Identification and Security Implications of Biometrics

The usage of biometrics has become more frequent over the past couple of decades, notably due to technological advancements. Evolving technology in the field of biometrics has also led to increased accuracy of associated software, which have provided the opportunity to use a multitude of different human characteristics for identification and/or verification purposes. The current study assessed the usage of biometrics in casinos, hospitals, and law enforcement agencies using a survey methodology. Results indicated that privacy concerns related to the use of biometrics may not be as prevalent as indicated in the literature. Additionally, results indicated that the utilization of biometrics has led to increased accuracy in identification and verification processes, led to enhanced security, and would be highly recommended to other institutions. Information obtained from the literature notes the racial bias in facial recognition technologies due to algorithmic development based solely upon features of Caucasian individuals. Efforts need to be made to create facial recognition algorithms that are more racially and ethnically diverse

Design and implementation of a subject identification system based on Electroencephalogram

Biometrics are essential methods of identifying people nowadays. There are many types of biometrics, such as the classic methods for iris, face and fingerprint; but most of these are not robust or secure. Recently, biometrics based on electroencephalogram signals using machine learning algorithms have proven to be one of the highest quality and robust methods. Electroencephalograms have advantages over traditional modalities as they are extremely difficult to reproduce and cannot be captured stealthily from a distance. This work describes a system capable of acquiring real-time electroencephalogram signals, processing them using the PREP pipeline, to clean them and improve performance, and making subject identity predictions from electroencephalogram signals using different artificial intelligence algorithms. The system is portable, robust, low-cost and connected to the network to send the results to a server. It is composed of an acquisition system using an analog-to-digital converter and protection systems for electroencephalogram signals. The system is based on a Raspberry Pi Zero 2W as the computer in charge of performing all the computational work of the artificial intelligence algorithms and managing the different tasks. Several deep learning algorithms have been used and compared in terms of results and performance. The EEGNet model has provided the best results with an accuracy of 86.74% in its predictions. The data input to the model has been preprocessed with the PREP pipeline, which has proven to be effective in the results, as it improves the performance of all models that use it. The system provides a functional device with outstanding results that leads the way for future work and applications

Identity Recognition Using Biological Electroencephalogram Sensors

Brain wave signal is a bioelectric phenomenon reflecting activities in human brain. In this paper, we firstly introduce brain wave-based identity recognition techniques and the state-of-the-art work. We then analyze important features of brain wave and present challenges confronted by its applications. Further, we evaluate the security and practicality of using brain wave in identity recognition and anticounterfeiting authentication and describe use cases of several machine learning methods in brain wave signal processing. Afterwards, we survey the critical issues of characteristic extraction, classification, and selection involved in brain wave signal processing. Finally, we propose several brain wave-based identity recognition techniques for further studies and conclude this paper

Design and Analysis of a True Random Number Generator Based on GSR Signals for Body Sensor Networks

This article belongs to the Section Internet of ThingsToday, medical equipment or general-purpose devices such as smart-watches or smart-textiles can acquire a person's vital signs. Regardless of the type of device and its purpose, they are all equipped with one or more sensors and often have wireless connectivity. Due to the transmission of sensitive data through the insecure radio channel and the need to ensure exclusive access to authorised entities, security mechanisms and cryptographic primitives must be incorporated onboard these devices. Random number generators are one such necessary cryptographic primitive. Motivated by this, we propose a True Random Number Generator (TRNG) that makes use of the GSR signal measured by a sensor on the body. After an exhaustive analysis of both the entropy source and the randomness of the output, we can conclude that the output generated by the proposed TRNG behaves as that produced by a random variable. Besides, and in comparison with the previous proposals, the performance offered is much higher than that of the earlier works.This work was supported by the Spanish Ministry of Economy and Competitiveness under the contract ESP-2015-68245-C4-1-P, by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV), and by the Comunidad de Madrid (Spain) under the project CYNAMON (P2018/TCS-4566), co-financed by European Structural Funds (ESF and FEDER). This research was also supported by the Interdisciplinary Research Funds (HTC, United Arab Emirates) under the grant No. 103104

Multi-Factor Authentication: A Survey

Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.Peer reviewe

The Use of EEG Signals For Biometric Person Recognition

This work is devoted to investigating EEG-based biometric recognition systems. One potential advantage of using EEG signals for person recognition is the difficulty in generating artificial signals with biometric characteristics, thus making the spoofing of EEG-based biometric systems a challenging task. However, more works needs to be done to overcome certain drawbacks that currently prevent the adoption of EEG biometrics in real-life scenarios: 1) usually large number of employed sensors, 2) still relatively low recognition rates (compared with some other biometric modalities), 3) the template ageing effect. The existing shortcomings of EEG biometrics and their possible solutions are addressed from three main perspectives in the thesis: pre-processing, feature extraction and pattern classification. In pre-processing, task (stimuli) sensitivity and noise removal are investigated and discussed in separated chapters. For feature extraction, four novel features are proposed; for pattern classification, a new quality filtering method, and a novel instance-based learning algorithm are described in respective chapters. A self-collected database (Mobile Sensor Database) is employed to investigate some important biometric specified effects (e.g. the template ageing effect; using low-cost sensor for recognition). In the research for pre-processing, a training data accumulation scheme is developed, which improves the recognition performance by combining the data of different mental tasks for training; a new wavelet-based de-noising method is developed, its effectiveness in person identification is found to be considerable. Two novel features based on Empirical Mode Decomposition and Hilbert Transform are developed, which provided the best biometric performance amongst all the newly proposed features and other state-of-the-art features reported in the thesis; the other two newly developed wavelet-based features, while having slightly lower recognition accuracies, were computationally more efficient. The quality filtering algorithm is designed to employ the most informative EEG signal segments: experimental results indicate using a small subset of the available data for feature training could receive reasonable improvement in identification rate. The proposed instance-based template reconstruction learning algorithm has shown significant effectiveness when tested using both the publicly available and self-collected databases

A Survey of PPG's Application in Authentication

Biometric authentication prospered because of its convenient use and security. Early generations of biometric mechanisms suffer from spoofing attacks. Recently, unobservable physiological signals (e.g., Electroencephalogram, Photoplethysmogram, Electrocardiogram) as biometrics offer a potential remedy to this problem. In particular, Photoplethysmogram (PPG) measures the change in blood flow of the human body by an optical method. Clinically, researchers commonly use PPG signals to obtain patients' blood oxygen saturation, heart rate, and other information to assist in diagnosing heart-related diseases. Since PPG signals contain a wealth of individual cardiac information, researchers have begun to explore their potential in cyber security applications. The unique advantages (simple acquisition, difficult to steal, and live detection) of the PPG signal allow it to improve the security and usability of the authentication in various aspects. However, the research on PPG-based authentication is still in its infancy. The lack of systematization hinders new research in this field. We conduct a comprehensive study of PPG-based authentication and discuss these applications' limitations before pointing out future research directions.Comment: Accepted by Computer & Security (COSE

Privacy-Protecting Techniques for Behavioral Data: A Survey

Our behavior (the way we talk, walk, or think) is unique and can be used as a biometric trait. It also correlates with sensitive attributes like emotions. Hence, techniques to protect individuals privacy against unwanted inferences are required. To consolidate knowledge in this area, we systematically reviewed applicable anonymization techniques. We taxonomize and compare existing solutions regarding privacy goals, conceptual operation, advantages, and limitations. Our analysis shows that some behavioral traits (e.g., voice) have received much attention, while others (e.g., eye-gaze, brainwaves) are mostly neglected. We also find that the evaluation methodology of behavioral anonymization techniques can be further improved