Template protection for HMM-based on-line signature authentication
Summary (2 min read)
1. Introduction
- The most emerging technology for automatic people recognition is biometrics.
- Unfortunately, the use of biometric data in an automatic recognition system involves various risks, not affecting other traditional methods: if biometric data are somehow stolen or copied, they can be hardly replaced.
- Moreover, biometric data can contain sensitive information (health, genetic background, age), that can be used in an unauthorized manner for malicious or undesired intents [1].
- The adopted measures should be able to enhance biometric data resilience against attacks, while allowing the matching to be performed efficiently, thus guaranteeing acceptable recognition performance.
- A non-invertible transform-based approach is proposed for the implementation of an on-line signature-based biometric authentication system, where the stored templates cannot reveal any information about the originally acquired biometric characteristics.
2. Biometric Template Security
- In a typical biometric-based authentication system, eight possible vulnerable points can be individuated [2].
- The concept of cancelable biometrics has been introduced in [2], and can be roughly described as the application of an intentional and repeatable modification to the original biometric template.
- Generalizing this approach, three different non-invertible transforms, namely a cartesian, a polar and a functional transform, were proposed in [10] for generating cancelable fingerprint templates.
- In [12] an adaptation of the fuzzy vault to signature protection is proposed, while also the fuzzy commitment (more specifically, its practical translation known as Helper Data System [13]) has been employed to provide security to the features extracted from an on-line signature, as proposed in [14].
- On the other hand, the approach proposed in this paper directly works with the signature time sequences acquired by touch screens or digitizing tablets, trying to modify them in such a way that is com- putationally hard to recover the original information.
3. Proposed Approach for Cancelable On-line
- As already pointed out, in this paper a non-invertible transform approach is proposed for the protection of online signature templates.
- Specifically, the template that has to be protected consists of a set of signature discrete time sequences (e.g., position trajectories, pressure, etc.).
- The desired protection is accomplished by properly modifying the considered time sequences, in such a way that it is not possible to retrieve the original data from the transformed one.
- A function-based authentication approach is then implemented in order to perform the matching, directly applying Hidden Markov Models (HMMs) for the modelization of the transformed templates.
- In Section 3.1, the employed feature extraction process, together with the implemented matching strategy, is presented.
3.1. HMM-based Signature Modeling
- The proposed authentication system with protected templates is based on the on-line signature verification system presented in [16], where a function-based approach is employed to perform signature-based authentication, using HMMs to represent and match the signature discrete time sequences.
- Specifically, in the proposed approach three time sequences, the horizontal x[n] and vertical y[n] position trajectories, together with the pressure signal p[n] (where n = 1, . . . , N is the discrete time index, and N is the time duration of the signature in sampling units), are acquired from each on-line signature through a digitizing tablet.
- A geometric normalization, consisting of positions normalization followed by rotation alignment, is applied to the considered pen-position functions.
- Then, other four discrete time sequences are derived from the basic set, and used as an additional extended set of functions, namely the path-tangent angle θ[n], the path velocity magnitude v[n], the log curvature radius ρ[n] and the total acceleration magnitude a[n], with n = 1, . . . , N .
3.2. Time Sequences Transformation
- The vector d represents the key of the employed transformation.
- Moreover, each original function undergoes the same decomposition before applying the convolutions.
- A final signal normalization, oriented to obtain zero mean and unit standard deviation transformed functions, is then applied.
- The security analysis of the proposed online signature template protection scheme is conducted in Section 4.
4. Security Analysis
- Having defined the function transformation as in eq. (2), if an attacker gains access to the stored information, he has to resolve a blind deconvolution problem [18] to retrieve any information regarding the signature biometrics.
- Typically, the goal of blind deconvolution is to recover a source signal given only the output of an unknown filter, or to separate different source signals from their convolutive mixtures.
- Otherwise, some further constraints have to be established, in order to perform the process.
- Moreover, it is worth pointing out that, in the proposed approach, for each user the HMM λ, estimated from the signature representations T, is the stored template.
- Then, also if an attacker is able to acquire more than two distinct transformed versions of the original signature functions, it is however impossible to recover the original information using the data coming from different sources.
5. Experimental Results
- An extensive set of experimental results has been performed using the MCYT on-line signature corpus [19].
- Systems’ FAR for skilled forgeries (FARSF ) was computed using the available 25 skilled forgeries for each user, while the FAR for random forgeries (FARRF ) has been computed taking, for each user, one signature from each of the rest of the users.
- Next, the authors performed tests to compare the performances of an unprotected and a protected system where HMMs are used as matching algorithm.
- As a consequence, the more separations are performed, the more variable the convolutions at the output will be.
Did you find this useful? Give us your feedback
Citations
620 citations
Cites methods from "Template protection for HMM-based o..."
...[144-146] apply non-invertible transforms to obtain cancelable templates from online signatures....
[...]
194 citations
Additional excerpts
...I. INTRODUCTION...
[...]
157 citations
Cites background or methods from "Template protection for HMM-based o..."
...the authors’ works presented in [10] and [11]....
[...]
...Specifically, the values of H reported in Table I are H ∈ {8, 16}, since the best recognition rates are achieved when using, for the HMM modelization, a number of states comprised between 8 and 16, as observed in [5] and [10]....
[...]
93 citations
Cites methods from "Template protection for HMM-based o..."
...al have used a signature transformation technique to secure online signatures templates that can be matched via HMM [35]....
[...]
...Table 4: Comparison of verification accuracy on SVC 2004 dataset when different transformation functions are used Transform KRP KRP-AH KRP-DPT [13] KRP-CFT [35] k = 30 k = 30 d = 120 w = 3...
