Cancelable Biometrics: a comprehensive survey

Abstract

Biometric recognition is a challenging research field but suffers from privacy and security concerns. To address this concern, Cancelable Biometrics is suggested in literature in which a Biometric image of a sample is distorted or transformed in such a manner that it becomes difficult to obtain the original Biometric image from the distorted one. Another important characteristic of Cancelable Biometrics is that it can be reissued if compromised. In this research paper, we present a comprehensive survey of more than 120 techniques suggested by various researchers from time to time for Cancelable Biometrics and a novel taxonomy for the same is developed. Further, various performance measures used in Cancelable Biometrics are reviewed and their mathematical formulations are given. Cancelable Biometrics also suffer from various security attacks as given in literature. A review of these security attacks is carried out. We have also performed a review of databases used in literature for nine different Cancelable Biometrics viz. Face, Iris, Speech, Fingerprint, Signature, Palmprint, ECG, Palmvein and Fingervein. Lastly, we have also given future research directions in this field. This study shall be useful for the researchers and practitioners working in this fascinating research area.

1 Introduction

Biometric is derived from two Greek words viz. Bio means life and Metric means to measure. There are several traits or characteristics (Jain et al. 2004) such as Finger, Face, Ear, Iris, Gait, Palm, Hand Geometry etc., which are most widely used Biometrics. Biometric technology have been widely used in several applications (Jain et al. 2007) such as access control, border immigration control, corpse identification, surveillance, forensic sectors, human computer interaction, behavior analysis etc. Biometrics are divided into two categories i.e. (i) Physical and (ii) Behavioral. Physical Biometrics are based on measuring the physical characteristics of a person such as Face, Iris, Finger etc. while Behavioral Biometrics are based on measuring behavioral traits of a person such as Gait, Hand Gesture, Speech etc.

Biometric recognition refers to the activity of Identifying and/or Verifying the identity of a person. Biometric recognition usually work in two scenarios: (i) Verification and (ii) Identification. In Verification, the claimed identity by the user is matched with the already stored pattern/features corresponding to the user and a match/non-match is determined by the system. In Identification, user’s Biometric is presented to the system and matched with all the stored patterns/features to determine the identity of the user. Sample process of Identification and Verification is shown in Fig. 1. It is apparent from Fig. 1 that Verification is 1:1 matching while Identification is 1:N matching.

Fig. 1

Biometric recognition process: a verification b identification

Although Biometrics is a useful concept but there are some security and privacy concerns which can render breach to the Biometric data of an individual by some intruder or external entity. To address this concern, a concept called Cancelable Biometrics have been introduced by Soutar et al. (1998) in literature and is defined by Patel et al. (2015) as: Cancelable Biometrics (CB) consist of intentional, repeatable distortions of Biometric signals based on transforms which provide a comparison of Biometric templates in the transformed domain. Various milestones in the journey of Cancelable Biometrics are depicted in Fig. 2.

Fig. 2

Selected milestones at various years (written in boxes) for cancelable biometrics

Cancelable Biometrics is aimed at enhancing privacy protection and template security in existing Biometric system(s). In this field, the Biometric template of a person is distorted in such a manner that the original data is not available to the intruder but still identity recognition can be performed. The Cancelable Biometric must possesses four important characteristics viz. (i) Diversity (ii) Reusabiltiy or Revocability(iii) Non-invertibility (iv) Performance

• Diversity: Same Cancelable Biometric template cannot be used for various applications.

• Reusability/Revocability: Template reissued if compromised.

• Non-invertibility: Original Biometric cannot be recovered if the generated template got compromised.

• Performance: The recognition performance should not deteriorate by the formulation.

Fig. 3

Flowchart of cancelable biometric recognition process

Cancelable Biometric recognition process consists of two phases i.e. (i) Enrollment and (ii) Authentication as shown in Fig. 3. During Enrollment, a user presents his/her Biometric to the Biometric scanner. Then, features are selected or extracted from the Biometric image of the user. Afterwards, Cancelable Biometric template is generated using some technique such as Hashing, Filtering, Cryptography etc. These templates are then stored in the database. During Authentication, the Cancelable Biometric template is obtained similar to the Enrollment phase with same feature extraction and Cancelable Biometric template generation methods. Lastly, matching of the probe is done with the already stored templates in the database and Verification/Identification is carried out.

A survey of Cancelable Biometric template generation methods is given by Patel et al. (2015). In their work, Cancelable Biometric methods are broadly divided into ten categories viz. (i) Non-invertible Geometric Transforms (ii) Random Projections (iii) Cancelable Biometric Filters (iv) Bioconvolving (v) Bloom Filters (vi) Knowledge Signatures (vii) BioHashing Methods (viii) Random Permutations (ix) Salting Methods and (x) Hybrid Methods. However, there is no discussion of performance measures and details of databases used for Cancelable Biometrics. Moreover, there has been significant number of techniques proposed by researchers since Patel et al. (2015) paper.

1.1 Contribution

Although Cancelable Biometrics is an emerging and potential research area but lack of comprehensive study on this research area is not available except one or two studies. In this study, we have made the following 5-fold contribution:

1. (i)

   We have presented a comprehensive survey of Cancelable Biometric techniques which includes more than 120 research works and is almost double than done by Patel et al. (2015).

2. (ii)

   A novel taxonomy of Cancelable Biometric template generation methods is developed.

3. (iii)

   A comprehensive review of various performance measures used in Cancelable Biometrics.

4. (iv)

   A comprehensive survey of various security attacks in Cancelable Biometric.

5. (v)

   A comprehensive review of Biometric databases used in Cancelable Biometric template generation.

The rest of the paper is organized as follows: A comprehensive survey of Cancelable Biometric template generation Methods is given in Sect. 2. Various performance measures are reviewed in Sect. 3 while security attacks are discussed in Sect. 4. Biometric databases are reviewed in Sect. 5 and concluding remarks and future research directions are given in Sect. 6 at the end.

2 Cancelable Biometrics template generation methods

Cancelable Biometric template generation has been a popular research area for the past two decades. Several research works have been suggested in literature for the same using various methods. We have broadly divided these methods into six categories by taking into consideration some factors such as the approach for template generation, single or multiple Biometrics. A novel taxonomy has been proposed and is shown in Fig. 4. Next, we discuss methods under each of these categories.

2.1 Cryptography based methods

Cryptography based methods employ Cryptography algorithms for generation of Cancelable Biometric templates. Based on the type of algorithm used, these techniques are divided into various types such as Visual Cryptography, Image Hashing, Knowledge Signature, Elliptic Curve Cryptography (ECC), Chaos, Steganography, Fuzzy Commitment and Hill Cipher. Next, we describe each of these techniques:

Fig. 4

Proposed taxonomy of cancelable biometric techniques

In Visual Cryptography, an input image is transformed into another image by exploiting human visual system as shown in Fig. 5. The secret binary image is divided into n non-overlapping patches known as Visual Secret Shares (VSS) and these shares are stored in a decentralized database. To recover original image, all or some shares need to be stack together. This technique is basically works on k-out of-n principle.

