528 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 40, NO. 3, MAY 2010Fig. 2. Baseline approach. Example of a template sequence trans<strong>for</strong>mation, where W =3.extracted from a given biometrics, by applying the trans<strong>for</strong>mationsdefined in Sections III-A and B. The resulting trans<strong>for</strong>medsequences can then be further processed, if the matcher isbased on a sequence-based modeling approach (e.g., HMM),or directly stored as templates, if the matcher works directly<strong>with</strong> sequence-based descriptions (e.g., DTW). Specifically, itis assumed that the proposed trans<strong>for</strong>mations can be appliedto an original set of sequences R F , consisting of F sequencesr (i) [n],i=1,...,F. The trans<strong>for</strong>med template is indicatedas T F and consists of F sequences f (i) [n],i=1,...,F.InSection III-A, the baseline sequence-based template trans<strong>for</strong>m,specifically designed in such a way that it is not possibleto retrieve the original data from the trans<strong>for</strong>med ones, isproposed. Moreover, in Section III-B, some alternatives <strong>for</strong>the protection of sequence-based templates, derived from thebaseline approach in Section III-A, will be detailed.A. Noninvertible Trans<strong>for</strong>m: Baseline ApproachLet us consider the set of trans<strong>for</strong>mations that are necessaryto generate the trans<strong>for</strong>med template, represented by the set ofsequences T F , by using the original template, given by the setof original sequences R F . These trans<strong>for</strong>mations are designedin order to satisfy the following properties.1) Each trans<strong>for</strong>med sequence, belonging to the set T F ,mustbe generated by using at least two sequences, which canbe either an original sequence or a segment extractedfrom an original sequence.2) Each sequence employed in one trans<strong>for</strong>mation cannotoccur in any other one of the set of trans<strong>for</strong>mationsemployed to generate the trans<strong>for</strong>med template R F .In the baseline implementation, each trans<strong>for</strong>med sequencef (i) [n],i=1,...,F, is obtained from the corresponding originalsequence r (i) [n],i=1,...,F, which represents a genericdiscrete sequence of length N belonging to the original template,as follows.A number (W − 1) of different integer values d j between 1and 99 are randomly selected, ordered in ascending order suchthat d j >d j−1 ,j =1,...,W, and arranged in a vectord =[d 0 ,...,d W ] T , (1)where d 0 and d W are set to 0 and 100, respectively. The vectord represents the key of the employed trans<strong>for</strong>mation. Then, theoriginal sequence r (i) [n] is divided into W segments r (i)j,Nj [n]of length N j = b j − b j−1wherer (i)j,Nj [n] =r (i) [n + b j−1 ], n =1,...,N j ;j =1,...,W, (2)b j =⌈dj100 · N ⌉, j =1,...,W. (3)Basically, the sequence r (i) [n] is split into W nonoverlappingparts according to the randomly generated vector d, asshownin Fig. 2 <strong>for</strong> the case <strong>with</strong> W =3. A trans<strong>for</strong>med sequencef (i) [n],n=1,...,K, is then obtained through the linear convolutionof the sequences r (i)j,Nj [n],j =1,...,W, i.e.,f (i) [n] =r (i)1,N1 [n] ∗···∗r (i)W,NW [n]. (4)Each trans<strong>for</strong>med sequence f (i) [n] is there<strong>for</strong>e obtainedthrough the linear convolution of parts of the correspondingoriginal sequences r (i) [n],i=1,...,F. Moreover, each originalsequence r (i) [n],i=1,...,F, undergoes the same decompositionbe<strong>for</strong>e applying the convolutions. The length of thetrans<strong>for</strong>med sequences obtained by means of convolution asthat in (4) is equal to K = N − W +1, which is there<strong>for</strong>ealmost the same of the original sequences. A final signalnormalization, to obtain zero-mean and unit-standard-deviationtrans<strong>for</strong>med sequences, is then applied. Different realizationscan be obtained from the same original sequences, simply varyingthe size or the values of the parameter key d. The completeset of trans<strong>for</strong>med sequences f (i) [n],i=1,...,F, is indicatedas T F . The security analysis of the proposed sequence-basedprotection scheme is conducted in Section IV.B. Noninvertible Trans<strong>for</strong>m: Extended ApproachesIn the previous section, we illustrated how to generate atrans<strong>for</strong>med sequence from an original one. However, as it willbe shown in Section IX, when considering the application to theprotection of on-line signature templates, the baseline methodpossesses a low renewability capability. In order to properlyaddress this issue, two additional noninvertible sequence-basedapproaches, stemming from the approach in Section III-A, areproposed in the following.Authorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.
