Biometric cryptosystem using function based on-line signature ...

Expert Systems with Applications 37 (2010) 3454–3461

Contents lists available at ScienceDirect

Expert Systems with Applications journal homepage: www.elsevier.com/locate/eswa

Biometric cryptosystem using function based on-line signature recognition Emanuele Maiorana * Università ‘‘Roma Tre”, Via della Vasca Navale 84, 00146 Roma, Italy

a r t i c l e

i n f o

a b s t r a c t

Keywords: Biometrics On-line signature Template protection Cryptosystem Error control coding

In this paper we present a novel on-line signature based biometric recognition system, where cryptographic techniques are employed to provide protection and cancelability to function based signature templates. The performances of the proposed protected on-line signature recognition system are evaluated on the public MCYT signature database, and compared with the performances achievable using unprotected approaches, as well as other signature template protection approaches. The reported results show that, when using the proposed cryptosystem, protected and renewable signature templates can be properly generated and used for recognition purposes. Ó 2009 Elsevier Ltd. All rights reserved.

1. Introduction

A brief review about signature recognition is outlined in Section 2, while the protection of biometric templates is discussed in Section 3. The proposed signature based biometric cryptosystem is then sketched in Section 4, and its security is discussed in Section 5. The experimental framework and the obtained results are shown in Section 6, while some conclusions are drawn in Section 7.

In contrast with traditional approaches, based on what a person knows (password) or what a person has (tokens), biometric based authentication relies on who a person is or what a person does (Jain, 2004), thus providing improved comfort and security for their users, when compared to traditional authentication methods. Unfortunately, on the other hand, the use of biometric data in an automatic recognition system involves various risks not affecting other methods: if biometric data are somehow stolen or copied, they can be hardly replaced. Moreover, biometric data can contain relevant information regarding people personality and health, which can be used in an unauthorized manner for malicious or undesired intents (Prabhakar, Pankanti, & Jain, 2003). It is also worth pointing out that when a cross-matching among different biometric databases is performed, an unauthorized tracking of the enrolled subjects can be realized, thus leading to users’ privacy loss. Therefore, when designing a biometric based recognition system, the issues deriving from the exposed security and privacy concerns have to be carefully addressed, trying to provide countermeasures to the possible attacks which can be perpetrated at the system’s vulnerable points (Ratha, Connell, & Bolle, 2001). The adopted measures should enhance biometric data resilience against attacks, while allowing the matching to be performed efficiently, thus guaranteeing acceptable recognition performance. In this paper we introduce a novel biometric cryptosystem based on on-line signatures. Specifically, the proposed system performs user authentication by means of protected templates, obtained by binding a set of signature dynamic functions with error correcting codes.

* Tel.: +39 0657337298; fax: +39 0657337026. E-mail address: [email protected] 0957-4174/$ - see front matter Ó 2009 Elsevier Ltd. All rights reserved. doi:10.1016/j.eswa.2009.10.043

2. Signature based authentication Signature recognition is one of the most accepted biometric based authentication methods since, being signatures part of everyday life, it is perceived as a non-invasive and non-threatening process by the majority of the users. Moreover, signature has a high legal value, since it has always played the role of document authentication, and it is accepted both by governmental institutions as well as for commercial transactions as a mean of identification (Dimauro, Impedovo, Lucchese, Modugno, & Pirlo, 2004). However, as it can be expected from a behavioral biometrics, different signature realizations, taken from the same user, can exhibit a lot of variability, mainly due to lack of user’s habit and to the different conditions of execution (seated or standing position, wide or narrow area for resting the arms, and so on) (Jain, Griess, & Connell, 2002). Basically, signature based authentication can be either static or dynamic. In the static mode, also referred to as off-line, only the written image of the signature, typically acquired through a camera or an optical scanner, is employed. In the dynamic mode, also called on-line, signatures are acquired by means of a graphic tablet or a pen-sensitive computer display, which can provide temporal information about the signature. Since on-line signature authentication involves the acquisition of the signature dynamic behavior, much more difficult to forge than the static one, it is in general more suitable for personal authentication.

