Image and Vision Computing 58 (2017) 254–265

Contents lists available at ScienceDirect

Image and Vision Computing

j ourna l homepage: www.e lsev ie r .com/ locate / imav is

Binary feature fusion for discriminative and securemulti-biometric cryptosystems�

Guangcan Mai, Meng-Hui Lim, Pong C. Yuen*Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Kowloon, Hong Kong

A R T I C L E I N F O

Article history:Received 13 November 2015Received in revised form 8 September 2016Accepted 16 November 2016Available online 24 November 2016

Keywords:BiometricBinary representationBinary featureMulti-biometricFeature fusionTemplate protectionCryptosystems

A B S T R A C T

Biometric cryptosystem has been proven to be a promising approach for template protection. Cryptosystemssuch as fuzzy extractor and fuzzy commitment require discriminative and informative binary biometricinput to offer accurate and secure recognition. In multi-modal biometric recognition, binary features can beproduced via fusing the real-valued unimodal features and binarizing the fused features. However, whenthe extracted features of certain modality are represented in binary and the extraction parameters are notknown, real-valued features of other modalities need to be binarized and the feature fusion needs to becarried out at the binary level. In this paper, we propose a binary feature fusion method that extracts aset of fused binary features with high discriminability (small intra-user and large inter-user variations) andentropy (weak dependency among bits and high bit uniformity) from multiple sets of binary unimodal fea-tures. Unlike existing fusion methods that mainly focus on discriminability, the proposed method focuses onboth feature discriminability and system security: The proposed method 1) extracts a set of weakly depen-dent feature groups from the multiple unimodal features; and 2) fuses each group to a bit using a mappingthat minimizes the intra-user variations and maximizes the inter-user variations and uniformity of the fusedbit. Experimental results on three multi-modal databases show that fused binary feature of the proposedmethod has both higher discriminability and higher entropy compared to the unimodal features and thefused features generated from the state-of-the-art binary fusion approaches.

© 2016 Published by Elsevier B.V.

1. Introduction

Multi-modal biometric systems, consolidating multiple traits(e.g., face, fingerprint, palmprint, voice, iris), address limitations ofunimodal biometric systems in matching accuracy, spoofing dif-ficulty, universality, and feasibility [1]. By leveraging informationfrom multiple biometric sources for recognition, multi-biometricsystems generally achieve better matching accuracy [2,3] and aremuch harder to spoof. In addition, multi-biometric systems are ableto recognize individuals using a subset of biometric traits via fea-ture selection. This enables the systems to cover a wider range ofpopulation when some of the users cannot be identified by a certaintrait.

� This paper has been recommended for acceptance by Patrick Flynn.* Corresponding author.

E-mail addresses: csgcmai@comp.hkbu.edu.hk (G. Mai),menghuilim@comp.hkbu.edu.hk (M. Lim), pcyuen@comp.hkbu.edu.hk (P. Yuen).

Biometric template security is a critical issue because biometricsis unique and irrevocable once it is compromised. This security isespecially crucial in multi-biometric systems because they store andprocess information about multiple biometric traits per user. Oncethe system storage is compromised, sensitive biometrics informationcould be revealed if biometric templates are not protected. An adver-sary can then create physical spoofs of the traits from the revealedtemplates to masquerade the target user in accessing the compro-mised system or other systems illegitimately [4–7,49]. Even worse,if the original biometric images corresponding to multiple traitsof a user can all be reverse-engineered from the revealed biomet-ric templates, it would cause permanent compromise of this user’sbiometrics.

To date, several template protection approaches have been pro-posed to ensure the security of the biometric templates. They canbe categorized into feature transformation (e.g., cancellable biomet-ric [8], RGHE [9], BioHash [10]), biometric cryptosystem (e.g., fuzzyextractor [11], fuzzy vault [12], fuzzy commitment [13]) and hybridapproach [14]. In the feature transformation approach, templatesare transformed through a one-way transformation function using

http://dx.doi.org/10.1016/j.imavis.2016.11.0110262-8856/© 2016 Published by Elsevier B.V.

http://dx.doi.org/10.1016/j.imavis.2016.11.011http://www.ScienceDirect.com/http://www.elsevier.com/locate/imavishttp://crossmark.crossref.org/dialog/?doi=10.1016/j.imavis.2016.11.011&domain=pdfmailto: csgcmai@comp.hkbu.edu.hkmailto: menghuilim@comp.hkbu.edu.hkmailto: pcyuen@comp.hkbu.edu.hkhttp://dx.doi.org/10.1016/j.imavis.2016.11.011

G. Mai et al. / Image and Vision Computing 58 (2017) 254–265 255

a user-specific random key. This approach provides cancellability,where a new transformation (based on a new key) can be used ifany template is compromised. A biometric cryptosystem stores asketch that is generated from the enrollment template, where anerror correcting code (ECC) is employed to handle the intra-uservariations. The security of the biometric cryptosystem is based on therandomness of the templates and the error correcting capability ofthe ECC. A hybrid approach combines the advantages of both featuretransformation and biometric cryptosystem to provide strongersecurity and template cancellability.

Biometric cryptosystem takes a query sample and an earlier-generated sketch of the target user and produces a binary decision(accept/reject) in the verification stage. In a multi-biometric cryp-tosystem, the information of multiple traits could be fused at featurelevel or score/decision level:

(a) [feature-level] features from different biometric traits arefused and then protected by a single biometric cryptosystem.

(b) [score/decision-level] features from each biometric trait areprotected by a biometric cryptosystem and then the individ-ual scores/decisions are fused.

The feature-level-fusion-based multi-biometric cryptosystemsare arguably more secure than the score/decision-level-fusion-based systems [15]. In feature-level-fusion-based systems, a sketchgenerated from the multi-modal template is stored, while inscore/decision-level-fusion-based systems, multiple sketches corre-sponding to the unimodal templates are stored. As the adversarialeffort for breaking a multi-modal sketch is often much greater thanthe aggregate effort for breaking the unimodal sketches, feature-level-fusion-based systems are more secure. This has also beenjustified in a recent work [15] using hill-climbing analysis.

Biometric cryptosystems such as fuzzy extractor and fuzzy com-mitment mainly accept binary input. To produce a binary input forbiometric cryptosystems, an integrated binary string needs to beextracted from the multi-modal features [50]. However, features ofdifferent modalities are usually represented differently, e.g., point-set for fingerprint [16], real-valued for face and binary for iris [17].To extract the integrated binary string, one can either

(a) convert features of different types into point-set or real-valued features, fuse the converted features, and binarizethem;

(b) convert point-set [18–20] and real-valued [14,21-24] featuresinto binary, then perform a binary feature fusion on thesefeatures.

When commercial black-box binary feature extractors such asIrisCode [17] and FingerCode [25] are employed for some biometrictraits, the extraction parameters such as quantization and encod-ing information are not known. Hence, these binary features cannotbe converted to other forms of representation appropriately. In thiscase, the second approach that is based on binary feature fusion isusually adopted.

