No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Technical issues and challenges of biometric applications as access control tools of information security
Abstract
Recent advances in biometric technologies coupled with the increased threats in information security has proliferated the applications of biometric systems to safeguard information and its supporting processes, systems and infrastructures. This paper discusses the technical issues and challenges faced by biometric technologies within the physical and logical access control applications of information security. The discussion includes concerns on the system performances with regard to robustness to the actual operating environment and recognition capability of different biometric traits. It also addresses various security threats which include spoofing and replay attacks. In addition, this paper highlights the challenges in interoperability as well as needs for reliable testing and reporting. The overall discussions provide imperative insights for an effective tradeoff and risk management analyses in information security policy and decision making.
... Biometric attendance systems have been globally applied to a great extent by various organizations in the management of employee attendance through maintaining attendance records of people in an institution or an organization (Bais et al., 2016). The technology has gained popularity due to its simplicity of use and ability to identify each person specifically, which has persuaded numerous businesses to implement it (Ahmad et al., 2012). Biometric technology has been designed with the ability to recognize people's unique physiological and behavioral characteristics, and hence it can be applied to monitoring employee attendance efficiently (Mir et al., 2018). ...
... Hand geometry, hand vein, ear shape, fingerprints, retina, iris, and facial recognition systems are examples of physiological-based biometric systems (Hoo & Ibrahim, 2019). On the other hand, behavioral biometric qualities, such as voice recognition, keystroke dynamics, signature verification, and gait analysis, were taught and gained over time before stabilizing (Ahmad et al., 2012). ...
... According to Dey et al. (2014), the biometric attendance system was initially applied through the use of fingerprints or face images/video. In Tanzania, the introduction of biometric attendance systems can be traced back to the 2005's when law enforcement agencies applied the systems purposed for identifying criminals through fingerprint recognition (Ahmad et al., (2012). The organizations or companies in Tanzania are feeding the biometric data of their e-2546-1982 p-0856-7263 employees into the devices, and then this data is used as the reference for authenticating the right employee for making attendance on the device. ...
Using a biometric attendance system is vital for systematically managing staff attendance. Despite the significance of this system, however, there are technological challenges restraining the effective implementation of the system in many organisations in Tanzania. In this regard, the researcher intends to assess the challenges of biometric attendance systems implementation in public sectors in Tanzania, a case of the National Housing Corporation (NHC). The sample 205 employees were sampled from a total of 431 NHC employees. The study employed a descriptive research design and quantitative research approach to meet the study objective. Stratified random sampling and simple random sampling techniques were used to select a sample for the study. Data were collected using structured questionnaires and were analysed through descriptive statistics analysis with the aid of SPSS version 22. The study found that technological factors affect the implementation of the biometric attendance system at NHC. The findings categorically found that electricity/power supply also influences or affects biometric attendance system implementation at NHC with the mean score of M=3.80 and S. D=0.495. The findings imply that electricity/power supply affects biometric attendance system implementation and can affect the whole process of employee attendance. The study recommends that training employees at NHC on the proper usage of the biometric system should continue. NHC staff are recommended to be ready to accept new technology as resistance deters effective achievement of the purpose of purchasing biometric systems. Lastly, leaders at NHC should be the first pioneer to use biometrics for followers to follow them.
... Biometrics characteristics include fingerprints, veins, palm veins, iris, retina, face, voice, and handwritten signature. The patterns of blood vessels in the palm finger are so different that no two or more individuals possess the same, and this can serve as a trusted security system (Ahmad, Ali & Adnan 2012). Biometrics is still in its early stages in developing countries, but it has been developed and adopted by businesses to increase the security and efficiency of the adopter's operations (Agidi 2018). ...
... In addition, a factor that can contribute towards the challenges of adopting biometrics is too much time and money spent to educate people who are technologically and biometrically illiterate (Ahmad et al. 2012). New deployments or the premature phase of biometric technology are quite similar to the introduction of any other system, since it might take a while for general users to accept it, depending on the system's impact on them (Wayman et al. 2005). ...
... Any form of change in the customers finger (a user cuts him-/herself by mistake) may lead to the users being denied access to their respective systems that has been created by the users with their normal fingerprint (Ahmad et al. 2012). ...
Background: Over the years, attention has been focused on digital banking and financial technology with little or no attention being paid to biometric banking technology.
Objective: The study aimed to investigate the need for security and simplicity in the authentication of retail payments, digital banking and financial technology through the application of biometric systems.
Method: The study employed quantitative research methodology and a response rate of 52% was achieved. A set of questionnaires was distributed for data collection.
Results: The study’s findings indicated it is imperative for all businesses that participate in financial businesses to fully implement the best possible security measures or systems to ensure or enhance security for financial business activities.
Conclusion: Based on the findings of the study, it is recommended that businesses must adopt the new innovative and secured mechanisms of financial dealings to enhance innovation, security and flexibility.
... Typically, a biometric system consist of the following subsystems: sensing, feature, extraction, template matching and output [12]. Its operation is basically of two phases, which are: enrolment and recognition [13][14][15] as shown in Fig. 3. Fig. 3 Componets of a biometric system [15]. ...
... Typically, a biometric system consist of the following subsystems: sensing, feature, extraction, template matching and output [12]. Its operation is basically of two phases, which are: enrolment and recognition [13][14][15] as shown in Fig. 3. Fig. 3 Componets of a biometric system [15]. ...
The use of Radio Frequency Identification (RFID) system for security purposes is becoming increasingly common because of the cost effectiveness of the technology. This paper has presented an anti-theft system for car security using RFID. The system combines Arduino Uno module and RFID technologies. Initial design was carried out using Proteus software for implementing the Arduino electronic circuit. Serial communication link exists between the RFID and the Arduino. An immobilizer that ensured that the car engine stops if other strategies fail was incorporated as security strategy. The system was built considering cost effectiveness and operational efficiency.
... Biometric systems aim at univocally identifying a person (or actually any other biological organisms) from its biosignals [36] or behavioural characteristics [1]. These biosignals are traces of information, whether static or dynamic, sensed from the organism body, e.g. ...
... Biometric traces include fingerprint, voice or facial recognition [31,34]. Exemplary applications may include online banking for payment authorization and identity verification [31], governance for authentication services for citizens, access to government facilities or education for servicing students [1]. For a discussion in greater length, the reader is directed to the wealth of existing literature on the topic e.g. ...
Synchronization of chaotic signals often considers a master-slave paradigm where a slave chaotic system is required to follow the master also chaotic. Most times in literature both systems are known, but synchronization to some unknown master has a potentially large range of applications, for example, EEG based authentication. We aim to test the feasibility of fuzzy control to systematically synchronize a chaotic EEG record. In this chapter, we study the suitability of two chaotic systems and the companion fuzzy control strategies under complete and projective synchronization to synchronize to EEG records. We used two public EEG datasets related to the genetic predisposition to alcoholism and with detecting emotions respectively. We present a comparative study among fuzzy control strategies for synchronization of chaotic systems to EEG records on selected datasets. As expected, we observed success and failures alike on the synchronization highlighting the difficulty in achieving this kind of synchronization, but we interpret this as advantageous for purposes of the suggested domain application. With successful synchronizations, we confirm that synchronization is feasible. With unsuccessful synchronizations, we illustrate that synchronization of chaotic systems does not follow a simple one-size-fits-all recipe and we attempt to gain insight for future research. The same chaotic system may succeed or fail depending on its companion type of synchronization and controller design. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
... Some of these issues can be addressed by implementing multimodal biometric systems that incorporate data from many sources. In these circumstances, attempting to increase individual match performance will be futile due to the inherent difficulties, (Ahmad , 2012). By giving several proofs of the same identification, multi-biometric systems tend to reduce some of these limitations. ...
... However, numerous domain experts believe that an effective fusion approach is needed to integrate the data (Solayappan & Latifi, 2006). A person's biometric traits are discreet and unique when it comes to biometrics, (Ahmad, 2012). Some of these traits are tough to imitate. ...
In response to the increased demand for more effective authentication methods, the usage of biometric authentication to secure systems against unwanted access has grown. Because of the recent COVID-19 pandemic outbreak, any direct physical contact with the system should be avoided. Furthermore, current authentication systems lack the necessary security features, making them vulnerable to cyber risks such as forgery by unethical employees and unauthorized users. The goal of this paper is to investigate the existing biometric authentication systems and propose the best security models to overcome the weaknesses of existing technologies. The study employed mixed methodology, which was qualitative and quantitative in nature and relied on primary and secondary sources of data. The researcher collected the data from a population of 300 staff of Mount Kenya University with a sample size of 169 respondents. The R2 value on the relationship between the studied dependent and independent variables was R2 = 0.792 showing a good fit of the model since is greater than 50% of the test item used in the case study. Therefore the study recommends that institutions to implement a contactless biometric system to eliminate physical contact and use multimodal system that will help overcome the existing challenges associated with unimodal systems. There are still gaps for future researchers where they need to focus on the various decision algorithms that are best efficient in verifying users before they are authenticated in the system.
