Generation of cancellable locality sampled codes from facial images

Face is arguably the most common biometric trait that has been extensively utilised and thoroughly studied. Since this unimodal feature visually represents the identity of an individual, preserving the security of face ‐ based authentication models is a prime concern. This work proposes a framework for generating cancellable templates from raw facial images. Our scheme is essentially based upon the notion of locality sensitive hashing (LSH), specifically on its locality sampled code (LSC) realisation. Facial features are initially extracted using the binarized statistical image features (BSIF) descriptor. These binary features are subsequently hashed using the random bit sampling mechanism of LSC. Finally, these local hashes are permanently stored in a non ‐ invertible manner. We have empirically analysed the security requirements of unlinkability, non ‐ invertibility, and revocability in our model. We have also validated our work over the benchmark AR, ORL, Yale, and CASIA ‐ Facev5 databases under multiple scenarios. Among all the resulting cases, the best performance of our model was noted at a minimum EER of 2.69%, 4.45%, 1.2%, and 2.66% for the four data sets, respectively.


| INTRODUCTION
Biometrics has become a convenient way of authenticating the identity of an individual. Conventional identifiers such as a personal identification number (PIN), passwords or tokens use knowledge-based information. However, tokens need to be carried along and consequently cause inconvenience to the user. Furthermore, PIN and tokens can easily be stolen or damaged. As an alternative, biometric systems have steadily gained popularity due to their usability and incurred performance gains. These automated mechanisms allow the identification or verification of individuals based on unique physiological and behavioural characteristics [1]. One of the most common biometric traits which is used for identification at a distance is the face. With the increase in computational resources, facial recognition technology has become effective in both indoor and outdoor environments. Its usage has become ubiquitous across multiple domains including law enforcement, forensics, home entertainment, and large-scale surveillance systems [2].
From a security perspective, the existing biometric systems can be subjected to a wide range of attacks such as hillclimbing [3], privacy invasion [4], and spoofing [5]. The stored biometric templates could get stolen by an adversary and subsequently utilised to gain access to other applications. Biometric template protection (BTP) schemes are designed to provide robust security guarantees against various biometric threat models. The ISO/IEC Standard 24745 on biometric information protection defines two major components for any BTP scheme: pseudonymous identifier and auxiliary data [6]. Based upon the generation technique of these two pieces of information, BTP schemes are broadly categorised as either cancellable biometrics [7] or biometric cryptosystems [8]. Our work is related to the later notion in which the biometric features are encoded using one-way transformation functions. However, it should also be ensured that these functions should be distance preserving in the transformed domain. This requirement is particularly imperative to mitigate the performance loss of the model. The matching process in any cancellable biometric scheme is usually performed in the transformed domain, rather than in the feature domain.
In this work, we have proposed a framework for generating cancellable biometric templates from face features. The transformed templates maintain the privacy of the user biometric data by guaranteeing non-invertiblity, revocability, and unlinkability [7]. Non-invertibility states that the original biometric features cannot be extracted from the stored template. From the adversarial perspective, the recovered data can be either complete or partial. Revocability ensures that a new transformed template can be created from the base features if they get stolen. Finally, unlinkability states that different templates that are generated from the same base features are indistinguishable from each other. This guarantee is required for eliminating any possibilities of cross-matching or linking attacks involving biometric databases. Most importantly, the template itself would not degrade the performance of the system. Alternatively stating, the recognition accuracy on the cancellable features must be close to that of the base features.
The central idea of this study is based on the principle of locality sensitive hashing (LSH), which maps similar inputs to identical positions. Unlike cryptographic hash functions (hi), LSH tries to increase the probability of collision for similar inputs. This study is essentially an extension of ref. [9], wherein cancellable features for iris were generated. In their work, the authors utilised a random bit sampling-based technique for creating a cancellable locality sampled code (LSC) from binary IrisCodes. The LSC hashing technique benefits from strong theoretical guarantees of performance preservation in the transformed domain. However, this mechanism cannot be directly extended to facial templates because the features extracted from the face are not generally represented in a binary format. This problem is addressed in our work using the binarized statistical image features (BSIF) descriptor [10]. In BSIF, a binary feature vector is constructed by linearly projecting patches onto a subspace, followed by a basis computation. The value is then binarized using a thresholding-based technique. Essentially, our work serves a dual purpose. It investigates the feasibility of creating LSC from the face, along with providing a holistic framework for generating cancellable templates from facial images. As an additional contribution, we have analysed reduction in the size of the LSC templates with regard to the original BSIF features.
The remaining sections are organised as follows. Section 2 presents some past studies related to our work. The notion of LSH is discussed in Section 3. We extensively present our proposed methodology in Section 4. Section 5 is our empirical part, wherein we present various relevant results. The security guarantees of our framework are discussed in Section 6. Finally, Section 7 concludes our study.