In this paper, we focus on binary feature fusion for multi-biometriccryptosystems, where biometric features from multiple modalitiesare converted to a binary representation before being fused. Gener-ally, in a multi-biometric cryptosystem, there are three criteria forits binary input (fused binary feature):

• Discriminability: The fused binary features have to be dis-criminative in order not to defeat the original purpose ofrecognizing users. The fused feature bits should have smallintra-user variations and large inter-user variations.

• Security: The entropy of the fused binary features have to beadequately high in order to thwart guessing attacks, even ifthe stored auxiliary data is revealed. The fused feature bitsshould be highly uniform and weakly dependent among oneanother.

• Privacy: The stored auxiliary data for feature extraction andfusion should not leak substantial information on the rawbiometrics of the target user.

A straightforward method to fuse binary features is to combinethe multi-modal features using a bitwise operator (e.g., OR, XOR).Concatenating unimodal binary features is another popular optionfor binary fusion [26,27]. However, the fusion result of these methodsis often suboptimal in terms of discriminability, because the redun-dant or unstable features cannot be removed. Selecting discrimina-tive binary features is a better approach of obtaining discriminativebinary representation. However, similar to bitwise fusion and con-catenation, the inherent dependency among bits cannot be improvedfurther. As a result, the entropy of the bit string could be limited,leading to weak security consequence.

To produce a bit string that offers accurate and secure recognition,we propose a binary fusion approach that can simultaneously maxi-mize the discriminability and entropy of the fused binary output. Asthe properties for achieving both discriminability and security crite-ria can be divided into multiple-bit-based (i.e., dependency amongbits) and individual-bit-based (i.e., intra-user variations, inter-uservariations and bit uniformity). the proposed approach consists of twostages: (i) dependency-reductive bit-grouping and (ii) discrimina-tive within-group fusion. In the first stage, we address the multiple-bit-based property: We extract a set of weakly dependent bit-groupsfrom multiple sets of binary unimodal features, such that, if thebits in each group is fused into a single bit, these fused bits, uponconcatenation, will be weakly interdependent. Then, in the sec-ond stage, we address the individual-bit-based properties: We fusebits in each bit-group into a single bit with the objective of mini-mizing the intra-user variation, maximizing the inter-user variationand maximizing uniformity of the bits. As maximizing bit unifor-mity is equivalent to maximizing the inter-user variation of thecorresponding bit, which will be discussed further in Section 3.3,the fusion function is designed to only maximize discriminabil-ity (minimize intra-user variations and maximize inter-user varia-tions). The preliminary version of this work has been presented inRef. [28].

The structure of this paper is organized as follows. In the nextsection, we review several existing binary feature fusion techniques.In Section 3, we describe the proposed two-stage binary featurefusion. We present the experimental results to justify the effective-ness of our fusion approach in Section 4. Finally, we draw concludingremarks in Section 5.

2. Related work

To date, concatenation and bit selection are two typical binaryfusion approaches. Sutcu et al. [29] concatenate binary representa-tion of iris and face together to yield the fused binary string. Kanadeet al. obtain the fused binary feature by concatenating the iris codesof both left and right iris [26] and concatenating the binary featuresof both iris and face [27]. Although concatenation of multiple binaryfeatures is computationally efficient, this approach treats featuresfrom multiple modalities equally and it could limit the discriminabil-ity of the fused feature if the multi-modal features have differentdiscrimination power.

Alternatively, bit selection can be adopted to generate a morediscriminative fused binary feature by selecting bits with high dis-criminability from the multi-modal features. Kelkboom et al. [23]select a subset of reliable features based on the estimated z-score of

256 G. Mai et al. / Image and Vision Computing 58 (2017) 254–265

the features, which is the ratio between the distance of the estimatedmean with respect to the quantization threshold and the estimatedstandard deviation. Nagar et al. [30] present a discriminability-basedbit selection method to select a subset of bits from each biomet-ric trait individually based on the genuine and impostor bit-errorprobability and concatenate the selected bits together. Bits with highdiscriminability are very likely to be mutually dependent becausesome of the discriminative information may be represented usingmultiple bits. It is rather difficult for the bit-selection approachto select discriminative bits with high entropy for multi-biometriccryptosystems.

Another possible approach for generating the fused binaryfeatures from multiple unimodal binary features is to apply a trans-formation such as PCA, LDA [31] and CCA [32] on the binary features,followed by a binarization on the transformed feature. However,this approach suffers from an unavoidable trade-off between depen-dency among feature components and discriminability. For instance,LDA and CCA features are highly discriminative but strongly interde-pendent; while PCA features are uncorrelated but less discriminative.With this approach, the discriminability and security criteria cannotbe fulfilled simultaneously.

3. The proposed binary feature fusion

3.1. Overview of the proposed method

The proposed two-stage binary feature fusion approach gener-ates an S-bit binary representation z = {z1, · · · , zs, · · · , zS} from aninput binary string b = {b1, · · · , bm, · · · , bM}, where typically S �M. The input binary string b consists of the concatenated multi-modal binary features of a sample. The proposed approach can bedivided into two stages: (i) dependency reductive bit-grouping and(ii) discriminative within-group fusion, where the block diagram is

shown in Fig. 1. The details of the two stages in testing phase aredescribed as follows:

(1) Dependency reductive bit-grouping: Input bits of b aregrouped into a set of weakly-dependent disjoint bit-groupsC = {f1, · · · , f s, · · · , fS} such that ∀s1, s2 ∈ [1, S], fs1 ∩ fs2 = ∅,⋃S

s=1 fs ⊆ {b1, · · · , bm, · · · , bM}.(2) Discriminative within-group fusion: Bits in each group f s

are fused to a single bit zs using a group-specific mappingfunction fs that maximizes the discriminability of zs.

The output bit zs of all groups is concatenated to produce the finalbit string z. To realize these two stages, optimum grouping infor-mation in stage one and optimum within-group fusion functions instage two need to be sought. In stage one, the grouping informa-tion Ĉ = {f̂1, · · · , f̂s, · · · , f̂S} represents the S groups of bit indices,specifying which of the bits in b should be grouped together. Notethat we use ′x̂′ to denote the index of the variable x throughoutthis paper unless stated otherwise. In stage two, the mapping func-tion fs specifies to which output bit value the bits in group f s aremapped.

3.2. Dependency reductive bit-group search

To reduce the dependency among bits in the output binary string,a set of weakly-dependent bit-groups C need to be extracted fromthe input b. One promising way to extract these weakly-dependentbit-groups is to adopt a proper clustering technique based on adependency measure.

Existing clustering techniques can be categorized into partitionalclustering (e.g., k-means) and hierarchical clustering [33]. Thepartitional clustering directly creates partitions of data and repre-sents each partition using a representative (e.g., clustering center).

TestingTraining

Grouping

01

grouping information

dependency: strong weak

01

Grouping

within-groupfusion

within-groupfusion

...

...

...

...

...

1

2

3

...

1

2

3

f1

fSwithin-group

fusion function

1 S

fused feature z = z1, , zS

dependency reductive bit-grouping

discriminative within-group fusion

Fig. 1. The proposed binary feature level fusion algorithm.