... Typically, a biometric system consist of the following subsystems: sensing, feature, extraction, template matching and output [12]. Its operation is basically of two phases, which are: enrolment and recognition [13][14][15] as shown in Fig. 3. Fig. 3 Componets of a biometric system [15]. ...
... Typically, a biometric system consist of the following subsystems: sensing, feature, extraction, template matching and output [12]. Its operation is basically of two phases, which are: enrolment and recognition [13][14][15] as shown in Fig. 3. Fig. 3 Componets of a biometric system [15]. ...
The use of Radio Frequency Identification (RFID)system for security purposes is becoming increasingly common because of the cost effectiveness of the technology. This paper has presented an anti-theft system for car security using RFID. The system combines Arduino Uno module and RFID technologies. Initial design was carried out using Proteus software for implementing the Arduino electronic circuit. Serial communication link exists between the RFID and the Arduino. An immobilizer that ensured that the car engine stops if other strategies fail was incorporated as security strategy. The system was built considering cost effectiveness and operational efficiency.
... Some of these limitations can be addressed through the deployment of multimodal biometric systems that incorporate evidence from various sources of data. Because of these inherent issues, attempting to enhance the performance of individual matches in these circumstances cannot prove successful (Ahmad et al., 2012). ...
... According to (Ahmad et al., 2012), a person's biometric characteristics are discrete and unique. Some of these characteristics are difficult to replicate or manufacture precisely. ...
... In a laboratory scenario however, it is also possible to experimentally present a forged trait to a prototype biometric scanner for purely research purposes; such a well-intentioned fake trait is called an artefact. Spoofing is the ability to deceive a biometric system to the point of recognizing an unauthorized user as a genuine one by means of presenting a stolen, copied, forged or synthetically replicated version of the original biometric trait to the biometric sensor [11], [12], [13]. Biometric spoofing has several consequences on the system and can occur on any biometric type irrespective of whether it is physiological or behavioural in nature. ...
... This and other reported incidences of successful attacks on facial recognition cameras and fingerprint scanners through the submission of fake traits have led to the classification of spoofing as a major threat capable of curtailing the security of biometric authentication systems [16], [18], reduce their reliability [19], and deepen biometric apathy. The feasibility of a spoof attack is much higher than other types of attacks against biometric systems, as it does not require any internal knowledge of the system, such as the feature extraction and/or the matching algorithm used [11]. With the rising deployment of biometric systems in various applications, there are increasing concerns about the potentially catastrophic impact of spoofing or presentation attacks especially for mission critical applications. ...
Despite their advantages over password-based and token-based authentication, Biometric Authentication Systems (BAS) are not perfect. They are particularly vulnerable to spoofing, also called Suspicious Presentation (SP) attacks whereby an impostor presents a fake trait to the biometric scanner during verification. Spoofing has a critical impact on system security leading to a trust deficit on biometric systems with weak anti-spoofing mechanisms. Mitigating biometric spoofing is a possibility, hence several techniques have evolved in recent times including multi-biometrics, biometric cryptography and Liveness Detection (LD)-also called Suspicious Presentation Detection (SPD). Unfortunately, nearly all known LD techniques exhibit a fundamental set of flaws – they are mostly uni-modal, easily predictable by a well-equipped impostor, and can be circumvented by well-crafted SP attacks. This paper presents the Multi-Modal Random Trait Biometric Liveness Detection System (MMRTBLDS) framework, as an alternative approach that implements LD using multiple traits each acquired from separate modalities of the same subject combined in a randomized manner. The strength of the framework lays in the impostor’s inability to accurately predict the exact set of randomized trait parameter combinations in advance of LD. The framework employs a 3D simulation of fifteen liveness parameters, composed of three each from finger, face and iris traits, based on random number generation. Simulation results obtained using 125 distinct randomized combinations show significant improvements in biometric authentication security with a system efficiency of 99.2%.
... Biometric system recognizes an individual based on a feature vector extracted from physiological or behavioral characteristic that belongs to the person [1,2]. Biometric is one of the emerging techniques that has two main modes of a biometric system [3], firstly, the Identification Mode, which means comparing the target biometric data with all the data available in the system, or simply one that can be translated into this question: "Who are you?", or it performs a one-to-many (1:N) match. Generally, this mode consumes much time because it needs to do many comparison operations. ...
... The purpose of user identification is to search the closest matching identity. This type of biometric authentication is normally used in surveillance and forensic applications [3]. The second mode of biometric system is the Verification Mode, which is based on this question: "Are you who you claim to be?". ...
Human being authentication by offline handwritten signature biometric research has been increasing, especially in the last decade. Verification process of an offline handwritten signature is not trivial task, because an individual rarely signs exactly the same signature whenever he/she signs, which is referred to as intra-user variability. The objective of this paper is proposing a feature vector of an offline handwritten signature by using an efficient algorithm as a strong feature extraction namely Histogram Orientation Gradient (HOG), in order to be passed into Support Vector Machine (SVM) classifier for the recognition operation. An experiment has been conducted to estimate the accuracy and performance of the proposed algorithm by using SIGMA database, which has more than 6,000 genuine and 2,000 forged signature samples taken from 200 individuals. The result has given accuracy as 96.8% as successful rate coming from the error type as: False Accept Rate (FAR) is 3% and False Reject Rate (FRR) is 3.35%.
... Despite the evident merits of voice biometrics, its widespread deployment remains limited due to various challenges faced by contact centers. These challenges encompass issues of customer adoption, with privacy concerns leading to reluctance among a substantial portion of callers to generate their voiceprints [4,5]. This results in a significant proportion of callers remaining unregistered. ...
In recent times, there has been a growing emphasis on adjusting communication strategies to foster strong customer relationships. This shift is driven by intensified competition, market maturation, and swift advancements in business technology. Consequently, companies have established call centers to efficiently handle customer support and fulfil customer inquiries. A pivotal aspect of enhancing service quality within these call centers involves accurately identifying customers during their interactions. The primary objective of this study is to introduce a methodology for identifying customers within call centers by analyzing their voice characteristics. Voice authentication (VA) has gained prominence in critical security operations, including banking transactions and conversations within call centers. The susceptibility of automatic speaker verification systems (ASVs) to deceptive spoofing attacks has prompted the development of countermeasures (CMs). These countermeasures are designed to differentiate between authentic and fabricated speech. ASVs and CMs collectively constitute contemporary VA systems, positioned as robust access control mechanisms. To achieve this goal, various customer identification systems within call centers have been examined, along with an analysis of audio signal attributes. Ultimately, the manuscript presents a novel approach to customer identification through voice biometrics. Notably, this method excels in recognizing customers even when provided with limited voice data. Empirical findings demonstrate that the suggested speaker identity confirmation method outperforms alternative techniques utilizing different algorithms, exhibiting a higher recognition rate. The present research work is based on two important perspectives of the call centres: a. call center agents experience and b. customer experience. The data collected separately from customers and agents for understanding the effective usage of voice biometric system in call centres. The data represented and satisfies the effectiveness of voice biometric system from both the perspectives. From the data it is also cleared that, the implementation of voice biometric system in call centres still have long way to go but will be a major technological change for the industries worldwide.
... Firstly, the resilience of diverse operating environments is considered a significant technical challenge for future biometric systems. [21]. Secondly, the endeavor to develop efficient and secure biometric authentication systems that can withstand impersonation attacks, guarantee the non-reversibility of biometric templates, and safeguard the privacy of personal information is critical [22]. ...
... Access Control Tools. Access control tools (17) are used to manage user privileges and permissions, ensuring that users only have access to the data they need to perform their job functions. They are typically used to enforce security policies and to prevent unauthorized access to the database. ...
Vulnerabilities refer to weaknesses or gaps in a system's security or defenses that can be exploited by potential threats or attackers. Vulnerabilities can be present in various components of a system, including hardware, software, network infrastructure, and human factors such as weak passwords or lack of security
awareness. The existence of vulnerabilities increases the likelihood of a successful attack or breach, which can result in various negative consequences, such as loss of confidential data, financial damage, legal liability, and damage to reputation.
To mitigate risks associated with vulnerabilities, it's essential to identify and assess them proactively, prioritize them based on their potential impact, and take appropriate measures to address them, such as applying security patches, implementing security controls, conducting security training, and developing
incident response plans. Regular security testing and audits can also help to detect and address vulnerabilities before they are exploited.Here we will talk about relational database vulnerabilities.
... Law enforcement agencies were the first to adopt biometric systems in the 1970s to investigate criminals through fingerprint recognition [18,19]. However, with the current biometric technologies advancement, in parallel with the growth of threats in information security, biometric application systems have proliferated into the physical and logical access control domains [2,48]. This kind of system gains attraction because the cost of biometric capture machines is low [28,35,61]. ...