E. Maiorana / Expert Systems with Applications 37 (2010) 3454–3461

Signature recognition is usually performed by extracting a set of features from the acquired data. When dealing with on-line signatures, it is widely accepted that two different kinds of features can be considered: parameters and functions (Jain et al., 2002). The approaches employing parametric features, usually indicated as global approaches, extract static information such as the height and the width of the signatures, or dynamic information like the number of strokes, the mean signature velocity, and so on. The obtained characteristics are then employed to train a classifier (Lumini & Nanni, 2009). On the other hand, function based methods typically employ a signature representation consisting of various temporal sequences like pressure, velocity, or acceleration (Fierrez-Aguilar, Ramos-Castro, Ortega-Garcia, & GonzalezRodriguez, 2007). According to recently published results, the most promising approaches for signature recognition belong to the category of function based methods (Fierrez-Aguilar, Nanni, LopezPeñalba, Ortega-Garcia, & Maltoni, 2005).

3. Biometric template protection A biometric system can be roughly sketched as in Fig. 1, and consists of a sensor module, a feature extractor module, a matcher, a database, and an application device which is driven by the matcher output. As outlined in Ratha et al. (2001), and also illustrated in Fig. 1, eight possible vulnerable points can be identified in a biometric system. Specifically, each considered module, as well as the channels interconnecting them, can be accessed by an attacker in order to steal, cancel or modify the processed data. The most dangerous threat regarding users’ privacy and security probably consists in the unauthorized acquisition of the employed biometric data, or of its representative template. In fact, although it was commonly believed that it is not possible to reconstruct an original biometric characteristic from its corresponding template, some concrete counter examples which contradict this hypothesis have been provided in the recent literature (Cappelli, Lumini, Maio, & Maltoni, 2007). Therefore, many solutions have been investigated in the recent past to secure the biometric templates. Among them, classical cryptographic techniques (Menezes, van Oorschot, & Vanstone, 1996) can be employed to secure the transmission of biometric data over reliable but insecure channels, and to make the stored information intelligible only when using a proper cryptographic key. However, the matching process has to be performed after decryption, and therefore no protection is provided during user authentication. Also data hiding techniques have been suggested for biometrics protection (Jain & Uludag, 2003; Maiorana, Campisi, & Neri, 2007). Such methods can be used to insert additional information, namely the watermark, into a digital object. Within this respect, data hid-

3455

ing techniques complements encryption, since the message can remain in the host data even when decryption has been performed. However, the most promising approach for the protection of biometric templates consists in the implementation of cancelable biometrics (Ratha et al., 2001), which can be roughly described as the application of non-invertible and repeatable modifications to the original biometric templates. A properly defined cancelable biometrics should satisfy the properties of renewability (it should be possible to revoke a compromised template and issue a new one based on the same biometric data) and security (it should be impossible or computationally unfeasible to obtain the original biometric template from the modified one). Moreover, it should grant that the recognition performances of the protected system do not degrade significantly with respect to an unprotected system. A classification of cancelable biometrics protection approaches have been presented in Jain, Nandakumar, and Nagar (2008), where two macro-categories, referred to as biometric cryptosystems and feature transformation approaches, are considered. Biometric cryptosystems (Uludag, Pankanti, Prabhakar, & Jain, 2004) can be implemented by means of key binding or key generation systems. A key binding system can be twofold. It can allow to protect a biometric template by binding it with a binary key, in order to secure a biometric recognition system. Moreover, it can also be used to release a given binary key by presenting a specific biometric trait, when a binary key has to be protected and released only if requested by its owner. Two of the most well known examples of key binding approaches are the fuzzy commitment (Juels & Wattenberg, 1999) and the fuzzy vault (Juels & Sudan, 2006), which represent general schemes that can be applied to different biometrics such as fingerprints or face (Nandakumar, Jain, & Pankati, 2007; Van der Veen, Kevenaar, Schrijen, Akkermans, & Zuo, 2006). When dealing with a key generation system, a cryptographic key is directly generated from the biometric template (Sutcu, Li, & Memon, 2007). Such systems are typically more difficult to be implemented, with respect to key binding systems, due to the unavoidable intra-class variability of biometric data. In a feature transformation approach, a transformation function is applied to the biometric templates, thus obtaining the desired cancelable biometrics. It is possible to distinguish between salting approaches (Teoh, Ngo, & Goh, 2006), where the employed transformation functions are invertible, and where therefore the security of the templates relies in the secure storage of the transform parameters, and non-invertible transform approaches (Ratha, Chikkerur, Connell, & Bolle, 2007), where a one-way function is applied to the templates, and it is computationally hard to invert the transformation even if its defining parameters are known. A detailed review on signature template protection has been presented in Campisi, Maiorana, and Neri (2009). In Vielhauer, Steinmetz, and Mayerhöfer (2002) and Feng and Chan (2002) a

Fig. 1. Points of attack in a generic biometric system (adapted from Ratha et al., 2001).