G. Mai et al. / Image and Vision Computing 58 (2017) 254–265 257

However, the bit positions among which dependence needs tobe measured cannot be effectively represented in a metric spacebecause dependence does not satisfy the triangle inequality require-ment of a metric space. As a result, partitional clustering is lessfeasible in our context. The hierarchical clustering, on the other hand,serves as a better option as it can operate efficiently based on a setof pairwise dependencies. In this proposed method, we adopt theagglomerative hierarchical clustering (AHC). The basic idea of AHCis as follows: we first create multiple singleton clusters where eachcluster contains a single bit , and then we start to merge a clus-ter pair with the highest pairwise dependency iteratively, until thetermination criterion is met.

To measure dependencies between two bits or two groups of bits,mutual information (MI) can be adopted [34,35]. The MI of clustersfs1 and fs2 can be expressed as

I(fs1 , fs2

)= H

(fs1

)+ H

(fs2

) − H (fs1 , fs2 ) (1)

where H(fs1 ) and H(fs2 ) denote the joint entropy of bits in anindividual cluster fs1 or fs2 , respectively, and H(fs1 , fs2 ) denotesthe joint entropy of bits enclosed by both clusters. However, theabove MI measurement is sensitive to the number of variables(bit positions) and is proportionate to the aggregate information ofthese variables. As a result, multiple MI measurements involvingdifferent number of bit positions cannot be fairly compared dur-ing the selection of cluster pair for cluster merging. That is, if MIis adopted for dependency measurement, the hierarchical cluster-ing technique will always be inclined to select a cluster pair thatinvolves the largest cluster for merging in every iteration, althoughthis cluster pair may not be the pair with the highest average bitinterdependency.

To obtain a better measure that precisely quantifies the bit inter-dependency irrespective of the size of the clusters, we normalize theMI using the size of clusters in the cluster pair. This normalized mea-sure indicates how dependent on average a bit pair in a group is uponmerging. We call this normalized measure as the average mutualinformation (AMI), such that

Iavg(fs1 , fs2

)=

I(fs1 , fs2

)∣∣fs1 ∣∣ × ∣∣fs2 ∣∣ . (2)

With this AMI measure, we are able to identify cluster-pair withthe strongest average bit-pair dependency for merging over clusterpairs of different sizes in each iteration. Our proposed AMI-basedAHC algorithm is shown in Algorithm 1. As strongly-dependentcluster pairs will gradually be merged by the clustering algorithm,we will eventually be able to obtain a set of (remaining) weakly-dependent bit groups that were not selected for merging throughoutthe algorithm.

After the algorithm terminates, the grouping information Ĉ isobtained. It is noted that the size of each resulted group f speci-fied in Ĉ determines the number of possible bit combinations (i.e.,2|f | bit-combinations for groups size |f |). As we need to estimate theoccurrence probabilities of these bit combinations from the trainingsamples for within-group fusion search in the second stage describedin Section 3.3, it is usual that one may not have arbitrarily largeamount of training data in practice to ensure accurate estimation ofthese probabilities. To overcome this problem, we restrict the maxi-mum group size to be tsize in order to ensure the feasibility of optimalwithin-group fusion search in the second stage.

Algorithm 1. AMI-based agglomerative hierarchical clustering.

The final set of S clusters is taken based on the entropy of the clus-ters. In the ideal scenario, every resulted bit group f specified in Ĉshould contain at least one bit entropy. According to our analysis inSection 3.4, optimal inter-user variation of the output bit of a group(during within-group fusion function search in the second stage) canonly be achieved when the entropy of the corresponding group isnot less than 1 bit. While this ideal scenario cannot be guaranteedall the time especially when the input bit string contains limitedentropy, the entropy of the S clusters should be made as high as pos-sible so that the possibility of obtaining high inter-user variation inthe resulted fused bit from each cluster in the second stage can beheightened. Because the dependency (maximum AMI) of all clusterpairs is non-increasing as the iteration proceeds (see Appendix A.1

258 G. Mai et al. / Image and Vision Computing 58 (2017) 254–265

Entropy H(x)0 1 2 3 4 5 6 7 8

Max

imum

bit-

com

bina

tion

prob

abili

ty p

max

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

admissible region

Fig. 2. The lower bound of entropy HL(x), where the grey-shaded area depicts theadmissible region of pmax given H(x).

for the proof), the output grouping information Ĉ will be taken andupdated whenever one of the following conditions is satisfied:

(a) The S-th largest cluster entropy in Ĉtmp is greater or equal toone bit;

(b) The S-th largest entropy of the clusters in Ĉ is less than one bitand less than that in Ĉtmp.

3.3. Discriminative within-group fusion search

Suppose that we have obtained S groups of bits from the firststage. For each group, we seek for a discriminative fusion f :{0, 1}|f | → {0, 1} to fuse bits in group f to a single bit z. Here,the function f maps each combination of |f | bits to a bit value.The within-group fusion is analogous to a binary-label assignmentprocess, where each bit combination is assigned a binary outputlabel (a fused bit value). Since the dependency among fused bits hasbeen reduced using AMI-based AHC in stage one, to obtain a dis-criminative bit string that contains high entropy, the fusion shouldminimize the intra-user variation, maximize the inter-user variation

(c) Chimeric B

(a) WVU Multimodal (b) Chimeric A

Fig. 3. Sample face, fingerprint, and iris images from (a) WVU; (b) Chimeric A(FERET, FVC2000-DB2, CASIA-Iris-Thousand); and (c) Chimeric B (FRGC, FVC2002-DB2,ICE2006).

Table 1Experimental settings.

WVU Chimeric A Chimeric B

Subjects 106 100 100Samples per subject 5 8 8Training sample 3 4 4Testing sample 2 4 4Genuine attempts 106 300 300Impostor attempts 11,130 19,800 19,800

and uniformity of the output bit. Naturally, maximizing inter-uservariations has an equivalent effect of maximizing bit uniformity. Thisis because a bit with maximum inter-user variation also indicatesthat the bit value would distribute uniformly among the populationusers. Thus, the fusion sought in the following need only to optimizethe discriminability of the output bit, i.e., minimizing the intra-uservariations and maximizing the inter-user variations.

The intra-user and inter-user variations of the fused bit z of groupf could be measured using the genuine bit-error probability peg andthe impostor bit-error probability pei , respectively. Genuine bit-errorprobability is defined as the probability where different samples ofthe same user are fused to different bit values, while the impostorbit-error probability is defined as the probability where samples ofdifferent users are fused to different bit values. Let xt denotes the t-thbit-combination of group f , where t = {1, 2, · · · , 2|f |} and let X(0) andX(1) denote the sets of bit-combinations in group f that to be fused to‘0’ and ‘1’, respectively. The genuine bit-error probability of fused bitz corresponding to group f can be expressed as

peg = Pr(fn1 ∈ X(0), fn2 ∈ X(1)|ln1 = ln2

)=

∑xt1 ∈X(0)

∑xt2 ∈X(1)

Pr(fn1 = xt1 , f

n2 = xt2 |ln1 = ln2)

(3)

where ln1 and ln2 denote the label of n1-th and n2-th training sample,respectively, fn1 and fn2 denote the group f corresponding to then1-th and n2-th training samples, n1 = n2 and n1, n2 ∈ {1, 2, · · · , N}.