Finger vein patterns contain highly discriminative characteristics, which are difficult to be forged due to residing underneath the skin. Several pieces of research have been carried out in this field but there is still an unresolved issue when data capturing and processing is of low quality. Low-quality data have caused errors in the feature extraction process and reduced identification performance rate in finger vein identification. The objective of this paper is to address this issue by presenting two methods, a new image enhancement, and a feature extraction method. The image enhancement, Composite Median-Wiener (CMW) filter, improves image quality and preserves the edges. Moreover, the feature extraction method, Hierarchical Centroid Feature Method (HCM), is fused with the statistical pixel-based distribution feature method at the feature-level fusion to improve the performance of finger vein identification. These methods were evaluated on public SDUMLA-HMT and FV-USM finger vein databases. Each database was divided into training and testing sets. The average result of the experiments conducted was taken to ensure the accuracy of the measurements. The k-Nearest Neighbor classifier with city block distance to match the features was implemented. Both these methods produced accuracy as high as 97.64% for identification rate and 1.11% of equal error rate (EER) for measures verification rate. These showed that the accuracy of the proposed finger vein identification method is higher than the existing methods. The results have proven that the CMW filter and HCM have significantly improved the accuracy of finger vein identification.
... Biometric systems rely on measurable physiological or Smith Orode Otuagoma, Ikponmwosa Oghogho, Ebimene Ezekiel Ebisine, Okieke Ufuoma Jeffrey, Uzonna Gabriel Anamonye, Oyubu Akpovi Oyubu, Anthony Onoharigho Okpare, Ogheneakpobo Jonathan Eyenubo, Gabriel Ilori Efenedo, Kazeem Ufuoma Okpeki, Franklin F. Emefile International Journal of Engineering Science Technologies 54 behavioral characteristics that can be utilized to identify or verify the identity of an individual. Ahmad et al. (2010) Ahmad et al. (2012), clarified that physiological-based biometric systems include fingerprints, retina, iris, hand geometry, hand vein etc. These features are consistent on an individual for long periods of time. ...
The need to drastically reduce the delay faced by patients before they receive treatment in the University Clinic and the need to reduce the occurrence of medical mistakes due to patient’s misidentification led to this work which aimed at developing a hospital biometric data management system.Java was the programming language of choice and Netbeans was the Integrated Development Environment (IDE) used to design the Graphical User Interphase (GUI) and write codes. For the backend database, MySQL was used for demonstration purposes. The analytical diagrams were drawn using VioletUMLEdit. The Griaule Fingerprint Software Development Kit (SDK) was used to implement the fingerprint capture, enrollment, identification and verification features of the software.The tests and results obtained showed that with this hospital management system, the time taken to retrieve patient’s record has been reduced from several minutes to less than five seconds thereby eliminating the delay experienced by patients during search of their records. The problem of medical mistakes due to patient’s misidentification was also addressed by the biometric feature of the management system.
... These systems are vulnerable due to their components, such as capture devices, communication channels, and databases. It is essential to improve these issues to work efficiently enough [62]. ...
Educational institutions are acquiring novel technologies to help make their processes more efficient and services more attractive for both students and faculty. Biometric technology is one such example that has been implemented in educational institutions with excellent results. In addition to identifying students, access control, and personal data management, it has critical applications to improve the academic domain's teaching/learning processes. Identity management system, class attendance, e-evaluation, security, student motivations, and learning analytics are areas in which biometric technology is most heavily employed. A literature review is performed to present an overview of biometric technology applications for educational purposes, challenges that must overcome to implement biometric technology, and potentially foreshadowing trends effectively. The future seems promising for biometric technology; the biometric technology market is expected to reach a value of USD 94 billion by 2025 at a compound annual growth rate of 36%. New characteristics are under development for commercial applications, such as vascular pattern recognition, ear shape recognition, facial thermography, odor sensing, gait recognition, heartbeat authentication, brain waves, and human body bioacoustics. The biggest challenge this technology must overcome is security and privacy issues, which must be addressed to fully develop the technology to its full potential. It is desirable that this literature review can provide researchers with a sound vision of the potential that biometric technology will have in education.
... Syed Ahmad et al. (2012) surmised that recent advances in biometric technologies coupled with the proliferation of increased threats in information security produced a management environment with plentiful opportunities for biometric applications. In the business domain, management applies biometric applications to safeguard both its information assets and its internal physical and logical access control systems. ...
The purpose of this paper is to examine the factors that influence the adoption of palm vein technology by considering the healthcare managers' and physicians' perception, using the Unified Theory of Acceptance and Use of Technology theoretical foundation. I used an exploratory research design and a descriptive correlational method for this study. Because a causal model cannot be created without first understanding the nature of the relationships that may or may not exist among the variables, I used a cross-sectional survey to collect data from managers and physicias in the healthcare industry for a correlational analysis as a first step towards discerning where to focus and what variables to consider in a future causal analysis. I used a Pearson product-moment correlation coefficient to test the correlation between the perceived factors of perceived usefulness, complexity, and security, and the adoption of palm vein technology. The results showed that perceived usefulness and security are vital factors for adoption. Study limitations included purposive sampling from a single industry, and limited literature was available about managers' and physicians' perceptions of the adoption of palm vein technology. This study provided a base; however, more research is necessary on this subject. The focus of future research studies could be to test the theoretical model in a different country or to include demographic variables as mediating variables. With biometric technology becoming pervasive, the study offers insight into the essential factors that managers must consider in adopting palm vein technology. Dataset: Harvard Dataverse https://doi.org/10.7910/DVN/RSPAZQ 2 ORCid: https://orcid.org/0000-0002-7449-0837
... Syed Ahmad et al. (2012) surmised that recent advances in biometric technologies coupled with the proliferation of increased threats in information security produced a management environment with plentiful opportunities for biometric applications. In the business domain, management applies biometric applications to safeguard both its information assets and its internal physical and logical access control systems. ...
The purpose of this paper is to examine the factors that influence the adoption of palm vein technology by considering the healthcare managers' and physicians' perception, using the Unified Theory of Acceptance and Use of Technology theoretical foundation. I used a quantitative approach for this study through which I utilized an exploratory research design. I distributed a cross-sectional survey to responders who were managers and physicians in the healthcare industry and who had previous experience with palm vein technology. The perceived factors that I tested for correlation with adoption were perceived usefulness, complexity, and security. I used a Pearson product-moment correlation coefficient to test the correlation between the perceived factors and the adoption of palm vein technology. The results showed that perceived usefulness and security are vital factors for adoption. Study limitations included purposive sampling from a single industry (healthcare), and limited literature was available about managers' and physicians' perceptions of palm vein technology adoption in the healthcare industry. This study provided a base; however, more research is necessary on this subject. The focus of future research studies could be to test the theoretical model in a different country or to include demographic variables as mediating variables. The study offers insight into the essential factors that managers must consider in adopting palm vein technology. With biometric technology becoming pervasive, the study seeks to provide managers with insight into managing the adoption of palm vein technology. Dataset: Harvard Dataverse https://doi.org/10.7910/DVN/RSPAZQ
... Possession factors (something you have), can be in the form of ID cards, security tokens, or smartphones [8]. Inherence factors (something you are), also known as biometrics, are personal attributes such as fingerprints, faces, and sounds [9]. It is essential to state that some systems with more advanced security requirements can use location and time as a factor as well. ...
The purpose of Multi-factor Authentication is to create multiple layers of defense and make it more difficult for unauthorized people to access targets such as physical locations, computer equipment, networks, or databases. If one factor is compromised or destroyed, the attacker still has at least one more barrier to break before successfully breaking the target. Multifactor authentication is a system in which two or more different factors are used together to authenticate. Using more than one factor is sometimes called "strong affirmation." In general, multifactor methods demand various reactions to test requests and returns, such as "Something You Have," "Something You Know," and "Something You Are." The research method used is an interpretive approach that uses inductive reasoning associated with qualitative methods. The data source in this study is from the results of observations and secondary data that must be analyzed and interpreted before use. The system development method uses the wireless network development life cycle. Based on research that has been done, it is concluded that the design of user authentication based on Multi-factor Authentication is safe and user-friendly using the Something Something you know; in this section, users are required to enter a password that will be used when using wireless network services. Something you have, in this section, the user will get a one-time password (OTP) token that is obtained automatically from the OTP server sent by SMS or email to the users of wireless network services. Something you are, then in this section, the user is required to upload a photo of his face when registering wireless network services.
... In a unimodal system, one biometric modality is employed for authentication, e.g., palm print, fingerprint, footprint, face, knuckle, voice, etc. However, unimodal biometry systems suffer from numerous inabilities to tolerate malformed information (noise, device, environmental noise, physical appearance), hence multiple biometric modalities can be used to improve the accuracy of a biometric [6]. ...