| RELATED WORK
In this section, we discuss some studies which deal only with generating cancellable templates from the human face. For similar works involving other biometric traits, the readers are referred to refs. [7,11]. Savvides et al. [12] generated cancellable facial templates using user-specific random convolution kernels. The kernels were generated using a seed value, with which the images were subsequently convolved. The minimum average correlation energy (MACE) filter was generated and stored using the convolved images. However, it is proved that the performance of such systems deteriorates if the same matrix is applied to different enrolled users [13,14].
The idea of utilising modified bloom filters for generating cancellable biometric templates was initially proposed by Rathgeb et al. [15]. Later on, Gomez-Barrero et al. [16] extended this work for face templates. It has been shown that this mechanism can be used for generating an irreversible template without the degradation of the performance. Although the original work claimed to provide unlinkability and non-invertibility, Hermans et al. [17] proved that this method was susceptible to cross-matching-based attacks. Later on, Bringer et al. [18] also discussed the security limitations of bloom filters and demonstrated how to circumvent them.
Jeong et al. [19] extracted face features using ICA and PCA, and subsequently randomly scrambled them to produce the face templates. Wang et al. [20] proposed a partial face feature extraction process for generating cancellable biometric templates using two-dimensional projections. In their work, the authors extracted the vertical and horizontal face feature separately. The partial features were averaged over a Z number of transformations for incorporating the security objectives. In another work, Kim and Toh [21] used sparse random projections for generating cancellable templates from face images. Random matrices with values in {0, 1, À 1} were utilised for this particular process.
The use of non-invertible transformations is a common approach for constructing cancellable features. Sutcu et al. [22] initially proposed a non-invertible transformation method for face images. The authors utilised a one-to-many transformation scheme over the biometric features for preserving their privacy. Cho and Teoh [23] used random permutation maxout (RPM) transformations to design face templates. The RPM transforms real-valued face features into a discrete index for providing security to the templates. In another work, Saito et al. [24] utilised the combination of random permutation and unitary matrices for generating cancellable face templates. Most recently, Kaur and Khanna [25] proposed a random distance-based model that generates privacy-preserving and revocable biometric identities along with 50% reduction in size.

| LOCALITY SENSITIVE HASHING
The LSH procedure maps similar input features into the same location with very high probability. Since LSH is essentially a hashing technique, the size of the input features is much larger than the number of locations. The LSH family is theoretically described as: Definition 1 (LSH [26]). LSH is a hashing technique that tries to increase the probability of collision for similar inputs. Since it is a hash-based mapping, the size of the output range is much smaller than the input domain. Formally stating, an LSH is a probability distribution on a family of H of hash functions h such that P h∈H ½hðXÞ ¼ hðY Þ� ¼ dðX; Y Þ where d is a distance function defined on the collection of object X and Y.
The core of the LSH scheme comprises of several local h i . The utilisation of these functions enables in an accurate estimation of the pairwise distance of the input items in the hashed domain. In this way, the LSH ascertains that the collision probability between the hashes of two similar items remains comparatively higher, and vice-versa. Theoretically stating, where P 1 > P 2 .
In Equation (1), P 1 and P 2 are two probabilistic collision bounds of h i , X; Y ∈ R d , H ¼ fh : R d → Ug, d(.,.) is the distance function and U is the hashed space. Furthermore, R is the distance threshold and c is an approximation factor which is always greater than 1. This notion of LSH was recently used by Sadhya and Raman [9] for developing cancellable templates from iris features. In their work, the authors randomly sampled bits from the iris feature for generating the local hashes. One of the major features of this scheme is the collision probabilities for intra-class and inter-class sample points. These probabilistic bounds are represented as [9]: where The two bounds in Equation (2) implicitly determine the recognition accuracy of the biometric recognition model. A higher difference between P 1 and P 2 indicates that the intra-class samples map to the same locations, whereas the inter-class data map to different places. The overall performance of the biometric recognition system consequently increases. It is noticeable that P 1 > P 2 since c > 1.