3456


key generation approach, where a set of parametric features is extracted from the acquired dynamic signatures, and a hash function is applied to their binary representation, has been proposed. Both methods provide protection for the signature templates, although the cancelability property is not achieved. In Freire-Santos, Fierrez-Aguilar, and Ortega-Garcia (2006) an adaptation of the fuzzy vault to signature protection has been proposed. A salting approach has been proposed in Yip, Goh, Ngo, and Teoh (2006) as an adaptation of the BioHashing method (Teoh et al., 2006) to signature templates. An improved version of the BioHashing approach has also been proposed in Lumini and Nanni (2007). Also the fuzzy commitment (Juels & Wattenberg, 1999) has been employed to provide security for the features extracted from an on-line signature, as proposed in Maiorana, Campisi, and Neri (2008a), where a user-adaptive error correcting code selection is also introduced. In Maiorana, Martinez-Diaz, Campisi, Ortega-Garcia, and Neri (2008b) a signature template protection scheme, where non-invertible transforms are applied to a set of signature sequences, has been presented, and its non-invertibility discussed. The renewability capacity of the approach in Maiorana et al. (2008b) has also been analyzed in Maiorana, Campisi, Ortega-Garcia, and Neri (2008c), where additional non-invertible transforms have been introduced. In this contribution, a key binding biometric cryptosystem based on on-line signature, able to provide the required security and renewability for the employed on-line signature templates, is proposed. Specifically, instead of employing a signature representation based on a set of parametric features, as in the majority of the already proposed approaches for signature template protection (Vielhauer et al., 2002; Freire-Santos et al., 2006; Maiorana et al., 2008a), a function based on-line signature representation is here considered. This novel approach is motivated by the fact that a function based signature representation typically allows to reach better recognition performances, with respect to the use of parametric feature based signature templates (Dimauro et al., 2004).

4. Proposed biometric cryptosystem The proposed cryptosystem for signature templates protection is based on Juels’ fuzzy commitment (Juels & Wattenberg, 1999), which employs error correcting codes to generate a protected representation of the considered biometrics. The considered approach is twofold, being possible to use it to protect biometric templates with binary keys, as well as to release binary keys depending on the provided biometrics. In the considered implementation, the first scenario is taken into account, thus considering a protected signature based recognition system. The employed signature representation consists of a set of J discrete finite sequences rj ½t, with j ¼ 1; . . . ; J while t ¼ 1; . . . ; T is the temporal index. The acquired signature functions are first processed in order to generate sequences whose length is equal to the system parameter P, since signatures acquired at different times are obviously characterized by different temporal extensions. In order to handle vectors which can be properly compared, an interpolation process is applied to the original sequences, thus producing the functions sj ½p, with p ¼ 1; . . . ; P. The interpolated time sequences are then arranged as rows of a matrix S½j; p, which represents the employed original sequence based signature template. The enrollment and authentication schemes of the proposed cryptosystem are illustrated in Figs. 2 and 3, respectively. As shown in Fig. 2, a training phase is required before performing the enrollment, in order to estimate the values employed during the binarization of the considered signature functions.

In brief, during enrollment a number I of signatures are recorded for each user u. The functions derived from each signature are collected in the matrices Su;i ; i ¼ 1; . . . ; I. A binary matrix Bu is then obtained, through a binarization process performed with the aid of the inter-class C and X matrices, defined in Section 4.1, estimated during the system’s training phase. Then, for each user u, the most reliable traits of his signatures are estimated, and the corresponding bits in Bu are selected. The obtained bits are arranged to generate the user representative binary vector xu . The extracted template is then protected by summing (with a XOR operator) to xu a codeword cu , generated as the output of a BCH encoder (Purser, 1995) fed by a random generated binary word mu . The obtained vector FCu is then stored together with the hashed version hðmÞu of mu . The stored information can be used to perform user authentication without revealing any information about the original data, as indicated in Section 4.3. 4.1. Training During the training stage, a set of available signatures is used to derive the matrices C and X, which are employed during the enrollment to perform the binarization of the signature sequences. Assuming that E signatures, taken from each of a set of W users, are available during this phase, the rows cj of C and xj of X; j ¼ 1; . . . ; J, are obtained as:

cj ¼

W 1 X cw ; W w¼1 j

xj ¼

W 1 X xw ; W w¼1 j

ð1Þ

being

cw j

E 1X ¼ sw;e ; E e¼1 j

xw j

vffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi u E 2 u1 X w;e : ¼t sj xw j E e¼1