Biometric authentication can establish a person’s identity from their exclusive features. In general, biometric authentication can vulnerable to spoofing attacks. Spoofing referred to presentation attack to mislead the biometric sensor. An anti-spoofing method is able to automatically differentiate between real biometric traits presented to the sensor and synthetically produced artifacts containing a biometric trait. There is a great need for a software-based liveness detection method that can classify the fake and real biometric traits. In this paper, we have proposed a liveness detection method using fingerprint and iris. In this method, statistical texture features and spatial analysis of the fingerprint pattern is utilized for fake or real classification. The approach is further improved by fusing iris modality with the fingerprint modality. The standard Haralick’s statistical features based on the gray level co-occurrence matrix (GLCM) and Neighborhood Gray-Tone Difference Matrix (NGTDM) are used to generate a feature vector from the fingerprint. Texture feature from iris is used to boost the performance of the proposed liveness detection method. For the fusion Dempster-Shafer (D-S) approach is used at the decision level. Experiments have been performed on ATVS dataset and LivDet2011 dataset. The results show the convincing and effective outcomes of the proposed method.
... Recently, many smartphones manufacturing companies have been focusing on implementing biometric technologies on smartphones (e.g., fingerprint, iris scanning, facial recognition). However, biometric systems are made up of vulnerable components such as capture devices, communication channels, and databases, which are susceptible to several attacks [34]. The protection of the biometric data is crucial since biometric systems introduce vulnerabilities that can be exploited by hackers to break into the system. ...
Emerging Mobile Cloud Computing (MCC) technologies offer a new world of promise by leveraging the quality of mobile services. With MCC, resource-constrained mobile devices could capitalize on the computation/storage resources of cloud servers via communication networks. While MCC adoption is growing significantly, several challenges need to be addressed to make MCC-based solutions scale and meet the ever-growing demand for more resource intensive applications. Security is a critical problem hindering the adoption of MCC. One of the most important aspects of MCC security is to establish authenticated communication sessions between mobile devices and cloud servers. The huge amount of data stored on mobile devices poses information security risks and privacy concerns for individuals, enterprises, and governments. The ability to establish authenticated communication sessions between mobile devices and cloud servers can resolve many security concerns. Limited computing and energy resources on mobile devices makes authentication and encryption a challenging task. In this paper, an overview of MCC authentication protocols is presented. Then, a Dual-Factor Authentication Protocol for MCC devices (D-FAP) is proposed. D-FAP aims at increasing authentication security by using multi-factors while offloading computation to the cloud to reduce battery consumption. The security of the protocol is formally verified and informal analysis is performed for various attacks. The results prove that the D-FAP is successful in mitigating various outsider and insider attacks.
... Acceptability refers to the extent to which individuals are amenable to the use of a distinct biometric identifier in their everyday lives; whereas, circumvention expresses how readily the system can be spoofed by employing deceptive tactics (Nirmal & Francis, 2014). Ahmad, Ali, and Adnan (2012) surmised that recent advances in biometric technologies coupled with the proliferation of increased threats in information security produced a management environment with copious opportunities for biometric applications. In the business domain, management applies biometric applications to safeguard both its information assets and its internal physical and logical access control systems. ...
The purpose of this paper is to examine the factors that influence the adoption of palm vein technology by considering the healthcare managers' and physicians' perception, using the Unified Theory of Acceptance and Use of Technology theoretical foundation. A quantitative approach was used for this study through which an exploratory research design was utilized. A cross-sectional questionnaire was distributed to responders who were managers and physicians in the healthcare industry and who had previous experience with palm vein technology. The perceived factors tested for correlation with adoption were perceived usefulness, complexity, security, peer influence, and relative advantage. A Pearson product-moment correlation coefficient was used to test the correlation between the perceived factors and palm vein technology. The results showed that perceived usefulness, security, and peer influence are important factors for adoption. Study limitations included purposive sampling from a single industry (healthcare) and limited literature was available with regard to managers' and physicians' perception of palm vein technology adoption in the healthcare industry. Researchers could focus on an examination of the impact of mediating variables on palm vein technology adoption in future studies. The study offers managers insight into the important factors that need to be considered in adopting palm vein technology. With biometric technology becoming pervasive, the study seeks to provide managers with the insight in managing the adoption of palm vein technology.
... Authentication in cloud computing is achieved by using the static passwords that do not offer any security to the user's present in the cloud. 5 Static password can be easily cracked by the hackers as they are non-complex passwords preferred by the users for their convenience. Therefore, static passwords must be replaced by the dynamic password schemes that provide 6 two way authentication in the cloud environment, and that should be cost effective both for the user and the provider as users cannot afford the device for the authentication. ...
... Authentication in cloud computing is achieved by using the static passwords that do not offer any security to the user's present in the cloud. 5 Static password can be easily cracked by the hackers as they are non-complex passwords preferred by the users for their convenience. Therefore, static passwords must be replaced by the dynamic password schemes that provide 6 two way authentication in the cloud environment, and that should be cost effective both for the user and the provider as users cannot afford the device for the authentication. ...
The ability of the Cloud to share information and provide certain services to the network linked people. The resources are provided according to the need of the user. In cloud, the user's data are moved to the large data storage, which must be secured. The various organization have expressed concerns about security aspects of cloud computing. One of the major perspectives is to provide security to one's data, which is stored remotely from the user's location. This paper describes an enhanced approach for the already used data security model in cloud environment. The proposed data security model includes generation of OTP using HMAC (Hash based message authentication code) for user authentication process. This paper also includes a comparative MD5 and SHA algorithms for the better implementation of the model. This model best suits for any of the layers in it, to achieve this we use certain encryption algorithms that convert original text to the form that is not understood by the third party. Finally, data availability can be considered as a major concern, which is viewed as threat associated with the cloud environment. To overcome this problem, we generally replicate our data and store it in various locations.
... Biometric salting commonly involves biometric template transforms that are preferred invertible as opposed to the non-invertible approach (abovementioned). The term "salting" refers to the act of merging specific data (such as passwords) with unique random values ("salt") in order to make all of the original data distinct [9]. In this particular context, this technique may be applicable when a 4-digit PIN is used as the salt to be combined with the hand geometry vector prior to hashing the combination of data. ...
... Fingerprints are one of the physiological-based biometric systems that were initially available in the 1970s for law enforcement agencies; however, now fingerprints scanners are included into smart phones and many other electronic devices due to the recent advances in biometric technology coupled with the increasing threats in information security [20]. They are by far the most known and used biometric solution for identification of identities on computerized systems for reasons like ease of acquisition, convenience and reliability [22]. ...
... The word biometrics is derived from two Greek words, which are bio meaning "life" and metron meaning "measure" [6]. Biometrics falls into two types; biological such as fingerprint face, palm, iris, which usually this type of biometrics cannot be altered without causing trauma or pain to individuals [7]. The second category is behavioral based biometrics such as a signature (on-line or offline), gait, voice, keystrokes and gesture. ...
Nowadays, biometric authentication researches are becoming one of the major focuses among researchers due to various fraud attempts are taking place. Although, several authentication operations are available, these are not free of defects that affect negatively on the authentication operation. Therefore, a novel technique is proposed using index-finger of a hand in order to point out random directions such as up, down, left, or right. Accordingly, a new feature extraction based on area of the index-finger is proposed. It is hybrid between static and dynamic hand directional gesture recognition having advantage that is not forgettable as password due to biologically that this gesture is stored in the brain as visual memory type. This method starts by recording a video around 2-10 seconds as time duration, and then frames are processed one by one to output 4-set-direction, which are deemed as passwords for an individual. Later on, extracted gesture direction vector is matched against the stored one, to output either "accept" or "reject" status. Experiments were conducted on 60-video frames were prepared for training and testing recorded from 10 individuals. Result findings demonstrate high successful recognition rate as the performance accuracy is 98.4% of this proposed method.
... In general, human identification can be most successfully achieved using biometrics, which is based on measurements of physiological and behavioural characteristics [31]. Human identification by mobile robots is, however, based mostly on colour features [12], texture features or combinations of both [32]. ...
In this paper we present a study of vision-based, human-recognition solutions in human-oriented, mobile-robot applications. Human recognition is composed of detection, tracking and identification. Here, we provide an analysis of each step. The applied vision systems can be conventional 2D, stereo or omnidirectional. The camera sensor can be designed to detect light in the visible or infrared parts of the
electromagnetic spectrum. Regardless of the method or the type of sensor chosen, the best results in human recognition can be obtained by using a multimodal solution. In this case, the vision system is enhanced with other forms of sensory information. The most common sensors are laser range finders, microphones and sonars. As medicine is expected to be one of the main fields of application for mobile robots, we give it special emphasis. An overview of current applications and proposal of potential future applications are given. Without doubt, properly controlled mobile robots will play an ever-increasing role in the future of medicine.
... An identification system searches for the identity of an unknown person or biometric entity by comparing the presented biometric feature with many others in an existing database. Hence, verification involves a oneto-one (1:1) search, while identification is achieved when a biometric system makes a one-to-many (1: N) search [1]- [5]. ...
