Biometric Template Protection Using Universal Background Models: An Application to Online Signature

Transcription

1 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY Biometric Template Protection Using Universal Background Models: An Application to Online Signature Enrique Argones Rúa, Member, IEEE, Emanuele Maiorana, Member, IEEE, Jose Luis Alba Castro, Member, IEEE, and Patrizio Campisi, Senior Member, IEEE Abstract Data security and privacy are crucial issues to be addressed for assuring a successful deployment of biometrics-based recognition systems in real life applications. In this paper, a template protection scheme exploiting the properties of universal background models, eigen-user spaces, and the fuzzy commitment cryptographic protocol is presented. A detailed discussion on the security and information leakage of the proposed template protection system is given. The effectiveness of the proposed approach is investigated with application to online signature recognition. The given experimental results, evaluated on the public MCYT signature database, show that the proposed system can guarantee competitive recognition accuracy while providing protection to the employed biometric data. Index Terms Biometrics, eigen-model adaptation, fuzzy commitment, online signature, template privacy, template security, universal background model. I. INTRODUCTION T HE USE of biometric data to identify people raises several security concerns not affecting other approaches employed for automatic people recognition [1]. If a characteristic is somehow stolen or copied, its owner cannot use it anymore, making it possible for other people to impersonate him using the compromised feature. The use of biometrics also poses many privacy concerns [2]: when an individual gives out his biometrics, either willingly or unwillingly, he can disclose sensitive information about his personality and health status [3] which can be used to profile him. Moreover, data collected for some specific purposes might be used in the long run for different ones, a possibility usually referred to as function creep. Also, the uniqueness characterizing biometric data, and the fact that biometrics are permanently associated with their users, can be exploitedtoperforman unauthorized tracking of the activities of the subjects enrolled in different biometric databases. The use of biometrics can also raise cultural and religious concerns. Manuscript received January 11, 2011; revised July 29, 2011; accepted August 15, Date of publication September 15, 2011; date of current version January 13, The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Arun Ross. E. A. Rúa and J. L. A. Castro are with the Department of Signal Theory and Communications, University of Vigo, Vigo, Spain ( eargones@gts.uvigo.es; jalba@gts.uvigo.es). E. Maiorana and P. Campisi are with the Dip. Elettronica Applicata, Università degli Studi Roma Tre, Roma, Italy ( maiorana@uniroma3.it; campisi@uniroma3.it). Digital Object Identifier /TIFS Therefore, the need to protect privacy, both from a procedural point of view and from a technological point of view, arises. Currently deployed systems typically employ classical cryptographic techniques to securely store data. However, even if the stored data are kept secure when not used, decryptionhasto be performed during authentication, thus leaving the biometric information unprotected. It is rather desirable to permanently keep secret an acquired biometrics, and also to be able to revoke or to renew a template when compromised, aswellasto obtain from the same biometrics different keys to access different locations, either physical or logical. Therefore a template protection scheme should satisfy the following properties: 1) Renewability: for each user, it should be possibletorevoke a compromised template and reissue a new one based on the same biometric data (revocability). Moreover, each template generated from a biometrics should not match with the others previously generated from the same data (diversity). The renewability property is needed to ensure the user s privacy. 2) Security:itmustbeimpossible or computationally hard to obtain the original biometric template from the stored and secured one. This property is needed to prevent an adversary from creating fake biometric traits from stolen templates. In fact, although it was commonly believed that it is not possible to reconstruct an original biometric characteristic from the corresponding extracted template, some concrete counter examples, which contradict this assumption, have been provided in the recent literature, as in [4]. 3) Performance: the recognition performance should not degrade significantly with the introduction of a template protection scheme, with respect to the performance of a nonprotected system. The approaches followed to design biometric template protection schemes able to properly satisfy each of the aforementioned properties have been categorized into feature transformations and biometric cryptosystems [5]. When implementing a feature transformation approach, a function dependent on some parameters, which can be used as akey,isapplied to the input biometrics. Invertible functions are employed in salting schemes, whose security therefore relies on the protection of the defining transformation parameters [6]. The loss or disclosure of the key, therefore, results in serious security issues [7]. One-way functions are employed in noninvertible transform approaches [8], which produce templates from which it is computationally hard to retrieve the original data, even if the transforms defining parameters are known /$ IEEE

2 270 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 However, it is in general difficult to quantitatively determine the actual difficulty of the invertibility. In [9], noninvertible functions are applied to face images to obtain transformed templates which, however, allows human inspection. In [10], Cartesian, polar, and functional noninvertible transformations are used to modify the fingerprint minutiae pattern. However, only a small fraction of the resulting data is in practice noninvertible [11] and the scheme is vulnerable to a record multiplicity attack, where an adversary who acquires two or more distinct stored templates is able to recover the original information [12]. In [13], noninvertible transforms designed for biometrics which can be expressed in terms of a set of sequences have also been described, and a detailed security and renewability analysis is provided. Biometric cryptosystems provide the means to integrate cryptographic protocols with biometric recognition. They can be further classified into key generation schemes, where binary keys are directly created from the acquired biometrics, and key binding schemes, which store information obtained by combining biometric data with randomly selected keys. The main issue characterizing key generation approaches regards the possibility of creating multiple keys from the same biometrics without using any external data, and the stability of the resulting cryptographic key [14]. Moreover, due to the difficulties in managing the intraclass variability of biometric data, the recognition performance of such schemes are typically significantly lower than those of their unprotected counterparts [15]. A key binding system can be twofold: it can be used to protect a biometric template by means of a binary key, thus securing a biometric recognition system, or to release a cryptographic key only when its owner presents a specific biometric trait. In both cases a secret key, independent of the considered biometrics, is combined during enrollment with a reference template to generate the so-called helper data, from which it should be impossible, or at least computationally hard, to retrieve information about the original biometric trait or the key. The helper data is then used in conjunction with a query biometrics during authentication to retrieve the secret. Error-correcting codes are commonly employed to manage the intraclass variability of the considered templates. Among the cryptographic protocols most employed in a key binding scenario, we can mention the fuzzy commitment [16], already applied to ear [17], fingerprint [18], face [19], iris [20], and online signatures [21]. The fuzzy vault scheme [22] is able to manage biometrics represented as unordered sets of data, and has been applied to signature [23], face [24], and iris [25], although it has been found to be vulnerable to different attacks [26]. Also Quantization Index Modulation (QIM) has been proposed to bind biometric characteristics with binary keys [27], providing an increased flexibility in managing the templates intraclass variability. It is worth pointing out that both feature transformation approaches and biometric cryptosystems have their own pros and cons. Specifically, it is difficult to define noninvertible transformations which preserve the discriminability of the templates, and it is hard to properly provide renewability with key binding schemes relying on helper data. Hybrid approaches [28] able to exploit the advantages of both biometric cryptosystems and feature transformation approaches would be needed, therefore, to cope with all the requirements of a template protection system. In this paper, we present a general hybrid approach which properly guarantees the necessary protection to biometric templates by exploiting the properties of Universal Background Models (UBMs). Specifically, UBMs are statistical descriptors employed to represent person-independent biometric observations. They have been extensively employed for biometric authentication purposes for speaker [29], for face [30], and for gait [31] recognition, while some analyses have been made in [32] for online signature recognition. UBM s parameters are estimated by processing a large number of biometric acquisitions, taken from as many different subjects as possible. The biometrics of a specific user is then modeled by adapting the well-trained parameters in the UBM to the characteristics of the acquired user s traits. The traditional approach for user verification in UBM-based systems relies on a likelihood ratio evaluation, which requires the use of the original user-adapted models. It is here demonstrated that UBMs can also be employed to provide a parametric feature representation which can be exploited in a key binding scheme, thus preserving the user s privacy. The feature transformation part of the proposed protection scheme relies on the use of UBMs, also employed to provide renewability, while the cryptosystem part is given by a user-adaptive version of the fuzzy commitment cryptographic protocol [16], which is exploited to provide template noninvertibility and to manage the intraclass variability of the users biometrics. As a proof of concept, the presented protection scheme is applied to online signature biometrics to verify its effectiveness. The present paper is organized as follows. UBM-based biometric modeling and verification is presented in Section II. The proposed protected system is described in Section III, where a detailed discussion on feature and error correction code selection is carried out and security, privacy, and renewability issues are deeply analyzed. The application of the proposed approach to online signature biometrics is presented in Section IV. Eventually, the experimental results are presented in Section V, while some conclusions are drawn in Section VI. II. HMM-UBM SYSTEM When exploiting UBMs for biometric verification, a given biometric observation is typically expressed in terms of feature vectors having length,with and,as, and modeled as the realization of a hidden Markov model (HMM). It is, therefore, possible to express a UBM as an HMM, whose structure should be ergodic, since the hidden states may, for instance, be in very different orders for different users. An HMM-UBM can be trained by using an Expectation-Maximization (EM) process relying on the Baum Welch algorithm [33], which in turn requires an initial estimate of the samples belonging to each state of the HMM. In order to provide such information, the LBG algorithm [34] is commonly employed to cluster the available data. The estimated UBM-HMM is then characterized in terms of the triplet,where is the state transition matrix, is the set of state-dependent output probability density functions, while is the set of initial state probabilities. The state-dependent output probability density functions

