International Review on Computers and Software (I.RE.CO.S.), Vol. 8, n.12
A Review of Biometric Template Protection Techniques for Online Handwritten Signature Application Fahad Layth Malallah*1, Sharifah Mumtazah Syed Ahmad**1 , Salman Yussof2, Wan Azizun Wan Adnan1, Vahab Iranmanesh1 and Olasimbo A. Arigbabu1 Abstract – Handwritten signature biometric is considered as a noninvasive and nonintrusive process by the majority of the users. Furthermore, it has a high legal value for document authentication, as well as being dependent on by both commercial transactions and governmental institutions. Signature verification requires storing templates in the database, which threatens the security of the system from being stolen, to being vulnerable to the template playback attack that may give an attacker an invalid access to the system. Moreover, an individual cannot use his / her signature with two applications or more, otherwise, a cross matching problem will occur. The aforementioned problems can be avoided by using biometric template protection techniques for the online signature, which have been reviewed and discussed in this paper considering both protections and verification. Furthermore, the verification elaboration comprises of capture devices, pre-processing, feature extraction and classification methods.
Keywords: Authentication, biometrics, online handwritten signature verification, template protection.
I.
Introduction
Information security maintains confidentiality, availability and integrity of information. User authentication is one of the operations performed in information security [1]. Authentication operation can be based on three different modes based on either something you know, something you have or something you are. The first mode relies on the knowledge factors such as a password or Personal Identification Number (PIN). The second mode refers to the ownership factors regarding something the user has such as wrist band, ID card, security token. The last mode describes biometric authentications that are based on inherence factors regarding something the user is or does such as fingerprint, retinal pattern, signature, voice, face [2]. Particularly, both first and second modes are unfortunately having some limitations. The use of the first mode such as in password authentication has the risk that the password can be guessed, forgotten or cracked through dictionary or brute force attacks, whereas the use of the second mode like using token as identifiers is also at risk of being lost, shared, stolen or duplicated. The emerging authentication method is based on biometrics, which is claimed to be both more fool-proof and reliable [3]. The word biometric is derived from two Greek words, which are bio meaning “life” and metron meaning “measure” [4]. Biometric can be classified into two categories depending on the nature of the biometrics data. The first one is physiological based biometrics such as an eye, finger print, face, hand, ear and DNA. The second one is behavioral based biometrics such as a
signature (online or offline), gait, voice, body odor, electrocardiogram (ECG) and keystrokes. In this paper, the review is focused on the online handwritten signature, since it is considered as a consent for an action that may have an impact on a signer [5] as well as being a type of authentication, which has become a part of everyday life [6], [7]. Handwritten signature provides options, which are largely considered acceptable by the greatest number of users, as well as it is offering a range of advantages over other modalities including familiarity to a wide user group and established legal status and acceptability by the public [8], [9]. With the rapid advancement of signature capture devices like tablet [10] and smart phone [11], there is a huge potential for online signature applications that are expected to occupy a large field of researches in forthcoming years. Examples of such applications are banking operations (account changes, account openings), consumer lending, credit card applications. On the contrary, signature accuracy for correct matching is difficult to be achieved due to high intra-user variability. This is because the same person may not be able to produce exactly the same signature each time he or she attempted to sign. Another limitation is that, handwritten signature can be forged in a relatively easy way and without using specialized hardware [12]. For this reason, a signature verification algorithm must be able to rule out forged signatures with high probability. Template protection of the online signature can overcome the following problems. The first problem is that leaving signature template unsecure makes it an easy target for intruders who might use the
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
template illegally. The second problem, if one person wants to use his / her signature in two different applications, there will be a cross matching between databases, because if the signer gives his / her signature to two applications, data conflicting will be occurred in case the two applications are connected by internet. Furthermore, if the signature in the first application is compromised, spontaneously that signature in the second application will be compromised as well by the same intruders. The third problem is that a human signature is only one version extracted from one person, unlike a password or a token where if the latter two were compromised or missed, system administrator can easily reissue a new one. The same cannot be done for signatures. This paper is organized as following: in section II, general template protection schemes are presented for different biometric modalities. In section III, the essence of this paper is presented, which is on online signature template protection. In section IV, the verification and performance are reviewed for the protected templates of the signatures and finally the discussion and conclusion are drawn in section V.
II.
Biometric Templates Protection
Generally, template protection schemes can be clustered into two approaches as depicted in Fig. 1, namely, feature transformation, which comprises of Salting and Noninvertible transformation and biometric cryptosystem, which usually comprises of key release, key binding and key generation [13],[21]. Template protection is characterized by four aspects: “diversity” means that the secured template should not allow a cross matching across databases, “renewability” means the ability to reproduce another template from the compromised template, “security” means it should be computationally hard to obtain the original biometric template and “performance” means the biometric template protection scheme should not degrade the recognition accuracy even after protection. However, it is difficult to simultaneously satisfy all of these aspects as they may contradict each other.
