1 Introduction

The critical assets, like utility substations, data hubs and control centers in communications, utilities and energy industries, must be able to ensure the highest reliability level, because the economic prosperity and social well-being of the nation rely on them to operate the infrastructures and keep the economy healthy. There is no more urgent priority than assuring the continuity, availability and security of the critical infrastructures [1], so to protect critical infrastructure requires advanced physical access systems to reliably manage access control of individuals. Biometric recognition systems, e.g., fingerprint recognition system, which are based on “who you are” to achieve authentication, can defend the critical infrastructure [2] and toughen up critical infrastructure security. Biometric recognition systems have many advantages compared with traditional password- or token-based authentication, which is based on “what you know/have.” For example, the use of biometric systems can avoid the trouble of remembering long passwords and token loss [3].

In a typical biometric authentication system, two stages are composed, namely enrollment stage and authentication stage [4]. Specifically, in the enrollment stage, a user presents his/her finger to a sensor where his/her fingerprint image is captured. Then features are extracted from the fingerprint image and stored in the database as a template. In the authentication stage, a user, who wants to be authenticated, presents his/her finger to the sensor. The same algorithm used in the enrollment stage is applied to extracting features, known as a query. The query is then compared with the template stored in the database to output a matching or non-matching report. A typical fingerprint-based authentication system is demonstrated in Fig. 1 as an example.

Fig. 1
figure 1

A typical biometric authentication system including two stages, enrollment and authentication

Full size image

However, with the widespread deployment of biometric systems, security and privacy issues arise. For example, with the stored biometric templates, e.g., fingerprint minutiae information or face feature data, the whole fingerprint or face image [5] can be reconstructed. Template cross-matching in different applications is another issue which can cause privacy leakage of individuals [6]. These issues make biometric template protection necessary.

1.1 Related work

There are two main categories of biometric template protection: biometric cryptosystems and cancelable biometrics. Specifically, in biometric cryptosystems, a secret key is either bound with or directly generated from biometric features. The biometric features are secured by secure sketches, e.g., fuzzy commitment [7] and fuzzy vault [8]. The concept of fuzzy commitment was first proposed by Juels and Wattenberg in [7] as a type of cryptographic primitive. It combines techniques from the areas of error-correction codes and cryptography. In a fuzzy commitment-based biometric system, according to [7], to encrypt a secret key k, in the enrollment stage, it is inputted into the error-correction code, e.g., BCH, to generate a codeword \(C=B_e (k)\), where \(B_e (\cdot )\) represents the encoding procedure of the BCH code. The codeword is further bound with the biometric template feature string x to output the helper data \(y=C\oplus x\), where \(\oplus \) represents the XOR operation. In the authentication stage, in order to retrieve the secret key k, a query feature string \(x^{\prime }\) is extracted and XORed with the helper data y as \(C^{\prime }=x^{\prime }\oplus y\). Then \(C^{\prime }\) is inputted into the BCH code, as \(k^{\prime }=B_d (C^{\prime })\), where \(B_d (\cdot )\) represents the decoding procedure of the BCH code. If the hamming distance between \(x^{\prime }\) and x is smaller than the error-correction capability of the BCH code, the retrieved secret string \(k^{\prime }\) will be the same as k and the authentication is successful. In [9], Teoh and Kim proposed a method named randomized dynamic quantization transformation to generate random and unique binary strings. Then the generated binary strings are bound with a random bit string using the fuzzy commitment scheme. Fuzzy commitment, as an efficient template protection algorithm, however, has its drawbacks, such as limited security and suffering from cross-matching attack. In [10], the authors provided a comprehensive analysis on the privacy and security of the fuzzy commitment scheme. The analysis shows that a very significant reduction of privacy and security leakage occur because of the dependency of biometric data. In order to prevent the cross-matching attack, Kelkboom et al. [11] applied a random bit-permutation process to securing the fuzzy commitment data.

