#### Abstract

When biometric authentication is performed on On-Body Wearable Wireless Networks, a cancelable template is useful to protect biometric information. A cancelable template generation method converts the original biometric information into irreversibly transformed information to protect the original biometric information. If a cancelable template is damaged or leaked, it can be replaced with another cancelable template. In 2017, Dwivedi et al. proposed a novel cancelable iris template generation scheme based on the randomized look-up table mapping. So far their scheme is the most accurate scheme with respect to EER compared to the previous cancelable iris template generation schemes. However, their scheme is not alignment-free and so is not efficient enough for wearable sensors. In the paper, we first suggest how to improve the accuracy of the Dwivedi et al.’s scheme using the* partial sort* technique. Our experiment result shows that our suggested scheme is more accurate than the Dwivedi et al.’s scheme under almost all parameter settings. More concretely, our scheme achieves EER 0.09%, whereas the Dwivedi et al.’s scheme achieves EER 0.43% in the best parameter settings for the CASIA-V3-Interval iris database. We also suggest how to improve the efficiency of the Dwivedi et al.’s scheme. Our second scheme is* alignment-free* by processing IrisCode column-wise, whereas the Dwivedi et al.’s scheme handles IrisCode row-wise. Our experiment shows that our second scheme is 15 times faster than the Dwivedi et al.’s scheme, so our scheme is efficient enough for wearable sensors. Though our second scheme has very high EER under some parameter settings, our second scheme achieves EER 0.53% in the best parameter settings for the CASIA-V3-Interval iris database.

#### 1. Introduction

Due to the development of On-Body Wearable Wireless Networks, there are many biometric authentications carried out with small sensors. At this time, secure and efficient authentication is required. Because biometric information is permanent and unchangeable, we can use the biometric information to construct an authentication system. However, if the biometric information is leaked, it is impossible to replace the leaked biometric information. Therefore, we need methods to safely store the biometric information [1, 2].

Generally, encryption is used to securely store data. However, if the encryption key is revealed, the stored data is also revealed. To protect the biometric information, we need the transformation methods such that even the transformation key and the transformed information are revealed, it should be impossible to recover the original biometric information. Therefore, it should be possible to compare two transformed information to determine whether or not the two transformed information belong to the same person without recovering the original biometric information. It is also required that if two transformed biometric pieces of information are generated using two different keys for the same person, the two transformed biometric information do not match.

To satisfy these requirements, cancelable template generation methods are suggested. The cancelable template should satisfy the four requirements called* irreversibility, revocability, diversity,* and* efficiency* [3].

Irreversibility means that it is impossible to reconstruct the original template from the cancelable template [4]. Revocability means that we can revoke a revealed template by changing the transformation key. That is, if two cancellable templates are generated using two different keys for the same person, the two templates do not match [5]. Diversity ensures that two cancelable templates are unlinkable, if the two templates are generated using two different keys for the same person [3, 4]. Finally, the efficiency of a cancelable template generation scheme should be similar to the efficiency of a template generation scheme without transformation [4].

So far a lot of cancelable template generation schemes are suggested. Especially, a novel cancelable iris template generation scheme was suggested by Dwivedi et al. in 2017 based on the randomized look-up table mapping [6]. Their scheme is the most accurate scheme with respect to EER (Equal Error Rate) compared with the previous cancelable iris template generation schemes.

In the paper, we suggest two cancelable template generation schemes. Our first scheme is to improve the accuracy of the Dwivedi et al.'s scheme using the* partial sort* technique. Our second scheme is* alignment-free* and so improves the efficiency of the Dwivedi et al.'s scheme.

Our first scheme uses the partial sort instead of the whole sort used in [6]. Our experiment result shows that our first scheme is more accurate than the Dwivedi et al.'s scheme under almost all parameter settings. More concretely, our first scheme achieves EER 0.01 %, whereas the Dwivedi et al.'s scheme achieves EER 0.43% in the best parameter settings for the CASIA-V3-Interval iris database.

Usually, a matching algorithm for IrisCode requires rotation, since a rotated IrisCode is generated if a face is tilted when an iris image is captured to make IrisCode [7]. For example, to compare two IrisCodes, we have to do 1-bit left and right rotation 8 times with one of the two IrisCodes. Then, we execute the matching algorithm with the fixed IrisCode and the 17 rotated IrisCodes.

