Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

12.07.2015 Views
532 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 40, NO. 3, MAY 2010TABLE IEER (IN PERCENTS) FOR DIFFERENT HMM CONFIGURATIONSCONSIDERING SKILLED FORGERIES, IN UNPROTECTEDAND PROTECTED SYSTEMS (E = 10)Fig. 3. ROC curves for an unprotected system, and for protected systemswith W =2, 3, and 4 convolved segments, considering skilled forgeriesand E =10.c) performance comparison between the baseline approachdescribed in Section III-A and the extendedmethods in Section III-B;2) Renewabilitya) evaluation of the diversity between two templatesoriginated by applying two different transformationson the same original data. The analysis is conductedfor the baseline approach described in Section III-A,as well as for the extended methods in Section III-B.The performance analysis is detailed in Section VIII, whilethe renewability capabilities of the proposed protection methodsare presented in Section IX.VIII. AUTHENTICATION PERFORMANCE ANALYSISThe authentication performances achievable with the proposedprotected on-line signature protection methods are herediscussed. The system performances are evaluated through thefalse rejection rate (FRR), the false acceptance rate (FAR)for skilled forgeries (FAR SF ), the FAR for random forgeries(FAR RF ), and the equal error rate (EER). These figures of meritare obtained by considering, for each user in the enrollmentstage, E =10signatures taken from the first two acquisitionsets of MCYT. The FRR is estimated on the basis of thesignatures belonging to the third, fourth, and fifth availableacquisition sets. The FAR SF is computed by using the 25 skilledforgeries available for each user. The FAR RF is computed bytaking, for each user, one signature from each of the remainingusers.A. Dependence on the HMM ParametersWithin the described experimental setup, the dependenceof the authentication performances on the HMM parametersis first discussed. Specifically, the EERs obtained by varyingthe HMM parameters H and M, considering skilled forgeries,are summarized in Table I, for both unprotected systems andfor protected systems employing the baseline approach describedin Section III-A, with W ∈{2, 3, 4}. Specifically, thevalues of H reported in Table I are H ∈{8, 16}, since thebest recognition rates are achieved when using, for the HMMmodelization, a number of states comprised between 8 and 16,as observed in [5] and [10]. When employing the proposedbaseline protection approach, the key vector d is randomlyselected for each considered user, taking the values d j ,j =1,...,W − 1, in the range of integers [5, 95]. As described in[34], this reflects how the protected system should be used ina practical implementation, where different transformations aretypically used for different individuals.The best EERs achievable for each configuration (unprotectedand protected systems) are highlighted in Table I andare employed to select the best HMM configurations, which areconsidered in the following to illustrate the performances of theproposed approaches. Specifically, the selected configurationsare as follows:1) unprotected approach: H =16 and M =4 (EER SF =6.33%);2) baseline protected approach, with W =2: H =8 andM =8(EER SF =7.95%);3) baseline protected approach, with W =3: H =8 andM =4(EER SF =11.84%);4) baseline protected approach, with W =4: H =8 andM =2(EER SF =15.40%).The receiver operating characteristic (ROC) curves related tothe best authentication rates, achievable using the aforementionedselected configurations, are shown in Fig. 3. From thesketched ROC curves and from the results in Table I, it can beseen that the recognition performances for protected systemsworsen when the number W of segments in which the signaturesare segmented increases. The loss in performance canbe explained as follows. The segmentation of the consideredsignature time sequences is accomplished by using a set of fixedparameters d j ,j =1,...,W − 1. They express, in terms of thepercentage of the total sequence length, the points where thesegmentation has to be done. However, due to the characteristicsof signature biometrics, sequences extracted from differentAuthorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.

