SlideShare a Scribd company logo

Multi-factor Implicit Biometric Authentication: Analysis and Approach

Jigisha Aryya
Jigisha Aryya

Research Paper Outline - Cyber Security Management ITMS 578, IIT, Chicago - Fall 2016 ITM, Department of Applied Technology.

Technology
1 of 18
Download to read offline
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 1 Multi-Factor Implicit Biometric Authentication: Analysis and Approach Jigisha Aryya Illinois Institute of Technology, Chicago Author Note Firstly, I thank the institute for providing a rich repository of scholarly articles and material for carrying out this research submitted on this day of November, 2016. Any questions about this paper should be sent through email at jaryya@hawk.iit.edu I thank Prof. Raymond E. Trygstad for suggesting improvements to this work. Second, you are hereby granted permission to use (and adapt) this document for learning and research purposes. You may not sell this document either by itself or in combination with other products or services. Third, if you use this document, you use it at your own risk. The document’s accuracy and safety have been thoroughly evaluated, but they are not guaranteed.
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 2 Abstract The online world is ever-growing and generates data that is valuable and needs to be protected. With the advent of advanced technologies like IoT, smartphones, bigdata etc. it becomes a responsibility of any government or organization to create protocols that will protect the information exchanged by millions of devices. Authentication being the first step in restricting access to sensitive information and data, it is important that the processes, technologies and policies for this are modified as per the changing needs. Biometrics has a promising future. However, there are challenges like operational feasibility, user acceptance, technical problems like mobile device resource limitations and concern over protecting the users' personal data, that have motivated researchers to look for more efficient and viable techniques. Continuous implicit biometric authentication is a process of correctly identifying users by collecting data about their behavior over a period of time and processing it using Machine Learning algorithms, Evaluation Matrices etc. This is contrary to physiological biometrics that only uses the physical attributes. We look in detail the current scenario and research in physiological and continuous implicit biometric authentication technique and its practical applicability in various sectors and discuss the challenges that they pose and ways of overcoming them. Keywords: authentication, implicit biometrics, behavioral traits, physiological biometrics, user acceptance, operational feasibility
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 3 Multi-Factor Implicit Biometric Authentication: Analysis and Approach In the current digital world, most of the business and personal transactions, as well as organizational information sharing and storage happens over a network of connected systems, be it a cloud storage devices, smartphones or home appliances. A person or an entity is authenticated commonly by using a login ID and password combination in order to be given access. Cyber criminals and hackers have already figured out ways of cracking these secret credentials using phishing and brute force techniques in order to steal or manipulate the assets that are available and accessible through the network. On the other hand, cyber security experts, researchers and personnel are continually looking for ways to stop these incidents from happening. Biometrics that use what the entity possesses for determining the identity, is not a new concept but hasn't yet been adopted widely. Only in recent times, commercial institutions like banks that handle sensitive information are looking to this method of authentication due to its promising future. However, over time many drawbacks have been identified that are still in the process of being resolved. Also, newer techniques are being experimented with to counter the imminent threats. In the following sections we will see the distinct characteristics and drawbacks of the popular techniques that are being considered world-wide and then analyze possible solutions that might solve these issues. Physiological versus Behavioral (Implicit) Biometrics – Implementation and Challenges Physiological Biometrics like fingerprint authentication is being considered for widespread use in various banks like Bank of America, Royal Bank of Scotland, HSBC etc. S.T. Bhosale and Dr. B.S. Sawant (2012) have documented the way fingerprint authentication can lead to “cardless” ATM transaction. Various computing and mobile devices are equipped with the hardware that is required to scan the fingerprint of its owner and store it for future authentication. But not all devices like ATMs widely used support this facility. The usual way of restricting the access to these devices is a PIN or a password encrypted and stored in the system files or sent to a remote server for authentication. Same is
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 4 the case with the other physical attributes like face, retina, iris, palm vein etc. which are in fact even more niche and rarely seen used in the consumer market or any organization that stores sensitive information. What is hindering the presence of these technologies is the current state of the hardware manufactured and used in the devices with which the common consumer interacts like the smartphones, cash machines, PCs, POS, Kiosks, ATMs, home appliances connected via Internet (IoT) etc. But as rightly pointed out by Peter Corcoran and Claudia Costache (2016), many a times it is just not possible for system designers to efficiently incorporate a module for biometric authentication in a device due to its complexity. The companies that are selling products with which its users might transmit or store sensitive information, will have to take the necessary steps to enable the penetration of biometrics into the consumer market. Along with that the storage of the information collected from the users that is irreplaceable, unlike a password will have to be transmitted to the servers if required and stored as securely as possible as Peter Corocon et al have rightly quoted “A key problem with biometrics is that they cannot be revoked”. These are the first and foremost requirements for rapid adoption of physiological biometrics authentication. Yana Welinder (2016) has mentioned “They will nevertheless get hacked”. Dr. Thomas P. Keenan in his article has spoken about several serious security breach possibilities that continue to haunt this technology. So, detection of security bypasses and immediate remedies for replacement of the unique identity information is also crucial. Second comes understanding the way these repeated actions of authentication either at the system access level or application access level weigh on the users, so that they agree to use them for their online security. Battery power consumption, time of completion of the authentication process, prevention of misuse, loss or corruption of data etc. are the factors that come into play in this case ( intensive technical analysis by Paolo Gasti et al, 2016). We will discuss the possible ways by which these issues can be addressed by the current research in this area similar to what has been proposed by Jigisha Aryya (2008) and Paolo Gasti et al. (2016).
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 5 Behavioral or Implicit biometrics on the other hand, collects data that reflect the way the user interacts with the system. Voice authentication is being adopted by Banks like Singapore Bank, Barclays Capital, Citi Bank etc. Keystroke dynamics, mouse dynamics, location information and touchscreen interaction are ways of identifying a user while they are either aware or unaware of the fact that they are giving behavior specific identity information for their authentication. Similarly, gait, hand waving, signature etc. Some of these are relevant only to mobile devices like gait and touchscreen as of now. However, again, authentication only at the entry point of a system is not enough and should be a continuous process to ensure complete integrity. This is where continuous behavioral biometrics authentication takes over. But, doing so can be costly again in terms of user experience and resource consumption. With a sophisticated design this can be handled well. Abdulaziz Alzubaidi and Jugal Kalita in their research on the various methods compares the uniqueness and challenges very well and dives deep into the technicalities. Their work has influenced this paper to a large extent. But as their work is more focused on mobile devices used by the common consumers, only a part of it has been picked for further analysis. We will try to analyze the methods and possible better solutions that can be implemented at a faster and cheaper rate. The Challenges with Physiological Biometrics and Possible Solutions Securing the templates The face impression, fingerprint, iris image, retina or palm print can never be changed and hence used for identifying a person. And it is always present with the person, meaning it is unlike a password or a PIN that could be forgotten or become invalid. It is also quick to provide. While this gives an edge to biometric security systems, it also means that special precautionary measures are needed to store the templates for comparison and as securely as possible. For any large organization, it is not difficult to provide machines for identity verification at various points whether online or physical access. These machines sometimes can capture the impression easily, for example, at a security check point of an
