Smartphone-based Biometric Authentication Scheme for Access Control Management in Client-server Environment

Full Text (PDF, 524KB), PP.34-47

Views: 0 Downloads: 0

Author(s)

Sajaad Ahmed Lone 1,* Ajaz Hussain Mir 1

1. Department of Electronics and Communications Engineering, National Institute of Technology Srinagar, Jammu and Kashmir, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2022.04.04

Received: 10 Jan. 2022 / Revised: 6 Mar. 2022 / Accepted: 23 Mar. 2022 / Published: 8 Aug. 2022

Index Terms

Biometrics, Fingerprint, Authentication, Challenge-Response, Smartphone

Abstract

As the information put together by the blend of smartphones, the cloud, the IOT, and ubiquitous computing continue to expand at an alarming rate, a data breach increases. Today, users' strong authentication and authorization approaches are increasingly important to secure sensitive, confidential, secret information. Possession and knowledge-based authentication techniques for computers, the internet, email accounts, etc., are commonly used to access vital information; they do not link a user to an established identity, resulting in most security vulnerabilities. Biometric authentication, on the other hand, has the privilege of being more reliable than traditional authentication as biometric characteristics of a person can’t be lost; they are tough to distribute, exchange or duplicate; and it requires the user to be present during the authentication process, thereby relating the users to established identities. Biometrics provides a higher level of assurance that the individual attempting to ascertain is the individual in question. Thus, resulting in a more reliable, usable, and cost-effective model with a higher level of protection to deter an attacker from obtaining entry to a computer or network and gaining access to confidential data. This paper introduces a novel fingerprint-based authentication scheme for mobile environments, enabling user authentication based on fingerprint features using a challenge-response-based authentication process. In this study, the proposed authentication system has been developed on a real Android-based smartphone, tested on actual users, and performance analysis has been carried out; empirical results reveal that the proposed authentication scheme achieves increased performance. Moreover, a usability analysis has been done to determine efficiency, effectiveness, and user satisfaction. The evaluation results indicate its feasibility to use it as an effective authentication mechanism for mobile phone environments.

Cite This Paper

Sajaad Ahmed Lone, A.H. Mir, "Smartphone-based Biometric Authentication Scheme for Access Control Management in Client-server Environment", International Journal of Information Technology and Computer Science(IJITCS), Vol.14, No.4, pp.34-47, 2022. DOI:10.5815/ijitcs.2022.04.04