Fig. 5

2-out of-2 visual secret shares in visual cryptography

In research work (Kaur and Khanna 2016), Visual Cryptography technique has been successfully implemented for generating Cancelable Biometrics templates. Based on efficiency of the templates, the system performance is determined.

Image Hashing is a well known content-based image authentication method. It defines a feature vector called short binary signature that characterizes the image independently without any significant distortion of its contents (Tan et al. 2009). BioHashing is a feature extraction method in which wavelet transform is used to extract the Biometric feature \( \mathbf {x} \in \mathbb {R}^{N} \) from the input Biometric data. Using a user-specific Tokenized Random Number (TRN), n orthogonal pseudo-random vectors, \(\mathbf {b_i} \in \mathbb {R}^{N} \) are generated where dot product of the feature vector and all the random vectors is calculated. Finally, a binary discretization is applied to compute the n bit BioHash (c) template using equation given below:

$$\begin{aligned} c= Sig\left( \sum _{i} \mathbf {x}\mathbf {b}_i-\Omega \right) \end{aligned}$$

(1)

where Sig is defined as a signum function and \(\Omega \) is an empirically determined threshold which is applied only to a user who holds TRN. Figure 6 shows the process of BioHashing method.

Fig. 6

Schematic representation of BioHashing method

Fig. 7

Addition, subtraction and point doubling in ECC (Singh and Singh 2015)

Base BioHashing (Meetei and Begum 2016) is another variant of BioHashing which generates a vector of bits starting from the Biometric feature set and a seed which represents the Hash key. The main problem with BioHashing procedure is its low performance when some imposter tries to access the system by stealing the Hash key. To overcome this problem, Lumini and Nanni (2007) have proposed Extended BioHashing method which is the improved version of Base BioHashing. In this method, Biometric feature vectors are normalized before applying the BioHashing procedure. This is followed by multiple variation values from minimum to maximum and spaces augmentation. Multiple BioHash codes can be generated by simply performing permutaion procedure. In research work (Raja et al. 2018b), another variant of hashing called Kernelized Hashing is introduced which exploits Kernel function. Its function is defined as given the features \(\mathbf {f}\) of an image in an enrollment database of l subjects, to obtain unique template for each user. Here, we need to derive r hash functions resulting into r bit representation. Hence, the objective here is to learn r hash functions \( \left\{ h_x \right\} _{k=1}^{r} \) for r hash bits corresponding to each user.

Locality Sensitive Hashing (LSH) is another technique where a probability distribution on a family H of hash functions (h) such that \( P_{h \in H}\left[ h(\mathbf {X})=h(\mathbf {Y}) \right] =S(\mathbf {X},\mathbf {Y}) \) where S is a similarity function defined on the collection of object features \(\mathbf {X}\) and \(\mathbf {Y}\) (Jin et al. 2018). The main objective in LSH is dimensionality reduction of input features by mapping the similar input data in the same buckets such that count of buckets are smaller than input items. Indexing First Order Hashing (IFOH) is a variant of LSH for Biometric template protection. IFOH works in 4 steps namely (i) Hadamard Product (ii) Windowing (iii) Index Conversion and (iv) Modular Thresholding, to generate an IFOH hashed code from binary Biometric (Kim and Teoh 2018). Index of Max Hashing (IoMH) (Jin et al. 2018) transforms a real valued Biometric feature vector into discrete index (max ranked) hashed code. The main advantage of this technique is that after hashing we get accurate hashed code than other hashing techniques.

Knowledge Signature technique allows one party to convince other parties about its knowledge of certain value, such that no useful information is leaked. It is usually used to confirm the group members in group signatures. In research works (Xu et al. 2008; Camenisch and Stadler 1997), voice print is employed as a knowledge signature which does not represent the original features and represent the identity of the group. The main advantage of this method is that it has only an weak association between the key and the Biometrics feature. Even if the key is disclosed, the Biometrics feature would not be revealed.

Elliptic Curve Cryptography (ECC) technique is used to obtain a stable input from Biometric data which is used to generate the security parameters of the Elliptic Curve, various studies on ECC have concluded that the difficultly to solve an Elliptic Curve Discrete Logarithmic Problem is exponentially hard with respect to the key size used. This property makes ECC a very good choice for encryption/decryption process compared to other cryptographic techniques which are linearly difficult or sub exponentially difficult. Abid et al. (2010) have generated Iris templates using ECC technique. ECC operations are performed on the co-ordinates points of an Elliptic Curve (Fig. 7). To perform addition of two distinct points, the following equation is used:

$$\begin{aligned} \nonumber P(x_1,y_1)+Q(x_2,y_2)=R(x_3,y_3) \\ \nonumber x_3=(\lambda ^{2}-x_1-x_2) * mod[P] \\ \nonumber y_3=(\lambda (x_1-x_3)-y_1) * mod[P] \\ \lambda =\frac{(y_2-y_1)}{(x_2-x_1)} * mod[P] \end{aligned}$$

(2)

To perform point subtraction, a mirror coordinate of the subtracted point along x-axis is obtained and point addition is performed on the resulting coordinate and the other coordinate as follows:

$$\begin{aligned} P(x_1,y_1)-Q(x_2,y_2)=P(x_1,y_1)+Q(x_2,y_2) \end{aligned}$$

(3)

Point doubling is performed to add two points which are same i.e. they have same coordinate value.

$$\begin{aligned} \nonumber P(x_1,y_1)+Q(x_1,y_1)=R(x_3,y_3) \\ x_3=(\lambda ^{2}-2x_1)*mod[P] \end{aligned}$$

(4)

where \( \lambda =((3x_1^{2}+a)/(2y_1))*mod [P] \).

Multiplication is repeated addition of the base coordinate point.

$$\begin{aligned} kP=P+P+P+P+\cdots \cdots \cdot \cdot +k times \end{aligned}$$

(5)

Encryption and Decryption using ECC: Let A and B be the two communicating party. The communicating parties agrees upon the Elliptic curve equation and a Generator.

$$\begin{aligned} y^2=\left\{ X^3+ax+b \right\} *mod \left[ P \right] \end{aligned}$$

(6)

In Chaos Based technique, Chaotic sequence is a pseudorandom sequence with complex structure produced by using chaotic map (Nazari et al. 2014) in such a way that the prediction of chaotic sequence becomes a very difficult task. One of the famous chaotic map in polynomial structure is 1-D logistic map (Karabat and Erdogan 2009b). This map generates the pseudo random numbers which represent complicated behaviors with high sensitivity to initial conditions. In Steganography technique, a message is hidden inside other multimedia content like image, audio, video is known as Embedding. In research work (Choudhury et al. 2016), the combination of Huffman Encoding and Discrete Cosine Transform (DCT) is used in steganography to conceal a secret image in a cover image. Therefore, retrieving the exact original image from the Stego image is nearly impossible. Fuzzy Commitment/Vault technique is a combination of Error Correction Code and Cryptography (Yang et al. 2018a). It can conceal and bind a secret in a way that makes it infeasible for an intruder to learn the secret. Fuzzy Vault could be used to securely store one’s secret or Cryptographic key without losing his Biometric information (Xu and Li 2009; You et al. 2017).

