2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

Online Signature Template Protection by Shuffling and One time Pad Schemes with Neural Network Verification
Fahad Layth Malallah*1, Sharifah Mumtazah Syed Ahmad**1 ,Wan Azizun Wan Adnan1, Vahab Iranmanesh1, Salman Yussof2
2

Faculty of Engineering, Universiti of Putra (UPM), Malaysia College of Information technology, Universiti Tenaga Nasional (UNITEN), Malaysia *fahad.layth.86@gmail.com , **s_mumtazah@eng.upm.edu.my

Abstract: The role of handwritten signatures as tokens of identification has been established for decades. With the advancement of current technologies, online signature verification has been introduced whereby human signatures are captured online using digitizing tablets and pens and are used as bases for biometrics verification. Nevertheless, such online human signature templates are similar to other personal data which are private and confidential and must be protected. In this paper, we introduce a comprehensive secure solution to an online signature biometric system by complementing it with biometric template protection. The security measures are based on a hybrid approach of a shuffling and one time pad schemes. The template protection mechanism has been implemented on a collection of realistic human signature compiled in SIGMA database. It has then been tested for its accuracy via an online signature biometric consisting of a Principal Component Analysis (PCA) based feature extraction and Artificial Neural Network (ANN) based classifier. The overall biometric system has demonstrated accuracy up to 83.5% with only slight performance degradation with the introduction of the template protection (i.e. up to 74%). Keywords: Shuffling scheme, one time pad (OTP), principle component analysis (PCA), Artificial Neural Network (ANN), online signature verification, biometric template protection.

Apart from accuracy, security is also a major concern for signature biometric [3-6]. This is because signatures of individuals should be treated in great privacy and confidentiality, similar to the treatment of any other user personal information. This requirement is greater for online signature biometric which captures signature samples using digitizing pens and tables. The online samples are often in the format of time series signals that provide sufficient information to deduce the graphical image of the signatures. In addition, they also provide information on the exact trajectory of the signing process [7].Thus, there is a greater security threat for online signature biometric, whereby an intercepted online signature template can provides an impostor with both the image and the how to mimic a genuine signature. Moreover, there have also been reports whereby online human signatures have been successfully synthesized by computers from their reference counterparts [8]. Though security is one of the major concerns for online signature biometric, there have been minimal efforts in tackling this issue. Majority of the research works on online signature verification systems are aiming at improving the accuracy of the systems without the deployment of template protection [9,25-26].A few available research reports on online signature biometric template protection includes [1,24]. A possible explanation on the lacking of research in the domain of signature biometric template protection is the challenges to provide both security and accuracy at the same time, whereby both aspects may contradicts one another. Thus, in this paper, we provide an overview of biometric security that leads to the above mentioned design challenges [Section 2]. This in turns remains the objective of this paper, which is to present a comprehensive solution to a secure online signature biometric by complementing it with an online signature template protection [Section 3]. In this paper, the biometric system utilizes a Principal Component Analysis (PCA) feature extraction module with an Artificial Neutral Network (ANN) classifier. In addition, we introduce security techniques based on a hybrid approach of a shuffling and one time pad schemes. We also describe in detail the experimental research approach and signature database used in this study [Section 2].Results of the online signature biometric with and without the proposed biometric 43

1. Introduction
Automatic signature verification is a form of biometric whereby a given claimed identity is verified based on user signature samples. Here, a user identity is authenticated through comparisons between the queried and the reference signature templates often stored in signature database. The output decision of a signature biometric system is the status of an input queried template; either it is accepted as genuine representation of the claimed identity or vice versa. The main advantage of signature biometric is due to its wide public acceptance since signatures have long been used and acknowledged worldwide as an acceptable token of identification [1-2]. Nevertheless, engineers and scientists face two conflicting design challenges in building an accurate signature biometric [1]. One of which is due to the instability of human signatures which are inherent between genuine signature samples. The other challenge is due to signatures characteristics that can be forged by impostors with closed resemblance given sufficient time and samples.