3 RÚA et al.: BIOMETRIC TEMPLATE PROTECTION USING UNIVERSAL BACKGROUND MODELS 271 are usually modeled using Gaussian mixture models (GMMs), and, therefore, can be specified in terms of the weights of each Gaussian in the mixture, the mean vectors and the covariance matrices,,, being the number of states in the HMM, and the number of Gaussian mixtures in each state-dependent output probability density function. A major advantage of the UBM framework for biometric verification is the possibility of obtaining a user-specific model by means of statistical adaptation techniques, thus allowing us to provide accurate users characterizations even with small amount of enrollment data. The matching process is usually performedinabayesianframework by means of the following likelihood ratio test: (1) where is the adapted user model and is a threshold. The maximum a posteriori (MAP) [35] approach is the technique most commonly employed to perform the adaptation process, and it is illustrated in Section II-A. In this paper, we also rely on the eigen-model adaptation [36], [37] described in Section II-B for the generation of user-specific templates. The feasibility of employing the aforementioned adaptation approaches in a protected biometric verification system is discussed in Section V. is the soft count of samples belonging to the mixture of the th state given by th Gaussian The user s model is characterized by the MAP adapted means, which can be calculated as where,and is a fixed relevance factor [29]. The authentication phase relies on the evaluation of the loglikelihood ratio of a new query acquisition with the stored user s model, characterized by the Gaussian means in (4), and, and the general UBM [29]. It is worth observing that the MAP adaptation in (4) can be also performed for a single biometric acquisition, as if in (2) and (3). It is, therefore, possible to compute, for the th enrollment acquisition, with, a representative vector with size as (3) (4) A. MAP Adaptation When the MAP approach is used to derive a user-specific model from the general UBM, usually only the means of the HMM-UBM are adapted to the user s characteristics in order to provide the best possible verification performance [29]. Specifically, it is assumed that biometrics acquisitions, of a given user are available during enrollment. Each considered observation consists of sequences,with and,being the length of the th enrollment acquisition. Having indicated as a vector comprising the values of the considered features at discrete time,themaximum-likelihood (ML) estimate of the adapted model means for the th Gaussian of the th state, with and, of the user is computed as a vector with coefficients given by where denotes a multivariate normal probability density function, with an -dimensional mean vector and an covariance matrix, evaluated at, represents the probability of state at the discrete time for the enrollment observation,while (2) The vector in (5) can be used as a feature-based biometric template and, therefore, employed to perform the matching by computing the Mahalanobis distance between the MAP representations evaluated during enrollment and the one derived from the query biometrics. This approach allows us not to resort to the whole models and, thus being more respectful of the privacy issues. Moreover, the representation in (5) can be employed in a fuzzy commitment scheme, as described in Section III. B. Eigen-Model Adaptation Eigen-spaces have been proved to be effective for biometric verification purposes in [38], where they have been applied to face recognition. Moreover, an HMM-UBM framework for speaker recognition has been presented in [39] and [40], where the so-called eigen-model adaptation is defined. The main purpose of this approach is to define in a low-dimensional subspace the user-dependent adaptations of the UBM means super-vector with size, while retaining the most characterizing information about the original data. Specifically, by following the eigen-model approach, the user s mean super-vector can be written as (5) (6) (7)

4 272 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 where is a user-independent projection matrix whose columns are eigen-means super-vectors, and the -dimensional vector is the user s representation in the eigen-means super-vector space. The dimension of this projection vector is a system design parameter, which, therefore, allows us to easily control the length of the users templates. Different approaches can be found in the literature for obtaining both the projection matrix and the projection vector. Most of them are based on Probabilistic Principal Component Analysis (PCA) [39] and eigen-model MAP [37]. When using the latter approach, the matrix is estimated by means of an iterative EM procedure from a set of users that may include the one used for the general UBM training. Specifically, an block-diagonal matrix,whose diagonal blocks are given by the matrices,,,being the identity matrix, is constructed from the acquisitions taken from each person.inasimilarway,an matrix can be built using the UBM covariance matrices, and, as diagonal blocks. Let us then define the vectors as where is the posterior probability in state of the Gaussian mixture at discrete time for the acquisition sequence. Let us also define the super-vector as (9) The th iteration of the EM process, starting from a randomly initialized full rank matrix, can be summarized as follows: 1) Expectation-step: for each person, compute the strictly positive definite matrix as (8) (10) from which it is possible to compute the posterior distribution of, characterized by a Gaussian behavior [37] with mean and covariance matrix (11) (12) 2) Maximization-step: update with the solution of the linear system (13) 3) Go back to step 1 until the difference between and falls below a given threshold. Once is obtained at the end of the iterative estimation process, any generic user can be represented by the expected value of its eigen-model representation, obtained by means of (11). From (11) and (7), it is trivial to derive, when the matching process has to be performed through log-likelihood ratio tests. Also the eigenmodel approach allows to independently process each given enrollment biometrics, being thus possible to use the mean eigenmodel projections as a feature-based representation, and directly compare different biometrics acquisitions by means of their projections vectors. This kind of matching can be optimally performed by means of the Mahalanobis distance, due to the Gaussian behavior exhibited by the posterior distributions of the projection coefficients, as shown in (11) and (12). In our implementation, the eigen-model adaptation is performed separately for each HMM state, hence obtaining different mean super-vectors,with. These mean super-vectors are defined analogously to the global case in (11), but including only the coefficients corresponding to a single state.theremaining state-specific quantities, such as the state-specific projection matrices, the state-specific eigen-model representations and their statistics, can be also easily derived from the global case. By concatenating the state-specific mean eigen-model representations, we can obtain a state-wise eigen-model representation, with size, defined as (14) This approach provides a higher number of projection coefficients with low intraclass variance, when compared to the global transformation approach, thus providing a significant benefit when the proposed scheme is applied as shown in Section III. It is worth remarking that a complete derivation of the eigenmodel MAP adaptation, performing adaptation also for the covariances super-matrix, can be found in [37], while in the proposed approach only the means super-vectors are adapted, as suggested in [29]. III. PROTECTED HMM-UBM SYSTEM The architectures of the proposed enrollment and authentication schemes, derived from the application of the fuzzy commitment paradigm [16], are illustrated in Fig. 1. The dashed part of the flowchart is included when the adaptive code selection described in Section III-B is performed, otherwise it must not be considered. Specifically, during the enrollment, a number of biometric measurements are recorded for each user.the acquired biometrics are then processed using the MAP or the eigen-model approaches described in Section II, in order to derive the vectors,, containing the coefficients estimated according to (5) or (14). The mean vector defined as (15) is then used to characterize the acquired data. In order to binarize the coefficients of, a comparison between the intraclass mean evaluated over a limited number of samples taken from user, and the interclass mean of a large population characterizing the modeled distribution, is performed. Specifically, having indicated with the considered representation s interclass mean, estimated during the training

