Verificaciónn de firma y gráficos manuscritos: Características discriminantes y nuevos escenarios de aplicación biométrica

Tesis doctoral inédita leída en la Escuela Politécnica Superior, Departamento de Tecnología Electrónica y de las Comunicaciones. Fecha de lectura: Febrero 2015The proliferation of handheld devices such as smartphones and tablets brings a new scenario for biometric authentication, and in particular to automatic signature verification. Research on signature verification has been traditionally carried out using signatures acquired on digitizing tablets or Tablet-PCs. This PhD Thesis addresses the problem of user authentication on handled devices using handwritten signatures and graphical passwords based on free-form doodles, as well as the effects of biometric aging on signatures. The Thesis pretends to analyze: (i) which are the effects of mobile conditions on signature and doodle verification, (ii) which are the most distinctive features in mobile conditions, extracted from the pen or fingertip trajectory, (iii) how do different similarity computation (i.e. matching) algorithms behave with signatures and graphical passwords captured on mobile conditions, and (iv) what is the impact of aging on signature features and verification performance. Two novel datasets have been presented in this Thesis. A database containing free-form graphical passwords drawn with the fingertip on a smartphone is described. It is the first publicly available graphical password database to the extent of our knowledge. A dataset containing signatures from users captured over a period 15 months is also presented, aimed towards the study of biometric aging. State-of-the-art local and global matching algorithms are used, namely Hidden Markov Models, Gaussian Mixture Models, Dynamic Time Warping and distance-based classifiers. A large proportion of features presented in the research literature is considered in this Thesis. The experimental contribution of this Thesis is divided in three main topics: signature verification on handheld devices, the effects of aging on signature verification, and free-form graphical password-based authentication. First, regarding signature verification in mobile conditions, we use a database captured both on a handheld device and digitizing tablet in an office-like scenario. We analyze the discriminative power of both global and local features using discriminant analysis and feature selection techniques. The effects of the lack of pen-up trajectories on handheld devices (when the stylus tip is not in contact with the screen) are also studied. We then analyze the effects of biometric aging on the signature trait. Using three different matching algorithms, Hidden Markov Models (HMM), Dynamic Time Warping (DTW), and distance-based classifiers, the impact in verification performance is studied. We also study the effects of aging on individual users and individual signature features. Template update techniques are analyzed as a way of mitigating the negative impact of aging. Regarding graphical passwords, the DooDB graphical password database is first presented. A statistical analysis is performed comparing the database samples (free-form doodles and simplified signatures) with handwritten signatures. The sample variability (inter-user, intra-user and inter-session) is also analyzed, as well as the learning curve for each kind of trait. Benchmark results are also reported using state of the art classifiers. Graphical password verification is afterwards studied using features and matching algorithms from the signature verification state of the art. Feature selection is also performed and the resulting feature sets are analyzed. The main contributions of this work can be summarized as follows. A thorough analysis of individual feature performance has been carried out, both for global and local features and on signatures acquired using pen tablets and handheld devices. We have found which individual features are the most robust and which have very low discriminative potential (pen inclination and pressure among others). It has been found that feature selection increases verification performance dramatically, from example from ERRs (Equal Error Rates) over 30% using all available local features, in the case of handheld devices and skilled forgeries, to rates below 20% after feature selection. We study the impact of the lack of trajectory information when the pen tip is not in contact with the acquisition device surface (which happens when touchscreens are used for signature acquisitions), and we have found that the lack of pen-up trajectories negatively affects verification performance. As an example, the EER for the local system increases from 9.3% to 12.1% against skilled forgeries when pen-up trajectories are not available. We study the effects of biometric aging on signature verification and study a number of ways to compensate the observed performance degradation. It is found that aging does not affect equally all the users in the database and that features related to signature dynamics are more degraded than static features. Comparing the performance using test signatures from the first months with the last months, a variable effect of aging on the EER against random forgeries is observed in the three systems that are evaluated, from 0.0% to 0.5% in the DTW system, from 1.0% to 5.0% in the distance-based system using global features, and from 3.2% to 27.8% in the HMM system. A new graphical password database has been acquired and made publicly available. Verification algorithms for finger-drawn graphical passwords and simplified signatures are compared and feature analysis is performed. We have found that inter-session variability has a highly negative impact on verification performance, but this can be mitigated performing feature selection and applying fusion of different matchers. It has also been found that some feature types are prevalent in the optimal feature vectors and that classifiers have a very different behavior against skilled and random forgeries. An EER of 3.4% and 22.1% against random and skilled forgeries is obtained for free-form doodles, which is a promising performance