Similarly, the impostor bit-error probability can be expressed as

pei = Pr(fn1 ∈ X(0), fn2 ∈ X(1)|ln1 = ln2

)=

∑xt1 ∈X(0)

∑xt2 ∈X(1)

Pr(fn1 = xt1 , f

n2 = xt2 |ln1 = ln2). (4)

To seek the function f that minimizes genuine and maximizesimpostor bit-error probability, we solve the following minimizationproblem using the integer genetic algorithm [36,37],

minf

(peg − pei

)=

∑xt1 ∈X(0)

∑xt2 ∈X(1)

(Pr(fn1 = xt1 , f

n2 = xt2 |ln1 = ln2 )

− Pr (fn1 = xt1 , fn2 = xt2 |ln1 = ln2 )) (5)subject to

f (xt1 ) = 0, f (xt2 ) = 1

where f (xt1 ) and f (xt1 ) denote the fused bit value of bit-combinationxt1 and xt2 , respectively. Note that this function f has to be sought forevery bit group.

G. Mai et al. / Image and Vision Computing 58 (2017) 254–265 259

(a) WMU Multimodal (b) Chimeric A

(c) Chimeric B

Fig. 4. Comparison of area under ROC curve on (a) WVU multi-modal, (b) Chimeric A, (c) Chimeric B databases.

3.4. Discussion and analysis

An important requirement in Algorithm 1 is that each resulted bitgroup (joint entropy of bits in the group) should contain at least one-bit entropy to warrant the achievability of high inter-user variation.This is because when the group entropy is less than one bit, the prob-ability of one of the fused bit values would become larger than 0.5,thus making the distribution of bit values less uniform among thepopulation users. In the following, we analyze how group entropythat is less than one bit could negatively influence the impostor errorprobability of the fused bit.

Let pt denotes the occurrence probability of a bit combination xtin group f , where t = {1, 2, · · · , 2|f |}. The corresponding joint entropyof bits in group f is expressed as

H(x) = −2|f |∑t=1

ptlog2pt (6)

where |f | denotes group size and ∑2|f |t=1 pt = 1. If H(x) < 1,(a) there exists a bit combination that has the highest occurrence

probability pmax = maxt(pt) > 0.5; and

(b) the impostor bit-error probability pei (the larger, the better) ofthe fused bit in stage two is upper bounded by

pei ≤ 2pmax (1 − pmax) < 0.5. (7)

Proof. (a) To prove that there is an input bit combination that hasthe highest probability pmax = maxt(pt) > 0.5 when H(x) < 1, weconstruct a lower bound of entropy HL(x) w.r.t. pmax that is describedas follows:

HL(x) = max(HL1(x), HL2(x)) (8)

=

{HL1(x) = −log2pmax, 0 < pmax ≤ 0.5HL2(x) = Hb (pmax) , 0.5 ≤ pmax ≤ 1

where HL1(x) and HL2(x) are two lower bound functions and Hb(pmax)is the binary entropy function

Hb(pmax) = −pmaxlog2(pmax) − (1 − pmax)log2(1 − pmax).

260 G. Mai et al. / Image and Vision Computing 58 (2017) 254–265

The two lower bound functions HL1(x) and HL2(x) are derived asfollows:

H(x) = −2|f |∑t=1

ptlog2pt ≥ −2|f |∑t=1

ptlog2pmax = −log2pmax = HL1(x)(9)

H(x) = −2|f |∑t=1

ptlog2pt ≥ −1∑

z=0

⎛⎝

⎛⎝ ∑

t,f (xt)=z

pt

⎞⎠ log2 ∑

t,f (xt)=z

pt

⎞⎠ (10)

≥ Hb (pmax) = HL2(x)

The inverse function of Eq. (8) is plotted as the solid curve in Fig. 2,where the admissible region of pmax lies within the grey-shaded area,indicating the possible pmax values given an entropy value H(x) ofa bit group. Based on this plot, it can be observed that when groupentropy H(x) < 1, all of the possible pmax values in the dark-grey-shaded area are greater than 0.5, which completes the proof.

Proof. (b) The impostor bit-error probability pei is the probability ofgetting a different fused bit value from that of the target genuineuser. Hence, we obtain the following:

pei = Pr(z = 0) Pr(z = 1) + Pr(z = 1) Pr(z = 0)

= 2 Pr(z = 0) Pr(z = 1) (11)

≤ 2pmax (1 − pmax)< 0.5

With this, the lower H(x) < 1 is, the larger the pmax, and thesmaller the impostor bit-error probability pei will be. This completesthe proof.

4. Experimental results

4.1. Database and experiment setting

We evaluated the proposed fusion algorithm using a real andtwo chimeric multi-modal databases, involving three modalities:face, fingerprint and iris. The real multi-modal database, WVU [38],

(a) WVU Multimodal (b) Chimeric A

(c) Chimeric B

Fig. 5. Comparison of average Renyi entropy on (a) WVU multi-modal, (b) Chimeric A, (c) Chimeric B databases.

G. Mai et al. / Image and Vision Computing 58 (2017) 254–265 261

contains images of 106 subjects, where each subject has fivemulti-modal samples. The two chimeric multi-modal databases areobtained by randomly matching images from a face, a fingerprintand an iris database. The first chimeric multi-modal database namedChimeric A consists of faces from FERET [39], fingerprints fromFVC2000-DB2 and irises from CASIA-Iris-Thousand [40]. The seconddatabase named Chimeric B consists of faces from FRGC [41], fin-gerprints from FVC2002-DB2 and irises from ICE2006 [42]. Thesechimeric databases contain 100 subjects with eight multi-modalsamples per subject. Fig. 3 shows the sample images from the threedatabases.

The training–testing partitions for each database is shown inTable 1. Our testing protocol is described as follows. For the gen-uine attempts, the first sample of each subject is matched againstthe remaining samples of the subject. For the impostor attempts, thei-th sample of each subject is matched against the i-th sample of theremaining subjects. Consequently, the number of genuine and impos-tor attempts in WVU multi-modal database are 106 (106×(2−1)) and11,130 ((106×105)/2×2), respectively, while the number of genuineand impostor attempts in the two chimeric multi-modal databasesare 300 (100 × (4 − 1)) and 19,800 ((100 × 99)/2 × 4) respectively.

Prior to evaluating the binary fusion algorithms, we extract thebinary features of face, fingerprint and iris from the databases. Theimages of each modality are first processed as follows:

• Face: Proper face alignment is first applied based on the stan-dard face landmark. To eliminate effect from variations suchas hair style and background, the face region of each sampleis cropped and resized to 61×73 pixels in FERET and FRGCdatabases, and 15×20 pixels in WVU database.

• Fingerprint: We first extract minutiae from each fingerprintusing Verifinger SDK 4.2 [43]. The extracted minutiae are

converted into an ordered binary feature using the method pro-posed in Ref. [18] without randomization. Following param-eters in Ref. [18], each fingerprint image is represented by avector with length 224.

• Iris: The weighted adaptive hough and ellipsopolar transform(WAHET) [44] is employed to segment the iris. Then, 480 realfeatures are extracted from the segmented iris using Ko et al.’sextractor [45]. Both segmentation and extraction algorithmsare implemented using the iris toolkit (USIT) [46].

