dynamic signature verification with template protection using ... - ATVS

DYNAMIC SIGNATURE VERIFICATION WITH TEMPLATE PROTECTIONUSING HELPER DATAManuel R. Freire, Julian Fierrez and Javier Ortega-GarciaBiometric Recognition Group - ATVS,Escuela Politecnica Superior, Universidad Autonoma de MadridC/ Francisco Tomas y Valiente 11, E-28049 Madrid, Spain{m.freire, julian.errez, javier.ortega}@uam.esABSTRACTA biometric template protection system for dynamic signatureverication is presented. The approach uses auxiliary (helper)data that allows the matching with secure templates but do notprovide information to a potential attacker. The performanceof the proposed system is evaluated using the MCYT signaturedatabase comprising 330 users, with 25 genuine signaturesand 25 skilled forgeries per user. The results show similarperformance compared to the baseline unprotected system.However, the security of the proposed system against attacksto the template database is signicantly higher.Index Terms— Template protection, signature verication,helper data.1. INTRODUCTIONWith the growth in scale of biometric systems deployed inthe last years, privacy issues related to the protection of thebiometric data have emerged as a crucial challenge for thewidespread use of biometric solutions. The protection of biometricpatterns requires actions that should enhance data resilienceagainst attacks while allowing the matching to be performedefciently.In biometric systems, a template with the features extractedfrom the registration of the user (enrollment) is usually storedin a database. Unprotected templates can reveal partial orcomplete information regarding the registered biometric, thereforebecoming a threat to users’ privacy and the security of thesystem [1].In this context, a number of research works have proposedbiometric template protection systems. The fuzzy vaultscheme [2] allows the matching of two sufciently similarpatterns in a transformed domain. In this construction, a secret(typically, a random binary key) is encoded using an unorderedset of points A, resulting in an indivisible vault V .This work has been supported by Spanish Ministry of Education andScience (TEC2006-13141-C03-03) and BioSecure NoE (IST-2002-507634).M. R. F. is supported by a FPI Fellowship from Comunidad de Madrid. J. F.is supported by a Marie Curie Fellowship from European Commission.The original secret can only be reconstructed if another set Bis presented and overlaps substantially with A. The fuzzynessof this construction ts well with the intra-variability of biometrics.Its template protection capacity comes from the factthat the only value that is stored in the enrollment database isa one-way-transformed version of the biometric pattern.When working with protected templates, the matching typicallytakes place in the transformed domain. However, thematching of transformed patterns is much more difcult thanin the non-protected feature space. To overcome this problem,the use of helper data has been proposed [3, 4], where someauxiliary data is stored along with the protected template inorder to make the matching of protected templates easier. Thehelper data should not reveal useful information to a potentialattacker. Practical helper data systems have been proposed forseveral biometric traits, such as 3D face [5].In the current contribution we propose a template protectionsystem based on helper data for dynamic signature verication.Within biometrics, handwritten signature has interestingapplications in authentication and identity management,due to its widespread social and legal acceptance [6, 7]. Weuse dynamic (or on-line) signature verication, which is characterizedby the availability of information of the signaturerealization, such as the position trajectory and the pressuresignal over time.This paper is structured as follows. In Sect. 2 we explainthe framework for template protection using helper data.In Sect. 3, the application to dynamic signature templates isshowed. The experimental framework and results are presentedin Sect. 4. Finally, our conclusions are drawn in Sect. 5.2. TEMPLATE PROTECTION BASED ON HELPERDATAThe proposed template protection system is based on the helperdata system (HDS) proposed in [3, 5]. The HDS allows thematching of an enrolled pattern X with a test pattern Y, withthe help of some auxiliary data (helper data). The helper datais extracted from the enrolled pattern and should not reveal in-1-4244-1484-9/08/$25.00 ©2008 IEEE 1713ICASSP 2008