Speaker Recognition in Unconstrained Environments

Speaker recognition is applied in smart home devices, interactive voice response systems, call centers, online banking and payment solutions as well as in forensic scenarios. This dissertation is concerned with speaker recognition systems in unconstrained environments. Before this dissertation, research on making better decisions in unconstrained environments was insufficient. Aside from decision making, unconstrained environments imply two other subjects: security and privacy. Within the scope of this dissertation, these research subjects are regarded as both security against short-term replay attacks and privacy preservation within state-of-the-art biometric voice comparators in the light of a potential leak of biometric data. The aforementioned research subjects are united in this dissertation to sustain good decision making processes facing uncertainty from varying signal quality and to strengthen security as well as preserve privacy. Conventionally, biometric comparators are trained to classify between mated and non-mated reference,--,probe pairs under idealistic conditions but are expected to operate well in the real world. However, the more the voice signal quality degrades, the more erroneous decisions are made. The severity of their impact depends on the requirements of a biometric application. In this dissertation, quality estimates are proposed and employed for the purpose of making better decisions on average in a formalized way (quantitative method), while the specifications of decision requirements of a biometric application remain unknown. By using the Bayesian decision framework, the specification of application-depending decision requirements is formalized, outlining operating points: the decision thresholds. The assessed quality conditions combine ambient and biometric noise, both of which occurring in commercial as well as in forensic application scenarios. Dual-use (civil and governmental) technology is investigated. As it seems unfeasible to train systems for every possible signal degradation, a low amount of quality conditions is used. After examining the impact of degrading signal quality on biometric feature extraction, the extraction is assumed ideal in order to conduct a fair benchmark. This dissertation proposes and investigates methods for propagating information about quality to decision making. By employing quality estimates, a biometric system's output (comparison scores) is normalized in order to ensure that each score encodes the least-favorable decision trade-off in its value. Application development is segregated from requirement specification. Furthermore, class discrimination and score calibration performance is improved over all decision requirements for real world applications. In contrast to the ISOIEC 19795-1:2006 standard on biometric performance (error rates), this dissertation is based on biometric inference for probabilistic decision making (subject to prior probabilities and cost terms). This dissertation elaborates on the paradigm shift from requirements by error rates to requirements by beliefs in priors and costs. Binary decision error trade-off plots are proposed, interrelating error rates with prior and cost beliefs, i.e., formalized decision requirements. Verbal tags are introduced to summarize categories of least-favorable decisions: the plot's canvas follows from Bayesian decision theory. Empirical error rates are plotted, encoding categories of decision trade-offs by line styles. Performance is visualized in the latent decision subspace for evaluating empirical performance regarding changes in prior and cost based decision requirements. Security against short-term audio replay attacks (a collage of sound units such as phonemes and syllables) is strengthened. The unit-selection attack is posed by the ASVspoof 2015 challenge (English speech data), representing the most difficult to detect voice presentation attack of this challenge. In this dissertation, unit-selection attacks are created for German speech data, where support vector machine and Gaussian mixture model classifiers are trained to detect collage edges in speech representations based on wavelet and Fourier analyses. Competitive results are reached compared to the challenged submissions. Homomorphic encryption is proposed to preserve the privacy of biometric information in the case of database leakage. In this dissertation, log-likelihood ratio scores, representing biometric evidence objectively, are computed in the latent biometric subspace. Conventional comparators rely on the feature extraction to ideally represent biometric information, latent subspace comparators are trained to find ideal representations of the biometric information in voice reference and probe samples to be compared. Two protocols are proposed for the the two-covariance comparison model, a special case of probabilistic linear discriminant analysis. Log-likelihood ratio scores are computed in the encrypted domain based on encrypted representations of the biometric reference and probe. As a consequence, the biometric information conveyed in voice samples is, in contrast to many existing protection schemes, stored protected and without information loss. The first protocol preserves privacy of end-users, requiring one public/private key pair per biometric application. The latter protocol preserves privacy of end-users and comparator vendors with two key pairs. Comparators estimate the biometric evidence in the latent subspace, such that the subspace model requires data protection as well. In both protocols, log-likelihood ratio based decision making meets the requirements of the ISOIEC 24745:2011 biometric information protection standard in terms of unlinkability, irreversibility, and renewability properties of the protected voice data