5 RÚA et al.: BIOMETRIC TEMPLATE PROTECTION USING UNIVERSAL BACKGROUND MODELS 273 Fig. 1. Architectures of the proposed enrollment and authentication schemes. The dashed part is included when the adaptive code selection of Section III-B is performed, otherwise it is omitted. of the system, a binary representation of can be obtained as (16) It is worth observing that the eigen-model projections can be modeled with Gaussian distributions having an interclass mean equal to zero, when evaluated over a large population of users [37], thus simplifying the binarization process in (16) and making it independent of the employed UBM. The extracted biometric information is then protected by means of error correcting codes. Specifically, a random binary message with bits, representing the secret key which has to be bound with biometric data, is generated. An encoder, taking strings with bits as input, is then employed to generate a codeword with length. The error correcting capability of the employed code is selected in order to take into account the intraclass variability of the system s users, and, therefore, directly affects the verification performances of the proposed system. In case the size of the employed projection vectors is equal to, the system computes the fuzzy commitment whereas the case is analyzed in Section III-A. A hashed version of is then stored together with. During the authentication phase, the provided biometric query is first processed according to the system s UBM, in order to determine its representation by means of (5) if the MAP modeling is used, or using (14) when employing the eigen-model adaptation. The binarization process in (16) is then employed to generate the binary string,whichis combined with the stored fuzzy commitment to reconstruct a possibly corrupted codeword,which may be affected by errors due to the intraclass variability of the user s biometrics. Having selected a decoder corresponding to the encoder used during enrollment, an attempt to recover the original message from is performed. If the decoder is able to correct the differences between and,the hash of the decoded message matches the stored template, thus allowing the system to authenticate the presented user. A. Feature Selection Previously we have assumed that the length of the considered projections vector is equal to the length of the codewords generated by the employed encoder which, when using for example polynomial codes, is expressed as,with. This condition can be easily achieved when using the eigen-model approach, where the number of projections computed for each state is a system parameter, but it would be more difficult to achieve when using the MAP approach. Moreover, even when using the eigen-model projections, it would be useful to design a flexible system, where the size of the projections vector and the size of the codewords could be selected without any constraints, while keeping, thus allowing to select the configuration resulting in the best possible authentication performance. Moreover, it would be also needed to generate binarized templates with size having the highest possible stability. In order to do so, it is possible to select, out of the available features, the ones characterized by the highest reliability measure which can be defined as where (17) (18) is the standard deviation of the th projection,, estimated during the enrollment. The employed figure tries to assign greater relevance to those features which result in the same binary value most of the time when (16) is applied. For each user, the computed projections are then ordered according to their estimated reliability and only the coefficients having the largest values of are selected, with their indexes collected in a vector of relevant projections. B. Adaptive Code Selection Binding the employed binary biometric representations with error correcting codewords is a necessary step to cope with possible bit differences between the templates generated during the

6 274 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 enrollment and the authentication phase. Specifically, when implementing the scheme described in Section III, the error correction capability of the employed code is selected apriori,and with the same value for all the users in the system, as it is usually done in the already proposed implementations of the fuzzy commitment scheme [19]. However, in order to improve the performance of the protected system, it would be useful to adapt the correction capability of the code to the characteristics of the biometrics belonging to each specific user: codes with higher error correction capabilities should be employed for users characterized by higher intraclass variability. In order to be able to do so, an analysis of the intraclass variability of each user has to be performed during enrollment. Specifically, the vectors,, generated from the enrollment acquisitions are binarized as in (16). The Hamming distances between the binarized templates,, and the user representative binary vector are then evaluated. The average of the values is thus representative of the binary intraclass variability of the user. In order to determine the correction capability to be employed for the considered user, the estimate isaddedtoasystem parameter,whichiscommontoalltheenrolledusersand it is set in order to cope with the intersession variability of the user s biometrics. More in detail, once a family of codes has been selected and the length of the codewords has been fixed, the code having the error correction capability closest to the value is chosen for user.the length of the secret key is then selected accordingly to the values of and. A comparison between the performance achievable with an aprioriselection of the code correction capability, and those obtained when performing a user-adaptive code selection, is given in Section V. C. Security The security of biometric cryptosystems has been recently analyzed in detail in many papers, typically focused on evaluating the difficulty of recovering the original biometrics from the stored template. As for the fuzzy commitment scheme, the parameter which determines the system s robustness to a brute force attack trying to recover is the key strength [41], determined from the choice of the employed error correcting code. It is also worth remarking, as observed in [14], that the public availability of the stored fuzzy commitment can be exploited by an attacker to leak some information regarding the user s biometrics. Specifically, it has been shown that such entropy loss can be expressed as. Therefore, it increases with the error correction capability employed in the system, when keeping fixed the parameter. However, this holds only when considering binary biometric representations with uniform distribution and maximum entropy. The characteristics of the employed biometric representation, therefore, do not affect only the achievable verification rates, which depend on their intraclass stability, but also the security of the considered key binding scheme. Specifically, the coefficients of the employed binary templates should possess high entropy as already mentioned. Moreover, the importance of representing biometric characteristics through independent features has also been highlighted in [42], where it has been shown that when the features representing the biometrics of a given user are highly correlated, it may be easy to recover the original biometric information from the stored templates. The security aspects of biometric cryptosystems have also been discussed in [43], where the secrecy leakage of a cryptosystem has been defined as the mutual information between the employed secret and the stored template, while the privacy leakage is given by the mutual information between the original biometric template and the stored data. A trade-off between the rate of the codes employed in a cryptosystem and the rate of its associated privacy leakage has also been determined. These measures have been explicitly evaluated for a fuzzy commitment scheme in [41], where four different scenarios for the statistics of the available biometric data have been taken into account. Specifically, the optimal trade-off between the code rate and the associated privacy leakage rate has been explicitly derived only for memoryless totally-symmetric biometrics distributions, that is, the case in which the features representing the considered biometrics are independent and identically distributed (i.i.d.) and where the crossover probability for their binary representation is symmetric and equal to a value,for.theresults in [14] regarding the optimal privacy leakage have been confirmed under these assumptions. Moreover, it is shown that a fuzzy commitment scheme can provide a secret key rate,where is the binary entropy function. The employed binary biometric representation has been selected in order to let the proposed protection scheme being characterized by the same secret-key versus privacy-leakage rate regions described in [41]. First of all, having assumed that the probability density function of each considered feature is symmetric with respect to its interclass mean (as for the Gaussian distribution which can be used to model the eigen projections), the process in (16), providing equiprobable binary symbols, guarantees that the resulting binarized coefficients possess a high entropy. Moreover, it is also worth remarking that the components of the employed biometric representation are very weakly correlated each other, being thus very hard to exploit feature dependencies to design attacks such as those considered in [42]. Specifically, in Section V it will be shown that the assumptions made on the entropy of the considered features hold in practical scenarios, even when considering more than a single UBM to generate a user template in order to improve the performance of the proposed protected system. D. Renewability and Privacy The properties of the proposed protection scheme are also analyzed with respect to its renewability capacity, which directly affects the users privacy by determining the possibility of tracking them across multiple databases. Although this aspect is often neglected for biometric cryptosystems, a detailed analysis on the privacy weaknesses of code-offset schemes is presented in [44], where it has been observed that if an attacker acquires two distinct fuzzy commitments obtained using the same code, he can try to decode the binary string obtained by summing them to verify if they come from the same user. In fact, if the decoding process is successful, the probability that the two templates belong to the same subject corresponds to