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 6 airline where iris verification is done for international travelers. The camera has to align with the eyes and then take the picture to compare with the already stored iris template. These machines could be connected to a remote server that receives the template as soon as it is taken and then sends the result. Additionally they can be encrypted after converting them to bytes of data or obfuscated and again made right with a known algorithm and key at the server side. This can prevent identity theft. On the other hand, if we choose to store it locally like in a smartphone or a laptop or desktop, then the operating system of that machine has to locally encrypt this data and then store at a safe section of the hard disk. Theft with fake sources like videos can be prevented with liveness check like pupil contraction with exposure to light. The fast exchange of data between the local computer and the server and processing speed is the key to its success be it iris, fingerprint or face. Technical feasibility and User acceptance For a terminal authenticating a person requesting access, it is easy to set up a system that will have the hardware to get the impression of the eye, face or palm etc. correctly. But for an online access, it is not always convenient or feasible to get the picture correctly specially of the face or iris/retina since the camera resolution might not be of good enough or the user might not be able to align the eye or face correctly. As such, the authentication system will not get an accurate picture to test. Hence, most computers and mobile phone have at the most, palm or fingerprint authentication. Unless the hardware is improved and proper system-generated feedback to the user is not given to align properly, a useful picture cannot be taken. This might although annoy the person being authenticated, and so, it is best to use an alternative attribute that is easier to collect. Behavioral biometrics have an upper hand in such scenarios. Many a times the user is unaware since the interaction itself functions as the “password”. Since in the remote server scenario, authentication is done by communication over a network, it is important to keep in mind chances of server and network failures with designing the system and ways of handling such incidents. Server images containing replica of the templates in a different network can
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 7 help in cases of technical failures like these. Cloud based systems are also feasible as described by Salman H. Khan et al. (2015). Privacy Issues For any organization to authenticate a personnel at all required check points is acceptable only if an individual agrees to be tracked with physical data whenever required and continuously if so. Same is the case with any commercial application. But since this data is private and permanent, a person might feel uncomfortable being tracked of his or her location and activities. It is important that surveillance area are marked properly and the videos and data captured are only accessible to authorized personnels. If any other person manages to get the access and decides to misuse it, the reputation of the organization will be spoiled irreversibly. The government or the organization should keep levels of access for the identification of an individual when using biometric data like face recognition for security purposes. Managers, Security experts etc. have to be labeled and privileges identified for getting access to this data sensitively. Access controls to designated areas containing this information need to be defined as Mandatory Access Controls (MACs) or Non-discretionary controls that are decided by the top executives and independent advisors and are role based. The Challenges with Implicit Biometrics and Possible Solutions Diversity of application The behavior of an individual like voice, keystroke, touchscreen etc. are very specific and can be collected mostly with mobile devices accurately. The gait for example cannot be used any other fixed form of hardware system since it uses the movement of the person. Voice is the most diverse of all since any machine with a microphone and CPU can capture or process audio data. Keystroke and touch behavior are also feasible if the device is equipped with a keypad and touch sensitive surface which is very common in smartphones. Hardware collecting fingerprints is different from touch based surfaces. But touch interaction would typically require a bit more time to correctly identify a user. That
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 8 makes it a trait to be tracked only in smartphones where the user is using it continuously so that training data can be collected for feeding into a machine learning software system. Same is the case with keystroke. Other traits like hand-waving and signature are comparatively convenient. Cameras and optical surfaces that have the ability to capture pen movement are apt for these features. Hence, in terms of implementation at a physical security check terminal, behavior might pose to be a challenge except for voice input. Gait could be tracked with surveillance cameras from a certain distance till the final check point. But again that would also require identifying parallely with face recognition. Device resource limitations We know that smartphones and small smart appliances have resource limitations like battery life and network bandwidth. Authenticating continuously or frequently can levy heavily on it. Researchers now are working on the core technicalities of the software for making it efficient. Algorithms are modified with better mathematical techniques. Paolo Gasti et al have given optimized Manhattan and Hamming distance calculation formula. Compressing the data is crucial to make the authentication process leaner. Privacy Issues Just like physiological traits, behavioral information is also unique and needs to be protected from cyber criminals. More importantly, it should be informed to the user unless and until the sensitiveness is not too high or the demand is such. Adapting to Changing Behavior A system that authenticates using behavioral features needs to be aware that these characteristics might change with age and ailment more rapidly than physical attributes. As such, the software has to be intelligent enough to adapt to the changes. Artificial Intelligence along with machine learning algorithms can help to a large extent. Only concern is economic and operational feasibility since building, deploying and maintaining such a system might be costly.
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 9 A Hybrid Approach It is important to understand the pros and cons of each type of biometrics before deciding on its implementation and design. Cost, effort, time frame and organizational impact depending on the type of entities to be authenticated are factors that need to be considered. For a robust and futuristic design that will hold good for atleast sometime, it is a good approach to combine both the types and create a hybrid authentication system. We know that any institution like a bank or a government organization, access to information and assets happen at different times and under different conditions depending on its criticality. There are basically two levels at which authentication is desired: Entry level and Interaction level. For physical systems, physiological biometrics like fingerprint, palm print or iris verification is a quick and easy method. After getting access, the person's movement, face etc. can be monitored till a certain time to completely ensure that it is indeed the authenticated person. In digital systems that are mobile, it is possible to have physiological or behavioral biometrics at entry level followed by continuously authenticating using behavioral traits . It is also feasible and convenient to have a complete behavioral biometric security system. UnifyID is one of those technological startups that are working to create products to completely replace any other methods with implicit biometrics for initial and continuous authentication. However, this is focused only on smartphones, which is not always the case and the main assumption is that, it is being used only by a single user. Hence, the ideal system has to adapt to the device size and underlying system architecture. Personal computers that are used to access electronic portals can be very basic that might not even have a working microphone facility or a camera. In that case, only implicit biometrics like keystroke dynamics has to be the extra input apart from some traditional techniques like OTP or a password. Bakelman et al have carried out experiments of various categories of passwords and keyboard inputs that could be also used for keystroke type of
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 10 implicit authentication which is very valuable in terms of creating a more realistic and strong cyber security system. For computers and mobile devices having hardware to support audio and video input, face recognition, handwaving and voice recognition techniques can be used. There are also computers that have inbuilt hardware for detecting the fingerprint. Smartphone operating systems that support fingerprint detection also are slowly penetrating the consumer markets. Mouse movement in computers is equivalent to touchscreen dynamics in smartphones which is a behavioral characteristic. Gait is specific to smartphones. In the figure below we try to list the different types based on their implementation ease and practicality. Entry level → Interaction level Keystroke dynamics (Implicit) Mouse / Touchscreen interaction (Implicit) Voice recognition (Implicit) Keystroke dynamics (Implicit) Face recognition (Physiological) Voice inputs (Implicit) Hand-waving (Implicit) Gait (Implicit) Iris/Retina recognition (Physiological) Fingerprint recognition (Physiological) Palm print recognition (Physiological) Signature (Implicit) Continuous Implicit Biometrics It is known well the details of physiological biometrics. But to implement a continuous biometric authentication system that collects and sends the biometric data to a server for learning or verification using matrices, it is important to evaluate the hardware and software implicates. It is
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 11 possible to authenticate digitally end to end using implicit techniques, without the person having to consciously enter any identity information. But initial identity capturing has be through the hardware as mentioned above to create the training set or evaluation matrices of values that will be used later for comparison. This is the future of biometrics and authentication as a whole but if the system fails to efficiently identify the data, it might lead to login failures, system locks, corruption of behavior data and overall user dissatisfaction. For digital systems this looks feasible and specially in mobile devices. For physical assets like storage devices and servers, continuous process might be challenging in terms of quick implementation. Target Mimicry attacks and Reconstruction attacks as have been studied by J. Morris Chang et al and Daniel Vogel et al are a reality and need to tackled with great precision. As the user continues to use a system, even with long gaps of use, the system has to build and modify the data in order to accommodate any changes in the behavior due to aging. Also special cases when the actual user isn't being able to interact normally, the system should be intelligent enough not to deny access to the user. It is always good to have a standby system of alternate authentication in case of such failures. This is to ensure we do not frustrate the user by causing a great deal of inconvenience. Looking Beyond Biometrics - Mindmetrics It is interesting to see that those who are inclined to contribute to the field of cyber security in a more practical ways have always started with the ease of development and deployment of the technology. There are researchers who have proposed determining the correct users by testing their personality with a desired one, which is very similar to psychometric tests. This is often clubbed with behavioral biometrics like keystroke dynamics to increase its strength. The end user requesting access is asked certain questions, the answers to which are expected only from the right user. In fact, entering password is completely eliminated and login id is asked for only later from a set of choices. This design proposed by Juyeon Jo et al (2014) has been developed using a simple interface coded using an application programming language. The user feedback was good as per their user acceptance tests. This
