ArticlePDF Available

A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems


Abstract and Figures

Biometric research is directed increasingly toward Wearable Biometric Systems (WBS) for user authentication and identification. However, prior to engaging in WBS research, how their operational dynamics and design considerations differ from those of Traditional Biometric Systems (TBS) must be understood. While the current literature is cognizant of those differences, there is no effective work that summarizes the factors where TBS and WBS differ, namely, their modality characteristics, performance, security, and privacy. To bridge the gap, this article accordingly reviews and compares the key characteristics of modalities, contrasts the metrics used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks, and defenses for TBS and WBS. It further discusses how these factors affect the design considerations for WBS, the open challenges, and future directions of research in these areas. In doing so, the article provides a big-picture overview of the important avenues of challenges and potential solutions that researchers entering the field should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the fundamental differences between TBS and WBS before understanding the core challenges associated with WBS and its design.
Content may be subject to copyright.
A Survey on Modality Characteristics, Performance
Evaluation Metrics, and Security for Traditional and
Wearable Biometric Systems
Florida International University
Biometric research is directed increasingly toward Wearable Biometric Systems (WBS) for user authentication
and identication. However, prior to engaging in WBS research, how their operational dynamics and design
considerations dier from those of Traditional Biometric Systems (TBS) must be understood. While the cur-
rent literature is cognizant of those dierences, there is no eective work that summarizes the factors where
TBS and WBS dier, namely, their modality characteristics, performance, security, and privacy. To bridge the
gap, this article accordingly reviews and compares the key characteristics of modalities, contrasts the metrics
used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks, and
defenses for TBS and WBS. It further discusses how these factors aect the design considerations for WBS,
the open challenges, and future directions of research in these areas. In doing so, the article provides a big-
picture overview of the important avenues of challenges and potential solutions that researchers entering the
eld should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the
fundamental dierences between TBS and WBS before understanding the core challenges associated with
WBS and its design.
CCS Concepts: • General and reference Surveys and overviews;•Security and privacy Biomet-
rics;Security requirements; Malware and its mitigation;
Additional Key Words and Phrases: Biometrics, wearables, metrics, threats, vulnerabilities, attacks, WBAN
ACM Reference format:
Aditya Sundararajan, Arif I. Sarwat, and Alexander Pons. 2019. A Survey on Modality Characteristics, Per-
formance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems. ACM Comput.
Surv. 52, 2, Article 39 (May 2019), 36 pages.
This work is supported by the National Science Foundation under Grant No. 1553494. Any opinions, ndings, and conclu-
sions or recommendations expressed in this material are those of the authors and do not necessarily reect the views of
the National Science Foundation.
Authors’ addresses: A. Sundararajan, A. I. Sarwat, and A. Pons, Department of Electrical and Computer Engineering, Florida
International University, 10555 West Flagler Street, Miami, FL USA, 33174.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee
provided that copies are not made or distributed for prot or commercial advantage and that copies bear this notice and
the full citation on the rst page. Copyrights for components of this work owned by others than ACM must be honored.
Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires
prior specic permission and/or a fee. Request permissions from
© 2019 Association for Computing Machinery.
0360-0300/2019/05-ART39 $15.00
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:2 A. Sundararajan et al.
Biometrics is a eld of science which deals with the exploitation of unique, identiable and quanti-
tatively measurable characteristics of humans in order to authenticate and/or identify them [181].
Over the years, pattern recognition and machine-learning algorithms have found immense signi-
cance in user authentication. A hardware-software-based technology that applies such algorithms
to human biometrics for authentication and, more recently, identication, fall under the class called
biometric systems. Although biometric devices are used more commonly, biometric systems have
been used in this article to emphasize that the scope of study is beyond the physical device it-
self, and considers communications and other applications that use the data from the individual
devices. Traditionally deployed as standalone systems, the biometric systems require separate,
mutually exclusive “enrollment” and “authentication” phases [31]. Figure 1illustrates the system
model of traditional biometric systems (TBS). During enrollment, the user registers their traits or
“modalities” as a template, created by selecting and extracting specic features from the sample
recorded by sensor(s), such that it is enough to uniquely identify that user [192]. Their identity
and corresponding template are then stored in the database [222].
At this point, security of template becomes critical, as they cannot be revoked once the data-
base is compromised. Owing to plenty of additive noise common during measurement, hashing
the template is counterproductive [199]. There are many template protection methods like secure
sketch schemes whose strength is measured by the average min-entropy of the original template
given the secure sketch [200], fuzzy commitment scheme based on binary error-correcting codes
[108], and the use of mutual information to measure dishonesty among users [45]. The Informa-
tion Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST)
recommends standards for biometric data exchange, system accuracy, and interoperability [213].
Another class of systems is emerging, referred to in this article as wearable biometric systems
(WBS), which are miniaturized, mobile, exible, comfortable, less invasive, and aesthetically pleas-
ing. It is worth noting that WBS also come under another broader group, the wearable devices,
which also include token and smartcards. However, this article focuses only on WBS. TBS and
WBS ensure user security in dierent ways.
TBS consider each modality of the user as a separate entity while WBS consider the entire
user (along with all of their individual modalities) as one [152].
TBS can be optionally connected to the Internet, while WBS are inherently online, exploit-
ing the principles of Internet of Everything (IoE) [178].
The authentication and identication processes for TBS are static and user-initiated while
for WBS they are dynamic and autonomous.
While traditional modalities such as ngerprints, gait, motor, iris, and retina can be inte-
grated into wearables using less-invasive sensors embedded in eyewear, waist-belts, and so
forth, modalities considered invasive in TBS such as ECG, EEG, and Electromyogram (EMG)
could be less invasive in WBS domain.
Threats, attacks, and defense landscapes for TBS are very dierent from those for WBS,
considering they have dierent operating dynamics, characteristics, and context.
While TBS are widely used in research institutes, hospitals, libraries, airports, and univer-
sities, WBS currently nd their use more in healthcare and personal tness than in security
It is clear that the future of biometric systems research is geared toward WBS, especially fac-
tors like modality characteristics, performance, security, and privacy, and how they impact system
design and operation. However, prior to looking deeper into this area, it is important to better
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:3
Fig. 1. Block diagram for the system model of a typical TBS.
Fig. 2. Flowchart showing the outline of this article.
understand the dierences between TBS and WBS highlighted above. To this end, the article
makes the following three key contributions:(1) Summarize and compare TBS and WBS in terms
of the factors identied above and discuss how they contribute to the dierences listed earlier;
(2) contribute to the literature by reviewing and summarizing observations of how the modality
characteristics, evaluation metrics, and security impact the future design solutions for WBS; and
(3) present important open challenges and future research directions in biometric systems that
researchers should pay attention to. Hence, this survey is one of the rst eorts in summarizing
the research conducted beyond the widely explored TBS, and serves as a strong starting point for
researchers entering/in interrelated elds.
The rest of the article is organized as follows based on the outline illustrated by Figure 2.
Section 2introduces WBS, their system model, and Wireless Body Area Networks (WBANs). It
also summarizes various products in the market that leverage the technology. A comprehensive
summary of the dierent key characteristics of various WBS modalities is tabulated and discussed
in Section 3. Section 4reviews various metrics to evaluate the performance of TBS and WBS. Met-
rics for WBS are summarized in contrast with those of TBS. The threats, attacks, and defenses for
TBS and WBS are reviewed in Section 5. Attacks are summarized based on whether they target
the modality, technology, or both to provide a cohesive organization of the literature. Defenses
available against the surveyed attacks are also presented. A brief discussion on how the modality
characteristics, performance evaluation metrics, security, and privacy aect future design solu-
tions for WBS is discussed in Section 6. While Section 7presents the open research challenges and
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:4 A. Sundararajan et al.
future directions for research in the area of WBS, Section 8concludes the survey by summarizing
the key ndings.
Today, wearable applications quantify and personalize every action and movement undertaken
by users in order to monitor their health and upgrade their lifestyles. However, in the context of
security, the complexity faced by attackers increases multi-fold when such wearable applications
are networked to form a WBAN, with many independent, body-friendly and reliably accurate
sensors measuring and sharing data to yield a composite template. In tomorrow’s fast-paced world
where multiple devices are capable of interacting with each other, such dynamic and self-reliant
security technologies will be required. Companies like Nymi, Google, Motorola, Apple, and Fitbit
are releasing wearable devices like heart-rate monitors, physical tness trackers, smartwatches,
mobile operating systems, assisted living, elder-care, ambient-assisted living, remote automotive
and home appliance control, and even navigation control [1,43]. This implies there is a strong
future in WBS security for user authentication and identication.
WBS also double up as “virtual keys” that people use to protect their sensitive assets. Their
sensors are tasked with data acquisition, information communication, and decision making with
little to no user intervention [118]. Additionally, the nodes of WBS can be implanted, surface-
mounted, or even invisible [77]. While surface-mounted WBS are in the form of Smartwatch
[122], Fitbit [137], MOTOACTV [4], and Jawbone UP, implanted or embedded WBS have also
started making appearances in global markets. Invisible WBS, however, are still nascent in terms
of their commercial availability, although two of the leading biometric garment companies, OM-
Signal and Hexoskin, have launched shirts and garments designed with specially fabricated textiles
made of sensors that collect and visualize body statistics in real time [150]. WBAN is discussed in
Section 2.1. Section 2.2 describes the system model for WBS, while Section 2.3 details the products
available in the market that use WBS.
2.1 Wireless Body Area Network (WBAN)
A central notion to WBS is WBAN. Wearable sensors, implanted or surface-mounted or invis-
ible, constitute WBAN with a typical range of 1–2 meters around the body. WBAN is derived
from “Wireless Personal Area Network (WPAN),” a term coined by Zimmerman in 2001 when he
studied the eect of electronics brought near the human body [221]. With improvements in Mi-
croelectromechanical System (MEMS), data analytics, and wireless communications, sensors have
seen successive improvements with respect to reliability and robustness [130]. The data collected
in real time by these sensors is communicated to a sink, which could be smartphones, Personal
Digital Assistants (PDAs), or Personal Computers (PCs). The collected data is fused, processed, and
analyzed to oer personalization, authentication, and/or identication [63].
Wearable sensors are pervasive in nature. As identied in [59], a pervasive wearable is a colony
of biometric sensors, more formally called “passive biometrics”, that is unobtrusively measurable
(non-invasive) and has maximal independence. They are auto-congured and do not need hu-
man intervention during enrollment. However, due to this reason, data collected by them is usu-
ally more than that collected by active biometrics like TBS. In addition, passive biometric sensors
should be able to discover their peers within the same body, distinguish between those that be-
long to other bodies in their range, maintain secure communication, and identify the individual to
whom they belong. They must also have small size and lean form-factor, and be energy-ecient
and independent of positioning with respect to their target organ [79].