| PROPOSED METHODOLOGY
The proposed cancellable template generation and authentication process has three phases: feature extraction, LSC generation and matching. A schematic illustration of generating LSC templates from an input face image is shown in Figure 1.

| Feature extraction
The features from a face image are extracted using the binarized statistical image features (BSIF) [10], which result in a binary string. Each bit of the binary string is generated by thresholding the response of the linear filter at zero. The filter is learned by maximising the statistical independence of the filter response on training image patches. Given an image X(u, v) and a linear filter W i (u, v) of the same size, the filter response s i is obtained by: where u, v denotes the size of the filter and i denotes the ith filter. The binary matrix b i is subsequently obtained by thresholding the filter response s i at 0.
The size of the binary string at each pixel b i (u, v) depends upon the number of filters used. The binary filter responses of n filters are stacked together as each pixel is represented by n bits. The input image is initially divided into 11 � 11 non-overlapping rectangular regions. The descriptors are then computed locally from each region and concatenated together to form the global descriptor. Since we used a single filter in this work, we converted F I G U R E 1 Block diagram of the developed framework for generating cancellable facial templates. The input face image is taken from the AR face database [27] each pixel of the image into a binary bit. The final lengths of the BSIF code for the AR, ORL, Yale, and CASIA-Facev5 data sets were 442,368, 123,648, 480,000, and 480,000, respectively.

| LSC generation
In our work, the binarized face data is divided into n nonoverlapping blocks, represented by the set B. For each block B i , k random bits are sampled l times. Thus, l is the number of hash function and k is the size of each hash function. Each hash function is independent of the remaining (l À 1) hashes since they are randomly sampled. As discussed during security analysis, a high value of k is desirable for minimising the adversarial probability in guessing all the bits of the hash function. On the other hand, increasing the value of l is beneficial only in multi-hash attack (MHA) where the adversary possesses multiple LSC instances of a single feature vector. However, increasing the number of local hashes simultaneously increments the overall computation time.
All the sampled BSIF indices as termed as marked positions (denoted by [B ]) and the remaining indices as the unmarked positions. The set [B ] is essentially a permutation set on the input feature indices. These user-specific tokens get stored in the database along with the protected templates. For each block B i , the set of hash function is represented by H(B i ) and the decimal equivalents of the sampled bits are denoted by c (i,j) where j ϵ [1, l ]. For incorporating the property of noninvertibility, these decimal values are reduced in a modular way by the factor (t � 2 k ), where t is a security parameter such that 0 < t < 1. A higher value of t decreases the number of possible multi-mappings from the input to the output domain, thereby F I G U R E 2 Illustration of the bit sampling-based LSC generation process. The system parameters are -263 F I G U R E 3 Similarity score generation between two LSC templates. The hashing parameters are l ¼ 3 and k ¼ 3

F I G U R E 4
Sample images from the AR face database exhibiting variations in expression, illumination, and occlusion increasing the security of the framework. This conversion is formally represented as: In Equation (4), c 0 (i,j) represents the non-invertible decimal equivalents, which are subsequently stored in the form of Map (h j ). This step concludes the creation of the LSCs. Figure 2 demonstrates the process of generating LSC templates from an input BSIF feature vector.
The size of the LSC template is determined by several model parameters, specifically n, k, l, and t. Since the non-invertible components solely constitute the LSC maps, the size of each component can be bounded by the number of bits required to represent it. As described through Equation (4), the mod function limits the permissible range for the non-invertible components within t � 2 k . The number of bits that characterise this quantity is always less than k as t < 1. Considering that there exists a total of n such components within an LSC map, each map size becomes n � k bits. Since an LSC template comprises of l independent LSC maps, its maximum size can be represented by n � k � l bits. If we take into account the optimum empirical values of these parameters (details are presented in Section 5.3), 27000 and 9000 bits are required for storing each LSC templates corresponding to the AR and ORL data sets, respectively. Thus, we obtain a size reduction of ≈93.89% and 92.72% with respect to the original BSIF features in these two data sets.