ð2Þ

4.2. Enrollment During the enrollment I signatures are taken from each user u, and a mean matrix Wu is generated, assigning to its rows the mean vectors wuj , where

wuj ¼

I 1X su;i ; I i¼1 j

j ¼ 1; . . . ; J:

ð3Þ

Employing the inter-class matrices C and X estimated during the training phase, the matrix Ku is computed as

Ku ¼

Wu C : X

ð4Þ

Each element Ku ½j; p; j ¼ 1; . . . ; J and p ¼ 1; . . . ; P, is then binarized with Nb bits, thus producing a binary matrix Bu with J rows and P N b columns. The matrix Bu is the binary template representing the signatures of user u, which can be protected by employing BCH codes (Purser, 1995). Specifically, a ðn; kÞ BCH code, able to encode messages of k bits in strings of n bits, is selected depending on the desired Error Correcting Capability (ECC), from which the system performances are also dependent. A random binary message mu , of k bits, is encoded using the selected BCH code, thus obtaining the codeword cu . Then, the matrix Bu is converted to a binary vector xu with length n, following the procedure detailed in Section 4.2.1, and a XOR operation between the codeword cu and xu is finally performed, thus obtaining the fuzzy commitment FCu :

FCu ¼ FCðxu ; cu Þ ¼ xu cu : u

ð5Þ u

A hashed version hðm Þ of the random message m , obtained using the SHA-256 algorithm from the SHA-2 family (NIST, 2002) is then stored together with FCu .


3457

Fig. 2. Enrollment scheme: the acquired data are analyzed, quantized and summed to error correcting codes. The stored data are C; X; RF; FC, and hðmÞ.

Fig. 3. Authentication scheme: when a subject claims his identity, a response is given by using the stored data C; X; RF; FC, and hðmÞ.

4.2.1. Reliable signature traits selection The binary matrix Bu consists of J P N b elements, obtained from the binarization of the mean matrix Wu , with J P elements. However, only a part of the matrix Bu has to be selected to generate the vector xu , whose length n is the same of the employed BCH codewords. In fact, while the length P of the employed signature sequences should be large enough to not discard useful information of a signature, the computational complexity of a BCH encoder increases with the value of n (with n ¼ 2l 1; l 2 N), which therefore should be kept as low as possible. A procedure for the selection of the most reliable traits of a signature is therefore needed. Such procedure has to be employed to reduce the dimension of the binary template Bu , while identifying the signature traits able to guarantee the best possible recognition rates. In order to accomplish this task, each signature is divided into N p parts with equal sample length N v , among which only N s segments are selected to generate xu . The desired segments are identified according to two reliability measures for signature traits: A measure RuG ½f ; f ¼ 1; . . . ; N p , which assigns a greater reliability to the signature segments whose binarization produces outputs with the lowest Hamming distances from Bu . Specifically, the binarization of each of the I enrolled signature representations Su;i is compared with Bu , and the signature traits whose binary versions are the most of the time equal to Bu receive a greater reliability measure, normalized between 0 and 1. The segments with a higher reliability are those which, theoretically, are able to guarantee a low False Recognition Rate (FRR). A measure RuF ½f ; f ¼ 1; . . . ; N p , which assigns a greater reliability to the segments which appear to be more difficult to forge. In order to decide, between two signature traits, which is the easier to be forged, some assumptions have to be made. In the forensic field it is well known that the most distinctive traits of a signature are those realized in the most spontaneous way. Upon this assumption, we assign a greater reliability to those signature traits where a high velocity, a low pressure, and a low curvature radius are encountered. The selected segments should therefore be those which, theoretically, are more difficult to forge, and are then able to guarantee a low False Acceptance Rate (FAR).

