STUDY OF POSSIBILITY OF ON-PEN MATCHING FOR BIOMETRIC HANDWRITING VERIFICATION

Transcription

1 STUDY OF POSSIBILITY OF ON-PEN MATCHING FOR BIOMETRIC HANDWRITING VERIFICATION Tobias Scheidat, Claus Vielhauer, and Jana Dittmann Faculty of Computer Science, Otto-von-Guericke University Magdeburg, Universitätsplatz 2, Magdeburg, Germany {tobias.scheidat claus.vielhauer ABSTRACT In this article the possibility of a biometric on-pen matching for dynamic handwriting-based user authentication is proposed. The approach is based on a digitizer pen originally designed to sample handwritten notes. In a first step the general ability with respect to recognition accuracy is studied to use the digitizer pen (also de-noted as smart pen) for biometric dynamic handwriting acquisition. The evaluation show that the digitizer pen results in similar outcomes as special online signature tablets regarding the chosen measurement, the equal error rate (EER). The second step considers a conceptional study of embedding an authentication algorithm within smart cards, which could be integrated into the pen hardware, thus allowing for on-card matching. In this second analysis, the focus is to study the feasibility of implementing a reference verification algorithm on-card with respect to its computational complexity. The suggested approach will further allow future authentication scenarios, whereby biometrics, secret knowledge and personal possession can be combined. While the possession aspect is maintained due to the fact that the entire authentication system is integrated in the smart pen and remains in ownership of users, the factor of secret knowledge can be integrated by alternative handwritten contents such as personal identification numbers, generally called semantics. 1. INTRODUCTION AND MOTIVATION The automatic authentication of information and persons is a recent topic in IT security. Currently there are three main methods for automatic user authentication: secret knowledge, personal possession and biometrics. While secret knowledge uses information only known by the authorized person to secure authorization, the personal possession is based on a unique token. A problem of both methods is the fact that the authentication object, knowledge or token, can be lost, theft or taken over to other persons. A solution for this drawback can be provided by biometric user authentication. Here the authentication object is directly linked physically or by behaviour with its owner. Static biometrics are based on a person s body parts (e.g. fingerprint, iris) whereas dynamic biometrics use typical behaviour of a person (e.g. handwriting, speech). A combination of two or more authentication methods or of more than one instance of one method can be used to improve authentication performance and/or security. For example a well known combination of authentication objects is the usage of personal identification number (secret knowledge) and smart card (personal possession) to secure banking activities. Another approach to combine authentication methods, which will be addressed in this paper, is the fusion of possession and biometrics. In related work, Henninger and Franke suggest an on-card matching based on the combination of handwritten signature and smart card, where the reference data are stored on the smart card [1]. The current authentication data is sampled via a sensor device which is connected to the authentication host system. In the next step the biometric information is transferred to the smart card in order to compare reference data and authentication data on the smart card and the decision result is given back to the host system. Using this authentication scheme the reference data never leave the token in possession of its owner. The approaches mentioned above are only a small exemplary selection out of the variety of applications. Contrarily to the approach presented in [1] in this article we suggest a biometric authentication based on integration of the processes of data acquisition, feature extraction and classification on the sensor device, a smart pen, in possession of the user. For our studies we assume that the reference data is stored on the smart pen. One advantage of our method is that reference and authentication data are acquired by the smart pen and will never leave it, solely the authentication result is transferred to the host system. Therefore the study described in this article is parted in two sections: Firstly, we study the possibility to use a digitizer pen for biometric data acquisition which was originally developed to digitize handwritten notes and sketches. Based on sampled dynamic handwriting data, we show that biometric user authentication is feasible for this type of sensor technology. Secondly, we discus the usage of a digitizer pen for on-pen matching based on one reference algorithm, the Biometric Hash method introduced by Vielhauer et al. in [2]. It is assumed that a digitizer pen either provides a microcomputer system for an on-pen matching or that it is possible to integrate additional microcomputer hardware, which can be based on smart card technology. The aim of such on-pen matching is the combination of biometrics and personal possession in order to improve authentication performance and user acceptance. By usage of alternative written content instead of signature (e.g. PIN, password) an additional factor of secret knowledge can be integrated into the described biometric authentication scheme EURASIP 184