Feature transformation involves distortion and randomizing operations to biometric data, in order to make sure that the original data cannot be reconstructed from the transformed templates [2], [13]. Within this technique as it is depicted in Fig. 2, the same transformation function and classifier are applied to both reference template and queried template [6]. Feature transformation approach has two types of transformation methods: Salting and Noninvertible transformation [13]. In salting, the function is invertible. In other words, if an intruder gains access to the key and the transformed template, the original biometric template can be reconstructed, since the secrecy in salting depends on the key or password, which acts as salting limitation. On the other hand, salting approach is effective in satisfying other biometric template protection properties such as renewability (by resetting the secured key), security (based on key secrecy) and performance. An example of salting technique is BioHash [41], which employs a random multi-space quantization based on input features extracted from face images. Other techniques include the key or PIN from the subject in order to randomize the binary string extracted from minutiae points from fingerprints [15], [16]. In this type of the transformation, renewability and unlinkability properties are heavily dependent on the transformation parameters [17]. In noninvertible transformation, transformations are implemented by applying a one-way function on the biometric template, in which it is computationally hard to invert the transformed biometric template even if the key is known [13], [6]. Biometric template protection, which is based on noninvertible transformation technique, is also known as a cancelable biometric [2], [13]. It was first introduced in 2001 by Ratha [2], which is an intention repeatable distortion to the biometric signal based on chosen transforms. With this approach, each enrollment to the instance can make use of different transform functions to avoid cross matching amongst different applications. Furthermore, if one variant of the transformed template is compromised, then the transform function can simply create a new variant. As mentioned earlier, the transformation of biometrics should be noninvertible. Example of noninvertible transformation for fingerprint cancelable template is illustrated in [18], [56], [57], [58], [59]. The transformation can either be on signal directly [2], where the transformation is referred to as in signal domain or after feature extraction from the signal, in which case the transformation is referred to as in feature domain [13].
Fig. 1. Categories of biometric template protection.
II.1.
Feature Transformation
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
International Review on Computers and Software, Vol. 8, n. 12
Fig. 2. Feature transformation approach as template protection, (adapted from [13]).
II.2.
helper data only from biometric template [6], [21]-[23]. The most popular techniques of key generator are Fuzzy extractor [26] and Secure sketch [27]. Fuzzy Extractor involves extracting uniformly random string from the biometric input to represent the helper data. An example of fuzzy extractor is described in [28]. Secure Sketch can be considered as helper data that leaks just few information about the template (this is as measured by its entropy). An example of Secure Sketch is described in [29].
Biometric Cryptosystem
This refers to systems that can be used for either protecting a cryptographic key using biometric features or generating a cryptographic key from features [19]. In this type of template protection is depicted in Fig. 3, helper data (also named Public Information) are stored in the database [20]. Biometric cryptosystem can be either key release or key binding or key generation [21]-[23]. The classification is based on how the helper data are obtained. In key release, both biometric data and cryptographic key are stored in the database as two separate entities, and once the person authenticates via his / her biometric signal successfully, its corresponding key will be released. This type of cryptosystem is primitive and not secure since it is vulnerable to the Trojan horse attack (e.g., a Trojan horse can modify the biometric authentication subsystem and inject a 1-bit accept / reject information to the key release subsystem). This is because biometric authentication is totally decoupled from the key release [22]. In key binding, helper data are obtained by binding a key with a biometric template, and then matching operation involves recovering the key from the helper data using the query biometric features [13], [21]-[24]. Two well-known approaches for implementing key binding are: Fuzzy vault and Fuzzy commitment. The former is implemented by generating polynomial from secret code and biometric characteristic then adding false points named chaffs to construct the Vault. The combination will be stored in the database as a helper data for the matching. During authentication, query biometric feature is applied to find the correct secret code from the vault and decide on accepting / rejecting result [21]. The latter is implemented by committing a codeword (which acts as the key) of an error correcting code using a fixed length biometric feature vector as a witness, then storing the helper data for prospective matching. In an authentication stage, the queried biometric feature is applied to the helper data using the same process to create the helper data in order to extract the codeword, and then both are matched against each other to decide the final decision [24]. An example of key binding as fuzzy vault is illustrated in [21], which binds fingerprint biometric with random key generated based on Lorenz chaotic system. An example of fuzzy commitment is elaborated in [25]. In key generation, it is accomplished by deriving the
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
Fig. 3. Key binding biometric cryptosystem approach as template protection.
Moreover, it is worth mentioning here that each scheme of biometric template protection has its own advantages and limitations as summarized in table I. Table I ADVANTAGES AND LIMITATIONS OF DIFFERENT BIOMETRIC TEMPLATE PROTECTION SCHEMES. Scheme Advantage Limitations Salting transform ation
(1)Very easy for doing diversity, since it just requires resetting the key. (2)False Accept rate error (FAR) is low, due to using key for a specific user.
(1)Security totally depends on the key, if the key is compromised; the biometric template is no longer secure. (2)Slight degradation in the performance, since the matching operation is done in the transformed domain.
Noninver tible transform ation
(1)High security, because of noninvertible transformation function (2)No need to secure the key. (3)Diversity can be fulfilled.
(1)Performance degradation, since it is a tradeoff between secrecy and recognition accuracy.
Key Release
(1)Easy to implement. (2)Straightforward understand.
(1)Biometric matcher can be overridden. (2)Biometric template is not secure.
Key Binding
(1)Suitable and tolerance with biometrics that have intra-user variability.
to
(1)Recognition accuracy is low due to using error correction schemes (2)Diversity and revocability are not provided by biometric cryptosystem unless there is conjugation with salting scheme. (3)It is not easy to design helper data for binding key with specific biometric.