The reliability measures RuG ½f and RuF ½f are combined into a single measure Ru ½f ¼ aRuG ½f þ bRuF ½f , where a and b are selected depending on which measure we want to play a predominant role. According to the values of Ru ½f , the N s traits with the greatest reliability measures are selected and registered in the vector RFu . The vector xu is generated by the concatenation of rows of Bu , taking for each row only the binary values related to the most reliable signature traits. 4.3. Authentication The authentication phase, depicted in Fig. 3, follows the same steps of the enrollment stage. When a subject claims his identity, ~u . he provides his signature, which is converted in the matrix S Then, the binarization of e S u is performed by using the inter-class e u . The reliable signature traits matrices C and X, thus obtaining B are then selected using the stored information RFu , generating ~u and ~ u . From the XOR operation between x the binary vector x u u ~ FC , a binary vector c , representing a possibly corrupted BCH codeword, is obtained. The BCH decoder is selected depending on ~ u from ~ cu . Finally, the encoder used during enrollment, obtaining m u ~ the SHA-256 hashed version hðm Þ is compared to hðmu Þ: if both values are identical, the subject is authenticated. 5. System security Following the proposed framework, it is impossible to retrieve the original signature templates Su;i from the stored data. In fact, in order to infer about the extracted sequences, or to reconstruct their binary counterparts, it is necessary to possess, among the other data, the BCH codeword cu . However, neither the binary word mu at the input of the BCH encoder, nor its output cu , are kept in the system. In fact, only the hashed value of mu , generated by means of the hash function hðÞ, is stored, thus guaranteeing the impossibility to recover useful information from the system database. As discussed in Juels and Wattenberg (1999), it can be then concluded that the disclosure of the secret xu is as much hard as finding a collision for the SHA-256 hash hðmu Þ, which leads to the observation that the security of the presented system is given by the robustness of the employed hash function.

3458


Nevertheless, it is worth noticing that a brute force attack can attempt to determine hðmu Þ, and therefore cu , by analyzing all the possible message strings mu . Therefore, the security of a fuzzy commitment based protected system depends on the bit length k of the employed secret messages. This system parameter is connected with the length n of the binary templates xu , and with the ECC which has to be employed by the system to manage the intra-class variability: the higher the needed ECC, the shorter the message string mu . When employing a set of parametric features as signature representation as in Maiorana et al. (2008a), the size n of the vector xu can be hardly higher than 127, due to the difficulties in defining reliable parametric features for a signature based recognition system. Therefore, the attempts which have to be performed when using a brute force attack to break the system’s security are 2k , with k 29 bits. This value represents the length of the binary messages mu which can be employed to provide an ECC of 21 bits, when using BCH codewords with n ¼ 127 bits (operating point corresponding to the Equal Error Rate). An entropy of 29 bits is clearly unsatisfactory for a provably secure system: considering the RSA encryption algorithms as examples of robust protection schemes, binary keys with 1024 or 2048 bits are employed to secure a given message. By using a set of signature time sequences to generate the vector xu , its length n is much longer than the length of the corresponding vector obtained by employing parametric features, as proposed in Maiorana et al. (2008a). A robustness to brute force attacks comparable to the one provided by the RSA algorithm can then be guaranteed. 6. Experimental results and conclusions An extensive set of experimental results has been performed by using the public version of the MCYT on-line signature corpus (Ortega-Garcia et al., 2003), which comprises 100 users, for each of which 25 genuine signatures and 25 skilled forgeries have been captured during five different sessions. The database has been divided into two disjoint subsets: a training set, comprising the first W ¼ 30 users, which has been employed for the estimation of the matrices C and X as described in Section 4.1, and an evaluation set, given by the remaining 70 users, which has been used to analyze the verification performances of the proposed system. The employed signature representation consists of J ¼ 7 discrete-time sequences. Specifically, the considered on-line signatures are represented by means of the horizontal x½t and vertical y½t position trajectories. Also the pressure signal p½t is captured by the employed acquisition devices. A geometric normalization, consisting of position normalization followed by rotation alignment, is applied to the pen-position functions x½t and y½t. Other four discrete-time sequences are derived from x½t and y½t, and used as an additional set of functions, namely: _ _ The path-tangent angle: h½t ¼ arctanðy½t= x½tÞ. pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi 2 _ The path velocity magnitude: v ½t ¼ ðx ½t þ y_ 2 ½tÞ. _ The log curvature radius: q½t ¼ logðv ½t=h½tÞ. qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi _ 2. The total acceleration magnitude: a½t ¼ v_ 2 ½t þ ðv ½th½tÞ Different values P have been employed for the lengths of the interpolated signature functions, in order to study which system configuration allows to achieve the best verification performances. A different value n for the lengths of the employed BCH codewords is selected for each value of P. Moreover, different values N b have been employed to binarize the elements of a signature sequence. The considered combinations of P; n; N b ; N s and N v are summarized in Table 1. It is worth noticing that system’s parameters have to be selected in such a way that J N s N v N b 6 n and N s N v 6 P.

