A bio-cryptographic system based on offline signature images

In bio-cryptography, biometric traits are replacing traditional passwords for secure exchange of cryptographic keys. The Fuzzy Vault (FV) scheme has been successfully employed to design bio-cryptographic systems as it can absorb a wide range of variation in biometric traits. Despite the intensity of research on FV based on physiological traits like fingerprints, iris, and face, there is no conclusive research on behavioral traits such as off-line handwritten signature images, that have high inter-personal similarity and intra-personal variability. In this paper, a FV system based on the offline signature images is proposed. A two-step boosting feature selection (BFS) technique is proposed for selecting a compact and discriminant user-specific feature representation from a large number of feature extractions. The first step seeks dimensionality reduction through learning a population based representation, that discriminates between different users in the population. The second step filters this representation to produce a compact user-based representation that discriminates the specific user from the population. This last representation is used to generate the FV locking/unlocking points. Representation variability is modeled by employing the BFS in a dissimilarity representation space, and it is considered for matching the unlocking and locking points during FV decoding. Proof of concept simulations involving 72,000 signature matchings (corresponding to both genuine and forged query signatures from the Brazilian Signature Database) have shown FV recognition accuracy of about 97% and system entropy of about 45-bits. The concept of bio-cryptography for enhanced security exploits the benefits of biometrics and cryptography in a single construction, while alleviating their vulnerabilities. Biometric systems authenticate users based on their physiological traits like fingerprints, iris, and face, or behavioral traits like voice, gait, and handwritings [17]. Although they guarantee user authenticity, biometric systems are vulnerable to a wide range of attacks such as: vulnerability of biometrics databases, irrevocability of compromised traits and overriding the classifier decision [40]. On the other hand, cryptographic schemes like encryption and digital signature facilitate confidentiality and integrity of information, but they do not guarantee user authenticity. Known as the key management problem, cryptography keys are vulnerable to theft when secured by weak passwords or when stored as plain tokens [24]. Bio-cryptography has been mainly introduced to alleviate the key management problem in cryptography by using bio-metric traits to secure the private keys [39]. However, it can also be considered as a counter measure against aforementioned attacks on biometric systems. Bio-cryptographic systems provide template protection as no explicit …