Our second scheme is alignment-free by processing IrisCode column-wise, whereas the Dwivedi et al.'s scheme handles IrisCode row-wise. Our experiment shows that our second scheme is 14 times faster than the Dwivedi et al.'s scheme. Though our second scheme has very high EER under some parameter settings, our second scheme achieves EER 0.12% in the best parameter settings for the CASIA-V3-Interval iris database.

The rest of the paper is organized as follows. In the second section we briefly summarize the existing cancelable iris template generation schemes. In the third section we describe our first cancelable template generation scheme, and in the fourth section we suggest our second cancelable template generation scheme. In the fifth section we show our experimental results, and in the sixth section we discuss security analysis. Finally, in the seventh section we conclude the paper.

#### 2. Related Works

In salting, independent auxiliary data such as a user specific password or a random token are combined with biometric information to make a distorted version of the biometric information.

Salt methods include S-IrisCode, GRAY-SALT/BIN-SALT, sectored random projection, and biohashing.

S-IrisCode encoding was proposed in 2006 by Chong et al., which uses a sign function and a secret random number [7]. In 2008 Zuo et al. suggested GRAY-SALT and BIN-SALT methods in which IrisCode is XORed with a real-valued (GRAY) pattern and a binary (BIN) pattern, respectively [8]. In 2010 Pillai et al. suggested a sectored random projection which uses a sectored random projection [9]. In 2016 Meetei et al. suggested biohashing which extracts a feature by principal component analysis, independent component analysis, or wavelet transform methods [10] and combines the feature with the tokenized random number.

However, the salting methods do not guarantee the irreversibility. To provide the irreversibility, Zuo et al. suggested GRAY-COMBO and BIN-COMBO in 2008, which shift a real-valued (GRAY) template and a binary (BIN) template by random offset and then randomly selected rows are added or multiplied, respectively [8]. In 2009 Hammerle-Uhl et al. suggested block remapping which divides the whole iris area and then mixes the divided areas [11]. In 2013 Rathgeb et al. suggested a method using bloom filters [12], and another method using two bloom filters was suggested in [13]. In 2017 Lai et al. suggested Indexing-First-One hashing, which generates a cancelable template using min-hashing, permutation, Hadamard product, and modulo thresholding of [14], and another alignment-free scheme using bloom filter and Indexing-First-One hashing [15]. Finally, in 2017 Dwivedi et al. suggested a novel method using look-up table mapping [6].

#### 3. Cancelable Template Generation Using* Partial Sort*

We first suggest how to improve the accuracy of the Dwivedi et al.'s cancelable template generation scheme in [6] using the* partial sort* technique.

The Dwivedi et al.'s cancelable template generation scheme consists of a number of steps from* preprocessing* to* template generation*. We only add an extra step called* partial sort* to the Dwivedi et al.'s scheme and modify the final step,* template generation* (see Figure 1).

We briefly review the necessary steps (see Figure 1) in the following subsections.

##### 3.1. Preprocessing

The preprocessing step consists of image extraction, segmentation, and normalization.

Segmentation extracts the iris region of an eye image, which excludes pupils, eyelids, eyelashes, and other noises. The size of an iris region depends on the size of a pupil and the size of an eye image. The size of a pupil depends on illumination variations and the different imaging conditions, and the size of an eye image depends on the distance between an eye and a camera. Normalization adjusts the different size of each iris region to the same size and converts the donut-shaped iris region into a rectangular shape.

The Dwivedi et al.'s scheme uses the circular Hough transformation of [16] as the segmentation method and the rubber sheet model of [16, 17] as the normalization method.

##### 3.2. Feature Extraction

The feature extraction step makes IrisCode from the image created in the preprocessing step using the 1-D Log-Gabor filter [16].

##### 3.3. Rotation-Invariant Code Generation

If a face is tilted when an iris image is captured, a rotated IrisCode is generated. Therefore, to match two IrisCodes, one of the two IrisCodes would be rotated [17].

The Dwivedi et al.'s scheme suggested doing 1-bit left and right rotation 8 times with one of the two IrisCodes. Then, we execute the matching algorithm with the fixed IrisCode and the 17 (rotated) IrisCodes to find the highest matching score.

If there exist IrisCodes for one person, we can randomly fix one IrisCodes and then rotate the other IrisCodes to find the highest matching scores.

##### 3.4. Row Vector Formation

IrisCode is in the form of a 2-D matrix. The row vector formation step converts the 2-D matrix to a 1-D matrix. The row vector, , is generated aswhere is the number of columns in IrisCode.

