An Embedded Fingerprint Authentication System Integrated with a Hardware-Based Truly Random Number Generator

Murat Erat1,2 , Kenan Danman2 , Salih Ergn1 , Alper Kanak1, s u and Mehmet Kayaoglu1
1

TUBITAK-National Research Institute of Electronics and Cryptology, Kocaeli, Turkiye 2 Dept. of Electronics Engineering, Erciyes University, Kayseri, Turkiye {erat,salih,alperkanak,mehmet.kayaoglu}@uekae.tubitak.gov.tr, danismak@erciyes.edu.tr

Abstract. Recent advances in information security requires randomly selected strong keys. Most of these keys are generated by software-based random number generators. However, implementing a Truly Random Number Generator (TRNG) without using a hardware-supported platform is not reliable. In this paper, a ngerprint authentication system using a hardware-based TRNG to produce a private key that encrypts the ngerprint template of a person is presented. The designed hardware can easily be mounted on a standard or embedded PC via its PCI interface to produce random number keys. Random numbers forming the private key is guaranteed to be true because it passes a two-level randomness test evaluated rst on the FPGA then on the PC by applying the full NIST test suite. The whole system implements an AES-based encryption scheme to store the persons secret stored on a smart or glossary card safely. The main contribution of the work is the use of new-generation hardware-based TRNGs to enhance the security of a ngerprint authentication system.

Introduction

There is a growing need for information secrecy as a natural result of the emerging demand in enabling electronic ocial & nancial transactions. With this respect, random number generators (RNG) which are indispensable components of cryptographic systems began merging into typical digital communication devices. Since the generation of public/private key-pairs for asymmetric algorithms and keys for symmetric and hybrid cryptosystems there is an emerging need for RNGs. Generally, two types of RNGs exist: Truly Random Number Generators (TRNGs) and Pseudo-Random Number Generators (PRNGs). TRNGs take advantage of nondeterministic sources (entropy sources) which truly produce random numbers. TRNG output may be either directly used as random
W.G. Kropatsch, M. Kampel, and A. Hanbury (Eds.): CAIP 2007, LNCS 4673, pp. 366373, 2007. c Springer-Verlag Berlin Heidelberg 2007

An Embedded Fingerprint Authentication System

367

number sequence or fed into a PRNG. PRNGs use specic algorithms to generate bits in a deterministic fashion. In order to appear to be generated by a TRNG, pseudo-random sequences must be seeded from a shorter truly random sequence [4] and no correlation between the seed and any value generated from that seed should be evident. Besides all mentioned above, the production of highquality Truly Random Numbers (TRNs) may be time consuming, making such a process undesirable when a large quantity of random numbers needed. Hence, for producing large quantities of random numbers, PRNGs may be preferable in spite of their predictability weaknesses. Although RNG design is known, making a useful prediction about the output should not be possible. To fulll the requirements for secrecy of one-time pad, key generation and any other cryptographic application, TRNG must satisfy the following properties: The output bit stream of TRNG must pass all the statistical tests of randomness; random bits must be forward and backward unpredictable; the same output bit stream of TRNG must not be able to be reproduced [5]. The best way one can generate TRNs is to exploit the natural randomness of the real world by nding random events that occur regularly [5]. There exist fundamentally four dierent techniques for RNG considering various random events: amplication of a noise source [6,7] jittered oscillator sampling [3,2], discrete-time chaotic maps [8,9] and continuous-time chaotic oscillators [10]. In spite of the fact that the use of discrete-time chaotic maps in the realization of RNG is well-known for some time, it has been recently shown that continuoustime chaotic oscillators can be used to realize TRNGs as well. Since TRNs might be used to generate digital signatures, integrating biometricbased person authentication system with cryptographic schemes that use TRNbased keys is a promising eld [14]. In this study, a ngerprint verication system, in which the ngerprint feature templates are encrypted by private keys, are presented. Note that, private keys are extracted by TRNG. Having a PCI interface to upload the generated bit sequences make the proposed design ideal for computer based cryptographic applications. The TRNG presented in this paper is designed in a dual oscillator architecture by combining with the thermal noise amplication method. The throughput data rate of hardware implemented TRNG eectively becomes 130 Kbps which seems very promising for real-time applications. The main contribution of this study is the integration of cost-eective Wedge and Ring (W&R) based ngerprint recognition algorithm [16] with a secure feature storage scheme. The system guarantees generating reliable private keys comprised of TRNs. Another contribution of this system is that the FPGA based system might easily be mounted on any PC or embedded PC.

