Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

More documents

Recommendations

Info

528 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 40, NO. 3, MAY 2010Fig. 2. Baseline approach. Example of a template sequence transformation, where W =3.extracted from a given biometrics, by applying the transformationsdefined in Sections III-A and B. The resulting transformedsequences can then be further processed, if the matcher isbased on a sequence-based modeling approach (e.g., HMM),or directly stored as templates, if the matcher works directlywith sequence-based descriptions (e.g., DTW). Specifically, itis assumed that the proposed transformations can be appliedto an original set of sequences R F , consisting of F sequencesr (i) [n],i=1,...,F. The transformed template is indicatedas T F and consists of F sequences f (i) [n],i=1,...,F.InSection III-A, the baseline sequence-based template transform,specifically designed in such a way that it is not possibleto retrieve the original data from the transformed ones, isproposed. Moreover, in Section III-B, some alternatives forthe protection of sequence-based templates, derived from thebaseline approach in Section III-A, will be detailed.A. Noninvertible Transform: Baseline ApproachLet us consider the set of transformations that are necessaryto generate the transformed template, represented by the set ofsequences T F , by using the original template, given by the setof original sequences R F . These transformations are designedin order to satisfy the following properties.1) Each transformed sequence, belonging to the set T F ,mustbe generated by using at least two sequences, which canbe either an original sequence or a segment extractedfrom an original sequence.2) Each sequence employed in one transformation cannotoccur in any other one of the set of transformationsemployed to generate the transformed template R F .In the baseline implementation, each transformed sequencef (i) [n],i=1,...,F, is obtained from the corresponding originalsequence r (i) [n],i=1,...,F, which represents a genericdiscrete sequence of length N belonging to the original template,as follows.A number (W − 1) of different integer values d j between 1and 99 are randomly selected, ordered in ascending order suchthat d j >d j−1 ,j =1,...,W, and arranged in a vectord =[d 0 ,...,d W ] T , (1)where d 0 and d W are set to 0 and 100, respectively. The vectord represents the key of the employed transformation. Then, theoriginal sequence r (i) [n] is divided into W segments r (i)j,Nj [n]of length N j = b j − b j−1wherer (i)j,Nj [n] =r (i) [n + b j−1 ], n =1,...,N j ;j =1,...,W, (2)b j =⌈dj100 · N ⌉, j =1,...,W. (3)Basically, the sequence r (i) [n] is split into W nonoverlappingparts according to the randomly generated vector d, asshownin Fig. 2 for the case with W =3. A transformed sequencef (i) [n],n=1,...,K, is then obtained through the linear convolutionof the sequences r (i)j,Nj [n],j =1,...,W, i.e.,f (i) [n] =r (i)1,N1 [n] ∗···∗r (i)W,NW [n]. (4)Each transformed sequence f (i) [n] is therefore obtainedthrough the linear convolution of parts of the correspondingoriginal sequences r (i) [n],i=1,...,F. Moreover, each originalsequence r (i) [n],i=1,...,F, undergoes the same decompositionbefore applying the convolutions. The length of thetransformed sequences obtained by means of convolution asthat in (4) is equal to K = N − W +1, which is thereforealmost the same of the original sequences. A final signalnormalization, to obtain zero-mean and unit-standard-deviationtransformed sequences, is then applied. Different realizationscan be obtained from the same original sequences, simply varyingthe size or the values of the parameter key d. The completeset of transformed sequences f (i) [n],i=1,...,F, is indicatedas T F . The security analysis of the proposed sequence-basedprotection scheme is conducted in Section IV.B. Noninvertible Transform: Extended ApproachesIn the previous section, we illustrated how to generate atransformed sequence from an original one. However, as it willbe shown in Section IX, when considering the application to theprotection of on-line signature templates, the baseline methodpossesses a low renewability capability. In order to properlyaddress this issue, two additional noninvertible sequence-basedapproaches, stemming from the approach in Section III-A, areproposed in the following.Authorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.
