Private key generation from on-line handwritten signatures

n recent years, public key infrastructure (PKI) has emerged as co-existent with the increasing demand for digital security. A digital signature is created using existing public key cryptography technology. This technology will permit commercial transactions to be carried out across insecure networks without fear of tampering or forgery. The relative strength of digital signatures relies on the access control over the individual’s private key. The private key storage, which is usually password-protected, has long been a weak link in the security chain. In this paper, we describe a novel and feasible system ± BioPKI cryptosystem ± that dynamically generates private keys from users’ on-line handwritten signatures. The BioPKI cryptosystem eliminates the need of private key storage. The system is secure, reliable, convenient and non-invasive. In addition, it ensures non-repudiation to be addressed on the maker of the transaction instead of the computer where the transaction occurs. the private key relies on the difficulty of factoring a large prime number (typically 1,024 bits). But as it comes to the private key storage, the security strength drastically reduces to a six-to-eight-character password. human being cannot endure memorizing many passwords over a long time. He may use the same passwords for his e-mail account, network logon, on-line banking, office access PIN etc. He may write down the passwords on a piece of paper, which could be peeped at. He may choose his alias or date of birth as passwords, which could be guessed by someone close to him. The above highlights that using passwords is an unsure means for authentication. A person authenticated to the access of a private key only means that he has the knowledge of the password but does not necessarily mean that he is the right person. True authentication can only be achieved through biometrics. What is biometrics? Biometrics refers to the automated identification of a person based on his/her physiological or behavioral characteristics. This method of identification is preferred over traditional methods involving passwords and PIN numbers. Biometrics describes a person’s unique physical or behavioral characteristics. Physical characteristics include fingerprint, palm geometry, retina and iris, etc. Behavioral characteristics include handwritten signature, keystroke pattern, and voice, etc. Owing to these unique-to-person features, biometrics is the only way to identify a person with sufficient legal background. Biometrics complementing PKI Biometrics, an advanced authentication means, is enjoying a renewed interest in industry security applications. It gained its momentum since the 11 September event, which alerts the importance of authenticating a passenger’s true identity before boarding a plane. The two emerging technologies, biometrics and public key infrastructure, can well complement each other in many security applications. Currently researchers are actively looking into ways of combining the two technologies. Notion of biometric signature The notion of biometric signature was first seen in Pawan and Siyal’s (2001) paper. They define the biometric signature as a process to derive a private key from a biometric sample and use the private key to sign an e-document. The advantages of this approach are obvious. As a unique private key can be dynamically generated from one’s biometric sample, no storage of private keys is required. This eliminates the problem of vulnerability of private key storage, which resolves the key management issue. The dynamically generated private key provides great convenience in signing documents as one can sign documents anytime anywhere without having to carry a disk or smart card. Difficulties in implementation The implementation of biometric signature in application comprises two parts: 1 highly consistent biometric sample data are obtained; and 2 a private key is derived from the sample data. The difficulty for the first part is that all the bits in the biometric sample should be `̀ exactly’’ correct. Pawan and Siyal’s paper only addresses the second part. They give a conceptual example of iris biometrics and presume that a 512-byte iris sample has been obtained without a single bit error. Based on the sample, a private key can be derived following some well-established public key algorithms, e.g. RSA or DSA. However, when one’s iris image is captured, it is extremely unlikely that every bit in the 512-byte sample is `̀ correct’’. If it is, then it is most likely an attack. This paper fills the gap in the first part. We propose a low-cost, reliable and feasible solution based on on-line signatures, a common form of behavioral biometrics. A feasible implementation The implementation is based on handwritten signature. The handwritten signature can be on-line or off-line depending on how the signature is obtained. An off-line signature is obtained by scanning a signature on paper and its features are static. This scanned image should ideally be watermarked. In