| Similarity score generation
The authentication decision of a biometric system is based on the similarity between a query sample and the template stored during -265 enrolment. A similarity score is generated between two sets of LSCs, which is consequently evaluated to make the final decision. The matching is done blockwise and on a one-to-one basis. The average score is calculated between every probe block B i (q) and reference block B i (e), and their LSC set Q i ¼ {q 1 , q 2 , …q l } and E i ¼ {e 1 , e 2 , …e l }, respectively. This generated score is then normalised for all the blocks over by estimating the average. Formally speaking, the score (S ) is calculated as: The score described by Equattion (5) lies in the range of [0, 1], with zero indicating no similarity and unity representing a complete match between the two LSCs. A pictorial illustration of generating a score between two sample LSC templates is depicted in Figure 3.

| EMPIRICAL RESULT AND ANALYSIS
In this section, we investigate the performance of our cancellable model with reference to its recognition accuracy. All the simulations were performed in MATLAB over a Core i7-8565U CPU @ 1.8 GHz with 64 GB of RAM.

| Database
All the results were validated on four publicly available data sets -AR Face [27], ORL (https://cam-orl.co.uk/facedatabase. F I G U R E 1 0 ROC curves while varying the number of blocks (n) over the Yale data set html) Yale Face [28], and CASIA-Facev5 (CASIA-FaceV5, http://biometrics.idealtest.org/). In the AR data set, 13 different instances of 74 male and 60 female subjects were used for evaluation. The covariates of this facial database include neutral expression, wearing scarf, smile, anger, scream, all side light on, left side light on, right side light on, wearing sun glasses, all side light on with wearing scarf, left side light on with wearing scarf and right side light on with wearing scarf. In total, the AR data set contains more than 4000 sample images of dimension 768 � 576. Some sample images from the AR data set are presented in Figure 4. The ORL data set (currently known as The Database of Faces) comprises of 10 different images of 40 subjects. For some subjects, the images were taken at different times with varying illumination and facial expressions. All the images were taken against a dark homogeneous background with the subjects in an upright, frontal position. The dimension of each image is 92 � 112, with 256 grey levels per pixel. Some samples are presented in Figure 5.
The Yale Faces data set comprises of 165 facial images of 15 subjects. There are 11 images for each subject exhibiting the following facial expressions or configurations: centre-light, w/glasses, happy, left-light, w/no glasses, normal, right-light, sad, sleepy, surprised, and wink. Although the AR, ORL, and Yale datasets are relatively old, we used them in our work since they have been thoroughly analysed and utilised in other related works. Some instances from this data set are illustrated in Figure 6.
The CASIA-Facev5 data set is a comparatively large data set which contains 2500 colour facial images of 500 subjects

| Comparison protocol and metrics
In the comparison protocol, the impostor scores were calculated by matching the first sample of every class with the first sample of the remaining classes. Alternatively, the genuine scores were calculated by matching every intra-class sample with each other (for every class). It is noticeable that this protocol is analogous to the standard FVC protocol for fingerprints (http://bias.csr.unibo.it/fvc2002/perfeval.asp).
The equal error rate (EER) and decidability index (d 0 ) are used for quantitatively evaluating the performance of the recognition system. The EER is defined as the point where the FAR and FRR are identical, whereas the d 0 value indicates the degree of separation between the genuine and imposter score distributions. For the ORL, Yale, and CASIA-Facev5 data sets, the time required to generate the LSC templates are also included (measured in seconds).

| Performance evaluation
We analysed our model on the following system parameters: size of the hash function (k), security threshold (t), and the TA B L E 7 Effects of the size of hash functions on the performance of the recognition system over the Yale data set