For example, if IrisCode is , the row vector for the IrisCode is (see Figure 2).

##### 3.5. Partial Sort

The Dwivedi et al.’s scheme uses full sorting to increase the accuracy of matching. However, full sorting increases not only GAR (Genuine Accept Rate) but also FAR (False Accept Rate) as shown in Figure (see Figure 11). To keep GAR high but FAR low, we use a novel idea called “partial sort”. The effect of partial sort can be explained (see Figure 3), in which the Hamming distance of two simple IrisCodes before sorting is 6/8 (= the number of different blocks/the number of total blocks). After full sorting, the Hamming distance is 1/4 since the number of different blocks is decreased. Therefore, the acceptance rates, GAR and FAR, would be increased. On the other hand, after partial sorting with two sort-blocks, the Hamming distance is 5/8 since the number of different blocks is slightly decreased compared with full sorting. We have shown the effects of various sorting sizes on GAR and FAR of full sort and partial sort using ROC curves (see Figure 11).

The partial sort step first divides the row vector into blocks of size called “sort-blocks”. And each sort-block is divided into blocks of size called “unit-blocks”. For each sort-block, we sort out unit-blocks for the sort-block (see Figure 4).

The partial sort algorithm is shown in Algorithm 1.

INPUT: (R, m, s), where R is a row vector, m is the size of a unit-block, and s is the size of a sort-block. | |

OUTPUT: (), where is a partially sorted row vector. | |

/ for each sort-block, sort out the unit-blocks / | |

/ initialize the arrays of m-bit integer variables / | |

/ for each unit-block, make an integer for the unit-block / | |

/ replace the unsorted sort-block with the sorted sort-block / | |

##### 3.6. Consistent Bit Extraction

To increase the accuracy of IrisCode matching, we use consistent bits. That is, we want to use only the bits whose position would have relatively small variations in IrisCode matching. For each bit position , is calculated with IrisCodes. If for threshold , . Otherwise, (see Figure 5).

Usually, the threshold can be selected depending on the value of . For example, if , can be , and .

##### 3.7. Decimal Encoding

For each unit-block in the consistent bits, the decimal encoding method calculates a decimal number (see Figure 6). If the size of unit-block is , the decimal value is in . For example, if , one unit-block can have a value in .

##### 3.8. Look-Up Table Mapping

A look-up table,* LUT*, has rows and columns, where is the size of a unit-block. For an entry* LUT**,* a bit is randomly selected and assigned to* LUT* (see Figure 7). Our scheme does not do full sorting in this step whereas the Dwivedi et al.’s scheme does full sorting. Note that we have done partial sorting in the step of partial sort and thus do not need to do full sorting additionally.

##### 3.9. Cancelable Template Generation

To generate a cancellable template, we use bits, where is the size of a unit-block. For each unit-block of size -bits, we generate -bits using* LUT* (see Figure 7).

The size of the final cancelable template is times shorter than the size of IrisCode.

When a new IrisCode is queried, the IrisCode is first converted to a cancelable IrisCode and then compared to the stored cancellable template using the Hamming distance.

#### 4. *Alignment-Free* Cancelable Template Generation

In the section, we suggest our second scheme to improve the efficiency of the Dwivedi et al.'s cancelable template generation scheme (see Figure 8). Our second scheme is* alignment-free* by processing IrisCode column-wise, whereas the Dwivedi et al.'s scheme handles IrisCode row-wise.

Our second scheme consists of the similar steps as in our first scheme. We modify the row vector formation step and the partial sort step which are done column-wise instead of row-wise. By processing IrisCode column-wise, our second scheme does not need the rotation-invariant code generation step to be alignment-free. Therefore, our second scheme is more efficient than the previous schemes.

We first show how the partial sort step is changed in our second scheme.

##### 4.1. Column-Wise Partial Sort

The column-wise partial sort step divides IrisCode column-wise according to the unit-block size and the sort-block size (see Figure 9). The column-wise partial sort algorithm is described in Algorithm 2.

INPUT: (X, m, s), where X is a IrisCode, m is the size of a unit-block, and s is the size of a sort-block. | |

OUTPUT: (), where is a partially sorted IrisCode. | |

/ for each sort-block, sort out the unit-blocks / | |

/ initialize the arrays of m-bit integer variables / | |

/ for each unit-block, make an integer for the unit-block / | |

/ replace the unsorted sort-block with the sorted sort-block / | |

##### 4.2. Row Vector Formation Using Columns

The row vector formation step of our second scheme makes a 1D row vector by concatenating column vectors of a 2D matrix. That is, the row vector, , is generated aswhere is the number of rows in IrisCode.