In Hill Cipher Encryption, plain text P is encrypted using a key or transformation function K and their matrix multiplication produces ciphertext C as given in Eq. (7) below:

$$\begin{aligned} \mathbf {C}=[\mathbf {K}*\mathbf {P}] * mod(n) \end{aligned}$$

(7)

where n is 26 in case of text and 256 in case of gray levels.

For decryption of cipher text, we need to compute \(\mathbf {K}^{-1}\) as given in Eq. (8) below:

$$\begin{aligned} \mathbf {P} = [\mathbf {K}^{-1}* \mathbf {C}] * mod(n) \end{aligned}$$

(8)

Figure 8 shows the encrypted image by Hill Cipher technique. If an intruder tries to decrypt image, he/she will get totally distorted image which does not reveal original user identity. The main advantage of this technique is its simplicity for implementation because it only uses matrix multiplication which in turn provide high speed with high throughput (Kaur and Khanna 2017b).

Fig. 8

a Input image b encrypted image c decrypted image

2.2 Transformation based methods

Non Invertible transformation is one of the earliest method for generating Cancelable Biometric templates. In this method, the original Biometric templates are morphed by applying different transformations e.g. Cartesian, Polar etc. In Cartesian transformation, the minutiae positions are measured in rectangular coordinates with reference to the position of the singular point by aligning x-axis with its orientation. The coordinate system is divided into cells of fixed size. The transformation causes changes in the cell positions. In Polar transformation, the minutiae positions are measured in the polar coordinate with reference to the core position. The angles are measured with respect to the core orientation. As a result, the coordinate space is divided into polar regions. The Non Invertible transform consists of changing the polar wedge positions. The minutiae angles also change with differences in the wedge positions before and after transformation. The main problem with Cartesian and Polar transformations is that a small change in minutiae position of the original fingerprint can lead to a large deviation in minutiae position after transformation. Both these transformations are mainly used for fingerprint Biometric. Please refer Patel et al. (2015), Pillai et al. (2010), Popa and Simion (2017), Paul and Gavrilova (2012, 2013a, b, 2014a, b), Paul et al. (2013), Pillai et al. (2011), Quan et al. (2008), Rathgeb and Busch (2013, 2014), Rathgeb et al. (2013, 2014), Ratha et al. (2001, 2006, 2007) for details.

Hadamard transform is a non-sinusoidal, orthogonal transformation whose foundation lies in Walsh functions. Walsh functions are rectangular or square waveforms with values of \(+\) 1 or − 1. Hadamard matrix is defined as a matrix whose elements are \(+\) 1 and − 1 and its row vectors are pairwise orthogonal. Hadamard Transform is divide into two types (i) Partial Hadamard and (ii) Full Hadamard. Former is Non Invertible while later is Invertible in nature. The research work (Wang and Hu 2013) uses Partial Hadamard Transform which can be formed by selecting some number of rows from Full Hadamard Tranform. The main advantages of Hadamard Transform are (i) low computational cost as only addition and subtraction functions are used and (ii) low storage requirement due to storage of only partial transformation. Hämmerle-Uhl et al. (2013) proposed Iris based Cancelable Biometric template using key dependent Wavelet transformation. This method is free from the problem of data loss and alignment of features. Multiplicative transform is employed by Wang and Hatzinakos (2010) where element by element multiplication of the original Biometric feature vector with some random vector is computed. Index numbers of resulting vector are sorted and stored for retrieving Biometric template.

Random Projection (RP) is a Non Invertible method. In this method, the extracted feature vector \( \mathbf {x} \in \mathbb {R}^N\) from a Biometric is projected onto a random subspace \( \mathbf {A} = [\mathbf {a}_{ij}]\) (where \(\mathbf {A} \in \mathbb {R}^{n* N} \) with \(n < N \)). Here, each entry \( \mathbf {a}_{ij}\) of \( \mathbf {A}\) is an independent realization of a random variable. This process is described as follows:

$$\begin{aligned} \mathbf {y} = \mathbf {Ax} \end{aligned}$$

(9)

where \(\mathbf {y}\) is the n dimensional Random Projection vector. Since we are embedding N dimensional feature vectors in a space of a lower dimension n. A detailed description of these methods is given in Pillai et al. (2011), Lingli and Jianghuang (2010), Deshmukh and Balwant (2017), Punithavathi and Geetha (2016). Sector Random Projection (SRP) is another variant of projection which overcomes the problem of Random Projection. Pillai et al. (2010) uses SRM for generating Cancelable template for Iris, in which we firstly divide the whole Iris into different parts called them as Sectors. Secondly, Random Projections are applied on these Sectors separately and finally all these sectors are concatenated to make Cancelable Iris template. Similarly this technique can also be applied to other Biometric traits (Punithavathi and Geetha 2016). Projected these sectored Iris code on a Dynamic Random Projection Matrix, which results in generation of Cancelable Iris templates. This Dynamic Random Projection Matrix is obtained by the Iris features itself without any need of external key. Kim and Toh (2008) used Sparse Random Projection for generating Cancelable Face templates. In general, random matrix consists of values between 0 and 1. For speed up the process of template generation and authentication, random matrix consists with the value of − 1, 0 and \(+\) 1.

2.3 Filter based methods

Cancelable Biometric Filter is a Convolution based method. Bloom Filters is a space efficient probabilistic data structure representing a set to support membership queries. Bloom filter based transformation of any binary feature vector generates irreversible Cancelable Biometric templates. Rathgeb et al. (2015b) used Bloom filter with fuzzy vault for preventing cross matching attack in Cancelable Biometric sysytem. Adaptive Bloom filter is another variant of Bloom filters. Rathgeb et al. (2014) used Adaptive Bloom filter for generting alignment free Cancelable iris Biometric template. This approach enables protection in Biometric templates, generates compressed Biometric data and reduces the computational time while maintaining Biometric recognition performance. In research work (Rathgeb et al. 2015a), Adaptive Bloom filter is used with Multi Biometric traits (Face and Iris) to generate more secure and better performance based Cancelable Biometric template.

Log Gabor filters are widely used in various research works for feature extraction due to better spatial and temporal information. Kaur and Khanna (2017a) used log-Gabor filters with Random Projection to generate Cancelable feature vectors. In this approach, authors have used Salting of extracted log-Gabor magnitude with phase patterns of Biometric signal which results in generatation of Non Invertible binary feature vector. Leng et al. (2010) used Gabour filter bank for feature extraction with Pseudocode Random Number (PRN) for generating Cancelable Palmcode template. A comparative study of seven possible randomization schemes of Gabor filter bank is given for generating Cancelable Palmcode. Kim et al. (2017) used Guided filter with Generalized Likelihood Ratio Test (GLRT) for generating ECG Cancelable Biometric template, which results in very good verification performance. Guided filter (Kim et al. 2017) are used in many computer vision applications such as denoising and artifact removal. Guided filter is usually used for local affine fitting of a guide image or signal in 1D to a noisy image. These filters possess low computational complexity. Takahashi and Hitachi (2009) used Co-relational invariant Random filtering for generating Fingerprint based Cancelable Biometric templates.

