CHAPTER 1

INTRODUCTION

This thesis describes a Biometric Encryption System for implementation in

hardware based on Field Programmable Gate Array (FPGA) technology. This chapter
gives the overview of biometric encryption and presents the problem statement,
objectives, scope of work and research contribution.

1.1 Overview

In our increasingly digital environment, electronic gadgets are becoming more

ubiquitous in society as can be seen with embedded devices such as smart phones,
Global Positioning System (GPS) and tablet personal computer (such as iPad). With
advancement and wide deployment of communication networks, millions of personal
computers (PC) and electronic devices all over the world are connected. Inevitably,
resources such as user private data would be available in an open environment as
long as they are connected to the network. Therefore, to protect confidential data as
well as to avoid misuse, it has now become critically important that these networked
embedded devices be incorporated with security features, particularly identity-based
information/data security.

Data security methods, such as access control and authentication basically

involve three mechanisms: (a) knowledge-based, something you know, e.g. passwords;
(b) token-based, something you have, e.g. bank card; (c) biometrics-based, something
you are, that is a measurable biometric traits such as iris, fingerprint, key stroke [4]
. The combination of these mechanisms forms a factor of authentication. The
Automated Teller Machine (ATM) for example, applies token and knowledge-based
mechanisms, that is, money withdrawal requires both ATM card and password.
The deployment of biometric-based security can be found in access control,
 2

immigration and customs. Clearly, modern security systems requires the application of
cryptography and biometrics for strong authentication, data integrity and information
confidentiality to be realized in embedded digital systems.

1.1.1 Cryptography

Cryptography is a process of transforming data (plaintext) into unreadable form

(cipher text) so that it is safe to keep the secret in database or to send over computer
network and recovers data (plain text) when it is needed. The data is encrypted
using cryptographic algorithm such as Advance Encryption Standard (AES) with
cryptographic keys which can be summarized in Figure 1.1. This crypto key is usually
very long (128 bits for AES and 2048 bits for Rivest, Shamir and Adleman(RSA) [5])
in which it is very difficult to remember. Due to large size of crypto key, it is not
feasible for user to remember and provide key whenever it is required. As a result,
a passcode is used to encrypt the cryptographic key which is stored on system, smart
cards or hardware tokens and it can be retrieved by providing the correct passcode.
However, most passwords are so simple that they can easily be guessed or broken by
simple dictionary attack [6]. In short, the storage of cryptographic key is the critical
issue in cryptographic security. Many drawbacks of this system can be ameliorated by
incorporation of better user authentication system, biometric authentication.

Plain text Encryption Cipher text Decryption Plain text

Figure 1.1: Encryption and Decryption Processes.

1.1.2 Biometric Authentication

Biometric authentication refers to verifying individuals based on their

physiological and behavioural characteristics such as face, fingerprint, hand
geometry, iris, keystroke, signature, voice, etc [7]. It is undoubtedly to say that
biometric authentication system offers greater security than traditional password-based
authentication system. Unlike cryptosystem, users need to be present at the time and
 3

point of authentication which makes it more difficult to break compare to password-

based authentication. Furthermore, one could get rid of memorizing passwords or long
cryptographic keys because biometric data itself is unique and there is no such ‘easy
to guess’ biometric. The biometric verification is based on comparison of features
extracted from query image and a template which has been stored during enrolment [8].
Therefore, the storage of biometric template is playing a key role in the security of
biometric authentication system. This is due to the fact that biometric data is unique
for each individual and non-revocable, once compromised would only mean rendered
useless. However, it is proven that biometrics could be stolen, recovered [9] [10]
and in some cases, it has been proven vulnerable to attack at almost every stage of
authentication process [11].

1.1.3 Biometric Encryption

Given the shortcoming of both biometrics and cryptographic system, a direct

mean of enhancing security is to realize the strength of respective systems. In other
words, combining biometric and cryptography has the potential to provide higher
assurance of security system. A security scheme that utilizes both biometrics and
crypto key is known as biometric encryption [12]. Biometric encryption combines both
cryptographic keys and biometric data monolithically into a secure template, called
fuzzy vault template which reveals neither biometric data nor cryptographic key. It
indirectly adds one more security layer to conventional cryptographic scheme. One of
the method of implementing biometric encryption is fuzzy vault scheme.

