Secure Verifiable Scheme for Biometric System based on Secret Sharing and CSK

Biometric templates stored in a database introduce a number of security and privacy risks. The requirements for an architecture that does not suffer from these risks are needed. Therefore, the reference information that is stored in the database must not give sufficient information to make successful impersonation possible. Also, the reference information must be retrieved as little as possible about the original biometrics; in particular it reveals no sensitive information. The proposed system introduces a novel method for template protection and a verification using the merging techniques of chaotic shift keying (CSK) and secret image sharing (SIS). The proposed architecture assures a complete protection framework for the biometric templates, which involves two phases: the first phase is to protect the ID image; a watermark ID image that includes the personal information embedded in the template using a novel watermarking algorithm to generate two shares, and then it is utilized to verify the accuracy of the revealed template. The second phase is for template protection, where the generated shares are encoded separately using CSK and then one share is stored in the database and the other kept with the user. The experimental and comparative results demonstrate that the proposed framework retains the protection of the template and preserves robustness to malicious attacks, while it does not have a discernible effect on the quality of the template.


INTRODUCTION
major problem in any organization is the security management which is required to protect its copyrighted data or information. But the globalization and the wide spread of the Internet causes increased use of the information technology day after day. User verification is applied to everyone who wants to access that data in each organization to protect and maintain data privacy. An individual is authenticated to use the source or access the data only if his identity is properly verified and accepted [1].
Verification systems based on biometrics characteristics and data is one of the most important tendencies in the development of society. In the near future, biometrics systems will be everywhere in society, such as government, education, smart cities, banks, etc. Because of their uniqueness, characteristic biometrics systems will become more vulnerable, and privacy will be one of the most important challenges. Classic cryptographic primitives are not appropriate to ensure a strong level of privacy security [2].
Despite the advantages of biometrics as an identity verification technique, some concerns are raised because of the high sensitivity of biometric data: a leak of information poses a serious threat to privacy. To resolve these issues, protected templates must only be stored or exchanged for identification purposes [3].
The security issue is related to attackers who seek illegal access to protect the privacy of users, especially their biometric templates. The process of securing templates against probable identity theft caused a lot of research activity in the past decade [4]. A Various recent developments in this area have exploited the advances in cryptography like homomorphic encryption [5], but still there are no general suitable solutions to produce secure biometric templates at the same time 1) noninvertible, 2) non-linkable, and 3) with high discrimination [6].
Numerous template protection methods are presented in the research alongside with the goal of safeguarding noninvariability, revocability; and non-link ability lacking compromise on the credit performance. James, D et al., in [7] proposed secure method for biometric templates protection by employing a visual cryptography approach and a 3D chaotic map. The combinations of these techniques are used to provide most appropriate solution to privacy or protection. Mohammed A. M. Abdullah et al et al. in [8] introduced a method to maintain image integrity of iris and template. Two layers are involved in the suggested approach. At first one, a watermark algorithm is employed to protect the integrity of the iris image; and at the second layer the iris template is protected by applying visual cryptography technique. Uma Verma et al. in [9] presented an approach for biometric templates protection using a hybrid scheme that takes advantage of the powerful method of the different template protection methods. A system of chaotic is employed for creating an authentic image which is kept in a central database as a replacement for the original image. Smitha Jacob et al., in [10] suggested a method to ensure an extra level of privacy by using both visual cryptography and chaotic encryption.
The system provides a decryption/encryption process at extremely high speed and computational capability. Nithyakalyani et al., in [11] presented a scheme that encrypted the human fingerprint using DNA code properties and a chaotic logistics map with route cipher that would keep template privacy. Through digital testing and security analysis, the proposed algorithm proved to have a better encryption effect and a big key space and high enough sensitivity for secret keys. Yang W. et al. in [12] presented an inclusive overview where the latest developments in biometrics-based study are highlighted. The paper shows that researchers are still facing challenges of the biometric systems attacks, i.e., attacks on template databases and the user interface. How to design appropriate countermeasures to prevent these attacks and thus provide strong security while maintaining high accuracy of recognition, is the subject of hot research currently, as well as in the predictable future. In [13] an advanced version of the user authenticated key agreement approach that offers security improvement was suggested. Joshy et al., [14] in 2017, proposed a biometric verification system on the basis of IOT. The suggested scheme is based on recognition of iris, as it offers enhanced accuracy and security with comparison to other biometrics. For ensuring the verification the IoT is used. To offer security for information transmitted via the Internet they used a hybrid encryption algorithm that merges Blowfish and RSA algorithms. The two-step verification system offers improved security and reliability. In 2018, Riaz et al. [15] offered an overview and survey of various techniques of features transformation and biometric cryptosystems. They concluded that these techniques offered consistent biometric security at a high level. There are numerous techniques that offer verifiable security at workable application recognition rates. However, there are still many problems and challenges that are being encountered while deploying these technologies. Arjona et al. [16], in 2018, proposed a hybrid fingerprint matching approach on the basis of P-MCCs (Protected Minutia Cylinder-Codes) developed from images of fingerprint and PUFs (Physically Unclonable Functions) produced from SRAMs (Static Random Access Memories) device. By joining the fingerprint ID with the device ID results in a safe template the distinguishability, irreversibility, and noncancellable characteristics are highly required for data privacy and security. The experimental results show the advantages of the suggested hybrid authentication mechanism in improving personal devices security using authentication schemes of biometric. Yang et al. [17], in 2019, made it clear that researchers still face challenges in addressing the two most serious biometric systems attacks, namely, attacks to the user interface and databases of template.
This paper is organized as follows: Section II presents the proposed method in detail, in Section III the performance of the proposed method is tested and discussed. Finally, the conclusions are presented in Section IV.

