Evaluating the Security of Handwriting Biometrics

Ongoing interest in biometric security has resulted in much work on systems that exploit the individuality of human behavior. In this paper, we study the use of handwritten passphrases in the context of authentication or cryptographic key generation. We demonstrate that accurate generative models for a targeted user's handwriting can be developed based only on captured static (offline) samples combined with pen-stroke dynamics learned from general population statistics. Our work suggests that such automated attacks are nearly as effective as skilled human forgers and hence deserve serious consideration when evaluating the security of systems that use handwriting as a biometric.

[1]  Yuan Yan Tang,et al.  Recovery of writing sequence of static images of handwriting using UWM , 2003, Seventh International Conference on Document Analysis and Recognition, 2003. Proceedings..

[2]  Angelo Chianese,et al.  Recovering dynamic information from static handwriting , 1993, Pattern Recognit..

[3]  Isabelle Guyon,et al.  Handwriting Synthesis From Handwritten Glyphs , 1996 .

[4]  Anil K. Jain,et al.  On-line signature verification, , 2002, Pattern Recognit..

[5]  Michael Fairhurst,et al.  Signature verification revisited: promoting practical exploitation of biometric technology , 1997 .

[6]  Hao Feng,et al.  Private key generation from on-line handwritten signatures , 2002, Inf. Manag. Comput. Secur..

[7]  Andrew Beng Jin Teoh,et al.  Cryptographic keys from dynamic hand-signatures with biometric secrecy preservation and replaceability , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[8]  Daniel P. Lopresti,et al.  Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing , 2006, USENIX Security Symposium.

[9]  Ralf Steinmetz,et al.  Handwriting: Feature Correlation Analysis for Biometric Hashes , 2004, EURASIP J. Adv. Signal Process..

[10]  Daniel P. Lopresti,et al.  Toward Speech-Generated Cryptographic Keys on Resource-Constrained Devices , 2002, USENIX Security Symposium.

[11]  Stephen J. Elliott Development of a biometric testing protocol for dynamic signature verification , 2002, 7th International Conference on Control, Automation, Robotics and Vision, 2002. ICARCV 2002..

[12]  Daniel P. Lopresti,et al.  The Effectiveness of Generative Attacks on an Online Handwriting Biometric , 2005, AVBPA.

[13]  Ralf Steinmetz,et al.  Biometric hash based on statistical features of online signatures , 2002, Object recognition supported by user interaction for service robots.

[14]  Hong Chang,et al.  SVC2004: First International Signature Verification Competition , 2004, ICBA.

[15]  Azriel Rosenfeld,et al.  Recovery of temporal information from static images of handwriting , 2005, International Journal of Computer Vision.

[16]  Claus Vielhauer,et al.  A test tool to support brute-force online and offline signature forgery tests on mobile devices , 2003, 2003 International Conference on Multimedia and Expo. ICME '03. Proceedings (Cat. No.03TH8698).

[17]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[18]  Horst Bunke Template-based Synthetic Handwriting Generation for the Training of Recognition Systems , 2005 .

[19]  Christian Viard-Gaudin,et al.  From Off-line to On-line Handwriting Recognition , 2004 .

[20]  Geoffrey E. Hinton,et al.  Inferring Motor Programs from Images of Handwritten Digits , 2005, NIPS.

[21]  Réjean Plamondon A delta-lognormal model for handwriting generation , 1995 .