Reference

[1]O. O. Ajaegbu, C. Ajaegbu, and O. Adewunmi S, “Smartphone Technological Advancement Trends: A Scheme for Knowledge Acquisition Towards Societal Development,” Inf. Technol. J., vol. 18, no. 1, pp. 1–7, 2018, doi: 10.3923/itj.2019.1.7.
[2]A. Shah, P. Roongta, C. Jain, V. Kaushik, and A. Awadhiya, “Digital Payments 2020: The Making of $500 Billion Ecosystem in India,” pp. 1–52, 2016, [Online]. Available: https://image-src.bcg.com/BCG_COM/BCG-Google Digital Payments 2020-July 2016_tcm21-39245.pdf.
[3]T. Mehraj, M. A. Sheheryar, S. A. Lone, and A. H. Mir, “A critical insight into the identity authentication systems on smartphones,” in Indonesian Journal of Electrical Engineering and Computer Science, vol. 13, no. 3, 2019, pp. 982–989.
[4]R. Amin, T. Gaber, G. Eltaweel, and A. E. Hassanien, “Biometric and traditional mobile authentication techniques: Overviews and open issues,” in Intelligent Systems Reference Library, Intelligen., vol. 70, Springer, 2015, pp. 423–446.
[5]W. H. Lee and R. Lee, “Implicit sensor-based authentication of smartphone users with smartwatch,” ACM Int. Conf. Proceeding Ser., vol. 18-June-20, 2016, doi: 10.1145/2948618.2948627.
[6]S. J. Wang and J. F. Chang, “Smart card based secure password authentication scheme,” Comput. Secur., vol. 15, no. 3, pp. 231–237, 1996, doi: 10.1016/0167-4048(96)00005-3.
[7]J. Jeong, M. Y. Chung, and H. Choo, “Integrated OTP-Based User Authentication and Access Control Scheme in Home Networks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 4773 LNCS, pp. 123–133, 2007, doi: 10.1007/978-3-540-75476-3_13.
[8]O. Ogbanufe and D. J. Kim, “Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment,” Decis. Support Syst., vol. 106, pp. 1–14, 2018, doi: 10.1016/J.DSS.2017.11.003.
[9]P. Sealy, “Get smart: why biometric cards will reshape the payments industry,” Biometric Technol. Today, vol. 2018, no. 8, pp. 5–8, 2018.
[10]A. Qusef, A. Albadarneh, S. Elish, and M. Muhanna, “Mitigating personalization challenges in mobile commerce: An empirical study,” Comput. Electr. Eng., vol. 89, 2021.
[11]A. De Keyser, Y. Bart, X. Gu, S. Q. Liu, S. G. Robinson, and P. K. Kannan, “Opportunities and challenges of using biometrics for business: Developing a research agenda,” J. Bus. Res., vol. 136, pp. 52–62, 2021.
[12]C. G. Deborah Golden, “Addressing Cyber Threats Multi-Factor Authentication for Privileged User Accounts Contents,” 2015. [Online]. Available: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/public-sector/us-federal-cyber-mfa-pov.pdf.
[13]M. A. Ferrag, L. Maglaras, A. Derhab, and H. Janicke, “Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues,” Telecommun. Syst., vol. 73, no. 2, pp. 317–348, 2020, doi: 10.1007/s11235-019-00612-5.
[14]N. A. Lal, S. Prasad, and M. Farik, “A Review Of Authentication Methods,” vol. 5, no. 11, pp. 246–249, 2016.
[15]S. Laitos, “Biometrics As an Alternative To Passwords for Older Users,” 2015.
[16]L. O’Gorman, “Comparing passwords, tokens, and biometrics for user authentication | Bipin Kumar - Academia.edu,” vol. 91, no. 12, pp. 2021–2040, 2005, [Online]. Available: http://www.academia.edu/654335/Comparing_passwords_tokens_and_biometrics_for_user_authentication.
[17]J. N. Oruh, “Three-Factor Authentication for Automated Teller Machine System,” no. December 2014, 2021.
[18]K. R. Reese, “Evaluating the Usability of Two-Factor Authentication,” 2018.