Hardware Implemented Truly Random Number Generator

Since it is not possible to produce true randomness but pseudo randomness by software-based methods, a hardware implemented TRNG design which uses a dual oscillator architecture with thermal noise amplication method in order to

368

M. Erat et al.

increase the output throughput and the statistical quality of the generated bit sequences, is used. The proposed hardware is presented in Fig. 1. Thermal noise generation process is multiplicative and results in the production of a random series of noise spikes. Op-Amp in Fig 1 amplies the noise voltage over the RSrc resistor by 500 times. Amplier circuit is capable of passing signals from 20 Hz to 500 kHz and the frequency of a slower clock is modulated with the output signal of the amplier. Note that the noise in a register has a white spectrum. 74HCT4046A voltage-controlled oscillator (VCO) is used to implement the modulation of the slower clock frequency with the amplied noise voltage. Then, with the rising edge of the noisemodulated slower clock, the output of a fast clock is sampled using a D ipop inside the FPGA. Center frequency of the VCO determines the center frequency of the slower clock and can be adFig. 1. Hardware Implemented TRNG justed up to 17 MHz for 74HCT4046A. Drift between the two oscillators provides random bit generation to be more robust. Because of the nonlinear aliasing phenomenon associated with sampling, the dual oscillator architecture achieves increased output throughput and higher statistical quality [2]. In [1], it has been reported that in order to obtain an uncorrelated random bit stream, the modulated slower oscillator period should feature a standard deviation much greater than the fast oscillator period. In order to remove the biasing of the output bit sequence, fast oscillator should have a balanced duty cycle. To get a satisfactory result, fast oscillator is implemented by dividing a low jitter 192MHz crystal oscillator by 4 inside the FPGA. In this way, we get a 48 MHz fast oscillator that has an approximate 50% duty cycle. If a balanced duty cycle can be guaranteed, the fast oscillator frequency should raise. The slow and fast oscillators used in [3] and [1] have center frequency ratios on the order of 1 : 100. In our design, we experimentally get successful results from the full NIST test suite when the slower clock frequency is adjusted up to 520 KHz, which determines the throughput data rate. Then, 48 MHz fast oscillator is sampled on the rising edge of the slower clock using a D ip-op inside the FPGA. High jitter level achieved by noise-modulated oscillator feature a standard deviation much greater than the fast oscillator period. Thus this scheme outputs uncorrelated random bit streams. However, the binary sequence thus obtained may also be biased. In order to remove the unknown bias in this sequence, the well-known Von Neumanns de-skewing technique [11] is employed. This technique consists of converting the bit pair 01 into the output 0, 10 into the output 1 and of discarding bit pairs 00 and 11. Von Neumann processing was implemented in the FPGA. Because of generating approximately 1 bit from 4 bits this process decreases the frequency of the random signal to 130 kHz.