Biometric systems are used for the verification and identification of individuals using their physiological or behavioral features. These features can be categorized into unimodal and multimodal systems, in which the former have several deficiencies that reduce the accuracy of the system, such as noisy data, inter-class similarity, intra-class variation, spoofing, and non-universality. However, multimodal biometric sensing and processing systems, which make use of the detection and processing of two or more behavioral or physiological traits, have proved to improve the success rate of identification and verification significantly. This paper provides a detailed survey of the various unimodal and multimodal biometric sensing types providing their strengths and weaknesses. It discusses the stages involved in the biometric system recognition process and further discusses multimodal systems in terms of their architecture, mode of operation, and algorithms used to develop the systems. It also touches on levels and methods of fusion involved in biometric systems and gives researchers in this area a better understanding of multimodal biometric sensing and processing systems and research trends in this area. It furthermore gives room for research on how to find solutions to issues on various unimodal biometric systems.
... An artificial duplication of the iris is virtually impossible because of its unique properties. In addition, because the iris is closely connected to the human brain, it is one of the first parts of the body to degenerate after death, and therefore, it is impossible to forge an artificial iris or to use a dead person's iris to fraudulently bypass a security system [19]. ...
Biometrics are the unique characteristics of the individual that differentiate him or her from any other person. Down and Sands [1] explained that the physiological characteristics refer to the inherited traits that are shaped in the early embryonic stages of the human development. Physical biometrics include, among other things, DNA, fingerprints, hand geometry, vein patterns, face structure, skin luminescence, palm prints, iris patterns, periocular features, retina patterns, ear shape, lip prints, heartbeats, tongue prints, and body odor/scent [2]?[8]. Behavioral characteristics are not inherited but acquired and learned throughout the life of the individual [1]. These include, but also are not limited to, signature, handwriting, vocal prints, keystroke dynamics, and gait?body motion [3]. As a result, the biometrics of a person cannot be stolen, forgotten, or forged. It is what we are [2].
... The protection of an organizations valuable resources such as computer hardware, computer software, and information by ensuring confidentiality, integrity, and availability of information (Peltier, 2013; Ahmad, Ali, & Adnan, 2012). ...
... Information security: The protection of an organizations valuable resources such as computer hardware, computer software, and information by ensuring confidentiality, integrity, and availability of information (Peltier, 2013;Ahmad, Ali, & Adnan, 2012). ...
... Biometric verification has its own particular quality and confinements. Significant issues in biometric verification are false dismissing rate, false acknowledgment rate, inability to catch, and select rate [17,18]. In late 1996 validation utilizing graphical secret key appeared. ...
Today’s technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security.
... integrity, and availability of information (Peltier, 2013;Ahmad, Ali, & Adnan, 2012). ...
... Hence, it is necessary to ensure that both the communication channels and biometric templates are secure, which can be achieved through encryption techniques. Proper design of biometric template protection scheme also enables a compromised template to be revoked and replaced, which will increase public confidence and acceptance of the system (Ahmad et al., 2012). One of the major advantage of BSV over other security methods is that even if some data is stolen from the database, it cannot cause any major harm since the concerned person can be informed of the theft and the person can change his/her signature to assure security, on the contrary in other biometric methods like fingerprint, iris or palm verification, once the details of the database is stolen, it cannot be changed or resubmitted. ...
In recent years, biometric signature verification (BSV) has been considered with renewed interest with increasing need of security and individual verification and authentication whether in banks, offices, institutions or other commercial organisations. Biometric signature verification is a behavioural biometric technique as a signature signifies unique behaviour of an individual. It can upgrade online banking using online digital systems for signing which cannot be altered or manipulated. Digital signature pads use algorithms to record the features of the signature, which is used to authenticate a signer during a transaction. This paper aims to present a comprehensive literature survey of the most recent research papers on biometric signature verification. It highlights the most important methods and addresses variations in the methods and features that are being taken up in the most recent research in this field along with the possible extensions.
For electronic applications, low-dimension materials like transition metal dichalcogenides (TMDs) have drawn a lot of attention and study. In this study, we looked into WSe2, a common TMDs material. Predicting the use of crystalline substances in different application devices requires an understanding of their physical characteristics. In this context, density functional theory (DFT) is highly helpful. Here, a few physical attributes such as bulk electronic band gap under stable structure parameters have been studied. To give thorough evidence and validate the experimental results, we computationally investigated the band gap of WSe2 using DFT under the FP-(L) APW +lo method. The calculations incorporate the generalized gradient approximation (GGA) for exchange-correlation energy, ensuring a reliable description of the material’s electronic structure. According to band structure simulations, the material has a band gap of 1.545 eV, direct band gap is observed at the K point of the Brillion zone. Our results are in consistent with the earlier theoretical and experimental findings to date. The partial DOS analysis highlights the dominant contributions of W’s d- orbitals and Se’s p-orbitals in both bands. These results provide a detailed insights to structural and electronic properties for advanced electronic and photonic applications.
Authentication in digital security relies heavily on text-based passwords, even with other available methods like biometrics and graphical passwords. While virtual reality (VR) keyboards are typically invisible to onlookers, the presence of inconspicuous sensors, including accelerometers, gyroscopes, and barometers, poses a potential risk of unauthorized observation and recording. Traditional defense shoulder-surfing attack methods typically involve breaking apart the Qwerty layout, which destroys the user's inherent familiarity with the layout. This research addresses the need for secure password entry in VR environments while retaining the Qwerty layout. We explore three keyboard-related position alteration strategies to ensure security while mitigating the decline in user experience. These strategies involve moving the entire keyboard, cursor, and keys. Our theoretical study assesses the effectiveness of these strategies against shoulder-surfing attacks. Two user studies, employing ray-based and position-based text entry methods, respectively, evaluate the practical effectiveness of the three strategies in resisting shoulder-surfing attacks, as well as their impact on typing performance and user experience. Our findings demonstrate that the three strategies achieve shoulder-surfing attack resistance comparable to a random layout keyboard. Moreover, compared to a random layout, the two strategies involving the movement of the entire keyboard and the repositioning of keys support faster entry rates and enhanced user experience.
With the rapid growth in the data and processing over the cloud, it has become easier to access those data. On the other hand, it poses many technical and security challenges to the users of those provisions. Fog computing makes these technical issues manageable to some extent. Fog computing is one of the promising solutions for handling the big data produced by the IoT, which are often security-critical and time-sensitive. Massive IoT data analytics by a fog computing structure is emerging and requires extensive research for more proficient knowledge and smart decisions. Though an advancement in big data analytics is taking place, it does not consider fog data analytics. However, there are many challenges, including heterogeneity, security, accessibility, resource sharing, network communication overhead, the real-time data processing of complex data, etc. This paper explores various research challenges and their solution using the next-generation fog data analytics and IoT networks. We also performed an experimental analysis based on fog computing and cloud architecture. The result shows that fog computing outperforms the cloud in terms of network utilization and latency. Finally, the paper is concluded with future trends.
Cashless society is a system in which all purchases of goods and services are made by credit card or e-payments system. It is a policy that reduces the amount of physical cash that people carry around. Therefore, the system heavily rely on the alternative banking channels (contactless payments terminals) to achieve it purpose. The Central Bank of Nigeria announced its intention to transform Nigerian economy into cashless one in 2011. We argue that it is difficult, if not impossible for a cashless financial system to work under the present state of the Nigerian financial system. This cannot be overemphasized because forging growth in alternative payment system requires inclusivity, proper infrastructure and security of funds and information. The main objective of this study is to make a case for multifactor biometric authentication system in the Nigerian financial service industry. The study also highlight the level of financial inclusion as well as the security vulnerability of the existing system in Nigeria. Descriptive statistical technique of data analysis is employed for the secondary data from 2013-2018. The study concludes that electronic payments fraud has been on increase because of a weak security framework in the existing payment system in Nigeria. This is as the result of cashless policy needs for the inclusion of adults' population into the formal financial system to achieve an effective cashless economic society. The study is also of the opinion that the increase in the volume of fraud in the payment system and the losses of funds is related to the recent increase in the number of adults in the formal financial system in Nigeria. The study therefore recommends that policymakers (CBN) should embark on the search for the solution to the problem of information security in the Nigerian financial system. The study is recommending the multifactor biometric authentication for users as a remedy to the increased electronic payment system fraud in Nigeria.
Human beings recognize and classify objects with biological senses and brain that processes the input into meaningful information. Other than that humans have come to recognize each other in multiple ways one of which is visual recognition of faces. As a biological trait human faces are certainly a biometric such they are universal, distinctive, mostly permanent and collectable. With that a computerized face recognition system can constructed relying on visual information present on each face uniquely. Generally a face recognition system consists of two main phases, face detection phase where presence of a human face is verified on visual input and face recognition phase where detected face is processed for identification. One of the most sought after methods in field image processing for face recognition is CNN (Convoluted Neural Networks). CNNs have proved its effectiveness and accuracy in many CNN based face detection and face recognition systems. As such in this paper the architecture of CNN is presented. Then different techniques for face detection and face recognition based on CNNs are reviewed. In reviewed papers CNNs have repeatedly demonstrated effectiveness and accuracy on multiple benchmarks for face recognition application.