International Review on Computers and Software, Vol. 8, n. 12
Key Generatio n
(1)In addition to being used as a template protection, it can also be used as a cryptography protection by biometric features.
(1) Diversity and revocability III.2. Signature Feature Transformation are not provided. Because, in case of compromising, it is Salting approach was suggested by W.K. Yip in 2006 difficult to generate high for online signature template protection in [34], where its difference in the key distance (entropy) from the same user. renewability is accomplished by changing the key using
III. Online Signature Template Protection The contribution of this paper is to review the existing techniques for the online signature templates as the explanation of biometric template protection in the previous section. It is possible to discuss the signature template protection by dividing the protections into three types, which are biometric cryptosystem, feature transformation and hybrid approach as following:
III.1. Signature Biometric cryptosystem Signature template protection was first proposed by Claus Vielhauer in 2002 [30]. This protection is implemented by using hash method. Hash values are generated from statistical features of online signature as template protection. The main advantage of this work is in attaining security, since it has no reference data stored in the database. Nevertheless, this technique is limited in terms of renewability and diversity. Another work was proposed by Hao Feng also in 2002 [31] involves private key generation from online handwritten signatures, which is used as a private key for the digital signature cryptosystem and was named as BioPKI cryptosystem. The main purpose of BioPKI is to eliminate the problem of vulnerability of the private key storage that resolves key management matters. Code string is taken after shape matching operation to check whether the online signature is belonging to the specific user or not. The method of the template protection is implemented by using Secure Hash Algorithm-1 (SHA-1), where hash values are 160bit private key. Another work was proposed by M. Freire-Santos in 2006. The protection was based on key binding cryptosystem using fuzzy vault [32]. Template protection is implemented through encoding operation, which is done by using two values. The first value is a random k-bit is used as a secret key, which is then protected by the vault code. The second value is the online signature features. The decoding operation starts from encoded fuzzy vault vector with queried feature for online signature. Recently, it is proven that fuzzy vault is vulnerable to the multiplicity attack [33]. In March 2010, biometric cryptosystem approach as a key binding class based on fuzzy commitment template protection was presented by Emanuele Maiorana in [39]. This approach is able to perform renewability. Its strength, as claimed by the author, is in the recognition rate where both the unprotected and the protected recognition rate are roughly the same. The technique of this fuzzy commitment is based on Juels’s fuzzy commitment [40].
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
iterative inner product of Goh-Ngo as a Biohash method [35], which re-projects the biometric into different subspace defined by user token. Furthermore, Multi-State Discretization (MSD) in [36] is used to translate the inner products into binary bit-strings. After that, gray encoding is used to generate the final key. In 2008, another salting approach with online signature application was proposed by Manuel R. Freire [37]. In this technique, the templates in the enrollment stag are protected by doing XOR operation between feature vector (after Feature Extraction, Binarization and Feature Selection) and random code, which has already undergone an Error Correction Code (ECC) operation, for instance the binary BCH code [38]. Another work was proposed in May 2010 by Emanuele Maiorana [6], where a noninvertible transformation (cancelable template) of online signature templates called BioConvolving was presented. The idea of the transformation was proposed in 2008 in [41], but the version is improved in [6] to enhance its renewability property. It is noninvertible due to the fact that retrieving the original template from the transformed template is as hard as random guessing. The original sequence signal is split into non-overlapping segments according to random vector. The secrecy of the transformation decides how many segments the original signature should be divided into. The more secrecy obtained, the more segments are generated. Each segment has its own length as it is part of the original length. The length of the segment depends on the random vector key (d). The vector (d) represents the key of the transformation by altering it, thus achieving renewability. Vector (d) is constructed by randomly selecting different integer values ranging from 1 to 99. The transformed template is obtained by doing linear convolution among the generated segments of the original signature. Then, signal normalization is applied, in order to obtain zero-mean and unit-standard-deviation transformed sequences. As claimed by the author, that BioConvolving security of the transformed template depends on the blind de-convolution problem [42] to retrieve the original one. Furthermore, it is robust to multiplicity attack, which means even if the attacker possesses different transformed templates that are based on the original biometric; it is difficult to generate the original one. Finally, the length of the transformed template (in case of two segments are used) equals the same original length but it is subtracted by the one signature sampling part (trajectory). That means a one point trajectory is eliminated. Based on observation, we believe the problem with the current cancelable transformation is mainly due to low length signature sample. For example, for a sample with 150 trajectories each x[t]and y[t], where t=1…150. The total admissible renewability number is 149 in the case where two segments are used for transforming. That is because at each transformation, one trajectory will be ignored until International Review on Computers and Software, Vol. 8, n. 12
only one trajectory remains as a signature feature. Accordingly, the signature signal will be deleted gradually as there will be no feature representation. III.3. Hybrid Signature Template Protection In this case of signature template protection both biometric cryptosystem and feature transformation are used in one time, so that it is named as a hybrid technique as it is merging between both of them. The purpose of this merging is to gain the advantage of each technique and combine them in a one approach. An instance such this approach was proposed in February 2012, where a hybrid approach of online signature template protection was presented by Enrique Argones Rúa [43]. This approach comes from merging feature transformation with biometric cryptosystem. The former exploits the renewability property whereas the latter (based on fuzzy commitment) exploits its strength to provide security as noninvertibility and manage intraclass variability of signature samples. Feature transformation is proposed through Universal Background Model (UBM), which is a statistical descriptor that is employed as a model used in biometric verification system [44]. The method of enrollment and authentication is derived from fuzzy commitment scheme. The essence of protection comes by performing XOR operation between user template and random code. Another example of hybrid approach was in December 2012, which was presented by Emanuele Maiorana for online signature template protection using both turbo code and modulation constellation as a cryptosystem as well as UBMs model as a feature transformation [45]. The main purpose of the turbo code is to achieve high Error Correction Code (ECC). The property of ECC is exploited in this work to correct the error of the intra-user variability for biometric signatures, due to its original usage in the digital communication to correct the error of the received data after transmission. The purpose of the modulation constellation is beneficial in a soft-decoding modality to result a flexible framework. The author claimed that this technique is potential in achieving high performance in terms of security and recognition rate. The protection relies on key binding using fuzzy commitment protocol, where the code word is a binary vector generated from the random key generator which is then passed to turbo encoder [46] and to Pulse Shift Keying (PSK) modulation. Moreover, renewability within this work is the same as that in the previous work [43] by using UBMs model.
