Quality-Based Conditional Processing in Multi-Biometrics: Application to Sensor Interoperability

As biometric technology is increasingly deployed, it will be common to replace parts of operational systems with newer designs. The cost and inconvenience of reacquiring enrolled users when a new vendor solution is incorporated makes this approach difficult and many applications will require to deal with information from different sources regularly. These interoperability problems can dramatically affect the performance of biometric systems and thus, they need to be overcome. Here, we describe and evaluate the ATVS-UAM fusion approach submitted to the quality-based evaluation of the 2007 BioSecure Multimodal Evaluation Campaign, whose aim was to compare fusion algorithms when biometric signals were generated using several biometric devices in mismatched conditions. Quality measures from the raw biometric data are available to allow system adjustment to changing quality conditions due to device changes. This system adjustment is referred to as quality-based conditional processing. The proposed fusion approach is based on linear logistic regression, in which fused scores tend to be log-likelihood-ratios. This allows the easy and efficient combination of matching scores from different devices assuming low dependence among modalities. In our system, quality information is used to switch between different system modules depending on the data source (the sensor in our case) and to reject channels with low quality data during the fusion. We compare our fusion approach to a set of rule-based fusion schemes over normalized scores. Results show that the proposed approach outperforms all the rule-based fusion schemes. We also show that with the quality-based channel rejection scheme, an overall improvement of 25% in the equal error rate is obtained.Comment: Published at IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Human

Advanced user authentification for mobile devices

Access to the full-text thesis is no longer available at the author's request, due to 3rd party copyright restrictions. Access removed on 28.11.2016 by CS (TIS).Metadata merged with duplicate record ( http://hdl.handle.net/10026.1/1101 - now deleted) on 20.12.2016 by CS (TIS).Recent years have witnessed widespread adoption of mobile devices. Whereas initial popularity was driven by voice telephony services, capabilities are now broadening to allow an increasing range of data orientated services. Such services serve to extend the range of sensitive data accessible through such devices and will in turn increase the requirement for reliable authentication of users. This thesis considers the authentication requirements of mobile devices and proposes novel mechanisms to improve upon the current state of the art. The investigation begins with an examination of existing authentication techniques, and illustrates a wide range of drawbacks. A survey of end-users reveals that current methods are frequently misused and considered inconvenient, and that enhanced methods of security are consequently required. To this end, biometric approaches are identified as a potential means of overcoming the perceived constraints, offering an opportunity for security to be maintained beyond pointof- entry, in a continuous and transparent fashion. The research considers the applicability of different biometric approaches for mobile device implementation, and identifies keystroke analysis as a technique that can offer significant potential within mobile telephony. Experimental evaluations reveal the potential of the technique when applied to a Personal Identification Number (PIN), telephone number and text message, with best case equal error rates (EER) of 9%, 8% and 18% respectively. In spite of the success of keystroke analysis for many users, the results demonstrate the technique is not uniformly successful across the whole of a given population. Further investigation suggests that the same will be true for other biometrics, and therefore that no single authentication technique could be relied upon to account for all the users in all interaction scenarios. As such, a novel authentication architecture is specified, which is capable of utilising the particular hardware configurations and computational capabilities of devices to provide a robust, modular and composite authentication mechanism. The approach, known as IAMS (Intelligent Authentication Management System), is capable of utilising a broad range of biometric and secret knowledge based approaches to provide a continuous confidence measure in the identity of the user. With a high confidence, users are given immediate access to sensitive services and information, whereas with lower levels of confidence, restrictions can be placed upon access to sensitive services, until subsequent reassurance of a user's identity. The novel architecture is validated through a proof-of-concept prototype. A series of test scenarios are used to illustrate how IAMS would behave, given authorised and impostor authentication attempts. The results support the use of a composite authentication approach to enable the non-intrusive authentication of users on mobile devices.Orange Personal Communication Services Ltd

Implementation of the Enhanced Fingerprint Authentication in the ATM System Using ATmega128 with GSM Feedback Mechanism

ATM was introduced to boost the cashless policy in Nigeria. Current trend of Cybercrime facilitate the need for an enhanced fingerprint application on ATM machine with GSM Feedback mechanism. The mechanism enable unassigned fingerprint authentication of customers with quick code and secret code. The project enhances the security authentication of customers using ATM. A core controller using fingerprint recognition system of ATmega128 in-system programmable flash is explored. An SM630 fingerprint module is used to capture fingerprints with DSP processor and optical sensor for verification, using AT command of GSM module for feedback text messaging (i.e. sending of Quick and Secret-Codes respectively). Upon system testing of capable reduction of ATM fraud using C program, the new method of authentication is presented