JURI SAYS:An Automatic Judgement Prediction System for the European Court of Human Rights

In this paper we present the web platform JURI SAYS that automatically predicts decisions of the European Court of Human Rights based on communicated cases, which are published by the court early in the proceedings and are often available many years before the final decision is made. Our system therefore predicts future judgements of the court. The platform is available at jurisays.com and shows the predictions compared to the actual decisions of the court. It is automatically updated every month by including the prediction for the new cases. Additionally, the system highlights the sentences and paragraphs that are most important for the prediction (i.e. violation vs. no violation of human rights)

Minding the Gap: Computing Ethics and the Political Economy of Big Tech

In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology

Data Protection with Ethereum Blockchain

Blockchain technology has been one of the most promising technologies of the past decade, with Ethereum and Bitcoin being the two most popular Blockchains today. Both do not provide data protection and privacy by default. The former allows for Decentralized Applications (DApps) to be built, with zero chance of downtime or censorship and is the main focus of this dissertation. The European Union approved a law in 2016, the General Data Protection Regulation (GDPR), with severe penalties being enforced since May 25th, 2018. It is considered a massive step toward protecting user data. Not only does it affect companies with offices in the EU, but also organizations throughout the world that have users from EU territories. Further, it stipulates key obligations for organizations handling user data, in addition to introducing new rights to individuals, such as the right to erasure. This represents a major challenge towards achieving GDPR compliance in DApps, as Blockchains such as Ethereum, are immutable by design. This dissertation’s work attempts to comply with the GDPR and its conflicting right to erasure, by developing an Ethereum proof-of-concept DApp: DFiles, which also aims to provide some form of data privacy and protection. It also allows its users to upload encrypted files in addition to their download and decryption. It was developed using an Agile methodology in an iterative approach with mainly decentralized technologies, such as the Interplanetary File System (IPFS) and Ethereum smart contracts, with a centralized component for user authentication, while adhering to Blockchain Software Engineering. Due to the GDPR’s complexity, some parts were selected, namely the rights to erasure, data portability, access and rectification. DFiles GDPR compliance was then evaluated with a statistical analysis on user encrypted and unencrypted uploaded files in the DApp, with its elapsed upload times and Ethereum transaction costs measured for files separated into four categories: small (1KB-1MB), medium (1MB-20MB), large (20MB-200MB) and extra-large (200MB-2GB). However, due to hardware limitations, this statistical analysis could only be performed for files up to 14.2MB. It concluded that transaction costs for unencrypted files are slightly higher, although this increase is not significant. As for elapsed upload times, it found that the elapsed upload time in encrypted files was overall significantly higher. Data from files larger than 14.2MB was still recorded which determined that the last two elapsed upload times for unencrypted files up to 800MB, are less than the last two upload elapsed times for encrypted ones up to 14.2MB. In conclusion, encrypting files to comply with the General Data Protection Regulation’s right to erasure is a valuable option only for small to medium files up to 14.2MB. From there, without considering hardware encryption limitations, upload times tend to grow exponentially. Ethereum and the IPFS must advance to allow better privacy techniques. Recently, there have been major new improvements to Ethereum and its smart contracts; the world of DApp development is always changing at a fast rate. In the future, Ethereum might evolve to a newer version which may bring new and enhanced privacy controls which may allow its complete GDPR compliance.A tecnologia de Blockchain tem sido uma das mais