[19]C. Bhagavatula, B. Ur, K. Iacovino, S. M. Kywe, L. F. Cranor, and M. Savvides, “Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption,” 2015, doi: 10.14722/usec.2015.23003.
[20]D. H. Shih, C. M. Lu, and M. H. Shih, “A flick biometric authentication mechanism on mobile devices,” ICCSS 2015 - Proc. 2015 Int. Conf. Inf. Cybern. Comput. Soc. Syst., pp. 31–33, 2015, doi: 10.1109/ICCSS.2015.7281144.
[21]R. Spolaor, Q. Q. Li, M. Monaro, M. Conti, L. Gamberini, and G. Sartori, “Biometric authentication methods on smartphones: A survey,” PsychNology J., vol. 14, no. 2–3, pp. 87–98, 2016.
[22]N. A. Albahbooh and P. Bours, “A mobile phone device as a biometrics authentication method for an ATM terminal,” in Proceedings - 15th IEEE International Conference on Computer and Information Technology, CIT 2015, 2015, pp. 2017–2024, doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.299.
[23]F. Karegar, J. S. Pettersson, and S. Fischer-Hübner, “Fingerprint recognition on mobile devices: Widely deployed, rarely understood,” ACM Int. Conf. Proceeding Ser., 2018, doi: 10.1145/3230833.3234514.
[24]B. Abazi, B. Qeliaja, and E. Hajrizi, “Application of biometric models of authentication in mobile equipment,” IFAC-PapersOnLine, vol. 52, no. 25, pp. 543–546, 2019, doi: 10.1016/j.ifacol.2019.12.602.
[25]T. W. Paper, “TECHNICAL WHITE PAPER ENABLING BIOMETRICS FOR MOBILE APPLICATION Comparing Nok Nok S3 Authentication ENABLING BIOMETRICS FOR MOBILE APPLICATION AUTHENTICATION.”
[26]T. Update, “Biometric Authentication : IRIS image Capture , Storage and Processing,” no. January, pp. 31–33, 2012.
[27]A. K. Tiwari, R. Agarwal, and S. Goyal, “Biometric Authentication for Mobile Banking Security,” SSRN Electron. J., no. September, 2014, doi: 10.2139/ssrn.2438213.
[28]S. P. A. K. Jain, r. Bolle, Biometrics: Personal Identification in Networked Security. 1999.
[29]A. K. Jain, P. Flynn, and A. A. Ross, Handbook of Biometrics Handbook of Biometrics. 2007.
[30]Vic Berger, “Biometrics Security Technology: The Future Now,” 2007.
[31]S. Wang and J. Liu, “Biometrics on mobile phone,” Recent Appl. Biometrics, 2011, doi: 10.5772/17151.
[32]G. Lovisotto, R. Malik, I. Sluganovic, M. Roeschlin, P. Trueman, and I. Martinovic, “Mobile Biometrics in Financial Services: A Five Factor Framework,” 2017, [Online]. Available: https://www.cs.ox.ac.uk/files/9113/Mobile Biometrics in Financial Services.pdf.
[33]Leila Zoubida, Réda Adjoudj,"Integrating Face and the Both Irises for Personal Authentication", International Journal of Intelligent Systems and Applications, Vol.9, No.3, pp.8-17, 2017.
[34]Vanaja Roselin.E.Chirchi, Laxman.M.Waghmare,"Iris Biometric Authentication used for Security Systems", International Journal of Image, Graphics and Signal Processing, vol.6, no.9, pp.54-60, 2014.
[35]Khaja Mizbahuddin Quadry, A Govardhan, Mohammed Misbahuddin, "Design, Analysis, and Implementation of a Two-factor Authentication Scheme using Graphical Password", International Journal of Computer Network and Information Security, Vol.13, No.3, pp.39-41, 2021.
[36]S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, and S. Ben-David, “Biometric authentication on a mobile device,” p. 159, 2012, doi: 10.1145/2420950.2420976.
[37]R. M. Bolle, J. H. Connell, S. Pankanti, N. K. Ratha, and A. W. Senior, Guide to Biometrics. 2004.
[38]J. Wayman, A. Jain, D. Maltoni, and D. Maio, “An Introduction to Biometric Authentication Systems,” Biometric Syst., pp. 1–20, 2005, doi: 10.1007/1-84628-064-8_1.
