Defense Against Biometric Reproduction Attacks

Systems and methods for defense against biometric reproduction attack are disclosed. The system includes one or more mobile devices installed with a security feature integrated to the operating system or installed to the device as an app. The security feature is in communication with a server installed with a mobile device management solution. The device includes a multi-factor authentication system including at least one biometric authenticator and at least one non-biometric authenticator. The method includes prompting for biometric authentication, if the network is reachable. In the absence of an active network, the server may instruct the device to stop using a biometric authentication and request the user for a multifactor authentication. The systems and methods provide for full enterprise connectivity on devices with a biometric authentication system. The present disclosure allows the network administrators to address biometric reproduction attacks with variable levels of risk tolerance

Perceptions of Risk and Security Concerns with Mobile Devices using Biometric vs Traditional Authentication Methods

Authentication methods on mobile devices provide an important layer of security. Many types of authentication methods exist, some traditional and some biometric-based. In this study, we use a survey method to examine whether the presence and type of an authentication method affect perceptions of risk and security concerns around three specific types of mobile device actions: banking, health, and activities with personally identifiable information (PII). We also survey users’ general perceptions of trust, usefulness, convenience, and ease of use toward authentication methods, both traditional and biometric. We find that users’ perceptions of risk and security concerns change when users consider the type of authentication method present on a device. While traditional methods are still more familiar to most users, we also find that perceptions of biometric-based methods are more similar to perceptions of traditional methods than in the past

Incorporating Zero-Knowledge Succinct Non-interactive Argument of Knowledge for Blockchain-based Identity Management with off-chain computations

In today's world, secure and efficient biometric authentication is of keen importance. Traditional authentication methods are no longer considered reliable due to their susceptibility to cyber-attacks. Biometric authentication, particularly fingerprint authentication, has emerged as a promising alternative, but it raises concerns about the storage and use of biometric data, as well as centralized storage, which could make it vulnerable to cyber-attacks. In this paper, a novel blockchain-based fingerprint authentication system is proposed that integrates zk-SNARKs, which are zero-knowledge proofs that enable secure and efficient authentication without revealing sensitive biometric information. A KNN-based approach on the FVC2002, FVC2004 and FVC2006 datasets is used to generate a cancelable template for secure, faster, and robust biometric registration and authentication which is stored using the Interplanetary File System. The proposed approach provides an average accuracy of 99.01%, 98.97% and 98.52% over the FVC2002, FVC2004 and FVC2006 datasets respectively for fingerprint authentication. Incorporation of zk-SNARK facilitates smaller proof size. Overall, the proposed method has the potential to provide a secure and efficient solution for blockchain-based identity management

User Identification and Authentication using Multi-Modal Behavioral Biometrics

Biometric computer authentication has an advantage over password and access card authentication in that it is based on something you are, which is not easily copied or stolen. One way of performing biometric computer authentication is to use behavioral tendencies associated with how a user interacts with the computer. However, behavioral biometric authentication accuracy rates are worse than more traditional authentication methods. This article presents a behavioral biometric system that fuses user data from keyboard, mouse, and Graphical User Interface (GUI) interactions. Combining the modalities results in a more accurate authentication decision based on a broader view of the user\u27s computer activity while requiring less user interaction to train the system than previous work. Testing over 31 users shows that fusion techniques significantly improve behavioral biometric authentication accuracy over single modalities on their own. Between the two fusion techniques presented, feature fusion and an ensemble based classification method, the ensemble method performs the best with a False Acceptance Rate (FAR) of 2.10% and a False Rejection Rate (FRR) 2.24%

Survey Analysis on Secured user Authentication through Biometric Recognition

Secured user authentication is the process of verifying the user authenticity. Biometric authentication is the human identification system employed to match the biometric characteristics of user for verifying the authenticity. Biometric identifiers are exclusive, making it harder to hack accounts using them. Common types of biometrics comprise the fingerprint scanning verifies authentication based on a user's fingerprints Face recognition and voice recognition are employed in real-time application for improving the security level in different application scenarios. Face recognition is a method of identifying or verifying the individual identity using their face expression. Voice recognition is the ability of machine to receive and interpret the dictation to understand. Many researchers carried out their research on different face and voice recognition methods. But, recognition accuracy was not improved with minimum time consumption by existing biometric recognition method. In this research, different recognition methods are reviewed using biometric recognition method for user authentication. The recognition methods are efficiently on human faces dataset with respect to performance metrics like recognition accuracy, error rate, and recognition time

Biometric Authentication using Nonparametric Methods

The physiological and behavioral trait is employed to develop biometric authentication systems. The proposed work deals with the authentication of iris and signature based on minimum variance criteria. The iris patterns are preprocessed based on area of the connected components. The segmented image used for authentication consists of the region with large variations in the gray level values. The image region is split into quadtree components. The components with minimum variance are determined from the training samples. Hu moments are applied on the components. The summation of moment values corresponding to minimum variance components are provided as input vector to k-means and fuzzy kmeans classifiers. The best performance was obtained for MMU database consisting of 45 subjects. The number of subjects with zero False Rejection Rate [FRR] was 44 and number of subjects with zero False Acceptance Rate [FAR] was 45. This paper addresses the computational load reduction in off-line signature verification based on minimal features using k-means, fuzzy k-means, k-nn, fuzzy k-nn and novel average-max approaches. FRR of 8.13% and FAR of 10% was achieved using k-nn classifier. The signature is a biometric, where variations in a genuine case, is a natural expectation. In the genuine signature, certain parts of signature vary from one instance to another. The system aims to provide simple, fast and robust system using less number of features when compared to state of art works.Comment: 20 page

Computer Based Behavioral Biometric Authentication via Multi-Modal Fusion

Biometric computer authentication has an advantage over password and access card authentication in that it is based on something you are, which is not easily copied or stolen. One way of performing biometric computer authentication is to use behavioral tendencies associated with how a user interacts with the computer. However, behavioral biometric authentication accuracy rates are much larger then more traditional authentication methods. This thesis presents a behavioral biometric system that fuses user data from keyboard, mouse, and Graphical User Interface (GUI) interactions. Combining the modalities results in a more accurate authentication decision based on a broader view of the user\u27s computer activity while requiring less user interaction to train the system than previous work. Testing over 30 users, shows that fusion techniques significantly improve behavioral biometric authentication accuracy over single modalities on their own. Two fusion techniques are presented, feature fusion and decision level fusion. Using an ensemble based classification method the decision level fusion technique improves the FAR by 0.86% and FRR by 2.98% over the best individual modality

The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity

Most user authentication methods and identity proving systems rely on a centralized database. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities. This paper proposes a decentralized authentication method, called the Horcrux protocol, in which there is no such single point of compromise. The protocol relies on decentralized identifiers (DIDs) under development by the W3C Verifiable Claims Community Group and the concept of self-sovereign identity. To accomplish this, we propose specification and implementation of a decentralized biometric credential storage option via blockchains using DIDs and DID documents within the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)