2 This paper is structured as follows: In the second section, a general introduction to biometric user authentication and the function of the specific digitizer pen, which has been the focus of our studies, are given. The third section describes the evaluation methodology and database to prove the usability of the smart pen with respect to biometric authentication. To do so, the evaluation results are compared with results determined on commonly used handwriting acquisition hardware for signature verification. The possibility of the application of digitizer pens for on-pen matching is discussed in section four with respect to computational complexity. Finally, the fifth section concludes the article and gives an overview of future work. 2. BIOMETRIC USER AUTHENTICATION General fundamentals of biometric user authentication and a classification scheme for dynamic handwriting acquisition sensors are described in this section, including a short introduction to the smart pen used for these studies. Furthermore the general idea of combining biometrics and personal possession is discussed in the third subsection. 2.1 Fundamentals A biometric system generally operates in two different modes: enrolment and authentication. Before a person can use a biometric system for authentication purposes, he or she has to be registered during the enrolment process. As shown in figure 1, the biometric trait is acquired within an acquisition process and afterwards the feature extraction determines a feature vector which represents the trait within the biometric system. In the next step, the identity of the person is linked to the feature vector which is stored in the system s database as reference data. behavioral/ physiological trait behavioral/ physiological trait enrolment process data acquisition data acquisition feature extraction authentication process feature extraction database matching decision Figure 1 Scheme of enrolment and authentication process result Verification and identification are the two methods for biometric authentication. While verification validates the correctness of a given identity claim by biometric information, identification determines an identity out of a closed group of already registered persons using biometrics. For authentication, the biometric trait is acquired and its feature vector is determined in the same way as during the enrolment process. The matching module compares both, reference data and currently presented authentication data and calculates a similarity value. This matching score is basis for decision whether a person is the one he or she claims to be (verification) or who the person is (identification). 2.2 Sensors for handwriting acquisition A sensor for dynamic handwriting can be based on acquisition functionality which is integrated in the pen, in the writing surface or a hybrid scheme based on both. The pen presented by Plamondon in [3] is an example for a standalone pen, which contains all acquisition components. If a PDA is used as dynamic handwriting acquisition device, its functionality is based only on a pressure sensitive surface. Other devices such as graphical tablets which are developed for computer graphic applications use for example electromagnetic resonance for interaction between special pen and tablet for data acquisition and thus represent hybrid sensors. For the study described in this article, the Logitech io Digital Personal Pen TM (hereafter io pen) was analyzed. Because the io pen needs a special paper for data acquisition it is another hybrid device which bases on both, surface and pen functionality. This combination of digitizer pen and special paper is able to acquire and store the handwriting data autonomously and independently from additional hardware. For post-processing, the data has to be transferred to a host system via cable or wireless connection. Originally, the io pen was developed for collection and transfer of analogue handwriting documents such as notes or sketches into digital data. Complementary to these original design goals, the io pen was examined by us for its ability to be used as biometric acquisition and authentication device. The pen architecture is based on the principle of a ballpoint pen in its appearance and handling with additional sensor for digital handwriting acquisition. Its functionality is based on a special paper printed with a unique grid of points as shown in figure mm 0.1 mm Figure 2 Grid points of special paper The underlying technique of paper and pen was developed by Anoto [4]: A digital camera integrated in the pen head captures a point matrix of 6 x 6. By tiny displacements of the grid points, a determination of pen position is possible and additionally a sensor within the pen determines the pressure during the writing process. The data is processed by an on-pen image processing system, several pages of handwriting can be stored on the pen and transferred to a PC in batch mode. 2.3 Combination of biometrics and possession One advantage of the combination of biometrics and personal possession is that the user keeps the biometric reference data on an own private device, e.g. smart card or even smart pen. For authentication, the user has to present both the device and the biometric trait, whereby the reference data are compared to the current acquired data. A potential attacker would have to steal the token and present a biometric trait in an adequate quality to get positive authentication EURASIP 185