Fuzzy commitment methods require the template and query features, e.g., x and \(x^{\prime }\), to be ordered so that their correspondence can be distinct. The features extracted from face or iris can meet this requirement, but the features extracted from fingerprint are represented by a set of unordered minutiae points and thus cannot fulfill this requirement [12]. To solve the issue, Uludag et al. [8] proposed to protect the fingerprint minutiae data with fuzzy vault [13]. The experimental results show that a 128-bit AES key can be feasibly secured by the proposed fuzzy vault. Later, Nagar et al. [14] showed that by using the fuzzy commitment scheme, the security of fuzzy vault can be improved. The authors used the orientation and ridge frequency information in a minutia’s neighborhood to secure/encrypt the polynomial evaluations. To further increase the security of fuzzy vault, Narayanan and Karthikeyan [15] used a double encryption technique, which combines symmetric key and a symmetric key generation. The experimental results demonstrate that better security is achieved. Some other variants of fuzzy vault are also designed and proposed, e.g., [16,17,18,19].

Cancelable biometrics is another technique to protect biometric templates. The concept of cancelable biometrics was first proposed by Ratha et al. [20], which is to accomplish authentication by utilizing the transformed version of the biometric data instead of the original biometric data. If the transformed templates are compromised, they can be revoked. Also, the original templates are still secure because the transformation used in the process is non-invertible. Subsequent to [20], a variety of algorithms in cancelable biometrics are presented. In [21], Ratha et al. developed several methods to generate cancelable templates such as Cartesian transformation, polar transformation and functional transformation and presented a brief analysis of their strengths. In [22], Teoh et al. proposed a scheme named BioHash to mix a set of user-specific random vectors with biometric features. In BioHash, a quantized random projection ensemble is used to establish the mathematical foundation of BioHash. Yang et al. [23] proposed a non-invertible transform to perpendicularly project the distances between two minutiae to a circle to create the features. Besides the distances, some other local and global features, such as relative angles between minutiae pairs, orientation and ridge frequency, are also used. Lee and Kim [24] introduced a new way to create cancelable templates without requiring fingerprint image pre-alignment. The core idea is to project the minutiae structures into a predefined 3D array, which is composed of small cells. If a cell contains a minutiae structure, it is set to 1; otherwise, it is set to 0. In this way, a 1D binary string is formed by sequentially concatenating the cells in the 3D array. Ahmad et al. [25] proposed a pair-polar coordinate-based cancelable fingerprint templates, which do not require registration because the pair-polar structure is rotation- and transform-free. Then a many-to-one mapping relationship is established to achieve the one-way transformation. The above methods focus on the generation of stable or registration-free features, while others pay more attention to the design of non-invertible transformations. In [26], Wang and Hu proposed a densely infinite-to-one mapping (DITOM)-based mathematical model to carry out non-invertible transformation. Later, they constructed cancelable fingerprint templates via curtailed circular convolution, which is an effective one-way transform [27]. A partial Hadamard transformation in [28] and a partial discrete Fourier transform-based non-invertible transformation in [29] are proposed by Wang et al. to provide secure protection to the binary biometric representations.

1.2 Motivation and contributions

Regarding the aforementioned cancelable biometric systems, there is a serious security concern, that is, when multiple transformed templates and their corresponding transformation parameters (e.g., the transformation key that generates the transformation matrix) are obtained by the attacker, the biometric template can be compromised by attacks via record multiplicity (ARM) according to the research in [30, 31]. In all the existing cancelable biometric systems, transformation keys are not protected and therefore they are considered publicly available, which makes the original biometric features vulnerable to ARM.

To solve the above issue, in this paper we propose an enhanced cancelable biometric system, which contains two layers, a core layer and an expendable layer. The expendable layer is added to protect the transformation key used in the core layer. In this sense, the expendable layer is considered to be a complement to the core layer and even if the expendable layer is compromised, the biometric templates are still safe. The contribution of this work is highlighted as follows:

  1. 1.