An Embedded Fingerprint Authentication System

369

The possible random numbers are evaluated by two mechanisms, which are implemented as hardware and software. The hardware evaluation mechanism is enabled by the software mechanism to start counting the bit streams described in the ve basic tests (Frequency (mono-bit), poker, runs, long-run and serial tests) covering the security requirements for cryptographic modules and species recommended statistical tests for random number generators. Each of the ve tests are performed by the FPGA on 100.000 consecutive bits of output from the hardware random number generator. When the test program is run, the software starts randomness tests using the FPGA. During the tests, the software reads and stores the values assumed to be random over the FPGA. When the tests (Von Neumann algorithm and ve statistical tests) are completed, the addresses of the test results are read over the FPGA and evaluated. If the results of all the test are positive, the stored value is transferred to the Candidate Random Number Pool in the memory while any failing candidate random numbers are not stored in the nal pool. If random numbers are required for cryptographic -or generally security- purposes, random number generation shall not be compromised with less than three independent failures no less than two of which must be physically independent. To provide this condition a test mechanism in which full NIST random number test suite[12] performing in software which is physically independent from the FPGA is added. Successful random numbers which are stored in the Candidate Random Number Pool subjected to full NIST test suite by software and transferred to the nal pool except for failing random numbers. When the amount of the random numbers in the pool falls below 125 Kbytes, the tests are restarted and the data is resampled until the amount of tested values reaches 1250 Kbytes. If the test results are positive, the amount of random numbers in the pool is completed to 1250 Kbytes using the tested values.

Wedge and Ring (W&R) Based Fingerprint Features

The traditional ngerprint recognition systems usually concentrate on the variation on structural properties of ngerprints, such as ridges, valleys and minutiae [15]. In such methods matching process is done by comparing the variable-sized minutiae lists. However, minutiae-based methods require sophisticated enhancement and pre-processing sta to detect structural properties resulting with a time-consuming scheme. Moreover, the variable size of minutia-based representation makes it unsuitable for hardware oriented applications. These problems canalize researchers to spectral methods. In this study a robust FFT-based algorithm allowing good recognition of low quality ngerprints with inexpensive hardware is implemented. In the proposed scheme, features are extracted from the enhanced images using a W&R classier [16]. In this method a reference point is located on the image of the ngerprint and a dart-board pattern of wedges and rings is overlaid on the image, with the center of the board at the reference point. The idea is simple: Since ngerprints are broadly composed of periodic structures, it should be natural to examine them in the frequency domain. In

370

M. Erat et al.

order to get good results, rst we have applied a novel enhancement technique based on Short Time Fourier Transform (STFT) analysis and contextual/nonstationary ltering in the Fourier domain [13]. This method is advantageous because all intrinsic images (ridge orientation, frequency and the region mask) are estimated simultaneously from STFT analysis. In order to extract features, the ngerprint image is rst transformed to the spatial frequency domain via the two dimensional Fourier transform (Eq. 1): f (x, y) = 1 MN
M1 N 1

F (u, v)exp{j2(
u=0 v=0

ux vy + )} M N

(1)

for x = 0, 1, 2, . . . , M 1 and y = 0, 1, 2, . . . , N 1. In the Fourier domain, the information within a ngerprint is mostly contained in the radial bands of frequencies whose angular extent follows from the predominant ridge orientation in the print. Distinguishing characteristics of a ngerprint appear as small deviations from the dominant spatial frequency of the ridges. This means that spatial frequency for each individual is located in the annular region, while low spatial frequency information at the center manifests to background intensities. Since each region in the ngerprint contributes to the whole Fourier domain, the magnitude spectrum is invariant to Fig. 2. Wedges and Rings the translation of the nger. As opposed to the original work in [16], instead of using the power spectrum obtained by squaring the magnitude of the transform, the 4th power of the magnitude is used to form more distinctive features. The ring features are formed by summing the 4th power spectral values in circular rings of varying radius r and constant thickness r. The features of the ith ring out of n rings is given in Eq. 2: i (r) =
u v

|F (u, v)|4

(2)

where r (u2 + v 2 )1/2 r + r and 0 r N/2 and the maximum image dimension is N . Similarly, wedge segments with varying orientation and segment width are computed as: j () =
u v

|F (u, v)|4

(3)

where arctan(v/u) + . Here j refers to the j th wedge of total m wedges. Since the power spectra of real functions are symmetrical, these computations only extend over a half-plane of each spectrum. The resulting feature vector then becomes f = [1 , 2 , . . . , n , 1 , 2 , . . . , m ].