The first experiment has been conducted by taking P ¼ 200 and N b ¼ 2. The obtained results, regarding the FRR and the FAR in presence of skilled forgeries ðFARSF Þ, are displayed in Fig. 4a and b, which respectively show the performances achieved with I ¼ 5 and I ¼ 10 signatures taken during enrollment. Specifically, the Receiver Operating Characteristic (ROC) curves of Fig. 4 illustrate: The performances of an unprotected system, where the matching is based on the computation of the Mahalanobis distance between the real-valued template Wu and the signa~u . Basically, the signature functions are ture representation S directly compared without employing any form of Dynamic Time Warping (DTW) (Dimauro et al., 2004). The performance of an unprotected system, where the matching is based on the computation of the Hamming distances between the binary template Bu and the signature e u . In this case, the whole binary signature representation B functions are considered, without employing any selection of the most reliable signature traits. The performances of the proposed protected system, where the reliable signature traits selection described in Section 4.2.1 is employed. The presented ROC curves are obtained by varying the ECC of the employed BCH codes. The performances of the BioPKI protected system (Feng & Chan, 2002), employed to provide security to the set of parametric signature features presented in Fierrez-Aguilar et al. (2005). The performances of the protected system presented in Maiorana et al. (2008a), where the fuzzy commitment has been employed for the security of the parametric features presented in Fierrez-Aguilar et al. (2005). As evident, the proposed protected system performs as well as the unprotected system using real-valued templates, reaching an Equal Error Rate (EER) of 11.45% when I ¼ 5 and 8:33% for I ¼ 10. Moreover, the employed signature traits selection allows to achieve performances equal or even better than those obtained with the whole binarized signature functions, even if considering only a fraction of the available signature information. The proposed protected system also performs significantly better than the protected approaches presented in Feng and Chan (2002) and Maiorana et al. (2008a). Such substantive performance improvement relies in the choice of using a function based signature representation, instead of a parametric one as in Feng and Chan (2002) and Maiorana et al. (2008a). It is worth pointing out that a signature based recognition system can hardly reach EERs as low as the one obtained using fingerprint or iris, due to the behavioral nature of signature biometrics. Nevertheless, the obtained recognition rates are comparable with those achieved, on the same database, by the majority of the proposed unprotected signature based recognition systems, even by those employing user-dependent and a posteriori threshold selection, like the one in Fierrez-Aguilar et al. (2005). The application of the fuzzy commitment to a function based signature representation therefore allows to achieve promising verification performances, while providing a strong protection to the considered signature templates. We have also performed tests to determine the system configuration which guarantee the best recognition performances. Specifically, Fig. 5 shows the EERs achievable when employing different values P for the lengths of the interpolated signature sequences. Both the proposed protected system (using different bit depths Nb ) and the unprotected system employing real-valued templates are considered. The unprotected system is only slightly affected by the variability of the parameter P, while using the protected

3459

E. Maiorana / Expert Systems with Applications 37 (2010) 3454–3461 Table 1 System’s parameters employed for different configurations. P ¼ 100; n ¼ 511 1 9 8

Nb Ns Nv

a

3 4 6

4 3 6

1 12 12

24

3 6 8

b

Unprotected system (real−valued templates) Unprotected system (binary templates) Proposed protected system BioPKI [Feng and Chan (2004)] protected system Protected system in [Maiorana et al. (2008)]

28

P ¼ 300; n ¼ 2047

2 6 12

30

26

24 22 20

18

SF

16 14 12

14 12 10 8

6

6

4

4

2

2

8

0 0

10 12 14 16 18 20 22 24 26 28 30

4 9 8

16

8

6

3 12 8

18

10

4

2 12 12

Unprotected system (real−valued templates) Unprotected system (binary templates) Proposed protected system BioPKI [Feng and Chan (2004)] protected system Protected system in [Maiorana et al. (2008)]

28

20

2

1 18 16

30

22

0 0

4 7 6

26

FAR (in %)

FARSF (in %)

2 6 6

P ¼ 200; n ¼ 1023

FRR (in %)

2

4

6

8

10 12 14 16 18 20 22 24 26 28 30

FRR (in %)

Fig. 4. Recognition performances of the proposed template protected system (with P ¼ 200 and N b ¼ 2 as system’s parameters), and comparisons with other protected signature based systems. (a) Enrollment with I ¼ 5 signatures; and (b) enrollment with I ¼ 10 signatures.