For example, if IrisCode is , the row vector for the IrisCode is (see Figure 10).

**(a) Our first scheme**

**(b) Our second scheme**

#### 5. Experimental Comparisons

In this section, we present the experimental results with respect to the various parameters and compare the results with the Dwivedi et al.'s scheme. We also analyze the securities of our proposed schemes.

For the experiment, we have used the globally well-known iris database, CASIA IrisV3-Interval, which has 2,491 images from 338 objects which consist of 173 left eye irises and 165 right eye irises. Each iris object has at least 5 iris images and at most 12 iris images. In the experiment, we use 4 iris images for consistent bit extraction and one iris image for verification.

An imposter score measures a matching score between images of different objects and a genuine score measures a matching score between images of the same object. We have calculated 382,158 imposter scores and 1,134 genuine scores. To measure the accuracy of a scheme, FAR, FRR (False Reject Rate), and EER (Equal Error Rate) are calculated using genuine scores and imposter scores.

We use the Qingbao's Iris algorithm in [18] to perform the preprocessing step and feature extraction step in the experiment. The Qingbao's Iris algorithm generates IrisCode of matrix.

For the experiment, we have used a MATLAB R2017a running on a 3.70GHz 64bit Windows 10 with 16GB memory.

We compare our schemes with the Dwivedi et al.'s scheme with respect to four parameters: the number of IrisCodes used for consistent bit extraction, the unit-block size the number of check bits , and the sort-block size .

##### 5.1. The Number of IrisCodes Used for Consistent Bit Extraction

We have experimented with , and the threshold can be selected as similar as a multiple of . We have compared the results of our first scheme with the Dwivedi et al.'s scheme (see Table 1).

As shown in Table 1, we can see that our proposed first scheme is more accurate than the Dwivedi et al.'s scheme.

##### 5.2. The Unit-Block Size and the Number of Check Bits

We have experimented with various values such that divides 480 for the first scheme and 20 for the second scheme.

We have compared the results of our first and second schemes with the Dwivedi et al.'s scheme (see Table 2).

As shown in Table 2, we can see that our first scheme is more accurate than the Dwivedi et al.'s scheme except only one case with and .

##### 5.3. The Sort-Block Size

We have experimented with various values such that divides 480. We have compared the results of our first and second schemes with respect to EER (see Table 3). The best EER for our schemes is when s=240. We have also shown the effects of various sorting sizes on GAR and FAR of full sort and partial sort using ROC curves (see Figure 11).

##### 5.4. Execution Time for Matching

We have compared the matching time of our schemes with the Dwivedi et al.'s scheme and alignment-free IFO in [15] (see Table 4). Tables show that our second scheme is about 15 times faster than our first scheme and the Dwivedi et al.'s scheme. And our second scheme is about 22 times faster than alignment-free IFO [15].

#### 6. Security Analysis

To prove the security of a cancelable iris template generation scheme, we have to show that the scheme provides diversity, revocability, and irreversibility.

##### 6.1. Diversity

The diversity is measured by how many different cancelable templates can be made for an iris image [6]. Our schemes can generate different templates according to the parameter values , and* LUT* for an iris image. Suppose that there are 9 different values and 5 different values. The number of different* LUTs* is , and only columns are selected among columns for a given* LUT*. Therefore, the number of different templates is greater than and less than . In our experiment for the best EER we have selected , . Thus, the number of different cancelable templates for an image is greater than .

##### 6.2. Revocability

The revocability can be proved through the genuine, imposter, and pseudo-imposter scores distribution [14]. The genuine and imposter scores are defined as the same in section Experimental Comparisons. A pseudo-imposter score is the matching score between two images of the same object using a different key for each image. To satisfy revocability, the genuine scores and the pseudo-imposter scores should be separable.

Note that in the previous experiments, the best EER results are from the parameters , and (see Figure 12). With the same parameters, we calculate the pseudo-imposter scores. We use 124 persons and 4 images for each person. We generate 80 different* LUTs* for each image to generate 80 cancelable templates for each image. Then, we select one cancelable template among 80 cancelable templates and calculate 79 pseudo-imposter scores between the selected cancelable template and other 79 cancelable templates. Therefore, we make 479 pseudo-imposter scores per person, and pseudo-imposter scores for all 124 persons. We show the distribution of the pseudo-imposter scores as well as the distributions of genuine and imposter scores (see Figure 12).