After preprocessing, we apply PCA on face, and LDA on fingerprintand iris to reduce the feature dimensions to 50. Then, we encode eachfeature component with a 20-bit binary vector using LSSC [24] andobtain a 1000-bit binary feature for each modality.

In this comparative study, we compare the proposed method withthe following existing methods:

− single modality baselines: face, fingerprint, iris− bit selection [30]− concatenation [26,27]− bit-wise operation: AND, OR, XOR− decision fusion: AND, OR (denoted as ‘andd ′ and ‘ord ′ in the

experimental results, respectively)

It is noted that all of the compared methods are re-implementedhere.

For the proposed method, the parameter of largest cluster sizetsize in stage one is set to 8. Throughout the comparative study, fea-tures produced by the evaluated methods are made to be of thesame length for comparison fairness purpose, except the concatena-tion method. For instance, the original length of the unimodal binary

Bit Length

0.8

0.85

0.9

0.95

1

Are

a un

der

Cur

ve (

AU

C) FRGC+FVC2002DB2

FRGCFVC2002DB2

(a) low-quality face (FRGC) + low-qualityfingerprint (FVC2002DB2)

Bit Length

0.8

0.85

0.9

0.95

1

Are

a un

der

Cur

ve (

AU

C)

FRGC+ICE06FRGCICE06

(b) low-quality face (FRGC)+high-qualityiris (ICE06)

Bit Length

0.8

0.85

0.9

0.95

1

Are

a un

der

Cur

ve (

AU

C)

FRGC+FERETFRGCFERET

(c) low-quality face( FRGC)+high-qualityface (FERET)

Bit Length

0.8

0.85

0.9

0.95

1

Are

a un

der

Cur

ve (

AU

C)

FVC2002DB2+ICE06FVC2002DB2ICE06

(d) low-quality fingerprint(FVC2002DB2)+high-quality iris (ICE06)

Bit Length

0.8

0.85

0.9

0.95

1

Are

a un

der

Cur

ve (

AU

C)

FVC2002DB2+FERETFVC2002DB2FERET

(e) low-quality fingerprint(FVC2002DB2)+high-quality face (FERET)

Bit Length

0.8

0.85

0.9

0.95

1

Are

a un

der

Cur

ve (

AU

C)

ICE06+FERETICE06FERET

(f) high-quality iris (ICE06)+high-qualityface (FERET)

200 300 400 500 600 200 300 400 500 600 200 300 400 500 600

200 300 400 500 600 200 300 400 500 600 200 300 400 500 600

Fig. 6. Area under ROC curve with varying qualities of biometric inputs.

262 G. Mai et al. / Image and Vision Computing 58 (2017) 254–265

features is reduced to the evaluated length through discriminativeselection using a discriminability criterion [30]. The features of thebit-wise operation and the results of decision-level fusion methodsare obtained from these selected uni-biometric features.

4.2. Evaluation measures for discriminability and security

4.2.1. DiscriminabilityThe discriminability of the fused feature is measured using the

area under curve (AUC) of the receiver operating characteristic (ROC)curve. The higher the AUC, the better the matching accuracy wouldbe.

4.2.2. SecurityThe security of the template is evaluated using quadratic Renyi

entropy [47]. Specifically, the quadratic Renyi entropy measures theeffort for searching an identified sample of the target template.Assuming that the average impostor Hamming distance (aIHD) or theimpostor Hamming distance per bit obeys binomial distribution withexpectation p and standard deviation s , the entropy of the templatecan be estimated as

H = −log2 Pr(aIHD = 0)= −log2p0(1 − p)N∗ = −N∗log2(1 − p) (12)

where p and s denote the mean and standard deviation of the aIHD,resp., and N* = p(1 − p)/s2 denotes the estimated number ofindependent Bernoulli trials.

4.2.3. Trade-off analysisThe GAR-Security (G-S) analysis [30] is an integrated measure for

template discriminability and security in biometric cryptosystems. Itanalyzes the trade-off between matching accuracy and security in afuzzy commitment system by varying the error correcting capabil-ity. The G-S analysis is based on the decoding complexity of Nagar’sECC decoding algorithm [30], where a query is accepted only if thecorresponding decoding complexity is less than a given threshold.

A G-S point is produced via computing the GAR and the minimumdecoding complexity among all impostor attempts given an errorcorrecting capability. More details of the decoding complexity can befound in [30]. We estimate the entropy of the binary feature using thequadratic Renyi entropy [47], which is a more accurate measure thanthe Daugman’s DOF [48] that is only reliable as the aIHD expectationp = 0.5.

4.3. Discriminability evaluation

The AUC for fusion bit length from 150 to 600 is shown in Fig. 4.It can be observed that the proposed method has comparable per-formance compared to bit selection and concatenation on all threedatabases and it outperforms the remaining methods in general. OnWVU multi-modal database, the proposed method performs as goodas the unimodal face baseline.

For the results on WVU multi-modal database in Fig. 4a, the pro-posed method outperforms the curves of bit selection, concatenationand face. When the bit length equals 350, the AUC of the proposedmethod is 0.9961, which is slightly higher than the AUC of bit selec-tion (0.9896), concatenation (0.9946) and the best single modality:face (0.9890). Compared to face, the proposed method has a marginalimprovement of 0.71%.

Bit Length

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Ave

rage

Ren

yi E

ntro

py

FRGC+FVC2002DB2FRGCFVC2002DB2

(a) low-quality face (FRGC) + low-qualityfingerprint (FVC2002DB2)

Bit Length

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Ave

rage

Ren

yi E

ntro

py

FRGC+ICE06FRGCICE06

(b) low-quality face (FRGC)+high-qualityiris (ICE06)

Bit Length

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Ave

rage

Ren

yi E

ntro

py

FRGC+FERETFRGCFERET

(c) low-quality face( FRGC)+high-qualityface (FERET)

Bit Length

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Ave

rage

Ren

yi E

ntro

py

FVC2002DB2+ICE06FVC2002DB2ICE06

(d) low-quality fingerprint(FVC2002DB2)+high-quality iris (ICE06)

Bit Length

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Ave

rage

Ren

yi E

ntro

py

FVC2002DB2+FERETFVC2002DB2FERET

(e) low-quality fingerprint(FVC2002DB2)+high-quality face (FERET)

200 300 400 500 600 200 300 400 500 600 200 300 400 500 600

200 300 400 500 600 200 300 400 500 600 200 300 400 500 600

Bit Length

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Ave

rage

Ren

yi E

ntro

py

ICE06+FERETICE06FERET

(f) high-quality iris (ICE06)+high-qualityface (FERET)

Fig. 7. Average Renyi entropy with varying qualities of biometric inputs.

G. Mai et al. / Image and Vision Computing 58 (2017) 254–265 263

For the results on Chimeric A database shown in Fig. 4b, theproposed method performs equally well with bit selection and con-catenation methods. The AUC of the proposed method, the bit selec-tion and the concatenation methods are 0.9992, 0.9985, and 0.9973at 350-bit feature length, respectively. This shows a 3.4% improve-ment of the proposed method compared to the best-performingunimodality: face (AUC= 0.9656).