3 One application for this scheme is the protection of data against unauthorized access on USB flash drives or hard disks (e.g. [5]). The data stored on the device is protected by an integrated fingerprint sensor for example. In most cases both the hardware and software used for authentication are integrated within the devices, thus the authentication of the user is carried out independently from any host system and its operating system to which the USB hardware is attached. The biometric on-pen matching suggested here is based on the idea to realize the authentication on the same device which is used for data acquisition. The reference data remains stored on the io pen and only the authentication result is transferred to the host system. Of course the communication of authentication results between io pen and host system requires additional security mechanisms, e.g. based on crytography, which is not be further elaborated in this paper. In application scenarios where each potential user owns an individual digitizer pen, his/her biometric data will never leave the secure environment of a personal possession neither for enrolment process nor for authentication. In addition with a handwritten content based on secret knowledge (e.g. password) the security can be improved further more. 3. USER AUTHENTICATION USING IO PEN DATA The evaluation database for studying the usability of io pen sensor data for biometric purposes in comparison to a dedicated biometric signature tablet are described in this section, along with our evaluation methodology. Further, the results in terms of EER determined on both handwriting sensors devices are presented and discussed. 3.1 Evaluation database The database is composed of two subsets; one containing data sampled from the io pen and the other one is based on a signature tablet. During the data collection sessions for the database, each of these samples has been recorded simultaneously on both sensors by using the io pen for writing on the pressure sensitive signature tablet (multiple-sensor scenario). Due to different technical characteristics of the sensors, the resulting signal data representations are different too. Figure 3 presents two offline representation examples based on the io pen (a) and the signature tablet (b). In the figures, the pressure is visualized by line width (wider lines representing higher pressure levels) and as can be seen, the pressure signal provided by the io pen is higher than the one determined from the signature tablet. The sensors pressure sensitivity is also different: While the io pen reaches the maximum pressure after pen down very fast and keeps the level high, the tablet s pressure fluctuates even more during writing process. The maximum pressure level determined within the writing process for the io pen is 126 (at a max. resolution 126) while the maximum pressure measured by the tablet is 97 (max. resolution 255). Another significant difference is the sampling rate, where the pen has a value of approximately 40 points per second and the signature tablet s rate is 400 points per second. For the samples shown in figure 3 the total number of sampled points is 179 for the io pen and 1409 for the signature tablet. (a) (b) Figure 3 Two representations of one handwriting sample: (a) acquired on io pen, (b) acquired on signature tablet Because of the nature of handwriting, it is possible to change the written content, for example by exchanging a compromised content by another one. Such alternative contents are so-called semantics. In dynamic biometric handwriting, the factor of secret knowledge is already integrated as individual behavior of each person during writing process. This means a possible attacker has to copy the visual appearance of writing as well as the behavior of the real owner during writing process. For improvement of security, further secret knowledge can be added by a secret handwriting content such PIN or password. Therefore we use five different semantics in our test scenario: The Signature was chosen as an individual handwritten pattern of a person which is used since hundreds of years for authentication purpose. The given personal identification number (Given PIN) is the predefined sequence of the five digits Contrary to the later, the Secret PIN is a non-given sequence of five digits in order to provide secret knowledge in handwriting content. The semantic Where is the answer to the question Where are you from?, where users were asked to write city of birth or place of residence. The Symbol denotes an individual sketch of users and thus alos contains secret knowledge by appearance of the sketch as well as in the order of the strokes during writing. 3.2 Evaluation algorithm Basis of evaluation is the Biometric Hash algorithm, in the version as recently suggested in [6]. This method uses five discrete signals based on measurements of horizontal and vertical pen position x(t) and y(t), pen tip pressure p(t) and pen azimuth and altitude angles, Θ(t) and Φ(t) respectively, which are taken from the sensor. Using these five signals, the feature extraction module calculates one statistical feature vector for each handwriting sample. For user verification, stored reference vectors are compared to feature vectors calculated from the actual verification signals against some decision threshold value. While the original method suggests a 69-dimensional feature vector, in this evaluation, seven features based on angle signals have been omitted, because they are not supported by the two sensors, thus our feature vector results in 62 dimensions. For more information about the Biometric Hash algorithm the interested reader is referred to the literature (see [2], [6]). 3.3 Evaluation methodology Currently, the initial database contains data of 15 test subjects, where every donor has given 10 samples of each of the five semantics simultaneously on both sensors. For each person and each semantic, 5 samples were used to build the reference data. The verification was carried out based on the comparison of a user s reference and the remaining 5 samples. For random forgery tests, the references of each of the 2007 EURASIP 186