An Embedded Fingerprint Authentication System

371

The Proposed Fingerprint Authentication Scheme

The secure authentication scheme is developed by using the W&R ngerprint features. In fact, this template can easily be adapted to any biometric feature (face, iris, retina, etc.). Moreover, instead of W&R method, more sophisticated features might be applied if the system resources are sucient to handle the such complex algorithms. Nevertheless, using W&R features in a limited closed set is a good starting point to show the integration of popular concepts such as biometrics, cryptography and random numbers. The whole system requires a personal identication number p id that might be stored on a token, smart card or a glossary card and a private key comprised of TRNs which are generated by our TRNG. Using only a password is not recommended because most of them are usually forgotten or easily guessed. The authentication system is comprised of Enrollment and Verication phases. The enrollment phase presented in Fig. 3(a), is the registration part where the user rst introduces himself to the system by mounting his smartcard. Note that, the smartcard includes both p id and private key keyp id of the individual. After capturing the ngerprint image I(x, y) of the person by a sensor, f is computed. Consequently, f is encrypted by keyp id which uses the randomly generated numbers. Finally the encrypted feature E{f } and the private key keyp id are stored on a database with the corresponding p id. Here, p id is the access PIN number of the individual which is also used as the index of him in the database.

(a)

(b)

Fig. 3. Enrollment (a) and Verication (b) Phases of the Proposed System

At the verication phase presented in Fig.3(b), a query ngerprint image I (x, y) is captured and f is computed. Concurrently, the corresponding encrypted feature E{f } is selected with the given p id. Here, p id is accepted as an index in the ngerprint template database. The encrypted feature is then decrypted, D{E{f }} = f to obtain the stored feature again. The decision mechanism nally compares f with f . Verication is based on the Euclidean Minimum Distance Classier (EMD) in which recognition is done by comparing the euclidean distance between f and f features. If the verication succeeds, keyp id on the smartcard is modied by the TRNG with a new private key to obtain full security.

372

M. Erat et al.

To measure the performance objectively, we run the matching algorithm on images acquired by UPEKs TouchStrip TCS3 sensor. This is a silicon strip sensor ideal for portable devices such as notebook PCs and ash drives. Users simply swipe their nger over the sensor for reliable authentication and protection of their digital and physical assets. The database consists of 440 images acquired from 88 distinct ngers with the size of 124 180 pixels. In order to obtain the performance characteristics genuine and impostor comparisons are evaluated. For genuine comparison, each instance of a nger is compared with the rest of the instances resulting in 5 (5 1)/2 = 10 tests per nger. On the other hand for impostor comparison test, the rst instance of each nger is compared against the rst instance of all other ngers resulting in a total of 88 (88 1)/2 = 3828 tests. Note that, accuracy of the system is dependant to the number of wedges and rings during the extraction of f . Since the proposed embedded system involves time-consuming encryption and preprocessing stages, experimentally the number of rings and wedges are selected to be 12 and 10, respectively. Moreover, arithmetic mean of more than 1 features obtained from the same nger might be computed at the training stage to get better results for each person. Recently, 8.12% equal error rate is obtained among the set of 440 enhanced ngerprints but a more accurate system can be implemented by training each person with more ngerprints. Average duration for the verication phase is less than 1 second in this set. For the encryption back-end Advance Encryption Standard (AES) is used but the system is modular enough to replace it with another encryption standard. AES has a block size of 128 bits yielding at least 128 bit keys. The fast performance and high security of AES makes it charming for our system. AES oers markedly higher security margins: a larger block size, potentially longer keys, and (as of 2005) freedom from cryptanalytic attacks.

