Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

More documents

Recommendations

Info

530 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 40, NO. 3, MAY 2010The following relations can then be derived for the consideredfinite sequences:⎧⎨⎩ˆr (1)1,Kˆr (1)2,K[n] =ˆr(2)[n − b (1)11,K][n]+Δ[n] [=ˆr (2)2,Kn − b (2)1]− Δ[n],(10)where all the considered shifts are circular shifts. Then, applyingthe DFT to the aprioriknown sequences f (1) [n] andf (2) [n] and considering the relations between the DFT and thelinear convolution of two discrete sequences, it results to (11),shown at the bottom of the page, where the DFT coefficientsare indexed with l. Using the relations in (10), the first equationin (11) can be written as{ } [DFT f (1) [n] ={ } ]DFT ˆr (2)1,K [n] + DFT {Δ[n]}[ { [· DFT ˆr (2)2,Kn − b (2)1]}− DFT {Δ[n]}· e j2π(l/K)b(1) 1 , (12)from which the expressions in (13), shown at the bottom of thepage, can be derived.The resulting system of equations admits ∞ 1 possible solutions,which implies that recovering the original segments[n] and ˆr(2)2,K[n] is as much hard as random guessing them.The difficulty in reaching a solution for the original sequenceobserved in our formulation corroborates the difficulty in succeedingin a record multiplicity attack.ˆr (2)1,KV. S IGNATURE BIOMETRICSA. Signature-Based AuthenticationPeople recognition based on signatures is one of the mostaccepted biometric-based authentication methods since, beingpart of everyday life, it is perceived as a noninvasive and nonthreateningprocess by the majority of the users. Furthermore, asignature has a high legal value. On the other hand, this modalityis characterized by a high intrauser variability, due to thefact that signatures can be influenced by several physical andemotional conditions, and a small forgery inter-user variability,which must be taken into account in the authentication process.A review of the state of the art covering the literature up to 1993]can be found in [42]. Other survey papers quoting the morerecent advances in signature recognition are [43] and [44].Signature-based authentication can be either static or dynamic.Inthestatic mode, also referred to as off-line, onlythe written image of the signature, typically acquired through acamera or an optical scanner, is used. In the dynamic mode, alsocalled on-line, signatures are acquired by means of a graphictablet or a pen-sensitive computer display, which can providetemporal information about the signature, such as the pressure,the velocity, the pen tilt signals versus time, etc.In order to represent the signature, some features must beextracted. Two different kinds of features are typically considered:parameters and functions. Parametric features can consistof static information, like the height and the width of thesignatures, or dynamic information, like signature velocity,acceleration, or pressure. In most comparative studies, theparameters based on dynamic information are typically morediscriminative for recognition purposes than those based onstatic information [45]. On the other hand, sequence-basedmethods typically use a representation based on various temporalsequences and elastic matching procedures such as DTW,which represents one of the more flexible approaches to managethe signature length variability [46], or statistical recognitionapproaches such as HMMs [5], [47].B. Signature Template Protection: Related WorksSignature template protection has been first considered in [9]and [48] with a key generation approach which extracts a setof parametric features from the acquired dynamic signaturesand applies a hash function to a feature’s binary representation,obtained by exploiting some statistical properties of theenrollment signatures. Both methods provide protection for thesignature templates, but none of them provides revocability.The fuzzy vault construction has been applied to signature verificationin [49], by using a quantized set of maxima and minimaof the temporal functions mixed with chaff points in order toprovide security. A salting approach has been proposed in [50]as an adaptation of the BioHashing method [28] to signaturetemplates. The fuzzy commitment approach introduced in [22]has also been applied to signature verification in [51] and [52].In both papers, a practical implementation of fuzzy commitment[25] has been taken into account, and a new user-adaptive⎧⎨ DFT { f (1) [n] } { }= DFT ˆr (1)1,K [n]⎩ DFT { f (2) [n] } = DFT{· DFT{ˆr (2)1,K [n] }· DFT{ } { [ˆr (1)1,K [n] · DFT ˆr (1)2,K]}· e j2π(l/K)b(1) 1}ˆr (1)2,K [n] = DFTn − b (1)1{ }ˆr (2)2,K [n] (11)⎧⎪⎨⎪⎩DFT { f (1) [n] } [ { } {= e j2π(l/K)b(1) 1 · DFT ˆr (2)1,K [n] · DFT+ DFT {Δ[n]}·DFTDFT { f (2) [n] } { } { }= DFT ˆr (2)1,K [n] · DFT ˆr (2)2,K [n]}ˆr (2)2,K [n] · e −j2π(l/K)b(2) 1 − DFT {Δ[n]}·DFT{ }]ˆr (2)2,K [n] · e −j2π(l/K)b(2) 1 − DFT 2 {Δ[n]}{ˆr (2)1,K [n] }(13)Authorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.