a

b

16

16 15

15

Unprotected system (real−valued templates) Proposed protected system; N b =1 Proposed protected system; N b =2

14

14

13

13

Proposed protected system; N b =3 Proposed protected system; N =4

(in %)

12

SF

11

EER

EER

SF

(in %)

b

10

11 10 9

9 8

12

Unprotected system (real−valued templates) Proposed protected system; N b = 1

8

Proposed protected system; N = 2 b

7

Proposed protected system; N b = 3

7

Proposed protected system; N b = 4 6 100

200

300

P

6 100

200

300

P

Fig. 5. Recognition performances of the proposed template protected system using different lengths P for the interpolated signature sequences. (a) Enrollment with I ¼ 5 signatures; and (b) enrollment with I ¼ 10 signatures.

system better results can be achieved when setting P ¼ 300 for I ¼ 5, and P ¼ 200 for I ¼ 10. Moreover, the dependency of the achievable performances on the parameter N b has also been investigated, and the achieved

results are shown in Fig. 6, where it is shown that the best results are obtained when binarizing each signature element with a single bit. The verification performances worsen when using a higher number of bits during the binarization process. The best achievable

3460


a

Proposed protected system; P = 100 Proposed protected system; P = 200 Proposed protected system; P = 300

15

16

14

13

13

(in %)

14

12

SF

11 10

12 11 10

9

9

8

8

7

7

6

6 1

2

Proposed protected system; P = 100 Proposed protected system; P = 200 Proposed protected system; P = 300

15

EER

EERSF (in %)

b

16

3

4

Nb

1

2

3

4

Nb

Fig. 6. Recognition performances of the proposed template protected system using different bit depths during the binarization process. (a) Enrollment with I ¼ 5 signatures; and (b) enrollment with I ¼ 10 signatures.

recognition rates are then EER ¼ 9:3% for I ¼ 5 (achieved with P ¼ 300 and N b ¼ 1) and EER ¼ 6:95% for I ¼ 10 (achieved with P ¼ 200 and N b ¼ 1).

7. Conclusions A biometric cryptosystem using on-line signature is presented. A function based signature representation is employed to generate the users’ templates, while protection and renewability are obtained by binding the considered templates with error correcting codes. A method for selecting the most reliable signature traits is also introduced. The proposed protected system is able to perform user verification with performances comparable with those of an unprotected system. Moreover, being based on a functional signature representation, it allows to guarantee recognition rates far better than those offered by methods using parametric signature features. Further improvements can be accomplished by defining other metrics for the selection of the most reliable signature traits, as well as by using other functions to represent the acquired on-line signatures. References Campisi, P., Maiorana, E., & Neri, A. (2009). On-line signature based authentication: Template security issues and countermeasures. In N. V. Boulgouris, K. N. Plataniotis, & E. Micheli-Tzanakou (Eds.), Biometrics: Theory, Methods, and Applications. Wiley/IEEE. Cappelli, R., Lumini, A., Maio, D., & Maltoni, D. (2007). Fingerprint image reconstruction from standard templates. IEEE Transactions on PAMI, 29(9), 1489–1503. Dimauro, G., Impedovo, S., Lucchese, M. G., Modugno, R., & Pirlo, G. (2004). Recent advancements in automatic signature verification. In Proceedings of the ninth international workshop on frontiers in handwriting recognition. Feng, H., & Chan, C. W. (2002). Private key generation from on-line handwritten signatures. Information Management and Computer Security, 159–164. Fierrez-Aguilar, J., Nanni, L., Lopez-Peñalba, J., Ortega-Garcia, J., & Maltoni, D. (2005). An on-line signature verification system based on fusion of local and global information. In International conference on audio and video-based biometric person authentication (AVBPA) (pp. 523–532). Fierrez-Aguilar, J., Ramos-Castro, D., Ortega-Garcia, J., & Gonzalez-Rodriguez, J. (2007). HMM-based on-line signature verification: Feature extraction and signature modeling. Pattern Recognition Letters, 28(16), 2325–2334.