A typical WBAN, shown in Figure 3, is an interconnection of multiple independent wearable
sensors, each of which measure specic signals from a modality including but not limited to one
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:5
Fig. 3. Block diagram of a typical WBAN with wearable sensor and sink nodes.
of the following: brainwaves associated with stimuli, iris structure [30], retinal patterns [194],
vocal resonance while speaking prerecorded phrases [149,195], skull conduction in response to
audio waves propagating within the head [184], signals from the heart [23,180], vein pattern on
the underside of the skin, gait while walking or striding [64,81], signals generated by muscles
in motion [[201], Mechanomyograph (MMG) signals generated by muscles upon activation [25],
ngerprint patterns [57], readings of pressure applied by ngertips when holding objects like pens,
car keys, steering wheel, computer mouse, door handle, and so forth, patterns from signature and
body odor [135], and Photoplethysmograph (PPG) denoting the absorption of light through a body
part in accordance with heartrate pulses [53,123].
In WBAN, each sensor is termed a “node.” The network itself can be scaled by connecting more
nodes on/in the body. These nodes use wireless protocols to communicate among themselves and
are coordinated by an on/in-body master “sink,” forming a star topology, or communicate among
themselves and independently connect to an o-body sink, forming a star-mesh hybrid topology
[9,72,134,203]. The protocols for communication between WBAN nodes and sink require low
power communication protocols since sensors run on batteries. The IEEE 802.15.6 is considered as
the primary standard that denes the Medium Access Control (MAC) architecture for in- and on-
body wireless communications [3]. According to the standard, every node and sink has a Physical
(PHY) layer (constituting a narrowband, ultra-wideband, and human body communication PHY
layers) and a MAC sublayer [131]. The MAC Service Data Units (MSDUs) are transferred from the
MAC client layer to the MAC sublayer through the MAC Service Access Point (SAP). The MAC
frames are then transferred to the PHY layer through the PHY SAP. The reverse happens at the
receiving end, which would be a sink in a star topology, or a node/sink in a star-mesh hybrid
topology. Network and Application layers provide conguration, routing and management, and
functional requirements, respectively [15,16].
Standard protocols for WBAN MAC communication such as ZigBee-MAC, Baseline-MAC
(BMAC), SPARE-MAC, T-MAC, and D-MAC have been widely used to implement WBANs, which
account for trac resolution, collision contingencies, energy-saving, auto-conguration, through-
put, and delay [113]. MAC layers employ Time Division Multiple Access (TDMA) and its hybrid
variants such as λ-MAC and A-MAC [165,179]. Carrier Sense Multiple Access with Collision
Avoidance (CSMA/CA) technologies are also used for energy-ecient communication through
sleep scheduling, high channel utilization, and low latency [188]. A Low-Energy Adaptive Cluster-
ing Hierarchy (LEACH) routing protocol was presented to uniformly distribute energy load among
WBAN nodes. This method is a signicant attempt toward reducing energy dissipation through
randomization, and also supports scalability, adaptiveness, and robustness [94]. WBAN communi-
cation should be cognizant of electromagnetic wave diraction due to the continuous absorption
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:6 A. Sundararajan et al.
Fig. 4. System model of a typical wearable biometric system.
and reection as waves pass through tissues and cells which predominantly contain water. If the
sink is located o-body, normal human body movements and posture when stationary would de-
termine the quality of information transmitted. This in turn determines channel conditions and
factors like latency and throughput, which indirectly aect energy consumption [79].
2.2 System Model of WBS
The system model of WBS shown in Figure 4is a cyclical “continuous/online” process, where wear-
ables authenticate or identify users not on-demand but continuously. WBS comprise the WBAN
represented in Figure 3, the sink, and storage, which may or may not belong to the sink. WBAN
is bounded by constraints related to memory for storage and computation, network bandwidth
for communication, and energy consumption, among other key factors like interoperability, form
factor, and bio-friendliness [42]. Some WBANs are also capable of doing minimal signal process-
ing. Sink can be functionally decomposed into a signal preprocessing unit, feature extraction and
selection unit, feature matching unit, and optionally a data storage and management unit. In some
cases like Fitbit or Google Glass, the sensor and sink nodes are integrated into one device, while
the storage and maintenance is pushed to cloud. Signal preprocessing involves operations such
as smoothing, interpolation, and normalization. Feature extraction and selection employ standard
methods like Principal or Independent Component Analysis (PCA/ICA), Linear Discriminant Anal-
ysis (LDA), logistic regression for minimal hardware complexity, and Short Time Fourier Trans-
form (STFT) for minimal memory and computation complexity [40,163,189]. Feature matching
uses one-class models for authentication and multi-class models for identication based on kNN,
Support Vector Machines (SVMs), Bayesian Networks and Naïve Bayes, and Articial Neural Net-
works (ANNs) for supervised learning [223,224]; and Hidden Markov Models (HMMs) and Gauss-
ian Mixture Models (GMMs) for unsupervised learning. Sink-level storage lowers vulnerability to
external threats, but limits computational capabilities and increases form factor.
2.3 Products in the Market Using WBS
It was estimated that the market for WBS in sports and healthcare would reach at least 170 million
devices by the end of 2017 [5]. WBS use both physical as well as behavioral modalities, dened
later in Section 3, where the former are more static and the latter more dynamic. The behavioral
modality-based systems employ hand-eye coordinations, user interactions, pressure, tremors, and
other ner movements in addition to the modality itself to capture the data needed for authenti-
cation. This sophistication can be more easily achieved by WBS than TBS given their mobility and
proximity to the human body. Behavioral modalities have also been used in continuous authenti-
cation, sometimes with randomized selection of features from a pool to base the analysis on. For
example, EEG-based sensors, which measure stimulus-specic brainwaves to authenticate users,
have been of recent interest to the research community, and their application to WBS has attracted
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:7
decent attention. Below are a few other examples of emerging and recently available products in
the market that leverage WBS and mostly behavioral modalities:
(1) EEG: It is dicult with today’s technological advancement to consider EEG as one of the
unobtrusively measurable biometrics, since it needs the user to be stationary and calm,
and to wear a head-cap comprising electrodes. However, products developed by Muse
and Kokoon can be viewed as a productive step toward realizing EEG-based WBS in the
Muse has developed an application which measures EEG from the user’s temples to
which its sensors are attached [7].
Kokoon provides a set of EEG headphones which measure user’s mental state or mood
using brainwaves emitted, and accordingly play music [169].
(2) ECG: It measures signals emitted by one’s heart that are unique to the individual and is
more applicable for WBS [187]. Unlike EEG, ECG can be unobtrusively measured using
just an electrode attached to the skin.
Bionym is a company that has developed the Nymi wristband to use heartbeat proles
for uniquely identifying users and improving their lifestyle by personalizing their living
environment [1].
(3) Electromyogram (EMG): It is being leveraged by sports clothing companies, Athos and
Myontech, to design sportswear more conducive for superior athletic performance [116].
MyoWare has developed a hardware that facilitates the control of video games, robotic
movements, and actions of prosthetics based on movement proles exhibited by the
user’s motor neurons [38].
(4) Vocal Resonance: It refers to the voice of a user measured as the vocal sound waves
propagate through their body as against traditional voice recognition systems that use
the waves captured over air [60]. Placing contact microphones on the neck of the user,
the system can unobtrusively measure and model their vocal resonance.
(5) TIAX LLC has designed and developed wearable sensors and algorithms which can derive
vital signs and bio-signatures.
To facilitate seamless coordination and communication with minimal user interven-
tion, the company has adopted sensor-fusion methods that combine dierent streams
of physiological data such as EEG and ECG, ngerprints, and EMG response.
The application of learning algorithms for discovering and exploiting unprecedented
patterns is also being conducted [95].
(6) In December 2016, Valencell and STMicroelectronics launched a Scalable Development
Kit (SDK) for biometric wearable and Internet of Things (IoT) sensor platform.
It uses SensorTile of the STMicroelectronics, an IoT sensor module with one STM32L4
microcontroller, a Bluetooth Low Energy chipset, a host of MEMS sensors including
accelerometer, magnetometer, pressure and temperature sensors that are both highly
accurate as well as energy-ecient, and a digital MEMS microscope [125].
It is combined with Valencell’s Benchmark biometric sensor system platform, and to-
gether enable the development and support of advanced wearable applications, includ-
ing biometric authentication and identication.
Valencell has also introduced technologies to measure heart-rate using forearm, and
earbud-based sensors for evaluating energy expenditure, net calories burned and max-
imum oxygen consumption, and magnetic sensors for measuring cadence [74,75,120].
(7) Skull Conduction: An integrated bone conduction speaker was designed and proposed
at the CHI Conference on Human Factors in Computing Systems in May 2016, where
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:8 A. Sundararajan et al.
the authors introduced an embedded wearable, SkullConduct, integrated with wearable
computers like Google Glass [184].
A 1-Nearest Neighbor (1NN) classier was used in conjunction with Mel Frequency
Cepstral Coecient (MFCC) features to analyze and interpret unique frequency re-
sponse registered by the skull in response to the propagation of soundwaves within
its bone structure.
It was touted to be stable, universal, collectible, non-invasive, and robust. It was pro-
posed both as a verication as well as an identication system.
(8) Signature: The work focused on using it as a form of identication, where an unknown
signature was used as an input to verify if a claimed identity was forged [156].
(9) Tou ch: This work leveraged touch-based behavioral modality and combined it with smart
eyewear to conduct continuous user authentication.
To reduce the invasiveness in authentication, the authors in this work proposed an eye-
wear that captures user interactions such as single tap, forward, downward and back-
ward swipes, and backward two-nger swipes to perform continuous, online authenti-
cation of the user [167].
This has been touted to achieve a detection rate of 99% and a false alarm rate of 0.5%
under an equal probability of occurrence of all six perceived user events.
All of the above applications more often than not consider the use of individual biometrics as
wearables, in which case certain signicant challenges fail to come to the forefront. However, when
a colony of sensors are networked together to constitute a WBAN, security concerns become more
pronounced, as will be explored in Section 5.2.
Key Takeaway Points: The following are the key takeaway points from this section:
(1) WBAN is a central component of WBS and has a typical range of 1–2 meters around the
user’s body and comprises multiple sensors that can be implanted, embedded, or invisi-
ble, each dedicated to unobtrusively and independently measure specic modalities. Such
wearables are called passive biometric systems.
