Keywords

11.1 The Definition and the Function of a Signature

A signature is a person’s name or a nickname handwritten by himself or by herself as a proof of intent and identity for the authorship of the contents of a document. Traditionally, the primary function of a signature has been to create a binding in between a person and a record by perpetually attaching a person’s uniquely identifiable handwritten sign as direct evidence that the document that is in part or in whole belongs to that person.

Therefore, the peculiarities of a given signature to fulfill this traditional function are that it should be authentic, unique, unforgeable, undeniable, unalterable, and not reusable and must be created in such a way that it cannot be repudiated.

The determination of the genuineness of the signature has been a problem for centuries. Even today, when a signature drawn by a person’s handwriting with the use of a pen, which in such a case is known as the wet signature, is in question in court, many measures must be taken by the forensic laboratories of law enforcement bodies to determine whether the signature is authentic or not. All the metrics and endeavors related to a wet signature are bundled together under the science of graphology.

In the history of humankind, every century has witnessed some technological advancements like that of the invention of the wheel, a clock, steam engines, electricity, and electrical motors until the twentieth century. All these technological improvements have changed societies and their lifestyles tremendously, however, without much affecting the belonging proving methodologies. The signature, produced as a handwritten wet signature for proof of belonging, has always been around for hundreds of years, that is, until the era of Information and Communication Technologies (ICTs).

The Internet, a direct result of the ICTs, has changed humankind unprecedentedly and thus very much deserved to be defined as a game-changer. Thus, the concept of a traditional handwritten wet signature has witnessed quite a few new forms that are altogether different in structure and generation than the classical one the very first time many centuries after. So, the game both for the production and forensics of signature has changed radically.

11.2 A Brief Literature Review on Digital Signatures

The digital signature is a protocol-level application of an asymmetrical cryptosystem. It is the direct result of a combination of both the hash functions and the asymmetrical encryption. In contrast to a symmetrical cryptosystem, in which there is only one key utilized for both processes of encryption and decryption, there are two separate keys involved for each operation in asymmetrical cryptosystems.

The idea belonged to Merkle [1] and Diffie and Hellman [2]. The methodology put forward by these researchers declared that the keys should be created in pairs and be utilized one by one for the processes of encryption and decryption. Moreover, in mathematical terms, it should be intractable to generate one key from the other. The encryption key which belongs to the receiver is publicly known and thus employed by anybody in the process of sending a message to that specific receiver. That way, the encryption key was renamed as the public key.

On the other hand, the legitimate receiver is the only possessor of the decryption key. Thus, as in the renaming of the encryption key, the decryption key is renamed as the secret key. Today, by this renaming convention, the cryptographic system is designated as the public key cryptography (PKC) and the related hardware and software infrastructure as the public key infrastructure (PKI).

The Institute of Electrical and Electronics Engineers (IEEE) standardized PKC as P1363-2000 [3].

While PKC is one compound of the digital signature, the hash functions are the other. A mathematical hash function of h is given as:

$$ H=h(m) $$
(11.1)

where h is the hash function, m is the variable length message, and H is the fixed length hash value of the message. The hash value for the message can also be termed as the message digest, as the fingerprint, or as the digital fingerprint of the message. The peculiarities of a hash function are as follows: (i) the hash value should be computed in P time for any given message of m; (ii) the hash function should be a one-way function, that is, it must be computationally intractable; and (iii) there should only be one hash value for any given message which means that the hash function should be collision-free.

Secure Hash Algorithms (SHA) have been standardized by the US National Institute for Standards and Technology (NIST), and they produce H values with 160, 256, 384, and 512 bits, respectively [4].

11.2.1 Conventional Digital Signatures

When combined with a hashing function, as mentioned above, one of the marvelous outcomes of asymmetrical cryptosystems is a digital signature. Whether one chooses either the RSA or elliptic curve or ElGamal cryptosystem as the PKC, the digital signature can be created and be added to the document after a couple of steps. The algorithm for digital signature creation is given in Table 11.1.

Table 11.1 An algorithm in pseudocode for the creation of a digital signature
Full size table

Currently, one can obtain a digital signature either by having the asymmetrical keys stored on a flash memory to be utilized through the USB port of a computer or having these keys on a SIM card of a mobile phone, which in that case it is called as the mobile signature. However, each of these technologies heavily underlines a hardware dependency; thus, user reluctance has always been an issue for those systems.

11.2.2 Server Signing

Nevertheless, there is one alternative way of digital signing known as the server signing, which runs with asymmetrical keys that are stored on a networked server, and the digital signature is created by that server whenever there is a demand by the signee.

Server signing is founded upon the EU regulation on “electronic identification and trust services for electronic transactions” known as eIDAS [5]. eIDAS might be considered as one of the underlying framework regulations for server signing standard CEN/TS 41924 [6]. The server signing option frees the users form hardware dependencies. However, it is not free from the complexities of the networking hardware and software.

Although a digital signature thus obtained is mathematically proven to be secure, it is nevertheless not so easy to utilize by the signees, and unfortunately, underlying computing intractabilities are susceptible to quantum computing attacks, which seems to be the new revolutionizing technological breakthrough in the days to come along with IoT.