MAIORANA et al.: CANCELABLE TEMPLATES FOR SEQUENCE-BASED BIOMETRICS 5291) Mixing Approach: This approach is defined by considering,in addition to the decomposition key d, a transformationkey C, defined as a matrix of F rows and W columns. Eachcolumn of C is obtained as a scrambled version of the vector[1,...,F] T . An example of a possible matrix C,forF =7andW =4, can be⎡⎤1 4 3 72 7 2 53 1 6 1C =4 2 7 3. (5)⎢ 5 6 1 4⎥⎣⎦6 5 5 27 3 4 6Each row of the matrix C, i.e., C[i, j] with j =1, 2,...,W,is employed to define the combinations that originate the transformedsequences f (i) [n] as follows:f (i) [n] =r (C[i,1])1,N1 [n] ∗···∗r (C[i,W ])W,NW [n] (6)with i =1,...,F, and where r (i)j,Nj [n] is defined as that in(2). Basically, each transformed sequence f (i) [n] is generatednot only from the corresponding original sequence r (i) [n], butthe convolutions are performed among segments extracted fromdifferent original sequences, thus also defining a feature-levelfusion [30] among various sequences.2) Shifting Approach: Another variation to the approach inSection III-A is obtained by applying an initial shift to theoriginal sequences r (i) [n],i=1,...,F. Specifically, a randominteger value φ is selected in the range [0, 100] and convertedto the shift s as⌈ ⌉ φs =100 · N , (7)with N being the length of the original sequence, in sampleunits. Then, each sequence r (i) [n] undergoes the same circularshift ruled by the parameter s, thus obtaining the sequencesz (i) [n] =r (i) [n − s],n=1,...,N.The same transformation process described inSection III-A, based on convolutions between segmentsextracted from the considered sequences, is then applied to thesequences z (i) [n]. This modification can also be combined withthe extended method presented in Section III-B1, by applyingthe circular shift before performing the transformations.Obviously, it is also possible to apply different initial shiftsto the F sequences before performing the decompositions,in order to further increase the transformation key space.However, in this paper, we only consider the case where thesame shift is applied to all the available original sequences.IV. TRANSFORM INVERTIBILITY ANALYSISThe analysis of the invertibility, i.e., the possibility of recoveringthe original sequences from the ones obtained employingthe proposed transformation schemes, is investigated in thissection. Specifically, this analysis, being related only to thetransformations designed in Section III, does not depend on aspecific biometric modality. Furthermore, being the methods inSection III-B derived as extensions of the principal approachdescribed in Section III-A, only the latter one is here analyzed,due to the fact that the security of the extended methodsdepends on the one provided by the baseline approach.Having defined the sequence transformation as that in (4),if an attacker gains access to the stored information, he hasto solve a blind deconvolution problem [39]–[41] to retrieveany information regarding the original sequences. In otherwords, the security of the proposed sequence-based templateprotection methods relies on the difficulty in solving a blinddeconvolution problem, having no aprioriknowledge about theoriginal sequences.The proposed transformation is also robust to the record multiplicityattack, where it is assumed that different transformedtemplates based on the same original data are available to the attacker.It is worth pointing out that this is a worst case conditionbecause, in real-life applications, the realizations of the originalbiometrics used in different applications vary depending onthe intra-user biometric variability. Under this assumption, wethen consider that an attacker has acquired, from two differentsystems, two different transformed sets of sequences T (1)Fand T (2)F , generated from the same original template R F byapplying different transformation parameters. Considering thesimplest case with W =2, the attacker then possesses twotransformed instances, namely, f (1) [n] and f (2) [n],ofthesameoriginal sequences r[n], obtained using the two transformationparameters d (1)1 and d (2)1 . Given thatr[n] =r (1)1,N (1)1= r (2)1,N (2)1[[n]+r (1)2,N (1)2[[n]+r (2)2,N (2)2n − b (1)1n − b (2)1]], (8)in order to recover the sequence r[n], the attacker should obtainthe segments r (1) [n] and r (1) [n], where N (1)1,N (1)12,N (1)1 = b (1)1 and2N (1)2 = N − b (1)1 , or the segments r(2) [n] and r (2) [n],1,N (2)12,N (2)2with N (2)1 = b (2)1 and N (2)2 = N − b (2)1 , from the availabletransformed sequences f (1) [n] =r (1) [n] ∗ r (1) [n] and1,N (1)1 2,N (1)2f (2) [n] =r (2) [n] ∗ r (2) [n].1,N (2)1 2,N (2)2Deconvolution problems are typically coped with in thefrequency domain, being the convolutions represented by multiplicationsin the Fourier domain. In order to properly definethe discrete Fourier transforms (DFTs) of the segments extractedfrom r[n], the extended versions ˆr (j)h,K[n], h, j = {1, 2},are generated by applying a zero padding to the respectiveoriginal traits, until reaching the same length K = N − 1 ofthe convolution products f (1) [n] and f (2) [n]. Then, the sequenceΔ[n],n=1,...,K, is defined as the difference betweenˆr (1)1,K[n] and ˆr(2)1,K[n], which share a common part thatis exactly r (2) [n], having assumed that b (1)1 >b (2)11,N (2)1Δ[n] =ˆr (1)1,K[n] − ˆr(2)1,K[n], n =1,...,K. (9)Authorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.
Page 1 and 2: IEEE TRANSACTIONS ON SYSTEMS, MAN,
Page 3: MAIORANA et al.: CANCELABLE TEMPLAT
Page 7 and 8: MAIORANA et al.: CANCELABLE TEMPLAT
Page 9: MAIORANA et al.: CANCELABLE TEMPLAT
Page 12 and 13: 536 IEEE TRANSACTIONS ON SYSTEMS, M
Page 14: 538 IEEE TRANSACTIONS ON SYSTEMS, M

Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?