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 12 is not a solid proof of its feasibility at a large scale but it definitely indicates that there is a new possibility and direction in biometric authentication that is not only easy to implement but also tests the person using a more complex parameter which are private information or psychology. A Complete Biometric based Security System An organization like bank which is the foremost in implementing biometrics has several divisions, products and personnels with varied roles who access and modify the data related to the capital managed by the bank. In the figure below we try to visualize all the possible places where biometrics could be used in a multi-modal fashion.  Account access by Customer through a Bank branch  Account access by Customer through an ATM  Account access by Customer through a Web portal using a browser  Account access by Customer through a Smartphone Application  Bank employee's access to customer data  IT Manager's access to servers containing sensitive data of customers  DBA's access to bank databases  IT Infrastructure personnel's access to network servers and storage devices like cloud servers  Technical team's access to software governing the customer and bank data  Areas in the bank's corporate offices where software development and data maintenance takes place
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 13 These are just a few name. There are several other repositories of data containing financial reports and fund management data that need very secure handling. Biometrics can either make or break the security system depending on how it is understood and implemented. Managerial Precautions in Launching the Advanced Biometrics It is always advised to follow the TAM (Technolody Adoption Model) to introduce some new technology into the system. The acceptance has to be tested no matter how ambitious and futuristic it is. People being authenticated several times in several different ways can have dire consequences if it comes as a surprise. But at the same time the management has to convince the employees and the customers equally of its criticality. Policies governing the tapping of user biometrics data and analyzing the same for some useful insights also need serious consideration in case it leads to legal issues claiming breach of privacy rights of individuals. The security aspect must not become a hindrance in the normal business processes and so an investment in this area requires considering failure scenarios. The cyber security insurance domain is the newest upcoming area of innovation and advancement as security can lead to disastrous consequences due to external attacks or internal issues. This makes it worth the investment necessary. Optimizing the system in terms of the selection of the factors that will be authenticated against, the management can come up with something that is feasible in terms of cost and acceptance. As surveyed by Licky Richard Erastus et al., an Emerging Market might not accept an extensive biometrics based security system as easily as a developed economy. Hence, pilot projects with these methods is very much advised.
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 14 Conclusion There are several benefits and challenges in using physiological and implicit biometrics. Continuous implicit biometrics authentication combining two or more factors is the future. If implemented in a sophisticated manner it can lead to not only higher security assurance but also better user experience. However, if we fail to address the drawbacks that it suffers from, like precision and efficiency needs, it can lead to disastrous results in terms of access and system performance. We see in multi-factor authentication that it is indeed wise to combine physiological biometrics with implicit or behavioral biometrics rather than depending on just one type. This along with adaptive algorithms implemented at the low level software design can make a pure biometrics based authentication not only robust but also a means of improving user experience. What factors need to be used depend on the system architecture in question. Face, fingerprint, voice recognition and keystroke dynamics along with iris recognition look popular and accepted so far in sectors like banking. We need to explore more on touchscreen dynamics since smartphones and mobile devices are the future of information access.
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 15 References Bhosale, S.T. , Dr. Sawant, B.S. (2012) Security in e-banking via card less biometric ATMs, International Journal of Advanced Technology & Engineering Research (IJATER), Volume 2, Issue 4, July 2012. Welinder, Yana (2016) Biometrics in Banking is Not Secure. The New York Times, July 13, 2016 from http://www.nytimes.com/roomfordebate/2016/07/05/biometrics-and-banking/biometrics-in-banking-is-not-secure Gasti, Paolo, Šedˇ nka, Jaroslav ,Yang, Qing, Zhou, Gang, Balagani, Kiran S. (2016) Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 11, NOVEMBER 2016. Aryya, Jigisha (2008) Algorithm Selection for Sorting in embedded and Mobile systems, PES Institute of Technology, April 2008, Bangalore, India from http://www.slideshare.net/jigishaaryya/algorithm-selection-for-sorting-in-embedded-and-mobile-systems-29727477 Corcoran, Peter, Costache, Claudia (2016) Biometric Technology and Smartphone. IEEE Consumer Electronics Magazine, April 2016 Alzubaidi, Abdulaziz and Kalita, Jugal (2016) Authentication of Smartphone Users Using Behavioral Biometrics. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18, NO. 3, THIRD QUARTER 2016. Ahmad, Dhurgham T. and Hariri, Mohammad, (2012) User Acceptance of Biometrics in E-banking to improve Security. Business Management Dynamics Vol.2, No.1, Jul 2012, pp.01-04.
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 16 Kekre, H. B., Bharadi, V.A. , (2009) Ageing Adaptation for Multimodal Biometrics using Adaptive Feature Set Update Algorithm. IEEE International Advance Computing Conference (IACC 2009) Patiala, India, 6-7 March 2009. Jo, Juyeon, Kim,Yoohwan, and Lee, Sungchul (2014) Mindmetrics: Identifying users without their login IDs. 2014 IEEE International Conference on Systems, Man, and Cybernetics, October 5- 8, 2014, San Diego, CA, USA Erastus, Licky Richard, Jere, Nobert, Shava, Fungai Bhunu (2015) Exploring Challenges of Biometric Technology Adoption:A Namibian Review. Emerging Trends in Networks and Computer Communications (ETNCC), 2015 International Conference on Keenan, Dr. Thomas P., (2015) Hidden Risks of Biometric Identifiers and How to Avoid Them, Black Hat USA 2015. Khan, Salman H., Akbar, M. Ali (2015) Multi-Factor Authentication on Cloud. Digital Image Computing: Techniques and Applications (DICTA), 2015 International Conference on. IEEE International Conference on Consumer Electronics (ICCE) 2016. Patel, Heena M., Panuwala, Chirag N., Vora, Aarohi (2016) Hybrid Feature level approach for Multi- biometricCryptosystem. IEEE WiSPNET 2016 Almuairfi, Sadiq , Veeraraghavan, Parakash, Chilamkurti, Naveen (2011) IPAS: Implicit Password Authentication System. Workshops of International Conference on Advanced Information Networking and Applications 2016 in passwords, 5th ISSNIP-IEEE Biosignals and Biorobotics Conference (2014): Biosignals and Robotics for Better and Safer Living (BRC)
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 17 Bakelman, Ned, Monaco, John V., Sung-Hyuk Cha, and Charles C. Tappert (2013) Keystroke Biometric Studies on Password and Numeric Keypad Input 2013 European Intelligence and Security Informatics Conference. Panja, Biswajit, Fattaleh, Dennis, Mercado, Mark, Robinson, Adam, Meharia, Priyanka (2014) Cybersecurity in Banking and Financial Sector:Security Analysis of a Mobile Banking Application. Collaboration Technologies and Systems (CTS), 2013 International Conference on. Bhargav, Abilasha, Squicciarini, Anna, Bertino, Elisa (2006) Privacy Preserving Multi-Factor Authentication with Biometrics. DIM’06, November 3, 2006, Alexandria, Virginia, USA. Khan, Hassan, Hengartner, Urs, Vogel, Daniel (2016) Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. MobiSys’16, June 25-30, 2016, Singapore, Singapore. Chun, Hu, Elmehdwi, Yousef, Li, Feng, Bhattacharya, Prabir, Jiang, Wei (2014) Outsourceable Two- Party Privacy-Preserving Biometric Authentication. ASIA CCS’14, June 4–6, 2014, Kyoto, Japan. Tanviruzzaman, Mohammad, Ahamed, Sheikh Iqbal (2014) Your phone knows you: Almost transparent authentication for smartphones. 2014 IEEE 38th Annual International Computers, Software and Applications Conference. Li, Yanyan, Yang, Junshuang, Mengjun Xie, Carlson, Dylan, Jang, Han Gil, Bian, Jiang (2015) Comparison of PIN- and Pattern-based Behavioral Biometric Authentication on Mobile Devices. Milcom 2015 Track 3 - Cyber Security and Trusted Computing. Ford, Bryan (2015) Private Eyes: Secure Remote Biometric Authentication. 12th International Joint Conference on e-Business and Telecommunications (ICETE)
MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 18 Gatali, Inkingi Fred, Lee, Kyung Young, Park, Sang Un, Kang, Juyong (2016) A Qualitative Study on Adoption of Biometrics Technologies: Canadian Banking Industry. ICEC '16, August 17 - 19, 2016, Suwon, Republic of Korea. Michael, Katina, Michael, MG, Tootell, Holly, Baker, Valerie (2006) The Hybridization of Automatic Identification Techniques in Mass Market Applications: Towards a Model of Coexistence. Management of Innovation and Technology, 2006 IEEE International Conference on. Al-Rubaie, Mohammad, Chang, J. Morris (2016) Reconstruction Attacks Against Mobile-Based Continuous Authentication Systems in the Cloud. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 12, DECEMBER 2016.