7 RÚA et al.: BIOMETRIC TEMPLATE PROTECTION USING UNIVERSAL BACKGROUND MODELS 275, which is the complement of the probability that a random binary string with bit can be decodable by a code. Unfortunately, this probability goes very close to 1 even for low values of the error correction capabilities, and although in practice it would be lower due to the false accepts, these latter have to be minimized to make the system usable. Such an attack, therefore, inhibits the renewability of a fuzzy commitment scheme in the case of no additional helper data, directly extracted from the original biometrics like the vector, are employed. Otherwise, as observed in [45], a random permutation process shall be applied to a given biometric template before binding it to a codeword. However, even if the permutation countermeasure is applied, it would be possible to directly compare the indexes of the most reliable user s projections estimated in different systems, or exploiting the estimated intraclass variability expressed through the employed error correction capability when employing an adaptive code selection, to leak information on the users identity, as described in [46] and [47], thus affecting again the actual renewability. In order to properly address the diversity issue, we then have to introduce elements typical of a feature transformation approach, thus defining a hybrid biometric criptosystem/feature transformation protection method. Actually, the UBMs and the following adaptations provide the means to generate different representations of the same original biometrics thus providing, for two or more distinct databases, different biometric templates which cannot be cross-linked. Specifically, the capability of generating multiple templates from the same original data comes from the modality with which UBMs are constructed, where their final EM solution is highly dependent on the initial cluster partitions. Obviously, user s biometrics processed according to distinct UBMs would result in different representations. Clustering algorithms providing several alternative solutions is an active research topic, and some algorithms [48], [49] could be used for providing clustering diversity. However, focusing only on the LBG algorithm, it is possible to generate different UBMs from the same training data and using the same feature space. Though a detailed discussion on LBG clustering stability [50] is out of the scope of this paper, it is worth remarking that it is possible to provide clustering diversity by changing model parameters like the number of HMM states or Gaussian mixtures in each state, by changing the feature space, or by using slightly different UBM training datasets. Moreover, even when these system parameters are kept fixed, the LBG algorithm is based on repeated random separations of the available space, which increases its degrees of freedom with the number of states, the number of Gaussian mixtures in each state, and the feature space dimension. Furthermore, a significant dependence also exists on local topology of the training dataset. Generating similar UBMs for two systems would, therefore, require the LBG algorithm to takeasignificant number of similar choices during the random successive partitions, even when the feature space and system parameters are the same. The complex influence of all these factors makes it unfeasible to provide a general bound on the number of significantly different clustering solutions provided by the employed algorithm. However, the feasibility of an attack trying to cross-link templates generated from the same users according to two different UBMs is discussed with reference to a practical case study in Section V-E, where a procedure to check whether a UBM significantly overlaps with others and, therefore, should be discarded is also provided. Moreover, it is also shown that the projections computed from the same data by means of different UBMs are characterized by a negligible correlation. IV. APPLICATION TO SIGNATURE BIOMETRICS As a case study, the proposed approach is applied to online signature recognition, and the obtained experimental results are giveninsectionv. Signature biometrics is one of the most accepted biometrics because, since the signature is part of everyday life, it is perceived as a noninvasive and nonthreatening biometrics by most users. However, signature biometrics is typically characterized by a high intraclass variability, being influenced by several physical and emotional conditions. Moreover, due to the possibility of using skilled forgeries when trying unauthorized authentication, signatures are also characterized by a low interclass variability. Therefore, the application of the proposed scheme to online signature biometrics represents an extremely challenging scenario for the analysis of the achievable authentication performance. Signature recognition [51] can be either static or dynamic. In the static mode, also referred to as offline, only the image of the written signature, acquired through a camera or an optical scanner, is used. In the dynamic mode, also called online, signatures are acquired by means of a graphic tablet, a pen-sensitive computer display, or electronic pens, which can provide temporal information about the signature. Two different kinds of features can be extracted from online signatures: parameters and functions. Parametric features usually provide global information about the signature, such as its width or its duration. Conversely, functional signature representations provide local information in terms of time-dependent sequences which can be exploited to perform elastic matching procedures such as Dynamic Time Warping (DTW) [52], or used in statistical recognition approaches such as HMMs [53]. A. Signature Template Protection: Related Works The protection of online signature templates has been first taken into account in [54], where a key generation approach relying on a set of parametric features is described. Although providing protection, the method in [54] does not provide renewability. In [55] a discretization technique is proposed to extract biometric hashes from dynamic signatures. A feature transformation approach named Bioconvolving, which relies on the use of convolutions to modify a set of signature time sequences, has been proposed in [56], and its renewability has been discussed in [13]. The fuzzy vault [22] protocol has been applied to signature verification in [57]. The fuzzy commitment [16] has been adopted for online signature protection in [21], where a parametric signature representation is considered, and in [47], where the employed signature representation is based on a set of discrete sequences. Although the two approaches provide protection while guaranteeing good verification rates, their renewability could be affected by the attack described in [44]. As already pointed out in Section III-C, the proposed scheme pro-

8 276 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 vides a solution to such weakness of the fuzzy commitment by resorting to a biometric representation dependent on the UBM, generated by means of a random process, used in each system. TABLE I EERs (IN %) FOR DIFFERENT FEATURE SPACES AND MATCHING STRATEGIES, FOR BOTH THE MAP AND THE EIGEN-MODEL BIOMETRIC REPRESENTATIONS, WITH B. Online Signature Representation As mentioned in Section II, the employed biometric matrix representation is given by time-vectors representing different biometric characteristics. When considering online signatures, it is assumed that the employed acquisition device is able to capture the horizontal and vertical position trajectories of the signature, together with the signal pressure, the pen elevation, and azimuth,where is the discrete time index. Additional dynamic features are derived from the aforementioned characteristics, namely the path velocity magnitude and its regularized logarithm, the total acceleration magnitude, the path-tangent angle, the curvature radius, and the regularized logarithm of the pressure. From the aforementioned feature vectors, the following matrix can be defined: (19) Moreover, in order to enlarge the feature space, thus even further improving the template renewability by increasing the degrees of freedom of the LBG algorithm, the time-derivatives of the matrix can also be employed to represent a given user s biometrics. Specifically, in the experimental tests described in Section V, we consider the derivatives up to the third order, indicated as,,and, where the upper dot notation denotes the time-derivative operator, thus having available a total of 44 different dynamic features. In Section V, we also analyze which feature subsets allow reaching the best verification rates. V. EXPERIMENTAL RESULTS In order to evaluate the effectiveness of the proposed protected system, an extensive set of experimental tests is performed. The BIOSECURE-DS2 handwritten signature corpus [58] is employed to train the UBMs and to estimate the eigen-model projection matrix. Specifically, the UBMs are estimated over 2500 genuine and forged signatures taken from 50 users, while 1000 genuine signatures taken from 100 subjects are used to evaluate the matrix.thetestsare then performed over the public version of the MCYT online signature database [59], which comprises signatures taken from 100 subjects, specifically 25 genuine signatures for each user have been captured during 5 different acquisition sets. Five different impostors for each subject have also produced 25 skilled forgeries without breaks or slowdowns, after having observed the static images of the genuine signatures and having tried to copy them at least 10 times as training. It is worth specifying that both the BIOSECURE-DS2 and the MCYT database have been acquired using an INTUOS A6 tablet, which makes the two databases compliant. The authentication performance is evaluated through the false rejection rate (FRR), the false acceptance rate (FAR) for skilled forgeries, and the equal error rate (EER). These figures are obtained by considering, for each user, signatures taken from the first two acquisition sets of MCYT during the enrollment. The FRR is estimated over the signatures belonging to the other available acquisition sets, while the FAR is computed by using the 25 skilled forgeries available for each user. As for the employed modeling, states, each with Gaussian mixtures, are considered in the UBMs. Moreover, the dimension of the eigen-model projection space is set to, thus resulting in users templates of length by using the state-specific eigen-model projections, while for the MAP approach. The comparison between the performance achievable when using the MAP and the eigen-model adaptations is presented in Section V-A, where different feature spaces and classification strategies are taken into account. The performance of the proposed protected approach is then discussed in Section V-B, while V-C analyzes in details the characteristics of the employed biometric representation when applied to practical data. The proposed user-adaptive code selection procedure is then exploited in Section V-D, and a privacy attack stemming from [46], and leveraging on the stored data to cross-match the users templates in different systems, is eventually presented and discussed in Section V-E. A. Comparison Between MAP and Eigen-Model Adaptations The first experiment is aimed at comparing the performance achievable with the MAP and the eigen-model approaches in unprotected systems, and also at analyzing which feature sets can provide the best verification rates. Towards this goal, Table I shows the EERs obtained when varying the employed feature space, identified through the set indicating which derivative orders have to be considered in the biometric representation, e.g.,. Two different matching strategies are considered: in the first one the authentication phase relies on the entire models provided by both the MAP and the eigen approaches. Specifically, the log-likelihood ratio