    The transformation key used in cancelable biometrics without protection poses the risk of compromising the original biometric feature set through ARM. To address this, we resort to the fuzzy commitment technique to extract a feature set from the face image to protect the transformation key. If an adversary wants to retrieve the original biometric features, he/she has to break the fuzzy commitment first and then reverse the non-invertible transformation. We call this method cascading encryption. It can defend against the ARM.

  2. 2.

    The proposed system strikes a balance between recognition performance and security. The system with no template protection performs best; recognition performance decreases when the cancelable biometric technique is applied and further declines when the expendable layer is added. However, the system security is clearly strengthened with the addition of the expendable layer.

The rest of the paper is organized as follows. The proposed cascading encryption scheme, which is able to enhance the system security, is introduced in Sect. 2. The experimental results and security analysis are presented in Sect. 3. In Sect. 4, the conclusion is given.

2 The enhanced cancelable biometric system with cascading encryption

The proposed enhanced cancelable biometric system contains two layers, a core layer and an expendable layer. In the core layer, a random projection-based non-invertible transformation is used to protect the fingerprint template. To heighten the security of the core layer, an expendable layer is added, in which a feature set extracted from the face image together with the fuzzy commitment technique is employed to secure the transformation key in the core layer. The details of the two layers are presented below.

2.1 Core layer: fingerprint template generation and protection using non-invertible transformation

Because of factors like nonlinear distortion and rotation during fingerprint image acquisition, fingerprint patterns are known for small interclass variability but large intraclass variation [32]. Fingerprint templates generated using global features usually rely on precise registration based on singular points. However, accurate singular point detection is hard. It is observed that a local structure formed by a minutia with its neighboring minutiae tends to be stable in the presence of distortion and translation- and rotation-invariant. Therefore, a minutiae pair-based local structure [26] is employed in this paper.

Fig. 2
figure 2

An example of the minutiae pair

Full size image

Given a set of minutiae M which includes N minutiae, each minutia \(m_i \) from M can be represented by \(m_i =(x,y,\theta ,t)_{i\in [1,N]} \), where (xy) is the coordination of the minutia, \(\theta \) is the minutia orientation, and t represents the type of the minutia. A local structure, which is formed by two minutiae, \(m_i =(x_i ,y_i ,\theta _i ,t_i )\) and \(m_j =(x_j ,y_j ,\theta _j ,t_j )\) from minutiae set M, is shown in Fig. 2, and a feature vector \(V_{ij}\) can be extracted from it. The feature vector \(V_{i j} \) is represented by \(V_{i j} =(L_{ij} ,\delta _i ,{\phi } _j ,t_i ,t_j )\), where \(L_{ij} \) is the length of the edge between minutiae \(m_i \) and \(m_j \); \(\delta _i \) and \({\phi } _j \) are the angles between the orientation of each minutia and the edge, and they are in the range of 0 to \(2\pi \). If any two minutiae from minutiae set M form a minutia pair, there is a total of \(N \times (N-1)/2\) minutia pairs. Due to the intrauser variation caused by biometric uncertainty between the corresponding minutia pairs from template and query images, the quantization technique similar to that in [24] is applied to mitigating such variation. For example, assume that the edge lengths of \(L_1 \) and \(L_2 \) are 16 and 18 pixels, respectively; if their absolute values are used to do matching, obviously \(L_1 \ne L_2 \), however, if all the values between [15,16,17,18,19,20,21] are quantized to be 18, then \(L_1 =L_2 =18\). As such, the intrauser variation is alleviated to some extent. In this application, we set the quantization step size to be \(s_L \) for \(L_{ij} \) and the step size to be \(s_a \) for \(\delta _i \) and \({\phi } _j \). After quantization, the quantized value, e.g., 18, is converted into binary, e.g., 10,010. Assume that \(l_L , l_\delta \) and \(l_{\phi } \) are the bit length of the binary outputs of quantized \(L_{ij} , \delta _i \) and \({\phi } _j \), respectively. Then the length of binary representation for \(V_{i j} \) is \(l_V =l_L +l_\delta +l_{\phi } +2\) and \(V_{i j} \)’s corresponding integer value \(V_{ij}^I \) is in the range of \(0{-}2^{l_V }-1\). To add the uncertainty of the feature vector locations, a modulo operation \(\bmod (V_{ij}^I ,p)\) is introduced to the corresponding integer value of each feature vector, where p is a preset parameter. For instance, if the integer value \(V_{ij }^I \) is 30,345 and p is set to be 30,000, then \(\bmod (30{,}345,30{,}000)=345\). So the 345th bin in the range of \([0, p-1]\) has the value of “1.” Those bins without any integer value of a feature vector located are assigned the value of “0.” In this way, after going through each feature vector from a total of \(N \times (N-1)/2\) minutia pairs, a binary string \(\mathbf{b}_f \) of length p can be obtained and 1s in \(\mathbf{b}_f \) corresponds to those feature vectors, e.g., \(V_{i j} \).