Recommended

Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...IRJET Journal
 
Biometrics
BiometricsBiometrics
BiometricsSatish Chandra
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
GHC-2014-Lavanya
GHC-2014-LavanyaGHC-2014-Lavanya
GHC-2014-LavanyaLavanya Lakshman
 
A Comparison Based Study on Biometrics for Human Recognition
A Comparison Based Study on Biometrics for Human RecognitionA Comparison Based Study on Biometrics for Human Recognition
A Comparison Based Study on Biometrics for Human RecognitionIOSR Journals
 
Hazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeHazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeITIIIndustries
 
A Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelA Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelCSCJournals
 
Atm security using_fingerprint_biometric_identifer
Atm security using_fingerprint_biometric_identiferAtm security using_fingerprint_biometric_identifer
Atm security using_fingerprint_biometric_identiferRutwikShitole1
 

Recommended

Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...IRJET Journal
 
Biometrics
BiometricsBiometrics
BiometricsSatish Chandra
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
GHC-2014-Lavanya
GHC-2014-LavanyaGHC-2014-Lavanya
GHC-2014-LavanyaLavanya Lakshman
 
A Comparison Based Study on Biometrics for Human Recognition
A Comparison Based Study on Biometrics for Human RecognitionA Comparison Based Study on Biometrics for Human Recognition
A Comparison Based Study on Biometrics for Human RecognitionIOSR Journals
 
Hazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeHazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeITIIIndustries
 
A Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelA Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelCSCJournals
 
Atm security using_fingerprint_biometric_identifer
Atm security using_fingerprint_biometric_identiferAtm security using_fingerprint_biometric_identifer
Atm security using_fingerprint_biometric_identiferRutwikShitole1
 
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?Kavika Roy
 
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image ProcessingIRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image ProcessingIRJET Journal
 
Personal authentication using 3 d finger geometry (synopsis)
Personal authentication using 3 d finger geometry (synopsis)Personal authentication using 3 d finger geometry (synopsis)
Personal authentication using 3 d finger geometry (synopsis)Mumbai Academisc
 
Biometric encryption
Biometric encryptionBiometric encryption
Biometric encryptionDeepák Soni
 
Biometrics
BiometricsBiometrics
BiometricsN/A
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
Ai
AiAi
AiSouhailaMesseria1
 
How artificial intelligence(AI) will change the world in 2021
How artificial intelligence(AI) will change the world in 2021How artificial intelligence(AI) will change the world in 2021
How artificial intelligence(AI) will change the world in 2021kalyanit6
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
 
Biometrics system penetration in mobile devices
Biometrics system penetration in mobile devicesBiometrics system penetration in mobile devices
Biometrics system penetration in mobile devicesSwapnil Jagtap
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with BiometricsInternational Center for Biometric Research
 
Face Recognition Based Automated Student Attendance System
Face Recognition Based Automated Student Attendance SystemFace Recognition Based Automated Student Attendance System
Face Recognition Based Automated Student Attendance Systemijtsrd
 
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKINGROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKINGvishal dineshkumar soni
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Smart banking system
Smart banking systemSmart banking system
Smart banking systemShreyans Jain
 
The How of Biometrics
The How of BiometricsThe How of Biometrics
The How of BiometricsPeachy Essay
 
Cybersecurity governance-1.docx
Cybersecurity governance-1.docxCybersecurity governance-1.docx
Cybersecurity governance-1.docxWaseelsultan
 
Biometric authentication
Biometric authenticationBiometric authentication
Biometric authenticationAbduhalim Beknazarov
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issuesijtsrd
 

More Related Content

What's hot

What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?Kavika Roy
 
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image ProcessingIRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image ProcessingIRJET Journal
 
Personal authentication using 3 d finger geometry (synopsis)
Personal authentication using 3 d finger geometry (synopsis)Personal authentication using 3 d finger geometry (synopsis)
Personal authentication using 3 d finger geometry (synopsis)Mumbai Academisc
 
Biometric encryption
Biometric encryptionBiometric encryption
Biometric encryptionDeepák Soni
 
Biometrics
BiometricsBiometrics
BiometricsN/A
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
How artificial intelligence(AI) will change the world in 2021
How artificial intelligence(AI) will change the world in 2021How artificial intelligence(AI) will change the world in 2021
How artificial intelligence(AI) will change the world in 2021kalyanit6
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
 
Biometrics system penetration in mobile devices
Biometrics system penetration in mobile devicesBiometrics system penetration in mobile devices
Biometrics system penetration in mobile devicesSwapnil Jagtap
 
Face Recognition Based Automated Student Attendance System
Face Recognition Based Automated Student Attendance SystemFace Recognition Based Automated Student Attendance System
Face Recognition Based Automated Student Attendance Systemijtsrd
 
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKINGROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKINGvishal dineshkumar soni
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Smart banking system
Smart banking systemSmart banking system
Smart banking systemShreyans Jain
 

What's hot (18)

What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
What Is Facial Recognition, How It Is Used & What Is It’s Future Scope?
 