II. PROPOSED SYSTEM
The suggested system introduces a hybrid technique to securely stored and protected template in the database, as well as additional layer of verification. The proposed method consists of two phases: the image hiding phase using SIS and coding phase using CSK as illustrated in Fig. 1.

A. IMAGE HIDING PHASE
In the suggested method a watermark ID image can be embedded into a template where each of which has a size of H×W then constructing two shadows which are used later to verify the reconstructed image. Checking to determine the consistency of all shadows before they are used to retrieve the secret ID image prevents incidentally or deliberately providing invalid data by a participant. The proposed method has low computation requirements, so it is appropriate for real-time applications.
Image hiding phase consists of four steps as illustrated in algorithm 1. Dealer initiates the activities of shares construction carrying out at bit-level using Eq. (1) and Eq. (2).
Dealer generates two shadows, called S A and S B , from the Watermark ID image ImgID and a binary template T. The resulted shares are then given to the next phase.
Compute the pixel value of S B share, using Eq.(2): EndFor j EndFor i

B. CODING PHASE
In this phase the CSK modulation idea is employed to encode generated shares S A and S B which are treated as signals to generate two noise signals = Share1 and Share2 based on CSK modulation as presented, in algorithm (2). The sent signal can be expressed as follows In the algorithm 2 two sequences are generated using chaotic shift keying. The two binary shares S A and S B are coded based on these two sequences using Bipodal Chaotic Shift Keying (CSK) [19] then the generated coded sequences are rounded to binary sequences.

C. REVEALING TEMPLATE
For reconstructing the original template the reverse of each stage is performed as illustrated in Fig. 2. Throughout the verification phase, a request to the server is sent from trusted entity then the corresponding share is send to it. On the author hand, two random chaotic sequences Seq1 and Seq2 are created at the receiver by using the same initial condition that is used for the transmitter, and then the S A and S B are recovered by the following algorithm (3) substeps: using Bernoulli's chaotic system with the same secure initial conditions of share coding algorithm Step2: Apply the following formula: R(I)=Seq1(I)×Round( (BinShare1(I)+ -0.5)).

