Biometric cryptosystems: A new biometric key binding and its implementation for fingerprint minutiae-based representation Zhe Jin a , Andrew Beng Jin Teoh b,n , Bok-Min Goi a , Yong-Haur Tay a a Lee Kong Chian Faculty of Engineering and Science, Universiti Tunku Abdul Rahman, Kuala Lumpur, Malaysia b School of Electrical and Electronic Engineering, College of Engineering, Yonsei University, Seoul, South Korea article info Article history: Received 6 July 2015 Received in revised form 20 December 2015 Accepted 26 February 2016 Keywords: Fingerprint key binding Cancellable templates Error correction code free key binding Alignment-free matching Security–performance tradeoff abstract Despite fuzzy commitment (FC) is a theoretically sound biometric-key binding scheme, it relies on error correction code (ECC) completely to mitigate biometric intra-user variations. Accordingly, FC suffers from the security–performance tradeoff. That is, the larger key size/higher security always trades with poor key release success rate and vice versa. Additionally, the FC is highly susceptible to a number of security and privacy attacks. Furthermore, the best achievable accuracy performance of FC is constrained by the simple distance metrics such as Hamming distance to measure the dissimilarity of binary biometric features. This implies many efficient matching algorithms are to be abandoned. In this paper, we propose an ECC-free key binding scheme along with cancellable transforms for minutiae-based fingerprint bio- metrics. Apart from that, the minutiae information is favorably protected by a strong non-invertible cancellable transform, which is crucial to prevent a number of security and privacy attacks. The scheme is not limited to binary biometrics as demanded in FC but instead can be applied to various types of bio- metric features and hence a more effective matcher can be chosen. Experiments conducted on FVC2002 and FVC2004 show that the accuracy performance is comparable to state-of-the-arts. We further demonstrate that the proposed scheme is robust against several major security and privacy attacks. & 2016 Elsevier Ltd. All rights reserved. 1. Introduction Biometric technology is likely to provide a heightened security level for identity verification and identification. Yet, the invasion of identity privacy is inevitable if the stored template is compro- mised. On the other hand, in cryptography, key management is mandatory for key storage, exchange and transaction, which remains a challenge task [1]. The idea of using biometrics to bind and release a cryptography key is thus attractive since biometric trait is admissibly unique [2]. In fact, the study of binding bio- metrics with cryptography key has been carried out in the past decade as a plausible solution for key management as well as for biometric template protection [3,4]. As a result, biometric cryptosystem was put forward to respond to the needs of either generating cryptographic key directly from biometrics (key gen- eration) or securing the external cryptographic key using biometrics (key binding) [5]. The major distinction of key gen- eration and key binding is on how the helper data (a piece of public information derived from biometrics but reveals no significant information about the original biometric data) is extracted. For key generation, the helper data is derived solely from the biometric template and the key is directly generated from the helper data and the query biometric features. Despite key generation is an attractive proposition, it is difficult to be realized due to large intra-user variability of biometrics that leads to a contradiction for achieving high key entropy and stability simultaneously [5]. Fur- thermore, the original idea of key generation scheme is not catered for cancelability and linkability concerns. The representa- tive instances of key generation schemes can be found in [6–8]. It is noted that due to the nature of biometric variability, key gen- eration is less popular than that of the key binding scheme. For key binding approach, the chief idea is to secure the bio- metric template by binding it with the cryptographic key. The mixture of biometric template and key is stored as helper data [5]. The cryptographic key is externally generated and completely independent to the biometrics. A key is released only if the query instance with sufficient similarity to the template is supplied. Error correction code (ECC) is employed to manage the variations of biometric data. The well-known instances of key binding approach are fuzzy commitment [3] and fuzzy vault [4]. Despite effective, several vulnerabilities and drawbacks were recognized. This hinders the proliferation of key binding schemes. The details will be discussed in Section 1.1. Contents lists available at ScienceDirect journal homepage: www.elsevier.com/locate/pr Pattern Recognition http://dx.doi.org/10.1016/j.patcog.2016.02.024 0031-3203/& 2016 Elsevier Ltd. All rights reserved. n Corresponding author. Tel.: þ82 2 2123 5772. E-mail address: bjteoh@ieee.org (A.B.J. Teoh). Please cite this article as: Z. Jin, et al., Biometric cryptosystems: A new biometric key binding and its implementation for fingerprint minutiae-based representation, Pattern Recognition (2016), http://dx.doi.org/10.1016/j.patcog.2016.02.024i Pattern Recognition ∎ (∎∎∎∎) ∎∎∎–∎∎∎