2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

template protection are illustrated as well [Section 4]. Discussions of the work are presented [Section 5]. This paper ends with the conclusions on our research work [Section 6].

2. Signature Biometric Security

2.1. Biometric System: In general, there are two main modes of a biometric system. The first one is the identification mode, which means comparing the target biometric data with all the data in the entire system. In other words, we need to perform one-to-many (1: N) comparisons of biometric data. Usually, this mode consumes a lot of time because it needs to do many comparison operations. Within this mode, there are two types of biometric identification system: Positive and Negative. Positive system means the system should be designed to enroll the template in the database. Negative system means the system should be designed to ensure that the target template person is not presented in the database. The second mode of biometric system is the authentication mode (Verification), which means comparing the target biometric data with the specific reference stored in the system to verify or authenticate its identity. In other words, we need to perform one-to-one (1:1) comparison of biometric data. This mode requires less time than the identification mode [1-4, 10,12]. Both modes of biometric system have two stages: Enrollment and Authentication. Figure 1 illustrates the basic method of the implementation. In the enrollment stage, T represents the template after it is acquired from the biometric sensor. Then, feature extraction operation is applied on T which resulted in the reference template XT, which is to be stored in the database for the use of template matching. In the authentication stage, the reference template XT will be compared with the query feature XQ that is extracted from Q query template by the feature extractor at the time of authentication. After that, the final decision will be decided based on biometric accuracy [3].

salient information that is required by the matcher to perform comparison. Matcher is used to compare between the queried biometric and referenced biometric. Usually it is an executable program that accepts two biometric features: queried and referenced features, then outputs a score result for the matching to determine the similarities between the two inputs. Template database is used to store the reference model and it has to be secured. Finally, the Decision Module is used to translate the score results to either acceptance or rejection [3]. In order to provide a protection to the system, it is important to identify all points of vulnerabilities within a biometric system. Figure 2 illustrates eight attack points in a biometric system and these attacks have been grouped into four categories; namely attack on user interface, attack on the interface between modules, attack on the module and attack on the template database.

Figure 2.Points of Attack in a Biometric System (adapted from [3]). The impact of the attacks may lead to denial-of service (service blocking legitimate users) or intrusion (service authorizing imposters) [11]. This paper is focused on the fourth category which is on how to protect the template in the database since this type of attack is common. The attack on the template database leads to the following three vulnerabilities. First, an attacker can replace the template in the database to gain unauthorized access. Second, physical spoofing could be created from the template to gain unauthorized access. Third, the stolen template could be replayed to the matcher to gain unauthorized access [2]. 2.3. Biometric Template Protection: In biometric systems, a template is stored in a database during the enrollment stage. Unprotected templates can reveal partial or complete information regarding the registered biometric and hence becoming a threat to the security of the system. Thus, one of the methods to secure biometric template in the database is to introduce biometric template protection [5]. The ideal properties of a good biometric template protection should satisfy the following requirements: Diversity, Revocability, Security and Performance. Diversity means that the secured template should not allow a cross matching across databases. Revocability (renewability) means it should be straightforward to revoke a compromised 45

Figure 1.Enrollment and Authentication Stages, (adapted from [3]). 2.2. Biometric Security: Generally, security of biometric system should provide protection to all the components of the system. There are five basic components, namely Sensor, Feature Extractor, Matcher, Template Database and Decision Module. Sensor is used to input the biometric data into the computer system. Feature Extractor is used to extract the