(2) The nodes of WBAN use wireless protocols to communicate among themselves and are
coordinated by an on-, in-, or o-body sink.
(3) WBAN communication protocols must account for trac resolution, collision contingen-
cies, energy-saving, auto-conguration, throughput, and delay.
(4) WBS system model comprises WBAN, and units for signal preprocessing, feature extrac-
tion and selection, feature matching, and cloud-powered data storage and management.
(5) There exist multiple WBS products in the market that utilize dierent modalities, either
in isolation or combination, such as EEG, EMG, vocal resonance, ngerprints, skull con-
duction, signature, PPG, heart-rate, and touch.
(6) Some of the forerunner companies that have released WBS products include Google, Fitbit,
Nymi, Myontech, Valencell, Apple, Motorola, Muse, Kokoon, TIAX LLC, and MyoWare.
Modalities can be categorized in various ways depending on the criteria. For instance, based on
their type, they can be classied as physiological (iris, hand, retina, ngerprint, DNA, earlobe,
Electrocardiogram (ECG), and odor, among others), cognitive (Electroencephalogram [EEG]) and
behavioral (signature, keystroke, voice, and gait, among others) [28,35]. All of these modalities
comprise certain characteristics like universal—should be possessed by every person, unique
should distinguish any two individuals, permanent—should not be drastically aected by age
or fatigue, collectible—should easily be acquired by non-invasive means, acceptable—should be
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:9
approved by the public for widespread use, and circumventive—should not allow adversaries to
easily bypass it [44,61]. The modality characteristics for TBS were summarized in an earlier work
Ideally, the modalities used by WBS, in addition to the above six characteristics for TBS, must
have the following characteristics: (1) Security: overall condence that users can invest in the
modality against the loss of condentiality, integrity, or availability; (2) Reliability: extent to
which the modality can be trustworthy; (3) Mobility: extent to which the modality’s use does not
get impacted by constant or intermittent motion with respect to sink; (4) Variability: extent to
which the above characteristics change with respect to time; (5) Interference: extent to which the
above characteristics get adversely aected by the presence of physical or electromagnetic imped-
iments; and (6) Invasive: extent to which measurement of the modality creates user discomfort.
The constraints of WBANs like communication latency, throughput, and amount of energy con-
sumed, in addition to security and resiliency, can be regarded as factors to determine the character-
istics. Table 1summarizes the dierent WBS modality characteristics, where each fares dierently
in satisfying the identied factors. The extent to which each modality contributes to enhance fa-
vorable factors (like throughput, goodput, security, resiliency) and reduce unfavorable factors (like
energy consumed, latency, size) is used to qualitatively rank their suitability to a particular char-
acteristic: Hstands for High suitability, Mfor Medium, and Lfor Low. As explained earlier in
Section 1, the modalities, irrespective of being applied to TBS or WBS, must be unique, universal,
permanent, collectible, acceptable, and circumventive in nature.
The table shows how the modalities shown in Figure 2fare with the key characteristics identi-
ed for WBS. It can be inferred that while some modalities fare poorer for certain characteristics
when implemented in TBS, they fare better on WBS. For example, iris or retinal pattern might be
cumbersome to measure when implemented in TBS since the users are required to place their eye
in line and close to the camera. However, the same when implemented in WBS is very easy to
measure, considering users can use smart eye-wear like Google Glass to eciently measure iris
structures and even retinal patterns in a less invasive manner.
Key Takeaway Points: The following are the key takeaway points from this section:
(1) Biometric modalities must have six fundamental characteristics. They should be universal,
permanent, collectible, unique, acceptable, and circumventive.
(2) The modalities used by WBS have additional characteristics: security, reliability, mobility,
variability, interference, and invasiveness.
(3) The constraints of WBANs like communication latency, throughput/goodput, and amount
of energy consumed, can be regarded as primary factors that determine the system’s op-
erational dynamics.
(4) While some modalities fare poorer for certain characteristics when implemented in TBS,
they fare better on WBS as they could be easier to measure.
(5) Modalities that have a “Low” suitability for a particular characteristic in TBS domain might
possess a “High” suitability for the same characteristic in WBS domain, considering the
two systems have dierent operational dynamics.
(6) It can, hence, be understood that the operational dynamics identied in point number
(3) signicantly shape the extent to which the modalities contribute favorably to their
dierent characteristics, thereby showcasing a strong dependency between the two.
(7) Between physiological and behavioral modalities, further explained in Section 3,thelat-
ter have more dynamism, and hence are better suited for continuous authentication ap-
plications that would also not increase the invasiveness or jeopardize the privacy of
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:10 A. Sundararajan et al.
Table 1. Summary of Key Characteristics of Dierent Modalities for Wearable Biometric Systems
Vei n Odor
print Retina Iris Face Gait
MMG Voi c e ECG EEG PPG Skull
Unique H M M H H H M M M H M H H H H
Universal H M L M H H H M M H M H H H H
Permanent H M M H H H M M M H M H H H H
Collectible H M M H H H M M M H M H H H H
Acceptable H M M H H H M M M H M H H H H
Circumventive H M M H H H M M M H M H H H H
Secure H M M H H H M M M H M H H H H
Reliable H M M H H H M M M H M H H H H
Mobile H M M H H H M M M H M H H H H
Variable H M M H H H M M M H M H H H H
Interferential H M M H H H M M M H M H H H H
Invasive H M M H H H M M M H M H H H H
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:11
Although modalities typically satisfy most characteristics described in Section 2.3, they focus on
the modality itself but not on the products that use the modality. Performance is more applicable
for products that use biometrics rather than the biometric itself. The characteristics summarized
in Table 1also aect the performance of such technologies. With the integration of high-end data
fusion, analytics, processing, and personalization in order to securely authenticate and/or identify
users, performance can be considered an important part of evaluating biometric systems.
4.1 Performance Evaluation Metrics for TBS
Evaluating the performance of TBS has been a widely studied topic in literature [8,70,85,89].
A comprehensive summary of dierent performance evaluation metrics and charts used for TBS
was described and summarized in [168]. The work documents that in accordance with the ISO/IEC
standard 19795 Parts 1 and 2 for biometric system performance evaluation, multiple metrics are
used for verication, such as the following:
False Match Rate (FMR): probability of the technology wrongly authenticating an individual
claiming to belong to his correct identity.
False Non-Match Rate (FNMR): probability of the system wrongly rejecting an individual
claiming to belong to his correct identity.
EER or Crossover Error Rate (CER): probability that FMR =FNMR or False Accept Rate
(FAR)=False Reject Rate (FRR), where FAR and FRR are system-level errors.
True Acceptance Rate (TAR) which is 1 FRR; and Weighted Error Rate (WER): the
weighted sum of FMR and FNMR [209].
Several curves have also been proposed in order to measure system performance more compre-
hensively, such as the following:
Receiver Operating Characteristic (ROC) which plots FNMR,FRR,orTAR on Y-axis and
FMR or FAR in X-axis.
Detection Error Tradeo (DET) curve which uses nonlinearly scaled axes to show the re-
gions of error rates of interest.
Expected Performance Curve (EPC) which uses a performance criterion like FMR to mea-
sure performance in terms of FNMR or vice versa.
The rst two curves are a posteriori as the evaluation is dependent on previous knowledge, and the
last is apriorisince it is independent of prior knowledge. A more comprehensive study was incor-
porated in [78], where TBS performance evaluation was restructured considering the international
Common Criteria (CC) for Information Technology (IT) Security Evaluation and its Common Eval-
uation Methodology (CEM) guidelines, viewing TBS as IT systems.
This article classies TBS into Verication and Identication systems, the latter focused on deter-
mining the identity of an individual who may belong to the database (closed-set) or not (open-set).
Closed-set system performance evaluation is done using a Cumulative Match Characteristic
(CMC) curve proposed in [65], mostly used for systems which generate an ordered list of matches
between the test subject and existing samples in the database, sorted from most likely to the least.
Each of these matches is labeled as a rank. The rst match, which is most likely, is called Rank-1,
followed by the second most likely match labeled as Rank-2, and so on. CMC plots probability
value on the Y-axis against rank on the X-axis. The probability value for a given rank k, known as
“identication rate for rank k,” depicts the percentage of time when the system correctly identies
the test individual within the rst kranks. Ideally, the system is expected to identify an individual
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:12 A. Sundararajan et al.
in the rst attempt (rst rank). Hence, Rank-1 CMC is ideal. However, in real-world conditions,
systems tend to have identication rates closer to 1 as the ranks increase. As a measure of perfor-
mance, the system whose identication rate hits 1 for the least rank value is deemed to be better.
This metric is more widely used for face and iris recognition systems. Open-set identication
is done using two approaches: exhaustive comparison where the system compares the test sample
with all existing samples in the database, and retrieval-based systems where it employs two sub-
systems for ltering the samples to allow only those with a “score” above the predened threshold
to be considered for the matching process, and the actual matching with test sample. This class
of methods considers two more metrics: Detection and Identication Rate (DIR), and False Alarm
4.2 Performance Evaluation Metrics for WBS
The performance of WBS under real-world conditions is more complex to measure owing to multi-
ple external factors which vary with the type of modality, such as ambient noise, distractions, poor
connectivity between the sensors and sink, lighting conditions, stress, and anxiety. Hence, most re-
search eorts attempt to quantify their performance under laboratory or experimental conditions,
making it idealistic.
Nevertheless, performance evaluation of WBS is very nascent. Metrics identied for TBS such as
accuracy, FAR, FRR, ERR, and DIR are also applicable for WBS. However, the term “accuracy” has
gained a deeper signicance among others in wearable context, where it includes not just accuracy
in the measurement of the signals, but also the condence-level, immunity against external and
bodily disturbances, quality of operation among sensors, communication latency and throughput,
quality of assurance of results, ecient WBAN management to avoid congestion and collision, and
energy consumption rate [6,13]. In a preliminary survey conducted at the Biometrics Institute Asia
Pacic Conference in May 2016, 54 professionals were asked to provide their inputs on the potential
applications for WBS, some crucial concerns they saw as hindrances to widespread adoption of
the technology, and some potential formats in which they could be made available in the future
[12]. This article utilizes the results from the study to propose more metrics with respect to the
components identied in the WBS system model earlier.
In literature, much emphasis has been laid on form factor and size as contributing factors to-
ward achieving optimal or near-optimal performance, considering that the performance of WBS
decreases with decreasing form factor. While reduced form factor could sometimes imply greater
comfort for the users, it limits local computation capability, necessitating the use of signal pro-
cessing, feature extraction, and matching to be located external to WBAN. This in turn exposes
the WBS to threats that TBS did not have to deal with. Before reviewing the evaluation metrics,
the factors on which wearable performance depend are described below in brief.