III. RESULTS AND DISCUISSIONS
The suggested architecture is applied in Matlab 2015 b. In this section the results of the general achievements of the proposed system in terms of security, accuracy and pixel expansion criteria are discussed. An approach to iris segmentation, normalization using Daugmans Rubber Sheet Model [20], features extraction based on 1-D Log Gabor Filter [21] to construct biometric template is applied. The suggested system is tested on the templates that are generated after performing the above steps on MMU1 V1 dataset includes 45 classes [22]. The binary iris templates are 40×480. Fig. 3 depicts an example of template generation.  The sensitivity to initial condition and random-like behavior are important and valuable features of chaotic signals as well as their wide spectrum; the information could by concealed in chaotic signal effectively as a result is difficult to predict in the long term. By exploiting the merit of the sensitivity to initial condition a two different chaotic sequences could be generated with increasing time and become uncorrelated to each other from the same chaotic system by only slight change in the initial conditions as illustrated in Fig. 5. Figure 5. Sensitivity to initial conditions of two chaotic signals Fig. 6 illustrates the performance of the auto-and cross correlation of the Burnoli chaos generator with various values of the initial state. It is clear that the Burnoli has the characteristics of an auto-and cross-correlation similar to that of random white noise, although its initial conditions vary only slightly. This shows that Burnoli can generate irrelevant sequences. Thus, the chaotic sequence generated is very sensitive to the initial condition. A slight difference in the initial condition will produce a totally different chaotic sequence. Figure 6. Auto correlation performance for Burnoli chaos generator From Fig. 6 it is clear that the Burnoli chaos generator is exhibiting good autocorrelation properties, thus calling for its use in security applications.
The secret template and verification image ID are passed to the image hiding phase; the generated shares are depicted in Fig. 7.    Fig. 9 depict that the outputs characteristics are like those of random AWGN (additive white Gaussian noise) [23].
To ensure that the proposed scheme meets the security requirements, i.e., it entirely avoids any information about the original secret template, secret sharing method is used. This rearranges and confuses the constructed shared pixels after they have been generated. The CSK technique further ensures the security of the template. In our experiments, the peak signal-to-noise ratio (PSNR) is used to evaluate the reconstructed secret template. Fig. 11 illustrates the reconstructed original template and watermark ID image with PSNS=∞ and MSE=0. The proposed approach creates two shares each of which is the same size as the original template. Table 1 shows a comparison of the size of the original template and that of the generated shares. As it is noticed the correlation coefficients are very small (C0), this means that the encryption template and generated shares are totally uncorrelated.   Table 3 shows the entropies of shares, S A , S B , original watermark ID image and template. The highest entropy is H =1, which corresponds to an ideal case for binary image. Practically, the information entropies of encrypted images are less compared to the ideal case. To design a good image encryption scheme, the entropy of cipher image should be as close as possible to the highest value. Using the CSK shares were produced for each 45 templates of 9600 bits by using different initial condition. Results from all statistical tests are given in Table 4. It shows that all P-values are greater than α (i.e., 0.1) value and the pass ratethe ratio of sequences passing the statistical test. The NIST [24] test is completely passed successfully. This shows very superior randomness properties of the generated sequences. The proposed system has low computation requirements. The time consumed by the proposed system is 0.165 seconds and thus it is suitable for real-time applications.

IV. CONCLUSIONS
The secret image sharing approach to verification permits participants to be sure that no other persons have claimed their share contents. Preserving secure storage of templates in a central database currently is essential significance. To improve template security in biometrics authentication and ensure a higher level of security, efficient data encryption technology like CSK, is used. This paper introduces ways to produce protected biometric templates by employing the present secure technologies. For template protection, schemes are suggested that consist of two layers of security. The first layer includes the use of SIS to protect the template by analyzing the template into two, where one share is granted to the user while the other is stored in a database. At the second layer the CSK is used, which is a technique of involving bit-by-bit coding to generate a coded template and then store one of two shares in the database instead of the original template. The suggested SIS method permitted the template to be retrived exactly with the identical size and quality after the two shares are presented, and therefore does not thwart the performance of the recognition. As a result, a layer of security has been added to protect the inventory template. In this case, the genuine template could not be retrieved even with either of the two shares in the database or if the user is at risk.