9 RÚA et al.: BIOMETRIC TEMPLATE PROTECTION USING UNIVERSAL BACKGROUND MODELS 277 TABLE II EERs (IN %) FOR UNPROTECTED SYSTEMS COMPUTING THE HAMMING DISTANCE BETWEEN THE BINARIZED EIGEN-MODEL PROJECTIONS AND,WITH of the authentication acquisition with the general UBM and the user-specific models are evaluated as described in Section II. This approach is commonly used when employing UBMs for biometric representation and recognition [29]. In the second one, the Mahalanobis distance between the enrollment vectors,, and the query vector is considered to evaluate the possibility of exploiting only the features in (5) and(14)toperformverification, instead of using the whole MAP or eigen models. As can be seen from the results in Table I, the MAP modeling often provides better performance than the eigen-model when the matching process relies on the evaluation of a likelihood ratio. Specifically, the best achieved EER is 3.45%. However, the usefulness of employing the eigen-model biometric representation becomes evident when comparing the recognition rates achievable by performing authentication using the Mahalanobis distance. In fact, it can be observed that the authentication performance of a system exploiting the projection vectors in (5) as biometric feature-based representation are unacceptable. A possible explanation of this behavior is that the MAP procedure provides adaptation only to the mixtures in the UBM which are actually present in the enrollment data provided by the user: if in (3), then in (4) and no adaptation is performed. Therefore, different acquisitions can result in parametric representations characterized by a high intraclass variability, which does not allow their use as discriminative features in the verification process, thus requiring the application of the whole model to perform template matching. Conversely, the eigen-model adaptation allows performing user verification with good recognition rates also when the matching process is performed directly by comparing the extracted vectors, thanks to the low intraclass variability of the computed projections. Only the eigen-model adaptation can be, therefore, considered to provide a biometric feature-based representation which can be employed in a fuzzy commitment framework, thus allowing us to perform verification while protecting the considered templates. As a consequence of the carried-out analysis, only the feature-based representation in (14) is employed in the following. In order to determine which signature feature sets should be considered to guarantee the best verification performance in the proposed protected system, it is worth observing that in a fuzzy commitment cryptosystem a user is accepted if the Hamming distance between the binary vectors acquired during enrollment and authentication is lower than the error correction capability of the employed code. The EERs achievable in unprotected systems where the decision process is performed by comparing the Hamming distances between the binarized eigen-model vectors and with a threshold are, therefore, evaluated and reported in Table II. These results are then considered to determine the best performing feature sets which will be employed in the following experiments. For example, the feature set, that is,, providing the best results in Table II with an EER,isfirstemployedinSectionV-Btotestthe proposed protect system. B. Performance of the Protected System When using block codes in a practical cryptosystem, the size of the employed binary biometric template has to be equal to the length of the employed error correcting code. Specifically, when BCH codes are used to manage the intraclass variability of the considered data, the available codewords have a length,with. The procedure described in Section III-A for the selection of the user s most reliable projections can be thus exploited to select projections out of the provided by the eigen-models. Fig. 2(a) shows the FRRs and FARs achievable when using BCH codeword of length. The feature set, providing the best results with binarized templates according to Table II, is employed here. From the obtained results, it is worth noting that only few operating conditions are practically available, and that the EER condition, in which FRR FAR, cannot always be obtained. This is due to the limited range of error correction capabilities which is in practice available when using a specific BCH error correcting code in a protected system. However, the performance achievable with the proposed protected system, both in terms of verification performance and in the number of available operating points, can be improved by exploiting the properties of the UBMs. Specifically, as already outlined in Section III-D, different eigen-model representations can be generated from the same subject while using the same biometrics original features,simplybyperformingdifferent initializations of the LBG algorithm employed during the UBM training. According to this approach, the vectors representing a users biometrics can be constructed in order to have size, with, simply by concatenating the eigen-model projections related to different UBMs. Fig. 2(b) shows the improvements in terms of operating point number achievable when employing different UBMs, thus obtaining (20) Fig. 2(b) shows the improvements in terms of operating point number achievable when employing different UBMs to construct the representative vector of each biometric acquisition. Having defined the half total error rate (HTER) as HTER FRR FAR, the operating condition providing the best verification results in terms of HTER consist of a FRR for a FAR, when selecting coefficients out of the available. In order to properly evaluate a biometric cryptosystem, together with the recognition rates, the size of the random key, which determines the security of the entire system [41], has also

10 278 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 Fig. 2. Verification rates for increasing number of eigen-model projections. (a) ;(b) ;(c). TABLE III PERFORMANCE COMPARISON FOR DIFFERENT LENGTHS OF THE EMPLOYED EIGEN-MODEL-BASED BIOMETRIC REPRESENTATIONS FOR PROTECTED SYSTEMS WITH to be considered. The aforementioned verification rates can be achieved when using a BCH code, where is the length of the employed cryptographic keys, while a condition in which FRR FAR can be obtained with a (255, 29, 47) BCH code relying on keys with bits. Unfortunately, such key strengths are not enough to provide proper protection to the employed templates. However, the performance of the proposed cryptosystem in terms of key strength can be further improved by increasing the number of eigen-model projections employed to represent a given biometrics. This goal can be achieved by concatenating the vectors originated from different feature sets. Following such an approach, we have considered four different features sets and four different initializations of the UBMs employed to model each feature set have been performed thus obtaining eigen-model projections. Specifically, for this task we can select four feature sets among the best performing ones for a matcher based on Hamming distance according to Table II. In the case of, the concatenated features are thus defined as (21) The performance obtained when selecting projections out of the available 4800 is reported in Fig. 2(c). The configuration resulting in the minimum HTER is obtained with, the case in which the verification rates FRR FAR are achieved. In order to better compare the performances achievable when using,,or coefficients to represent a user s biometrics, Table III summarizes the operating conditions guaranteeing the minimum HTERs for different values of. As for the test case, Fig. 3(a) illustrates the behavior of FRR and FAR for different selections of the parameter while keeping. As can be seen from Fig. 3(a) and Table III, a key strength of bits can be obtained with such configuration, thus obtaining verification rates comparable to those of an unprotected system while providing adequate protection to the stored templates. C. Characteristics of the Employed Biometric Representation As pointed out in Section III-C, the eigen-model projections generated by means of different UBMs can be combined to represent a given biometrics thanks to the fact that they possess a negligible correlation. The same considerations can be also applied to projections originated from different original feature sets, as shown in Fig. 3(b), which reports the histogram of the normalized correlation coefficients evaluated between every possible couple of eigen-model projections,. As can be seen, the cross-correlation between projections computed by means of different UBMs or different feature sets is negligible, thus resulting in a cross-correlation matrix which resembles the identity matrix. Moreover, the histogram of the distance, suggested in [42] as a measure for the dependence of the features employed in a biometric cryptosystem, is also plotted in Fig. 3(c), which confirms the loose projections cross correlation. The entropy of the employed binary representation can be evaluated by means of an approximation based on second-order dependency trees [60]. According to this simplification, the entropy can be expressed as where is the eigen-features vector for the th UBM using input space. (22)