2.4 Hybrid methods

Hybrid Methods tend to combine two or more methods together to generate Cancelable Biometric template e.g. combination of Cryptography and Transformation Methods as shown in Fig. 9. Cancelability, Discriminability and Security phases are main part of this method (Ghany et al. 2012). Zhu et al. (2012) have employed Random Projection with Fuzzy Vault to generate Voiceprint templates. Wong et al. (2014) proposed a Hybrid method which is a combination of Multi Line Code (MLC) and Secure Sketch (SS) and called it Cancelable Secure Sketch (CaSS). MLC is generated in five phases i.e. (i) Minutiae extraction (ii) Multi Line code (MLC) (iii) Random Projection (iv) Kernel Principal Component Analysis (KPCA) (v) Binarization. The SS is a combination of bit string generated from the MLC (i.e bit string from Binarization step) and a random codeword, chosen from codebook e.g. Reed Solomon (RS) and BCH (Bose-Chaudhuri-Hocquenghem) codes.

Fig. 9

An example of hybrid method

2.5 Multimodal based methods

The main problems with Unimodal Biometric system were intraclass variability, variation in data quality and similarity in interclasss samples. In contrast, Multimodal Biometrics combine together multiple Biometric traits with various feature extraction algorithms to generate more secure templates. Multimodality can be achieved by combination of multiple Biometric traits such as taking multiple Biometrics for eg. Iris, Face, fingerprint of same user for identity recognition.

The main advantage of Multimodal Biometric system is that they result good in terms of reliablity, accuracy, spoof attacks, noise sensitivity and more secure than unimodal Biometric system. Various methods have been suggested in literature for Multimodal Biometrics (Paul and Gavrilova 2012) such as cross fold of random indexes (Paul and Gavrilova 2013b), rank level fusion (Paul and Gavrilova 2014b), situation awareness in real time scenario (Paul et al. 2013), feature fusion (Paul and Gavrilova 2014a), bit extraction method (Chin et al. 2011), random distance method (Kaur and Khanna 2019), Biometric credential system (Suresh and Radhika 2015) etc. Paul and Gavrilova (2013b) have suggested First order, Second order and Multiorder Cancelable Biometric systems. In First order method, the Cancelable template is generated by using any Cancelable Biometric template generation technique once while in Second order method, two Cancelable Biometric template generation techniques are applied sequentially. In Multiorder method, Cancelable Biometric template generation techniques are applied multiple times which may be same technique with different parameters or different techniques altogether. Depending upon the number of times the Cancelable Biometric template generation method is applied, we can achieve high security but at the cost of increased computational complexity.

2.6 Other methods

Bio Convolving is also Non Invertible transform based approach mainly characterized by three transformations (i) Baseline (ii) Mixing and (iii) Shifting. Maiorana et al. (2011) proposed this approach for securing on-line signature templates. This approach can be applied to a various Biometric modalities e.g. Speech, in which spectral or temporal analysis of the voice signal creates discrete sequences. Similarly, In case of Signature and Handwriting recognition, where the extracted sequences based on the Pen’s position and amount of pressure and inclination applied.

Random Permutations is another Biometric template protection method in which the gray values of Biometric image are reordered before further processing. Kumar et al. (2018) used Random Permutation Principal Component Analysis (RP-PCA) and Random Permutation Two Dimensional PCA (RP-2DPCA) for generating Face, Iris and Ear Cancelable templates. Two popular methods under this category are widely used for generating Cancelable Iris templates i.e. (i) GRAY-COMBO (ii) BIN-COMBO (Pillai et al. 2010). In GRAY-COMBO, binary feature vector of an Iris image are circularly shifted in horizontal direction using some random offset, then these two randomly selected rows are added or multiplied using addition and multiplication operator as shown in Fig. 10. In BIN-COMBO, horizontal row shifting process is same, after that randomly selected rows are combine with XOR and XNOR operator. The main advantage of this method is that amount of information needed for recognition gets reduced. The main limitation of this method good quality of iris images should be available.

Fig. 10

GRAY-COMBO (left) and BIN-COMBO (right) methods (Pillai et al. 2010)

Salting Method is an artificial pattern of pure random noise or synthetic pattern are mixed in original binary Iris image for generating Cancelable Biometric template as shown in Fig. 11. Mainly two approaches are there: (i) GRAY SALT and (ii) BIN SALT. In GRAY SALT, binary pattern Iris image pixel wised added or multiplied with some random image. In BIN SALT, XOR or XNOR operation take place between binary pattern iris image and random image. The main limitation of this method is how to know what amount of artificial pattern we need to add with Iris pattern (Pillai et al. 2010). Addition of strong noise will reduce discerning property of original iris while addition of weaker pattern will reduce the security of the code, as by simply subtraction method we can obtain original iris. One advantage of this method over COMBO method is that no issues with the quality of iris image arises.

Fig. 11

GRAY-SALT (left) and BIN-SALT (right) methods (Pillai et al. 2010)

Deep learning is the latest concept introduced in the field of Cancelable Biometric template generation method. In research work (Talreja et al. 2017), a secure Multi Biometric system that uses deep neural networks and error-correction coding has been discussed. Two fusion architectures are discussed by the authors (i) Fully Connected Architecture (ii) Bi-linear Architecture. A binary vector template is passed through an appropriate error-correcting decoder to find a closest code word and this code word is hashed to generate the final secure template. Two important blocks of Multi Biometric framework are also introduced (i) Cancelable Template Block (CTB) (ii) Secure Sketch Cancelable Block (SSTB).

look-up table used by Dwivedi and Dey (2015) for generating Cancelable Iris templates. Extracted features with 1-D Log Gabor filter are used for generating rotational invariant codes. A 1-D row vector is generated from these binary codes, which are further divided into word of size M. A decimal vector is generated corresponding to these word, and a look-up table is created for mapping these decimal vector to a particular location. Finally, digits are selected from this look-up tables to generate Cancelable Iris template. The advantage of this method is that many words can go to same location, from which reverse mapping is very difficult. Barbier et al. (2015) proposed an approach, which is a combination of image watermarking and BioHashing for providing security and privacy in digital contents/images. Ownership of an image is verified by Watermark, which is computed from BioHashing based Cancelable Biometric technique.