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image ProcessingIRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
 
Personal authentication using 3 d finger geometry (synopsis)
Personal authentication using 3 d finger geometry (synopsis)Personal authentication using 3 d finger geometry (synopsis)
Personal authentication using 3 d finger geometry (synopsis)
 
Biometric encryption
Biometric encryptionBiometric encryption
Biometric encryption
 
Biometrics
BiometricsBiometrics
Biometrics
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
 
Ai
AiAi
Ai
 
How artificial intelligence(AI) will change the world in 2021
How artificial intelligence(AI) will change the world in 2021How artificial intelligence(AI) will change the world in 2021
How artificial intelligence(AI) will change the world in 2021
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
 
Biometrics system penetration in mobile devices
Biometrics system penetration in mobile devicesBiometrics system penetration in mobile devices
Biometrics system penetration in mobile devices
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
 
Face Recognition Based Automated Student Attendance System
Face Recognition Based Automated Student Attendance SystemFace Recognition Based Automated Student Attendance System
Face Recognition Based Automated Student Attendance System
 
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKINGROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
ROLE OF ARTIFICIAL INTELLIGENCE IN COMBATING CYBER THREATS IN BANKING
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using Biometrics
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
Smart banking system
Smart banking systemSmart banking system
Smart banking system
 

Similar to Multi-factor Implicit Biometric Authentication: Analysis and Approach

The How of Biometrics
The How of BiometricsThe How of Biometrics
The How of BiometricsPeachy Essay
 
Cybersecurity governance-1.docx
Cybersecurity governance-1.docxCybersecurity governance-1.docx
Cybersecurity governance-1.docxWaseelsultan
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issuesijtsrd
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to BiometricsYogeshIJTSRD
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...
MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...
MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...Jenna Murray
 
Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)sachin yadav
 
The Rise of Behavioral Biometrics and Its Potential Applications.pdf
The Rise of Behavioral Biometrics and Its Potential Applications.pdfThe Rise of Behavioral Biometrics and Its Potential Applications.pdf
The Rise of Behavioral Biometrics and Its Potential Applications.pdfBahaa Abdulhadi
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdfAnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdftonkung6
 
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdfRole Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdfBahaa Abdulhadi
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transactionIJARIIT
 
Recognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxRecognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxdanas19
 
Jss academy of technical education
Jss academy of technical educationJss academy of technical education
Jss academy of technical educationArhind Gautam
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper ExampleKayla Perry
 
Cloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationCloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationIRJET Journal
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IRJET Journal
 

Similar to Multi-factor Implicit Biometric Authentication: Analysis and Approach (20)

The How of Biometrics
The How of BiometricsThe How of Biometrics
The How of Biometrics
 
Cybersecurity governance-1.docx
Cybersecurity governance-1.docxCybersecurity governance-1.docx
Cybersecurity governance-1.docx
 
Biometric authentication
Biometric authenticationBiometric authentication
Biometric authentication
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issues
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to Biometrics
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
 
MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...
MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...
MACHINE LEARNING AND CONTINUOUS AUTHENTICATION A SHIELD AGAINST CYBER THREATS...
 
Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)
 
The Rise of Behavioral Biometrics and Its Potential Applications.pdf
The Rise of Behavioral Biometrics and Its Potential Applications.pdfThe Rise of Behavioral Biometrics and Its Potential Applications.pdf
The Rise of Behavioral Biometrics and Its Potential Applications.pdf
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdfAnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
 
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdfRole Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transaction
 
Recognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxRecognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docx
 
Jss academy of technical education
Jss academy of technical educationJss academy of technical education
Jss academy of technical education
 
Biometrics Technology
Biometrics TechnologyBiometrics Technology
Biometrics Technology
 
Biometrics security
Biometrics securityBiometrics security
Biometrics security
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper Example
 
Cloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationCloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor Authentication
 
Biometrics Essay
Biometrics EssayBiometrics Essay
Biometrics Essay
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Multi-factor Implicit Biometric Authentication: Analysis and Approach