Authentication, Authorization, security and confidential information are number of foremost topics part in the Digital cyber - security Area. There are multiple solutions available in this virtualize cyber world that are presented to user’s strength as per digital security. Username and password base are common factor authentication methods. The growing-up popularity with compliance of second factorized methods those driven by the improvement of privacy and security as per the requirement during this digitalization of technological trend. The recognition and success of digital security various measures are big deal to obsessed with simple convenience. Its need more and more implementation for the user privacy, data confidentiality and network security’s system. mainly focus on this research Article into dealing with and analysing the implications of security part of 3FA proposal model for additional security in way of systematic manner to improvements of digital security in web-based Application. This paper will be presenting as web-based Application. so, we can create potentially ensure systems are authorized with authentication of user's assurance without loss of convenience between user-system data communication in network.
Biometric authentication technology are being increasingly used for many applications. Since such technology requires high level human interaction, effective implementation and acceptability of such system depends on users' perception, particularly, in the area of system safety and privacy. This study was conducted using a survey design accomplished through the use of a descriptive rating, Likert‐type survey instrument. Quantitative data were collected from participants in four tertiary academic institutions and Statistical Package for Social Science version 23 was used for data analysis. The survey focuses on three universities and a polytechnic situated in Kaduna metropolis. Deliberate sampling technique was used in selecting the four academic institutions, stratified random sampling technique was used in administering the survey instrument to 50 respondents from each institutions. The survey sampled 200 participants. Result from the study revealed the importance of considering users' perception before the implementation of biometric system. Major factors that significantly influence perception in this study are users' knowledge of biometric system and gender. Furthermore, 99.5% of the respondents show that public enlightenment and formulation of appropriate legal guidelines to back the use of biometric information will instil confidence in users of biometric technology.
Spoofing with photograph or video is one of the most common manner to circumvent a face recognition system. In this paper, we present a real-time and non-intrusive method to address this based on individual images from a generic webcamera. The task is formulated as a binary classification problem, in which, however, the distribution of positive and negative are largely overlapping in the input space, and a suitable representation space is hence of importance. Using the Lambertian model, we propose two strategies to extract the essential information about different surface properties of a live human face or a photograph, in terms of latent samples. Based on these, we develop two new extensions to the sparse logistic regression model which allow quick and accurate spoof detection. Primary experiments on a large photo imposter database show that the proposed method gives preferable detection performance compared to others.
Fake finger submission attack is a major problem in fingerprint recognition systems. In this paper, we introduce an aliveness detection method based on multiple static features, which derived from a single fingerprint image. The static features are comprised of individual pore spacing, residual noise and several first order statistics. Specifically, correlation filter is adopted to address individual pore spacing. The multiple static features are useful to reflect the physiological and statistical characteristics of live and fake fingerprint. The classification can be made by calculating the liveness scores from each feature and fusing the scores through a classifier. In our dataset, we compare nine classifiers and the best classification rate at 85% is attained by using a Reduced Multivariate Polynomial classifier. Our approach is faster and more convenient for aliveness check for field applications.
Biometric security is a topic of rapidly growing importance, especially as it applies to user authentication and key generation. In this paper, we describe our initial steps toward developing evaluation methodologies for behavioral biometrics that take into account threat models which have largely been ignored. We argue the pervasive as- sumption that forgers are minimally motivated (or, even worse, nav e), or that attacks can only be mounted through manual eort, is too optimistic and even dangerous. To illustrate our point, we analyze a handwriting-based system used for key generation and show that the standard approach of evaluation over-estimates the security of the system by almost 400%. Our results highlight a number of pressing concerns that must be addressed before biometric-based schemes are put into practical use. Additionally, to overcome current labor-intensive hurdles in performing more accurate assessments of system security, we present a generative attack model based on concatenative synthesis that can provide a rapid indication of the security aorded by the system. We show that our generative attacks match or exceed the eectiv eness of forgeries rendered by skilled humans.
In this paper, we propose two new approaches for extracting mouth features for authenticating the person identity with liveness checks. The novel correlated audio-lip features and tensor lip-motion features allow liveness checks to be included in the person identity authentication systems, and ensures that the biometric cues are acquired from a live person who is actually present at the time of capture. Incorporating liveness check functionality in identity authentication systems can guard the system against the advanced spoofing attempts such as manufactured or replayed videos.. She earned her PhD degree in multimodal biometric fusion from University of Canberra. She teaches several graduate courses in information technology and software engineering in the University. Her research areas of interest include biometric person authentication, computer vision and pattern recognition, machine learning and bioinformatics. Her research has been published in several journals and refereed conferences such as Elsevier Image and Vision Computing, WSEAS journal on Information Sciences and Engineering and Springer LNCS Lecture Notes in Computer Sciences and Artificial Intelligence.
The facial vascular network is highly characteristic to the individual, much like the way his fingerprint is. A non-obtrusive way to capture this informa-tion is through thermal imaging. The convective heat transfer effect from the flow of "hot" arterial blood in superficial vessels creates characteristic thermal imprints, which are at a gradient with the surrounding tissue. This casts sigmoid edges on the human tissue where major blood vessels are present. We present an algorith-mic methodology to extract and represent the facial vasculature. The methodology combines image morphology and probabilistic inference. The morphology captures the overall structure of the vascular network while the probabilistic part reflects the positional uncertainty for the vessel walls, due to the phenomenon of thermal diffu-sion. The accuracy of the methodology is tested through extensive experimentation and meticulous ground-truthing. Furthermore, the efficacy of this information for identity recognition is tested on substantial databases.
Ethical issues surrounding the actual and proposed use of biometric identifiers within the EU are identified. The paper starts by defining biometric technology and biometric identification. This is followed by some examples of biometric identifiers presently used in private applications across the world. These examples lead to consideration of some of the ethical problems likely to be encountered when public authorities start using biometrics in travel documents and databases. A brief exploration of current EU policy initiatives involving biometric identifiers is then undertaken to indicate the scope of the problem. A number of ethical issues surrounding the use of biometrics will be articulated, and an assessment will be made of whether the norms and standards applied to the use of biometric identifiers are appropriate. It is concluded that the application of biometric technology should be consistent, justified and linked to appropriate protections.
The objective of this paper is to outline the potential threats to security and privacy that are associated with biometric-enabled
applications, to summarize the resulting requirements to ensure secure and private handling of personal data, and to explain
why standardization in this area is required. The currently ongoing standardization efforts in ISO/IEC in the area of biometric
template protection are described.
Along with the wide diffusion of biometric-based authentication systems, the need to provide security and privacy to the employed biometric templates has become an issue of paramount importance in the design of user-friendly applications. Unlike password or tokens, if a biometrics is compromised, usually it cannot be revoked or reissued. In this paper we propose an on-line signature-based biometric authentication system, where non invertible transformations are applied to the acquired signature functions, making impossible to derive the original biometrics from the stored templates, while maintaining the same recognition performances of an unprotected system. Specifically, the possibility of generating cancelable templates from the same original data, thus providing a proper solution to privacy concerns and security issues, is deeply investigated.
A method of improving the security of biometric templates which satisfies desirable properties such as (a) irreversibility of the template, (b) revocability and assignment of a new template to the same biometric input, (c) matching in the secure transformed domain is presented. It makes use of an iterative procedure based on the bispectrum that serves as an irreversible transformation for biometric features because signal phase is discarded each iteration. Unlike the usual hash function, this transformation preserves closeness in the transformed domain for similar biometric inputs. A number of such templates can be generated from the same input. These properties are illustrated using synthetic data and applied to images from the FRGC 3D database with Gabor features. Verification can be successfully performed using these secure templates with an EER of 5.85%.
This paper proposes a novel method for fingerprint liveness detection based on band-selective Fourier spectrum. The 2D spectrum
of a fingerprint image reflects the distribution and strength in spatial frequencies of ridge lines. The ridge-valley texture
of the fingerprint produces a ring pattern around the center in the Fourier spectral image and a harmonic ring pattern in
the subsequent ring. Both live and fake fingerprints produce these rings, but with different amplitudes in different spatial
frequency bands. Typically, live fingerprints show stronger Fourier spectrum in the ring patterns than the fake. The proposed
method classifies the live and the fake fingerprints by analyzing the band-selective Fourier spectral energies in the two
ring patterns. The experimental results demonstrate this approach to be a promising technique for making fingerprint recognition
systems more robust against fake-finger-based spoofing vulnerabilities.
A new approach for both hand image segmentation and feature extraction is described. The main advantage of this approach,
namely its robustness to low quality images, is illustrated through verification experiments with two public databases: one
with scanned images from 50 subjects and another one with low-quality images acquired from 23 subjects, from a conventional
webcam. In both cases, features are successfully extracted and good performances are obtained, in spite of image quality.
Moreover, the main drawbacks of feature extraction in conventional algorithms are highlighted.