For the results of Chimeric B database in Fig. 4c, it can be observedthat the AUC of the proposed method is slightly higher than thebit selection method when the bit length is less than 500. For thisdatabase, the proposed method, bit selection and concatenationmethods outperform significantly the best-performing unimodality:

iris. At 350-bit feature length, the AUC of the proposed method is0.9823 compared to the concatenation (0.9793) and bit selection(0.9763) methods. The AUC improvement of the proposed methodis approximately 3.5% compared to iris (AUC= 0.9413) at 350-bitfeature length.

These results show that the proposed method could performequally well, or even slightly better than bit selection and concate-nation although the biometric modalities could vary significantly inquality. It is noted that the difference between the AUC of face andfingerprint is around 7–10% on WVU multi-modal database and 2–5% on Chimeric A database; while the difference between the AUC ofiris and face is around 10% on Chimeric B.

bit length = 500bit length = 350

(a) WVU multimodal

bit length = 200

bit length = 500bit length = 350

(b) Chimeric A

bit length = 200

bit length = 500bit length = 350

(c) Chimeric B

bit length = 200

Fig. 8. G-S trade-off analysis on (a) WVU multi-modal, (b) Chimeric A, and (c) Chimeric B.

264 G. Mai et al. / Image and Vision Computing 58 (2017) 254–265

Additionally, it is observed that there is no guarantee on the per-formance of features produced based on AND-, OR- and XOR-featurefusion rule. The features produced by XOR rule are always the worstcompared to AND and OR rules.

4.4. Security evaluation

In this section, the results on template security are shown, whichis measured using quadratic Renyi entropy [47]. The average Renyientropy of the binary feature fused using the evaluated schemes areplotted in Fig. 5. Here, the average Renyi entropy is the Renyi entropydivided by the bit length of the fused features, thus ranging from 0 to1. A higher average Renyi entropy implies stronger template security.

On all three databases, it can be observed that the proposed methodranks second in terms of entropy. The best-performing method turnsout to be the XOR feature fusion because the features tends to bemore uniform upon XOR fusion, despite its poor performance in thediscriminability evaluation.

For the WVU multi-modal database shown in Fig. 5a, it is observedthat at 350-bit feature length, the average entropy achieved by theproposed method is 0.4674 bit, while the XOR-feature fusion methodachieves an average entropy of 0.9603 bit, which is nearly doubleof the proposed method. Besides that the ‘andd ′ method slightlyunderperforms the proposed method, the remaining methods couldonly achieve at most half of the average entropy of the proposedmethod.

Similar results can be seen on Chimerics A and B databases inFig. 5b and c. When the bit length equals 350, the proposed methodachieves an average entropy of 0.4896 bit in Fig. 5b and 0.4021 bitin Fig. 5c, that is half of that of the XOR-feature fusion method but isat least double of that of the remaining methods.

4.5. Robustness of varying qualities of biometric inputs

In addition to produce a fused feature with high discriminabil-ity and security, a feature fusion method should be robust to varyingqualities of biometric inputs. To demonstrate the robustness of theproposed method in discriminability and security, we plot AUC andaverage Renyi entropy of fused feature with different qualities ofinputs in Figs. 6 and 7, respectively.

The face feature from FRGC and fingerprint feature fromFVC2002-DB2 have AUC less than 0.84 and 0.9 (in most cases),respectively and are used as low-quality inputs. The iris feature fromICE2006 and face feature from FERET have AUC higher than 0.92 and0.96, respectively and are used as high-quality inputs. It is noted thathigh-quality inputs have average Renyi entropy at least 50% higherthan the one of low-quality inputs with the same feature length. Theexperiments here contain the three possible quality combinations ofinput, i.e., low + low (Figs. 6a, 7a), low + high (Figs. 6b–e, 7b–e), andhigh + high (Figs. 6f, 7 f).

It is observed that in the three possible quality combinations ofinputs, the proposed method consistently achieves the highest AUCand average Renyi entropy compared to its inputs. This shows thatthe proposed method is robust to varying qualities of inputs.

4.6. Trade-off analysis between discriminability and security

Using the parameters suggested in Ref. [30], the G-S curves of theevaluated methods are plotted in Fig. 8. The maximum acceptabledecoding complexity is fixed as 15 bits and the minimum distanceof the ECC ranges from 0.02 to 0.6 times the bit length S. It canbe observed that the proposed method outperforms the bit selec-tion method on all three databases. This implies that the proposedmethod achieves a better discriminability-security trade-off than thebit selection method and the remaining methods.

For 40-bit security at 350-bit feature length, the proposed methodperforms the best, achieving 69% GAR. This is followed by the face(57% GAR) and bit selection method (38% GAR). For the same set-tings on Chimeric A database, the proposed method achieves 64%GAR, which is 13% higher than face modality and 26% higher than bitselection method. As for Chimeric B database, the proposed methodachieves 20% GAR, which is 11% higher than the iris modality and 17%higher than bit selection method.

5. Conclusion

In this paper, we have proposed a binary feature fusion algorithmthat can produce discriminative binary templates with high entropyfor multi-biometric cryptosystems. The proposed binary featurefusion algorithm consists of two stages: dependency reductive bitgrouping and discriminative and uniform within-group fusion. Thefirst stage creates multiple weakly-interdependent bit groups usinggrouping information that is obtained from an average mutualinformation-based agglomerative hierarchical clustering; while thesecond stage fuses the bits in each group through a functionthat minimizes intra-user variation, and maximizes uniformity andinter-user variation of the output fused bit. We have conductedexperiments on WVU multi-modal database and two chimericdatabases and the results have justified the effectiveness of the pro-posed method in producing a highly discriminative fused templatewith high entropy per multi-modal sample.

Acknowledgment

This project is partially supported by the Hong Kong RGC grantHKBU 211612 and Mr. Kwok Yat Wai and Madam Kwok Chung BoFun Graduate School Development Fund.

Appendix A.

A.1. Proof of the non-increasing of the maximum AMI

Lemma 1. In the agglomerative clustering that merge cluster pairs withmaximum AMI at each iteration, let MIiteravg and MI

iter+1avg denotes maxi-

mum AMI among all cluster-pairs in the start of iter-th and (iter + 1)-thiteration, resp., then MIiteravg ≥ MIiter+1avg .

Proof. (proof by contradiction) Suppose that the cluster-set Citer ={f1, f2, · · · , fS} in the start of iter-th iteration contains L clusters, andthe cluster-pair (fs1 , fs2 ), where s1, s1 = {1, 2, · · · , S}, is the cluster-pair with highest AMI among all possible cluster-pairs from Citer, i.e.,MIiteravg = Iavg(fs1 , fs2 ). In the start of (iter + 1)-th (after iter-th) itera-tion, cluster-pair (fs1 , fs2 ) is merged to cluster fs3 , the correspondingcluster-set Citer+1 contains fs3 and all the clusters in Citer excludingfs1 and fs2 , i.e.,

Citer+1 = Citer − {fs1 } − {fs2 } + {fs3 }

As MIiteravg = Iavg(fs1 , fs2 ), Iavg(fs1 , fs2 ) greater than the AMI of all possi-ble cluster-pair in Citer+1 excluding cluster fs3 . Therefore, if MI

iteravg <

MIiter+1avg , there must exist a fs4 in Citer+1, such that Iavg(fs1 , fs2 ) <Iavg(fs3 , fs4 ). Since

Iavg(fs3 , fs4 ) =H(fs3 ) + H(fs4 ) − H(fs3 , fs4 )

|fs3 ‖ fs4 |=

H(fs3 ) + H(fs4 ) − H(fs3 , fs4 )(|fs1 | + |fs2 |)|fs4 |

.