Fig. 1. Architecture of the helper data system, adapted from [5].formation to a potential attacker. When the pattern Y emergesfrom the same source than X (e.g., a genuine biometric vericationclaim), Y can be seen as a noisy version of X. TheHDS allows the correction of a given number of errors in thetest pattern, by using a binary BCH error correcting code [8].In Fig. 1 we show the architecture of the helper data system,which is divided into three phases: training, enrollment,and verication.2.1. TrainingIn the training stage, a global model is built with statistics oftraining data from real users. Given a set of training realvaluedfeature vectors T = {t i }, i = 1,...,N T ,ofdimensionM, the mean feature vector t is computed as t =(1/N T ) ∑ N Ti=1 t i.2.2. EnrollmentThe enrollment stage consists of a series of steps that producea protected template with its associated helper data. First, theN E enrollment feature vectors in the set X = {x i } are averagedextracting the mean feature vector x. Then each componentof x is binarized using each corresponding componentof t as the threshold, reaching the binary vector x B . Then, aselection of the most reliable features for the given enrollmentis performed (details in Sect. 3.2), producing a reliable binaryfeature vector x R ,ofdimensionL ≤ M. The index of theselected features are stored as the helper feature h 1 .On the other hand, a random binary string s is generatedand encoded using an Error Correcting Code (ECC) such asthe binary BCH code [8]. The encoded string c is XOR-edwith x R , producing the helper feature h 2 .Finally, the random string s is hashed using a cryptographichashing function, such as SHA-256, and the resultis stored as the helper feature h 3 = h(s).2.3. VericationIn the verication stage, N V feature vectors from the vericationset Y = {y i } are averaged into a mean feature vectory (note that the usual case in biometric verication willbe N V =1). A binarized feature vector is produced as inthe enrollment stage, and then it is reduced using the selectionstored in h 1 , producing y R . This reliable binary featurevector is then XOR-ed with h 2 , and the result c ′ is decodedusing the ECC. The decoded string s ′ is transformed using thecryptographic one-way transform used in the enrollment. Thecomparison between this hashed value h(s ′ ) and h 3 = h(s)determines the nal accept/reject decision of the system.3. SECURE DYNAMIC SIGNATURE TEMPLATESWe present a system for template protection in dynamic signatureverication based on the helper data system presentedin Sect. 2, using global feature vectors based on statistical informationof the signature.3.1. Feature extractionWe use an on-line signature representation based on globalfeatures [7]. In particular, a 100-dimensional global featurevector is extracted from each on-line signature [9], includingfeatures based on timing information, number of strokes, geometry,pen trajectory, pressure over time, etc.3.2. Feature selectionAt the enrollment stage, the reliability measure proposed in [5]is used in order to select the most reliable features. For each1714

40MCYT DB, 330 signers, UNPROTECTED templates40MCYT DB, 330 signers, PROTECTED templatesmahal100 skilledprotected15 skilled35bin100 skilledbin63 skilled35protected31 skilledprotected63 skilled30mahal100 randombin100 random30protected15 randomprotected31 random25bin63 random25protected63 randomEER (%)20EER (%)20151510105501 2 3 4 5 6 7 8 9 10 11 12 13 14 15Number of enrollment signatures01 2 3 4 5 6 7 8 9 10 11 12 13 14 15Number of enrollment signatures(a)(b)10 0 MCYT DB, 330 signers, protected6310 0 MCYT DB, 330 signers, 7 enrollment signatures1 sigs FRRFAR, FRR10 110 23 sigs FRR7 sigs FRR1 sigs FAR skilled3 sigs FAR skilled7 sigs FAR skilled1 sigs FAR random3 sigs FAR randomFAR, FRR10 110 231protected FRR63protected FRR31protected FAR skilled63protected FAR skilled31protected FAR random63protected FAR random7 sigs FAR random10 30 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Fractional Hamming Distance(c)10 30 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Fractional Hamming Distance(d)Fig. 2. Performance results of the template protection system for dynamic signature verication.feature, the reliability is computed as:r j = |¯t j − ¯x j|σ jfor all the M available features (100 in our case), where ¯t jis the training value of the j-th feature, and ¯x j and σ j arethe mean and the standard deviation of the j-th feature of thesignatures presented at enrollment, respectively.4. EXPERIMENTS4.1. Database and experimental protocolThe MCYT on-line signature corpus is used for the experiments[10]. This database contains 330 users with 25 genuinesignatures and 25 skilled forgeries per user, captured in fouracquisition sites. Forgers were asked to imitate after observingthe static image of the signatures to imitate, tried to copythem at least 10 times, and then they wrote the forgeries naturallywithout breaks or slowdowns.For the experiments presented here, we have followed a 3-fold cross-validation strategy. The database has been dividedinto two sets: a training set, formed by one third of the users(users 1, 4, 7, ...; 2, 5, 8, ...; and 3, 6, 9, ... for the three iterationsof the cross-validation procedure, respectively), andan evaluation set, with the remaining ones. For each userin the evaluation, the enrollment has been conducted using1 ≤ N ≤ 15 genuine signatures. False Rejection (FRR)and False Acceptance Rates (FAR) for 1-signature vericationwere obtained with the last 10 genuine signatures (FRR),the 25 skilled forgeries (FAR skilled forgeries) and one genuinesignature from the rest of the users avoiding symmetricmatches (FAR random forgeries). Equal Error Rates (EER)are also reported in some experiments [7].Although the nal accept/reject decision of the system isbased on the comparison between h(s) and h(s ′ ), we generatethe matching scores for our experiments using the fractionalHamming distance (FHD) between x R and y R ,whichhighly simplies the experiments. This can been done becauseh(s) =h(s ′ ) iff s = s ′ iff FHD(c, c ′ ) ≤ n, wheren is1715

