User authentication and authorization for next generation mobile passenger ID devices for land and sea border control

Despite the significant economic benefits derived from the continuously increasing number of visitors entering the European Union through land-border crossing points or sea ports, novel solutions, such as next generation mobile devices for passenger identification for land and sea border control, are required to promote the comfort of passengers. However, the highly sensitive information handled by these devices makes them an attractive target for attackers. Therefore, strong user authentication and authorization mechanisms are required. Towards this direction, we provide an overview of user authentication and authorization requirements for this new type of devices based on the NIST Special Publication 500-280v2.1

Sensing Your Touch: Strengthen User Authentication via Touch Dynamic Biometrics

© 2019 IEEE. Mobile devices are increasingly used to store private and sensitive data, and this has led to an increased demand for more secure and usable authentication services. Currently, mobile device authentication services mainly use a knowledge-based method, e.g. a PIN-based authentication method, and, in some cases, a fingerprint-based authentication method is also supported. The knowledge-based method is vulnerable to impersonation attacks, while the fingerprint-based method can be unreliable sometimes. To make the authentication service more secure and reliable for mobile device users, this paper describes our efforts in investigating the benefits of integrating a touch dynamics authentication method into a PIN-based authentication method. It describes the design, implementation and evaluation of this method. Experimental results show that this approach can significantly reduce the success rate of impersonation attempts; in the case of a 4-digit PIN, the success rate is reduced from 100% (if only the PIN is used) to 9.9% (if both the PIN and the touch dynamics are used)

Strengthen user authentication on mobile devices by using user’s touch dynamics pattern

Mobile devices, particularly the touch screen mobile devices, are increasingly used to store and access private and sensitive data or services, and this has led to an increased demand for more secure and usable security services, one of which is user authentication. Currently, mobile device authentication services mainly use a knowledge-based method, e.g. a PIN-based authentication method, and, in some cases, a fingerprint-based authentication method is also supported. The knowledge-based method is vulnerable to impersonation attacks, while the fingerprint-based method can be unreliable sometimes. To overcome these limitations and to make the authentication service more secure and reliable for touch screen mobile device users, we have investigated the use of touch dynamics biometrics as a mobile device authentication solution by designing, implementing and evaluating a touch dynamics authentication method. This paper describes the design, implementation, and evaluation of this method, the acquisition of raw touch dynamics data, the use of the raw data to obtain touch dynamics features, and the training of the features to build an authentication model for user identity verification. The evaluation results show that by integrating the touch dynamics authentication method into the PIN-based authentication method, the protection levels against impersonation attacks is greatly enhanced. For example, if a PIN is compromised, the success rate of an impersonation attempt is drastically reduced from 100% (if only a 4-digit PIN is used) to 9.9% (if both the PIN and the touch dynamics are used). © 2019, The Author(s)