IV.
Online Signature Template Verification
Online signature verification of the protected template is subdivided into four subsections: sample capturing, pre-processing, feature extraction and classification.
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
Fig. 4. Process of signature verification, (adapted from [47]).
IV.1. Sample Capturing This subsection demonstrates the techniques used in capturing the signature samples for signature verification. There are two methods for signature samples as a data acquisition: static (offline) system and dynamic (online) system [6]. The former captures the signatures as a gray level image (paper based signature image) and the latter uses online acquisition devices that generate electronic signals representative of the signature during the writing process [47]. Some capturing devices that are used for online signatures data acquisition are digitizing tablets, electronic pens with touch-sensitive screens, which are capable of detecting position, acceleration, pen inclination, velocity, writing forces, pressure [47]. For example in [30],[31],[32],[43], the signature samples are captured as time series signals of horizontal x(t)and veridical y(t) coordinated, pen-up / pen-down flag data and pen pressure information. Other data acquisition devices are named Personal Digital Assistant (PDA), which have mobility advantage [47]. Handwritten signature database named SVC2004 [48] used this kind of data acquisition device in the work in [34]. Some capturing devices use a conventional pen that writes on paper positioned on a tablet in order to generate handwriting using ink, while generating an exact electronic replica of the actual handwriting. The advantage is the possibility to obtain online and offline data at the same time [47]. Another capturing approach uses hand-glove device for virtual reality applications used for online signature verification, which is able to provide data on both the dynamics of the pen motion during signing and the individual’s hand shape [47]. Other handwriting capturing devices are done by using computer vision techniques. For example, a special stylus conveying a small Charge-Coupled Device (CCD) camera has been proposed, which captures a series of snapshots of the writing. The stylus has ability to detect the pressure applied on the ballpoint and determine the pen-up/pen-down information [47]. IV.2. Pre-processing This subsection describes the processes prior to feature extraction in order to prepare the signal to be ready for feature extraction stage. These processes are based on techniques originating from standard signal processing algorithms [47]. Some types of preprocessing are:
International Review on Computers and Software, Vol. 8, n. 12
filtering, smoothing, normalization, binarization, thinning quantization, and noise removal. Filtering preprocessing is described in [31], which was done by ruling out the suspected signature sample before passing to feature extraction. This process is implemented by using a preliminary matching with trusted signature samples using Dynamic Time Warping (DTW). Another preprocessing, which is normalization, is described in [32]. This process is implemented by discarding the first and the last 10% of the signature sample because these regions are highly unstable. Another normalization is in the BioConvolving work in [6], where the operation is characterized by normalizing signal x(t) and y(t) in both position and rotation. The position is measured with respect to their center of mass and the rotation is measured with respect to their average path tangent angle. Another normalization operation is described in [34], which is implemented by two steps: spline interpolation and re-sampling. The former is used to derive the acceleration and velocity. The latter is used to uniform the signature length to 512 trajectories. Then aligning operation is done to the original signature by subtraction from the centroid point. Another normalization preprocessing is described in [39], which is a re-sampling operation that is performed to generate new sequence length of the online signature sample. The reason of re-sampling preprocessing is to handle the temporal intrauser variability of a user’s signature sample. Another preprocessing is smoothing, which is also presented in [32]. The function of smoothing is applied in order to reduce the noise. In the following works, [30], [37], [43] and [45], there is no preprocessing operations, since the features had been taken from the handwritten signature signals directly. IV.3. Feature Extraction Features of online handwritten signature verification can be divided into two types: functions and parameters [6]. In case of functional features, the signature is usually described in terms of a time function, whereas in parameter features the signature is described as a vector of elements [6], [43], [47]. Parameters are further classified into two categories: global (parameters which concern the whole signature) and local (parameters which concern features extracted from specific parts of the signature). Usually, online signature features are function features, including position trajectories and pen pressure (captured from the devices), velocity and acceleration function (numerically derived from position) [6], [47]. Researchers claimed that high recognition accuracy could be achieved through selecting the good features, as well as claiming that, the smaller the feature vector, the larger the number of person that can be enrolled into the system and the faster the speed that can be achieved in the verification process [47]. An example of using function features is described in [6], [39], [43], [45], whereas signals are used as a discrete time sequence
