Cryptographic key generation using handwritten signature
, J. Fierrez-Aguilar
, J. Ortega-Garcia
ATVS-Biometrics Research Lab., Escuela Politecnica Superior,
Universidad Autonoma de Madrid, E-28049 Madrid, Spain
Based on recent works showing the feasibility of key generation using biometrics, we study the application of
handwritten signature to cryptography.
Our signature-based key generation scheme implements the crypto-
graphic construction named fuzzy vault. The use of distinctive signature features suited for the fuzzy vault is
discussed and evaluated. Experimental results are reported, including error rates to unlock the secret data by
using both random and skilled forgeries from the MCYT database.
Biometrics, on-line signature, cryptography, key generation
Cryptography is one of the fundamental building blocks of computer security.
security is conditioned by an authentication step typically based on long pseudo-random keys (of at least 128
bits in symmetric encryption), which are almost impossible to remember. As a result, cryptosystems commonly
rely on user-generated passwords, which are easy to memorize, in order to release the pseudo-random keys.
This fact eases the work of an eventual attacker, remarkably decreasing the overall security of the data being
On the other hand, biometric systems use physiological or behavioral traits such as Fngerprint, face, iris,
speech or handwritten signature to authenticate users.
The use of biometrics enhances both the usability (e.g.,
avoiding the use of multiple passwords) and the security (e.g., non-repudiation) of password-based authentication
systems. Biometric signals are also harder to copy or steal, and cannot be forgotten or lost.
Biometric cryptosystems, or crypto-biometric systems, combine cryptographic security with biometric au-
The integration of biometrics with cryptography can be done broadly at two di±erent levels. In
biometrics-based key release, a biometric matching between an input biometric signal and an enrolled template
is used to release the secret key. In biometrics-based key generation, the biometric signals are monolithically
bounded to the keys.
Within biometrics, automatic signature veriFcation has been an intense research area because of the social and
legal acceptance and widespread use of the written signature as a personal authentication method.
is focused on dynamic signature veriFcation, i.e., the time functions of the dynamic signing process are available
(e.g., position trajectories, or pressure versus time). Di±erent approaches are considered in the literature in order
to extract relevant information from on-line signature data;
they can coarsely be divided into:
approaches, in which a holistic vector representation consisting of global features is derived from the acquired
) function-based approaches, in which time sequences describing local properties