11.3 The Biometric Signature

Biometric authentication can be done in many ways, such as retina, voice, palm, or fingerprint recognition. Along with these, behavioral biometric verification can be used very effectively. A biometric signature is a behavioral biometric recognition thatcan be done by one’s actual handwriting signature on – say – a tablet computer or on a cell phone using a digital pen (a stylus). Since a very conventional way of handwriting does it, it is of no surprise to find the fast acceptance of biometric signatures by banks, hospitals, companies, and various government departments all throughout the world, hence the ISO’s standard 19794/7, “Biometric data interchange formats-Part 7: Signature/sign time series data” on biometric signatures [7].

The popularity of biometric signatures is continuously increasing. Recently, Páez et al. proposed an architecture for a biometric electronic document identification implemented on blockchain for enhanced security measures [8]. While Delgado-Mohatar discusses blockchain technologies for storing data in biometric templates [9], Tolosana et al. discuss the biometric signature application on smartphones not with a stylus but with an actual finger touch [10]. Moreover, Bibi et al. delineate the offline and online biometric signature verification systems by taxonomical classification models [11].

The biometric signature consists of three steps that are capturing the image, extracting the signature specific features, and comparing the signature with that of the master signature recorded earlier, respectively. After capturing the handwritten signature on a tablet or a mobile phone, 20 different features on each point of the signature (usually a signature consists of 300–350 points depending on how large the signature is) are extracted for signature recognition. Here are the typical features extracted: the normalized x coordinate, the normalized y coordinate, the pressure of the pen, the altitude angle, the azimuth angle, velocity in x coordinate, velocity in y coordinate, the absolute speed, x coordinate acceleration, y coordinate acceleration, absolute acceleration, tangential acceleration, press derivation, sine of the α, cos of the α, the α-angle between the absolute α(t) velocity vector and the x axis, derivation of α angle, sine of the α′(t), cos of the α′(t), and the angle between two adjacent line segments at each coordinate [12,13,14]. Figure 11.1 depicts a captured signature image with point number 0, and Table 11.2 shows the extracted 20 features from point number 0.

Fig. 11.1
figure 1

A captured signature. Arrow shows point0

Full size image
Table 11.2 Extracted 20 features from point number 0
Full size table

Once the extraction of these 20 different features from every 300–350 points of the handwritten biometric signature is done, then this data set (20 × 350 = 7000 specific data item in total) is dynamically compared with the original master handwritten signature data of the user which was obtained earlier. The dynamic comparing process creates a threshold value. Once and if the comparison threshold value is in the acceptance interval, then the biometric signature can be accepted, hence no forgery. Figure 11.2 shows a comparison of a genuine signature against a fraud by selected features.

Fig. 11.2
figure 2

The comparison of genuine and forged signatures by selected features only

Full size image

11.4 The Biometric Signature on a Blockchain

Hardware dependency has always been a significant issue for conventional digital signing. Even though server signing was kind of an answer to that unsettled question, it has not without its networking issues. On the other hand, computational intractability, which provides the security and reliability for all these asymmetrical cryptosystem protocols, is due to our current computational model.

The advancements in the science of physics and engineering make it possible that quantum computing will be in use in a decade or so. If this will be the case, the conventional asymmetrical cryptosystems will be useless. Thus, digital signing methodologies as we know them today will be pushed aside.

While handwritten signing on a touch-sensitive screen like that of a tablet and/or a mobile phone is natural, hence the frequent and rapid acceptance by the industry, the data which is composed of the signee’s signature image should still be kept under tight security. Therefore, all the information reflected as the extracted features from the points of the image must be stored along with the image of the signature itself.

The idea of utilizing the conventional cryptographic protocols to provide security for biometric data is by no means the only alternative due to the issues mentioned above.

What we propose is to have all that biometric information added to a blockchain. With a new hashing algorithm that will be developed as a quantum computing resistant, the blockchain will be one of the safest solutions to come.

As detailed in Sect. 11.3, the biometric info in the form of extracted features from all the points of the signature image provides the base for comparison. However, there must be at least five authentic signature images obtained from the signee to develop the genuine signature base with all extracted features to be kept in a blockchain. Table 11.3 shows the basic model for a blockchain.

Table 11.3 A blockchain entry for a biometric signature genuine base
Full size table

Each block includes extracted features from all points of five genuine signatures along with client, threshold, previous hash, and timestamp info. Table 11.4 indicates the extracted features of the first point of the first signature.

Table 11.4 A blockchain entry for the extracted features of the first point of the first signature
Full size table

All the details of a transaction must also be added to the block. Table 11.5 depicts the transaction details as kept in blockchain. Note that the latitude and longitude info along with the time info also stored in blockchain for the increased reliability of the whole transaction.

Table 11.5 Transaction information on blockchain
Full size table

11.5 Conclusion: The Biometrix Project

The idea of storing the biometric information on blockchain was realized in a project called Biometrix. The issues in signing and the related biometric solutions along with a blockchain implementation outlined above were addressed in the Biometrix project. The detailed information concerning the application of Biometrix can be accessed in GitHub [15].