2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

template and reissue a new one based on the same biometric data. Security means it should be computationally hard to obtain the original biometric template from the secured template. Performance means the biometric template protection scheme should not degrade the recognition performance or error accuracy of false accept rate (FAR) and false reject rate (FRR) of the biometric system [1,3,5]. Most of the time, it is difficult to satisfy all of the four requirements as they may contradict each other. Thus, in this paper, we only focused on Security aspect template protection with an acceptable level of Performance. Diversity and Revocability remains our future work. 2.4. Challenges of Signature Biometric Template Protection: Signature is a behavioral type of biometrics, which is one of the most accepted biometrics. However, it is not trivial to achieve signature recognition accuracy of 100%. Human signatures themselves are unlike other biometrics data such as fingerprints or retinal patterns which are highly unique and consistent for individuals. Signatures suffer from a high level of intra-user variability caused by several physical and emotional conditions. This leads to a high level of False Reject Rate (FRR) [4] which describes the error rate of the signature biometric rejecting genuine queried samples. In addition, given sufficient samples and time to practice; an impostor can mimics genuine signatures with close resemblance. This in turns give rise to the system False Accept Rate (FAR) [4] which describes the error rate of signature biometrics accepting forgery attempts. Thus, a signature biometric itself, without the biometric template protection is already suffering from performance issue of accuracy. In addition, a good biometric template protection scheme often necessitates for some form of encryption algorithms that scramble the template into a form that cannot be decrypted easily to reveal its original content. The scrambling technique which is usually random in nature may in turn simplify the intra-user variability making accurate matching of protected template a difficult task [4] (i.e. through an increased level of FRR). Whilst it is possible to decrypt a template before matching to avoid the above mentioned problem, this approach is not recommended as it compromises the security aspects of a good biometric template protection scheme as the template is exposed to vulnerabilities within the matcher.

information is acquired by using either graphical tablets or electronic pens. In this paper, we implemented biometric template protection to online signature samples as we believe it is crucial to secure the signature dynamics. This is mainly because a persons signature images can be easily retrieved from various paper-based documents such as from legal documents and credit card financial transactions. Thus it is almost pointless to secure them in offline signature biometric as they can be easily retrieved elsewhere. On the other hand, signature dynamics is only stored in databases of an online signature databases. Should online template is secured, an impostor would find it difficult to penetrate the system making the online signature biometric more secure to perpetrators [7]. In this paper, we performed experimental work on the online counterparts of SIGMA database [23] which is compiled from a subset of Malaysian signatures. This database was collected over a period of time in order to ensure that there are sufficient variations in genuine signatures. In addition, SIGMA contains skilled forged signatures whereby forgers were given sufficient reference samples to practice upon. The data collection was supervised closely to ensure that only closed resemblance forgeries were accepted into the database. In this research, we performed enrolment on a set of training samples consisting of 10 genuine, 5 other user and 5 skilled forged samples respectively of 200 different individuals. On the other hand, system testing was carried out on a different set of training samples consisting of the same total number of samples. Biometric system diagram of the proposed method is depicted in figure 3.

3. Materials and Methods

3.1. Experimental Approach and Signature Database: Signature verification can be either based on static or dynamic information of a user. In the static signature biometric, also known as offline signature verification, the samples are in image forms scanned or captured from paper based documents using either optical scanners or cameras. In the dynamic signature biometric, also known as online signature verification, the signature will be available as time series signals of vertical (x) and horizontal (y)coordinates and other information such as pen pressure (p). This

Figure 3. Proposed Protection and Verification Biometric System 3.2. Online Signature Template Protection: Online signature consists of time series signals of horizontal (x) and vertical (y) coordinates as well as pen pressure (p). The proposed protection method consists of three stages which are applied to all the three signals (i.e. x, y and p). The first stage is Normalizing the length of signature to a fix length, the second stage is Shuffling Scheme and the third stage is One Time Pad (OTP). In figure 4, the block diagram summarizes the operations for protecting.

46

2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

Figure 4. Diagram for Generating Protected Template. A- Normalization: Intra-user variability is inherent in genuine signatures with regards to the x, y and p signals and signing execution time (t). In this research work, we performed normalization with regards to time ( t) as such all signature samples will have a fixed length. Implementation of the normalization is depicted in figure 5.

