Biometric Authentication System on Mobile Personal Devices

We propose a secure, robust, and low-cost biometric authentication system on the mobile personal device for the personal network. The system consists of the following five key modules: 1) face detection; 2) face registration; 3) illumination normalization; 4) face verification; and 5) information fusion. For the complicated face authentication task on the devices with limited resources, the emphasis is largely on the reliability and applicability of the system. Both theoretical and practical considerations are taken. The final system is able to achieve an equal error rate of 2% under challenging testing protocols. The low hardware and software cost makes the system well adaptable to a large range of security applications

Continuous User Authentication Using Multi-Modal Biometrics

It is commonly acknowledged that mobile devices now form an integral part of an individual’s everyday life. The modern mobile handheld devices are capable to provide a wide range of services and applications over multiple networks. With the increasing capability and accessibility, they introduce additional demands in term of security. This thesis explores the need for authentication on mobile devices and proposes a novel mechanism to improve the current techniques. The research begins with an intensive review of mobile technologies and the current security challenges that mobile devices experience to illustrate the imperative of authentication on mobile devices. The research then highlights the existing authentication mechanism and a wide range of weakness. To this end, biometric approaches are identified as an appropriate solution an opportunity for security to be maintained beyond point-of-entry. Indeed, by utilising behaviour biometric techniques, the authentication mechanism can be performed in a continuous and transparent fashion. This research investigated three behavioural biometric techniques based on SMS texting activities and messages, looking to apply these techniques as a multi-modal biometric authentication method for mobile devices. The results showed that linguistic profiling; keystroke dynamics and behaviour profiling can be used to discriminate users with overall Equal Error Rates (EER) 12.8%, 20.8% and 9.2% respectively. By using a combination of biometrics, the results showed clearly that the classification performance is better than using single biometric technique achieving EER 3.3%. Based on these findings, a novel architecture of multi-modal biometric authentication on mobile devices is proposed. The framework is able to provide a robust, continuous and transparent authentication in standalone and server-client modes regardless of mobile hardware configuration. The framework is able to continuously maintain the security status of the devices. With a high level of security status, users are permitted to access sensitive services and data. On the other hand, with the low level of security, users are required to re-authenticate before accessing sensitive service or data

Defense Against Biometric Reproduction Attacks

Systems and methods for defense against biometric reproduction attack are disclosed. The system includes one or more mobile devices installed with a security feature integrated to the operating system or installed to the device as an app. The security feature is in communication with a server installed with a mobile device management solution. The device includes a multi-factor authentication system including at least one biometric authenticator and at least one non-biometric authenticator. The method includes prompting for biometric authentication, if the network is reachable. In the absence of an active network, the server may instruct the device to stop using a biometric authentication and request the user for a multifactor authentication. The systems and methods provide for full enterprise connectivity on devices with a biometric authentication system. The present disclosure allows the network administrators to address biometric reproduction attacks with variable levels of risk tolerance

eBiometrics: an enhanced multi-biometrics authentication technique for real-time remote applications on mobile devices

The use of mobile communication devices with advance sensors is growing rapidly. These sensors are enabling functions such as Image capture, Location applications, and Biometric authentication such as Fingerprint verification and Face & Handwritten signature recognition. Such ubiquitous devices are essential tools in today's global economic activities enabling anywhere-anytime financial and business transactions. Cryptographic functions and biometric-based authentication can enhance the security and confidentiality of mobile transactions. Using Biometric template security techniques in real-time biometric-based authentication are key factors for successful identity verification solutions, but are venerable to determined attacks by both fraudulent software and hardware. The EU-funded SecurePhone project has designed and implemented a multimodal biometric user authentication system on a prototype mobile communication device. However, various implementations of this project have resulted in long verification times or reduced accuracy and/or security. This paper proposes to use built-in-self-test techniques to ensure no tampering has taken place on the verification process prior to performing the actual biometric authentication. These techniques utilises the user personal identification number as a seed to generate a unique signature. This signature is then used to test the integrity of the verification process. Also, this study proposes the use of a combination of biometric modalities to provide application specific authentication in a secure environment, thus achieving optimum security level with effective processing time. I.e. to ensure that the necessary authentication steps and algorithms running on the mobile device application processor can not be undermined or modified by an imposter to get unauthorized access to the secure system