11 RÚA et al.: BIOMETRIC TEMPLATE PROTECTION USING UNIVERSAL BACKGROUND MODELS 279 Fig. 3. Characteristics of the proposed protected system for. (a) FRR and FAR with respect to,with ; (b) histogram of the absolute value for the correlation coefficients of the 4800 considered eigen-model projections; (c) histogram of the for the 4800 considered eigen-model projections. Fig. 4. Performance of the user-adaptive protected system, with. (a) ROC curves for different values of ; (b) histogram of the key lengths for FRR FAR. being the mutual information between and, computed for all with. When we obtain bits, testifying that the empirical entropy evaluated over practical data undergoes only a 3.49% reduction with respect to the theoretical maximum. The entropy of the resulting binary vector, therefore, remains high, thus not affecting the privacy leakage of the proposed system. The observed reduction is due in part (3.6 bits, i.e., 0.08%) to the noisy estimation of the coefficients mean and distribution asymmetries. Moreover, the limited size of the data available to estimate the projection matrix results in a low, although still present, correlation among the computed eigen projections, which produces a further entropy reduction (163.9 bits, i.e., 3.41%). An increase in the size of the training data upon which the UBMs are estimated would improve the resulting entropy. D. Performance Improvement: User-Adaptive Code Selection The performance improvement which can be obtained by employing the user-adaptive code selection procedure described in Section III-B is also analyzed. Within this scenario, the error correction capability applied to the biometrics of a given user directly depends on its intraclass variability. The receiver operating characteristic (ROC) curves obtained by varying the parameter for a system using eigen-model projections are shown in Fig. 4(a). As can be seen, the best verification rates are given by FRR FAR, obtained when selecting coefficients. It is worth noting that the adoption of the user-adaptive code selection procedure allows managing a greater amount of operating points, thus improving the flexibility of the system in adapting to different requisites. Moreover, it can also improve the system s security: as shown in Fig. 4(b), which illustrates the normalized histogram of the values assigned to the users of an adaptive protected system working at FRR FAR, longer keys can be assigned to the users characterized by a low intraclass variability, with a mean key strength equal to 78.2 bits. With respect to a system not employing the user-adaptive code selection, an adaptive system is, therefore, able to provide better verification rates while also improving the system security. E. Cross-Link Attack The privacy protection provided by the proposed system is also investigated by analyzing the possibility of linking the identities of a user enrolled in different systems. Specifically, crosslink attacks such as those described in [61] could be considered. However, at least partial inversion of the protected templates would be required to perform such attacks which makes them unfeasible. In fact only the signs of the most reliable projection coefficients would be revealed even if the fuzzy commitment is broken, and it would be impossible to produce a good estimate of the adapted user model for a given UBM when only the signs of the projection coefficients associated to another UBM are known.

12 280 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 On the other hand, it would be possible to design a specific cross-link attack relying on the availability of the user s best projections indexes as in [46]. Although it is not feasible to directly compare the indexes stored in two different systems with them associated to different UBMs, an attacker can try to estimate which projections are the most reliable ones according to a given UBM, when knowing the most reliable projections of another UBM. Specifically, we assume that two databases and contain the templates taken from the same 100 users in MCYT, evaluated by considering the UBM and the eigen-model projection matrices for,while and are considered for. An attacker knowing the best projection indexes, for all the users in the two systems, the common data,,,, and also a set of signatures from a large population of users, has to determine the correspondence between the users enrolled in the two databases. In order to do so, the indexes in and cannot be directly compared, because they are related to eigen-model projections obtained by means of different UBMs. It would be necessary to estimate a set of regression functions which could link the projections exploited in two different systems, such that,. For this task, Principal Components Regression [62] over can be performed, since there can exist correlations between the predictor values. The signatures in BIOSECURE-DS2 are used for. Specifically, since the attacker does not know either the values or the variances of the vectors for the users in, he can only assume that the projections in have a value greater than the others, and therefore at his best can built an artificial user projection vector such that,and otherwise. The estimate of the projection vector of the user in is. Assuming that all the indexes have the same variance, the attacker selects the highest values in, and their indexes constitute the attacker s estimate of the relevant projections in. Given that (23) where is a distance between sets, which decreases with the increase of corresponding coefficients in the two arguments, then the attacker decides. Systems involved in this attack are using four different UBMs each, so,and. As we can see in the results shown in Table IV, only one of the tested systems can be attacked with a relatively high success ratio, while the described attack based on components regression is unsuccessful, with in the same order as,where is the cardinality of the considered set of users. This result is confirmed in Fig. 5, which reports the probability of the actual user to belong to the top- list of selected templates, thus showing TABLE IV PERFORMANCE OF THE PRIVACY ATTACK IN TERMS OF THE IDENTIFICATION SUCCESS RATIO (%) FOR THE DIFFERENT COMBINATIONS OF SYSTEMS TESTED IN THE EXPERIMENT Fig. 5. Top- performance of helper data regression cross-link attack. that the mean observed behavior of the proposed attack is comparable with that of a random guess. It is worth noticing that performing this attack would allow system designers to assess the renewability capacity of a new UBM, and eventually discard UBMs which could pose vulnerability issues due to a cross-link attack. Actually, Fig. 5 also shows that when UBM 2 is discarded because of this cross-link vulnerability check, the mean behavior of the remaining systems is very close to the random guess attack, thus enhancing the strength of the proposed approach against this attack. VI. CONCLUSION In this paper, we have exploited the properties of UBMs to derive a biometric representation which can be used to perform authentication in a protected system based on the fuzzy commitment scheme. We have considered both the commonly used MAP approach and the eigen-model approach to perform the adaptation of the UBMs to the user-specific characteristics. Specifically, we have verified that the proposed eigen-model representation is more suitable for designing a protected biometric cryptosystem, since it is characterized by an intraclass variability significantly lower than the one shown by the MAP-adapted models means supervectors. The properties of the UBM allow us to provide renewability to templates which are then protected by means of a fuzzy commitment scheme. The obtained experimental results of the online signature authentication show that the eigen-model representation provides a promising approach to perform biometric recognition in a protected domain, allowing us to reach good verification performance while providing security to the considered biometric templates, and guaranteeing the desired privacy. Moreover, the