  • 1. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 1 Multi-Factor Implicit Biometric Authentication: Analysis and Approach Jigisha Aryya Illinois Institute of Technology, Chicago Author Note Firstly, I thank the institute for providing a rich repository of scholarly articles and material for carrying out this research submitted on this day of November, 2016. Any questions about this paper should be sent through email at jaryya@hawk.iit.edu I thank Prof. Raymond E. Trygstad for suggesting improvements to this work. Second, you are hereby granted permission to use (and adapt) this document for learning and research purposes. You may not sell this document either by itself or in combination with other products or services. Third, if you use this document, you use it at your own risk. The document’s accuracy and safety have been thoroughly evaluated, but they are not guaranteed.
  • 2. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 2 Abstract The online world is ever-growing and generates data that is valuable and needs to be protected. With the advent of advanced technologies like IoT, smartphones, bigdata etc. it becomes a responsibility of any government or organization to create protocols that will protect the information exchanged by millions of devices. Authentication being the first step in restricting access to sensitive information and data, it is important that the processes, technologies and policies for this are modified as per the changing needs. Biometrics has a promising future. However, there are challenges like operational feasibility, user acceptance, technical problems like mobile device resource limitations and concern over protecting the users' personal data, that have motivated researchers to look for more efficient and viable techniques. Continuous implicit biometric authentication is a process of correctly identifying users by collecting data about their behavior over a period of time and processing it using Machine Learning algorithms, Evaluation Matrices etc. This is contrary to physiological biometrics that only uses the physical attributes. We look in detail the current scenario and research in physiological and continuous implicit biometric authentication technique and its practical applicability in various sectors and discuss the challenges that they pose and ways of overcoming them. Keywords: authentication, implicit biometrics, behavioral traits, physiological biometrics, user acceptance, operational feasibility
  • 3. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 3 Multi-Factor Implicit Biometric Authentication: Analysis and Approach In the current digital world, most of the business and personal transactions, as well as organizational information sharing and storage happens over a network of connected systems, be it a cloud storage devices, smartphones or home appliances. A person or an entity is authenticated commonly by using a login ID and password combination in order to be given access. Cyber criminals and hackers have already figured out ways of cracking these secret credentials using phishing and brute force techniques in order to steal or manipulate the assets that are available and accessible through the network. On the other hand, cyber security experts, researchers and personnel are continually looking for ways to stop these incidents from happening. Biometrics that use what the entity possesses for determining the identity, is not a new concept but hasn't yet been adopted widely. Only in recent times, commercial institutions like banks that handle sensitive information are looking to this method of authentication due to its promising future. However, over time many drawbacks have been identified that are still in the process of being resolved. Also, newer techniques are being experimented with to counter the imminent threats. In the following sections we will see the distinct characteristics and drawbacks of the popular techniques that are being considered world-wide and then analyze possible solutions that might solve these issues. Physiological versus Behavioral (Implicit) Biometrics – Implementation and Challenges Physiological Biometrics like fingerprint authentication is being considered for widespread use in various banks like Bank of America, Royal Bank of Scotland, HSBC etc. S.T. Bhosale and Dr. B.S. Sawant (2012) have documented the way fingerprint authentication can lead to “cardless” ATM transaction. Various computing and mobile devices are equipped with the hardware that is required to scan the fingerprint of its owner and store it for future authentication. But not all devices like ATMs widely used support this facility. The usual way of restricting the access to these devices is a PIN or a password encrypted and stored in the system files or sent to a remote server for authentication. Same is
  • 4. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 4 the case with the other physical attributes like face, retina, iris, palm vein etc. which are in fact even more niche and rarely seen used in the consumer market or any organization that stores sensitive information. What is hindering the presence of these technologies is the current state of the hardware manufactured and used in the devices with which the common consumer interacts like the smartphones, cash machines, PCs, POS, Kiosks, ATMs, home appliances connected via Internet (IoT) etc. But as rightly pointed out by Peter Corcoran and Claudia Costache (2016), many a times it is just not possible for system designers to efficiently incorporate a module for biometric authentication in a device due to its complexity. The companies that are selling products with which its users might transmit or store sensitive information, will have to take the necessary steps to enable the penetration of biometrics into the consumer market. Along with that the storage of the information collected from the users that is irreplaceable, unlike a password will have to be transmitted to the servers if required and stored as securely as possible as Peter Corocon et al have rightly quoted “A key problem with biometrics is that they cannot be revoked”. These are the first and foremost requirements for rapid adoption of physiological biometrics authentication. Yana Welinder (2016) has mentioned “They will nevertheless get hacked”. Dr. Thomas P. Keenan in his article has spoken about several serious security breach possibilities that continue to haunt this technology. So, detection of security bypasses and immediate remedies for replacement of the unique identity information is also crucial. Second comes understanding the way these repeated actions of authentication either at the system access level or application access level weigh on the users, so that they agree to use them for their online security. Battery power consumption, time of completion of the authentication process, prevention of misuse, loss or corruption of data etc. are the factors that come into play in this case ( intensive technical analysis by Paolo Gasti et al, 2016). We will discuss the possible ways by which these issues can be addressed by the current research in this area similar to what has been proposed by Jigisha Aryya (2008) and Paolo Gasti et al. (2016).
  • 5. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 5 Behavioral or Implicit biometrics on the other hand, collects data that reflect the way the user interacts with the system. Voice authentication is being adopted by Banks like Singapore Bank, Barclays Capital, Citi Bank etc. Keystroke dynamics, mouse dynamics, location information and touchscreen interaction are ways of identifying a user while they are either aware or unaware of the fact that they are giving behavior specific identity information for their authentication. Similarly, gait, hand waving, signature etc. Some of these are relevant only to mobile devices like gait and touchscreen as of now. However, again, authentication only at the entry point of a system is not enough and should be a continuous process to ensure complete integrity. This is where continuous behavioral biometrics authentication takes over. But, doing so can be costly again in terms of user experience and resource consumption. With a sophisticated design this can be handled well. Abdulaziz Alzubaidi and Jugal Kalita in their research on the various methods compares the uniqueness and challenges very well and dives deep into the technicalities. Their work has influenced this paper to a large extent. But as their work is more focused on mobile devices used by the common consumers, only a part of it has been picked for further analysis. We will try to analyze the methods and possible better solutions that can be implemented at a faster and cheaper rate. The Challenges with Physiological Biometrics and Possible Solutions Securing the templates The face impression, fingerprint, iris image, retina or palm print can never be changed and hence used for identifying a person. And it is always present with the person, meaning it is unlike a password or a PIN that could be forgotten or become invalid. It is also quick to provide. While this gives an edge to biometric security systems, it also means that special precautionary measures are needed to store the templates for comparison and as securely as possible. For any large organization, it is not difficult to provide machines for identity verification at various points whether online or physical access. These machines sometimes can capture the impression easily, for example, at a security check point of an