(1) Physiology: Modalities are sensitive at dierent levels to dierent factors such as skin
complexion, body shape, and size. For example, the level of fat under the skin could aect
the measurement of EMG signals, but it might not aect the measurement of a signal like
EEG. Similarly, skin complexion could change the level of absorbed light (used by PPG).
(2) Number and placement of sensors: Directly correlates with the quality of signal mea-
surement. Improper placement or implantation of sensors leads to weak or erroneous mea-
surement, aecting quality and accuracy, and hence performance.
(3) Changes induced by mobility: Quality of operation must not vary beyond an accept-
able range when users are subject to movement, including rigorous physical exercise, true
especially for ECG, PPG, and EEG that are prone to interference with external noise.
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:13
(4) Environmental elements: External noise due to ambient elements could signicantly
corrupt the measured signals. A technique called Active Signal Characterization (ASC),
proposed by Valencell, measures biological, motion, and environmental signals as they
come through optical and accelerometer sensors [119]. The required signal is then ltered
to remove noise related to motion and other external signals. The separated noise could
be used as supplementary data to deliver crucial insights into the user environment and
motion-related features. A preliminary study has also been conducted on PPG [14].
(5) Crossovers: Periodic movements made by a body could be mistaken by the system to
represent a biometric modality. For example, the step-rate measured during activities like
jogging or running could be mistaken for heart-rate and lead to miscalculations or wrong-
ful verication/identication, both which bring down performance.
(6) Performance of the matching classiers: Whether one-class or multi-class, feature
matching algorithms have their pros and cons with respect to performance. No matter
how good a signal measurement, a less accurate classier with poorly t model could yield
substandard results. The classier model’s performance for skewed training data (classi-
cation bias), precision, recall, and F1-score are some additional performance metrics that
could be used to indirectly measure WBS performance [147].
(7) Handling heterogeneity: There are multiple types of wearable sensors that comprise
WBAN, but measurement, signal preprocessing, feature extraction, selection, and match-
ing techniques for each of them vary signicantly. Hence, the features that extractor and
selector models look for also vary. However, in a comprehensive wearable environment,
the extractor/selector and matcher are all embedded within a single device. Hence, the
models used for performing such tasks must be adaptive to more than one type of signal,
and the changing tolerance levels to dierent signals aects performance.
Based on these factors, many performance evaluation metrics have been proposed recently in
literature, including some patents [32,34,121,182]. They have all been investigated for healthcare
and personal tness, specically for PPG. It is noteworthy that, like characteristics, metrics for TBS
performance evaluation are also applicable for WBS. Following are the metrics unique to WBS.
Accuracy: Aected by factors (1)–(7); its calculation could be subjective due to the in-
volvement of many subject-variant factors. Companies such as Valencell have attempted to
deliver Precision Wearable Biometrics that account for these factors. Much emphasis has
been laid on wearables for healthcare and tness applications, but not user security.
Flexibility: Aected by factors (1), (2), and (7); considering the dynamic and highly sensi-
tive nature of WBS, much performance analysis has been typically done through validation
testing by classes of users representing dierent physiologies such as skin tone, complexion
and texture, body shape and size, and much more [115]. It has become a common practice
employed by most wearable companies prior to releasing products. In other words, the WBS
should be exible enough to be used by the majority of the human population.
Interoperability: Aected by factors (3), (4), and (7); WBS must actively communicate ei-
ther with other wearables within the same WBAN or to the sink(s). They must not only
measure data with good quality, but also transmit them to the sink without losses or cor-
ruption. WBAN communication strategies discussed earlier in Section 2.1 provide an insight
into the interoperability of WBS.
Security: Aected by factors (2), (4), and (5); besides lossless and reliable communication,
security is also key to performance. Encryption might not be suitable to secure signals from
wearable sensors as it demands additional computation power. Ecient resource-aware key
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:14 A. Sundararajan et al.
management and signal data scrambling methods are two alternatives, where descrambling
could be performed by the sink during signal preprocessing.
Resource allocation: Aected by (2), (4), and (5); prolonged battery life is one of the highly
anticipated deliverables for WBS. Hence, the extent to which WBAN nodes manage their
computation and communication powers to maximize functioning while minimizing con-
sumption could be a metric for evaluating performance.
Versatility: Aected by factors (1)–(3) and (7); it is the extent to which a WBS can be
eectively molded into dierent consumer-friendly forms that encourage longer battery
life and reduced form factor. People are fashion-conscious, and hence, WBS must not only
be non-invasive and comfortable, but also be elegantly designed with appealing aesthetics
in such a way that performance is not hindered.
Power Consumption: Aected by factors (2) and (4)–(7); in order to optimize power con-
sumption, the amount of energy expended by sensors for every bit of information could
determine their performance [94]. Furthermore, as shown by [51] for Bluetooth-WBAN,
synchronization strategies could help improve accuracy and limit unnecessary power con-
sumption, thereby improving overall performance. Wake-up Radios (WURs) were proposed
to listen to wireless channels in a power-ecient way through preamble sampling and con-
tinuous channel listening [145].
Network Eciency: Aected by factors (2), (4), and (5); optimal use of communication
bandwidth is a key concern for nodes within WBAN, between WBAN nodes and sink, or, in
some cases, between sink and cloud. Since most wearables today use wireless communica-
tion like WiFi, Bluetooth, and cellular networks, they operate in the same frequency bands
as other devices like mobile phones, laptops, and smart home appliances. While temporary
solutions such as freeing up more bandwidth, spectrum sharing, and dynamic allocation
and deallocation of bandwidth depending on the usage have been implemented, underly-
ing bottlenecks of network congestion, noise, and subsequently performance degradation
persist. Visible spectrum was proposed to establish wireless information transfer via Light
Emitting Diodes (LEDs) [39]. Multi-tiered network architecture was also proposed, bolster-
ing the emerging fth generation (5G) mobile-communication systems where there exists
one device, known as “seed,” that connects to the internet and relays common information
to the nodes subscribed to it [96]. Dynamic use of bandwidth can be feasible through the
use of Cognitive Radios, which hop into underutilized bandwidths, lowering latency and
maximizing performance [92].
Spectral Eciency: Aected by factors (2), (4), and (5); measured in bits/s/Hz, it refers to
the extent to which a physical or MAC layer protocol can eectively use the limited fre-
quency spectrum bandwidth available (Hz) to maximize its information rate (bits/s). For
WBS, this is very important given their limited resources and bandwidth. Spectral e-
ciency ηhas a probable mathematical formulation as shown below, where NRand NTare
the number of receivers (sink) and transmitters (sensors), respectively; Gij is the goodput
(transmission of useful information bits between transmitter iand receiver jper unit time);
Dij is distance between transmitter iand receiver j;Uij is mean societal value received by
transmitter ifrom receiver jin return for every bit transmitted, where the societal value in-
cludes economic, social, and environmental benets; and Aand Bare area and bandwidth,
respectively, in which transmitter iand receiver joperate [196]:
AB .(1)
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:15
Key Takeaway Points: The following are the key takeaway points from this section:
(1) TBS performance has been conventionally measured using metrics like FAR, FRR, FMR,
(2) Although the metrics used to evaluate TBS can be extended to evaluate WBS, the latter
have more metrics owing to their diering operational dynamics.
(3) Some of the key metrics that can be used to evaluate the performance of WBS include sys-
tem accuracy, operation exibility, device and application-level interoperability, systemic
security, functional versatility, resource-eciency, energy-eciency, network eciency,
and spectral eciency.
(4) WBS performance measured by each of the above metrics is in turn impacted by one or
more of various factors such as physiology, placement and orientation of sensors, external
environment, crossovers, system component performance, and heterogeneity in sensing
and computation.
Before moving ahead, a primer on the terms related to biometric security is briey presented. A
Threat is anything that has the potential to inict serious harm to the technology of concern. A
vulnerability is a weakness that when successfully exploited manifests the threat into an attack
[18]. An attack vector is a means by which a malicious entity can compromise a system by exploit-
ing its vulnerabilities for a malicious outcome [183]. An attack is the execution of an attack vector
by an adversary who successfully exploits a series of vulnerabilities in the concerned domain. A
coordinated attack comprises multiple attacks, sequential or parallel, represented using attack vec-
tors that may exploit the same vulnerabilities. An attack is applicable to both TBS as well as WBS
in two ways: system attacks that tamper the hardware or rmware, or pattern recognition attacks
where the feature extraction and feature matching modules are harmed. While system attacks are
applicable to any domain, pattern recognition attacks target feature selection and extraction. It
can be said that TBS and WBS are both prone to system attacks, but it is harder to conduct pat-
tern recognition attacks on WBS. However, it is not impossible to do so, as will be discussed in
Section 4.
The threats, attacks, and defense landscapes can be categorized for the purposes of this survey
into dierent classes. The rst, called Technology Attack (T), considers attacks that exploit vulnera-
bilities of the system’s technology, while the second, called Modality Attack (M), considers attacks
that exploit vulnerabilities of biometric modalities used by the technology. When an adversary
exploits vulnerabilities of both technology as well as modalities, a Hybrid Attack (H)could be re-
alized. These attacks can be applied to both TBS as well as WBS. There are also dierent Agents
which enforce a threat into an attack: impostor that deliberately or accidentally pretends to be
the authorized entity, attacker that intends to access or compromise the technology with mali-
cious intent, snooper that intends to access or compromise the technology with no malice, and
erroneous that compromises the technology accidentally. Sometimes, these agents could also be
non-human [18]. Penetration testing is conducted to discover hidden vulnerabilities and establish
attack vectors that can then be mitigated [41].
5.1 Threats, Aacks, and Defenses for TBS
Figure 5shows the system model of TBS with dierent points of attacks, as identied by the dier-
ent works in literature [21,66,153,166]. In this gure, only the authentication phase of the system
is shown, since enrollment is subsumed in the authentication except for the template creation
stage, the security-related signicance of which was already described in Section 1. Considering
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:16 A. Sundararajan et al.
Fig. 5. Block diagram of aack model for TBS.
how various components interact with each other, a successful attack on one component could
pave the way for subsequent compromise of other components. It is to be understood that the
categorization of attacks described earlier in this section is made with a certain degree of indepen-
dence between them. For example, a successful Modality attack does not guarantee a successful
compromise of the entire system, since the technology might still remain unaected. Similarly,
a Technology attack might be conducted without directly compromising any of the modalities.
