Enhancing Biometric Fingerprint Security Through Integrated Watermarking and Cipher Block Chaining Techniques

This section elucidates the used technical materials in the proposed algorithm.

2.1 Advanced encryption standard

After years of competition, in 2001, the National Institute of Standards and Technology (NIST) approved a new encryption system named Advanced Encryption Standard [23]. The standard is an iterative cipher block [24], based on the Rijndael algorithm [25]. This standard is a symmetric block cipher, where the symmetry notion in cryptography means Alice and Bob partage the same key utilized for encryption and decryption procedures. The maximum data size that can be treated by this system is 128 bits [26], exploiting cipher keys of 128, 192, and 256-bit lengths. The AES was designed to gain the following essential features:

• Attack resistance
• High speed and low energy consumption
• Uncomplicated architecture

The Advanced Encryption Standard cryptosystem's experimental outcomes may be impacted by key lengths. Although longer key lengths typically bring additional protection, more processing resources will be required, which could slow down the encryption and deciphering procedures. For the majority of applications, a key value of 128 bits is usually considered to be secure. However, a larger key value, such as 192 or 256 bits, may be advised for extremely confidential data.

The following guidelines ought to be adhered to when choosing AES keys:

• Utilize robust, random keys to prevent intruders from predicting or brute-forcing using a sophisticated random number generator.
• Employ unique keys for each message or session to guarantee that the attacker cannot access other protected messages or sessions if one key is compromised.
• Keys should be stored away from unauthorized people. To further improve security, key regeneration, and rotation should be considered as well.

Algorithms 1 and 2 summarize the principles of encryption and decryption operations for the advanced encryption standard.

SubBytes substituting bytes in accordance with a certain table, the so-called S-Box, significantly affects the encryption process in a non-linear way. The first row is left untouched while the remaining three rows, which comprise a 4×4 byte matrix, undergo a ShiftRows operation to add complexity. In MixColumns, instead of treating each byte as an integer, each column is multiplied by a constant matrix that fills the Galois field. The round key and the initial input block are XORed together by Assafli and Hashim [27].

Moreover, similar results to the electronic code-book (ECB), which is a deterministic operation mode, will be obtained if the Rijndael algorithm is directly applied using the exact same key, consequently, susceptibility may be provoked due to the poorly concealed data patterns [28]. Cipher Block Chaining (CBC), cipher feedback (CFB), output feedback (OFB), and counter mode (CTR) are non-deterministic (probabilistic) operation modes employed in cryptography [29].

Each of the aforementioned probabilistic operation modes has its own application scenarios, advantages, and disadvantages, which are briefly discussed as follows:

1. Cipher Block Chaining (CBC) is frequently used in data transfer when the message's secrecy and stability are crucial.

• Pros: Besides providing unpredictability to the encryption process, CBC prevents plaintext patterns from being visible in the ciphertext.
• Cons: Because CBC employs a chaining structure and each block's encryption or decoding relies on the preceding block, it is slower than some other forms of operation.

2. Cipher Feedback (CFB) is utilized in real-time applications, where data is transmitted in a continuous stream, such as audio and video data encryption.

• Pros: CFB enables encryption and decryption of single bits or bytes of data, which is advantageous in real-time applications requiring fast processing of tiny data elements.
• Cons: CFB is susceptible to error spread, which means that if an error occurs during the encryption or decryption of one block, it might also impact consecutive blocks.

3. Output Feedback (OFB) is commonly employed when data encryption and decryption must be conducted separately in conjunction with each other. Along with file and drive encryption, it is employed to secure access sessions.

• Pros: By using OFB, a series of pseudo-random bits can be produced to be applied to data protection and decoding. Additionally, it might be used for both error detection and correction.
• Cons: OFB is susceptible to attacks where the encryption function's output can be predicted based on previous output.

4. Counter Mode (CTR): Similar to the OFB, the counter mode is used in situations where the encryption and decryption of data need to be performed independently of each other.

