Continuous and transparent multimodal authentication: reviewing the state of the art

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner

Federated Authentication using the Cloud (Cloud Aura)

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorised user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Traditionally deployed in a point-of-entry mode (although a number of implementations also provide for re-authentication), the intrusive nature of the control is a significant inhibitor. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This thesis reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between the need for high security whilst maximising user satisfaction. This is followed by a comprehensive literature survey and critical analysis of the existing research domain on continuous and transparent multibiometric authentication. It is evident that most of the undertaken studies and proposed solutions thus far endure one or more shortcomings; for instance, an inability to balance the trade-off between security and usability, confinement to specific devices, lack or negligence of evaluating users’ acceptance and privacy measures, and insufficiency or absence of real tested datasets. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilised in a universal manner. Accordingly, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. A survey of 302 digital device users was undertaken and reveals that despite the widespread interest in more security, there is a quite low number of respondents using or maintaining the available security measures. However, it is apparent that users do not avoid applying the concept of authentication security but avoid the inconvenience of its current common techniques (biometrics are having growing practical interest). The respondents’ perceptions towards Trusted Third-Party (TTP) enable utilising biometrics for a novel authentication solution managed by a TTP working on multiple devices to access multiple services. However, it must be developed and implemented considerately. A series of experimental feasibility analysis studies disclose that even though prior Transparent Authentication Systems (TAS) models performed relatively well in practice on real live user data, an enhanced model utilising multibiometric fusion outweighs them in terms of the security and transparency of the system within a device. It is also empirically established that a centralised federated authentication approach using the Cloud would help towards constructing a better user profile encompassing multibiometrics and soft biometric information from their multiple devices and thus improving the security and convenience of the technique beyond those of unimodal, the Non-Intrusive and Continuous Authentication (NICA), and the Weighted Majority Voting Fusion (WMVF) and what a single device can do by itself. Furthermore, it reduces the intrusive authentication requests by 62%-74% (of the total assumed intrusive requests without operating this model) in the worst cases. As such, the thesis proposes a novel authentication architecture, which is capable of operating in a transparent, continuous and convenient manner whilst functioning across a range of digital devices – bearing in mind it is desirable to work on differing hardware configurations, operating systems, processing capabilities and network connectivity but they are yet to be validated. The approach, entitled Cloud Aura, can achieve high levels of transparency thereby being less dependent on secret-knowledge or any other intrusive login and leveraging the available devices capabilities without requiring any external sensors. Cloud Aura incorporates a variety of biometrics from different types, i.e. physiological, behavioural, and soft biometrics and deploys an on-going identity confidence level based upon them, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s). While in use, it functions with minimal processing overhead thereby reducing the time required for the authentication decision. Ultimately, a functional proof of concept prototype is developed showing that Cloud Aura is feasible and would have the provisions of effective security and user convenience.Royal Commission for Jubail and Yanbu, Kingdom of Saudi Arabi

E-INVIGILATION OF E-ASSESSMENTS

E-learning and particularly distance-based learning is becoming an increasingly important mechanism for education. A leading Virtual Learning Environment (VLE) reports a user base of 70 million students and 1.2 million teachers across 7.5 million courses. Whilst e-learning has introduced flexibility and remote/distance-based learning, there are still aspects of course delivery that rely upon traditional approaches. The most significant of these is examinations. The lack of being able to provide invigilation in a remote-mode has restricted the types of assessments, with exams or in-class test assessments proving difficult to validate. Students are still required to attend physical testing centres in order to ensure strict examination conditions are applied. Whilst research has begun to propose solutions in this respect, they fundamentally fail to provide the integrity required. This thesis seeks to research and develop an e-invigilator that will provide continuous and transparent invigilation of the individual undertaking an electronic based exam or test. The analysis of the e-invigilation solutions has shown that the suggested approaches to minimise cheating behaviours during the online test have varied. They have suffered from a wide range of weaknesses and lacked an implementation achieving continuous and transparent authentication with appropriate security restrictions. To this end, the most transparent biometric approaches are identified to be incorporated in an appropriate solution whilst maintaining security beyond the point-of-entry. Given the existing issues of intrusiveness and point-of-entry user authentication, a complete architecture has been developed based upon maintaining student convenience but providing effective identity verification throughout the test, rather than merely at the beginning. It also provides continuous system-level monitoring to prevent cheating, as well as a variety of management-level functionalities for creating and managing assessments including a prioritised and usable interface in order to enable the academics to quickly verify and check cases of possible cheating. The research includes a detailed discussion of the architecture requirements, components, and complete design to be the core of the system which captures, processes, and monitors students in a completely controlled e-test environment. In order to highlight the ease of use and lightweight nature of the system, a prototype was developed. Employing student face recognition as the most transparent multimodal (2D and 3D modes) biometrics, and novel security features through eye tracking, head movements, speech recognition, and multiple faces detection in order to enable a robust and flexible e-invigilation approach. Therefore, an experiment (Experiment 1) has been conducted utilising the developed prototype involving 51 participants. In this experiment, the focus has been mainly upon the usability of the system under normal use. The FRR of those 51 legitimate participants was 0 for every participant in the 2D mode; however, it was 0 for 45 of them and less than 0.096 for the rest 6 in the 3D mode. Consequently, for all the 51 participants of this experiment, on average, the FRR was 0 in 2D facial recognition mode, however, in 3D facial recognition mode, it was 0.048. Furthermore, in order to evaluate the robustness of the approach against targeted misuse 3 participants were tasked with a series of scenarios that map to typical misuse (Experiment 2). The FAR was 0.038 in the 2D mode and 0 in the 3D mode. The results of both experiments support the feasibility, security, and applicability of the suggested system. Finally, a series of scenario-based evaluations, involving the three separate stakeholders namely: Experts, Academics (qualitative-based surveys) and Students (a quantitative-based and qualitative-based survey) have also been utilised to provide a comprehensive evaluation into the effectiveness of the proposed approach. The vast majority of the interview/feedback outcomes can be considered as positive, constructive and valuable. The respondents agree with the idea of continuous and transparent authentication in e-assessments as it is vital for ensuring solid and convenient security beyond the point-of-entry. The outcomes have also supported the feasibility and practicality of the approach, as well as the efficiency of the system management via well-designed and smart interfaces.The Higher Committee for Education Development in Iraq (HCED