Image-based Authentication

Mobile and wearable devices are popular platforms for accessing online services. However, the small form factor of such devices, makes a secure and practical experience for user authentication, challenging. Further, online fraud that includes phishing attacks, has revealed the importance of conversely providing solutions for usable authentication of remote services to online users. In this thesis, we introduce image-based solutions for mutual authentication between a user and a remote service provider. First, we propose and develop Pixie, a two-factor, object-based authentication solution for camera-equipped mobile and wearable devices. We further design ai.lock, a system that reliably extracts from images, authentication credentials similar to biometrics. Second, we introduce CEAL, a system to generate visual key fingerprint representations of arbitrary binary strings, to be used to visually authenticate online entities and their cryptographic keys. CEAL leverages deep learning to capture the target style and domain of training images, into a generator model from a large collection of sample images rather than hand curated as a collection of rules, hence provides a unique capacity for easy customizability. CEAL integrates a model of the visual discriminative ability of human perception, hence the resulting fingerprint image generator avoids mapping distinct keys to images which are not distinguishable by humans. Further, CEAL deterministically generates visually pleasing fingerprint images from an input vector where the vector components are designated to represent visual properties which are either readily perceptible to human eye, or imperceptible yet are necessary for accurately modeling the target image domain. We show that image-based authentication using Pixie is usable and fast, while ai.lock extracts authentication credentials that exceed the entropy of biometrics. Further, we show that CEAL outperforms state-of-the-art solution in terms of efficiency, usability, and resilience to powerful adversarial attacks

Design and implementation of a multi-modal biometric system for company access control

This paper is about the design, implementation, and deployment of a multi-modal biometric system to grant access to a company structure and to internal zones in the company itself. Face and iris have been chosen as biometric traits. Face is feasible for non-intrusive checking with a minimum cooperation from the subject, while iris supports very accurate recognition procedure at a higher grade of invasivity. The recognition of the face trait is based on the Local Binary Patterns histograms, and the Daughman\u2019s method is implemented for the analysis of the iris data. The recognition process may require either the acquisition of the user\u2019s face only or the serial acquisition of both the user\u2019s face and iris, depending on the confidence level of the decision with respect to the set of security levels and requirements, stated in a formal way in the Service Level Agreement at a negotiation phase. The quality of the decision depends on the setting of proper different thresholds in the decision modules for the two biometric traits. Any time the quality of the decision is not good enough, the system activates proper rules, which ask for new acquisitions (and decisions), possibly with different threshold values, resulting in a system not with a fixed and predefined behaviour, but one which complies with the actual acquisition context. Rules are formalized as deduction rules and grouped together to represent \u201cresponse behaviors\u201d according to the previous analysis. Therefore, there are different possible working flows, since the actual response of the recognition process depends on the output of the decision making modules that compose the system. Finally, the deployment phase is described, together with the results from the testing, based on the AT&T Face Database and the UBIRIS database

Hardware and software fingerprinting of mobile devices

This dissertation presents novel and practical algorithms to identify the software and hardware components on mobile devices. In particular, we make significant contributions in two challenging areas: library fingerprinting, to identify third-party software libraries, and device fingerprinting, to identify individual hardware components. Our work has significant implications for the privacy and security of mobile platforms. Software-based library fingerprinting can be used to detect vulnerable libraries and uncover large-scale data collection activities. We develop a novel Android library finger-printing tool, LibID, to reliably identify specific versions of in-app third-party libraries. LibID is more effective against code obfuscation than prior art. When comparing LibID with other tools in identifying the correct library version using obfuscated F-Droid apps, LibID achieves an F1 score of more than 0.5 in all cases while prior work is below 0.25. We also demonstrate the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of the 3 958 popular apps on the Google Play Store. Hardware-based device fingerprinting allows apps and websites to invade user privacy by tracking user activity online as the user moves between apps or websites. In particular, we present a new type of device fingerprinting attack, the factory calibration fingerprinting attack, that recovers embedded per-device factory calibration data from motion sensors in a smartphone. We investigate the calibration behaviour of each sensor and show that the calibration fingerprint is fast to generate, does not change over time or after a factory reset, and can be obtained without any special user permissions. We estimate the entropy of the calibration fingerprint and find the fingerprint is very likely to be globally unique for iOS devices (~67 bits of entropy for iPhone 6S) and recent Google Pixel devices (~57 bits of entropy for Pixel 4/4 XL). By comparison, the fingerprint generated by previous work has at most 13 bits of entropy. Following our disclosures, Apple deployed a fix in iOS 12.2 and Google in Android 11. Both code obfuscation and factory calibration help to hide software and hardware idiosyncrasies from third-parties, but this dissertation demonstrates that reliable software and hardware fingerprints can still be generated given sufficient knowledge and a suitable approach. Our work has significant practical implications and can be used to improve platform security and protect user privacy.China Scholarship Council The Boeing Company Microsoft Researc