Regarding the binary string \(\mathbf{b}_f \), even if the modulo operation is applied, an adversary is still able to reversely calculate the locations of minutiae, if no further protection is provided. Hence, we decide to apply the random projection-based non-invertible transformation in order to provide further protection to the binary string \(\mathbf{b}_f \). The non-invertible transformation can be represented by a system of linear equations as

$$\begin{aligned} \mathbf{y}_f =\mathbf{Mb}_f \end{aligned}$$
(1)

where \(\mathbf{y}_f \) is the transformed template and \(\mathbf{M}\) is the projection matrix of size \(q\times p\), generated using the secret key K as a seed. If \(K_i \ne K_j \), the generated matrix \(\mathbf{M}_i \) is different from \(\mathbf{M}_j \). The security provided by Eq. (1) is based on the well-known result in linear algebra that for a system of linear equations, if the coefficient and augmented matrices have the same rank, then solutions exist, but if the rank is smaller than the number of unknowns, then there is an infinite number of solutions [33].

2.2 Expendable layer: enhancing security with cascading encryption

In Sect. 2.1, we indicated that secret key K serves as a seed to generate the projection matrix \(\mathbf{M}\), which means if the secret key K is obtained by the adversary, then the projection matrix \(\mathbf{M}\) compromised. Assume that such a fingerprint-based cancelable biometric design is used in \(N_1 \) different applications, to avoid the cross-matching attack, \(N_1 \) different secrets \(\{K_i \}_{i=1}^{N_1 } \) are used, which lead to \(N_1 \) different projection matrixes \(\{\mathbf{M}_i \}_{i=1}^{N_1 } \). As mentioned in Sect. 1.2, the cancelable biometric system can be compromised by attacks via record multiplicity (ARM) [30, 31], if multiple projection matrixes, e.g., \(\mathbf{M}\), are obtained by the attacker.

To solve this issue, we propose to protect the secret key K by a feature set extracted from the face image with the fuzzy commitment technique. This feature set acts as an expendable layer, which expands our cancelable biometric system because the adversary who wants to attack the system needs to conquer this layer first. Even if this layer is compromised, the system security maintains the same strength provided by a typical cancelable biometric system.