Prasad et al. (2017) presented Modulo based Cancelable Iris template generation technique. Firstly, an Iris image is processed by segmentation, normalization and image enhancement respectively. Then, rotational invariant iris codes are generated which are transformed into row vector representation. From these codes consistent bits are identified, which formed consistent bit vector. A Modulo operation is performed on these consistent bit, which uses many to one mapping for template generation. Lee et al. (2018) proposed Iris based Cancelable template generation method based on Noise Embedding. In this approach, mainly three phases are used (i) Reduced Random Projection (ii) Hadamard Product and (iii) Decimal Encoding. Noise Embedding based on Reduced Random Projection and Biometric Salting method is used. From many Iris samples, coherent region is identified and Noise or random data/ auxiliary data is added to non coherent region of the iris to make it similar to coherent region. In this method, it is difficult for the intruder to distinguish between coherent and non-coherent region

Wu et al. (2018) proposed ECG Cancelable template recognition technique which is based on Common Subspace based Multiple Signal Classification (MUSIC) technique. Arjona et al. (2018) proposed two factor Cancelable Fingerprint generation scheme, Protected Minutia Cylinder Codes(PMCC) are generated from Fingerprint images and Physically Unclonable Functions are generated from device’s Static Random Access Memory(SRAM). Binary output of both phases are operated with XOR operator, which results in generation of Cancelable Fingerprint template. This approach mainly used in providing security in personal devices e.g. Smart phone, Laptop etc.

Saito et al. (2016) proposed effective Random Unitary Matrix for Cancelable Face Biometric template generation. The proposed matrix consists of Random Permutation Matrix and a Unitary Matrix such as Discrete Fourier Transform, which has value between 0 and 1. Raja et al. (2018a) proposed a Neighborhood Structure Preserving Manifold based template generation method. The generated template is called as Manifold structure Preserving Biometric Template (MaP BiT). Kanade et al. (2009) generates Cancelable Iris templates with Error Correcting Codes, for reduction of variablity in Biometric data. This technique reduces the Hamming Distance for the genuine comparisons than imposter comparison. Mtibaa et al. (2018) generates different Cancelable Speech templates by Gaussian Mixture Models (GMM). A binary vector is generated from this model, from this vector by simple shuffling process different keys are generated. With the help of these keys, different Cancelable Speech templates are generated.

In our above research work, we have explained various Cancelable Biometrics templates generation techniques. Each technique has its own advantages and limitations. In Table 1 we have listed a comparison between various techniques and Table 2 lists Acronyms used in this paper.

Table 1 Advantage and disadvantage of popular cancelable biometric approaches

3 Performance measures

In general, one algorithm is preferred over another algorithm if the performance of that algorithm is better than other algorithms. The performance measures provide us a useful tool to analyze the capability of an algorithm. Various performance measures are used to compare the algorithms or methods depending upon a particular domain or research area. Here, we provide a comprehensive review of the performance measures employed in Cancelable Biometric recognition.

3.1 Performance measures for verification

Table 2 Acroynms used in paper

Two Biometric features belong to same user or not is determined by the similarity score. The matching of two samples of same user is known as authentic or genuine matching. The matching between two samples generated from two different user called imposter matching. Scores are used to express the similarity between a query pattern and genuine pattern. Higher value of score signifies higher similarity between them. A threshold value \(\eta \) is set for recognition process. A Biometric system assigns all attempts a score from closed group of [0, 1]. Score value 1 generally denotes full match and 0 represents no match. The value of threshold is taken very carefully, if it is set to 0, then genuine and intruder users, both are authenticated by the system. If set to 1, some risk should be there that none will be authenticated by the system. So threshold value should chosen very carefully in a closed group of 0 and 1. An intruder score that exceeds the threshold \(\eta \) known as False Accept (False Match), while a genuine score that falls below the threshold \(\eta \) known as False Reject (False Non-match). False positive (FP) signifies imposter scores exceeding threshold, False Negative (FN) denotes genuine user scores below threshold. True Negative (TN) shows truly imposter and True Positive (TP) represents authentic user. Total imposter score and total genuine scores are represented by FP + TN and TP + FN respectively.

• Failure to Acquire Rate (FTAR) or Failure to Capture Rate (FTCR) is defined as number of times a Biometric device fails to capture Biometric sample when presented to the sensor. This error generally occurs when the device is not able to locate a Biometric signal e.g. an extremely fade fingerprint cannot be correctly capture by sensor device.

• False Accept Rate (FAR)/False Positive Rate (FPR) is defined as the fraction of impostor scores exceeding the threshold \(\eta \). It can also be defined in terms of FMR and FTA rate as mentioned in below equation. FMR becomes equal to FAR when a single attempt is made by the user to match in a Biometric system against its own stored template.

  $$\begin{aligned} \textit{FAR}/\textit{FPR}= & {} \frac{\textit{FP}}{\textit{FP}+\textit{TN}}\end{aligned}$$

  (10)
  $$\begin{aligned} \textit{FAR} = \textit{FPR}= & {} \textit{FMR}*(1-\textit{FTA}) \end{aligned}$$

  (11)

• False Reject Rate (FRR)/ False Negative Rate(FNR) is defined as the fraction of genuine user score less than threshold \(\eta \). FRR is an empirical estimate of the probability at which the system incorrectly rejects identity of the genuine user. FNMR becomes equal to FRR when a single attempt is made by the user to match in a Biometric system against its own stored template.

  $$\begin{aligned} \textit{FRR}{/}{} \textit{FNR}= & {} \frac{\textit{FN}}{\textit{TP}+\textit{FN}}\end{aligned}$$

  (12)
  $$\begin{aligned} \textit{FRR}{/}{} \textit{FNR}= & {} \textit{FTA}+\textit{FNMR}*(1-\textit{FTA}) \end{aligned}$$

  (13)

• Equal Error Rate (EER)/Crossover Error Rate (CER)/Break Even Point (BEP) is the rate at which FAR is equal to FRR.

• True Acceptance Rate (TAR) or Genuine Accept Rate (GAR) is defined in terms of FRR as follows:

  $$\begin{aligned} \textit{TAR}=1-\textit{FRR} \end{aligned}$$

  (14)

• Half Total Error Rate (HTER) is defined as the average of FNMR and FMR i.e.

  $$\begin{aligned} \textit{HTER}=\frac{\textit{FNMR}+\textit{FMR}}{2} \end{aligned}$$

  (15)

• Failure to Enroll rate (FTE) is defined as, number of users that cannot be successfully enrolled in a Biometric system. Users should facilitate with good training for interacting Biometric system.

• d-prime value (\(d'\))/Separablility/Decidabilty Index (DI) measures the separation between the means of the genuine and impostor probability distributions in standard deviation units and is defined as

  $$\begin{aligned} {d}'=\frac{\sqrt{2}|\mu _(genuine)-\mu _(imposter) |}{\sqrt{\sigma ^2_{genuine}+\sigma ^2_{imposter}}} \end{aligned}$$

  (16)

  Here \(\mu \) and \(\sigma \) are the means and standard deviations of the genuine and impostor distributions respectively. A higher d-prime value indicates better performance.

• F-Ratio (\(F_r\)) is defined as the ratio between means and standard deviations of impostor and genuine user score as follows:

  $$\begin{aligned} F_r=\frac{|\mu _{genuine}-\mu _{imposter}|}{\sigma _{genuine}+\sigma _{imposter}} \end{aligned}$$

  (17)

  Here \(\mu \) and \(\sigma \) are the means and standard deviations of the genuine and impostor distributions respectively.

• Receiver Operating Characteristic (ROC) plots FNMR along Y-axis versus FMR in the X-axis, or FRR versus FAR. Alternatively, TAR versus FAR graph is plotted.

