Marcos Martinez-Diaz

Template protection for HMM-based on-line signature authentication

The security of biometric data is a very important issue in the deployment of biometric-based recognition systems. In this paper, we propose a signature-based biometric authentication system, where signal processing techniques are applied to the acquired on-line signature in order to generate protected templates, from which retrieving the original data is computationally as hard as randomly guessing them. A hidden Markov model (HMM)-based matching strategy is employed to compare the transformed signatures. The proposed protected authentication system generates a score as the result of the matching process, thus allowing to implement protected multibiometric recognition systems, through the application of score-fusion techniques. The experimental results show that, at the cost of only a slight performance reduction, the desired protection for the employed biometric templates can be properly achieved.

Evaluation of direct attacks to fingerprint verification systems

The vulnerabilities of fingerprint-based recognition systems to direct attacks with and without the cooperation of the user are studied. Two different systems, one minutiae-based and one ridge feature-based, are evaluated on a database of real and fake fingerprints. Based on the fingerprint images quality and on the results achieved on different operational scenarios, we obtain a number of statistically significant observations regarding the robustness of the systems.

Hill-Climbing and Brute-Force Attacks on Biometric Systems: A Case Study in Match-on-Card Fingerprint Verification

In this paper, we study the robustness of state-of-the-art automatic fingerprint verification systems against hill climbing and brute-force attacks. We compare the performance of this type of attacks against two different minutiae-based systems, the NIST Fingerprint Image Software 2 (NFIS2) reference system and a Match-on-Card based system. In order to study their success rate, the attacks are analyzed and modified in each scenario. We focus on the influence of initial conditions in hill-climbing attacks, like the number of minutiae in the synthetically generated templates or the performance of each type of modification in the template. We demonstrate how slight modifications in the hill-climbing algorithm lead to very different success rates

Mobile signature verification: feature robustness and performance comparison

In this study, the effects of using handheld devices on the performance of automatic signature verification systems are studied. The authors compare the discriminative power of global and local signature features between mobile devices and pen tablets, which are the prevalent acquisition device in the research literature. Individual feature discriminant ratios and feature selection techniques are used for comparison. Experiments are conducted on standard signature benchmark databases (BioSecure database) and a state-of-the-art device (Samsung Galaxy Note). Results show a decrease in the feature discriminative power and a higher verification error rate on handheld devices. It is found that one of the main causes of performance degradation on handheld devices is the absence of pen-up trajectory information (i.e. data acquired when the pen tip is not in contact with the writing surface).

Towards mobile authentication using dynamic signature verification: Useful features and performance evaluation

The proliferation of handheld devices such as PDAs and smart phones represents a new scenario for automatic signature verification. Traditionally, research on signature verification has been carried out employing signatures acquired using digitizing tablets or Tablet-PCs. In this paper we study the effects of the mobile acquisition conditions and we analyze the considerations that must be taken in the new handheld scenario. A signature verification system adapted to handheld devices via feature selection is proposed and a systematic comparison with a traditional pen tablet-based system is performed. The system is combined with another based on hidden Markov models using score fusion. Results confirm an increased signature variability in the case of handheld devices.

Improving the Enrollment in Dynamic Signature Verfication with Synthetic Samples

A novel scheme to generate multiple synthetic samples from a real on-line handwritten signature is proposed. The algorithm models a transmission channel which introduces a certain distortion into the real signature to produce the different synthetic samples. The method is used to increase the amount of data of the clients enrolling on a state-of-the-art HMM-based signature verification system. The enhanced enrollment results in performance improve up to70% between the case in which only one real sample of the user was available for the training, and the case where the proposed algorithm was used to generate additional synthetic training data.

An evaluation of indirect attacks and countermeasures in fingerprint verification systems

Biometric recognition systems are vulnerable to numerous security threats. These include direct attacks to the sensor or indirect attacks, which represent the ones aimed towards internal system modules. In this work, indirect attacks against fingerprint verification systems are analyzed in order to better understand how harmful they can be. Software attacks via hill climbing algorithms are implemented and their success rate is studied under different conditions. In a hill climbing attack, a randomly generated synthetic template is presented to the matcher, and is iteratively modified based on the score output until it is accepted as genuine. Countermeasures against such attacks are reviewed and analyzed, focusing on score quantization as a case study. It is found that hill climbing attacks are highly effective in the process of creating synthetic templates that are accepted by the matcher as genuine ones. We also find that score quantization drastically reduces the attack success rate. We analyze the hill climbing approach over two state-of-the-art fingerprint verification systems: the NIST Fingerprint Image Software 2, running on a PC and a prototype system fully embedded in a smart card (Match-on-Card). Results of both systems are obtained using a sub corpus of the publicly available MCYT database.

Aging in biometrics: an experimental analysis on on-line signature

The first consistent and reproducible evaluation of the effect of aging on dynamic signature is reported. Experiments are carried out on a database generated from two previous datasets which were acquired, under very similar conditions, in 6 sessions distributed in a 15-month time span. Three different systems, representing the current most popular approaches in signature recognition, are used in the experiments, proving the degradation suffered by this trait with the passing of time. Several template update strategies are also studied as possible measures to reduce the impact of aging on the system’s performance. Different results regarding the way in which signatures tend to change with time, and their most and least stable features, are also given.

The DooDB Graphical Password Database: Data Analysis and Benchmark Results

We present DooDB, a doodle database containing data from 100 users captured with a touch screen-enabled mobile device under realistic conditions following a systematic protocol. The database contains two corpora: 1) doodles and 2) pseudo-signatures, which are simplified finger-drawn versions of the handwritten signature. The dataset includes genuine samples and forgeries, produced under worst-case conditions, where attackers have visual access to the drawing process. Statistical and qualitative analyzes of the data are presented, comparing doodles and pseudo-signatures to handwritten signatures. Time variability, learning curves, and discriminative power of different features are also studied. Verification performance against forgeries is analyzed using state-of-the-art algorithms and benchmark results are provided.

On the Applicability of Off-Line Signatures to the Fuzzy Vault Construction

In the present contribution, the applicability of off-line handwritten signatures to the fuzzy vault construction is studied. Feature extraction is based on quantized maxima and minima from upper and lower envelopes of the signature. Baseline results are reported for skilled and random forgeries of the MCYT off-line signature database, showing that the proposed scheme is suitable for signers with good separability between genuine signatures and skilled forgeries.