In order to access the resources, user biometric is collected during

authentication to retrieve cryptographic keys. This key is then used to unlock the
second layer of security system. Due to the noisiness of biometric data, fuzzy vault
scheme is proposed by Juel and Sudan [13] to cater the fuzziness of biometric data.
Fuzzy vault allows slight tolerance between query biometric data and the stored
template since biometric data would change according to orientation of capturing,
pressure, temperature and so on. In this scheme, no biometric data or cryptography
key is stored. Instead, user biometric is transformed irreversibly and kept into fuzzy
vault, neither key nor biometric data can be retrieved from fuzzy vault. Keys would be
recreated only if correct user is authenticated. In short, biometric encryption enhances
both security and privacy in positive-sum manner.
 4

Apart from the challenges found in cryptography, biometric authentication

and biometric encryption, another main problem is the technology and application
related to biometric encryption. The number of application would be limited if the
platform used is general purpose personal computer (PC). On the other hand, today’s
technology demands the computer application to be portable and as an embedded
system implemented as SoC. This can be seen in the deployment of biometric
authentication at door access or even fingerprint authentication system on car, like
Mercedes-Benz S-Class [14]. However, prototyping a system on resource-constrain
platform is challenging especially for a huge and sophisticated system like biometric
encryption.

1.1.4 FPGA-based Embedded System

According to Moore’s Law, the number of transistor can be put into single
die doubles every 18 months which implies that more complex design could be
implemented onto single chip. This is why there is an explosion development of putting
a system onto a chip in electronics design such as mobile phone and GPS devices. An
embedded system is defined as special-purpose computer system that performs certain
task repeatedly, often responding to real-time computing constraint [1]. In recent years,
there is huge improvement in speed, power consumption and complexity of integrated
circuits that employ FPGA technology. The advancement of the FPGA technology
has made possible the development of devices based on embedded digital system and
System-on-Chip(SoC) designs.

Telecommunications

Consumer Electronics
Memory

Medical Equipments General

Purpose HW Cores/IP/
Embedded Accelerator/Co-
Processor processor
Household Appliance

Firmware I/O Peripheral

Transportation Systems

Other Applications System Bus

Figure 1.2: Architecture of Embedded Digital System and its Applications (adapted
from [1])
 5

An SoC is an advanced integrated circuit that includes at least a processor,

memory, bus and other co-processor cores. Figure 1.2 shows the architecture
of embedded digital system and its applications. The general purpose embedded
processor (GPEP) executes the application software which, we will refer to as
embedded software. Hardware driver or firmware is a piece of code that is executed
on GPEP to communicate with Hardware (HW) cores. There are also dedicated HW
accelerators to offload time consuming operations and Input/Output (I/O) peripherals
which communicate with outside world. The application of SoC can range from non-
volatile memory to mix signal circuit to logic circuits that can be found in medical
equipments. The primary attraction of SoC devices are lower cost, smaller in size
and lower power consumption. This can be verified in hand held products that SoC
technology has replaced bulky mobile phones with small and compact devices. Due to
higher functionality and lower power consumption, SoC design and devices are gaining
popularity in recent years.

1.2 Problem Statement

Lately, much research have been carried out on the study and integration of
biometric and cryptography, leading to combined system called biometric encryption.
Biometric authentication measures unique human’s traits such as finger print, voice,
iris and so on. Due to nature that biometric data are noisy and inconsistent, biometric
systems allow minor errors while maintaining high authentication accuracy. On
the contrary, cryptographic schemes encrypt and decrypt secret information using
cryptographic keys. Cryptography does not tolerate even a single bit of error.
Therefore, integrating these two different fields of technology is a challenging task.

Most of the biometric encryption systems proposed in the past are implemented
on PC, in other words, software. In such implementation, biometric templates are
either stored in PC or in a central server so that it can be accessed from remote
locations. However, there is a major drawback to software-based implementation;
biometric templates are easily accessed by attackers, and this causes biometric
information leakage issue [15]. Thus, software implementation of biometric
encryption is insufficient in terms of security. In addition, biometric encryption system
applies image processing and encryption algorithms, which means that the design
blocks are highly compute-intensive. Hence to be viable, software-based design need
to be implemented on powerful computers. This prevents biometric encryption to be
deployed in portable devices embedded systems. Implementing the design on low-cost,
 6

low-power embedded platform can lead to effective solutions to problems mentioned

above. In addition, embedded digital hardware can provide secure communication,
secure information storage, temper resistance which protects the system from both
physical and software attacks.