B- Shuffling Scheme: it is a type of encryption using permutation and scrambling the contents of the input message in order to output a scrambled text for increased security. The method of implementation is based on shuffling key [13-16], by separating the online signature templates into two groups. Then, concatenation operation is done between the two groups to form a new template. In this research work, the length of the key is 256 which is the same length as the normalized features. The key is assigned uniquely to each genuine user. Figure 5 illustrates shuffling scheme implementation. Figure 6 illustrates shuffling scheme implementation.

Figure 5. Normalization Steps Diagram. Interpolation box is implemented as following algorithm: Figure 6. Shuffling Scheme, (adapted from [6]). C- One Time Pad (OTP): the implementation of OTP is done by performing an XOR operation between plain text and the secret key [17-22] as in the following formula: ( () ( ) ( ) ) ( ) () OTP is performed to add additional layer of security to the template protection scheme. The secret key here is the same as the shuffling key. 3.3. Online Signature Verification System: Principal Component Analyses (PCA) as a feature extractor and Artificial Neural Network (ANN) have been used for doing verification of online signatures. PCA implementation: The aim of using PCA is to extract features from time series signals of x, y and p in a better form that is suitable for the ANN. Another advantage of PCA is as dimensional reduction without much loss of information. The steps of PCA implementation as follows: Step1: get online signals. Step2: subtract the mean: for each column, its mean is computed then subtracted from each sample in the same column, this produce a data set whose mean is zero. Step3: calculate covariance matrix: ( )( ) ( )

The same algorithm is applied on (y) coordinates and (p) pressure. Decimation box is implemented as following algorithm:

()

47

2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

)(

Step4: calculate Eigen value and Eigen vector from covariance matrix. Step5: deriving the new data set:

The output of the PCA is 162 features which represent 50 PCA score of each time series signals of x, y and pas well as 9 features as a coefficient and 3 latent from the PCA process. Thus, in total, there are 162 PCA features. ANN Classifier: The PCA features are then fed into an ANN classifier module. The characteristic of the ANN classifier is as follows: 1-Type of ANN is Back propagation network. 2- Number of layers: 2 hidden layers. The input layer contains 162 nodes which are directly taken from the PCA features, the first and the second hidden layers consist of 40 and 20 nodes and the final output layer is one node. The finalized output is between -1 and 1 whereby 3- Training algorithm type is Scaled Conjugate Gradient (SCG). 4- Activation function is tangent sigmoid. 5- Number of trained iteration is 2000. 6- Learning rate is 0.3. All the specifications for ANN above have been chosen experimentally after intensive experiments using MATLAB tool. Figure7 illustrates the finalized ANN topology.

results of security measures on a 2-Dimensional image of x and y coordinates. Our hypothesis is that the template protection scheme meets the necessary Security aspect if the finalized 2D coordinates can be rendered into an image which differs completely from the original image. In addition, we have also compared the overall accuracy of the biometric system with and without the template protection scheme. We hypothesized that the template protection scheme meets the necessary Performance aspect, if the protected biometric system results in minimal performance degradation. Figure 8 (a) and 8(b) show an example of an original signature which has a total length of 707 and the result after normalization respectively. From both diagrams; we concluded that the normalization techniques have preserved the crucial information of the signature with minimal distortion as both figures retained the shape of the images. Figure 8 (c) demonstrates the result after shuffling scheme whereby the size of a block is 4. The finalized result with the OTP scheme is illustrated in Figure 8 (d). The last two diagrams justify our approach of two layer protection scheme since shuffling scheme itself is insufficient to distort the original image.

Figure 8. Original, normalized, shuffled and OTP signature. The verification for SIGMA database is taken before and after protecting signature templates. Table 1 illustrates the total number of training and testing signature samples used in this study. Both training and testing sets differ from one another. Table 1.Number of signature samples in each class.