Table 1. Verication performance of different protected congurations for 7 enrollment signatures. Note that the number of security bits isequal to the length of the random string s.Conguration EER-skilled (%) EER-random (%) Security (bits) FRR (%) FAR-skilled (%) FAR-random (%)protected-15 24.52 10.77 7 18.95 40.04 11.7311 51.68 19.68 5.22protected-31 20.16 5.89 11 10.73 34.85 4.2216 36.05 15.49 1.05protected-63 17.75 4.70 16 24.42 11.61 0.4418 33.83 7.93 0.23the number of correctable bits by the ECC, and:FHD(c, c ′ )=FHD(x R ⊕ h 2, y R ⊕ h 2)=FHD(x R , y R )In this way, we are able to estimate the performance of thecomplete signature verication system using protected templateswithout actually simulating the following modules: randomstring generation, ECC encoding/decoding, and hashing.4.2. ResultsPerformance results are presented in Fig. 2. In Fig. 2 a) werst present the EER of different unprotected congurations,one based on the Mahalanobis distance between the real-valuedfeature vectors and the other two with a binarization of thefeatures with the matching scores based in the Hamming distance,for all the available 100 features and for the best 63according to the individual ranking in [9]. We observe thatthe system based on Mahalanobis distance shows the best performancewhen considering skilled forgeries with more than5 enrollment signatures. With the other congurations, thebinarization achieves better results in terms of the EER.The use of binary BCH codes imposes a length for the encodedrandom string of 2 n − 1, which must be smaller thanthe feature vector size (100 bits). Therefore, the protectedcongurations selected for the experiments have been 15, 31and 63 bits, which are compared in Fig. 2 b). The resultsshow that protected-63 is the best operating point in terms ofthe EER, both for random and skilled forgeries. We also observethat the protected template performs similarly than theunprotected system in the bin-63 conguration. In Fig. 2 c),FRR, FAR-skilled and FAR-random curves are displayed for1, 3 and 7 enrollment signatures for the protected-63 conguration.Finally, Fig. 2 d) shows the error curves for differentcongurations with 7 enrollment signatures.Although the EER is a good measure to compare differentcongurations, the template protection scheme that we usedin this paper does not allow to operate at the EER point (i.e.,where FAR and FRR are equal). This is because of the natureof the BCH codes introduced in the system, which restrict themaximum number of correctable bits [8]. Therefore, to measurethe real performance of the template protection systemwe provide the FAR and FRR for xed threshold values. Asummary of the real performance of the best congurations ispresented in the Table 1.5. CONCLUSIONSA biometric template protection system based on helper datafor dynamic signature verication has been proposed. Theperformance has been evaluated using the MCYT signaturedatabase, comprising 16,500 signatures. The protected templatesare more robust against attacks to the template database,while the results show similar performance in terms of theEER compared to baseline unprotected congurations. Withthe proposed system, a security of 18 bits is achieved with anFRR of 33.83% and a FAR of 7.93% and 0.23% for skilledand random forgeries, respectively.6. REFERENCES[1] R. Cappelli, D. Maio, A. Lumini, and D. Maltoni, “Fingerprintimage reconstruction from standard templates,” IEEE Trans.PAMI, vol. 29, no. 9, pp. 1489–1503, 2007.[2] Ari Juels and Madhu Sudan, “A fuzzy vault scheme,” DesignCodes and Cryptography, vol. 38, no. 2, pp. 237–257, 2006.[3] P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G. J. Schrijen,A. M. Bazen, and R. N. J. Veldhuis, “Pratical biometric authenticationwith template protection,” in Proc. AVBPA. 2005,vol. 3617 of LNCS, pp. 436–446, Springer.[4] Umut Uludag and Anil K. Jain, “Securing ngerprint template:Fuzzy vault with helper data,” in Proc. CVPRW. 2006, p. 163,IEEE Computer Society.[5] E. J. C. Kelkboom, B. Gökberk, T. A. M. Kevenaar, A. H. M.Akkermans, and M. van der Veen, “3D Face: Biometric templateprotection for 3D face recognition,” in Proc. ICB. August2007, vol. 4642 of LNCS, pp. 566–573, Springer.[6] Rejean Plamondon and Sargur N. Srihari, “On-line and offlinehandwriting recognition: A comprehensive survey,” IEEETrans. PAMI, vol. 22, no. 1, pp. 63–84, 2000.[7] Julian Fierrez and Javier Ortega-Garcia, Anil K. Jain, ArunRoss and Patrick Flynn (eds.): Handbook of Biometrics, chapterOn-line signature verication, Springer, 2007.[8] Shu Lin and Daniel J. Costello, Error Control Coding,Prentice-Hall, Inc., second edition, 2004.[9] Julian Fierrez-Aguilar et al., “An on-line signature vericationsystem based on fusion of local and global information,” inProc. AVBPA. 2005, vol. 3617 of LNCS, pp. 523–532, Springer.[10] Javier Ortega-Garcia et al., “MCYT baseline corpus: A bimodalbiometric database,” IEE Proc. Vision, Image and SignalProcessing, vol. 150, no. 6, pp. 395–401, 2003.1716