Implementing any design on embedded system is a challenging task due to

the fact that it has limited resources such as slow system clock and smaller storage.
The embedded processor can easily be overwhelmed by the computational demands
of algorithm [16] if biometric encryption system is implemented fully in software.
Implementing all the computation blocks in hardware would be extremely time
consuming. It does not guarantee improvement in performance an all-hardware design
approach especially in a resource-constrained environment such as an embedded
digital system. A suitable approach to this problem is to implement the biometric
encryption system in a Hardware/Software (HW/SW) architecture that leads to FPGA-
based SoC implementation. In this technique, a thorough analysis must first be
carried out to determine the time-consuming modules and speed up their execution
by implementing them in hardware. By offloading compute-intensive algorithms to
dedicated hardware cores, the performance of system can therefore be enhanced.

1.3 Research Objectives

Considering the issues discussed in preceding sections, the objectives of the

research are:

1. To design and implement the Gauss-Jordan Algorithm accelerator, so as to

accelerate its compute-intensive operation in hardware. This algorithm is the
core of polynomial reconstruction block in biometric encryption system.
2. To design a Biometric Encryption (BE) system based on fuzzy vault scheme that
utilizes the hardware core proposed in objective number 1, and implement it in
an FPGA-based embedded digital system.
3. To propose a real world SoC application prototype that integrates a finger-vein
biometric subsystem, an AES cryptographic core and BE system proposed in
objective number 2.
 7

1.4 Scope of Work

The scope of this research are outlined as follows:

i) The biometric used in this project is finger-vein minutiae which is captured

using modified Infra-red-Red (IR) webcam.
ii) PC serves as Graphical User Interface (GUI) that sends and receives data
to/from embedded SoC via Universal Serial Bus (USB) communication cable.
iii) The focus of this thesis is mainly on the design of BE system. Biometric
minutiae extraction subsystem is adopted from an in-house design by Eng [3]
while AES encryption core is adopted from the work due to Vishnu [17].
iv) The fuzzy vault scheme proposed in [13] is applied in the design of the
proposed BE system.
v) In this architecture, biometric feature extraction and BE are run on embedded
processor as software. Biometric extraction subsystem, AES encryption, and
a sub-module of BE, Gauss-Jordan Algorithm (GJA) are implemented in
hardware.
vi) The SoC is implemented on Altera Stratix II EP2S180 FPGA development
board running on Nios2-Linux embedded Operating System(OS) with a 100
Mega Hertz (MHz) clock frequency.

Figure 1.3 describes the proposed architecture of biometric encryption system

on FPGA-based embedded system.
 8

Biometric Encryption System (FPGA-based SoC)

Image Acquisition

AES HW Core
Nios2 CPU (Embedded Software)

HW Accelerator
Nios2-Linux
(Embedded OS)
Image Preprocessing

System Bus
Biometric Feature
Extraction
Memory

USB Biometric Encryption USB Interface

Personal Computer

I/O Peripherals

Figure 1.3: Architecture of FPGA-based SoC Biometric Encryption System

1.5 Research Contribution and Project Delivery

1. A hardware accelerator of GJA is designed.

2. An FPGA-based hardware embedded system of BE is delivered.
3. A SoC application prototype of financial security deployed in Automated Teller
Machine (ATM) is developed that utilizes the biometric minutiae extraction
system, the proposed BE system and AES encryption core.

1.6 Thesis Organization

Chapter 1 introduces the concept of biometric authentication system,

conventional cryptographic scheme. It is followed by the shortcoming of both
cryptography and biometric authentication systems which leads to problem
statement. Research objectives and scope of work are defined. Finally,
this chapter is summarized with research contribution and thesis organization.
 9

Chapter 2 literature review of biometric encryption and hardware implemen-

tation of GJA. This includes literature review of different schemes of biometric
encryption such as key release, key generation and key binding. Different chaff
generation techniques are also discussed. This chapter also includes related work on
biometric minutiae extraction.

Chapter 3 describes the theory, background, methodology and research

procedure used throughout the research. Fuzzy vault scheme, GJA and biometric
minutiae extraction subsystem is explained in detail. Meanwhile, several methods for
verification and tools used also prepared in this chapter. Tools and techniques are also
discussed in this chapter.

Chapter 4 demonstrates software implementation of BE and corresponding

flowcharts are included. Then mapping of GJA into hardware are explained by using
Algorithmic State Machine (ASM) flowchart and Functional Block Diagram (FBD).
Designing interface unit and hardware driver is covered. Last but not least, the HW-
based GJA co-processor is implemented into BE SoC.

Chapter 5 in the result and discussion. It first verify the functionality of

biometric encryption system, then Gauss-Jordan elimination core with simulation
results. The accuracy and timing performance analysis are also provided. Besides,
an biometric ATM application that utilizes the BE is also developed.

Chapter 6 Summarizes this research and suggestions are made so as to enhance

the system.