• Detection Error Trade-off (DET) Curve is similar to an ROC curve except that the axes are often scaled non-linearly to highlight the region of error rates of interest. Commonly used scales include normal deviate scale and logarithmic scale.

• Expected Performance Curve (EPC) shows the expected or reachable performance of a model. EPC generally shows the regions where two models are different from each other.

• Co-relational cofficient (CC): In Cancelable Biometric, we can generate different Cancelable templates of same Biometric by changing its tranformation function (key matrix). Templates so generated should not co-relate with each other. Co-relation generally means the amount of mutual information between two templates (Kaur and Khanna 2017b).

  $$\begin{aligned} C_{r}(T1,T2)=\frac{\sum \sum (T1-\bar{T1}) (T2-\bar{T2})}{\sqrt{(T1-\bar{T1})^2+(T2-\bar{T2})^2}} \end{aligned}$$

  (18)

  Here \(\bar{T1}, \bar{T2}\) represents the mean of templates T1, T2 respectively. \(C_r\) is calculated from 10 different templates generated for each user and finally co-relation is calculated between every transformed pair. Lower the value of \(C_r\) signifies better performance of any Cancelable Biometric

• Co-relation Index (CI): Mean of Co-relational coefficient (\(C_r\)) values over a database is defined as Co-relation index (CI), which determines the percentage of mutual information content.

  $$\begin{aligned} \textit{CI} = \frac{1}{N}{\sum _{i=1}^{N}C_{r}} \end{aligned}$$

  (19)

  Here, N is the total number of samples in database.

• Efficiency: The Efficiency of generating accurate matches before and after transformation can be determined as Belguechi et al. (2011a) :

  $$\begin{aligned} efficiency=1-\frac{\textit{AUC}(\textit{FAR}_{T},\textit{FRR}_{T})}{\textit{AUC}(\textit{FRA}_{0},\textit{FRR}_{0})} \end{aligned}$$

  (20)

  where AUC represents Area under ROC, \(FAR_O\) and \(FAR_T\) represent False Accept Rates in original and transformed domain, and \(FRR_{O}\) and \(FRR_{T}\) represent False Reject Rates in original and transformed domain respectively. Positive value for efficiency denotes increase in performance, while negative value indicates its regression.

• Diversity: Multiple transformed templates are generated for same user by only changing key/helper data (Kaur and Khanna 2017b). However, these transformed templates must not correlate to reveal any information about the original template. To determine, if an attacker can obtain any information about the original template, the mutual information content between any two transformed templates X and Y is calculated as

  $$\begin{aligned} I(X,Y)=\sum _{x}\sum _{y}P(x,y)\log \frac{P(x,y)}{P(x)P(y)} \end{aligned}$$

  (21)

  where P is the probability estimation function. Here P(x) and P(y) denotes marginal probabilities and P(x, y) denotes joint probability of x and y. Diversity is measured by computing the mean of the highest value of mutual information for various transformed templates as

  $$\begin{aligned} D=\frac{1}{N}\sum _{i=1}^{N}\sum _{j=1}^{M}max(I(f(b_{i}^{0}),f(b_{i}^{{j}'}))) \end{aligned}$$

  (22)

  where \(b_{i}^{{j}'}\) denotes the jth test data of ith individual in the database, N is the number of samples in database, and M is the number of transformed templates for each individual.

• Template Capacity (T): Number of templates that can reside in the database at one time.

Table 3 Performance measures used in literature for verification

A summary of performance measures for verification employed by various researchers is given in Table 3 (Fig 12). It can be readily observed that FAR/FMR is the most popular performance measure followed by FRR/FNMR, EER and GAR respectively. Besides, some research works have used other performance measures for verification such as Raja et al. (2018a), Raja et al. (2018b), Rathgeb and Busch (2013) and Rathgeb et al. (2015b) used GMR. Sandhya and Prasad (2015) and Sandhya and Prasad (2016) used D’ PRIME. Bissessar et al. (2012), Drozdowski et al. (2018) used DET and GER. Punithavathi and Geetha (2016), Kaur and Khanna (2017b) and Kaur and Khanna (2019) used DI. Kim and Toh (2007) used TER, Belguechi et al. (2011a) used Diversity and Efficiency. Nishiuchi and Soya (2011) and Leng et al. (2013b) used Co-relational Cofficient as their model performance measures. Thomas et al. (2008) used ROC curve (ROC).

Fig. 12

Bar graph corresponding to Table 3

3.2 Performance measures for identification

A summary of performance measures for Identification employed by various researchers is given in Table 4. These papers includes various measures such as Recognition rate/Identification rate, Rank, Classification accuracy. In comparison with papers who used Verification’s performance measures, identification’s measure count is low. Researcher generally used Identification/Recognition Rate, Accuracy, Classification Accuracy, Training Time, Testing Time as performance measures for Identification.

Table 4 Performance measures for identification

• Identification Rate or Recognition Rate: The identification rate is an estimate of the probability that a subject is identified correctly at least at rank-k.

• Accuracy: It is ratio between True cases ( both True Positive and True Negative) to all possible cases.

  $$\begin{aligned} \textit{Accuracy}=\frac{\textit{TP}+\textit{TN}}{\textit{TP}+\textit{FP}+\textit{TN}+\textit{FN}} \end{aligned}$$

  (23)

• Classification Accuracy: The classification accuracy \(A_i\) of an individual program i depends on the number of samples correctly classified (true positives plus true negatives) and is evaluated by the formula:

  $$\begin{aligned} A_{i}=\frac{t}{n}*100 \end{aligned}$$

  (24)

  where t is the number of sample cases correctly classified, and n is the total number of sample cases.

• Training Time: The process of training an model involves providing learning algorithm or model with training data to learn from.

• Testing Time: The process of testing an model involves testing a learning algorithm or model with testing data.

3.3 Other performance measures

During our research, we studied that some researcher use specific performance measure for their research work e.g. Savvides et al. (2004) used Peak to sidelobe ratio(PSR), which is the ratio between peak mean to the standard deviation. where mean and standard deviation are calculated in an angular region centered at the peak. Quan et al. (2008) used equations of mixture of Gaussian kernels and electric potential field to generate Cancelable Fingerprint template. The performance is totally based on, how quickly intruder can find the values of variables used in these equations. Leng and Zhang (2012) generates Cancelable Palmprint templates. In this, for enhancing the performance of Palmhash code, Gaussian valued PRN is used instead of Palmhash code with three valued PRN. We also observed that some researcher didn’t use any performance measure for their research work. Majority of these work include Cloud based technique for storage of Cancelable Biometric template and stable Key generation technique from noisy Biometric data. Table 5 listed research works, who didn’t use any performance measures.

Table 5 References who didn’t use any performance measure for cancelable biometrics

4 Attacks on Cancelable Biometrics

Various attacks are possible on Cancelable Biometric system i.e. sensor level, application level and database level. Paul et al. (2013) have discussed various attack point situations. In one situation, when system becomes aware that some intruder attempt to access the system, then it can change the intermediate transformation function and generate some wrong templates. In second situaion, system will block that account and later on when the genuine user tries to access the account, he will get some alert message about his credential, and finally a new template will be issued to the genuine user. we have studied various types of attacks existed in literature viz. Brute force, Attack via Multiplicity, Lost token, Dictionary based, Spoofing, Intrusion, Cryptanalysis, Hill climbing, Inverse and Pre-image attack etc.