G. Mai et al. / Image and Vision Computing 58 (2017) 254–265 265

Furthermore, we have

H(fs3

)+ H

(fs4

) − H (fs3 , fs4 )= Iavg(fs1 , fs4 )|fs1 ‖ fs4 | + Iavg(fs2 , fs4 )|fs2 ‖ fs4 |

+H(fs1 , fs4 ) + H(fs2 , fs4 )

− (Iavg(fs1 , fs2 ) + H(fs4 ) + H(fs1 , fs2 , fs4 ))≤ Iavg(fs1 , fs4 )|fs1 ‖ fs4 | + Iavg(fs2 , fs4 )|fs2 ‖ fs4 |≤ max{Iavg(fs1 , fs4 ), Iavg(fs2 , fs4 )}(|fs1 | + |fs2 |)|fs4 |.

Finally,

Iavg(fs3 , fs4 ) ≤max{Iavg(fs1 , fs4 ), Iavg(fs2 , fs4 )}(|fs1 | + |fs2 |)|fs4 |

(|fs1 | + |fs2 |)|fs4 |≤ max{Iavg(fs1 , fs4 ), Iavg(fs2 , fs4 )}(|fs1 | + |fs2 |)|fs4 |≤ Iavg(fs1 , fs2 ).

Therefore, there is no cluster fs4 that fulfill the conditionIavg(fs1 , fs2 ) < Iavg(fs3 , fs4 ), which means that MI

iteravg ≥ MIiter+1avg always

true. This completes the proof. �

References

[1] A.A. Ross, K. Nandakumar, A.K. Jain, Handbook of Multibiometrics, 6. Springer.2006.

[2] A. Shrivastava, M. Rastegari, S. Shekhar, R. Chellappa, L.S. Davis, Class consis-tent multi-modal fusion with binary features, Computer Vision and PatternRecognition, IEEE Conference on, 2015. pp. 2282–2291.

[3] Y. Liu, Z. Yang, C.Y. Suen, L. Yang, A study on performance improvement due tolinear fusion in biometric authentication tasks, IEEE Transactions on Systems,Man, and Cybernetics: Systems (2015) ISSN 2168-2216. http://dx.doi.org/10.1109/TSMC.2015.2501279.

[4] R. Cappelli, D. Maio, A. Lumini, D. Maltoni, Fingerprint image reconstruc-tion from standard templates, Pattern Analysis and Machine Intelligence, IEEETransactions on 29 (9) (2007) 1489–1503.

[5] Y.C. Feng, M.-H. Lim, P.C. Yuen, Masquerade attack on transform-based bina-ry-template protection based on perceptron learning, Pattern Recogn. 47 (9)(2014) 3019–3033.

[6] R.N. Rodrigues, N. Kamat, V. Govindaraju, Evaluation of biometric spoofing in amultimodal system, Biometrics: Theory Applications and Systems, Fourth IEEEInternational Conference on, 2010. pp. 1–5.

[7] A. Ross, J. Shah, A.K. Jain, From template to image: reconstructing finger-prints from minutiae points, Pattern Analysis and Machine Intelligence, IEEETransactions on 29 (4) (2007) 544–560.

[8] N.K. Ratha, S. Chikkerur, J.H. Connell, R.M. Bolle, Generating cancelable finger-print templates, Pattern Analysis and Machine Intelligence, IEEE Transactionson 29 (4) (2007) 561–572.

[9] Z. Jin, M.-H. Lim, A.B.J. Teoh, B.-M. Goi, A non-invertible randomizedgraph-based hamming embedding for generating cancelable fingerprint tem-plate, Pattern Recogn. Lett. 42 (2014) 137–147.

[10] A.B. Teoh, A. Goh, D.C. Ngo, Random multispace quantization as an analyticmechanism for biohashing of biometric and random identity inputs, Pat-tern Analysis and Machine Intelligence, IEEE Transactions on 28 (12) (2006)1892–1901.

[11] Y. Dodis, R. Ostrovsky, L. Reyzin, A. Smith, Fuzzy extractors: how to generatestrong keys from biometrics and other noisy data, SIAM J. Comput. 38 (1) (2008)97–139.

[12] A. Juels, M. Sudan, A fuzzy vault scheme, Des. Codes Crypt. 38 (2) (2006)237–257.

[13] A. Juels, M. Wattenberg, A fuzzy commitment scheme, Proceedings of the 6thACM conference on Computer and Communications Security, 1999. pp. 28–36.

[14] Y.C. Feng, P.C. Yuen, A.K. Jain, A hybrid approach for generating secure anddiscriminating face template, Information Forensics and Security, IEEE Trans-actions on 5 (1) (2010) 103–117.

[15] E. Maiorana, G. Hine, P. Campisi, Hill-climbing attacks on multibiometricsrecognition systems, Information Forensics and Security, IEEE Transactions on10 (5) (2015) 900–915.

[16] ISO/IEC 19794-2:2011 Information Technology — Biometric Data InterchangeFormats — Part 2: Finger Minutiae Data, 2011.

[17] J. Daugman, High confidence visual recognition of persons by a test of statisticalindependence, Pattern Analysis and Machine Intelligence, IEEE Transactions on15 (11) (1993) 1148–1161.

[18] F. Farooq, R.M. Bolle, T.-Y. Jea, N. Ratha, Anonymous and revocable fingerprintrecognition, Computer Vision and Pattern Recognition, IEEE Conference on,2007. pp. 1–7.

[19] A. Vij, A. Namboodiri, Learning minutiae neighborhoods: a new binary repre-sentation for matching fingerprints, Computer Vision and Pattern RecognitionWorkshops, IEEE Conference on, 2014. pp. 64–69.

[20] H. Xu, R. Veldhuis, Binary representations of fingerprint spectral minutiae fea-tures, in: Pattern Recognition, 2010 20th International Conference on, IEEE, pp.1212–1216.

[21] Y.C. Feng, P.C. Yuen, Class-distribution preserving transform for face bio-metric data security, in: Acoustics, Speech and Signal Processing, 2007. IEEEInternational Conference on, vol. 2, pp. II–141.

[22] Y.C. Feng, P.C. Yuen, Binary discriminant analysis for generating binary facetemplate, Information Forensics and Security, IEEE Transactions on 7 (2) (2012)613–624.

[23] E. Kelkboom, X. Zhou, J. Breebaart, R. Veldhuis, C. Busch, Multi-algorithm fusionwith template protection, Biometrics: Theory, Applications, and Systems, IEEE3rd International Conference on, 2009. pp. 1–8.