**(a) Our first scheme**

**(b) Our second scheme**

The mean of genuine scores is 0.0849(0.1915) and the variance of genuine scores is 0.0008 (0.0024) for our first scheme and second scheme, respectively. The mean of the imposter scores is 0.4999(0.5003) and the variance of the imposter scores is 0.0061(0.0032) for our first scheme and second scheme, respectively. The mean of the pseudo-imposter scores is 0.5018(0.5044) and the variance of the pseudo-imposter scores is 0.0104(0.0083) for our first scheme and second scheme, respectively. We note that the separability between the genuine scores and the pseudo-imposter scores is almost the same as between genuine scores and the imposter scores.

##### 6.3. Irreversibility

To prove that a cancelable template provides irreversibility, we show that any adversary cannot recover the original IrisCode from a cancelable template. This can be shown that there exist a lot of candidate IrisCodes for a given cancellable template and any other collected information. We classify attackers according to the collected information as follows: attackers with cancelable templates and* LUTs*, attackers only with the cancelable templates, and attackers with no information.(1) If an attacker knows a cancelable template,* LUT*, and the sort size, the attacker has to recover (A) partial-sorted templates from the cancelable template using* LUT* and (B) the unsorted original IrisCodes from the partial-sorted templates.(A) If duplicate values appear in* LUT*, let be the number of duplicate values in* LUT*. Let be the number of combinations to select bits from bits, be the duplicate value, and be the number of arrays with duplicate values in the cancelable template. Then, the number of partial-sorted templates recovered from the cancelable template is . For example, if and* LUT* is the same as in Figure 7, then Then, is the number of appearance of ‘0000’, is the number of appearance of ‘0101’, is the number of appearance of ‘0110’, and is the number of appearance of ‘1010’ in the cancelable template. If we assume that* LUT* has uniformly selected values, . If and and* LUT* is the same as in Figure 7, then Then, is the number of appearance of ‘00’, is the number of appearance of ‘01’, is the number of appearance of ‘10’, and is the number of appearance of ‘11’ in the cancelable template. If we assume that* LUT* has uniformly selected values, .(B) We assume that the size of IrisCode is . In our first scheme let be a set of all values of unit-blocks in the sort-block. In our second scheme, we use 0 or 1 instead of unit-blocks, and thus in the sort-block. In both schemes, is the number of appearance of in the sort-block and is the number of sort-blocks in the partial-sorted template. Then, the number of unsorted original IrisCodes from the partial-sorted template for our first scheme is , and for our second scheme. For example, if , , and all the sort-block values are uniformly distributed, the number of unsorted original IrisCodes for our first scheme is , and for our second scheme. As a result, if , the number of recovered IrisCodes from a cancelable template for our first scheme is , and for our second scheme. If , the number of recovered IrisCodes from a cancelable template for our first scheme is , and for our second scheme. Table 5 shows the robustness of our schemes against the attackers with cancelable templates and* LUTs*.(2) If an attacker knows only the cancelable template, the attacker first has to reconstruct* LUT*. The number of possible* LUTs* is . With one of possible* LUTs*, the attacker has to reconstruct the original IrisCode. Therefore, if , the number of recovered IrisCodes from a cancelable template for our first scheme is , and for our second scheme. If , the number of recovered IrisCodes from a cancelable template for our first scheme is , and for our second scheme.(3) If there is no useful information, an attacker has to guess the original IrisCode for a user, which is one of 2^{9600} possible candidates.

#### 7. Conclusion

In this paper, we proposed two cancelable template generation schemes. Our first scheme is to improve the accuracy of the Dwivedi et al.'s scheme using the partial sort technique, and our second scheme is alignment-free and so improves the efficiency of the Dwivedi et al.'s scheme.

Our experiment result shows that our first scheme is more accurate than the Dwivedi et al.'s scheme under almost all parameter settings and shows that our second scheme is 15 times faster than the Dwivedi et al.'s scheme.

Our proposed schemes satisfy four requirements of the cancellable template generation which are irreversibility, revocability, diversity, and efficiency.

As a future work, it would be interesting to construct a cancellable scheme achieving accuracy and efficiency at the same time.

#### Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

#### Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

#### Acknowledgments

This work was partly supported by the MIST (Ministry of Science and ICT), Korea, under the National Program for Excellence in SW supervised by the IITP (Institute for Information & communications Technology Promotion) (2015-0-00936) and the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1F1A1060637).