In Brute force attack, an intruder tries various combination of password/key to log into the system. An intruder has no infomation about the genuine user. If an intruder tried to stole m bits BioHash key, then he/she has to check all \(2^{m}\) combination to guess the actual key/password. so its computational complexity is high. In Mtibaa et al. (2018), system has the threshold value 0.012 and binary vector of 1024 bits in length. If an adversary tries to guess the correct binary vector by Brute force attack, its guessing complexity will take \(2^{1024}*(1-0.012)\) number of attempts. As in Cancelable Biometric, we can generate multiple templates from the same user Biometric by only changing some key parameter or transformation functions. In Attack via Record Multiplicity attack, an intruder tried to find Co-relation among multiple encoded templates created from the same Biometric for accessing the original template and the secrets.

In Lost token attack or smart attack or Stolen key attack, an intruder knows some information such as token/password of user. He/She will try to apply this token on his/her own Biometric for getting estimated original template. suppose if m features are there so intruder must attempt m! permutation of these features with \(2^m\) computational complexity (Nazari et al. 2014). In Dictionary based attack, intruder tries only those samples that are deemed most likely to succeed. In Spoofing attacks intruder will use artificial fingers, recorded videos, contact lenses at sensor device. In Doppelganger threat, compromised databases which consists of millions users will permit an intruder to access close matches they can directly imitate. In Intrusion attack, when an intruder gets succeed in accessing templates stored in database then by reverse engineering process he/she will try to generate physical clone of stolen template.

In Privacy violation attack, an intruder uses compromised templates of genuine user to log into other applications/systems. Cryptanalysis is the study of the Cipher text. In Cryptanalysis attack, attacker tries to find Plain text from the Cipher text without the knowledge by which algorithms and functions these encryption are performed. In Stolen Biometric feature attack, stolen features of the genuine users are tried with the various key combination to log into the systems/ applications. In Hill climbing attack, no prior information about the user is known. Iteratively synthetic templates of the user’s Biometric submitted at the matcher untill the successful recognition. In each attempt, the data is modified on the basis of previous attempt result. Prasad et al. (2017) explain Hill climbing attack for iris codes. In Inverse attack, number of transformed features mapped onto original arrays for every reference position (Sandhya and Prasad 2016).

Pre-image attack on a Biometric system tries to find closely similar Biometric samples to spoof. This attack can be easily computed through a Brute force attack, whose computational complexity is of order \(O(2^n)\) for an n bit hash. Cipher text only Attack (COA), is a well known attack in the Symmetric key cryptosystem where intruder tried to restore the Plain text from Cipher text. While in Known Plaintext Attack (KPA), an adversary has accessed to both Plain text and Cipher text. These can be used to reveal further secret information such as Crypto keys. In Chosen Ciphertext Attack (CCA), an adversary can gather information of secret key or transformation key by decrypting the chosen Cipher texts. In Equation attack, different equations have some parametric variables for generating templates. If these variables values are guessed by the attacker then he/she will easily cracked the transformed templates (Table 6).

Table 6 Various attacks on cancelable biometric system

5 Databases used in Cancelable Biometrics

When an algorithm is compared with other algorithms, we require a standard set of images. Several researchers have put efforts in developing various set of images called Databases. The performance of Cancelable Biometric algorithms are tested on a large variety of databases. Here, we provide a comprehensive review of databases used by various researchers in Cancelable Biometric recognition as listed in Table 7 (Figs. 13, 14, 15, 16).

Table 7 Databases used in cancelable biometric

5.1 Face databases

5.1.1 CMU PIE

The PIE (pose, illumination, expression) database formed at Carnegie Mellon University(CMU) in the year 2000 with 13 different pose, 43 different illumination conditions and 4 different expressions. It consists with 41,368 images of 68 persons under various conditions. The main drawback of this database is that limited number of persons taken for images under a single recording session with few expressions.

5.1.2 CMU multi PIE

The CMU Multi PIE database overcome the problem arises with CMU PIE. This database contains 750,000 images of 337 persons. Database consists of high resolution color images in two formats viz. JPG(joint photographic group for high resolution images) or PNG (portable network group for multi view images). Images have been taken under 15 view points and 19 illumination conditions with different facial expression, which require 305 GB space for storage.

5.1.3 AR

This Database formed by Aleix Martinez and Robert Benavente. Images in this database includes facial expression, illumination, and occlusion. Database consists with more than 4000 images of 126 peoples among which, 70 male and 56 female are included. Each image has the size of \(768\times 576\) pixels.

5.1.4 FERET

Facial Recognition Technology database was collected in 15 sessions and 1564 sets. This database contains color 14126 images of 1199 peoples. Two facial, two illumination and between 9 and 20 pose variation are taken during formation of this database. To maintain consistency, whole database formed under same environment and physical setup condition.

Fig. 13

Face databases sample images

Fig. 14

CASIA, IIT Delhi, NIST Iris databases sample images

Fig. 15

MCYT Signatures, VidTIMIT speech sentences sample images

Fig. 16

FVC 2000, 2002, 2004 Fingerprint, TIMIT Speech, PolyU Palm print, PTB ECG, HMTD, MU Palm vein databases sample images

5.1.5 BERC

The BERC database was formed by Bio-metrics Engineering Research Center. Database consist with 5238 images of 390 subjects in the age group of 3 to 83 years. Images are of very high resolution \(3648\times 2736\) pixels compare with all other database. Images are taken under same light, facial expression, illumination and occlusion with/without glasses.

5.1.6 ORL

This database formed at Olivetti Research Laboratory formerly named as American Telephone & Telegraph Company. This database contains 400 images of 40 subjects with resolution of \(92\times 112\). Some people imaged at different times and with variation in facial expression eg. by changing the lighting, with open and closed eyes, with/ without smiling, presence/absence of glasses.

5.1.7 FRGC

Face Recognition Grand Challenge database consists 4007 images of 465 subjects either with \(1704\times 2272\) pixels or \(1200\times 1600\) pixels resolution. In this database images are of high resolution, with 3D face recognition and new preprocessing techniques. each image can have size between 1.2 MB to 3.1 MB.

5.1.8 M2VTS

Multi Modal Verification for Teleservices and Security database consists of 185 images of 37 peoples (5 images/person). During imaged on each shot people have been asked to count from ‘0’ to ‘9’ in their native language and head rotation from 0 to − 90 and 0 to \(+\) 90 degrees.

5.1.9 XM2VTSDB

Extended M2VTS Multimodal Database contains 2360 images of 295 subjects with \(576\times 720\) pixels resolution. Peoples are imaged while rotating head and speaking head shot. This database contains video sequences, 3D model and 32 KHz 16-bit sound files.