Those attacks which require to disrupt both technology as well as modality are categorized as
Hybrid to avoid any confusion. While a successful Modality attack aects condentiality but not
necessarily integrity and availability, a successful Technology attack impacts integrity and avail-
ability but not necessarily condentiality. A Hybrid attack compromises all three cornerstones of
Table 2summarizes the attacks, corresponding threats, and defenses against TBS. Analysis of
system-specic attacks and defenses have been extensively studied in literature [71,193].
5.1.1 MThreats, Aacks, and Defenses. This class refers to attacks that exploit the vulnerabili-
ties of the users or their modalities to successfully penetrate into the system. Spoong or identity
(ID) theft is the oldest form of attack (also called a Direct or Presentation Attack) where modalities
such as ngerprints, iris, signature, and others can be recreated or spoofed using gummy ngers,
high-resolution color printouts, 3D robotic eyes, and much more [52,73,100,105]. In general,
to protect against Class 1 attacks, proper enforcement of enterprise-level security such as access
controls must be enabled. Additionally, security policies must be strictly enforced to avoid cre-
ating loopholes. Physical hardware of TBS must be capable of working without signicant loss
of performance in the event of an attack or outage [217]. Targeted direct attacks have lately been
minimized by the use of sophisticated sensors equipped with Presentation Attack Detection – PAD
(also called live-ness or vitality detection, or anti-spoong) techniques [48,82,83,86,88,101,172,
5.1.2 Sys Threats, Aacks, and Defenses. This class of attacks targets the system components
by exploiting vulnerabilities at dierent points identied in the system model (Figure 1) except
the feature extractor and matcher: communication channels, modality residuals, and the template
storage unit. Two forms of eavesdropping attacks exist. Passive eavesdropping intercepts the vul-
nerable communication channel between sensor and feature extractor modules but does not alter
or steal it; active eavesdropping like Man-in-the-Middle (MITM) and storage channel interception
usurp, swap, or corrupt legitimate data to disrupt rightful operation of the system [2]. While only a
few employ encryption when sending the captured biometric signals, they do not enforce forward
secrecy (a method to ensure the non-compromise of previously secure events even if the current
event is compromised) [164]. Attacks and defenses related to biometric templates discussed in
Section 1are applicable here. Since TBS are database-oriented, they need to query the stored
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:17
Table 2. Summary of Classwise TBS Threats, Aacks, and Defense Mechanisms
Class Attacks Threats, Vulnerabilities Defenses
Presentation attack,
Easily reproducible,
Poor manual supervision,
Poor fault tolerance,
Gullible to close relatives,
Supervised enrollment,
Access controls
Physical tamper,
Bad data injection,
Template substitute,
Denial of Service
Lack of policy
Sensor memory/circuit
Flaw in sensor software,
Poor key management,
Weak/no encryption,
No perfect forward
Lack of interoperability
between other systems,
Susceptibility to Trojan
Tradeo between template
security and system
Storage channel
Key discovery
Physical security,
Fall-back systems for
fault tolerance,
Use of Session keys and
Digital signatures,
Random/cued challenges,
Biometric cryptosystems,
Template encryption,
Template fusion,
One-time biometrics
Characterize feature
Feature replay,
Feature correlation,
Trojan horse to alter
match scores
Known template storage
Information of data type
created by feature
Correlation among
Matcher and
decision-maker program
Poor exception handling,
Missing match upper
Use biometric feature
Revocable biometrics,
Feature randomization
from multiple input sets,
Eective debugging with
exhaustive use-case
Match-score quantization
Buer Overow,
Enrolling crafted
samples to matcher,
Hill climbing
Fraud during enrollment Feature fusion from
multiple modalities
template in order to make the comparison, which an attacker could modify. If the encryption
is not strong, the attacker can replace the query with malware to corrupt the database [76]. Tem-
plate swapping is a special case of substitution. It deals with replacing a legitimate template with
that of any user, even external to the system [104,110]. Alternatively, template could be compro-
mised by exploiting weaknesses in the database architecture or schema, enabling the attacker to
insert, update, or delete templates of legitimate users. DoS can be executed by feeding TBS with
an overwhelming number of feature samples through Bad Data Injection (BDI), MITM, or replay
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:18 A. Sundararajan et al.
Specic defense mechanisms such as tagging input signals with timestamps and using session
keys to ensure forward secrecy have been developed [176]. Template encryption methods such as
secure sketch schemes, homomorphic encryption, and chaotic theory could be used. They perform
better than standard hashing and encryption methods that fail for biometric templates [68,148]. A
modied Hill Cipher algorithm for encryption and a combinatorial Discrete Cosine and Discrete
Wavelet Transforms for concealment were proposed that led to an overall improvement in tem-
plate storage [111]. Templates could be alternatively stored separately on smart cards, backed by
biometric cryptosystems. However, this imposes an additional restriction of users having to carry
cards all the time and increases the overall system complexity. One-time biometrics deter storage
channel interception by using statistical learning to create biometric representations, and then
applies chaotic mixing to generate an encrypted template, constituting a self-generated, dynamic
helper data [19]. Encrypted template is then decrypted into constituent biometric representations
using well-trained Hidden Markov Models (HMMs) and iterative Blind Source Separation before
being fed into fuzzy matcher. A multi-factor authentication can also provide defense against MITM
attacks by combining modality samples with PINs or passwords [103]. However, such additional
authentication mechanisms could prove counterproductive to the reason biometrics were intro-
duced. Biometric cryptosystems, which generate a helper data using a secret key and biometric
features, may also be used to prevent MITM attacks [206]. Here, only the helper data, which by
itself is useless to an attacker, is stored by the system, while the secret key is reconstructed during
authentication using extracted features and helper data [54,205].
5.1.3 PR Threats, Aacks, and Defenses. Attacks on feature extractor and matcher can be re-
garded mostly as PR in nature. Since randomness in modality features is hard to achieve for cryp-
tosystems, fuzzy-based extractors using shielding functions, fuzzy commitment, and fuzzy vault
schemes were proposed and applied to the key binding process [107,117]. However, attacks us-
ing feature correlation are shown to signicantly reduce performance [219]. If the attacker has
prior knowledge about the feature extractor, optimization methods to estimate the unknowns can
be devised using the knowns, exploiting statistical dependencies. Further, knowledge of feature
extracting algorithms such as PCA and LDA which use the entire biometric sample to construct
feature vectors, and Gabor lters and HMMs which select specic features of modalities prior to
forming the feature vector, can be used to exploit the correlation between features of modalities
that the extractors also use [20]. False Data Injection (FDI) could corrupt extracted features by the
addition of random noise or intelligent data. Such attacks could either be aimed at feeding a large
number of erroneous feature vectors to the matcher that would increase its FRR beyond acceptable
limits, or at manipulating the vector to circumvent or bypass the matcher.
Probable defense mechanisms include measuring feature entropy to gauge the level of unique-
ness of the modality and also the strength of cryptosystems for guaranteeing privacy [132]. Can-
celable or Revocable biometrics, also referred to as template transformation, distort input features
by a specic function by applying Gaussian noise models, and use multiple distorted features
for dierent levels of authentication [154,174]. They store not the original features but only the
distorted ones. However, they have a potential of increasing the system’s FRR considering the in-
herent feature variability among modalities. Feature extractors take this into account using error
correction codes, adjustable lters, correlation, or quantization [141,198,202,216]. Alternatively,
randomization of biometrics could be used, where multiple samples of a biometric signal are taken
(the number of samples varies), and a cumulative average of the samples is used to minimize the
intra-class variance [36]. Multimodal feature fusion is also proposed, which diers from revocable
biometrics by applying transformations and distortions to a single modality feature set to produce
multiple feature vectors. Feature fusion has been successfully applied to feature extractors and
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:19
Fig. 6. Block diagram of aack model for WBS.
tested for its robustness against various attacks including spoong and replay of extracted fea-
tures, and potentially feature correlation attacks [22,62,162,186]. However, practical signicance
of multi-factor authentication, revocable biometrics, and biometric cryptosystems is limited.
5.1.4 HThreats, Aacks, and Defenses. Attacks that are a hybrid of Mand Sys: buer overow
and residuals. Buer overow involves a system interacting with an external environment seek-
ing inputs, in this case, the sensor(s) [26]. Flaws in sensor memory allocation protocols could be
exploited by such an attack to overwrite codes important for a system’s rightful operation. System
authentication could be bypassed in some cases. Further, residuals (latent ngerprints, signature
imprints, or pressure points on specic keys in keystroke recognition systems) can be exploited
to conduct replay attacks [87]. A Hill Climbing (HC) attack is a hybrid of M,Sys,andPR attacks,
made more powerful by Nelder-Mead simplex optimization [158]. It creates an application that
sends random templates to the system, disturbed iteratively [84,147]. The system works by read-
ing output match score and proceeding with perturbed template only after score surpasses the
acceptance threshold. Successful applications of HCA to TBS exist in literature [84,139].
Since HCA targets matching scores of feature matching algorithms, defense mechanisms aim
to immunize the matcher. Score-level fusion techniques, namely, SVMs, likelihood ratio-based fu-
sion, and sum rule-based method preceded by normalization, were analyzed for their performance
and accuracy for multimodal biometric systems comprising ngerprints, face, and nger vein [93].
Another contemporary method proposed the use of triangular norms to make score-level fusion
faster and computationally ecient, again for multimodal systems [90]. HCA was applied for on-
line signature TBS by modifying initialization, restart, and centroid computation steps of the tra-
ditional Nelder-Mead algorithm. It also proposed a Llyod-Max non-uniform score quantizer to
determine quantization levels such that the Mean Square Error (MSE) between original and quan-
tized versions is minimized. Additionally, decision-level template fusion was shown to degrade
performance least when compared to fusion at sample, instance, or algorithmic levels [215]. Since
matching and decision-making modules of the system contain program codes that have access to
crucial parameters besides the match score, like FRR, FAR, FNMR, and EER, ineective program
blocks could be compromised through the use of Trojan horse.
5.2 Threats, Aacks, and Defenses for WBS
WBS are associated with a new dimension of threats and vulnerabilities. Figure 6shows their
generic attack model. In WBS domain, Class Mattacks exploit vulnerabilities of modalities and
users, while Sys attacks are surveyed under two classes: Sys-WBAN and Sys-Sink. Attacks on
WBAN sensors, intra-body communication, and the communication channel between WBAN and
sink come under Sys-WBAN while those that target the sink’s signal preprocessing unit, commu-
nication between sink and cloud, and cloud storage infrastructure itself. Class PR attacks target
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:20 A. Sundararajan et al.
