بازسازی تصویر عنبیه چشم با استفاده ازقالب دوتایی : رویکرد احتمالاتی کارآمد بر اساس الگوریتم ژنتیک

A binary iriscode is a very compact representation of an iris image. For a long time it was assumed that the iriscode did not contain enough information to allow for the reconstruction of the original iris. The present work proposes a novel probabilistic approach based on genetic algorithms to reconstruct iris images from binary templates and analyzes the similarity between the reconstructed synthetic iris image and the original one. The performance of the reconstruction technique is assessed by empirically estimating the probability of successfully matching the synthesized iris image against its true counterpart using a commercial matcher. The experimental results indicate that the reconstructed images look reasonably realistic. While a human expert may not be easily deceived by them, they can successfully deceive a commercial matcher. Furthermore, since the proposed methodology is able to synthesize multiple iris images from a single iriscode, it has other potential applications including privacy enhancement of iris-based systems.

Biometrics is the science of establishing human identity based on the physical and behavioral attributes of an individual such as fingerprints, face, iris or voice. Since biometric traits are inherently associated with a person, they offer substantial advantages over traditional human authentication schemes based on passwords and ID cards [1] and [2]. Consequently, the deployment of biometric systems in identity management and access control applications is on the increase. A classical biometric system acquires the biometric trait of an individual, extracts salient features from the trait, and compares the extracted features against those in a database in order to verify a claimed identity or to identify an individual. For security and privacy reasons, biometric systems typically do not store the raw biometric data that may disclose sensitive information about the subjects (i.e., race, diseases, etc.). Rather, they store the extracted template (feature set) containing the most discriminative information about the individual and relevant for recognition purposes. However, recent research has looked into the possibility of recovering the original biometric data from the reduced template [3] and [4]. Such studies, which are also relevant from an information theory perspective (i.e., what is the amount of information necessary to reverse engineer a biometric template?), have set a new research trend in the biometrics field known as inverse biometrics. The present work falls under this category. Among the various biometric traits that have been researched and used, iris is traditionally regarded as one of the most reliable and accurate [5]. After some preprocessing steps in which the iris is localized, segmented and normalized, the vast majority of iris recognition systems perform some type of filtering operation in order to generate the iris template (e.g., using 2-D Gabor wavelets). The phase information of the filtered normalized image is quantized to produce the final binary template (i.e., iriscode) which is stored in the database during enrollment. Then, in the authentication or recognition phase, iriscodes are compared using bit-based metrics like the Hamming distance [6], [7] and [8]. This way iris recognition is accomplished based only on phase-related information, while the amplitude data is discarded due to its sensitivity to external factors such as imaging contrast, illumination or camera gain. The iriscode has been adopted as a de facto standard by most iris-based systems, as it is a very efficient and compact representation of the discriminative characteristics contained within a person’s iris pattern. It has been a common belief in the biometric community that binary templates do not have sufficient information to reconstruct the original iris image from them [9]. Furthermore, iriscodes from real iris images have been demonstrated to be significantly unique across individuals [10]. Are iriscodes really resilient to being reverse-engineered in order to recover the original iris pattern from them? Is it possible to generate different synthetic iris-like patterns which yield iriscodes very similar to the one given? In summary, can we generate synthetic images that match a specific binary template thereby potentially deceiving an iris recognition system?. In the present work we address these questions by proposing a novel probabilistic approach based on genetic algorithms for the generation of iris-like synthetic patterns whose corresponding iriscodes match that of a genuine user. Two main goals are pursued: • On the one hand, explore whether the phase information embedded in the iriscode is sufficient to reconstruct an iris image that can be successfully matched to the real one from which the template was generated. As a validation of the proposed reconstruction approach, we will investigate if the synthetically produced images may be used to deceive state-of-the-art commercial matchers. • On the other hand, determine if it is possible to generate not just one, but a class of synthetic patterns with very similar iriscodes to that of a real one (i.e., exhibiting similarities in phase but differences in magnitude with respect to the original genuine pattern). As a validation of this second objective, we will determine if producing more than one reconstructed sample results in a better chance of deceiving iris recognition systems. If the aforementioned goals are realized, it would imply that it is possible to generate synthetic iris images that are visually different from the original iris sample but which produce iriscodes that fall within the intra-class tolerance of a genuine user. The work has been carried out from a computer-based perspective. This means that our goal is not to generate iris images that could fool a human expert; rather, the goal is to successfully match the synthesized iris images with their true counterparts using an automated iris matcher. Even so, different strategies to make the synthetic patterns look as realistic as possible are also explored in the experimental part of the article, where statistical results regarding the visual perception that experts and non-experts have of the reconstructed image are presented. In order to provide a fully reproducible experimental protocol, which permits the comparison of the results with future studies, experiments are carried out on two publicly available databases. Furthermore, the iris recognition systems used for development and testing are well known matchers that can be easily obtained by any interested party. The rest of the article is structured as follows. Related work is discussed in Section 2. The concept of automated iris recognition is briefly summarized in Section 3. The proposed iris reconstruction algorithm is presented in Section 4. The databases and iris matchers used in the experimental protocol are described in Section 5. The performance of the proposed approach is reported and analyzed in Section 6, while results evaluating the visual realism of the reconstructed images are given in Section 7. A preliminary quality assessment of the synthesized iris images is presented in Section 8. Conclusions are drawn in Section 9.