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
represented features. Some of them are horizontal x(t) and vertical y(t) as a position trajectories, pen pressure p(t), velocity magnitude v(t), the path-tangent angle θ(t), total acceleration magnitude a(t) and the log curvature radius ρ(t). Examples of parameter features, which are extracted by using statistical operations, are described in [30], [31], [32], [37]. Parameter features are also extracted by using Fast Fourier Transform (FFT) in [34]. Furthermore, signature verification requires feature selection in order to reduce processing cost, memory requirement, which leads to increase in the system efficiency [47]. An example would be feature selection that is based on Principal Component Analysis (PCA). Other examples of feature selection for the online signature are in [37] and [39], which are based on the reliability measurement to select the most reliable features. And also in [45] selection is based on some statistical measurements that are used to select the most stable features among the input vector based on mean (μ) and standard deviation (σ) of the captured data. IV.4. Classification and Performance A classifier is a program that inputs the feature vector and assigns it to one of the designated classes either to a reject or an accept class. There are many types of classifier techniques such as Dynamic Time Warping (DTW) for online signature verification [4], [6], [31], Hidden Markov Model (HMM) for online signature verification [4], [6], Bayesian classifier for signature verification [49], Artificial Neural Network (ANN) for handwritten digits verification [50] and for signature biometric [53], Support Vector Machine (SVM) for the regression [51]. Performance of signature verification can be estimated by two types of errors: Type I errors concern the false rejections of genuine signatures [False Rejection Rate (FRR)]. Type II errors concern the false acceptance of forged signatures [False Acceptance Rate (FAR)]. Therefore, the general error rate of a signature verification system is estimated by taking the average of both of them [47], [54], [55]. Several classifiers based template protection use statistical methods or distance metrics between the enrolled and queried hash vector parameters to estimate the error rate of the classification. Examples of these techniques are in [30], [32],[34], [37],[39],[43], [45]. Another classifier, which is Hidden Markov Model (HMM), is used for online signature verification as it is used in BioConvolving transformation technique [6]. This classifier supports Renewability property. The performance results of the online template protection are listed in table II in terms of their databases, number of users and classifier techniques. Table II PERFORMANCE OF ONLINE SIGNATURE VERIFICATION Authors Database Approach Results C. Vielhauer 10 persons given thresholdFRR= 7.05%, [51] genuine and forged base trueFAR=0%. samples false
International Review on Computers and Software, Vol. 8, n. 12
M. FreireSantos [53]
MCYT [52], 126users,Each :25 (G), 25 (F)
Manuel R. Freire [59].
MCYT,330users, each:25 (G), 25 (F), 16,500 (S).
W.K. Yip [56]
SVC2004,40 users, each: 20 (G) , 20(F)
Emanuele Maiorana [62]
MCYT, 100users, each: 25 (G), 25 (F), 5000(S).
Enrique Argones Rúa [68]
BIOSECURE-DS2 to train UBM. MCYT, 100users, each:25 (G), 25 (F).
Emanuele Maiorana [75]
BIOSECURE-DS2 [80]to train UBM. MCYT, 100users, each:25 (G), 25 (F).
Hao Feng[52]
25 users: 30(G),10(F). 1000 (S).
EmanueleMa iorana [11]
MCYT, 100users, each: 25 (G), 25 (F), 5000(S).
decision Fuzzy vault: matching of encoded and decoded vaults Matching hash values for enrolled and authenticate d Matching hash values for enrolled and authenticate d Matching hash values for enrolled and authenticate d Matching hash values for enrolled and authenticate d using Hamming distance. Hash function comparison using Turbo codes and modulation constellation s Dynamic Time Wrapping (DTW) Hidden Markov Model (HMM)
FRR=57%, FARSF=1.18 %, FARRF=0.32 %. FRR = 33 .83%, FARSF= 7.93%, FARRF=0.23. EERSF=6.7% ,EERRF=0%.
EER = 9.35%.
different modalities and especially for handwritten signatures. As observed in the literature, most of the online signature template protection techniques are implemented by using XOR operation, in order to mix the signature features (function or parameter) with random key for generating the secure template and then store it with that key in the database. This way is classified as invertible protection, its matching is usually done by distance metric between the recovered key and the stored one as hash function, it is useful for biometrics that have a high intrauser variability but the disadvantage is the low accuracy. Another type of protection is classified as a noninvertible transformation such as BioConvloving technique, which is secure but has slight degradation accuracy for the transformed template verification.
References FRR= 3.73%, FAR=5.08%.
[1]
[2]
[3] FRR=4.98% and FAR =6.1%, [4]
[5] FAR= 52.8%, FRR = 3.4%.
w=2: EER= 7.95%, w=3:EER= 11.34%, w=4:, ERR= 15.40%.
[6]
[7]
[8]
V.