Table 3. Summary of Classwise WBS Threats, Aacks, and Defense Mechanisms
Class Attacks Threats, Vulnerabilities Defenses
keystroke inference,
Poor manual supervision,
Poor fault tolerance,
Gullible to close relatives,
Supervised enrollment,
Access controls
Direct attacks,
Counterfeit sensors,
Selective forwarding,
Brute-force search,
Sensors transmit only useful
Dicult policy-making,
Expensive to encrypt,
Feature entropy,
WBAN broadcasting,
Noisy network,
Half-duplex intra-WBAN
Multi-point fuzzy
Cluster-based security,
MBStar WBAN topology,
Trust-based key management,
Elliptic Curve,
Cryptography Additional
hardware lters,
Defensive jamming,
Hyper-quiet networks,
Tamper-proof sensors,
Data misuse by third
Threats due to third
Providing false trust
SQL injection,
Trac redirection,
Privacy exposure,
Session hijack,
JTAG (-R),
External device
Side-channel attack
Weak/no WBAN-to-sink
Varied o-body sink network
Third party encryption,
More data logged than
Application of similar
security levels for dierent
kinds of data,
Sink broadcasts to cloud,
TLS could be bypassed,
Location-related information
Obtrusive authentication,
Untrusted applications
Vulnerabilities of sink,
Weak device-application
bonding policies
Cluster-based security,
Proximity detection,
Mutual authentication,
Random challenge/response,
Network segmentation,
Administration of backups,
Dedicated onsite cloud,
Careful policy inspection,
Data protection,
Context-based data security,
Trust revocation,
Network segmentation,
Data compartmentalization,
Symmetric encryption,
Timestamps to obfuscate
OS-level device-application
Noise/redundancy in signals,
Collection of geolocation and
Time-variance of signals
Matching-level fusion,
Multi-factor authentication,
Feature-level fusion,
Attribute-based encryption,
Case-based reasoning,
Spectral analysis of signals
the sink’s feature extraction and selection, and feature matching. Table 3summarizes threats and
vulnerabilities, attacks, and corresponding defenses for WBS, organized classwise.
5.2.1 MThreats, Aacks, and Defenses. At the modality level, WBS exhibit fewer variations in
attack surface than TBS. While direct attacks are possible in WBS too, they are not conducted using
shoulder-surng or spoong of templates, since WBS employ passive authentication. Hence, such
attacks are conducted at the system level (Class Sys-WBAN). Collusion and coercion,however,
are still prevalent techniques that employ social engineering skills to deceive a legitimate WBS
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:21
into authenticating or identifying an attacker. A motion-based keystroke inference attack on
smartphones was demonstrated by [50], where its feasibility was shown despite the inuence of
noise, device dimensions, and screen orientation. Using Long Short-Term Memory (LSTM) deep
neural networks, motion sensors of wearable wristbands like smartwatches could be used to infer
keys typed by the owner on other devices like PC or cellphone keypad for spying [37].
5.2.2 Sys-WBAN Threats, Aacks, and Defenses. This class of attacks targets WBAN and the
communication between WBAN and sink. Owing to stringent energy and resource limits, WBAN
sensors transmit only useful information, and go through sleep and wake-up cycles to conserve
energy, relaying messages through half-duplex wireless broadcasts. By virtue of this, direct at-
tacks by eavesdropping are prevalent. Thorough network reconnaissance could make an external
wireless node privy to signals being exchanged between sensors, and sometimes even between
sensors and sink. Decoded signals could reveal sensitive information that could then be stolen by
the adversary, or even modied to make sensors act anomalously, causing life-threatening behav-
iors. Sometimes, counterfeited sensors could be deployed into WBAN which are prone to jam-
ming attack where a malicious node reduces availability by causing collision to each packet of
interest [208], Sybil attack where a sensor node exhibits dynamic personality by falsely claiming
the identities of other surrounding nodes within the same WBAN through impersonation [160],
or wormhole attack where a sensor node could trick other nodes in the network into thinking
it is only a few hops away from them when in reality it could be otherwise, thereby not only
confusing the routing algorithms, but also causing more energy and resource consumption [109].
Counterfeited or compromised sensors could also be manipulated to conduct selective forward-
ing attacks, where the node intercepts only specic packets of data but not all, thus prompting
re-transfer or restart of packets that in turn drains energy [49]. Most WBS use Bluetooth, WiFi,
and ZigBee for communicating with their sinks [33]. For higher performance and comfort, most
commercial WBS transfer sensitive geolocation in clear text, which could be easily intercepted
through brute-force attacks. Most WBAN-sink communications only employ sink-to-WBAN au-
thentication to minimize the overhead on WBAN. However, this makes the entire communication
link vulnerable to MITM and salami thefts, the latter of which steals small chunks of sensitive
data unrecognizable individually but compromises over time. No work in literature has studied
the eect of salami attack on WBS, but an assessment of salami attacks and ID thefts on IoT, a
superset of WBS, was conducted by [99].
Amulti-point Fuzzy commitment scheme for key management using ECG was proposed,
and its performance evaluated by augmenting Gray coding into its binary encoder and error cor-
recting codes to ne-tune accuracy [46]. A unique data scrambling approach using interpolation
and random sampling was also applied instead of conventional symmetric cryptographic tech-
niques. However, the practicality of this strategy in the presence of fading and distortions was
only briey addressed. Another energy-ecient key management and refresh scheme using mul-
tiple clusters was proposed, which used both predetermined as well as randomly generated ECG
keys for creating hybrid security [27]. This technique is applicable better to WBANs than data
scrambling. A more reliable and secure protocol for the inherent star topology of WBANs was
proposed, termed as MBStar [220], addressing the problem of long hyper-period communications
required by TDMA in the MAC layer under varying schedule proles by keeping a global hyper-
period schedule on the gateway/sink side and assign node-specic local schedules with conict
resolution. It demonstrated co-existence functionalities with other standard protocols like Blue-
tooth, ZigBee, and WiFi. A trust key management scheme for WBAN implemented using ECG
utilizes ECG to generate symmetric session keys and manage them for end-to-end communica-
tion, also between sensors and sink [142]. Some approaches advocate the separation of signal
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:22 A. Sundararajan et al.
measurement and authentication in sensors, where a separate middle-entity called Guardian was
proposed for the Implantable Medical Devices (IMDs) scenario to protect against jamming, di-
rect attacks, selective forwarding, and brute-force search through techniques like defensive jam-
ming (jamming sensors when communication link is jammed by an attacker) [214]. Some defense
methods consider non-Radio Frequency (RF) wireless data communication using Body Chan-
nel Communications (BCCs), where the human body is converted into a channel/medium to
send messages, consuming power less than 1mW at rates greater than 100kbps [161,185]. Hyper-
quiet network principles and network segmentation employ layered architecture for isolating
network trac based on the type of data to be transmitted, thereby lowering network conges-
tion. Although encryption is the most sought solution in networks, it is an expensive feature for
WBAN-sink communications, especially with WBAN. Traditional Public Key Infrastructure (PKI)
use RSA, but other methods such as Elliptic Curve Cryptography (ECC) in conjunction with
symmetric encryption have been proposed [127]. In some cases, proximity detection can be used
where the distance between WBAN and sink can ascertain whether the signal is fraudulent. How-
ever, simple proximity checking might not work in cases where wearables are designed to perform
remote services. Hence, context-aware proximity checking is needed. Mutual authentication
could also be used where wearable sensors and sink establish handshake to ensure secure com-
munication channels using Physical Unclonable Function (PUF) that employs challenge-response
methods to parry replay attacks [128], and an energy-aware mutual authentication by the use of
hash and XOR operations over a star two-tiered topology [98].
5.2.3 Sys-Sink Threats, Aacks, and Defenses. This class targets the sink’s signal processing and
computation units, cloud, and communication link between sink and cloud. While some WBS fea-
ture local storage and processing capabilities, still many others like Google Glass and Fitbit opt for
cloud-based data storage and processing. Although loss of privacy and network impersonation
attacks could be conducted when sink communicates with cloud, trac redirection and Cross-
Site Request Forgery (CSRF) attacks are also emergent [218]. A greater number of organizations
adopt Bring Your Own Device (BYOD) policies, where multiple sinks can access similar services
oered by the cloud [112]. Multiple applications within a sink can also establish communication
with the cloud, creating an environment vulnerable to sning or theft of legitimate information.
WBS could use Software as a Service (SaaS) cloud platforms, which provide sleek front-end and
monitoring features, pushing signicant jobs like management, communication, computation, and
storage to trusted third parties, thereby raising privacy concerns [11]. Deceptive and ambigu-
ous privacy policies trap users, allowing parties to sell information they collect to third party–
managed databases which might not have strong information security protocols in place. Session
hijacking attacks (cookie and session thefts, brute-force) that steal sensitive data owing into the
sink have also been studied [56]. Some WBS applications in the sinks grant permissions to other
apps for exchange or access to their information, which could pose a threat for BDI. Weak bond-
ing policies between the sink and its apps could pose a signicant threat, causing external device
mis-bonding attack (DMB) [157]. Additionally, JTAG-Read (R) and boundary scan–based attacks
have been shown to access the memory of sinks, and allow adversaries to read the contents in its
memory [171]. Side-channel attacks such as dierential power attack that monitor the power
consumption prole of the sink to steal secret keys have also been successfully conducted [114,
Providing trust-based management for the transfer and storage of user-sensitive data is a
viable addition to secure communication channels [133,144], as it limits data sharing to between
WBAN sensors which have a valid trust in each other. With trust revocation, the system main-
tains a time-variant dynamic trust model, generating ags when one of the sensors has failed to
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:23
establish trust with any other sensor in the same network. When one sensor is compromised, the
trust model altered as a consequence would ag an alert and island that sensor to avoid further
compromise [124]. Compartmentalization of wearable data has proven to be a good counter-
measure against thefts and frauds [190]. Designing wearable applications to store vital information
in segregated, encrypted, application-specic chunks restricts data replication. Data protection
makes sure critical applications run un-preempted, data is securely backed up and recoverable, and
allows administrators to map data and information ow between WBANs, sinks, and cloud with-
out jeopardizing integrity and privacy [69,210]. In defense to hijacking, BDI, and JTAG-R, data
communication and storage protocol using two pseudo-random numbers generated through
symmetric and secret keys was proposed [170]; its implementation focused more on WBS where
single-node WBAN and sink nodes are integrated into the same device. To counter DMB attacks,
an OS-level protection method called Dabinder was proposed to enforce secure bonding policies
whenever an app tried to establish Bluetooth connection or pair with the sink [157].