13 RÚA et al.: BIOMETRIC TEMPLATE PROTECTION USING UNIVERSAL BACKGROUND MODELS 281 use of the proposed user-adaptive code selection strategy improves the achievable performance, both in terms of recognition capabilities and template security. REFERENCES [1] Biometric Security Concerns CESG UK Biometric Working Group, Tech. Rep., 2003 [Online]. Available: policy_technologies/biometrics/media/biometricsecurityconcerns.pdf, Retrieved Oct., 2008 [2] S.Prabhakar,S.Pankanti,andA.K. Jain, Biometric recognition: Security and privacy concerns, IEEE Security Privacy Mag., vol. 1, no. 2, pp , Mar./Apr [3] E. Mordini, Biometrics, human body and medicine: A controversial history, in Ethical, Legal and Social Issues in Medical Informatics,P. Duquenoy, C. George, and K. Kimppa, Eds. Hershey, PA: Idea Group Inc., 2008, pp [4] R. Cappelli, A. Lumini, D. Maio, and D. Maltoni, Fingerprint image reconstruction from standard templates, IEEE Trans. PAMI, vol. 29, no. 9, pp , Sep [5] A.K.Jain,K.Nandakumar,andA.Nagar, Biometric template security, Special Issue on Biometrics, EURASIP J. Adv. Signal Process., pp. 1 17, Jan [6] A. B. J. Teoh, D. C. L. Ngo, and A. Goh, Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs, IEEE Trans. PAMI, vol. 28, no. 12, pp , Dec [7] S. Jassim, H. Al-Assam, and H. Sellahewa, Improving performance and security of biometrics using efficient and stable random projection techniques, in Proc. Int. Symp. Image and Signal Processing and Analysis (ISPA), 2003, pp [8] N.K.Ratha,J.H.Connell,andR.Bolle, Enhancingsecurityandprivacy of biometric-based authentication systems, IBM Syst. J.,vol.40, no. 3, pp , [9] H. Lee, C. Lee, J. y. Choi, J. Kim, and J. Kim, Changeable face representations suitable for human recognition, Lecture Notes Comput. Sci., vol. 4642, pp , [10] N. Ratha, S. Chikkerur, J. H. Connell, and R. M. Bolle, Generating cancelable fingerprint templates, IEEE Trans. Pattern Anal. Mach. Intell., vol. 29, no. 4, pp , Apr [11] T. E. Boult, W. J. Schreirer, and R. Woodworth, Revocable fingerprint biotokens: Accuracy and security analysis, in Proc. IEEE Conf. Computer Vision and Pattern Recognition, Jun. 2007, pp [12] F.Quan,S.Fei,C.Anni,andZ.Feifei, Crackingcancelablefingerprint template of ratha, in Proc. Int. Symp. Computer Science and Computational Technology, Dec. 2008, pp [13]E.Maiorana,P.Campisi,J.Fierrez,J.Ortega-Garcia,andA.Neri, Cancelable templates for sequence-based biometrics with application to on-line signature recognition, IEEE Trans. Syst., Man, Cybern. A, Syst., Humans, vol. 40, no. 3, pp , Mar [14] Y. Dodis, L. Reyzina, and A. Smith, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, Lecture Notes Comput. Sci., vol. 3027, pp , [15] Y. Sutcu, Q. Li, and N. Memon, Protecting biometric templates with sketch: Theory and practice, IEEE Trans. Inf. Forensics Security, vol. 2, no. 3, pp , Sep [16] A. Juels and M. Wattenberg, A fuzzy commitment scheme, in Proc. 6th ACM Conf. Computer and Communication Security, Nov. 1999, pp [17] P. Tuyls, E. Verbitsky, T. Ignatenko, D. Schobben, and T. H. Akkermans, Privacy protected biometric templates: Acoustic ear identification, Proc. SPIE, vol. 5404, pp , [18] P. Tuyls, A. Akkermans, T. Kevenaar, G. J. Schrijen, A. Bazen, and R. Veldhuis, Practical biometric template protection system based on reliable components, in Proc. Audio and Video Based Biometric Person Authentication (AVBPA), 2005, pp [19] M. Van der Veen, T. Kevenaar, G.-J. Schrijen, T. H. Akkermans, and F. Zuo, Face biometrics with renewable templates, in Proc. SPIE Security, Steganography, and Watermarking of Multimedia Contents, 2006, vol. 6072, pp [20] F. Hao, R. Anderson, and J. Daugman, Combining crypto with biometrics effectively, IEEE Trans. Comput., vol. 55, no. 9, pp , Sep [21] E. Maiorana, P. Campisi, and A. Neri, User adaptive fuzzy commitment for signature templates protection and renewability, SPIE J. Electron. Imag., vol. 17, no. 1, pp. 1 12, Jan./Mar [22] A. Juels and M. Sudan, A fuzzy vault scheme, Designs, Codes, Cryptography, vol. 38, no. 2, pp , [23] M. R. Freire, J. Fierrez, M. Martinez-Diaz, and J. Ortega-Garcia, On the applicability of off-line signatures to the fuzzy vault construction, in Proc. Int. Conf. Document Analysis and Recognition (ICDAR), 2007, pp [24] D. H. Nyang and K. H. Lee, Fuzzy face vault: How to implement fuzzy vault with weighted features!!, Lecture Notes Comput. Sci., vol. 4554, pp , [25] Y. J. Lee, K. Bae, S. J. Lee, K. R. Park, and J. Kim, Biometric key binding: Fuzzy vault based on iris images, Lecture Notes Comput. Sci., vol. 4642, pp , [26] W. J. Scheirer and T. E. Boult, Cracking fuzzy vault and biometric encryption, in Proc. IEEE Biometric Symp., Baltimore, MD, Sep [27] F. M. Bui, K. Martin, H. Lu, K. N. Plataniotis, and D. Hatzinakos, Fuzzy key binding strategies based on quantization index modulation (QIM) for biometric encryption (BE) applications, IEEE Trans. Inf. Forensics Security, vol. 5, no. 1, pp , Mar [28] Y. C. Feng, P. C. Yuen, and A. K. Jain, A hybrid approach for generating secure and discriminating face template, IEEE Trans. Inf. Forensics Security, vol. 5, no. 1, pp , Mar [29] D. A. Reynolds, T. F. Quatieri, and R. B. Dunn, Speaker verification using adapted Gaussian mixture models, Digital Signal Process., vol. 10, no. 1 3, pp , Jan [30] J. L. Alba-Castro, D. González-Jiménez, E. Argones-Rúa, E. González- Agulla,E.Otero-Muras,andC.Garcýa-Mateo, Pose-corrected face processing on video sequences for webcam-based remote biometric authentication, J. Electron. Imag., vol. 17, no. 1, p , [31] Y. Huang, D. Xu, and F. Nie, Regularized trace ratio discriminant analysis with patch distribution feature for human gait recognition, in Proc. 17th IEEE Int. Conf. Image Processing (ICIP), Hong Kong, 2010, pp [32] E. A. Rúa, D. P.-P. López, and J. L. A. Castro, Ergodic HMM-UBM system for on-line signature verification, in Proc. Int. Conf. Biometric ID Management and Multimodal Communication, Sep. 2009, vol. LNCS 6583, pp [33] L. E. Baum, T. Petrie, G. Soules, and N. Weiss, A maximization technique occurring in the statistical analysis of probabilistic functions of Markov chains, Annals Math. Statist., vol. 41, no. 1, pp , [34] Y. Linde, A. Buzo, and R. Gray, An algorithm for vector quantizer design, IEEE Trans. Commun., vol. COM-28, no. 1, pp , Jan [35] J.-L. Gauvain and C.-H. Lee, Maximum a posteriori estimation for multivariate Gaussian mixture observations of Markov chains, IEEE Trans. Speech Audio Process., vol. 2, no. 2, pp , Apr [36] J. C. Junqua, P. Nguyen, and N. Niedzielski, Rapid speaker adaptation in eigenvoice space, IEEE Trans. Speech Audio Process., vol. 8, no. 2, pp , Nov [37] P. Kenny, G. Boulianne, and P. Dumouchel, Eigenvoice modeling with sparse training data, IEEE Trans. Speech Audio Process., vol. 13, no. 3, pp , May [38] M. Turk and A. Pentland, Eigenfaces for recognition, J. Cognitive Neurosci., vol. 3, no. 1, pp , [39] R. Kuhn, P. Nguyen, J. C. Junqua, and L. Goldwasser, Eigenfaces and eigenvoices: Dimensionality reduction for specialized pattern recognition, in Proc. IEEE Second Workshop on Multimedia Signal Processing, Dec. 1998, pp [40] R. Westwood, Speaker Adaptation Using Eigenvoices, M.Phil., Cambridge Univ., Cambridge, U.K., [41] T. Ignatenko and F. M. J. Willems, Information leakage in fuzzy commitment schemes, IEEE Trans. Inf. Forensics Security, vol. 5, no. 2, pp , Jun [42] X. Zhou, S. D. Wolthusen, C. Busch, and A. Kuijper, Feature correlation attack on biometric privacy protection schemes, in Proc. Fifth Int. Conf. Intelligent Information Hiding and Multimedia Signal Processing, Sep. 2009, pp [43] T.IgnatenkoandF.M.J.Willems, Biometricsystems:Privacyand secrecy aspects, IEEE Trans. Inf. Forensics Security, vol. 4, no. 4, pp , Dec [44] K. Simoens, P. Tuyls, and B. Preneel, Privacy weaknesses in biometric sketches, in Proc. 30th IEEE Symp. Security and Privacy,May 2009, pp [45] E. J. C. Kelkboom, J. Breebaart, T. A. M. Kevenaar, I. Buhan, and R. N. J. Veldhuis, Preventing the decodability attack based cross-matching in a fuzzy commitment scheme, IEEE Trans. Inf. Forensics Security, vol. 6, no. 1, pp , Mar