[39]S. Sanderson and J. H. Erbetta, “Authentication for secure environments based on Iris scanning technology,” IEE Colloq., no. 18, pp. 53–59, 2000, doi: 10.1049/IC:20000468.
[40]A. Bal and A. Acharya, “Biometric authentication and tracking system for online examination system,” 2011 Int. Conf. Recent Trends Inf. Syst. ReTIS 2011 - Proc., pp. 209–213, 2011, doi: 10.1109/RETIS.2011.6146869.
[41]A. Laghari, W. Waheed-Ur-Rehman, and Z. A. Memon, “Biometric authentication technique using smartphone sensor,” Proc. 2016 13th Int. Bhurban Conf. Appl. Sci. Technol. IBCAST 2016, pp. 381–384, 2016, doi: 10.1109/IBCAST.2016.7429906.
[42]J. L. WAYMAN, “FUNDAMENTALS OF BIOMETRIC AUTHENTICATION TECHNOLOGIES,” http://dx.doi.org/10.1142/S0219467801000086, vol. 01, no. 01, pp. 93–113, 2011, doi: 10.1142/S0219467801000086.
[43]Q. Tao and R. Veldhuis, “Biometric authentication system on mobile personal devices,” IEEE Trans. Instrum. Meas., vol. 59, no. 4, pp. 763–773, 2010, doi: 10.1109/TIM.2009.2037873.
[44]A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, “A survey on behavioral biometric authentication on smartphones,” J. Inf. Secur. Appl., vol. 37, pp. 28–37, 2017, doi: 10.1016/J.JISA.2017.10.002.
[45]W. Yang, S. Wang, J. Hu, G. Zheng, and C. Valli, “Security and Accuracy of Fingerprint-Based Biometrics: A Review,” Symmetry 2019, Vol. 11, Page 141, vol. 11, no. 2, p. 141, 2019, doi: 10.3390/SYM11020141.
[46]S. Jabin and F. J. Zareen, “Biometric signature verification,” Int. J. Biom., vol. 7, no. 2, pp. 97–118, 2015, doi: 10.1504/IJBM.2015.070924.
[47]A. El-Sisi, “Design and Implementation Biometric Access Control System Using Fingerprint for Restricted Area Based on Gabor Filter,” Int. Arab J. Inf. Technol., vol. 8, no. 4, 2011.
[48]V. Conti, M. Collotta, G. Pau, and S. Vitabile, “Usability analysis of a novel biometric authentication approach for android-based mobile devices,” J. Telecommun. Inf. Technol., vol. 2014, no. 4, pp. 34–43, 2014.
[49]S. Sawarkar, “Finger Print Matching Algorithm for Android,” Int. J. Eng. Res. Technol., vol. 02, no. 10, pp. 3819–3823, 2013, [Online]. Available: www.ijert.org.
[50]J. Hu, L. Peng, and L. Zheng, “XFace: A Face Recognition System for Android Mobile Phones,” Proc. - 3rd IEEE Int. Conf. Cyber-Physical Syst. Networks, Appl. CPSNA 2015, pp. 13–18, 2015, doi: 10.1109/CPSNA.2015.12.
[51]M. De Marsico, C. Galdi, M. Nappi, and D. Riccio, “FIRME: Face and iris recognition for mobile engagement,” Image Vis. Comput., vol. 32, no. 12, pp. 1161–1172, 2014, doi: 10.1016/J.IMAVIS.2013.12.014.
[52]G. Lovisotto, R. Malik, I. Sluganovic, M. Roeschlin, P. Trueman, and I. Martinovic, “Mobile Biometrics in Financial Services: A Five Factor Framework.”
[53]L. Fridman, S. Weber, R. Greenstadt, and M. Kam, “Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location,” IEEE Syst. J., vol. 11, no. 2, pp. 513–521, 2017, doi: 10.1109/JSYST.2015.2472579.
[54]E. B. Fernandez, M. M. Larrondo-Petrie, and A. E. Escobar, “Contexts and context-based access control,” Third Int. Conf. Wirel. Mob. Commun. 2007, ICWMC ’07, pp. 73–78, 2007, doi: 10.1109/ICWMC.2007.30.
[55]C. J. Tsai, C. C. Peng, M. L. Chiang, T. Y. Chang, W. J. Tsai, and H. S. Wu, “Work in progress: A new approach of changeable password for keystroke dynamics authentication system on smart phones,” Proc. 2014 9th Int. Conf. Commun. Netw. China, CHINACOM 2014, pp. 353–356, 2015, doi: 10.1109/CHINACOM.2014.7054316.