  • 6. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 6 airline where iris verification is done for international travelers. The camera has to align with the eyes and then take the picture to compare with the already stored iris template. These machines could be connected to a remote server that receives the template as soon as it is taken and then sends the result. Additionally they can be encrypted after converting them to bytes of data or obfuscated and again made right with a known algorithm and key at the server side. This can prevent identity theft. On the other hand, if we choose to store it locally like in a smartphone or a laptop or desktop, then the operating system of that machine has to locally encrypt this data and then store at a safe section of the hard disk. Theft with fake sources like videos can be prevented with liveness check like pupil contraction with exposure to light. The fast exchange of data between the local computer and the server and processing speed is the key to its success be it iris, fingerprint or face. Technical feasibility and User acceptance For a terminal authenticating a person requesting access, it is easy to set up a system that will have the hardware to get the impression of the eye, face or palm etc. correctly. But for an online access, it is not always convenient or feasible to get the picture correctly specially of the face or iris/retina since the camera resolution might not be of good enough or the user might not be able to align the eye or face correctly. As such, the authentication system will not get an accurate picture to test. Hence, most computers and mobile phone have at the most, palm or fingerprint authentication. Unless the hardware is improved and proper system-generated feedback to the user is not given to align properly, a useful picture cannot be taken. This might although annoy the person being authenticated, and so, it is best to use an alternative attribute that is easier to collect. Behavioral biometrics have an upper hand in such scenarios. Many a times the user is unaware since the interaction itself functions as the “password”. Since in the remote server scenario, authentication is done by communication over a network, it is important to keep in mind chances of server and network failures with designing the system and ways of handling such incidents. Server images containing replica of the templates in a different network can
  • 7. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 7 help in cases of technical failures like these. Cloud based systems are also feasible as described by Salman H. Khan et al. (2015). Privacy Issues For any organization to authenticate a personnel at all required check points is acceptable only if an individual agrees to be tracked with physical data whenever required and continuously if so. Same is the case with any commercial application. But since this data is private and permanent, a person might feel uncomfortable being tracked of his or her location and activities. It is important that surveillance area are marked properly and the videos and data captured are only accessible to authorized personnels. If any other person manages to get the access and decides to misuse it, the reputation of the organization will be spoiled irreversibly. The government or the organization should keep levels of access for the identification of an individual when using biometric data like face recognition for security purposes. Managers, Security experts etc. have to be labeled and privileges identified for getting access to this data sensitively. Access controls to designated areas containing this information need to be defined as Mandatory Access Controls (MACs) or Non-discretionary controls that are decided by the top executives and independent advisors and are role based. The Challenges with Implicit Biometrics and Possible Solutions Diversity of application The behavior of an individual like voice, keystroke, touchscreen etc. are very specific and can be collected mostly with mobile devices accurately. The gait for example cannot be used any other fixed form of hardware system since it uses the movement of the person. Voice is the most diverse of all since any machine with a microphone and CPU can capture or process audio data. Keystroke and touch behavior are also feasible if the device is equipped with a keypad and touch sensitive surface which is very common in smartphones. Hardware collecting fingerprints is different from touch based surfaces. But touch interaction would typically require a bit more time to correctly identify a user. That
  • 8. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 8 makes it a trait to be tracked only in smartphones where the user is using it continuously so that training data can be collected for feeding into a machine learning software system. Same is the case with keystroke. Other traits like hand-waving and signature are comparatively convenient. Cameras and optical surfaces that have the ability to capture pen movement are apt for these features. Hence, in terms of implementation at a physical security check terminal, behavior might pose to be a challenge except for voice input. Gait could be tracked with surveillance cameras from a certain distance till the final check point. But again that would also require identifying parallely with face recognition. Device resource limitations We know that smartphones and small smart appliances have resource limitations like battery life and network bandwidth. Authenticating continuously or frequently can levy heavily on it. Researchers now are working on the core technicalities of the software for making it efficient. Algorithms are modified with better mathematical techniques. Paolo Gasti et al have given optimized Manhattan and Hamming distance calculation formula. Compressing the data is crucial to make the authentication process leaner. Privacy Issues Just like physiological traits, behavioral information is also unique and needs to be protected from cyber criminals. More importantly, it should be informed to the user unless and until the sensitiveness is not too high or the demand is such. Adapting to Changing Behavior A system that authenticates using behavioral features needs to be aware that these characteristics might change with age and ailment more rapidly than physical attributes. As such, the software has to be intelligent enough to adapt to the changes. Artificial Intelligence along with machine learning algorithms can help to a large extent. Only concern is economic and operational feasibility since building, deploying and maintaining such a system might be costly.
  • 9. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 9 A Hybrid Approach It is important to understand the pros and cons of each type of biometrics before deciding on its implementation and design. Cost, effort, time frame and organizational impact depending on the type of entities to be authenticated are factors that need to be considered. For a robust and futuristic design that will hold good for atleast sometime, it is a good approach to combine both the types and create a hybrid authentication system. We know that any institution like a bank or a government organization, access to information and assets happen at different times and under different conditions depending on its criticality. There are basically two levels at which authentication is desired: Entry level and Interaction level. For physical systems, physiological biometrics like fingerprint, palm print or iris verification is a quick and easy method. After getting access, the person's movement, face etc. can be monitored till a certain time to completely ensure that it is indeed the authenticated person. In digital systems that are mobile, it is possible to have physiological or behavioral biometrics at entry level followed by continuously authenticating using behavioral traits . It is also feasible and convenient to have a complete behavioral biometric security system. UnifyID is one of those technological startups that are working to create products to completely replace any other methods with implicit biometrics for initial and continuous authentication. However, this is focused only on smartphones, which is not always the case and the main assumption is that, it is being used only by a single user. Hence, the ideal system has to adapt to the device size and underlying system architecture. Personal computers that are used to access electronic portals can be very basic that might not even have a working microphone facility or a camera. In that case, only implicit biometrics like keystroke dynamics has to be the extra input apart from some traditional techniques like OTP or a password. Bakelman et al have carried out experiments of various categories of passwords and keyboard inputs that could be also used for keystroke type of
  • 10. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 10 implicit authentication which is very valuable in terms of creating a more realistic and strong cyber security system. For computers and mobile devices having hardware to support audio and video input, face recognition, handwaving and voice recognition techniques can be used. There are also computers that have inbuilt hardware for detecting the fingerprint. Smartphone operating systems that support fingerprint detection also are slowly penetrating the consumer markets. Mouse movement in computers is equivalent to touchscreen dynamics in smartphones which is a behavioral characteristic. Gait is specific to smartphones. In the figure below we try to list the different types based on their implementation ease and practicality. Entry level → Interaction level Keystroke dynamics (Implicit) Mouse / Touchscreen interaction (Implicit) Voice recognition (Implicit) Keystroke dynamics (Implicit) Face recognition (Physiological) Voice inputs (Implicit) Hand-waving (Implicit) Gait (Implicit) Iris/Retina recognition (Physiological) Fingerprint recognition (Physiological) Palm print recognition (Physiological) Signature (Implicit) Continuous Implicit Biometrics It is known well the details of physiological biometrics. But to implement a continuous biometric authentication system that collects and sends the biometric data to a server for learning or verification using matrices, it is important to evaluate the hardware and software implicates. It is
  • 11. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 11 possible to authenticate digitally end to end using implicit techniques, without the person having to consciously enter any identity information. But initial identity capturing has be through the hardware as mentioned above to create the training set or evaluation matrices of values that will be used later for comparison. This is the future of biometrics and authentication as a whole but if the system fails to efficiently identify the data, it might lead to login failures, system locks, corruption of behavior data and overall user dissatisfaction. For digital systems this looks feasible and specially in mobile devices. For physical assets like storage devices and servers, continuous process might be challenging in terms of quick implementation. Target Mimicry attacks and Reconstruction attacks as have been studied by J. Morris Chang et al and Daniel Vogel et al are a reality and need to tackled with great precision. As the user continues to use a system, even with long gaps of use, the system has to build and modify the data in order to accommodate any changes in the behavior due to aging. Also special cases when the actual user isn't being able to interact normally, the system should be intelligent enough not to deny access to the user. It is always good to have a standby system of alternate authentication in case of such failures. This is to ensure we do not frustrate the user by causing a great deal of inconvenience. Looking Beyond Biometrics - Mindmetrics It is interesting to see that those who are inclined to contribute to the field of cyber security in a more practical ways have always started with the ease of development and deployment of the technology. There are researchers who have proposed determining the correct users by testing their personality with a desired one, which is very similar to psychometric tests. This is often clubbed with behavioral biometrics like keystroke dynamics to increase its strength. The end user requesting access is asked certain questions, the answers to which are expected only from the right user. In fact, entering password is completely eliminated and login id is asked for only later from a set of choices. This design proposed by Juyeon Jo et al (2014) has been developed using a simple interface coded using an application programming language. The user feedback was good as per their user acceptance tests. This