Face recognition has been extensively researched. There is a considerable amount of work that has been done in face feature extraction [34,35,36,37,38]. In this paper, feature extraction from a face image is the same as that conducted in [38]. Specifically, given a face image I, it is first rotated according to the eye coordinates and cropped into a size of \(128\times 128\) pixels. Let \(\psi (f_u ,\theta _v )\) denote a Gabor filter [39, 40] given by its center frequency \(f_u \) and orientation \(\theta _v \). The face feature extraction procedure is the process of the filtering operation to the face image I using the Gabor filter \(\psi (f_u ,\theta _v )\) of size u and orientation v, which is represented as \(G_{u,v} =I{*}\psi (f_u ,\theta _v )\), where \(G_{u,v} \) is the filtering output. Similar as [38], in which a filter bank comprises Gabor filters of five scales \(u=0,1,\ldots ,4\) (the maximal frequency \(\hbox {max}(f_u )\) of the filters is 0.25 and the step size between two consecutive filter scales is \(\sqrt{2}\)) and eight orientations \(v=0,1,\ldots ,7\) (the maximal value \(\hbox {max}(\theta _v\)) of the orientations is \(7\pi /8\), and the step size between two consecutive filter orientations is \(\pi /8\)), a total of 40 filters are generated. After that the cropped face image I is filtered by 40 Gabor filters \(\psi (f_u ,\theta _v )\) from the filter bank, resulting in a feature vector \(G_{u,v} \) with a dimension of \(655{,}360 \,(=128\times 128\times 40)\), which is obviously too costly for processing and storage. Therefore, linear discriminant analysis (LDA) as a dimensionality reduction technique is exploited to project the feature vector into a subspace. This process will generate a set of real values, as \(\mathbf{r}_c =\hbox {LDA}(G_{u,v} )=W{*}(G_{u,v} -\mu )\), where W is the transformation matrix and \(\mu \) represents the global mean of all training samples calculated by the LDA training process. \(\mathbf{r}_c \) is further transformed into a binary feature vector, \(\mathbf{b}_c \) of length \(N_2 \), by utilizing the BioHashing technique in [41]. The whole process of face feature extraction is illustrated in Fig. 3.

Fig. 3
figure 3

The process of face feature extraction

Full size image
Fig. 4
figure 4

Encoding and decoding processes of fuzzy commitment

Full size image

Fuzzy commitment (FC) has been implemented successfully in many biometric systems and is particularly suitable for the binary feature representations. A fuzzy commitment contains two processes as shown in Fig. 4. (1) During the encoding process, \(\hbox {BCH}(n,k,t)\) code is used as a part of the encoder of FC, where k is the length of the key that can be secured and it depends on the length of the codeword n and the error-correction capability t. The \(\hbox {BCH}(n,k,t)\) code cannot secure the whole secret key K in our application, so only a partial key \(k^{T}\) from K is secured by \(\hbox {BCH}(n,k,t)\) code and other part of K is not a secret. The partial key \(k^{T}\) is encoded by the encoder of FC into a codeword \(C=B_e (k^{T})\) of length \(N_2 \), which is the same as the length of template binary feature vector \(\mathbf{b}_c^T \). The feature vector \(\mathbf{b}_c^T \) is then bound with the codeword C, as \(\mathbf{H}=\mathbf{b}_c^T \oplus C\), where \(\oplus \) represents the XOR operation and \(\mathbf{H}\) acts as the helper data. The helper data \(\mathbf{H}\) together with the hash value \({ hash}(k^{T})\) of \(k^{T}\) are stored in the database. The helper data \(\mathbf{H}\) reveal no information about \(\mathbf{b}_c \) or C, assuming that the fuzzy commitment is theoretically secure. (2) During the decoding process, the query binary feature vector \(\mathbf{b}_c^Q \) and the stored helper data \(\mathbf{H}\) are XORed to output a retrieved codeword \(C^{\prime }=\mathbf{b}_c^Q \oplus \mathbf{H}\). If the query feature vector \(\mathbf{b}_c^Q \) is close enough to the template feature vector \(\mathbf{b}_c^T \), the number of errors in the retrieved codeword \(C^{\prime }\) compared with the codeword C should be smaller than error-correction capability t of the FC decoder, and the retrieved secret key \(k^{Q}=B_d (C^{\prime })\) will be the same as the original secret key \(k^{T}\), and vice versa. The hash value \({ hash}(k^{Q})\) can be compared with the hash value \({ hash}(k^{T})\) to judge whether the secret key has been retrieved correctly or not.

2.3 Two stages of the proposed cancelable biometric system

As mentioned in Sect. 1, a typical biometric authentication system contains two stages, enrollment stage and authentication stage. The whole process of enrollment and authentication stages of the proposed system is shown in Fig. 5.