Development of a typing behaviour recognition mechanism on Android

This paper proposes a biometric authentication system which use password based and behavioural traits (typing behaviours) authentication technology to establish user’s identity on a mobile phone. The proposed system can work on the latest smart phone platform. It uses mobile devices to capture user’s keystroke data and transmit it to web server. The authentication engine will establish if a user is genuine or fraudulent. In addition, a multiplier of the standard deviation “α” has been defined which aims to achieve the balance between security and usability. Experimental results indicate that the developed authentication system is highly reliable and very secure with an equal error rate is below 7.5%

MobiBits: Multimodal Mobile Biometric Database

This paper presents a novel database comprising representations of five different biometric characteristics, collected in a mobile, unconstrained or semi-constrained setting with three different mobile devices, including characteristics previously unavailable in existing datasets, namely hand images, thermal hand images, and thermal face images, all acquired with a mobile, off-the-shelf device. In addition to this collection of data we perform an extensive set of experiments providing insight on benchmark recognition performance that can be achieved with these data, carried out with existing commercial and academic biometric solutions. This is the first known to us mobile biometric database introducing samples of biometric traits such as thermal hand images and thermal face images. We hope that this contribution will make a valuable addition to the already existing databases and enable new experiments and studies in the field of mobile authentication. The MobiBits database is made publicly available to the research community at no cost for non-commercial purposes.Comment: Submitted for the BIOSIG2018 conference on June 18, 2018. Accepted for publication on July 20, 201

Perceptions of Risk and Security Concerns with Mobile Devices using Biometric vs Traditional Authentication Methods

Authentication methods on mobile devices provide an important layer of security. Many types of authentication methods exist, some traditional and some biometric-based. In this study, we use a survey method to examine whether the presence and type of an authentication method affect perceptions of risk and security concerns around three specific types of mobile device actions: banking, health, and activities with personally identifiable information (PII). We also survey users’ general perceptions of trust, usefulness, convenience, and ease of use toward authentication methods, both traditional and biometric. We find that users’ perceptions of risk and security concerns change when users consider the type of authentication method present on a device. While traditional methods are still more familiar to most users, we also find that perceptions of biometric-based methods are more similar to perceptions of traditional methods than in the past

Fingerprint Authentication Schemes for Mobile Devices

In certain applications, fingerprint authentication systems require templates to be stored in databases. The possible leakage of these fingerprint templates can lead to serious security and privacy threats. Therefore, with the frequent use of fingerprint authentication on mobile devices, it has become increasingly important to keep fingerprint data safe. Due to rapid developments in optical equipment, biometric systems are now able to gain the same biometric images repeatedly, so strong features can be selected with precision. Strong features refer to high-quality features which can be easily distinguished from other features in biometric raw images. In this paper, we introduce an algorithm that identifies these strong features with certain probability from a given fingerprint image. Once values are extracted from these features, they are used as the authentication data. Using the geometric information of these strong features, a cancelable fingerprint template can be produced, and the process of extracting values and geometric information is further explained. Because this is a light-weight authentication scheme, this template has practical usage for low performance mobile devices. Finally, we demonstrate that our proposed schemes are secure and that the user’s biometric raw data of the fingerprint are safe, even when the mobile device is lost or stolen

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Biometrics-as-a-Service: A Framework to Promote Innovative Biometric Recognition in the Cloud

Biometric recognition, or simply biometrics, is the use of biological attributes such as face, fingerprints or iris in order to recognize an individual in an automated manner. A key application of biometrics is authentication; i.e., using said biological attributes to provide access by verifying the claimed identity of an individual. This paper presents a framework for Biometrics-as-a-Service (BaaS) that performs biometric matching operations in the cloud, while relying on simple and ubiquitous consumer devices such as smartphones. Further, the framework promotes innovation by providing interfaces for a plurality of software developers to upload their matching algorithms to the cloud. When a biometric authentication request is submitted, the system uses a criteria to automatically select an appropriate matching algorithm. Every time a particular algorithm is selected, the corresponding developer is rendered a micropayment. This creates an innovative and competitive ecosystem that benefits both software developers and the consumers. As a case study, we have implemented the following: (a) an ocular recognition system using a mobile web interface providing user access to a biometric authentication service, and (b) a Linux-based virtual machine environment used by software developers for algorithm development and submission