F I G U R E 1 5 ROC curves while varying the size of hash functions (k)
over the CASIA-Facev5 data set F I G U R E 1 6 ROC curves while varying the security threshold (t) over the AR data set 268number of blocks (n). Following previous studies, we do not vary the number of local hash functions (l) since it does not affect the overall system performance [9]. For all the cases, we fixed an average value of l ¼ 150.

| Effect of # blocks
Since the total size of the binary feature vector in the AR data set is 442,368 bits, we performed experiments on n ¼ {6,12} with block size ¼ {73,728, 36,864}. The resulting EER values are presented in Table 1, wherein it can be noted that increasing the number of blocks decreases the performance of our model. The corresponding ROC curves are illustrated in Figure 8. We did not reduce the number of blocks further from six since the security of the framework would have considerably decreased in those cases (later analysed in Section 6.1). For average values of t ¼ 0.5, l ¼ 150 and k ¼ 30, we get the best ERR ¼ 2.69% corresponding to n ¼ 6. We would consequently fix this value in further experiments. For the ORL data set, we performed simulations with n ¼ {3, 6, 12, 16} and resulting block size ¼ {41,216, 20,608, 10,304, 7728}. The results of these scenarios are presented in Table 2, in which we get the lowest EER ¼ 4.62% corresponding to n ¼ 12. The accompanying ROC curves are presented in Figure 9. Since a total of k � l indices are sampled from every distinct block, the overall operational time for generating the LSC templates increases with the number of blocks. It is also noticeable that the effects of any model parameter on the performance of the biometric model are TA B L E 12 Effects of the security threshold on the performance of the recognition system over the CASIA-FaceV5 data set governed by the collision probabilities for the intra-class and inter-class data samples. A higher difference between P 1 and P 2 results in a better recognition performance and vice-versa. All the results for the Yale dataset are presented in Table 3 and Figure 10. Among all the settings, the best recognition accuracy of EER ¼ 1.2% was observed for n ¼ 12. In comparison to the AR and ORL data sets, an increase in the model performance was noted since the image samples in the Yale dataset have low intra-class variance. The overall operational time required for generating the LSC features under this setting was 0.03159 s.
Simulations over the CASIA-Facev5 data set were performed for n ¼ {16, 20, 24, 30, 32}. All the resulting observations are reported in Table 4 and Figure 11. For this data set, the minimum EER ¼ 2.83% was noted corresponding to n ¼ 30. This value of n is comparatively higher than that for other data sets. Thus, we can conclude that the gap between the inter-class and intra-class hashing collision probabilities are maximised for this data set when n ¼ 30.

| Effect of hash size
We performed the experiment while varying the hash size k ¼ {15, 20, 30} on the AR data set. We made a conscious effort not to decrease the value of k less than 15 since decrementing k increases the adversarial success probability in inverting the protected LSC templates [9]. The resulting EER and d 0 values are presented in Table 5, and the ROCs are shown in Figure 12. It can be distinctly observed that increasing the size of hi results in a better model performance, which can be again attributed to the collision probabilities stated in Equation (2). A higher value of k increases the interval between the intra-class and inter-class collision probabilities, thereby resulting in a better model performance. However, a large value of k simultaneously increases the computation cost for generating the LSC templates since more indices get sampled for every hash function. We did not perform simulations for k > 30 due to a long operational time. The minimum EER was noted to be 2.69% for k ¼ 30.
For the ORL data set, we varied the size of the hash function as k ¼ {3, 5, 7}. All the relevant results are presented in Table 6 and the associated ROC curves are illustrated in Figure 13. The effect on the performance metrics was noted to be opposite in trend when compared to the AR data set. Specifically, the lowest EER ¼ 4.62% corresponded to a small value of k ¼ 5. This discrepancy can be attributed mainly to the distribution of consistent bits (viz., the specific bits which do not change across intra-class samples) in the ORL data set. The EER significantly degrades for higher values of k due to the sparse distribution of the consistent bits in the BSIF features of this particular data set. Although it affects the security of the model, the time required to construct the local hashes was considerably faster since a lesser number of bits were sampled from each feature block.
The same values of k ¼ {3, 5, 7} were also considered for the Yale data set. As noticeable in Table 7 and Figure 14, the optimum size of the hash function was observed to be k ¼ 5. Under this configuration, the EER and operational time were noted to be 1.36% and 0.03159 s, respectively. Interestingly, these are the same set of values that we had already obtained while varying the number of blocks. The fast degradation of the recognition accuracy for higher values of k can be again attributed to the sparse distribution of intra-class consistent bits in this data set.
For the CASIA-Facev5 data set, we varied the values of k ¼ {3, 5, 7, 10}. As observed from Table 8 and Figure 15, the minimum EER ¼ 2.83% corresponded to k ¼ 5 with an operational time of 0.00053 s. Hence, the recognition accuracy over this dataset is maximised when five indices are sampled from each BSIF block.