This work has shown that the phase information summarized in iriscodes is sufficient to generate synthetic iris-like images with very similar binary templates to that of the original iris pattern. The experimental findings indicate that an eventual attack against iris matchers using such reconstructed images would have a very high chance of success. Such an attack presupposes that (a) the system stores unencrypted templates (or the attacker is able to override this protection) and that (b) synthetic iris samples can be input to the matcher. Since iriscodes only encode phase-related data of the original iris image and discard the amplitude information [8], there are visual differences between the reconstructed iris and the original iris. However, results indicate that it is quite likely to deceive a non-expert human observer with the reconstructed samples even though the synthetic grayscale iris patterns are not a fully accurate reproduction of the original patterns. The experimental findings have also shown the ability of the proposed probabilistic approach to reconstruct not just one, but multiple synthetic samples from a given iriscode. This not only significantly increases the success rate of the attack compared to methods that can generate only one synthetic sample from an iriscode, but it also opens up the possibility of other applications besides inverse biometrics such us its use for privacy preserving purposes. Biometric samples are personal data and different privacy concerns have arisen regarding their distribution and protection [58]. The proposed reconstruction method is able to generate synthetic iris patterns visually different to the original (see Fig. 7) which are, nevertheless, positively matched to the user’s identity. This means that the synthetic samples may be considered as an alternative representation of the user’s identity and, as such, may be stored in the database thereby avoiding possible privacy issues (e.g., deducing gender, age or ethnicity from the original iris images). Furthermore, the work has reinforced the need for including template protection schemes in commercial iris systems as well as for adopting a verification strategy that confirms if the biometric samples presented to the system are those of a genuine eye and not that of a digital or physical artifact of the iris. It may be argued that attacks such as the one considered in this work can be successful only when the template stored in the database is compromised. This may be difficult (although possible) in classical biometric systems where the enrolled templates are kept in a centralized database. In this case, the attacker would have to access the database and extract the information, or intercept the communication channel when the stored template is released for matching. But the threat is heightened in Match-on-Card (MoC) applications where an individual’s biometric template is stored in a smartcard possessed by the person. Such applications are rapidly growing due to several appealing characteristics such as scalability and privacy [59]. Similarly, biometric data is being stored in many official documents such as the new biometric passport [60], some national ID cards [61], the US FIPS-201 Personal Identity Verification initiatives (PIV) [62] and the ILO Seafarers Identity Card Program [63]. In spite of the clear advantages that these type of applications offer, templates are more likely to be compromised as it is easier for the attacker to have physical access to the storage device and, as has already been demonstrated [64], fraudulently obtain the information contained inside. This makes MoC systems potentially more vulnerable to the type of threat described in this article especially when the biometric data is stored without any type of encryption [62], or printed in the clear on plastic cards as 2D barcodes [63]. Thus, there is an acute need to deflect the type of attack outlined in this article. This can be accomplished using two complementary approaches: • Prevention. Here the goal is to avoid the users’ templates from being compromised, for example by securely storing biometric data using encrypted templates [39] and [65] or protecting the communication channels through encryption [66]. • Protection. Here the goal is to minimize the probability of a successful attack even when a template is compromised. This could be accomplished by using biometric-based countermeasures to distinguish synthetic images from real iris images or to employ liveness-detection techniques [67]. Research work, such as the one presented in this article, or previous studies dealing with other modalities like fingerprint [23] and [3] or face [4], bring to the fore the difficulty in estimating the amount of information present within a biometric trait and the issue of biometric template generation. Furthermore, from a security perspective, we believe that these examples may serve as a wake-up call for vendors and developers to be aware of the potential risks of not securing biometric templates, as is the case in some operational systems already installed in sensitive areas. There is an urgent need to design effective countermeasures that minimize the effects of these threats and increase the confidence of the end users in this rapidly emerging technology.