5.2.4 PR Threats, Aacks, and Defenses. Most WBS today have feature extractor and matcher
modules located in the same device: a separate sink, or wearable itself. Considering WBS operate
in noisy environments where other devices also communicate, signals are prone to noise and in-
terference, which demand more processing from feature extractors and matchers [106]. This is in
contrast with TBS that operate in controlled environments. More computation resources increase
attack surface, paving the way for cryptanalytic attacks that target pseudo-random number gen-
erators used by encryption methods in WBS [207]. Acoustic key search, electromagnetic attacks,
ciphertext, birthday, preimage, and key generation also come under this category.
Defending these attacks ranges from resetting sinks and erasing any trace of stored data, to more
advanced methods that look at match-level fusion of signals to increase complexity of an attack
to demotivate the adversary. Alternatively, extractor and matcher modules could be designed to
function in frequency-domain. Since signals measured by wearables are time-variant, they could
be directly correlated with owner’s activities. Transforming signals into frequency-domain and
using spectral analyses to operate on the features could make inference less explicit. The viability
of a one-step two-factor authentication scheme was discussed for wearable biosensors in the
contexts of keystroke, EEG, hand geometry, and hand gesture [58]. Case-based reasoning could
be used between extractor-matcher modules and other associated modules of the sinks.
Key Takeaway Points: The following are the key takeaway points from this section:
(1) The literature on threats, attacks, and defenses for TBS and WBS can be modality (M)or
Technology (T) attacks, where Tattacks can be System (Sys), Pattern Recognition (PR), or
Hybrid (H) attacks for TBS, and Sys could be Sys-WBAN and Sys-Sink for WBS.
(2) All the attacks discussed impact condentiality, integrity, and/or availability of the modal-
ity and/or template, and hence the privacy of users.
(3) Physical attacks are harder to conduct on WBS than on TBS since the former employ
passive authentication and are more complexly networked together.
(4) Systemic security measures such as adversarial machine learning and game theory could
be used to defensively learn adversary strategies and psychology before proactively re-
solving the attacks.
(5) Most of the attacks that target TBS and WBS tend to indirectly aect their performance,
especially factors like energy, network, and spectral eciencies, and throughput/goodput,
which establishes a strong coupling between security concerns and performance.
(6) Modality characteristics determine the impact of Mattacks while performance metrics
determine that of Tattacks. Security of TBS, on the other hand, depends on modality,
sample measured, template, and feature matching/decision-making.
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:24 A. Sundararajan et al.
Despite numerous WBS products already in the market and many more emerging, the design
considerations for WBS is still an evolving subject of research. Many principles impacting WBS
design have been identied [55,80,138,175]:
Human interaction with WBS could be in four ways: audio, visual, tactile, and haptic [151].
These interaction modes, which form a fundamental aspect of WBS design solutions, are
inuenced by dierent parameters like cognitive ease, cognitive overload, intuitiveness,
comprehension, and perception.
With the WBS required to be always online and support passive authentication and/or iden-
tication, the sensors generate ample amounts of data over a given period of time. The WBS
design must account for not just data acquisition, but appropriate data management—from
sanitation, processing, and storage to destruction. Some of the evaluation metric factors dis-
cussed earlier like accuracy, energy, and network eciencies, will play key roles in shaping
WBS design with respect to its data handling requirements [175].
Aesthetics have always been at the core of WBS, with designs catering to elegant, fashion-
conscious models that are powerful as well as easily wearable [55]. It is a signicant
consideration, since a good design for WBS is a proper balance between the technology’s
intelligence and its appearance and user-friendliness.
The dierent WBS modality characteristics surveyed in Section 3impact WBS design. This
is so, because every modality has its own properties (such as uniqueness, universality, per-
manence, acceptability, and robustness against circumvention), requirements for measure-
ment (such as collectibility, susceptibility to interference from external signals and ambient
noise, and invasiveness), and constraints for processing and maintenance (such as secu-
rity, reliability, mobility, and variability). The heterogeneity between dierent modalities
requires WBS design to be tweaked accordingly. For example, a WBS designed to work on
EEG might not be a good design for EMG or PPG.
As detailed in Section 4.2, dierent factors that impact WBS performance also contribute to
their design considerations. Physiology, number and placement of sensors, environmental
elements, and sensory heterogeneity aect the criteria for WBS designs.
Performance of WBS can be impacted by attacks, which aect security design aspects:
(1) Attacks that delay or corrupt the data packets within WBAN or WBAN-Sink communi-
cation could aect throughput and goodput, an unchecked manipulation of which could
result in faulted WBS that could even be life-threatening.
(2) The Mclass attacks have a strong coupling with the modality characteristics like reli-
ability, security, and circumvention. They impact condentiality and integrity of sensi-
tive data. Considering revoking biometrics is impossible (unless revocable technology
is fused with the system), a successful compromise can impact the system performance
and operations adversely.
(3) DoS and other attacks that target the availability of data could drain the battery of WBS
or trigger excessive usage of critical resources like network bandwidth, causing WBS to
undergo preemptive shutdown that, in certain use-cases, could not only be disruptive
to system operation but also be fatal to the owner.
(4) It is known that WBS are sensitive to external noises, considering their energy and
spectral eciencies depend on them. However, jamming attacks distort the legitimate
signals by adding noise to impact WBS performance.
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:25
Many recent works have proposed novel WBS materials: stretchable silicon-based elas-
tomers like polydimethylsiloxane or Ecoex for substrates and metal-based conductors for
electrodes [29]. They exhibit properties like biocompatibility, stretchability, conductivity,
malleability, ability to withstand strain and stress, and have a low failure rate.
WBS have proven their mettle in healthcare and tness, but their security concerns in these do-
mains as well as when considered solely for authentication and identication purposes have sig-
nicant room for improvement [24,63,97,136,212]. Specically, the key open research areas in
WBS are as follows:
Evolving security scape: The increased adoption of IoE principles into WBS will continue
to push boundaries in terms of signal processing, connectivity, data processing and man-
agement, measurement accuracy, convenience, and aesthetics, but the constantly evolving
nature of attacks will pose a signicant and persistent threat to their tech-scape. Recently,
the use of blockchain technology to store and analyze WBS data was explored to oer a
personalized healthcare for customers [126]. The approach used distributed ledger technol-
ogy and machine learning to store and access data of users in a secure manner. More work
is foreseen in areas that combine data analytics, cyber-physical security, and biometrics.
Changes to business models: With cloud and edge-based decentralized data analytics be-
coming the norm for WBS, business models and intellectual property must be redened to
adapt and support the relevant advancements in this newly redened environment. WBS
are viewed as one of the rst technologies that the pave way for a customer-driven market
where choices of end-consumers drive the industries.
WBS Big Data: With increasing adoption of WBS by consumers, the number of sensors
collectively generating data will increase [225]. Considering a single user can have a WBAN
of multiple sensors that are always online and ubiquitously churn new data periodically,
signicant advances to manage, process, and analyze the wealth of raw information in a
decentralized manner must be developed. The data thus generated will nd multiple uses
ranging from consumer analytics to business intelligence and personalization of services.
Newer methods to leverage the power of emerging modalities such as voice, signature, iris,
and human interactions have recently been explored. Hand-worn devices such as smart-
watches and tness wear have been used to verify signatures and prevent fraud in the
nancial sector. A study used voice recognition to perform two-factor authentication on
WBS [47]. This technology generates speech embedded with a random code that a browser
then plays. The signals are then captured by the WBS to perform authentication. Google
recently patented an iris scanning contact lens that uses the light reected by the iris to
perform authentication [10]. These technologies increase the likelihood that the tradition-
ally used modalities will now be exploited to solve the emerging challenges of security and
also not jeopardize user privacy and invasiveness.
Revision to policies: With changes in business models, policymaking follows. With con-
sumers demanding greater transparency, end-to-end analytics, peer-to-peer information
exchange, localized privacy-aware processing, and much more, restructuring of policies
and legislation will be inevitable.
Social behavior and acceptance: WBS are still viewed as invasive technologies by a majority
of consumers in the market. Hence, besides revisions to policies, social analytics and accep-
tance testing through controlled experiments, surveys, interviews, awareness, and outreach
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:26 A. Sundararajan et al.
must be conducted by the companies manufacturing WBS, thereby creating a pipeline to
gather consumer information from WBS data for oering personalized services.
7.1 WBS Datasets and Access
To further the future research in WBS, data acquisition from dierent biometric modalities is im-
portant. However, setting up devices, recruiting the right mix of participants, and gathering mea-
surements is not an easy task. This is where online data repositories come into importance. These
repositories include, but are not limited to, the UCI’s Machine Learning Repository, Kaggle, knowl-
edge discovery in datasets, KDNuggets, Wiley online repository, and even research repositories
such as the one hosted by the Biometrics Security Lab for the PPG datasets [67,91,102].
Although medical professionals have been collecting biometric data over years through clinical
trials, experiments, patient examinations, and observations, the WBS have increased the rate of
data acquisition and the types of data being collected. This opens emerging challenges such as data
mining, minimizing signal-to-noise ratio, determining the length and persistence of data collection
and storage, respectively, for eective analysis and diagnosis of associated health risks in the case
of tness applications and being adaptive to potential consumer preference changes in the case of
applications of leisure [177]. The lack of proper standardization to ensure data consistency, trust,
and integrity in interpretation and analysis is a challenge to gain insights from WBS datasets.
One of the key research gaps identied in [159] is obtaining intelligence for diagnosis from raw
WBS data without the involvement of human agents to manually parse and contextualize. Legal,
ethical, administrative, and technical concerns have been identied as barriers to widespread use
of third party data collected by the above sources. The report also identies the NIST Biometric
& Forensic Research Database Catalog that serves as a central repository for publicly available
biometric and forensic datasets [17]. Collaborative eorts by the U.S. Military Academy and the
Defense Advanced Research Projects Agency (DARPA) have also enabled the process of biometric
data measurement and collection, followed by dissemination. Wearable data acquisition and/or
access is still an emerging research problem with signicant administrative, ethical, legal, and
technical implications that must be sorted out.