[...]
...For Convolution Function Transform (CFT) [35], 120 distinguishing points (d) are chosen for each signature and matching for transformed signatures is performed using DTW....
[...]
...Unlike the traditional feature transformation techniques [20, 35, 29, 25], our system preserves the important biometric information even when the user specific password is compromised....
[...]
77 citations
Cites background or methods from "Template protection for HMM-based o..."
...the Improved BioHashing template protection technique (Lumini & Nanni, 2007); the BioConvolving template protection technique presented in Maiorana et al. (2008)....
[...]
...…(Van der Veen, Kevenaar, Schrijen, Akkermans, & Zuo, 2006) has been employed to provide security for the features extracted from an on-line signature, as proposed in Maiorana et al. (2008), Campisi, Maiorana, & Neri (2008), where a user-adaptive error correcting code selection was also introduced....
[...]
...In Maiorana et al. (2008) a signature template protection scheme, where non-invertible transforms are applied to a set of signature sequences, has been presented, and its non-invertibility discussed....
[...]
...Notice that using the standard Kholmatov’s method and the base approach proposed in Maiorana et al. (2008) we obtain an EER 12.95 of and an AUC of 0.927....
[...]
...The generation of cancelable biometrics according to the BioConvolving approach was proposed in Maiorana et al. (2008)....
[...]
References
21,819 citations
1,744 citations
"Template protection for HMM-based o..." refers background in this paper
...This category can be furthered divided in key binding systems, where the helper data are obtained by binding a key with the biometric template, as it happens for the fuzzy commitment [4] and the fuzzy vault [5], and key generation systems, where both the helper data and the cryptographic key are directly generated from...
[...]
1,709 citations
"Template protection for HMM-based o..." refers background or methods in this paper
...In a typical biometric-based authentication system, eight possible vulnerable points can be individuated [2]....
[...]
...Through the application of these distortions to the biometric data, the properties of renewability and noninvertibility [2] should be guaranteed....
[...]
...The concept of cancelable biometrics has been introduced in [2], and can be roughly described as the application of an intentional and repeatable modification to the original biometric template....
[...]
[...]
1,481 citations
1,119 citations
Related Papers (5)
Frequently Asked Questions (14)
Q2. What is the proposed system with protected templates?
The proposed authentication system with protected templates is based on the on-line signature verification system presented in [16], where a function-based approach is employed to perform signature-based authentication, using HMMs to represent and match the signature discrete time sequences.
Q3. What is the dangerous treat regarding the privacy and the security of the users?
The unauthorized acquisition of the employed biometric data, which represents one of the possible consequences of the attacks to a biometric recognition system, is probably the most dangerous treat regarding the privacy and the security of the users.
Q4. What is the proposed approach for the protection of signature templates?
A function-based authentication approach is then implemented in order to perform the matching, directly applying Hidden Markov Models (HMMs) for the modelization of the transformed templates.
Q5. How many signatures are used to estimate the EER?
Performing the transformations keeping W = 3 results in an EER of about 19.24%, while if each signature function is divided in W = 4 segments before performing the convolutions, the EER raises to 24.92%.
Q6. What is the common way to deal with deconvolutions?
Deconvolution prob-lems are typically coped with in the frequency domain, being the convolutions transformed into simple multiplications.
Q7. How many signatures are used to compute the FAR for skilled forgeries?
Systems’ FAR for skilled forgeries (FARSF ) was computed using the available 25 skilled forgeries for each user, while the FAR for random forgeries (FARRF ) has been computed taking, for each user, one signature from each of the rest of the users.
Q8. What is the way to retrieve the function r[n]?
In order to retrieve the function r[n], the attacker should be able to obtain the segments r(1)1,N (1) 1[n] and r(1) 2,N(1) 2[n], where N (1)1 = b (1) 1 andN (1) 2 = N − b(1)1 , or the segments r(2)1,N(2)1 [n] and r (2) 2,N (2) 2 [n], withN (2)1 = b (2) 1 and N (2) 2 = N − b(2)1 , from the available transformed functions f (1)[n] = r(1) 1,N(1) 1[n]∗ r(1) 2,N(1) 2[n]and f (2)[n] = r(2) 1,N(2) 1[n] ∗ r(2) 2,N(2) 2[n].
Q9. What is the performance for an unprotected approach?
As it can be seen, the best performance achievable with an unprotected approach consists in an EER of 10.29%, and it occurs for H = 12 and M = 16.
Q10. How many sessions are used to estimate the FRR?
Each user is enrolled using the E = 5 signatures from the first session, while the other four sessions are employed to estimate the FRR.
Q11. What is the proposed approach for the protection of online signature templates?
As already pointed out, in this paper a non-invertible transform approach is proposed for the protection of online signature templates.
Q12. How many users are used to estimate the EER for skilled forgeries?
As it can be seen from the reported Receiver Operating Characteristic (ROC) curves, the EER for skilled forgeries in an unprotected system is equal to 10.74%, and it increases only slightly to 14.03% when the protection of the templates is introduced, considering W = 2.
Q13. How can one analyze the security of the proposed approach?
In order to analyze the security of the proposed approach in the worst considerable case, it is assumed that, from a stored HMM λ, it is possible to synthesize exactly the same functions from which the model has been estimated.
Q14. What is the first non-invertible transform-based approach for the protection of biometric?
The first practical non-invertible transform-based approach for the protection of biometric data was presented in [9], where the minutiae pattern extracted from a fingerprint undergoes a key-dependent geometric transform.