• Pros: CTR can be used to produce a sequence of pseudo-random bits for data encryption and decryption since it does not implement a chaining framework.
• Cons: As each data element requires a unique counter, CTR can be challenging to manage.

In summation, the Advanced Encryption Standard represents a widely employed cryptosystem that offers safe and effective data protection. However, as with any cryptosystem, it has its advantages and weaknesses. The pros and cons of the AES concept are covered below.

Advantages:

• Security: AES is a common option for safe data transmission since it offers robust security against a variety of assaults, including brute-force attacks.
• Efficiency: In terms of efficiency and resource utilization, AES is very effective. It can rapidly encode and decode data and uses little computing power, making it appropriate for use in settings with limited resources.

• Standardization: AES is a widely used and compatible encryption method that has been accepted by numerous groups and countries around the globe.
• Flexibility: AES can be used in a variety of apps because it allows a variety of key and block sizes.

Disadvantages:

• Key management: The quality of the encryption key used determines how secure AES is.
• Key administration can be difficult because they must be disseminated to approved parties and safely kept. Although AES is thought to be extremely safe, it is not impervious to attacks. There have been cases where the algorithm's weaknesses have been found and used against it.

• Execution problems: If AES is not applied properly, its security may be jeopardized. Wrong application techniques, such as vulnerable random number generation or poor key generation, can degrade the cryptosystem.

AES is an effective option for data protection because its encryption and decoding principles offer robust security and effectiveness. AES possesses certain restrictions and deficiencies. Therefore, effective key management and execution procedures are essential to ensuring its viability.

2.2 Cipher Block Chaining

The Cipher Block Chaining mechanism (see Figure 1) is about encrypting determined blocks, where each block is dependent on all previous cipher blocks [30], except for the initial block, which requires an initialization vector (IV) for the encryption. Thus, in this operation mode, an XOR operation is exerted on each plain text block and its earlier ciphered block, exempting the first block, which is XORed with the initialization vector [23]. The encryption and decryption processes are expressed in Eqns. (1) and (2), correspondingly. Moreover, the Cipher Block Chaining operation mode can be summarized as follows [31]:

• Every block depends on preceding blocks
• Each earlier encrypted block result recurs in the ruling block
• The initialization vector is mandatory for the initial block encryption
• IV can be generated manually or randomly

$C_i=E_k\left(P_i \oplus C_{i-1}\right) ; C_0=I V$                           (1)

$P_i=D_k\left(C_i\right) \oplus C_{i=1} ; C_{\Omega}=I V$                      (2)

Thanks to the chaining structure, the CBC consumes more computational time than other operation modes.

11.png

Figure 1. Cipher Block Chaining operation mode

The algorithm was applied to a series of fingerprint images collected from the study [32] to verify the performance of the suggested method. The algorithm was examined using MATLAB 2019 on an Intel® Xeon® processor with a 16 GB memory machine, where the images’ size was 192×256. The suggested scheme was evaluated using the metrics indicated in the sequel.

4.1 Performance evaluation

As imperceptibility represents a crucial element in digital watermarking evaluation, the following metrics are addressed to serve this operation:

• A Peak Signal to Noise Ratio (PSNR) is about computing the numerical differences between an original (host image) and a manipulated image (watermarked image) using the next equation:

$P S N R=10 \log _{10}\left(\frac{255^2}{M S E}\right)$                           (5)

The Mean Square Error (MSE) formula is expressed as:

$M S E=\frac{1}{X \times Y} \sum_0^{X-1} \sum_0^{Y-1}(H(i, j)-W i(i, j))^2$                                      (6)

The host and the watermarked images are denoted H and $W i$ respectively, and X and Y represent the dimensions.

• Structural similarity index metric as its name indicates, calculates the similarity between modified and reference images.

$\operatorname{SSIM}(x, y)=I(l(x, y), C(x, y), S(x, y))$                               (7)

The I, C, and S are the luminance, contrast, and structure correspondingly.