Conclusions

This study presents a ngerprint authentication system where the encrypted ngerprint templates are safely stored on a database with an index number that might be loaded on any access device (smart or glossary card, token, etc.). The main contribution of this paper is that it reports a practical application of a secure embedded biometric authentication system which proposes the integration of new-generation hardware-implemented TRNGs and a fast ngerprint recognition algorithm. The security is enhanced rst by using a TRNG instead of a less secure PRNG; second, by dynamic changing of passwords at each successful login; and third, by using the ngerprint of an individual. The resulting system can easily be mounted on any PC or embedded PC via its PCI interface to produce a truly random key. It is obviously seen that, unless the attacker learns the private key of the individual, it is impossible to grasp the encrypted biometric template of the person whether he seize the whole database. The security is enhanced by the alternation of private keys at every successful authentication. In this study, W&R-based ngerprint features are used due to the advantage

An Embedded Fingerprint Authentication System

373

of their less computational complexity and better performing for low-quality prints. Perhaps, as a further study various ngerprint features, dierent types of biometrics or fusion of biometric modalities might be used. Additionally, the AES-based encryption background of the system might also be revised by a more powerful scheme such as an elliptic curve cryptosystem.

References
1. Bucci, M., Germani, L., Luzzi, R., Triletti, A., Varanonuovo, M.: A High Speed Oscillator-based Truly Random Number Source for Cryptographic Applications on a SmartCard IC. IEEE Trans. Comput. 52, 403409 (2003) 2. Petrie, C.S., Connelly, J.A.: A Noise-Based IC Random Number Generator for Applications in Cryptography. IEEE Trans. Circuits & Systems I 47(5), 615621 (2000) 3. Jun, B., Kocher, P.: The Intel Random Number Generator. Cryptography Research, Inc. white paper prepared for Inter Corp. (1999)http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf 4. Menezes, A., Oorschot, P.V., Vanstone, S.: Handbook of Applied Cryptology. CRC Press, Boca Raton, USA (1996) 5. Schneier, B.: Applied Cryptography, 2nd edn. John Wiley & Sons Ltd, West Sussex, England (1996) 6. Holman, W.T., Connelly, J.A., Downlatabadi, A.B.: An Integrated Analog-Digital Random Noise Source. IEEE Trans. Circuits & Systems I 44(6), 521528 (1997) 7. Bagini, V., Bucci, M.: A Design of Reliable True Random Number Generator for Cryptographic Applications. In: Proc. of CHES, pp. 204218 (1999) 8. Stojanovski, T., Kocarev, L.: Chaos-Based Random Number Generators-Part I: Analysis. IEEE Trans. Circuits & Systems I 48(3), 281288 (2001) 9. Delgado-Restituto, M., Medeiro, F., Rodriguez-Vazquez, A.: Nonlinear Switchedcurrent CMOS IC for Random Signal Generation. Electronics Letters 29(25), 2190 2191 (1993) 10. Yalcin, M.E., Suykens, J.A.K., Vandewalle, J.: True Random Bit Generation from a Double Scroll Attractor. IEEE Trans. on Circuits & Systems I: Fundamental Theory and Applications 51(7), 13951404 (2004) 11. Von Neumann, J.: Various Techniques Used in Connection With Random Digits. Applied Math Series - Notes by In: Forsythe, G.E.(ed.) National Bureau of Standards, vol. 12, pp. 3638 (1951) 12. National Institute of Standard and Technology.: A Statistical Test Suite for Random and Pseudo Random Number Generators for Cryptographic Applications. NIST 800-22 (2001) http://csrc.nist.gov/rng/SP800-22b.pdf 13. Chikkerur, S., Cartwright, A.N., Govindaraju, V.: Fingerprint Enhancement Using STFT Analysis. Jour. Pattern Recogn. 40(1), 198211 (2007) 14. Erat, M., Danisman, K., Ergun, S., Kanak, A.: A Hardware-Implemented Truly Random Key Generator for Secure Biometric Authentication Systems. MRCS, pp. 128135 (2006) 15. Maio, D., Maltoni, D., Jain, A.K., Prabhakar, S.: Handbook of Fingerprint Recognition. Springer, Heidelberg (2003) 16. Willis, A.J., Myers, L.: A Cost-eective ngerprint Recognition system for Use with Low-quality Prints and Damaged Fingertips. Jour. Pattern Recogn. 34, 255270 (2001)