A minutiae-based template is a very compact representation of a fingerprint image, and for a long time, it has been assumed that it did not contain enough information to allow the reconstruction of the original fingerprint. This work proposes a novel approach to reconstruct fingerprint images from standard templates and investigates to what extent the reconstructed images are similar to the original ones (that is, those the templates were extracted from). The efficacy of the reconstruction technique has been assessed by estimating the success chances of a masquerade attack against nine different fingerprint recognition algorithms. The experimental results show that the reconstructed images are very realistic and that, although it is unlikely that they can fool a human expert, there is a high chance to deceive state-of-the-art commercial fingerprint recognition systems.
Most fingerprint-based biometric systems store the minutiae template of a user in the database. It has been traditionally assumed that the minutiae template of a user does not reveal any information about the original fingerprint. In this paper, we challenge this notion and show that three levels of information about the parent fingerprint can be elicited from the minutiae template alone, viz., 1) the orientation field information, 2) the class or type information, and 3) the friction ridge structure. The orientation estimation algorithm determines the direction of local ridges using the evidence of minutiae triplets. The estimated orientation field, along with the given minutiae distribution, is then used to predict the class of the fingerprint. Finally, the ridge structure of the parent fingerprint is generated using streamlines that are based on the estimated orientation field. Line Integral Convolution is used to impart texture to the ensuing ridges, resulting in a ridge map resembling the parent fingerprint. The salient feature of this noniterative method to generate ridges is its ability to preserve the minutiae at specified locations in the reconstructed ridge map. Experiments using a commercial fingerprint matcher suggest that the reconstructed ridge structure bears close resemblance to the parent fingerprint.
This paper discusses the social and ethical aspects of biometrics, using mainly a historical approach. A description is provided as regards the origins and development of the word. Reference is made to the various ways in which it has been interpreted, sometimes very different one from another, and finally to the meaning currently attached to it. The most relevant ethical and social implications are highlighted by giving a brief overview of the contents of the main institutional documents produced both on an international and domestic level in the various countries. The analyses contained in these reports also bring to the fore the main challenges which society shall have to deal with, in the near future and on a long-term basis, as a consequence of the extremely rapid diffusion of those technologies which use biometric data request.
Establishing identity is becoming critical in our vastly interconnected society. Questions such as "Is she really who she claims to be?," "Is this person authorized to use this facility?," or "Is he in the watchlist posted by the government?" are routinely being posed in a variety of scenarios ranging from issuing a driver's license to gaining entry into a country. The need for reliable user authentication techniques has increased in the wake of heightened concerns about security and rapid advancements in networking, communication, and mobility. Biometrics, described as the science of recognizing an individual based on his or her physical or behavioral traits, is beginning to gain acceptance as a legitimate method for determining an individual's identity. Biometric systems have now been deployed in various commercial, civilian, and forensic applications as a means of establishing identity. In this paper, we provide an overview of biometrics and discuss some of the salient research issues that need to be addressed for making biometric technology an effective tool for providing information security. The primary contribution of this overview includes: 1) examining applications where biometric scan solve issues pertaining to information security; 2) enumerating the fundamental challenges encountered by biometric systems in real-world applications; and 3) discussing solutions to address the problems of scalability and security in large-scale authentication systems.
Various aspects and advantages of biometric system are presented. A biometric system is essentially a pattern-recognition system that recognizes a person based on a feature vector derived from a specific physiological or behavioral characteristic that the person possesses. Depending on the application context, a biometric system typically operates in one of two modes: verification or identification. In verification mode, the system validates a person's identity by comparing the captured biometric characteristic with the individual's biometric template, which is prestored in the system database.
A wide variety of systems requires reliable personal recognition schemes to either confirm or determine the identity of an individual requesting their services. The purpose of such schemes is to ensure that the rendered services are accessed only by a legitimate user and no one else. Examples of such applications include secure access to buildings, computer systems, laptops, cellular phones, and ATMs. In the absence of robust personal recognition schemes, these systems are vulnerable to the wiles of an impostor. Biometric recognition, or, simply, biometrics, refers to the automatic recognition of individuals based on their physiological and/or behavioral characteristics. By using biometrics, it is possible to confirm or establish an individual's identity based on "who she is", rather than by "what she possesses" (e.g., an ID card) or "what she remembers" (e.g., a password). We give a brief overview of the field of biometrics and summarize some of its advantages, disadvantages, strengths, limitations, and related privacy concerns.
This article intends to set down some first tentative steps towards a better insight Into the legal consequences of, as well as conditions for, the application of biometric technologies. After providing a brief description of the techniques involved and of the different biometric methods used, mention will be made of a few of the benefits of the technology as well as applications thereof. Subsequently, issues related to fundamental rights, legal requirements for security measures and the status of proofs (e.g., in trials) are explored. The article is concluded with some recommendations and policy options.
The arrears issue in public service enterprises becomes the current focus of attention of our society. This paper proposed unreasonable regulatory mechanism is one of the most important causes of arrears. A Hawk-Dove game theory is applied here in order to produce a comprehensive analytic framework for solving such problem. Based on this theory, the paper analyzes the ESS for public service enterprises and users will be live and let-live. Several commendations for incentive compatibility are given accordingly: on one hand, call attention to the users frequently; on the other hand, install new anti-arrears equipments to make a record of the users and punish intentional arrears.
The security and protection of biometric template has been the bottleneck of its applications due to permanent appearance of biometrics. We propose “Cancelable PalmCode” based on coding approaches to protect texture features of palmprints. Cancelable PalmCode templates are generated from Gabor filters whose parameters are randomized by the user-specific tokenised pseudo-random number (PRN). The effects of seven randomization schemes are studied and compared. Three of the randomization schemes are proved feasible and practicable for cancelable PalmCode. Cancelable PalmCode is able to be revoked and reissued conveniently and the transform is non-invertible. The selected three schemes avoid performance degradation caused by PRN. The experimental results on PolyU palmprint database show the feasibility and efficiency of cancelable PalmCode and it can be easily generalized to other palmprint codes for biometric security and protection.
This article intends to set down some first tentative steps towards a better insight into the legal consequences of, as well as conditions for, the application of biometric technologies.1 After providing a brief description of the techniques involved and of the different biometric methods used, mention will be made of a few of the benefits of the technology as well as applications thereof. Subsequently, issues related to fundamental rights, legal requirements for security measures and the status of proofs (e.g., in trials) are explored. The article is concluded with some recommendations and policy options.
Illumination variation on images of faces is one of the most difficult problems in face recognition systems. The performance
of a self-organizing map-based face recognition system is highly degraded when the illumination in test images differs from
that of the training images. Illumination normalization is a way to solve this problem. Both global and local image enhancement
methods are studied in this article. A local histogram equalization method strongly improves the recognition accuracy of the
CMU-PIE face database.
Governance refers to the process whereby elements in society wield power and authority, and influence and enact policies and decisions concerning public life, and economic and social development [13]. There are three kinds of governance concept which should be considered in corporate environments: enterprise governance, IT governance, and security governance. The success factors of the governance are summarized: Adequate participation by business management; Clearly defined governance processes; Clarify stakeholders' roles; Measure the effectiveness of governance; Facilitate the evolution of governance; Clearly articulated goals; Resolution of cultural issues. The approaches of security management, which manage an organization's security policy by monitoring and controlling security services and mechanisms, distribute security information, and report security events, are related with the purpose of security governance. However, studies on enterprise governance or IT governance, and security management lack in the provision of detailed framework and functionalities when considering the success factors of the governance described above. For example, BS7799, which is one of the most famous standards of security management in the world, provides general guidance on the wide variety of information security. Nevertheless, it takes the broad-brush approach. Accordingly, BS7799 does not provide definitive or specific materials on any topic of the security management and certainly could be useful as a high-level overview of information security topics that could help senior management to understand the basic issues involved in each of the topic areas. This chapter provides a structured approach of security governance to corporate executives. Previous studies on the governance and security management are summarized to explain the components and requirements of a governance framework for corporate security. Finally, a governance framework for corporate security, which consists of four domains and two relationship categories, is provided. The domains have several objects respectively. The objects consist of components that should be resolved or provided to govern the issues of corporate security. The domains include a community (shareholder and management; media and customer; employee and supplier; government), security (control; enterprise strategy), performance (resource; competitive value), and information (owner; value; risk). The relationship among the objects of the security governance framework has two categories of harmonization and flywheel. The harmonization category governs the relationship among a community, performance, and security domain. The harmonization category deals with the problems of social, organizational, and human factors of corporate security. The flywheel category governs the relationship between a performance domain and security domain. The flywheel category deals with the virtuous cycle of corporate security. With this framework, corporate executives could create greater productivity gains, cost efficiencies, and a safer business community internally, for their customers and others interconnected throughout the critical infrastructure.