[56]C. C. Teo and H. F. Neo, “Behavioral fingerprint authentication: The next future,” ACM Int. Conf. Proceeding Ser., vol. Part F128534, pp. 1–5, 2017, doi: 10.1145/3093293.3093296.
[57]K. B. Raja, R. Raghavendra, M. Stokkenes, and C. Busch, “Multi-modal authentication system for smartphones using face, iris and periocular,” Proc. 2015 Int. Conf. Biometrics, ICB 2015, no. June, pp. 143–150, 2015, doi: 10.1109/ICB.2015.7139044.
[58]M. Said, K. Mohamed, A. Elshenawy, and M. EZZ, “A SURVEY ON SMARTPHONE PROTECTING IDENTIFICATION AGAINST ATTACKS USING BIOMETRIC AUTHENTICATION SYSTEMS,” J. Al-Azhar Univ. Eng. Sect., vol. 16, no. 59, pp. 288–299, 2021, doi: 10.21608/AUEJ.2021.166649.
[59]M. A. S. Bubukayr and M. A. Almaiah, “Cybersecurity Concerns in Smart-phones and applications: A survey,” in 2021 International Conference on Information Technology (ICIT), 2021, pp. 725–731, doi: 10.1109/ICIT52682.2021.9491691.
[60]D. Kunda and M. Chishimba, “A Survey of Android Mobile Phone Authentication Schemes,” Mob. Networks Appl. 2018, pp. 1–9, 2018, doi: 10.1007/S11036-018-1099-7.
[61]L. M. Mayron, “Biometric Authentication on Mobile Devices,” IEEE Secur. Priv., vol. 13, no. 3, pp. 70–73, 2015, doi: 10.1109/MSP.2015.67.
[62]Q. Su, J. Tian, X. Chen, and X. Yang, “A Fingerprint Authentication System Based on Mobile Phone,” Lect. Notes Comput. Sci., vol. 3546, pp. 151–159, 2005, doi: 10.1007/11527923_16.
[63]S. S. Mudholkar, “Biometrics Authentication Technique for Intrusion Detection Systems Using Fingerprint Recognition,” Int. J. Comput. Sci. Eng. Inf. Technol., vol. 2, no. 1, pp. 57–65, 2012, doi: 10.5121/IJCSEIT.2012.2106.
[64]F. Karegar, J. S. Pettersson, S. Fischer-Hübner, and S. Fischer, “Fingerprint Recognition on Mobile Devices: Widely Deployed, Rarely Un-derstood,” 2018, doi: 10.1145/3230833.3234514.
[65]B. A. Oke, O. M. Olaniyi, A. A. Aboaba, and O. T. Arulogun, “Multifactor authentication technique for a secure electronic voting system,” Electron. Gov., vol. 17, no. 3, pp. 312–338, 2021, doi: 10.1504/EG.2021.115999.
[66]J. Priesnitz, C. Rathgeb, N. Buchmann, C. Busch, and M. Margraf, “An overview of touchless 2D fingerprint recognition,” Eurasip J. Image Video Process., vol. 2021, no. 1, 2021, doi: 10.1186/S13640-021-00548-4.
[67]Y. H. Jo, S. Y. Jeon, J. H. Im, and M. K. Lee, “Security analysis and improvement of fingerprint authentication for smartphones,” Mob. Inf. Syst., vol. 2016, 2016, doi: 10.1155/2016/8973828.
[68]V. Matyáš and Z. Říha, “Biometric Authentication — Security and Usability,” no. April 2016, pp. 227–239, 2002, doi: 10.1007/978-0-387-35612-9_17.
[69]E. Pagnin and A. Mitrokotsa, “Privacy-Preserving Biometric Authentication: Challenges and Directions,” 2017, doi: 10.1155/2017/7129505.
[70]E. Marasco and B. Cukic, “Privacy protection schemes for fingerprint recognition systems,” Biometric Surveill. Technol. Hum. Act. Identif. XII, vol. 9457, p. 94570D, 2015, doi: 10.1117/12.2178978.
[71]W. Yang, S. Wang, J. Hu, G. Zheng, and C. Valli, “A fingerprint and finger-vein based cancelable multi-biometric system,” Pattern Recognit., vol. 78, pp. 242–251, 2018, doi: 10.1016/J.PATCOG.2018.01.026.
[72]C. Kauba et al., “Towards Using Police Officers’ Business Smartphones for Contactless Fingerprint Acquisition and Enabling Fingerprint Comparison against Contact-Based Datasets,” Sensors MDPI, vol. 21, no. 7, 2021, doi: 10.3390/s21072248.