• The normalized correlation compares the extracted watermark to the integrated one. It is defined as follows:

$N C C=\frac{\sum_{i=1}^x \sum_{j=1}^{y^{\prime}}\left(w_{o r}(i, j) \times w_{e x}(i, j)\right)}{\sum_{i=1}^x \sum_{i=1}^y w_{o r}^2(i, j)}$                                (8)

where, W_or is the original watermark, and W_ex is the extracted watermark.

• The Bit Error Rate is calculated by dividing the total number of transferred bits by the total number of errors.

$B E R=\frac{\text { Errors }}{\text { Number of bits }}$                      (9)

Table 1. Performance analysis of the watermarked fingerprints test images

To assess the suggested technique, Table 1 shows the performance analysis in terms of high fidelity and indistinguishability, where high peak signal-to-noise ratio results were obtained with an average of 51 dB, which is higher than the accepted range, compromising values from 29 to 35 dB [33]. The conducted method results are displayed in Figure 3. On the other hand, the mean square error is relatively low due to the minor error recorded. As known, the structural similarity index metric is more efficient compared to PSNR with regard to subjective quality [34]. The suggested technique revealed SSIM values with an average of 0.9988, confirming the heightened similarity between the host and the watermarked image, where zero difference can be noticed by the human vision system.

Table 2. PSNR and SSIM comparison

Furthermore, Table 2 exhibits a comparison in terms of PSNR and SSIM between the presented method and other digital watermarking methods, where the method in hand revealed increased results, which affirms the proposed method’s competence.

Digital image watermarking attacks are about manipulating or tampering with an image, intentionally or unintentionally, and as robustness is as necessary as imperceptibility for digital watermarking schemes, a group of attacks was exerted to evaluate the capacities of the suggested framework. Table 3 illustrates the results in terms of normalized correlation and the bit error rate of the extracted watermark in a zero-attack scenario, where the presented method delivered ideal results. Furthermore, even under attack, the proposed method withstands various attack types as reported in Table 4.

Figure 3 shows the original cover image, the original watermark, the watermarked image, and the retrieved watermark, where it is clear that the testing images were not affected during the embedding and extraction procedures. Moreover, it is visible in Figure 4 that the extracted watermarks are still recognizable even after attack conduction, which confirms the resilience of this technique to a variety of manipulations such as noise, translation, and filtering.

Table 3. NCC and BER results of the retrieved watermark from testing

Table 4. NCC and BER results of the extracted watermarks under attacks

3.png

Figure 3. (a) Host fingerprints, (b) embedded watermark, (c) watermarked fingerprints, (d) extracted watermark

4.png

Figure 4. Watermarked image and extracted watermark under attacks, (a) Salt & Pepper 5%, (b) Salt & Pepper 5%, (c) Translation (5.5), (d) Median filter (3:3), (e) Median filter (5:5)

5.png

Figure 5. (a) Original fingerprint images, (b) cipher fingerprint images, (c) plain fingerprints images

4.2 Correlation analysis

Correlation analysis is about calculating the correlation between adjacent pixels for plain and cipher images, where it is mathematically given by the following formulas:

$r_{u, v}=\frac{E((u-E(u))(v-E(v)))}{\sqrt{D(u) D(v)}}$                   (10)

$E(u)=\frac{1}{N} \sum_{i=1}^N u_i$                               (11)

$D(u)=\frac{1}{N} \sum_{i=1}^N\left(u_i-E(u)\right)^2$                (12)

Table 5 depicts the correlation coefficient results of the plain and cipher testing images, where positive correlation is acclaimed for plain fingerprints in vertical, horizontal, and diagonal distribution since results are near 1, contrary to the encryption, where obtained values must be close to 0 [35, 36], which signify the dissimilarity between the encrypted and the decrypted images. The proposed method reveals results approximately equal to 0 for the cipher fingerprint images, which proves the crypto-system efficiency.