Discussion and Conclusion
Achieving high recognition rate of online signature biometric is competitive due to two factors. First, intrauser variability property undermines the recognition rate. Second, signature template protection also undermines the recognition rate by increasing both FAR and FRR errors. Recent works of online signature template protection have no optimum results in terms of high security of protected template with the high recognition rate. So far this field is open research for achieving zero FRR and FAR provided that having strong protection, which is able to resist different types of attacks. Online handwritten signature verification has important applications in online banking, monetary transactions, and retail. In this paper, biometric template protection approaches are explained generally for
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
[9]
[10]
[11]
[12]
[13]
[14]
L. O’Gorman, Comparing Passwords, Tokens, and Biometrics for User Authentication, in Proc,IEEE, Vol.91, n.12, , pp. 2021– 2040. Dec 2003 N. K. Ratha, J. H. Connell, and R. M. Bolle, Enhancing Security and Privacy in Biometrics Based Authentication Systems, IBM Systems Journal, vol. 40, n. 3, pp. 614–634, 2001. S.M.S. Ahmad, B. M. Ali and W.A.W. Adnan ,Technical Issues and Challenges of Biometric Applications as Access Control Tools of Information Security,” international journal of innovative computing, information and control, vol. 8, n. 11, pp.7983-7999 Nov. 2012. E. Maiorana, Biometric Template Protection for Signature Based Authentication Systems, PhD dissertation, applied electronic, University Roma Tre, Rome, Italy, 2009. A. K. Jain and A. Kumar, Biometrics of Next Generation: an overview, to Appear in Second Generation Biometrics Springer, 2010. E. Maiorana, P. Campisi, J. Fierrez, J. Ortega-Garcia and A.Neri, Cancelable Templates for Sequence-based Biometrics with Application to On-line Signature Recognition, IEEE Transaction on system, man and cybernetics-part A: system and human, vol. 40, n.3, pp. 525–538, May. 2010. M. Tanaka and A. Bargiela, Deriving a Subspace Model for Personal Authentication in Biometrics –Dynamic Signature Case– , in Proc. CIMCA-IAWTIC'06 – Vo.1, Washington, DC, USA.pp.239-245, 2005. M.C. Fairhurst and E. Kaplani , Biometric on the Internet and Perceptual Analysis of Handwritten Signature for Biometric Authentication , in IEE Proc.-Vis. Image Signal Process., Vol.150, n.6, pp.389-394. Dec.2003. S. Pal, S. Chanda, U. Pal, K. Franke and M. Blumenstein, Offline Signature Verification Using G-SURF, in Proc. ISDA 27-29, Kochi, India pp.586-591, 2012. F. A. Fernandez, J. F. Aguilar, F. d. Valle, J. O. Garcia, “On-line Signature Verification using Tablet PC,” in Proc. ISPA 15-17, Zagreb, Croatia, pp. 245-250, Sept. 2005. J. R. Kwapisz, G. M. Weiss and S. A. Moore, Cell Phone-Based Biometric Identification, IEEE, 978-1-4244-7580-3/10/$26.00, 2010. S. Elliott, A. Hunt, Dynamic Signature Forgery and Signature Strength Perception Assessment, IEEE Aerospace and Electronic Systems Magazine, Vol. 23, n.6, 2008. A. K. Jain, K. Nandakumaand A. Nagar, Biometric Template Security, EURASIP Journal on Advances Signal Processing, Vol. 2008, Article ID 579416, pp. 1-17, 2008. A. B. J. Teoh, A. Goh, and D. C. L. Ngo, Random Multispace Quantization as an Analytic Mechanism for Biohashing of Biometric and Random Identity Inputs, IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 28, n. 12, pp. 1892–1901, Dec. 2006.
International Review on Computers and Software, Vol. 8, n. 12
[15] F. Farooq, R. M. Bolle, J. Tsai-Yang, and N. K. Ratha, Anonymous and Revocable Fingerprint Recognition, in Proc. CVPR ’07, pp.1–7, 2007. [16] C. Lee and J. Kim, Cancelable Fingerprint Templates using Minutiae-based Bit-strings , Journal of Network and Computer Applications,Vol.33,n.3,pp.236-246, May, 2010. [17] E. J. C. Kelkboom, On the Performance of Helper Data Template Protection Schemes, Ph.D. dissertation, University of Twente, Netherlands, 2010. [18] N. K. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, Generating Cancelable Fingerprint Templates, IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol.29, n.4,pp.561–572, April 2007. [19] A. Cavoukian and A. Stoianov, Biometric Encryption: a Positivesum Technology that Achieves Strong Authentication, Security and Privacy, Tech. Rep., Office of the Information and Privacy Commissioner of Ontario, Toronto, Ontario, Canada, March 2007. [20] A. Vetro and N. Memon, Biometric System Security, in Proc. of the 2nd International. Conference on Biometrics, Seoul, South Korea, August 2007. [21] L. H.wei, W. Yao, “A New Fuzzy Fingerprint Vault Using Multivariable Linear Function based on Lorenz Chaotic System, in