A Hybrid Cryptographic and Biometric Framework for Real-Time Signer  Verification in Digital Signing Systems

Farah Yulianti

doi:10.46799/ijssr.v6i4.1372

Authors

Farah Yulianti President University, Indonesia

DOI:

https://doi.org/10.46799/ijssr.v6i4.1372

Keywords:

Digital document signing, Public Key Infrastructure (PKI), One-Time Password (OTP)

Abstract

Digital document signing systems are widely adopted to support legally binding electronic transactions by ensuring practicality, integrity, authenticity, and non-repudiation in electronic workflows. Current digital signing platforms rely on public key Infrastructure (PKI) combined with secondary verification mechanisms such as one-time password (OTP) delivered via email, SMS, or messaging applications to strengthen signer authentication. While OTP mechanisms provides additional account level security, they primarily verify control over a communication channel and do not guarantee the individual performing the signing action is physically present or intentional participation of the signer at the time of document execution. This limitation creates potential vulnerabilities in cases of communication channel compromise. This paper investigated the security limitations of OTP based signer verification in digital signing environments and proposes a hybrid framework that integrates cryptographic signatures, OTP verification, and gesture-based facial liveness detection. The objective is to bind the signing action to real-time human presence while preserving the integrity guarantees of PKI. The results indicate that while OTP only verification maintains high usability, it is vulnerable under simulated channel-compromise conditions. Biometric liveness detection reduces presentation attack success, and the hybrid configuration demonstrates improved resistance to unauthorized signing compared with OTP only verification. These findings suggest that integrating lightweight biometric liveness detection into digital signing workflows can enhance identity assurance without replacing existing PKI infrastructure. This paper contributes to the discussion on strengthening signer legitimacy in electronic document execution through multi-layer identity verification.

References

Bartlomiejczyk, M. (2024). Analysis of attacks on SMS OTP-based authentication. CORE.George, A., & Marcel, S. (2025). Deep learning models for robust facial liveness detection. arXiv.Hassan, M., & Alqahtani, A. (2025). Digital signatures and their legal significance. Edelweiss Applied Science and Technology, 9(1), 52–64.Jarecki, S., Jubur, M., Krawczyk, H., Saxena, N., & Shirvanian, M. (2021). Two-factor password-authenticated key exchange with end-to-end security. ACM Transactions on Privacy and Security (TOPS), 24(3), 1–37. https://doi.org/10.1145/3446807Khairnar, S., Gite, S., Kotecha, K., & Thepade, S. D. (2023). Face liveness detection using artificial intelligence techniques: Asystematic literature review and future directions. Big Data and Cognitive Computing, 7(1), 37. https://doi.org/10.3390/bdcc7010037Kirvan, G., Reese, A., & Lumburovska, M. (2025). One time password (OTP) solution for two factor authentication. Journal ofComputer Science and Security Practices.Lei, Z., Nan, Y., Fratantonio, Y., & Bianchi, A. (2021). On the insecurity of SMS one-time password messages against local attackers in modern mobile devices. Network and Distributed Systems Security (NDSS) Symposium 2021. https://doi.org/10.14722/ndss.2021.24078Li, J., Zhang, Y., & Chen, X. (2025). A high-performance adaptive fusion network for face anti-spoofing detection. Scientific Reports, 15. https://doi.org/10.1038/s41598-025-21461-0Maulana, F., Hendra, Y.,Sakinah, P., Eirlangga, Y. S., & Ayun, A. Q. (2025). Efektivitas dan kelemahan autentikasi berbasis web menggunakan one-time password (OTP) dalam mencegah akses tidak sah. Informatika Journal.Reynolds, J., Samarin, N., Barnes, J., Judd, T., Mason, J., Bailey, M., & Egelman, S. (2020). Empirical measurement of systemic 2FA usability. 29th USENIX Security Symposium (USENIX Security 20), 127–143.Sharma, D. (2023). A survey on face presentation attack detection mechanisms. Sensors.Singh, R., & Kumar, P. (2025). OTP security in wallet systems: A vulnerability assessment. International Journal of Innovative Research in Science and Society, 5(3), 45–56.Subagja, B. (2025). Minimizing face spoofing attacks with liveness detection. Pertanika Journal.Technology, N. I. of S. and. (2023). Digital Signature Standard (DSS) (FIPS PUB 186-5). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.186-5Tullis, C. (2024). Public Key Infrastructure: Implementing High-Trust Electronic Signatures. In World Bank Digital Transformation White Paper Series. World Bank.

Tullis, C., Constantine, N., & Cooper, A. (2024). Electronic Signatures: Enabling Trusted Digital Transformation. In World Bank Digital Transformation White Paper Series. World Bank.Yu, Z., Qin, Y., Li, X., Zhao, C., Lei, Z., & Zhao, G. (2022). Deep learning for face anti-spoofing: A survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(5), 5609–5631. https://doi.org/10.1109/TPAMI.2022.3189326Zhao, S. (2023). Security Vulnerabilities of Popular Multifactor Authentication Methods and a Remedy. Journal of Network & Information Security, 11(1).Zou, F., Zhang, Z., & Hu, Y. (2025). OTP-Hunter: An App-based Fuzzing Framework to Discover One Time Password Vulnerabilities. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2025.3000000

A Hybrid Cryptographic and Biometric Framework for Real-Time Signer Verification in Digital Signing Systems

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License