[24] M.-H. Lim, A.B.J. Teoh, A novel encoding scheme for effective biometric dis-cretization: linearly separable subcode, Pattern Analysis and Machine Intelli-gence, IEEE Transactions on 35 (2) (2013) 300–313.

[25] A.K. Jain, S. Prabhakar, L. Hong, S. Pankanti, FingerCode: a filterbank forfingerprint representation and matching, in: Computer Vision and PatternRecognition, 1999. EEE International Conference on, vol. 2.

[26] S. Kanade, D. Petrovska-Delacretaz, B. Dorizzi, Multi-biometrics based cryp-tographic key regeneration scheme, Biometrics: Theory, Applications, andSystems. IEEE 3rd International Conference on, 2009. pp. 1–7.

[27] S. Kanade, D. Petrovska-Delacretaz, B. Dorizzi, Obtaining cryptographic keysusing feature level fusion of iris and face biometrics for secure user authenti-cation, Computer Vision and Pattern Recognition Workshops, IEEE ComputerSociety Conference on, 2010. pp. 138–145.

[28] G. Mai, M.-H. Lim, P.C. Yuen, Fusing binary templates for multi-biometriccryptosystems, Biometrics: Theory Applications and Systems, Seventh IEEEInternational Conference on, 2015.

[29] Y. Sutcu, Q. Li, N. Memon, Secure biometric templates from fingerprint-facefeatures, Computer Vision and Pattern Recognition, IEEE Conference on, 2007.pp. 1–6.

[30] A. Nagar, K. Nandakumar, A.K. Jain, Multibiometric cryptosystems based on fea-ture-level fusion, Information Forensics an Security, IEEE Transactions on 7 (1)(2012) 255–268.

[31] M. Prasad, M. Sukumar, A. Ramakrishnan, Orthogonal LDA in PCA transformedsubspace, Frontiers in Handwriting Recognition, International Conference on,2010. pp. 172–175.

[32] J. Yang, X. Zhang, Feature-level fusion of fingerprint and finger-vein for per-sonal identification, Pattern Recogn. Lett. 33 (5) (2012) 623–628.

[33] R. Xu, D. Wunsch, et al. Survey of clustering algorithms, Neural Networks, IEEETransactions on 16 (3) (2005) 645–678.

[34] H. Peng, F. Long, C. Ding, Feature selection based on mutual information crite-ria of max-dependency, max-relevance, and min-redundancy, Pattern Analysisand Machine Intelligence, IEEE Transactions on 27 (8) (2005) 1226–1238.

[35] A. Kraskov, P. Grassberger, MIC: mutual information based hierarchicalclustering, Information Theory and Statistical Learning, Springer. 2009, pp.101–123.

[36] K. Deb, An efficient constraint handling method for genetic algorithms, Comput.Methods Appl. Mech. Eng. 186 (2) (2000) 311–338.

[37] K. Deep, K.P. Singh, M. Kansal, C. Mohan, A real coded genetic algorithm forsolving integer and mixed integer optimization problems, Appl. Math. Comput.212 (2) (2009) 505–518.

[38] L. Hornak, A. Ross, S.G. Crihalmeanu, S.A. Schuckers, A protocol for multibio-metric data acquisition storage and dissemination, Tech. rep., West VirginiaUniversity. 2007, https://eidr.wvu.edu/esra/documentdata.eSRA.

[39] P.J. Phillips, H. Moon, S.A. Rizvi, P.J. Rauss, The FERET evaluation methodologyfor face-recognition algorithms, IEEE Trans. Pattern Anal. Mach. Intell. 22 (10)(2000) 1090–1104.

[40] CASIA Iris Image Database, http://biometrics.idealtest.org/.[41] P.J. Phillips, P.J. Flynn, T. Scruggs, K.W. Bowyer, J. Chang, K. Hoffman, J. Marques,

J. Min, W. Worek, Overview of the face recognition grand challenge, Computervision and pattern recognition, IEEE Conference on, 1, 2005. pp. 947–954.

[42] K.W. Bowyer, P.J. Flynn, The ND-IRIS-0405 iris image dataset, 2009.[43] VeriFinger SDK, http://www.neurotechnology.com/.[44] A. Uhl, P. Wild, Weighted adaptive hough and ellipsopolar transforms for real–

time iris segmentation, Biometrics (ICB), 5th IAPR International Conference onIEEE, 2012. pp. 283–290.

[45] J.-G. Ko, Y.-H. Gil, J.-H. Yoo, K.-I. Chung, A novel and efficient feature extractionmethod for iris recognition, ETRI J. 29 (3) (2007) 399–401.

[46] C. Rathgeb, A. Uhl, P. Wild, Iris recognition: from segmentation to templatesecurity, Advances in Information Security 59 (2012).

[47] S. Hidano, T. Ohki, K. Takahashi, Evaluation of security for biometric guessingattacks in biometric cryptosystem using fuzzy commitment scheme, Conferenceof the Biometrics Special Interest Group (BIOSIG) IEEE, 2012. pp. 1–6.

[48] J. Daugman, The importance of being random: statistical principles of irisrecognition, Pattern Recogn. 36 (2) (2003) 279–291.

[49] Siqi Liu, Pong C. Yuen, Shengping Zhang, Guoying Zhao, 3D Mask FaceAnti-spoofing with Remote Photoplethysmography, European Conference onComputer Vision, Springer 2016, pp. 85–100.

[50] Meng-Hui Lim, Sunny Verma, Guangcan Mai, Pong C. Yuen, Learning dis-criminability-preserving histogram representation from unordered features formultibiometric feature-fused-template protection, Pattern Recogn., 60, Else-vier 2016, pp. 706–719.

http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0005http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0010http://dx.doi.org/10.1109/TSMC.2015.2501279http://dx.doi.org/10.1109/TSMC.2015.2501279http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0020http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0025http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0030http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0035http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0040http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0045http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0050http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0055http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0060http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0065http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0070http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0075http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0080http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0085http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0090http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0095http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0100http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0105http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0110http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0115http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0120http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0125http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0130http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0135http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0140http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0145http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0150http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0155http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0160http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0165http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0170https://eidr.wvu.edu/esra/documentdata.eSRAhttp://refhub.elsevier.com/S0262-8856(16)30201-3/rf0180http://biometrics.idealtest.org/http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0185http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0190http://www.neurotechnology.com/http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0195http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0200http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0205http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0210http://refhub.elsevier.com/S0262-8856(16)30201-3/rf0215http://refhub.elsevier.com/S0262-8856(16)30201-3/rf9215http://refhub.elsevier.com/S0262-8856(16)30201-3/rf9910

Binary feature fusion for discriminative and secure multi-biometric cryptosystems1. Introduction2. Related work3. The proposed binary feature fusion3.1. Overview of the proposed method3.2. Dependency reductive bit-group search3.3. Discriminative within-group fusion search3.4. Discussion and analysis

4. Experimental results4.1. Database and experiment setting4.2. Evaluation measures for discriminability and security4.2.1. Discriminability4.2.2. Security4.2.3. Trade-off analysis

4.3. Discriminability evaluation4.4. Security evaluation4.5. Robustness of varying qualities of biometric inputs4.6. Trade-off analysis between discriminability and security

5. Conclusion AcknowledgmentReferences