MAIORANA et al.: CANCELABLE TEMPLATES FOR SEQUENCE-BASED BIOMETRICS 5291) Mixing Approach: This approach is defined by considering,in addition to the decomposition key d, a trans<strong>for</strong>mationkey C, defined as a matrix of F rows and W columns. Eachcolumn of C is obtained as a scrambled version of the vector[1,...,F] T . An example of a possible matrix C,<strong>for</strong>F =7andW =4, can be⎡⎤1 4 3 72 7 2 53 1 6 1C =4 2 7 3. (5)⎢ 5 6 1 4⎥⎣⎦6 5 5 27 3 4 6Each row of the matrix C, i.e., C[i, j] <strong>with</strong> j =1, 2,...,W,is employed to define the combinations that originate the trans<strong>for</strong>medsequences f (i) [n] as follows:f (i) [n] =r (C[i,1])1,N1 [n] ∗···∗r (C[i,W ])W,NW [n] (6)<strong>with</strong> i =1,...,F, and where r (i)j,Nj [n] is defined as that in(2). Basically, each trans<strong>for</strong>med sequence f (i) [n] is generatednot only from the corresponding original sequence r (i) [n], butthe convolutions are per<strong>for</strong>med among segments extracted fromdifferent original sequences, thus also defining a feature-levelfusion [30] among various sequences.2) Shifting Approach: Another variation to the approach inSection III-A is obtained by applying an initial shift to theoriginal sequences r (i) [n],i=1,...,F. Specifically, a randominteger value φ is selected in the range [0, 100] and convertedto the shift s as⌈ ⌉ φs =100 · N , (7)<strong>with</strong> N being the length of the original sequence, in sampleunits. Then, each sequence r (i) [n] undergoes the same circularshift ruled by the parameter s, thus obtaining the sequencesz (i) [n] =r (i) [n − s],n=1,...,N.The same trans<strong>for</strong>mation process described inSection III-A, based on convolutions between segmentsextracted from the considered sequences, is then applied to thesequences z (i) [n]. This modification can also be combined <strong>with</strong>the extended method presented in Section III-B1, by applyingthe circular shift be<strong>for</strong>e per<strong>for</strong>ming the trans<strong>for</strong>mations.Obviously, it is also possible to apply different initial shiftsto the F sequences be<strong>for</strong>e per<strong>for</strong>ming the decompositions,in order to further increase the trans<strong>for</strong>mation key space.However, in this paper, we only consider the case where thesame shift is applied to all the available original sequences.IV. TRANSFORM INVERTIBILITY ANALYSISThe analysis of the invertibility, i.e., the possibility of recoveringthe original sequences from the ones obtained employingthe proposed trans<strong>for</strong>mation schemes, is investigated in thissection. Specifically, this analysis, being related only to thetrans<strong>for</strong>mations designed in Section III, does not depend on aspecific biometric modality. Furthermore, being the methods inSection III-B derived as extensions of the principal approachdescribed in Section III-A, only the latter one is here analyzed,due to the fact that the security of the extended methodsdepends on the one provided by the baseline approach.Having defined the sequence trans<strong>for</strong>mation as that in (4),if an attacker gains access to the stored in<strong>for</strong>mation, he hasto solve a blind deconvolution problem [39]–[41] to retrieveany in<strong>for</strong>mation regarding the original sequences. In otherwords, the security of the proposed sequence-based templateprotection methods relies on the difficulty in solving a blinddeconvolution problem, having no aprioriknowledge about theoriginal sequences.The proposed trans<strong>for</strong>mation is also robust to the record multiplicityattack, where it is assumed that different trans<strong>for</strong>medtemplates based on the same original data are available to the attacker.It is worth pointing out that this is a worst case conditionbecause, in real-life applications, the realizations of the originalbiometrics used in different applications vary depending onthe intra-user biometric variability. Under this assumption, wethen consider that an attacker has acquired, from two differentsystems, two different trans<strong>for</strong>med sets of sequences T (1)Fand T (2)F , generated from the same original template R F byapplying different trans<strong>for</strong>mation parameters. Considering thesimplest case <strong>with</strong> W =2, the attacker then possesses twotrans<strong>for</strong>med instances, namely, f (1) [n] and f (2) [n],ofthesameoriginal sequences r[n], obtained using the two trans<strong>for</strong>mationparameters d (1)1 and d (2)1 . Given thatr[n] =r (1)1,N (1)1= r (2)1,N (2)1[[n]+r (1)2,N (1)2[[n]+r (2)2,N (2)2n − b (1)1n − b (2)1]], (8)in order to recover the sequence r[n], the attacker should obtainthe segments r (1) [n] and r (1) [n], where N (1)1,N (1)12,N (1)1 = b (1)1 and2N (1)2 = N − b (1)1 , or the segments r(2) [n] and r (2) [n],1,N (2)12,N (2)2<strong>with</strong> N (2)1 = b (2)1 and N (2)2 = N − b (2)1 , from the availabletrans<strong>for</strong>med sequences f (1) [n] =r (1) [n] ∗ r (1) [n] and1,N (1)1 2,N (1)2f (2) [n] =r (2) [n] ∗ r (2) [n].1,N (2)1 2,N (2)2Deconvolution problems are typically coped <strong>with</strong> in thefrequency domain, being the convolutions represented by multiplicationsin the Fourier domain. In order to properly definethe discrete Fourier trans<strong>for</strong>ms (DFTs) of the segments extractedfrom r[n], the extended versions ˆr (j)h,K[n], h, j = {1, 2},are generated by applying a zero padding to the respectiveoriginal traits, until reaching the same length K = N − 1 ofthe convolution products f (1) [n] and f (2) [n]. Then, the sequenceΔ[n],n=1,...,K, is defined as the difference betweenˆr (1)1,K[n] and ˆr(2)1,K[n], which share a common part thatis exactly r (2) [n], having assumed that b (1)1 >b (2)11,N (2)1Δ[n] =ˆr (1)1,K[n] − ˆr(2)1,K[n], n =1,...,K. (9)Authorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.