14 282 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 1, FEBRUARY 2012 [46] Q. Li, M. Guo, and E.-C. Chang, Fuzzy extractors for asymmetric biometric representation, IEEE CVPR, pp. 1 6, Jun [47] E. Maiorana and P. Campisi, Fuzzy commitment for function based signature template protection, IEEE Signal Process. Lett.,vol.17,no. 3, pp , Mar [48] X. H. Dang and J. Bailey, Generation of alternative clusterings using the CAMI approach, in Proc. SIAM Int. Conf. Data Mining, Apr. 2010, pp [49] Y. Cui, X. Z. Fern, and J. G. Dy, Learning multiple nonredundant clusterings, ACM Trans. Knowl. Discovery From Data (TKDD), vol. 4, no. 3, pp. 15:1 15:32, Oct [50] S. Ben-David, U. von Luxburg, and D. Pál, A sober look at clustering stability, Learning Theory, Lecture Notes Comput. Sci., vol. 4005, pp. 5 19, [51] P. Campisi, E. Maiorana, and A. Neri, Signature biometrics, in Encyclopedia of Cryptography and Security, H.C.A.vanTilborgandS. Jajodia, Eds., 2nd ed. : Springer-ECS, Sep [52] A. Kholmatov and B. Yanikoglu, Identity authentication using improved online signature verification method, Pattern Recognit. Lett., vol. 26, no. 15, pp , Nov [53] J. Fierrez, J. Ortega-Garcia, D. Ramos, and J. Gonzalez-Rodriguez, HMM-based on-line signature verification: Feature extraction and signature modeling, Pattern Recognit. Lett., vol. 28, no. 16, pp , Dec [54] C. Vielhauer, R. Steinmetz, and A. Mayerhöfer, Biometric hash based on statistical features of online signatures, in Proc. Int. Conf. Pattern Recognit., Aug. 2002, vol. 1, pp [55] Y.Kuan,A.B.J.Teoh,andD.C. L. Ngo, Secure hashing of dynamic hand signatures using wavelet-fourier compression with BioPhasor mixing and discretization, EURASIP J. Adv. Signal Process., vol. 2007, 2007, Article ID [56] E. Maiorana, M. Martinez-Diaz, P. Campisi, J. Ortega-Garcia, and A. Neri, Template protection for HMM-based on-line signature authentication, in Proc. IEEE CVPR, Anchorage, AK, Jun [57] M. Freire-Santos, J. Fierrez-Aguilar, and J. Ortega-Garcia, Cryptographic key generation using handwritten signature, in Proc. SPIE Defense and Security Symp., Biometric Technologies for Human Identification, Orlando (Kissimmee), FL, Apr. 2006, vol N. [58] J. Ortega-Garcia et al., The multi-scenario multi-environment Biosecure multimodal database (BMDB), IEEE Trans. Pattern Anal. Mach. Intell., vol. 32, no. 6, pp , Jun [59] J. Ortega-Garcia et al., MCYT baseline corpus: A bimodal biometric database, Inst. Elect. Eng. Proc. Vision, Image & Signal Processing, vol. 150, no. 6, pp , [60] C. Chow and C. Liu, Approximating discrete probability distributions with dependence trees, IEEE Trans. Inf. Theory, vol. 14, no. 3, pp , May [61] A. Nagar, K. Nandakumar, and A. K. Jain, Biometric template transformation: A security analysis, in Proc. Media Forensics and Security SPIE, Jan.2010,vol.SPIE. [62] D. M. Hawkins, On the investigation of alternative regressions by principal component analysis, J. Royal Statist. Society, Series C (Appl. Statist.), vol. 22, no. 3, pp , recognition problems. Enrique Argones Rúa (M 10) received the M.Sc. and Ph.D. degrees (Hons.) in telecommunications engineering from the University of Vigo, Spain, in 2003 and 2008, respectively. From March 2005 to August 2005, he was a Visiting Researcher with the CVSSP, University of Surrey, Guildford, U.K. He is currently working on several projects related to biometrics. His research interests include face verification, video processing, online signature verification, multimodal authentication, biometric cryptosystems, and other pattern Emanuele Maiorana (S 06 M 08) received the Laurea degree (summa cum laude) in electronic engineering and the Ph.D. degree in telecommunication engineering from Universitá degli Studi Roma Tre, Rome, Italy, in 2004 and 2009, respectively. From September 2004 to November 2005, he was with the Communications and High-Tech Workgroup, Accenture Consulting Workforce. From October 2007 to March 2008, he was a Visiting Researcher with the Biometric Recognition Group, ATVS, Universidad Autonoma de Madrid, Madrid, Spain. He is currently a Researcher with Universitá degli Studi Roma Tre. His research interests are in the areas of digital signals, image processing, textures, biometrics, and security of telecommunication systems. Dr. Maiorana is the recipient of the Lockheed Martin Best Paper Award for the Poster Track at the 2007 IEEE Biometrics Symposium and of the Honeywell Student Best Paper Award at the 2008 IEEE Second International Conference on Biometrics: Theory, Applications, and Systems. José Luis Alba Castro (M 92) received the Ph.D. degree in telecommunications engineering in 1997 from the University of Vigo, Spain. He is currently an Associate Professor at the same University, teaching image processing, statistical pattern recognition, machine learning, and biometrics. His research interests include signal and image-based biometrics, computer vision for driver assistance, and computer vision for quality control. He is the head of the Computer Vision Laboratory of the University of Vigo and has been the leader of many research projects and contracts on these topics. He has served in many technical program committees and authored more than 50 research papers. Dr.CastroisanassociateeditorofEURASIP Journal on Information Security. Patrizio Campisi (M 00 SM 08) received the Ph.D. degree in electrical engineering from the Università degli Studi Roma Tre, Rome, Italy. He is now Professor at the Department of Applied Electronics, Roma Tre. His research interests are in the area of digital signal, image, and video processing with applications to secure multimedia communications. Specifically, he has been working on secure biometric authentication, digital watermarking, image deconvolution, image analysis, stereo image and video processing, blind equalization of data signals, and secure communications. He was the General Chair of the 12th ACM Workshop on Multimedia and Security, September 9 10, 2010 Rome, Italy. He has been a member of the technical committee of several conferences. He has published more than 110 papers in international conferences, books, and journals. He is coeditor of the book Blind Image Deconvolution: Theory and Applications (Boca Raton, FL: CRC Press, May 2007). Dr. Campisi is corecipient of an IEEE ICIP06 and IEEE BTAS 2008 best student paper award and of an IEEE Biometric Symposium 2007 best paper award. He is an Associate Editor of IEEE SIGNAL PROCESSING LETTERS (December 2008 December 2011). He is an elected member of the IEEE Information Forensics and Security Technical Committee (January 2011 January 2013). He is a member of IEEE Certified Biometric Program (CBP) Learning System Committee (2007 present) and a member of the IEEE Technical Committee on Information Assurance and Intelligent Multimedia-Mobile Communications, System, Man, and Cybernetics Society (2007 present). He is an associate editor of the International Journal of Digital Crime and Forensics (IJDCF) (January 2009 present). He is an associate editor of Advances in Multimedia by Hindawi (January 2009 present).