Fig. 5
figure 5

The flowchart of the proposed cancelable biometric system

Full size image

In the enrollment stage, the template fingerprint feature set \(\mathbf{b}_f^T \) is extracted and transformed under the guidance of projection matrix \(\mathbf{M}\) generated from secret key \(K^{T}\), so as to produce the transformed template \(\mathbf{y}_f^T \), as \(\mathbf{y}_f^T =\mathbf{Mb}_f^T \). The details can be found in Sect. 2.1. The partial secret key \(k^{T}\) from \(K^{T}\) is bound with the face template feature set \(\mathbf{b}_c^T \) to output the helper data \(\mathbf{H}\), as described in the encoding process in Sect. 2.2. Both the transformed template \(\mathbf{y}_f^T \) and helper data \(\mathbf{H}\) are stored in the database for verification in the authentication stage.

In the authentication stage, the first step is to retrieve the secret key used in the enrollment stage. To do this, the query face feature set \(\mathbf{b}_c^Q \) together with the helper data \(\mathbf{H}\) is inputted into the fuzzy commitment decoder to output a secret key \(k^{Q}\), as detailed in the decoding process in Sect. 2.2. The hash value \({ hash}(k^{Q})\) of \(k^{Q}\) is compared with the hash value \({ hash}(k^{T})\) of \(k^{T}\); if \({ hash}(k^{Q}) \ne { hash}(k^{T})\), then the matching is considered to be unsuccessful and a non-matching verdict is given directly. If \({ hash}(k^{Q}) = { hash}(k^{T})\), then the retrieved key \(k^{Q}\) helps to get the secret key K. K is further used as the seed to generate the same projection matrix \(\mathbf{M}\) as that used in the enrollment stage; under the guidance of the projection matrix \(\mathbf{M}\), the query fingerprint feature set \(\mathbf{b}_f^Q \) applies the same transformation as the template feature set, \(\mathbf{y}_f^Q =\mathbf{M}{} \mathbf{b}_f^Q \). Matching is conducted in the transformed domain using the transformed template and query fingerprint feature sets, \(\mathbf{y}_f^T \) and \(\mathbf{y}_f^Q\), instead of using the original feature sets, \(\mathbf{b}_f^T \) and \(\mathbf{b}_f^Q \). The similarity score between \(\mathbf{y}_f^T \) and \(\mathbf{y}_f^Q \) is calculated by the following equation:

$$\begin{aligned} S(\mathbf{y}_f^T ,\mathbf{y}_f^Q )=1-\frac{||\mathbf{y}_f^T -\mathbf{y}_f^Q ||_2 }{||\mathbf{y}_f^T ||_2 +||\mathbf{y}_f^Q ||_2 } \end{aligned}$$
(2)

where \(||\cdot ||_2 \) represents the 2-norm. The larger the similarity score, the more similar the template and query feature sets are. The value of \(S(\mathbf{y}_f^T ,\mathbf{y}_f^Q )\) is in the range of [0, 1]. If the value of \(S(\mathbf{y}_f^T ,\mathbf{y}_f^Q )\) is larger than a predefined threshold, a match verdict is given, and vice versa.

3 Experimental results and security analysis

3.1 Performance evaluation

The proposed cancelable biometric system is evaluated on publicly available fingerprint Databases DB1 and DB2 of FVC2002 [42], DB2 of FVC2004 [43] and Database DS2 of the Multimodal BioSecure Database [44]. Each database from FVC2002 and FVC2004 contains 800 gray-level fingerprint images, which are collected from 100 fingers with eight images per finger. The software VeriFinger 4.0 of Neurotechnology [45] was utilized for minutiae extraction. In Database DS2, there are 210 users who provided their biometric traits, and each user contributed eight face images. In our experiment, the face images from the first 100 users are employed, so there are 800 faces images. The first four images of each user were used for training.