| Effect of security threshold
In the final experiment, we analysed the effect of the security threshold parameter (t) on the recognition accuracy of the model. To reiterate, the value of t lies in [0, 1] so that the mapping between the invertible and non-invertible block components becomes a surjection. For the AR data set, we varied t ¼ {0.25, 0.50, 0.75}, for which the results are depicted in Table 9, and the ROC curves are presented in Figure 16. Since no significant deviations can be observed in the resulting EERs, no direct effects of the threshold value on the model performance could be established. It is noticeable that this trend is consistent with previous studies [9]. The minimum EER was noted to be 2.69% for t ¼ 0.5.
The results associated with the ORL data set are presented in Table 10 along with the ROC curves in Figure 17. Among all the scenarios, the lowest EER ¼ 4.45% was observed corresponding to t ¼ 0.25. To summarise, the best model parameters were noted to be n ¼ 12, k ¼ 5, and t ¼ 0.25, for which the interval between P 1 and P 2 in Equation (2) was maximised.
All the results for the Yale data set are shown in Table 11 and Figure 18. Among the different values of t, the minimum EER ¼ 1.2% was noted for t ¼ 0.5. Since this is the same result which we had already obtained in our previous simulations, it can be concluded that the optimum parameter values for this particular data set are n ¼ 12, k ¼ 5, and t ¼ 0.5. The average value of l ¼ 150 has been fixed for all the scenarios.

-
Our final simulation in this section was performed by altering the values of t ¼ {0.15, 0.25, 0.5, 0.75} over the CASIA-Facev5 dataset. As presented in Table 12 and Figure 19, the best recognition rate was obtained for t ¼ 0.25. The EER and the operational time under this configuration was noted to be 2.66% and 0.00063, respectively. The optimum parameter values corresponding to all the four data sets are collectively presented in Table 13.

| Comparative analysis
We have compared our obtained results with other facial recognition studies that reported their results on our utilised data sets (some of these works have an exclusive focus on generating cancellable templates). As noticeable in Table 14, the proposed scheme results in a significantly lower EER for the majority of the data sets. Our technique produced good recognition performance due to the strong intra-class collision properties of LSC [9]. Even for the challenging CASIA-Facev5 data set, our EER is comparable to the state-of-the-art work of Kaur and Khanna [25]. Although BSIF is a relatively constrained texture descriptor, these results demonstrate that our framework can simultaneously provide a satisfactory performance with strong security characteristics.

| SECURITY ANALYSIS
In this section, we exclusively investigate the security parameters of our LSC model, specifically non-invertibility, revocability, and unlinkability.