  • 12. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 12 is not a solid proof of its feasibility at a large scale but it definitely indicates that there is a new possibility and direction in biometric authentication that is not only easy to implement but also tests the person using a more complex parameter which are private information or psychology. A Complete Biometric based Security System An organization like bank which is the foremost in implementing biometrics has several divisions, products and personnels with varied roles who access and modify the data related to the capital managed by the bank. In the figure below we try to visualize all the possible places where biometrics could be used in a multi-modal fashion.  Account access by Customer through a Bank branch  Account access by Customer through an ATM  Account access by Customer through a Web portal using a browser  Account access by Customer through a Smartphone Application  Bank employee's access to customer data  IT Manager's access to servers containing sensitive data of customers  DBA's access to bank databases  IT Infrastructure personnel's access to network servers and storage devices like cloud servers  Technical team's access to software governing the customer and bank data  Areas in the bank's corporate offices where software development and data maintenance takes place
  • 13. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 13 These are just a few name. There are several other repositories of data containing financial reports and fund management data that need very secure handling. Biometrics can either make or break the security system depending on how it is understood and implemented. Managerial Precautions in Launching the Advanced Biometrics It is always advised to follow the TAM (Technolody Adoption Model) to introduce some new technology into the system. The acceptance has to be tested no matter how ambitious and futuristic it is. People being authenticated several times in several different ways can have dire consequences if it comes as a surprise. But at the same time the management has to convince the employees and the customers equally of its criticality. Policies governing the tapping of user biometrics data and analyzing the same for some useful insights also need serious consideration in case it leads to legal issues claiming breach of privacy rights of individuals. The security aspect must not become a hindrance in the normal business processes and so an investment in this area requires considering failure scenarios. The cyber security insurance domain is the newest upcoming area of innovation and advancement as security can lead to disastrous consequences due to external attacks or internal issues. This makes it worth the investment necessary. Optimizing the system in terms of the selection of the factors that will be authenticated against, the management can come up with something that is feasible in terms of cost and acceptance. As surveyed by Licky Richard Erastus et al., an Emerging Market might not accept an extensive biometrics based security system as easily as a developed economy. Hence, pilot projects with these methods is very much advised.
  • 14. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 14 Conclusion There are several benefits and challenges in using physiological and implicit biometrics. Continuous implicit biometrics authentication combining two or more factors is the future. If implemented in a sophisticated manner it can lead to not only higher security assurance but also better user experience. However, if we fail to address the drawbacks that it suffers from, like precision and efficiency needs, it can lead to disastrous results in terms of access and system performance. We see in multi-factor authentication that it is indeed wise to combine physiological biometrics with implicit or behavioral biometrics rather than depending on just one type. This along with adaptive algorithms implemented at the low level software design can make a pure biometrics based authentication not only robust but also a means of improving user experience. What factors need to be used depend on the system architecture in question. Face, fingerprint, voice recognition and keystroke dynamics along with iris recognition look popular and accepted so far in sectors like banking. We need to explore more on touchscreen dynamics since smartphones and mobile devices are the future of information access.
  • 15. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 15 References Bhosale, S.T. , Dr. Sawant, B.S. (2012) Security in e-banking via card less biometric ATMs, International Journal of Advanced Technology & Engineering Research (IJATER), Volume 2, Issue 4, July 2012. Welinder, Yana (2016) Biometrics in Banking is Not Secure. The New York Times, July 13, 2016 from http://www.nytimes.com/roomfordebate/2016/07/05/biometrics-and-banking/biometrics-in-banking-is-not-secure Gasti, Paolo, Šedˇ nka, Jaroslav ,Yang, Qing, Zhou, Gang, Balagani, Kiran S. (2016) Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 11, NOVEMBER 2016. Aryya, Jigisha (2008) Algorithm Selection for Sorting in embedded and Mobile systems, PES Institute of Technology, April 2008, Bangalore, India from http://www.slideshare.net/jigishaaryya/algorithm-selection-for-sorting-in-embedded-and-mobile-systems-29727477 Corcoran, Peter, Costache, Claudia (2016) Biometric Technology and Smartphone. IEEE Consumer Electronics Magazine, April 2016 Alzubaidi, Abdulaziz and Kalita, Jugal (2016) Authentication of Smartphone Users Using Behavioral Biometrics. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18, NO. 3, THIRD QUARTER 2016. Ahmad, Dhurgham T. and Hariri, Mohammad, (2012) User Acceptance of Biometrics in E-banking to improve Security. Business Management Dynamics Vol.2, No.1, Jul 2012, pp.01-04.
  • 16. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 16 Kekre, H. B., Bharadi, V.A. , (2009) Ageing Adaptation for Multimodal Biometrics using Adaptive Feature Set Update Algorithm. IEEE International Advance Computing Conference (IACC 2009) Patiala, India, 6-7 March 2009. Jo, Juyeon, Kim,Yoohwan, and Lee, Sungchul (2014) Mindmetrics: Identifying users without their login IDs. 2014 IEEE International Conference on Systems, Man, and Cybernetics, October 5- 8, 2014, San Diego, CA, USA Erastus, Licky Richard, Jere, Nobert, Shava, Fungai Bhunu (2015) Exploring Challenges of Biometric Technology Adoption:A Namibian Review. Emerging Trends in Networks and Computer Communications (ETNCC), 2015 International Conference on Keenan, Dr. Thomas P., (2015) Hidden Risks of Biometric Identifiers and How to Avoid Them, Black Hat USA 2015. Khan, Salman H., Akbar, M. Ali (2015) Multi-Factor Authentication on Cloud. Digital Image Computing: Techniques and Applications (DICTA), 2015 International Conference on. IEEE International Conference on Consumer Electronics (ICCE) 2016. Patel, Heena M., Panuwala, Chirag N., Vora, Aarohi (2016) Hybrid Feature level approach for Multi- biometricCryptosystem. IEEE WiSPNET 2016 Almuairfi, Sadiq , Veeraraghavan, Parakash, Chilamkurti, Naveen (2011) IPAS: Implicit Password Authentication System. Workshops of International Conference on Advanced Information Networking and Applications 2016 in passwords, 5th ISSNIP-IEEE Biosignals and Biorobotics Conference (2014): Biosignals and Robotics for Better and Safer Living (BRC)
  • 17. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 17 Bakelman, Ned, Monaco, John V., Sung-Hyuk Cha, and Charles C. Tappert (2013) Keystroke Biometric Studies on Password and Numeric Keypad Input 2013 European Intelligence and Security Informatics Conference. Panja, Biswajit, Fattaleh, Dennis, Mercado, Mark, Robinson, Adam, Meharia, Priyanka (2014) Cybersecurity in Banking and Financial Sector:Security Analysis of a Mobile Banking Application. Collaboration Technologies and Systems (CTS), 2013 International Conference on. Bhargav, Abilasha, Squicciarini, Anna, Bertino, Elisa (2006) Privacy Preserving Multi-Factor Authentication with Biometrics. DIM’06, November 3, 2006, Alexandria, Virginia, USA. Khan, Hassan, Hengartner, Urs, Vogel, Daniel (2016) Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. MobiSys’16, June 25-30, 2016, Singapore, Singapore. Chun, Hu, Elmehdwi, Yousef, Li, Feng, Bhattacharya, Prabir, Jiang, Wei (2014) Outsourceable Two- Party Privacy-Preserving Biometric Authentication. ASIA CCS’14, June 4–6, 2014, Kyoto, Japan. Tanviruzzaman, Mohammad, Ahamed, Sheikh Iqbal (2014) Your phone knows you: Almost transparent authentication for smartphones. 2014 IEEE 38th Annual International Computers, Software and Applications Conference. Li, Yanyan, Yang, Junshuang, Mengjun Xie, Carlson, Dylan, Jang, Han Gil, Bian, Jiang (2015) Comparison of PIN- and Pattern-based Behavioral Biometric Authentication on Mobile Devices. Milcom 2015 Track 3 - Cyber Security and Trusted Computing. Ford, Bryan (2015) Private Eyes: Secure Remote Biometric Authentication. 12th International Joint Conference on e-Business and Telecommunications (ICETE)
  • 18. MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 18 Gatali, Inkingi Fred, Lee, Kyung Young, Park, Sang Un, Kang, Juyong (2016) A Qualitative Study on Adoption of Biometrics Technologies: Canadian Banking Industry. ICEC '16, August 17 - 19, 2016, Suwon, Republic of Korea. Michael, Katina, Michael, MG, Tootell, Holly, Baker, Valerie (2006) The Hybridization of Automatic Identification Techniques in Mass Market Applications: Towards a Model of Coexistence. Management of Innovation and Technology, 2006 IEEE International Conference on. Al-Rubaie, Mohammad, Chang, J. Morris (2016) Reconstruction Attacks Against Mobile-Based Continuous Authentication Systems in the Cloud. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 12, DECEMBER 2016.