[73]S. K. Ganiyev and Z. T. Khudoykulov, “Biometric cryptosystems: Open issues and challenges,” 2016 Int. Conf. Inf. Sci. Commun. Technol. ICISCT 2016, 2016, doi: 10.1109/ICISCT.2016.7777408.
[74]J. N. Pato and L. I. Millett, “Biometric recognition: Challenges and opportunities,” Biometric Recognit. Challenges Oppor., pp. 1–182, 2010, doi: 10.17226/12720.
[75]R. Bansal, P. Sehgal, and P. Bedi, “Minutiae Extraction from Fingerprint Images-a Review,” IJCSI Int. J. Comput. Sci., 2011, [Online]. Available: www.IJCSI.org.
[76]M. M. H. Ali, V. H. Mahale, P. Yannawar, and A. T. Gaikwad, “Overview of fingerprint recognition system,” Int. Conf. Electr. Electron. Optim. Tech. ICEEOT 2016, pp. 1334–1338, 2016, doi: 10.1109/ICEEOT.2016.7754900.
[77]U. Rajanna, A. Erol, and G. Bebis, “A comparative study on feature extraction for fingerprint classification and performance improvements using rank-level fusion,” Pattern Anal. Appl. 2009 133, vol. 13, no. 3, pp. 263–272, 2009, doi: 10.1007/S10044-009-0160-3.
[78]P. Gnanasivam and S. Muttan, “An efficient algorithm for fingerprint preprocessing and feature extraction,” Procedia Comput. Sci., vol. 2, pp. 133–142, 2010, doi: 10.1016/J.PROCS.2010.11.017.
[79]R. Kaur, P. S. Sandhu, and A. Kamra, “A novel method for fingerprint feature extraction,” ICNIT 2010 - 2010 Int. Conf. Netw. Inf. Technol., pp. 1–5, 2010, doi: 10.1109/ICNIT.2010.5508569.
[80]S. A. Lone and A. H. Mir, “A stable and secure one-time-password generation mechanism using fingerprint features,” Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 9, pp. 2431–2438, 2019, doi: 10.35940/ijitee.i8919.078919.
[81]G. B. Iwasokun and O. C. Akinyokun, “Fingerprint Singular Point Detection Based on Modified Poincare Index Method,” Int. J. Signal Process. Image Process. Pattern Recognit., vol. 7, no. 5, pp. 259–272, 2014, doi: 10.14257/ijsip.2014.7.5.23.
[82]F. Magalhães, H. P. Oliveira, and A. C. Campilho, “A new method for the detection of singular points in fingerprint images,” in 2009 Workshop on Applications of Computer Vision, WACV 2009, 2009, pp. 0–5, doi: 10.1109/WACV.2009.5403106.
[83]V. Conti, “Biometric Authentication Overview: a Fingerprint Recognition Sensor Description,” Int. J. Biosens. Bioelectron., vol. 2, no. 1, pp. 26–31, 2017, doi: 10.15406/ijbsbe.2017.02.00011.
[84]D. Zabala-Blanco, M. Mora, R. J. Barrientos, R. Hernández-García, and J. Naranjo-Torres, “Fingerprint classification through standard and weighted extreme learning machines,” Appl. Sci., vol. 10, no. 12, 2020, doi: 10.3390/APP10124125.
[85]R. Kumar, “Orientation Local Binary Pattern Based Fingerprint Matching,” SN Comput. Sci., vol. 1, no. 2, 2020, doi: 10.1007/s42979-020-0068-y.
[86]Y. Li, M. Mandal, and C. Lu, “Singular point detection based on orientation filed regularization and poincaré index in fingerprint images,” in ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings, 2013, pp. 1439–1443, doi: 10.1109/ICASSP.2013.6637889.
[87]J. Brooke, “SUS: a “quick and dirty’usability,” in Usability evaluation in industry, 1996, pp. 189–194.
[88]Jeff Sauro, “MeasuringU: Measuring Usability with the System Usability Scale (SUS),” 2011. https://measuringu.com/sus/.
[89]N. Thomas, “How To Use The System Usability Scale (SUS) To Evaluate The Usability Of Your Website - Usability Geek.” 2020, [Online]. Available: https://usabilitygeek.com/how-to-use-the-system-usability-scale-sus-to-evaluate-the-usability-of-your-website/.