Figure 7. Input Signature Features to Neural Network.

4. Implementation and result

The overall research work was implemented using MATLAB tools. We have chosen the normalization length to 256 based on the average length of signature samples in SIGMA database which is 271. The preferred key length is 2 to the power of n, thus n is chosen to be 9, as such 29=256 which is the closest to 271. Though the template protection scheme is carried out on three different time series signals x, y and p (i.e. 4Dimensional data); to ease the illustration we represent the 48 Type of Signatures Genuine Class Forged Class

Training Signatures Testing Signatures

10 10

10 10

We computed the False Accept Rate (FAR), False Reject Rate (FRR) and System Accuracy by using the following formula:

2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

( ) ( ) ( ) (

( ) ( ) )

remaining desirable characteristics of a template protection scheme such as Revocability and Diversity.

Acknowledge
( )

This work was supported by Ministry of Higher Education of Malaysia which was made possible through the grant of Exploratory Research Grant Scheme (ERGS).

The verification results of the biometric system with and without the template protection scheme are listed in Table 2: Table 2.The Verification Results Type FAR (%) FRR (%) Accuracy (%)

References
[1] E.Maiorana, P. Campisi, J. Fierrez, J. Ortega-Garcia and A. Neri. Cancelable templates for sequence -based biometrics with application to on-line signature Recognition, IEEE Transaction on system, man and cybernetics-part A: system and human, Vol. 40, No.3, may 2010. [2] Radhika K R1 and Sheela S V2. Fundamentals of biometricshand written signature and iris, P. S. P. Wang (ed.), Pattern Recognition, Machine Intelligence and Biometrics, Higher Education Press, Beijing and Springer-Verlag Berlin Heidelberg, 2011. [3] A. K. Jain, K. Nandakuma and A. Nagar. Biometric template security, EURASIP Journal on Advances Signal Processing, Vol. 2008, Article ID 579416, pp. 117, 2008. [4] S.M.S. Ahmad, B. M. Ali and W.A.W. Adnan Technical issues and challenges of biometric applications as access control tools of information security, international journal of innovative computing, information and control, Vol. 8, No. 11, November , 2012. [5] N. K. Ratha,J. H. Connell and R. M. Bolle. Enhancing security and privacy in biometrics-based authentication systems, IBM System Journal,Vol. 40, No. 3, 2001. [6] S. G. Kanade, D.Petrovska-Delacretaz, and B.Dorizzi.Cancelable biometrics for better security and privacy in biometric systems, institute telecom SudParis, France, 2011. [7] A. K. Jain and A. Kumar, Biometrics of next generation: an overview, to Appear in Second Generation Biometrics Springer, 2010. [8] J. Galbally, J.Fierrez, M. Martinez-Diaz , J. OrtegaGarcia, R. Plamondon and C. O'Reilly Kinematical Analysis of Synthetic Dynamic Signatures Using the Sigma-Lognormal Model, . ICFHR '10 Proceedings of the 2010 12th International Conference on Frontiers in Handwriting Recognition, 113-118. [9] Y. Qiao, J. Liu and X. Tang, Ofine signature verication using online handwriting registration, processing Conf. IEEE, 2007. [10] L. OGorman, Comparing passwords, tokens, and biometric for user authentication , Proceedings of the IEEE ,Vol. 91, No. 12, pp. 20212040, December 2003. [11] P. Briggs and P. Olivier, Biometric daemons: authentication via electronic pets, CHI 2008 Proceedings alt.chi, Florence, Italy, ACM, 2008.

Verification on unprotected template Verification on protected template

8.55

24.35

83.55

13.45

38.75

73.90

5. Discussion
In both scenarios (with and without the template protection scheme), the biometric system demonstrated a higher level of False Reject Rate (FRR) as compared to the False Accept Rate (FAR). This reflects the problem of intra user variability which is inherent in human signatures making building an accurate biometric system a difficult task. The lower level of FAR also indicates that it is harder to penetrate an online signature verification system which is based on dynamic features of signatures. The results also demonstrated that there is a slight Performance degradation with the introduction of the template protection scheme for both FAR and FRR which is somewhat expected.