Proc. CSAE, Vol.1, Zhangjiajie, pp. 531-534, May 2012. [22] H. Al-Assam and S. Jassim, Robust Biometric Based Key Agreement and Remote Mutual Authentication, in Proc. of 11th international conference on trust, security and privacy in computing and communications, Liverpool, United Kingdom, pp.59-65, 2012. [23] K. Nandakumar, A. K. Jain and S. Pankanti , Fingerprint-based Fuzzy Vault: Implementation and Performance, IEEE Transaction on information forensics security, vol. 2, n. 4,pp.744757, Dec, 2007. [24] M. Lafkih, M. Mikram, S. Ghouzali and M. El Haziti , Security Analysis of Key Binding Biometric Cryptosystems, in Proc. ICISP, LNCS, Vol. 7340, © Springer-Verlag Berlin Heidelberg, pp. 269–281, 2012. [25] A. Juels and M. Wattenberg, A Fuzzy Commitment Scheme, in Proc. of 6th ACM conference on computer and communications security (ACM CCS ’99), Singapore. pp. 28–36, Nov. 1999. [26] X. Boyen, Reusable Cryptographic Fuzzy Extractors, in Proc. CCS '04 Proceedings of the 11th ACM conference on Computer and communications security, New York, NY, USA, pp.82-91, 2004. [27] J. Bringer H. Chabannea and B. Kindarjia, The Best of Both Worlds: Applying Secure Sketches to Cancelable Biometrics, Science of computer programming, Vol. 74, pp.43-51, Oct.2008. [28] I. Buhan, J. Doumen, P. Hartel, and R. Veldhuis, Fuzzy Extractors for Continuous Distributions, in Proc.of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS ’07), Singapore,pp. 353–355, March 2007. [29] Q. Li and E.-C. Chang, Robust, Short and Sensitive Authentication Tags using Secure Sketch, in Proc. of the 8th Multimedia and Security Workshop (MM and Sec ’06), Geneva, Switzerland, pp.56–61, 2006. [30] C. Vielhauer, R. Steinmetza and A. Mayerhofer, Biometric Hash Based on Statistical Features of Online Signatures, in Proc. International conference on pattern recognition (ICPR), Vol. 1, pp.123–126, 2002. [31] H. Feng, C.W. Chan, Private Key Generation from On-line Handwritten Signatures, Information Management and Computer Security, pp: 159–164, 2002. [32] M. Freire-Santos, J. Fierrez-Aguilara and J. Ortega-Garcia, Cryptographic Key Generation Using Handwritten Signature, SPIE Defense and Security Symposium, Biometric Technologies for Human Identification, Vol. 6202, pp. 225–231, 2006. [33] W. J. Scheirer and T. E. Boult, Cracking Fuzzy Vault and Biometric Encryption, in Proc. IEEE Biometric Symp, pp. 1–6, 2007. [34] W.K. Yip, A. Goh, D.C.L. Ngo, and A.B.J. Teoh, Generation of Replaceable Cryptographic Keys from Dynamic Handwritten Signatures, in Proc ICB06, pp. 509–515, 2006.
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
[35] A. Goh, and D.C.L. Ngo, Computation of Cryptographic Keys from Face Biometrics, in Proc. 7th IFIP-TC6 TC11 International Conference, CMS , Torino, Italy, pp. 1-13, Oct. 2003. [36] Y.C. Chang, W. Zhang and T. Chen, Biometric-based Cryptographic Key Generation, in Proc. IEEE, ICME '04, Vol.3, Taiwan,pp. 2203– 2206, 2004. [37] M. R. Freire, J. Fierrez and J. Ortega-Garcia, Dynamic Signature Verification Template Protection using Helper Data,” in Proc. IEEE, ICASSP, pp.1713-1716, 2008. [38] Shu Lin and Daniel J. Costello, Error Control Coding, PrenticeHall, Inc., second edition, Upper Saddle River, NJ, USA, 2004. [39] E. Maiorana and P. Campisi, Fuzzy Commitment for Function based Signature Template Protection, IEEE Signal Process. Lett., Vol. 17, n. 3, pp. 249–252, Mar. 2010. [40] A. Juels and M. Wattenberg, A Fuzzy Commitment Scheme, in Proc. 6th ACM conference on computer and communications security (CCS '99), Singapore, pp.28 – 36, 1999. [41] E. Maiorana, M. Martinez-Diaz, P. Campisi, J. Ortega-Garcia and A. Neri, Template Protection for HMM-based On-line Signature Authentication, in Proc. IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Anchorage, USA, June 2008. [42] Y. He, K. H. Yap, L. Chen, and L. P. Chau, A Novel Hybrid Model Framework to Blind Color Image Deconvolution, IEEE Trans. Syst., Man, Cybern. A, Syst., Humans, Vol. 38, n. 4, pp. 867–880, Jul. 2008. [43] E. A. Rúa, E. Maiorana, J. L. A. Castro and P. Campisi, Biometric Template Protection using Universal Background Mode: an Application to Online Signature,” IEEE transaction on information forensics and security, Vol. 7, n. 1, pp. 269- 282, Feb, 2012. [44] M. Martinez-Diaz, J. Fierrez, J. Ortega-Garcia ,Universal Background Models for Dynamic Signature Verification, in Proc. IEEE, BTA, Crystal City, USA, pp.1 – 6, Sept.2007. [45] E. Maiorana, D. Blasi, P. Campisi, Biometric Template Protection using Turbo Codes and Modulation Constellations, in Proc. Information Forensics and Security (WIFS), Tenerife, Spain, pp. 25-30, Dec. 2012. [46] Y. Cui X. Zhang and J. Ma, Simulation Analysis of Turbo Code using SCILAB,” in Proc. IEEE, OSSC , Beijing, pp.32-36, Oct. 2011. [47] D. Impedovo and G. Pirlo, Automatic Signature Verification: The State of the Art, IEEE transactions on systems, man , and cybernetics-part c: application and reviews, Vol.38, n.5, pp.609635, Sept.2008. [48] D.Y. Yeung, H. Chang, Y. Xiong, S. George, R. Kashi, T. Matsumoto, and G. Rigoll , SVC2004: First International Signature Verification Competition, in Proc. of the international conference on biometric authentication (ICBA), Hong Kong, pp. 15-17, July 2004. [49] X.