A Survey of Wearable Biometric Recognition Systems

The growing popularity of wearable devices is leading to new ways to interact with the environment, with other smart devices, and with other people. Wearables equipped with an array of sensors are able to capture the owner’s physiological and behavioural traits, thus are well suited for biometric authentication to control other devices or access digital services. However, wearable biometrics have substantial differences from traditional biometrics for computer systems, such as fingerprints, eye features, or voice. In this article, we discuss these differences and analyse how researchers are approaching the wearable biometrics field. We review and provide a categorization of wearable sensors useful for capturing biometric signals. We analyse the computational cost of the different signal processing techniques, an important practical factor in constrained devices such as wearables. Finally, we review and classify the most recent proposals in the field of wearable biometrics in terms of the structure of the biometric system proposed, their experimental setup, and their results. We also present a critique of experimental issues such as evaluation and feasibility aspects, and offer some final thoughts on research directions that need attention in future work

On Selecting the Nonce Length in Distance-Bounding Protocols

Distance-bounding protocols form a family of challenge-response authentication protocols that have been introduced to thwart relay attacks. They enable a verifier to authenticate and to establish an upper bound on the physical distance to an untrusted prover. We provide a detailed security analysis of a family of such protocols. More precisely, we show that the secret key shared between the verifier and the prover can be leaked after a number of nonce repetitions. The leakage probability, while exponentially decreasing with the nonce length, is only weakly dependent on the key length. Our main contribution is a high probability bound on the number of sessions required for the attacker to discover the secret, and an experimental analysis of the attack under noisy conditions. Both of these show that the attack's success probability mainly depends on the length of the used nonces rather than the length of the shared secret key. The theoretical bound could be used by practitioners to appropriately select their security parameters. While longer nonces can guard against this type of attack, we provide a possible countermeasure which successfully combats these attacks even when short nonces are use

Compartmentation policies for Android apps:A combinatorial optimization approach

Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments

SLRV: An RFID Mutual Authentication Protocol Conforming to EPC Generation-2 Standard

Having done an analysis on the security vulnerabilities of Radio Frequency Identification (RFID) through a desynchronization and an impersonation attacks, it is revealed that the secret information (i.e.: secret key and static identifier) shared between the tag and the reader is unnecessary. To overcome the vulnerability, this paper introduces Shelled Lightweight Random Value (SLRV) protocol; a mutual authentication protocol with high-security potentials conforming to  electronic product code (EPC) Class-1 Generation-2 Tags, based on lightweight and standard cryptography on the tag’s and reader’s side, respectively. SLRV prunes de-synchronization attacks where the updating of internal values is only executed on the tag’s side and is a condition to a successful mutual authentication. Results of security analysis of SLRV, and comparison with existing protocols, are presented