya Lakshmi, I. Ramesh Babu, “Design of Secured
Methods and Application, WBMA 2003.
Key Generation Algorithm using Fingerprint Based
[15] A. Goh, D.C.L. Ngo, “Computation of cryptographic
Biometric Modality”, IOSR Journal of Engineering
keys from face biometrics”, International Federation
(IOSRJEN) ISSN : 2250-3021, Vol. 2, Issue 2, pp.
for Information Processing 2003, Springer-Verlag,
325-330, February -2012.
LNCS 2828, pp. 1–13, 2003.
[3] Anil K. Jain, Arun Ross and Sharath Pankanti,
[16] Wildes, R.P., “Iris recognition: an emerging biometric
“Biometrics: A Tool for Information Security”, IEEE
technology,” In Proceedings of the IEEE, Vol. 85, No.
Transactions on information forensics and security,
9, pp: 1348 - 1363, September 1997.
VOL. 1, NO. 2, JUNE 2006.
[17] Övünç Polat and Tülay Yıldırım, “Hand geometry
[4] U. Uludag and A. K. Jain, “Attacks on biometric
identification without feature extraction by general
systems: a case study in fingerprints”, in Proc. SPIE-
regression neural network,” Expert Systems with
EI Security, Steganography and Watermarking of
Applications, Vol. 34,No. 2, pp. 845-849, 2008.
Multimedia Contents VI, San Jose, CA, pp. 622–633,
[18] F. Monrose, M.K. Reiter, Q. Li and S. Wetzel,
January- 2004.
“Cryptographic key generation from voice,”
[5] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar,
Proceedings of the 2001 IEEE Symposium on
“Handbook of Fingerprint Recognition”, Springer
Security and Privacy, May 2001.
Verlag, New York, June- 2003.
[19] U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain,
[6] Sunil V.K. Gaddam and Manohar lal, “Development of
“Biometric Cryptosystems: Issues and Challenges”,
Bio-Crypto Key From Fingerprints using Cancellable
Proceedings of the IEEE, Special Issue on Multimedia
Templates”, International Journal on Computer
Security for Digital Rights Management, vol. 92, no.
Science and Engineering (IJCSE), ISSN : 0975-3397
6, pp. 948–960, June 2004.
Vol. 3 No. 2,pp. 775-783, February- 2011.
[20] G. I. Davida, Y. Frankel, and B. J. Matt, “On Enabling
[7] Sunil V.K. Gaddam and Manohar lal, “ Efficient
Secure Applications Through Off-Line Biometric
Cancellable Biometric Key Generation Scheme for
Identification,” in Proceedings of IEEE Symposium
Cryptography”, International Journal of Network
on Security and Privacy, Oakland, USA, pp. 148–
Security, Vol.11, No.2, pp. 61-69, September- 2010
157, May 1998.
[8] Peng Zhang, Jiankun Hu, “A pitfall in fingerprint bio-
[21] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and
cryptographic key generation”, computers & security,
B. V. K. V. Kumar, “Biometric Encrpytion,” in ICSA
pp. 311-319, February -2011.
Guide to Cryptography, R. K. Nichols, Ed. McGraw
[9] Mary Lourde R and Dushyant Khosla, “Fingerprint
Hill, 1999.
Identification in Biometric Security Systems”,
[22] F. Monrose, M. Reiter, Q. Li, and S. Wetzel,
International Journal of Computer and Electrical
“Cryptographic Key Generation from Voice,” in
Engineering, Vol. 2, No. 5, 1793-8163,October-
Proceedings of IEEE Symposium on Security and
2010
Privacy, Oakland, USA, pp. 202–213, May 2001.
[10] N. Lalithamani, K.P. Soman, “Irrevocable
[23] A. Juels and M. Wattenberg, “A Fuzzy Commitment
Cryptographic Key Generation from Cancelable
Scheme,” in Proceedings of Sixth ACM Conference
Fingerprint Templates: An Enhanced and Effective
on Computer and Communications Security,
Scheme”, European Journal of Scientific Research,
Singapore, pp. 28–36, November 1999.
ISSN 1450-216X Vol.31 No.3, pp.372-387, 2009.
 Chennai and Vivekanandha College of Technology for women, Third International Conference on Sustainable Energy and Intelligent System
(seiscon 2012),VCTW, Tiruchengode, Tamilnadu, India on 27-29 December, 2012.
[24] Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith,
“Fuzzy Extractors: How to Generate Strong Keys
from Biometrics and Other Noisy Data,” Cryptology
ePrint Archive, Tech. Rep. 235, February 2006.
[25] F. Hao, R. Anderson, and J. Daugman, “Combining
Crypto with Biometrics Effectively,” IEEE
Transactions on Computers, vol. 55, no. 9, pp. 1081–
1088, September 2006.