-H. Xiao and G. Leedham, Signature Verification using a Modified Bayesian Network, Pattern Recognit. ,Vol. 35, n. 5, pp. 983–995, May 2002. [50] Z. Dan and C. Xu , The Recognition of Handwritten Digits based on BP Neural Network and the Implementation on Android, in Proc. IEEE, ISDEA, Hong Kong, pp.1498-1501, Jan.2013. [51] C. M. Bishop, Pattern Recognition and Machine Learning, in Information Science and Statistics, Springer, ISBN-10: 0-38731073-8, pp.225-233, 2006. [52] J. Ortega-Garcia, J. Fierrez-Aguilar, D. Simon, J. Gonzalez, M. Faundez-Zanuy, V. Espinosa, A. Satue, I. Hernaez, J.-J. Igarza, C. Vivaracho, D. Escudero, and Q.-I. Moro, MCYT Baseline Corpus: A Biomodal Biometric Database,” in Proc. IEEE, vision, image and signal processing, Vol.150, n.6, pp. 395–401, 2003. [53] J. Aravinth, S. Valarmathy, Score-level Fusion Technique for Multi-modal Biometric Recognition using ABC-based Neural Network, International Review on Computers and Software, Vol. 8, n. 8 pp. 1889-1900, 2013. [54] A. Tahmasebi, H. Pourghassem , A Novel Decision Level Fusion Algorithm for Dynamic Signature Identification System, International Review on Computers and Software ,Vol. 7, n. 1, pp. 143-148, 2012. [55] E. Alsous , F. Nezam , S.A. Monadjemi, N. Neamatbakhsh, A Novel GA Based Approach to Farsi and
International Review on Computers and Software, Vol. 8, n. 12
[56]
[57]
[58]
[59]
Arabic Signature Verification, International Review on Computers and Software, Vol. 5, n. 1, pp. 44-51, January 2010. T. Ahmad, J. Hu and S Wang, String-based Cancelable Fingerprint Templates, in Proc. of the 6th IEEE Conference on Industrial Electronics and Applications (ICIEA), pp. 1028-1033, 2011. C. Lee, J. Kim, Cancelable Fingerprint Templates using Minutiaebased Bit-strings, Journal of Network and Computer Applications,Vol.33,n.3,pp.236-246,2010. W. Yang, J. Hu and S. Wang, A Finger-Vein Based Cancellable Biocryptosystem, Network and System Security, Lecture Notes in Computer Science, Vol. 7873, pp. 784-790, 2013. C. Lee, J.-Y. Choi, K.-A. Toh, S. Lee, Alignment-free cancelable fingerprint templates based on local minutiae information, IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, vol. 37, n.4, pp. 980-992, 2007.
1
Faculty of Engineering, Universiti of Putra (UPM), Malaysia College of Information technology, Universiti Tenaga Nasional (UNITEN), Malaysia 2
Fahad Layth Malallah awarded (B.Sc.), in Computer Engineering Department at University of Mosul, Iraq, in 2008. Then, he worked as an Intelligent Network (IN) Engineer in Huawei Company and then, Nokia Siemens Network (NSN). Now he is pursuing M.Sc. at UPM/Malaysia. Email:
[email protected].
Dr. Sharifah Mumtazah bt Syed Ahmad Abdul Rahman. Currently, she is a lecturer at UPM/ Malaysia. BEng (Kent,UK) , MSc (Kent,UK) , PhD (Kent, UK), Research Area: Biometrics, Security, Image & Signal Processing, Machine Learning. Email:
[email protected].
Dr. Salman bin Yussof, Currently, he is a lecturer in Systems and Networking Dept. at UNITEN / Malaysia. Research Area: Computing Skills, Fundamentals of Computing Theory , Principles of C Programming , Data Communication and Networking, Microprocessor Systems , Image Processing and Computer Vision. Email:
[email protected]. Dr. Wan Azizun bt. Wan Adnan. Currently she is a lecturer at UPM/Malaysia. ,B.Sc(Hons)(Southampton), Pg.Dip.(Newcastle), M.Sc (UM), Ph.D(UM). Research Area: Software Development / Security. Email:
[email protected].
Vahab Iranmanesh received his M.S degree in information security from University Technology Malaysia (UTM) in 2010. Currently, he is a research assistant at the computer and communication system engineering of University Putra Malaysia (UPM). Email:
[email protected]. Olasimbo A. Arigbabu received his B.Sc. in Telecommunications and Information Technology from Tai Solarin University of Education, Nigeria in 2010. He was an employee at Primeway Consult Technology as a data administrator. He is currently pursuing his M.Sc. in multimedia systems engineering at Universiti Putra Malaysia. Email:
[email protected].
Copyright © 2007 Praise Worthy Prize S.r.l. - All rights reserved
International Review on Computers and Software, Vol. 8, n. 12