Biometric performance assessment is made difficult by virtue of the fact that each user in the database introduces variability that cannot be controlled even with a well designed acquisition procedure and experimental protocol. As a result, the system performance is inevitably user-dependent. We propose explicitly to rank the users according to their performance using criteria such as the F-ratio, the Fisher ratio and the d-prime metric. These criteria are demonstrated to be able to partition the users in such a way that the performance of each partition differs by as much as a factor of 2. Thanks to these criteria, it is possible to assess the performance of the best case or, more importantly, the worst case scenario. While the experiments have been conducted only on face, fingerprint and iris biometrics, we conjecture that such performance discrepancy among the population of users in the same database is exhibited by all biometrics. We also explore various research avenues in this direction, including group-specific score normalization, model adequacy at enrollment and multimodal fusion controlled by a user-ranking criterion.
To alleviate the problem of severe degradation of speaker recognition performance under noisy environments because of inadequate and inaccurate speaker-discriminative information, a method of robust feature estimation that can capture both vocal source- and vocal tract-related characteristics from noisy speech utterances is proposed. Spectral subtraction, a simple yet useful speech enhancement technique, is employed to remove the noise-specific components prior to the feature extraction process. It has been shown through analytical derivation, as well as by simulation results, that the proposed feature estimation method leads to robust recognition performance, especially at low signal-to-noise ratios. In the context of Gaussian mixture model-based speaker recognition with the presence of additive white Gaussian noise, the new approach produces consistent reduction of both identification error rate and equal error rate at signal-to-noise ratios ranging from 0 to 15 dB.
This paper presents a new evolutionary approach for adaptive combination of multiple biometrics to ensure the optimal performance for the desired level of security. The adaptive combination of multiple biometrics is employed to determine the optimal fusion strategy and the corresponding fusion parameters. The score-level fusion rules are adapted to ensure the desired system performance using a hybrid particle swarm optimization model. The rigorous experimental results presented in this paper illustrate that the proposed score-level approach can achieve significantly better and stable performance over the decision-level approach. There has been very little effort in the literature to investigate the performance of an adaptive multimodal fusion algorithm on real biometric data. This paper also presents the performance of the proposed approach from the real biometric samples which further validate the contributions from this paper.
A technique evaluating liveness in face image sequences is presented. To ensure the actual presence of a live face in contrast to a photograph (playback attack), is a significant problem in face authentication to the extent that anti-spoofing measures are highly desirable. The purpose of the proposed system is to assist in a biometric authentication framework, by adding liveness awareness in a non-intrusive manner. Analyzing the trajectories of certain parts of a live face reveals valuable information to discriminate it against a spoofed one. The proposed system uses a lightweight novel optical flow, which is especially applicable in face motion estimation based on the structure tensor and inputs of a few frames. For reliable face part detection, the system utilizes a model-based local Gabor decomposition and SVM experts, where selected points from a retinotopic grid are used to form regional face models. Also the estimated optical flow is exploited to detect a face part. The whole procedure, starting with three images as input and finishing in a liveness score, is executed in near real-time without special purpose hardware. Experimental results on the proposed system are presented on both a public database and spoofing attack simulations.
This paper describes a prototype of robust biometric system for verification. The system uses features extracted using Speeded
Up Robust Features (SURF) operator of human hand. The hand image for features is acquired using a low cost scanner. The extracted
palmprint region is robust to hand translation and rotation on the scanner. The system is tested on IITK database and PolyU
database. It has FAR 0.02%, FRR 0.01% and an accuracy of 99.98% at original size. The system addresses the robustness in the
context of scale, rotation and occlusion of palmprint. The system performs at accuracy more than 99% for scale, more than
98% for rotation, and more than 99% for occlusion. The robustness and accuracy suggest that it can be a suitable system for
civilian and high-security environments.
This work introduces a new approach to fake finger detection, based on the analysis of human skin elasticity. When a user puts a finger on the scanner surface, a sequence of fingerprint images which describes the finger deformation process is captured. Then two features which represent the skin elasticity are extracted from the image sequence: 1) the correlation coefficient of the fingerprint area and the signal intensity; 2) the standard deviation of the fingerprint area extension in x and y axes. Finally the Fisher Linear Discriminant is used to discriminate the finger skin from other materials such as gelatin. The experiments carried out on a dataset of real and fake fingers show that the proposed approach and features are effective in fake finger detection.
The vein identification systems identify a certain person by acquiring the local infrared image of hand (dorsa, palm and finger) and extracting vein pattern. The vein identification systems are widely used in security and surveillance field, but most of them ignore the liveness detection requirement or only check the temperature to prevent spoofing. After studying the spoofing method for vein identification systems in the market, this paper presents a kind of liveness detection method based on an optical measurement for sequence infrared images. The vein images are related with vital signs such as oxygen saturation in human blood and heart rate. Two kinds of different algorithm are used for feature extraction, one for vital signs detection, the other for identification. The distinguish processor can integrate all kinds of information data to make an estimation. This method can prevent the identification spoofing and improve the security capability of vein identification system.
In this article, a new approach to offline signature verification, based on a general-purpose wide baseline matching methodology,
is proposed. Instead of detecting and matching geometric, signature-dependent features, as it is usually done, in the proposed
approach local interest points are detected in the signature images, then local descriptors are computed in the neighborhood
of these points, and afterwards these descriptors are compared using local and global matching procedures. The final verification
is carried out using a Bayes classifier. It is important to remark that the local interest points do not correspond to any
signature-dependent fiducial point, but to local maxima in a scale-space representation of the signature images. The proposed
system is validated using the GPDS signature database, where it achieves a FRR of 16.4% and a FAR of 14.2%.
Lately, the once powerful one-factor authentication which is based solely on either password, token or biometric approach, appears to be insufficient in addressing the challenges of identity frauds. For example, the sole biometric approach suffers from the privacy invasion and non- revocable issues. Passwords and tokens are easily forgotten and lost. To address these issues, the notion of cancellable biometrics was introduced to denote biometric templates that can be cancelled and replaced with the inclusion of another independent authentication factor. BioHash is a form of cancellable biometrics which mixes a set of user-specific random vectors with biometric features. In verification setting, BioHash is able to deliver extremely low error rates as compared to the sole biometric approach when a genuine token is used. However, this raises the possibility of two identity theft scenarios: (i) stolen-biometrics, in which an impostor possesses intercepted biometric data of sufficient high quality to be considered genuine and (ii) stolen-token, in which an impostor has access to the genuine token and used by the impostor to claim as the genuine user. We found that the recognition rate for the latter case is poorer. In this paper, the quantised random projection ensemble based on the Johnson-Lindenstrauss Lemma is used to establish the mathematical foundation of BioHash. Based on this model, we elucidate the characteristics of BioHash in pattern recognition as well as security view points and propose new methods to rectify the stolen-token problem. 2007 Elsevier Ltd. All rights reserved.
Potential threats caused by something like real fingers, which are
called fake or artificial fingers, should be crucial for authentication
based on fingerprint systems. Security evaluation against attacks using
such artificial fingers has been rarely disclosed. Only in patent
literature, measures, such as live and well detection, against fake
fingers have been proposed. However, the providers of fingerprint
systems usually do not mention whether or not these measures are
actually implemented in emerging fingerprint systems for PCs or smart
cards or portable terminals, which are expected to enhance the grade of
personal authentication necessary for digital transactions. As
researchers who are pursuing secure systems, we would like to discuss
attacks using artificial fingers and conduct experimental research to
clarify the reality. This paper reports that gummy fingers, namely
artificial fingers that are easily made of cheap and readily available
gelatin, were accepted by extremely high rates by 11 particular
fingerprint devices with optical or capacitive sensors. We have used the
molds, which we made by pressing our live fingers against them or by
processing fingerprint images from prints on glass surfaces, etc. We
describe how to make the molds, and then show that the gummy fingers,
which are made with these molds, can fool the fingerprint devices.
It is commonly accepted that users of a biometric system may have differing degrees of accuracy within the system. Some people may have trouble authenticating, while others may be particularly vulnerable to impersonation. Goats, wolves, and lambs are labels commonly applied to these problem users. These user types are defined in terms of verification performance when users are matched against themselves (goats) or when matched against others (lambs and wolves). The relationship between a user's genuine and impostor match results suggests four new user groups: worms, doves, chameleons, and phantoms. We establish formal definitions for these animals and a statistical test for their existence. A thorough investigation is conducted using a broad range of biometric modalities, including 2D and 3D faces, fingerprints, iris, speech, and keystroke dynamics. Patterns that emerge from the results expose novel, important, and encouraging insights into the nature of biometric match results. A new framework for the evaluation of biometric systems based on the biometric menagerie, as opposed to collective statistics, is proposed.
This paper aims to contribute to the debate of biometrics and privacy concerns by examining the existing legal and academic debates. Several controversial legal problems in the biometric context will be discussed such as the following: the legal status of biometric data, the storage of biometric data, compulsory and voluntary issues and the necessity of using biometric technology. The study will be based on relevant EU instruments, Norwegian, Swedish and US case law. Critical comments will be made on the various views about biometrics and data protection from a legal perspective.