promisoras da última década, com Ethereum e Bitcoin como as duas Blockchains mais conhecidas atualmente, em que ambas têm o problema de não fornecer, por defeito, a proteção de dados e a sua consequente privacidade. O Ethereum, o principal foco desta dissertação, permite desenvolver Aplicações Descentralizadas (DApps) com a impossibilidade de estarem offline ou serem alvos de censura. A União Europeia (EU) aprovou o Regulamento Geral sobre a Proteção de Dados (RGPD) em 2016, com penalizações apenas a serem aplicadas no dia 25 de Maio de 2018. Este regulamento é considerado um passo gigante para proteger a informação e os dados dos utilizadores, visto que este não afeta apenas organizações com escritórios na EU, mas também empresas no mundo todo que tenham clientes em territórios da União Europeia. Além disto, o regulamento estipula novas obrigações para organizações que manuseiam dados dos seus utilizadores, além de introduzir novos direitos para os mesmos, como o direito de apagamento dos dados. Este direito representa um desafio enorme para conseguir cumprir estritamente com o RGPD nas DApps, visto que as Blockchains como o Ethereum são, no seu design, imutáveis. O trabalho desenvolvido nesta dissertação tenta cumprir com o RGPD e o seu direito problemático ao apagamento dos, ao desenvolver uma prova de conceito, uma DApp em Ethereum: DFiles, em que esta visa fornecer alguma maneira de proteger os dados dos seus utilizadores e também a sua privacidade. Além disto, também permite que os seus utilizadores submetam ficheiros encriptados além de os conseguirem desencriptar quando o seu download é efetuado. Foi também desenvolvida com uma metodologia Agile, com uma abordagem por iterações usando na maioria tecnologias descentralizadas, como por exemplo o Interplanetary File System (IPFS) e os contratos inteligentes do Ethereum, contando também com uma componente centralizada para efeitos de autenticação de utilizadores, ao mesmo tempo que adere à Engenharia de Desenvolvimento de Software para Blockchain (BOSE). Devido à complexidade do RGPD, apenas alguns dos seus aspetos foram selecionados para a sua implementação no DFiles como os direitos de apagamento dos dados, portabilidade, acesso e retificação. O cumprimento do RGPD na DFiles DApp foi avaliado com recurso a uma análise estatística nos ficheiros encriptados e não encriptados submetidos pelos seus utilizadores, em que foram medidos o tempo gasto no seu upload e o custo total de transação em Ethereum, em ficheiros de quatro categorias diferentes: pequenos (1KB-1MB), médios (1MB-20MB), grandes (20MB-200MB) e muito grandes (200MB-2GB). No entanto, por limitações de hardware, esta análise estatística apenas foi feita para ficheiros até 14.2MB de tamanho. Pode ser concluído que os custos de transação para ficheiros não encriptados são ligeiramente superiores, apesar deste aumento não ser significativo. Além disto, esta análise também concluiu que o tempo gasto nos ficheiros encriptados é substancialmente maior. Os dados dos ficheiros com tamanho superior a 14.2MB foram também registados. Ao compararmos os últimos dois registos dos ficheiros desencriptados, até 800MB de tamanho, concluímos que o seu tempo gasto é inferior aos útlimos dois registos para ficheiros encriptados até 14.2MB de tamanho. Finalmente, pode-se concluir que encriptar ficheiros para cumprir com o direito ao apagamento de dados do RGPD é uma possível abordagem apenas para ficheiros pequenos e médios até 14.2MB de tamanho. A partir desta fase, e sem considerar limitações de hardware, os tempos gastos para upload de ficheiros encriptados tendem a aumentar exponencialmente. Assim sendo, o Ethereum e o IPFS têm obrigatoriamente que melhorar a sua tecnologia num futuro próximo para permitir novas e melhores técnicas de privacidade dos dados. Recentemente, têm existido melhoramentos significativos no Ethereum e os seus contratos inteligentes que fazem com que o mundo do desenvolvimento de DApps se faça a um ritmo muito elevado. No futuro, o Ethereum poderá evoluir numa nova versão que poderá também trazer novos melhoramentos e controlos de privacidade que poderão permitir o cumprimento na totalidade do RGPD

Insiders\u27 Guide to the Student Academic Conference: 11th Annual SAC

Minnesota State University Moorhead Student Academic Conference abstract book