Freire-Santos, M., Fierrez-Aguilar, J., & Ortega-Garcia, J. (2006). Cryptographic key generation using handwritten signature. In SPIE, defense and security symposium, biometric technologies for human identification (Vol. 6202, pp. 225–231). Jain, A. K. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4–20. Jain, A. K., Nandakumar, K., & Nagar, A. (2008). Biometric template security. EURASIP Journal on Advances in Signal Processing (Special Issue on Biometrics). Jain, A. K., Griess, F. D., & Connell, S. D. (2002). On-line signature verification. Pattern Recognition, 35(12), 2963–2972. Jain, A. K., & Uludag, U. (2003). Hiding biometric data. IEEE Transactions on Pattern Analysis and Machine Intelligence, 25(11), 1494–1498. Juels, A., & Wattenberg, M. (1999). A fuzzy commitment scheme. In Sixth ACM conference computer and communication security (pp. 28–36), Singapore. Juels, A., & Sudan, M. (2006). A fuzzy vault scheme. Design Codes Cryptography, 38(2), 237–257. Lumini, A., & Nanni, L. (2009). Ensemble of on-line signature matchers based on OverComplete feature generation. Expert Systems with Applications, 36(3), 5291–5296. Lumini, A., & Nanni, L. (2007). An improved BioHashing for human authentication. Pattern Recognition, 40(3), 1057–1065. Maiorana, E., Campisi, P., & Neri, A. (2008a). User adaptive fuzzy commitment for signature templates protection and renewability. SPIE Journal of Electronic Imaging, Special Section on Biometrics, 17(1). Maiorana, E., Campisi, P., & Neri, A. (2007). Biometric signature authentication using radon transform-based watermarking techniques. IEEE biometric symposium, Baltimore, MD, USA. Maiorana, E., Martinez-Diaz, M., Campisi, P., Ortega-Garcia, J., & Neri, A. (2008b). Template protection for HMM-based on-line signature authentication. In CVPR conference, workshop on biometrics (pp. 23–28), Anchorage, USA. Maiorana, E., Campisi, P., Ortega-Garcia, J., & Neri, A. (2008c). Cancelable biometrics for HMM-based signature recognition. In IEEE second international conference on biometrics: Theory, applications and systems (BTAS) (p. 29), Washington, USA. Menezes, A., van Oorschot, P., & Vanstone, S. (1996). Handbook of applied cryptography. CRC Press. Nandakumar, K., Jain, A. K., & Pankati, S. (2007). Fingerprint-based fuzzy vault: Implementation and performance. IEEE Transactions on Information Forensic and Security, 2(4). NIST (2002). FIPS 180-2, Secure Hash Standards. Ortega-Garcia, J., et al. (2003). MCYT baseline corpus: A bimodal biometric database. In IEE Proceedings on vision, image and signal processing, special issue on biometrics on the internet (Vol. 150(6), pp. 395–401). Prabhakar, S., Pankanti, S., & Jain, A. K. (2003). Biometric recognition: Security and privacy concerns. IEEE Security and Privacy Magazine, 1(2), 33–42. Purser, M. (1995). Introduction to error-correcting codes. Boston: Artech House. Ratha, N., Chikkerur, S., Connell, J. H., & Bolle, R. M. (2007). Generating cancelable fingerprint templates. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4), 561–572. Ratha, N. K., Connell, J. H., & Bolle, R. (2001). Enhancing security and privacy of biometric-based authentication systems. IBM Systems Journal, 40(3), 614–634. Sutcu, Y., Li, Q., & Memon, N. (2007). Protecting biometric templates with sketch: Theory and practice. IEEE Transactions on Information Forensics and Security, 2(3), 503–512.

E. Maiorana / Expert Systems with Applications 37 (2010) 3454–3461 Teoh, A. B. J., Ngo, D. C. L., & Goh, A. (2006). Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs. IEEE Transactions on Pattern Analysis and Machine Intelligence, 28(12), 1892–1901. Uludag, U., Pankanti, S., Prabhakar, S., & Jain, A. K. (2004). Biometric cryptosystems: Issues and challanges. Proceedings of the IEEE, 92(6), 948–960. Van der Veen, M., Kevenaar, T., Schrijen, G. -J., Akkermans, T. H., & Zuo, F. (2006). Face biometrics with renewable templates. In SPIE proceedings on security, steganography, and watermarking of multimedia contents (Vol. 6072).

3461

Vielhauer, C., Steinmetz, R., & Mayerhöfer, A. (2002). Biometric Hash based on statistical features of online signatures. In International conference on pattern recognition (ICPR) (Vol. 1, pp. 123–126). Yip, W. K., Goh, A., Ngo, D. C. L., & Teoh, A. B. J. (2006). Generation of replaceable cryptographic keys from dynamic handwritten signatures. In ICB06 (pp. 509– 515).