5.1.10 VALID

VALID is also a multi modal database, which consists of 530 images of 106 subjects( 5 images per subject) with \(720\times 576\) pixels resolution. Some Images are taken in real office scenario with no noise, rest are in different illumination and with acoustic noise.

5.1.11 Yale

Yale database contains total of 165 grayscale images of 15 individuals with \(320\times 243\) pixels resolution. In this database 11 images per person is taken under different facial expression for eg. happy, sad, sleepy. surprised and with/without glasses.

5.2 Iris databases

5.2.1 IIT Delhi

Indian Institute of Technology Iris Database collected at Biometrics Research Laboratory in year 2007. This database contains total of 1120 images of 224 subjects including 176 males and 48 females. Database images are of resolution \(320\times 240\) pixels taken from students and staff between age group 14-55 years of IIT Delhi in indoor environment.

5.2.2 CASIA Ver1, Ver2, Ver3

This database named after Centre for Biometrics and Security Research (CBSR) Institute of Automation, at Chinese Academy of Sciences (CASIA), China. This database have three versions. CASIA-IrisV1 consist of 756 images from 108 eyes with a resolution of \(320\times 280\). CASIA-IrisV2 contains 1200 images of 60 unique subjects with a resolution of \(640\times 480\). CASIA-IrisV3 consists with 22,035 iris images of more than 700 subjects same resolution of \(640\times 480\).

5.2.3 NIST ICE

National Institute of Standards and Technology (NIST) for the Iris Challenge Evaluation (ICE) formed by 2,953 images with \(480\times 640\) pixels resolution of 244 different eyes.

5.2.4 CBS

Casia-BioSecure database is divided into two parts: BioSecureV1 and CasiaV2. This database consists with total of 2953 images of 244 different iris with resolution of \(640\times 240\) pixels. These images are captured in different session, illumination and with/without spectacles.

5.3 Speech databases

5.3.1 TIMIT

Texas Instruments (TI) Massachusetts Institute of Technology(MIT) database consist of 6300 sentences spoken by 630 speakers (10 samples from each speaker) including 430 males and 192 females. Database consists of 2 dialects of American English, read by 630 speakers, 450 phonetically compact sentences and 1890 phonetically diverse sentences. It also includes orthographic, phonetic and word transcriptions as well as a 16-bit, 16kHz speech waveform file for each utterance.

5.3.2 VidTIMIT

This database contains 43 peoples video and corresponding audio recordings with a total of 430(10 recording/person). This database recorded in 3 sessions, in addition with sentences, people have been asked to rotate their head in sequence( left, right, back to the center, up, then down and finally return to center) in each session. Each person video data is stored in sequence of \(512\times 384\) pixels jpeg image. The corresponding audio is stored with 16 bit and 32 kHz wav file.

5.4 Finger databases

5.4.1 FVC

Fingerprint verification competition is an international competition focused on fingerprint verification software assessment. FVC has 3 version FVC2000, FVC2002 and FVC2004 with 4 databases namely DB1, DB2, DB3, DB4 databases. FVC 2002 contains total of 800 images of 110 peoples with 500 dpi each.

5.4.2 IBM-99

International Business Machine optical database contains total of 376 images (\(188\times 2\)) of 188 user’s fingerprint pairs, each image with 512 dpi.

5.5 Signature database

5.5.1 MCYT

Ministerio de Ciencia y Tecnologia, Spanish Ministry of Science and Technology MCYT bimodal database consists total of 16500 images of 330 subjects with each image has size of \(300\times 300\). They used CMOS-based capacitive capture device and an optical capture device with a resolution of 500 dpi.

5.6 Palmprint database

5.6.1 PolyU

HongKong Polytechnic University (PolyU) Palmprint Version 2 Database consists of 600 grayscale images of 100 users (6 palm images/user), the original image size is \(384\times 284\) pixels at 75 dpi. From oriented palmprint, image size of \(128\times 128\) is cropped.

5.7 ECG database

5.7.1 PTB

Physikalisch-Technische-Bundesanstalt is a public database contains records of the Frank-lead vectorcardiogram and the standard 12-lead ECGs, sampled at 1000 Hz. Aprox 549 images were collected from 290 subjects.

5.8 Palmvein database

5.8.1 MU

In Multimedia University Palmvein Database images are collected from people residing in various countries such as such as China, Malaysia, India, Africa, and so on. Total of 2720 images were taken of 136 peoples with visible and infrared web cams in contact less environment. About 20 samples were taken from each user (10 images per hand).

5.9 Fingervein database

5.9.1 FV-HMTD

Homologous Multimodal Traits finger-vein database consists of total 636 images of 106 users with 6 images per user (index finger, middle finger and ring finger of both hands). Each image size is of \(320\times 240\) pixels.

6 Conclusion and future work

Cancelable Biometrics is an emerging research area. Researchers from different backgrounds such as Cryptography, Machine Learning, Computer Vision, Statistics etc. have come together for solving this interesting problem. However, there is no comprehensive study which enumerates the state of the art methods in Cancelable Biometrics. In this paper, we have presented a comprehensive review of more than 120 methods proposed by various researchers in the past few decades. Further, a novel taxonomy has been developed for classification of these methods into six categories viz. (i) Cryptography based methods (ii) Transformation based methods (iii) Filter based methods (iv) Hybrid methods (v) Multimodal methods (vi) Other methods along with advantages and disadvantages of various techniques under each category. We have also discussed various performance measures used in cancelable biometrics for verification and identification. Furthermore, various security attacks in Cancelable Biometrics and datasets used for variety of biometrics have been described.

Now, we would like to draw the attention of the readers towards future directions in cancelable biometrics. As most of the Cancelable Biometrics result into decreased performance, novel feature extraction methods which can provide enhanced security of cancelable biometric template should be invented for better verification and identification. Further, the computational complexity and storage requirements of these methods must be less, otherwise the real time application of the method may not be feasible. We have also observed that False Accept Rate/False Match Rate, False Reject rate/False Non Match Rate and Equal Error Rate are the most popular performance measures used in literature. Hence, researchers can focus on proposing new performance measures for verification as well as identification. The security attacks in cancelable biometrics tend to weaken the system. The researchers can look for novel techniques which can either prevent or detect these attacks. Lastly, if the attack is successful, then techniques can be developed for ensuring that the biometric data is not revealed in any manner to the intruders. We have also noticed that datasets of some biometrics such as Signature, Palmprint, ECG, Palmvein are less used. For other Biometrics such as Speech and Fingerprint, only limited number of samples are available in the databases. This puts constraints on the performance testing of methods. hence, the researchers can further explore this direction in future. Recently, deep learning is also employed in Cancelable Biometrics and requires large number of training samples. However, except CMU Multi PIE, there is no large database used in literature. Even, Deep learning itself can be explored for better performance in Cancelable Biometrics. Furthermore, instead of storing the Cancelable Biometric templates in a single database, Cloud storage is also being used for storing Cancelable templates in a distributed manner which is another research direction in this field. Lastly, there may be cases when only single image per person is available. In that case, the development of cancelable template may not be easy. This can be another research direction in Cancelable Biometrics.