| Non-invertibility
Non-invertibility requires that it should be computationally infeasible to revert the LSC templates into their corresponding BSIF codes. The major parameters which affect the security of the framework are n, l, k, t, and x. The security of the LSC-based technique has been analysed on the basis of three attack scenarios: single hash attack (SHA), multiple hash attack (MHA) and attack via record multiplicity (ARM). SHA refers to the scenario when an adversary generates the original feature code from a single LSC feature. In MHA, we assume that the adversary exploits information from all available LSC templates consisting of l hi. Finally, the ARM refers to that scenario in which an adversary utilises several LSC templates for reconstructing a base feature. Under the independence assumption of the bits in the feature code, the adversarial success bounds in performing such attacks are summarised in Table 15. To estimate a practical attack scenario, the parameters for the best EER in the AR data set are considered, that is ðn; l; k; t; x; rÞ ¼ ð6; 150; 30; 0:5; 69228; 2 f Þ. The adversarial success of SHA under the stolen-token scenario is computed as: Since P ≈ 0, the chances of inverting the LSC templates can be considered computationally infeasible. Consequently, we can claim that the non-invertibility property is fulfilled in our model. It is noticeable that this estimate is only a Scenario Genuine token Stolen token -271 theoretical bound of non-invertibility when considered for the whole template. Extracting partial information from the stored templates would significantly increase the adversarial success rates. For instance, an adversary can accurately recover all the bits in a single block with probability: In general, the adversarial success chance increases by a factor of n while reconstructing a single block. This constraint is enforced in the LSC scheme since the blocks are formed in a non-overlapping manner. The non-invertibility guarantee can be more granularly examined if we analyse the unmarked position bits. The value of x is implicitly dependent on the hash function parameters (viz. l and k). For instance, marking more indices per block decreases the number of unmarked position bits. The term 1 2 x in Equation (6) would consequently increase, thereby indicating more success for the adversary. Another important factor which dictates the non-invertibility bounds is the size of the feature code. Specifically speaking, a large input feature would naturally result in increased block sizes. The adversary would subsequently require to invert more bits from the LSC templates for either full or partial data recovery. One of the primary reasons that we obtained the bound of Equation (6) is due to the BSIF code being considerably long. As such, it is recommended to utilise long binary feature vectors as the input for the LSC-based mechanism.

| Revocability
Revocability states that distinct LSC templates should be created from the same BSIF feature vector. To demonstrate this property, the distributions of the genuine, imposter, and pseudo-imposter scores are considered. For estimating the pseudo-imposter scores, 100 different keys were used for creating 100 separate LSCs. This process was repeated for all the samples present in the databases. For each sample, the first LSC was matched with the remaining 99 LSCs, thereby generating the pseudo-impostor scores. As observed in Figure 20, the distributions of genuine and imposter scores are separated, whereas the same for pseudo-imposter and imposter scores overlap. The distances between the various distributions are quantitatively presented in Table 16 through their d 0 values. This pattern subsequently signifies that different random keys which can be utilised without having any distinguishing properties. Alternatively stating, the matching scores would exhibit no differences between the LSC templates generated from either different or the same individuals. Hence, the requirement of revocability is satisfied in our model.

| Unlinkability
Unlinkability dictates that different LSC templates generated from the same base feature should be indistinguishable. One way to verify this requirement is to analyse the mated (H m ) and non-mated (H nm ) score distributions. The H m scores are computed by comparing the intra-class LSC templates generated using the same key, whereas the H nm scores correspond to LSC templates arising from different face images using different keys. Ideally, the mated and non-mated score distributions should be identical. Unlinkability can also be quantitatively estimated by the corresponding Local measure D ↔ (s), and Global measure D sys ↔ [32]. Both these metrics have values in [0, 1], with zero denoting complete unlinkability and unity indicating no unlinkability. Figure 21 portrays that the H m and H nm scores significantly overlap with each other, which is the definite sign of unlinkability. The D ↔ (s) values are also displayed in the same figure. The corresponding global measure was estimated to be D sys ↔ ¼ f0:0051; 0:0017; 0:0077; 0:0081g for the AR, ORL, Yale, and CASIA-Facev5 data sets, respectively. Since these values approximate zero, we can validate the claim of unlinkability.

| CONCLUSION
Preserving the security of face-based biometric identification systems is a critical task. In this work, we have proposed a framework for generating cancellable and secure templates from face images. Our model is composed of two central techniques, namely BSIF and LSC. The BSIF descriptor is used to extract binary feature vectors from the input image. Subsequently, cancellable LSCs are created from them by utilising the random sampling mechanism. Since LSC is a particular realisation of the LSH principle, the corresponding transformation function does not degrade the original utility of the model. Extensive empirical analysis on four benchmark facial databases vindicates our claim of providing satisfactory recognition rates in comparison to F I G U R E 2 1 Unlinkability analysis of the LSC templates over different data sets SADHYA ET AL.
-273 other state-of-the-art works. Furthermore, important security requirements such as non-invertibility, revocability, and unlikability are also rigorously examined and empirically established. Examining the adaptability of this framework for multimodal biometric characteristics would be undertaken as the future extension of this work.