To affirm the results demonstrated in Table 5, The fingerprint image encryption and decryption results are shown in Figure 5. Furthermore, where cipher images appear random and unpredictable, no changes can be noticed by the human visual system between the original and the deciphered fingerprint images. The correlation results of the encryption and decryption images are illustrated in Figure 6, where it is remarkable that the crypto-system made adjacent pixels irrelevant, which is a sign of robustness against statistical attacks.

Table 5. Correlation coefficients results

Table 6. Correlation coefficients comparison

Referring to Table 6 that displays the results of a comparison between the suggested approach and the method in the study [19], it is evident that the utilized crypto-system delivers considerable unpredictability levels where subordinate correlation values were achieved in horizontal, vertical, and diagonal directions. Thus, the decryption procedure needs the appropriate encryption key to provide accurate results.

4.3 Key sensitivity

Keyspace represents an essential criterion for a shielded crypto-system since it becomes less predictable and more resilient to brute-force attacks which implies high-security [37], a key length of a 128-bits is utilized in the proposed scheme, where $2^{128}$ iteration must be executed in order to obtain the exact key. In the aim of analyzing the key sensitivity, a plain image is encrypted by employing two different keys with slight variations, then a decryption process is also done by utilizing the accurate and alternate keys. Figure 7 displays the obtained results, where it is obvious that the key is eminently sensitive to any transition, and where disturbed results will be delivered if any extra manipulation is involved.

4.4 Differential attacks analysis

The differential attacks consist of measuring the impact of changing a single bit of the original image on the encryption resultant [38]. The number of pixels change rate (NPCR) and unified average change intensity (UACI) are metrics used to calculate the encryption method robustness of an image. NPCR and UACI compute the average difference among encrypted images. Mathematically, the metrics are defined as:

$\mathrm{NPCR}=\frac{\Sigma_{i j} D(i, j)}{N \times M} \times 100 \%$                            (13)

D(i, j) return to 1

when $P_1(i, j)=P_2(i, j)$, and 0 i $P_1(i, j) \neq P_2(i, j)$.

$\mathrm{UACI}=\frac{1}{M \times N} \sum_{i j} \frac{\left|P_1(i, j)-P_2(i, j)\right|}{255} \times 100 \%$                       (14)

where, P1, P2 are the encrypted images, M, N and i, j represents the dimensions and the position of gray scale value (0 - 255) respectively.

Furthermore, Table 7 depicts the NPCR and the UACI results, where the average result of the NPCR is 0.9963 and the UACI average is 0.404, which are approximate 0.9961 and 0.3346 the theoretical values of the NPCR and UACI metrics correspondingly [39].

Table 7. NPCR and UACI results

To confirm the proposed method’s effectiveness, Tables 8 and 9 show NPCR and UACI comparison results of different techniques, including the suggested, where the presented scheme presented acceptable and favourable values.

Table 8. NPCR (%) comparison

Table 9. UACI (%) comparison

4.5 Information entropy

Intending to study the texture of images, entropy answers the purpose by statically computing the pixels’ randomness in an encrypted image [40]. In short, high entropy is noticed in regions with uniform intensities and vice versa. It is mathematically given by:

$E=-\sum_{i=0-255} p(i) \log _2(p(i))$                   (15)

where, p stands for the associated probability

Table 10 reveals the entropy results of the original and the encrypted watermarked images, where maximum entropy results were captured for the cipher images, which translates the results traced in Figure 8. Histograms show the uniform distribution of encrypted images. This uniform distribution can be interpreted by confirming the force of the crypto-system, where the plain image color distribution manifests anarchic and scrambled after the encryption process. Moreover, if the entropy value is close to 8 for an 8-bit image, it augurs optimum randomness.

Table 10. Entropy results of plain and cipher test images

Table 11. Entropy results comparison

The average entropy of cipher images mentioned in Table 10 is 7.9863, which means efficient encryption has been provided by the exploited crypto-system. Table 11 represents the entropy results of the presented technique and the technique in the study [21], where satisfying entropy results were obtained compared to the other method.