We evaluate the performance of the proposed system in three different cases. In Case 1, the performance of the system is evaluated with no template protection, i.e., without non-invertible transformation and cascading encryption. In Case 2, the cancelable biometric system without cascading encryption is tested. In Case 1 and Case 2, experiments are only carried out on fingerprint Databases DB1, DB2 of FVC2002 and DB2 of FVC2004 because Case 1 and Case 2 do not involve the cascading encryption provided by the face feature together with fuzzy commitment. In Case 3, we evaluate the performance of the proposed system with full protection to the cancelable template with non-invertible transformation and cascading encryption. In this case, in order to generate two mated image pairs, we combine the first and second images of each finger in the fingerprint databases of FVC2002 and FVC2004 with the fifth and sixth face images from each user of the first 100 users in the Database DS2, respectively.

There are several indices that can be used to measure the system performance [46], such as the (1) false acceptance rate (FAR), which is the ratio of successful imposter attempts to the total imposter attempts, (2) false rejection rate (FRR), which is the ratio of unsuccessful genuine attempts to the total genuine attempts, and (3) equal error rate (EER), which is defined as the error rate when FAR is equal to FRR. In all the three cases, the first image is considered as the template and the second image of the same user is treated as the query to calculate the FRR. At the meantime, the first image of each user is used as template and the first image of all other (different) users is set as the query to calculate the FAR.

Table 1 Recognition accuracy (%) of the proposed system under Case 1 and Case 2 in comparison with similar work
Full size table
Fig. 6
figure 6

a The ROC curve of the proposed system under Case 1 and Case 2 on Database FVC2002DB1. b The ROC curve of the proposed system under Case 1 and Case 2 on Database FVC2002DB2. c The ROC curve of the proposed system under Case 1 and Case 2 on Database FVC2004DB2

Full size image

The performance of the proposed system in Case 1 and Case 2, compared with similar work, is reported in Table 1. From Table 1, we can see that the proposed system in Case 1 performs better than Case 2. This is because in Case 1, the system uses the original feature set, of which the feature length \(2^{l_V}\) is larger than that q of the transformed feature in Case 2. It means that the feature set used in Case 1 contains more information than the feature set in Case 2, which leads to better performance. Note that in Case 1, the EER on Database 2002DB1 is 1.00%, which is worse than that 0.57% on Database 2002DB2, but the results turn around, when \(\hbox {FAR}=0\), FRR is 5.00% on Database 2002DB1 which is better than \(\hbox {FRR}=6.00\%\) on Database 2002DB2. EER is the error rate when FAR is equal to FRR, so even if EER on 2002DB1 is worse than that on 2002DB2, it does not necessarily mean that FRR must be worse than that on 2002DB2 under the same FAR, e.g., \(\hbox {FAR}=0\). Also the receiver operating characteristics (ROC) curve of the proposed system under Case 1 and Case 2 is shown in Fig. 6.

When we compare the proposed system in Case 2 with other similar cancelable biometric systems, the proposed system performs better than most existing methods, except that in [29]. The method in [29] uses a bunch of local structures, and each local structure contributes a feature vector. Assume that if the template contains N feature vectors and the query contains M feature vectors, in the matching process a total of \(N \times M\) comparisons must be made. Compared with the method in [29], the template or query in the proposed system contains only one feature vector, so only one matching attempt is needed, which is more efficient for practical implementation. Moreover, the proposed system contains an extra expendable layer, which can provide higher security than the method in [29].

The performance of proposed system in Case 3 is listed in Table 2. It can be observed that when the key length k increases, the system performance decreases. For example, when key length k is 15 bits, the performance is \(\hbox {FAR}=0\) and \(\hbox {FRR}=13\%\), while when key length k is 64 bits, the performance decreases to be \(\hbox {FAR}=0\) and \(\hbox {FRR}=59\%\). It shows the compromise between the performance and security level. Also it can be seen that the performance on all the three combined databases is the same. The reason is that in the authentication stage, the key used to generate the transformation matrix has to be retrieved from the fuzzy commitment secure sketch. If the retrieved key is different from that used in the enrollment stage, matching would fail. Therefore, the matching performance of the proposed system tremendously relies on the performance of the expendable layer.