6. Conclusion
Biometric template protection remains a challenging research domain as it is often a tradeoff between the Security and Performance aspects of the biometric system. The problem is more prevalent in signature biometric since human signatures suffer from both a high level of intra-user variability due to genuine signature inconsistencies and a low level of inter-user variability due to skilled forgeries. We have introduced a biometric system with a template protection scheme which meets the Security aspect with sufficient level of Performance. Amongst our future work include investigating techniques to further improve the system accuracy and to implement the 49

2013 International Conference on Computer Science and Computational Mathematics (ICCSCM 2013)

[12] R.M. Bolle, J. H. Connell and N. K. Ratha, Biometric perils and patches, Pattern Recognition Society, Exploratory Computer Vision Group, IBM Thomas J. Watson Research Center, Yorktown Heights, USA, pp.2727 2738, 2002. [13] S. G. Kanade, D.Petrovska-Delacretaz, and B.Dorizzi.Cancelable biometrics for better security and privacy in biometric systems, institute telecom SudParis, France, 2011. [14] S. Kanade, D.Petrovska-Delacrtaz, and B.Dorizzi.Multi-biometrics based crypto-biometric session key generation and sharing protocol, ACM , 2011. [15] S. Kanade, D.Camara , E. Krichen, D.PetrovskaDelacr etaz, and B.Dorizzi. Three factor scheme for biometric based cryptography regeneration using iris, 2008. [16] J. Wen, M. Severa, W. Zeng and W. Jin, A Format compliant configurable encryption framework for access control of video, IEEE Transaction on circuit and system for video technology,Vol. 12, No. 6, June,2002 [17] W. Stalling, Cryptography and network security,Fourth edition, part one, Chapter 2.pp. 48, 2006. [18]N. K. Pareek, V. Patidar, K. K. Sud, A symmetric encryption scheme for colour BMP images, IJCA Special Issue on Network Security and Cryptography,NSC, 2011. [19] J. Kumar and S. Nirmala, Encryption of images based on genetic algorithm, a new approach advances in computer science, AISC 167, pp. 783 791, 2012.

[20]I.S. Sam, P.Devaraj and R.S. Bhuvaneswaran, Chaos based image encryption scheme based on enhanced logistic map, ICDCIT , pp. 290300, 2011. [21] A. Kumar and M.K, Ghose. improved substitutiondiffusion based image cipher using chaotic standard map, ICISTM 2010, CCIS 54, pp. 333338. 2010. [22] N. K Pareek, V. Patidar and K. K.Sud. Substitutiondiffusion based image cipher, International journal ofnetwork security & its applications (IJNSA), Vol.3, No.2, March 2011. [23] S.M. S. Ahmad, A. Shakil, A.R. Ahmad, M.A. M. Balbed and R. Md. Anwar, SIGMA A Malaysian signatures database, Proceedings of AICCSA 2008, IEEE/ACS International Conference on Computer Systems and Applications, Doha, Qatar, 31 March 4 April, 2008. [24] E. A. Rua, E. Maiorana, J. L. A. Castro and P. Campisi, Biometric template protection using universal background models: an application to online signature, IEEE transaction on information forensics and security, Vol 7, No 1, February 2012. [25] N. S. Kamel, S. Sayeed and Grant A. Ellis Glove Based Approach to Online Signature Verification, IEEE Transaction on pattern analysis and machine intelligence, VOL. 30, NO. 7, June 2008. [26] E. A. Ra and J. L. Alba Castro Online Signature Verification Based on Generative Models, IEEE Transaction on system, man, and cybernetics- Part B: Cybernetics, VOL. 42, and NO. 4, August 2012.

50