contrast, an on-line signature is obtained by capturing the signing process on a tablet. The dynamic features obtained include speed, pressure, pen angles, etc., which are difficult to forge. In this paper, we only explore the on-line signatures. What is the BioPKI cryptosystem? We propose the BioPKI cryptosystem as the solution that demonstrates a novel way to merge the two technologies, biometrics and public key infrastructure (PKI). Figure 1 shows a block diagram of the proposed BioPKI cryptosystem. [ 160] Hao Feng and Chan Choong Wah Private key generation from on-line handwritten signatures Information Management & Computer Security 10/4 [2002] 159±164 The cryptosystem consists of three stages: 1 shape matching; 2 feature coding; and 3 private key generation. The shape matching stage examines the shape of a test sample and filters out the random and simple forgeries. The feature coding stage finds a feature code for each of the defined features and concatenates each feature code into a code string. Finally, the private key generation stage takes the code string as the input and generates the individual’s private key. Operation of the system consists of enrollment and verification phases. During the enrollment phase, an individual provides ten sample signatures, from which a template and a pair of keys are derived. The private key is then discarded while the public key is kept. During the verification phase, the person provides a written test sample. After being processed by the three stages, a private key is generated. If the private key matches with the kept public key, the test sample is authentic and the generated private key can be used to digitally sign an e-document. Stage 1: shape matching Shape matching consists of the examination of the static features of a test signature with respect to a reference one, i.e. the template. Only signatures with very similar shapes will proceed to the next stage. It is necessary to filter out some random or simple forgeries in the first place. The static features (i.e. the image) of a reference signature do not reflect anything related to the private key generated later. Hence it can be safely written into the template. In our implementation, we apply dynamic time warping (DTW) (Sankoff and Kruskal, 1983) to shape matching. DTW is to align the shapes of x, y waveforms from a test sample with the reference ones. Figure 2 shows a demonstration of the waveforms before and after DTW. In Figure 2, the top two graphs (a, b) are drawn from the reference data. The middle two graphs (c, d) are from the sample data, while the bottom two graphs (e, f) are from the position-warped sample data. Both x and y are independently warped through DTW. The graphs on the left panel (a, c, e) show signatures in x-y coordinates while the graphs on the right panel (b, d, f) show x, y data along the point serial number. From graphs (b), (d) and (f), one may notice that peaks and valleys of the sample waveforms are shifted to align with those of the reference ones. Some shifts in waveforms have been highlighted in graphs (b), (d) and (f) of Figure 2. Correlation coefficients can be obtained between position-warped x, y data and the reference ones. Low correlation coefficients will result in rejection of the sample. Test results from a database comprising 25 users (750 authentic samples and 250 forgeries) show that 47.2 per cent of the forgeries are rejected at this stage while only 3.4 per cent authentic samples are rejected. Stage 2: feature coding Only `̀ good-quality’’ signatures will proceed to the feature coding stage. In this stage, it will extract values of pre-defined features and code the feature values in decimal format. For each feature, the decimal number is the feature code. All the feature codes will be later concatenated together to form a code string. As one remembers, we need to get a code string with every bit `̀ exactly’’ correct. In our implementation, we first define a scheme of feature coding to achieve this goal. Here we take one of the features, pen-down time, as an example. Figure 3 demonstrates how this could be done. Figure 3(a) shows the histogram for the pen-down time values of 750 authentic samples in our database. Figure 3(b) is a skeleton view of Figure 3(a). In Figure 3(b), three boundaries are defined. The whole boundary includes all possible values for a feature. For pen-down time, the whole boundary is between 0 and infinite. The database boundary includes values collected from the database. The user boundary includes values for a particular user. The user boundary is defined as: User boundary ˆ...T ¡ b£ stdT ;T ‡ b£ stdT † ...1† During enrollment, ten samples will be collected from the user. `̀T’’ is the mean of the ten feature values. `̀ stdT’’ is the standard deviation of those ten values. The user boundary is flexible and its range is adjusted Figure 1 A block diagram of the BioPKI cryptosystem [ 161 ] Hao Feng and Chan Choong Wah Private key generation from on-line handwritten signatures Information Management & Computer Security 10/4 [2002] 159±164