4 15 users were compared against all verification samples of all other users. In order to compare the authentication performances based on the two sensors data sets, biometric error rates are used. While the false non match rate (FNMR) is determined as ratio between rejected authorized users and entire number of authentication attempts, the false match rate (FMR) is the ratio of the accepted non-authorized users to the total number of attempts. The value where both error rates, FNMR and FMR, are identical, is the so-called equal error rate (EER). In biometric research the EER is a commonly used, straightforward measure to compare the authentication performance of different systems or algorithms, we thus refer to EER in our further comparison of the sensors. 3.4 Test results Table 1 shows the results of the evaluation parted by the EERs for io pen and signature tablet for each semantic class. The best value of each semantic is printed in bold. As can be seen from the table, no sensor seems to lead to significantly better error rates than the other one for all five semantics: While for semantic Signature, the io pen determines an EER of , the EER calculated for signature tablet amounts a better value of Also for Given PIN, the tablet results in better EER (0.1378) than the io pen (0.1678). For the remaining semantics, the verification algorithm determines the better results on the data acquired by io pen. The best overall EER is calculated for semantic Symbol acquired on the io pen (0.0286). The lowest ERR for the signature tablet (0.0354) is determined on the Signature data set. Table 1 EERs determined by single sensors and semantics Single sensors Semantics EER io pen EER signure tablet Signature Given PIN Secret PIN Where Symbol The difference between semantics Given PIN and Secret PIN is the fact, that Given PIN is identical for all users while for Secret PIN, the digits themselves and the order of digits are user specific. Thus, the discriminatory power in case of Given PIN is only based on the individual way of writing of each user, whereas the discriminatory power of Secret PIN is additionally influenced by the chosen digits and their order. Table 1 shows that this additional information leads to a better result for both, io pen and signature tablet (see rows Given PIN and Secret PIN): The EERs of Secret PIN are significantly smaller than ERRs of Given PIN. The overall results discussed in this subsection and presented in table 1, indicate that the concept of using an io pen based handwriting sensor, originally designed to digitize handwritten notes, for biometric verification purposes appears feasible with respect to the recognition accuracy. The authentication performance of the io pen is similar or even better than those of the signature tablet which was especially developed for biometric applications for the reference algorithm used in our experiments. 4. ON-PEN MATCHING After the first step, which has shown that data obtained from io pen can be used for biometric authentication, this section discusses the integration potential of the Biometric Hash verification algorithm within the io pen in order to carry out the verification process on the device and without any help of external systems. Lacking any detailed technical information of the io pen's hardware components, this first analysis based on a similar small computational device - a smart card. In order to study the ability to integrate the Biometric Hash algorithm within a smart card, a comparison of complexity is carried out. As comparative algorithm, an established method implemented on smart cards was selected, the RSA key (1024 bits) generation algorithm. Knowing that this algorithm can be executed on smart cards with a specified runtime, our goal is to estimate the expected runtime for a biometric verification process by comparison of complexity of both algorithms. The complexity measure used for our study is the cyclomatic complexity introduced by McCabe in [7], to measure the complexity of a software module. Based on this measurement, the complexity of both the Biometric Hash algorithm and the RSA key generation method are determined. In our studies, we assume that it is feasible to integrate the Biometric Hash algorithm into a smart card environment if its complexity (significantly) smaller than the complexity of RSA key generation method. The cyclomatic complexity M is determined by measuring the number of linearly independent paths through the source code. It is based on a graph where the instructions of the underlying source code are represented as nodes. If one instruction can be executed immediately after another one, the corresponding nodes of these two instructions are connected by an edge. Based on the graph, the cyclomatic complexity M, can be calculated depending on the number of connected components p. The general case of an arbitrary p is given by the following equation: M 1 (G) = e n + 2p. (1) Within the graph, the number of edges is denoted by e and n is the number of nodes. In the event that p is equal to one, the complexity can be determined by equation (2): M 2 (G) = 1 + b, (2) where b is the total number of conditions and loops (e.g. IF, WHILE, FOR). Based on an IF condition, figure 4 shows an example for the determination of cyclomatic complexities M 1 and M 2, using equations (1) and (2) respectively. The complexity determination of the Biometric Hash algorithm included the algorithms for the three process steps: feature extraction, feature post-processing and matching. In our study, for the Biometric Hash a cyclomatic complexity of approximately 500 was determined, whereas the complexity of a RSA key generation algorithm amounts approximately to Regarding the fact that the complexity is 9 times smaller for the Biometric Hash than for RSA key generation, 2007 EURASIP 187