MAIORANA et al.: CANCELABLE TEMPLATES FOR SEQUENCE-BASED BIOMETRICS 533Fig. 4. Normalized histograms of the EERs obtained repeating 20 times theauthentication process, for a protected system with W =2.signatures, also if from the same user, typically have differentlengths, which raises an alignment issue. As a consequence, themore separations are performed, the more variable will be theconvolutions at the output. The best results are obtained whenW =2, due to the fact that only one separation point has tobe set in this case. However, the performances achieved withW =3still remain acceptable, producing an EER for skilledforgeries of about 12%, when taking E =10 signatures forthe enrollment. The cited alignment problem can be mitigatedby using a dynamic programming strategy, as in the DTW approachesfor signature recognition [46], whereas a simple linearcorrespondence strategy does not represent the best signaturealignment approach.B. Dependence on the Transform Key Vector dThe dependence of the authentication performance on thekey d is investigated referring to the baseline approach proposedin Section III-A. More in detail, a protected system,where the signature functions are split into W =2segments, bymeans of the key d, is considered. The performance evaluationis made performing 20 times the enrollment and authenticationprocesses over the available test data set, varying at each iterationthe transformation parameters d for each user. In Fig. 4, theobtained results are shown, through the normalized histogramsof the EERs for both random (EER RF ) and skilled forgeries(EER SF ), obtained when considering a protected system whereE =10signatures are taken from each user during enrollment.The mean and standard deviation of the obtained EERs are asfollows:1) skilled forgeries: mean EER SF =8.2%, with a standarddeviation σ EERSF =0.7%;2) random forgeries: mean EER RF =4.1%, with a standarddeviation σ EERRF =0.5%.As necessary for a properly designed noninvertible transformapproach, the variation of the transformation parametersdoes not result in significant modifications of the matchingperformances.Fig. 5. Performance comparison between the baseline protected system inSection III-A and the extended protection approaches in Sections IX-B andIX-C, considering W =2convolved segments for template protection.C. Comparison Between Baseline and Extended ApproachesThe proposed approaches for the protection of signaturetemplates are also discussed by comparing the authenticationperformances achievable when employing the extended transformsdescribed in Section III-B, with those obtained by usingthe baseline method described in Section III-A. Specifically,only the case where each function is split into W =2segmentsis considered.Fig. 5 shows the performances obtained when consideringthe mixing and shifting approaches described in Sections III-B1and III-B2, respectively. The performances of the extendedmethods are also compared with those related to the use of thebaseline protection approach. E =10signatures are consideredto be taken from each user during enrollment. For all the consideredprotected approaches, the HMM configuration whichgives the best authentication performances for the baselinemethod is considered (H =8 and M =8). The recognitionrates shown for the unprotected system are related to the HMMconfiguration (H =16and M =4) which allows obtaining thebest achievable authentication performance. As shown in Fig. 5,systems using the mixing-based protection method, describedin Section III-B1, are characterized by almost the same performancesof a system using the baseline protection scheme,resulting in an EER of 9.12%. On the other hand, the protectionmethod based on shifting, described in Section III-B2, providesslightly worse results, reaching an EER of about 10.81%.IX. RENEWABILITY ANALYSISThe transformations introduced in Sections III-A and B arethen analyzed with respect to the diversity property, whichis a crucial requirement to implement cancelable biometrics.Specifically, it can be noticed that each of the proposed transformsis defined by means of a key or a set of keys and thatdifferent transformations can be obtained by varying the employedkeys. Moreover, two transformed templates, generatedfrom the same original data, are as more different as moredistant the respective transformation keys are. With the spaceof possible keys finite, the number of possible instances,which can be generated from the same data and which areAuthorized licensed use limited to: Univ Autonoma de Madrid. Downloaded on May 06,2010 at 15:31:46 UTC from IEEE Xplore. Restrictions apply.

Page 1 and 2: IEEE TRANSACTIONS ON SYSTEMS, MAN,

Page 3 and 4: MAIORANA et al.: CANCELABLE TEMPLAT

Page 5 and 6: MAIORANA et al.: CANCELABLE TEMPLAT

Page 7: MAIORANA et al.: CANCELABLE TEMPLAT

Page 12 and 13: 536 IEEE TRANSACTIONS ON SYSTEMS, M

Page 14: 538 IEEE TRANSACTIONS ON SYSTEMS, M

biometric

template

templates

biometrics

sequences

authentication

recognition

obtained

transformed

employed

cancelable

atvs

Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

Cancelable Templates for Sequence-Based Biometrics with ... - ATVS ... View more Cancelable Templates for Sequence-Based Biometrics with ... - ATVS

Delete template?

Save as template ?

Cancelable Templates for Sequence-Based Biometrics with ... - ATVS Cancelable Templates for Sequence-Based Biometrics with ... - ATVS