MAIORANA et al.: CANCELABLE TEMPLATES FOR SEQUENCE-BASED BIOMETRICS 531error-correcting code selection has also been introduced.The implementation of a security scalable recognition systemby exploiting watermarking-based techniques has been studiedin [15], [52], and [53]. No template-transformation-based approachhas been proposed so far for the protection of signaturebiometrics.VI. APPLICATION TO AN ON-LINE SIGNATURERECOGNITION SYSTEMThe effectiveness of the proposed protection scheme forsequence-based biometrics is here applied to the protection ofon-line signature templates. In Section VI-A, it is discussedhow to extract a sequence-based template R F from an acquiredsignature, while the employed classifier, based on HMM, isdescribed in Section VI-B.A. Feature Extraction StageDuring the employed feature extraction stage, the horizontalx[n] and vertical y[n] position trajectories, together with thepressure signal p[n],n=1,...,N, are acquired from each onlinesignature through a digitizing tablet. We consider that thesignals x[n] and y[n] are already normalized both in position,with respect to their center of mass, and in rotation, with respectto their average path tangent angle. Other four discrete-time sequencesare derived from the pair {x[n],y[n]}, namely, the pathtangent angle θ[n], the path velocity magnitude v[n], thelogcurvature radius ρ[n], and the total acceleration magnitude a[n].Specifically, in our experiments, we consider the following setof F =14sequences:{R 14 = x[n],y[n],p[n],θ[n],v[n],ρ[n],a[n],ẋ[n], y[n], ˙ p[n], ˙ ˙θ[n],}˙v[n], ˙ρ[n], ȧ[n] , (14)where the upper dot notation denotes the first-order derivative.B. Signature ModelingIn order to perform signature recognition, a stochastic modelizationbased on HMMs is applied to the transformed signaturetemplates.An HMM is characterized by the following elements:1) the number H of hidden states {S 1 ,S 2 ,...,S H } of themodel. The state at discrete time n is indicated as q n ;2) the state transition probability A = {a i,j }, where a i,j =P [q n+1 = S j |q n = S i ],i,j =1,...,H;3) the observation symbol probability distributions ineach state j, indicated with B = {b j (o)},j =1,...,H.The observation processes are represented using mixturesof M multivariate Gaussian distributions: b j (o) =∑ Mm=1 α j,mp μj,m ,Σ j,m(o),j =1,...,H, where μ j,mand Σ j,m indicate the mean and the diagonal covariancematrix of each Gaussian component, respectively. Thecoefficients α j,m are selected by respecting the conditionof normalization ∑ Mm=1 α j,m =1,j =1,...,H;4) the initial state distribution π = {π j } = {p[q 1 =S j ]},j =1,...,H.Following the proposed approach, during the enrollmentphase, the client model λ = {π, A, B} is estimated consideringE enrollment signatures of the subject at hand, according to theiterative strategy presented in [5].The obtained model λ is stored in a database and used inthe authentication phase, where a similarity score is calculatedas (1/K) log P (O|λ) using the Viterbi algorithm [54]. Specifically,the Viterbi algorithm is employed to estimate, given anobservation sequence O and a model λ, the sequence Q ofhidden states corresponding to O. The criterion followed by theViterbi algorithm is to maximize the probability P (Q|O,λ),which is equivalent to maximizing P (Q, O|λ). The Viterbiprocedure can be efficiently represented by a lattice structure,where each node, at a given instant, represents the hidden stateof the model. The computational complexity of the algorithmis reduced when maximizing the log likelihood, with respectto the likelihood of the test sample path given the model. Theratio 1/K is taken into account to normalize to the obtainedlog likelihood, which decreases when the length of the testsignature increases [55].It is worth pointing out that, when using HMMs for signaturerecognition, also in an unprotected approach, the client modelλ = {π, A, B}, instead of the original signature sequences,is stored in the database. However, if an attacker is able toacquire the client HMM, the statistical properties of the client’ssignatures can be derived from the model and, for example,employed to track the users across multiple databases. Usingthe proposed protection approach, if an attacker succeeds inacquiring the stored models, he can only retrieve informationabout the set of transformed sequences T F , from which it is notpossible to get any information about the original sequencesr (i) [n],i=1,...,F, as discussed in Section IV.VII. EXPERIMENTAL SETUPThe noninvertible transforms, proposed for the protectionof sequence-based biometrics, are tested by verifying boththeir renewability capabilities and the verification performanceachievable in protected systems, with application to on-linesignature biometrics. For the experiments, we use the MCYTon-line signature corpus [57]. This database includes signaturesfrom 330 subjects, with 25 genuine signatures per subject.These genuine signatures have been captured in sets of five,allowing some breaks between the different acquisition sets.For each subject, there are also 25 forgeries performed by fivedifferent forgers for each subject. Forgers have been askedto reproduce without breaks or slowdowns a signature afterhaving observed the static image of the prototype and afterhaving carried out a training stage, which consists of copyingthe prototype at least ten times.In the experiments, we have studied the following key aspectsof the proposed template protection approaches:1) Authentication performancea) performance dependence on HMM parameters, forboth unprotected and protected systems;b) performance variability with respect to thetransformation-defining parameters, for protectedsystems;Authorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.
Page 1 and 2: IEEE TRANSACTIONS ON SYSTEMS, MAN,
Page 3 and 4: MAIORANA et al.: CANCELABLE TEMPLAT
Page 5: MAIORANA et al.: CANCELABLE TEMPLAT
Page 9: MAIORANA et al.: CANCELABLE TEMPLAT
Page 12 and 13: 536 IEEE TRANSACTIONS ON SYSTEMS, M
Page 14: 538 IEEE TRANSACTIONS ON SYSTEMS, M

Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

Create successful ePaper yourself

Delete template?

Save as template?