5 the integration of the handwriting algorithm seems to be possible. Based on these results and the information that the generation of a 1024 bit RSA key will require 2.5 seconds processing time on a exemplary smart card (ST19WK08 [8]), a runtime of approximately 0.3 seconds can be estimated for a verification using the Biometric Hash method. true IF false M 1(G) = e n + 2p M 1(G) = M 1(G) = 2 M 2(G) = 1 + b M 2(G) = M 2(G) = 2 Figure 4 Example for cyclomatic complexity determination 5. CONCLUSIONS AND FUTURE WORK In this paper, a method was proposed to combine biometrics, personal possession and secret knowledge for user authentication purposes, based on the scheme of on-card matching adopted to a smart pen scenario. A digitizer pen was chosen, which was originally developed to digitize handwritten notes and sketches. The data sampled by this pen were used for simulation of biometric verification processes and the results were compared to those determined from data sampled by a special biometric signature tablet using a reference verification algorithm: Biometric Hash. In order to add the factor of secret knowledge, the usage of alternative handwritten contents in addition to signature was suggested. In our first experiments, we observe an EER of for the traditional handwriting semantic Signature by the smart pen. This result is slightly worse than those, obtained by a dedicated signature tablet where, using the same algorithm, the EER yields for signatures. However, for all semantics based on secret knowledge (Secret PIN, Where and Symbol), the io pen based data sets deliver better results compared to the signature tablet. The best verification result was determined on io pen s semantic Symbol with an EER of as compared to for the dedicated signature tablet. These results generally encourage the use of the io pen as biometric handwriting sensor. Further, a conceptional analysis was carried out to study the potential for integration of the reference verification algorithm from our evaluation within the pen hardware. Because of lacking of detailed information about the on-pen computer system, a similar small computer device was chosen for our study: the smart card. Based on the encouraging verification results, a comparative consideration of the complexity of our reference handwriting verification algorithm (Biometric Hash) and a typical method integrated on smart cards (RSA key generation for 1024 bits key length) was carried out. Outcomes of this theoretical comparison are encouraging because the cyclomatic complexity introduced by McCabe in [7] calculated for the Biometric Hash algorithm was 9 times smaller than the complexity of the RSA key generation process. Of course besides a practical implementation of our concept, one important point of future work is to acquire biometric data of additional users to check the results on a more representative database. Particularly, the significance of the differences between the results determined by the two different sensors should be studied in more detail. While in this paper, we have concentrated on on-pen verification, other points of interest in our future work will be design approaches for the on-pen enrollment. Further, the potential of data fusion obtained by io pen and signature tablet, which may be acquired at the same time during the data acquisition, will be studied in our future work. This may allow for increased recognition accuracy and two peer authentication. 6. ACKNOWLEDGEMENTS The work described in this paper has been supported in part by the European Commission through the IST Programme under Contract IST BIOSECURE. The content of this publication is the sole responsibility of the University Magdeburg and their co-authors and can in no way be taken to reflect the views of the European Union. We thank the COST 2101 Action "Biometrics for Identity Documents and Smart Cards" to support the Eusipco 2007 Special Session "Multimodal Biometrics and Smart Cards". We would particularly like to thank Maik Schott for implementation of the interface between io pen and our handwriting acquisition tool and for determination of the cyclomatic complexities. REFERENCES [1] O. Henniger and K. Franke, Biometric User Authentication on Smart Cards by Means of Handwritten Signatures, in Biometric Authentication, First International Conference, ICBA 2004, Hong Kong, China, Proceedings. Lecture Notes in Computer Science Vol Springer, pp , 2004 [2] C. Vielhauer, R. Steinmetz, and A. Mayerhöfer, Biometric Hash based on Statistical Features of Online Signatures, in Proc. of the IEEE International Conference on Pattern Recognition (ICPR), Quebec City, Canada, Vol. 1, pp , [3] R. Plamondon, Apparatus and Method for Digitizing and Segmenting a Handwriting Movement based on Curvilinear and Angular Velocities, United States Patent, No. 5,077,802, Dec. 31, 1991 [4] Anoto, [5] SanDisk, [6] C. Vielhauer, Biometric User Authentication for IT Security: From Fundamentals to Handwriting, Springer, New York, [7] T.J. McCabe, A complexity measurement, IEEE Transactions on Software Engineering, vol. 2, , [8] STMicroelectronics, literature/bd/10357/st19wk08.pdf 2007 EURASIP 188