Table 2 Recognition accuracy (%) of the proposed system in Case 3 with different key lengths
Full size table

3.2 Security analysis

Two protection layers in the proposed cancelable system are used to secure the biometric template. In the core layer, the fingerprint template is protected by the random projection-based non-invertible transformation. The non-invertible transformation brings about a system of linear equations. To conquer this linear equation system is computationally infeasible for the following reason. The random projection-based transformation represented in Eq. (1) effectively constitutes an underdetermined system of linear equations. Because the projection matrix \(\mathbf{M}\) is a \(q\times p\) column rank-deficient matrix with q being smaller than p, the rank of matrix \(\mathbf{M}\) is \(rank(\mathbf{M})=q\), which is less than the number of unknowns, namely elements of the fingerprint feature \(\mathbf{b}_f \). It is a well-known result in linear algebra [33] that when the coefficient and augmented matrixes of Eq. (1) have the same rank, there is an infinite number of solutions for Eq. (1). Clearly \(\mathbf{b}_f \) is just one among a large number of solutions, which makes the search for \(\mathbf{b}_f \) tremendously difficult. However, the adversary can only launch the ARM attack by obtaining multiple transformation matrices (which equals to the secret key K) and transformed feature sets (e.g., \(\mathbf{y}_f )\) from the same original feature set (e.g., \(\mathbf{b}_f )\). In this case, the expendable layer can provide certain security to protect the secret key. Considering the security provided by the expendable layer, in the fuzzy commitment scheme, the \(\hbox {BCH}(n, k, t)\) code is used for error correction. In our application, \(n=N_2 =127\), and k is the length of the partial secret key k. k is a variable and set to be the range of 15–64 bits, which impacts on the system performance, as shown in Table 2. Under the brute force attack, the expendable layer can provide extra security of 15–64 bits to the system if the adversary tries to steal the secret key k. However, with an increase of k, the performance decreases, which shows the compromise between recognition accuracy and system security. When considering the security provided by fuzzy commitment to the face feature vector \(\mathbf{b}_c^T \) under the case that the adversary would like to conquer the face modality, by the sphere-packing bound [50], the security provided by a fuzzy commitment is equal to the entropy of \(\mathbf{b}_c^T \) by given helper data \(\mathbf{H}\), which can be expressed as \(H_\infty (\mathbf{b}_c^T |\mathbf{H})=\log _2 \left( {2^{n}/\left( {{\begin{array}{l} n \\ t \\ \end{array} }} \right) } \right) \). The security \(H_\infty (\mathbf{b}_c^T |\mathbf{H})\) is variable under different values n and t of \(\hbox {BCH}(n, k, t)\). For example, when BCH(127, 15, 27) is used, the security \(H_\infty (\mathbf{b}_c^T |\mathbf{H})= 35\) bits, while when BCH(127, 64, 10) is used, the security \(H_\infty (\mathbf{b}_c^T |\mathbf{H})=79\) bits.

4 Conclusion

A critical infrastructure may fail to work without a reliable access control system. Such a failure can have dire consequences on the entire infrastructure network because many interdependencies exist between different critical infrastructures. To secure critical infrastructures, in this paper we have proposed an enhanced cancelable biometric system to provide security-tightened access control. Given that a cancelable biometric system is likely to suffer from attacks via record multiplicity (ARM), we design cascading encryption to enhance the security of the fingerprint-based cancelable biometric system (i.e., core layer) by binding the transformation key for non-invertible transformation with the face feature set using fuzzy commitment (i.e., expendable layer). Experimental results show that with just the core layer, our cancelable biometric system performs better than most existing methods and with the addition of the expendable layer, the overall system security is improved at the expense of recognition performance. For future work, we will explore more distinguishing features, e.g., features from iris or finger vein, so as to toughen up the system security while maintaining good recognition performance. Also cancelable biometrics can be applied in other applications [51,52,53], e.g., body area networks and medical devices, to provide security.