SPAR

Security and Privacy Applied Research Lab

Evaluating the Security of Handwriting Biometrics

Lucas Ballard
Department of Computer Science
Johns Hopkins University

Abstract

Ongoing interest in biometric security has resulted in much work on systems that exploit the individuality of human behavior. In this talk, we study the use of handwritten passphrases in the context of authentication or cryptographic key generation. We demonstrate that accurate generative models for a targeted user's handwriting can be developed based only on captured static (offline) samples combined with pen-stroke dynamics learned from general population statistics. Our work suggests that such automated attacks are nearly as effective as skilled human forgers and hence deserve serious consideration when evaluating the security of systems that use handwriting as a biometric.