Signature Verification Using Critical Segments for Securing Mobile Transactions

The explosive usage of mobile devices enables conducting electronic transactions involving direct signature on such devices. Thus, user signature verification becomes critical to ensure the success deployment of online transactions such as approving legal documents and authenticating financial transactions. Existing approaches mainly focus on user verification targeting the unlocking of mobile devices or performing continuous verification based on a user's behavioral traits. Few studies provide efficient real-time user signature verification. In this work, we propose a critical segment based online signature verification system to secure mobile transactions on multi-touch mobile devices. Our system identifies and exploits the segments which remain invariant within a user's signature to capture the intrinsic signing behavior embedded in each user's signature. Our system extracts useful features from a user's signature that describe both the geometric layout of the signature as well as behavioral and physiological characteristics in the user's signing process. Given the input signatures for user enrollment, our system further designs a quality score to identify the problematic signature sets to achieve robust user signature profile construction. Moreover, we develop the signature normalization and interpolation methods to achieve robust signature verification in the presence of signature geometric distortions caused by different writing sizes, orientations and locations on touch screens. Our experimental evaluation of 25 subjects over six months time period shows that our system is highly accurate in provide signature verification and robust to signature forging attacks.

[1]  D. K. Branstad,et al.  Data Encryption Standard: past and future , 1988, Proc. IEEE.

[2]  Eric R. Ziegel,et al.  The Elements of Statistical Learning , 2003, Technometrics.

[3]  Rui Zhang,et al.  Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[4]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[5]  Gonzalo Bailador,et al.  Analysis of pattern recognition techniques for in-air signature biometrics , 2011, Pattern Recognit..

[6]  Chen Wang,et al.  Critical segment based real-time E-signature for securing mobile transactions , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[7]  Jie Yang,et al.  User Verification Leveraging Gait Recognition for Smartphone Enabled Mobile Healthcare Systems , 2015, IEEE Transactions on Mobile Computing.

[8]  Nasir D. Memon,et al.  Online Signature Verification on Mobile Devices , 2014, IEEE Transactions on Information Forensics and Security.

[9]  R. W. Morris,et al.  The Wilcoxon rank sum test , 1976 .

[10]  Giuseppe Pirlo,et al.  Automatic Signature Verification: The State of the Art , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[11]  Daniel Vogel,et al.  Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes , 2016, MobiSys.

[12]  Xiang-Yang Li,et al.  Continuous user identification via touch and movement behavioral biometrics , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[13]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[14]  Jie Yang,et al.  Smartphone based user verification leveraging gait recognition for mobile healthcare systems , 2013, 2013 IEEE International Conference on Sensing, Communications and Networking (SECON).

[15]  Philip Chan,et al.  Toward accurate dynamic time warping in linear time and space , 2007, Intell. Data Anal..

[16]  Einar Snekkenes,et al.  Spoof Attacks on Gait Authentication System , 2007, IEEE Transactions on Information Forensics and Security.

[17]  David Meerman Scott,et al.  Go Mobile: Location-Based Marketing, Apps, Mobile Optimized Ad Campaigns, 2D Codes and Other Mobile Strategies to Grow Your Business , 2012 .

[18]  Bernhard Sick,et al.  Online Signature Verification With Support Vector Machines Based on LCSS Kernel Functions , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[19]  Takashi Matsumoto,et al.  Effectiveness of Pen Pressure, Azimuth, and Altitude Features for Online Signature Verification , 2007, ICB.

[20]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[21]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[22]  Ingrid Verbauwhede,et al.  Automatic secure fingerprint verification system based on fuzzy vault scheme , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[23]  Lawrence R. Rabiner,et al.  An adaptive, ordered, graph search technique for dynamic time warping for isolated word recognition , 1982 .

[24]  Rui Zhang,et al.  TouchIn: Sightless two-factor authentication on multi-touch mobile devices , 2014, 2014 IEEE Conference on Communications and Network Security.

[25]  Lin Zhong,et al.  User evaluation of lightweight user authentication with a single tri-axis accelerometer , 2009, Mobile HCI.

[26]  Parikshit Mahalle,et al.  Handwritten Signatures: An Understanding , 2016 .

[27]  Meinard Müller,et al.  Information retrieval for music and motion , 2007 .

[28]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[29]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[30]  Mikko Lindholm,et al.  Identifying people from gait pattern with accelerometers , 2005, SPIE Defense + Commercial Sensing.

[31]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[32]  Steven Furnell,et al.  Authentication of users on mobile telephones - A survey of attitudes and practices , 2005, Comput. Secur..

[33]  Nasir D. Memon,et al.  Quality of online signature templates , 2015, IEEE International Conference on Identity, Security and Behavior Analysis (ISBA 2015).