[26] P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar,
G.-J. Schrijen, A. M. Bazen, and R. N. J. Veldhuis,
“Practical Biometric Authentication with Template
Protection,” in Proceedings of AVBPA, Rye Town,
USA, pp. 436–446, July 2005.
[27] E. Martinian, S. Yekhanin, and J. Yedidia, “Secure
Biometrics Via Syndromes,” Mitsubishi Electric
Research Laboratories, Tech. Rep. TR2005-112,
December 2005.
[28] A. Juels and M. Sudan, “A Fuzzy Vault Scheme,” in
Proceedings of IEEE International Symposium on
Information Theory, Lausanne, Switzerland, p. 408, 2002.
[29] Sangram Bana, Dr. Davinder Kaur, “ Fingerprint
Recognitionusing Image Segmentation”, (IJAEST)
International Journal of Advanced Engineering
Sciences and Technologies Vol No. 5, Issue No. 1,
ISSN: 2230-7818, pp. 012 – 023, 2011.
[30] Jim Z. C. Lai, Shih-Chia Kuo, “An Improved
Fingerprint Recognition System Based on Partial
Thinning”, 16th IPPR Conference on Computer
Vision, Graphics and Image Processing (CVGIP
2003)
[31] B. Schneier, “The uses and abuses of biometrics”,
Comm. ACM, vol. 42, no. 8, pp. 136, Aug. 1999.
[32] Rajesh Garg, Bhawna Mittal, Sheetal Garg,
“Histogram Equalization Techniques For Image
Enhancement”, I S S N : 2 2 3 0 - 7 1 0 9 ( O n l i n e)
| I S S N : 2 2 3 0 - 9 5 4 3 ( P r i n t ), IJECT Vol. 2,
Issue 1, March 2011.
[33] Stephanie Parker, J. Kemi Ladeji-Osias,
“Implementing a Histogram Equalization Algorithm
in Reconfigurable Hardware”, ASEE Vol. 2, no-
1,spring-2010.
[34] RSA-2 Algorithm “Speed and Security enhancement
through public key cryptography”, International
Journal of Engineering Science & Technology Vol.2
(8), 2010, 3551-3556, J. SaiGeetha et.al.
[35] M.Bellare, D. Pointcheval, and P. Rogaway,
“Authenticated Key Exchange Secure Against
Dictionary Attacks,” Advances in Cryptology
Eurocrypt ’00, 2000 pp. 139-155.
[36] Arun Ross and Anil K. Jain, “Multimodal Biometrics:
An Overview”, in proceedings of the 12th European
Signal Processing Conference, pp. 1221-1224, 2004.
[37] A.K. Jain, A. Ross, and S. Prabhakar, “An introduction
to biometric recognition,” IEEE Trans. Circuits Syst.
Video Technology, Special Issue Image- and Video-
Based Biomet., vol. 14, no. 1, pp. 4–20, Jan. 2004.
[38] Ian H. Willen and Radford M. Neal, “Arithmetic
coding for Data Compression” , Communication of
the ACM, Vol. 30, No.6 , June 1987.
[39] A.K. Jain, and U.Uludag,, “Hiding biometric data,
IEEE Transactions on Pattern Analysis and Machine
Intelligence”, vol. 25, no. 11, pp. 1494-1498, 2003.
Biography
Indu Verma is working as an assistant
professor in Ajay Kumar Garg Engineering
College, Ghaziabad, U.P(India), she has
obtained her M-Tech (Computer
Engineering) with Hons. from Shobhit
University and MCA from U.P technical
University, Lucknow (U.P.). She has been
in teaching from last 6 years; she has been member of
several academic and administrative committees. During
her teaching tenure she has also been coordinated a
National Conference and many Technical fests at college
level. She has attended several seminars, workshops and
conferences at various levels. Also she has some papers
published at national and international conferences. Her
area of research includes Network Security and database.
Avimanyou Kumar Vatsa is working as
Research Assistant and pursuing PhD at
Department of Computer Science,
University Of Missouri-Columbia,
Columbia, MO, USA. He worked as
Assistant Professor and Coordinator - CSE
at Shobhit University, Meerut, (U.P.), INDIA. He obtained
his M-Tech (Computer Engineering) with Hons. from
Shobhit University and B-Tech(I.T.) from V.B.S.
Purvanchal University, Jaunpur (U.P.). He has worked as
software engineer in software industry. He has been in
teaching from more than one decade. He is on the editorial
board and reviewers of several international and national
journals in networks and security field. He has been
member of several academic and administrative bodies.
During his teaching he has been coordinated many
Technical fests and National Conferences at Institute and
University Level. He has attended several seminars,
workshops and conferences at various levels. His many
papers are published in various national, international
journals and conferences. His area of research includes
MANET (Mobile Ad-Hoc network), Network Security,
Congestion Control and VOIP-SIP (Voice over IP).