One of the important underpinning inferences visible from the emerging research in the area of
WBS is that their operational dynamics are dierent from those of TBS, which have been available
in the market for a long time. Although the research community is aware of the key dierences
between the two systems, the factors that contribute to these dierences are not well researched,
summarized, or discussed. To bridge this gap among the recent works of literature, this article con-
ducts a comprehensive survey on three distinct but interdependent aspects of biometric systems:
the characteristics of modalities they use, the metrics used to evaluate their system performance,
and their security and privacy. Initially, to help appreciate the dierences between TBS and WBS,
the article reviews and contrasts the above three aspects for both types of biometric systems with
equal emphasis. However, given the future research is geared more toward the security and privacy
concerns of WBS, the article highlights how the design solutions to enhance security and privacy
are impacted by WBS modality characteristics and performance factors. Thereby, the survey is
aimed at not only summarizing, but also using the surveyed results to contribute to the literature
a clear understanding of the dierences between TBS and WBS, advancements in WBS technol-
ogy and research, and the factors that impact their security and privacy design. It is inferred that
most modalities considered invasive in TBS could be powerful in the wearable environment. WBS
require additional metrics to measure their performance owing to their ubiquitous nature, and the
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:27
landscape of security is often dierent from that of TBS. In the end, open research challenges and
future directions for research in biometric systems was briey discussed.
[1] 2001. Nymi White Paper. Retrieved March, 2017 from
NymiWhitePaper-1.pdf .
[2] 2007. M1.4 Ad Hoc Group on Biometric in E-Authentication. Study Report on Biometrics in E-Authentication. Inter-
national Committee for Information Technology Standards (ICITS).
[3] 2012. IEEE Standard for Local and Metropolitan Area Networks–Part 15.6: Wireless Body Area Networks. IEEE Standards
Association Std, 802.15.6. IEEE Computer Society.
[4] 2013. MOTOACTV User Manual. Motorola Global Portal Archives. Motorola. Retrieved on June, 2017.
[5] 2013. Performtek Precision Biometrics. Valencell White Paper. Valencell. Retrieved on June, 2017.
[6] 2014. Health Wearables: Early Days. PwC Report. PwC. Retrieved on July, 2017.
[7] 2014. Muse Technical Specication Sheet. InteraXon Technical Report. InteraXon. Retrieved from http://www.
[8] 2014. Understanding Biometric Performance Evaluation. Precise Biometrics White Paper. Precise Biometrics.
[9] 2015. IEEE Standard for Low-Rate Wireless Networks: IEEE Standards Association Revision of IEEE Std. 802.15.4-2011.
IEEE Computer Society.
[10] 2015. Iris-Scanning Contact Lens Patented By Google. Technical Report. Retrieved August, 2017 from https://www.
[11] 2015. Threat Outlook: Integrity Attacks, Ransomware-as-a-service & Connected Cars. Threat Intelligence Times Tech-
nical Web Article. Threat Intelligence Times.
[12] 2015. Unisys Survey Finds Wearable Technology to Revolutionize Biometrics; Privacy Issues Yet to Be Addressed.
[13] 2015. Wearables: Driving User Outcomes in the Digital Age-the Next Leap. PwC Report. PwC.
[14] 2016. Accuracy in Biometric Wearables. A Valencell Report. Valencell, Inc.
[15] 2016. IEEE Standard for Low-Rate Wireless Networks Standard 802.15.4n: Amendment 1: Physical Layer Utilizing China
Medical Bands. IEEE Standards Association.
[16] 2016. IEEE Standard for Low-Rate Wireless Networks Standard 802.15.4q: Amendment 2: Ultra-Low Power Physical Layer
(2nd ed.). IEEE Standards Association.
[17] 2018. NIST Biometric and Forensic Research Database Catalog. Retrieved April, 2018 from
[18] Fargana Abdullayeva, Yadigar Imamverdiyev, Vugar Musayev, and James Wayman. 2009. Analysis of Security Vul-
nerabilities in Biometric Systems. Danish Biometrics Technical Report. Danish Biometrics. Archived.
[19] Aditya Abhyankar, Shailesh Kulkarni, Rajendra Talware, and Stepahnie Schuckers. 2010. One time biometric trans-
form to secure biometric templates. In 2nd International Conference on Computer and Automation Engineering.
[20] Andy Adler, Richard Youmaran, and Sergey Loyka. 2009. Towards a measure of biometric feature information. Pat-
tern Analysis and Applications 12, 3 (2009). DOI: 3
[21] Andy Adlerr. 2008. Biometric system security. In Handbook of Biometrics. Springer, Chapter 19, 381–402.
[22] Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis, and Fabio Roli. 2012. Evaluation of multimodal biometric score
fusion rules under spoof attacks. In IAPR International Conference on Biometrics.IAPR.DOI:
[23] Nazneen Akhter, Sumegh Tharewal, Vijay Kale, Ashish Bhalerao, and K. V. Kale. 2016. Heart-Based Biometrics
and Possible Use of Heart Rate Variability in Biometric Recognition Systems. Springer. DOI:
978-81- 322-2650- 5_2
[24] Samaher Al-Janabi, Ibrahim Al-Shourbaji, Mohammad Shojafar, and Shahaboddin Shamshirband. 2017. Survey of
main challenges (security and privacy) in wireless body area networks for healthcare applications. Egyptian Infor-
matics Journal (2017), 10. DOI:
[25] Mohammed R. Al-Mulla and Francisco Speulveda. 2014. Novel pseudo-wavelet function for MMG signal extraction
during dynamic fatiguing contractions. MDPI Sensors 14 (2014), 15. DOI:
[26] Ab dulmonam OmarAlaswad, Ahlal H. Montaser, and Fawzia Elhashmi Mohamad. 2014. An overview of face liveness
detection. International Journal of Information & Computation Technology 4, 10 (2014), 9.
[27] Aftab Ali and Farrukh Aslam Khan. 2013. Energy-ecient cluster-based security mechanism for intra-WBAN and
inter-WBAN communications for healthcare applications. EURASIP Journal on Wireless Communications and Net-
working 216 (2013), 1–19.
[28] Md Liakat Ali, John V. Monaco, Charles C. Tappert, and Meikang Qiu. 2016. Keystroke biometric systems for user au-
thentication. Journal of Signal Processing Systems 86 (Mar. 2016), 15. DOI: 9
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:28 A. Sundararajan et al.
[29] Byeong Wan An, Jung Hwal Shin, So-Yun Kim, Joohee Kim, Sangyoon Ji, Jihun Park, Youngjin Lee, Jiuk Jang, Young-
Geun Park, Subin Jo Eunjin Cho, and Jang-Ung Park. 2017. Smart sensor systems for wearable electronic devices.
MDPI Polymers (2017), 41. DOI:
[30] Michael L. Andersen, Thomas J. Stephens, and Todd Lovell. 2017. Wearable Retina/Iris Scan Authentication System,
U.S. Patent US20170011263A1, August 29, 2017.
[31] Siddhesh Angle, Reema Bhagtani, and Hemali Chheda. 2005. Biometrics: A further echelon of security. Retrieved
August, 2017 online from
[32] Arxan. 2014. Precision Wearable Biometrics Provider, Valencell, Selects Arxan to Protect Intellectual Property.Case
Study. Valencell.
[33] Kat Austen. 2015. The trouble with wearables. In Nature. MacMillan.
[34] Muhammad Awais, Luca Palmerini, Alan K. Bourke, Espen A. F. Ihlen, Jorunn L. Helbostad, and Lorenzo Chiari.
2016. Performance evaluation of state of the art systems for physical activity classication of older subjects using
inertial sensors in a real life scenario: A benchmark study. MDPI Sensors 16 (2016), 2105. DOI:
[35] Aleksandra Babich. 2012. Biometric Authentication. Types of Biometric Identiers. Master’s thesis. Business and In-
formation Technology.
[36] Lucas Ballard, Seny Kamara, Michale K. Reiter, and Fabian Monrose. 2008. Towards practical biometric key genera-
tion with randomized biometric templates. (CCS’08).DOI:
[37] Tony Beltramelli. 2015. Deep-Spying: Spying using Smartwatch and Deep Learning. Master’s thesis. IT University of
Copenhagen, Copenhagen, Denmark.
[38] Lena Berglin. 2011. Smart Textiles and Wearable Technology – A Study of Smart Textiles in Fashion and Clothing.The
Swedish School of Textiles Technical Report. The Swedish School of Textiles.
[39] M. V. Bhalerao, S. S. Sonavane, and V. Kumar. 2013. A survey of wireless communication using visible light. Inter-
national Journal of Advances in Engineering & Technology 5, 2 (2013), 9.
[40] Anna M. Bianchi, Omar P. Villantieri, Martin O. Mendez, and Sergio Cerutti. 2006. Signal processing and feature
extraction for sleep evaluation in wearable devices. In Proceedings of the 28th IEEE EMBS Annual International Con-
[41] Battista Biggio, Giorgio Fumera, Paolo Russu, Luca Didaci, and Fabio Roli. 2015. Adversarial biometric recognition:
A review on biometric system security from the adversarial machine-learning perspective. IEEE Signal Processing
Magazine 32 (2015), 10. DOI:
[42] Jorge Blasco, Thomas M. Chen, Juan Tapiador, and Pedro Peris-Lopez. 2016. A survey of wearable biometric recog-
nition systems. ACM Computing Surveys 49, 3 (2016), Article 43, 35 pages. DOI:
[43] Paolo Bonato. 2005. Advances in wearable technology and applications in physical medicine and rehabilitation.
Journal of Neuro-Engineering and Rehabilitation 2, 3 (2005). DOI: 2-2
[44] Nazmeen Boodoo-Jahangeer and Suniduth Baichoo. 2014. Choice of biometrics. In IST-Africa 2014 Conference Pro-
ceedings. IIMC International Information Management Corporation. DOI:
[45] Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. 2005. Secure remote authenti-
cation using biometric data. In Annual International Conference on the Theory and Applications of Cryptographic
Tec hni qu es. 147–163. DOI:
[46] Francis Minhthang Bui and Dimitrios Hatzinakos. 2008. Biometric methods for secure communications in body sen-
sor networks: Resource-ecient key management and signal-level data scrambling. EURASIP Journal on Advances
in Signal Processing 2008 (2008), 1–16. DOI:
[47] Chris Burt. 2017. Researchers Authenticate Handwritten Signatures with Wearables. Biometric Update Online Article. signatures-with- wearables.
[48] Christoph Busch. 2017. The ISO/IEC Standards for Testing of Presentation Attack Detection. Technical Report. TTT
Working Group Biometrics.
[49] Leela Krishna Bysani and Ashok Kumar Turuk. 2011. A survey on selective forwarding attack in wireless sensor
networks. In International Conference on Devices and Communications.DOI:
[50] Liang Cai and Hao Chen. 2012. On the practicality of motion based keystroke inference attack. In International
Conference on Trust and Trustworthy Computing.DOI: 30921-2_16
[51] Filippo Casamassima, Elisabetha Farella, and Luca Benini. 2013. Synchronization methods for Bluetooth based
WBANs. In IEEE International Conference on Body Sensor Networks. IEEE. DOI:
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:29
[52] Saptarshi Chakraborty and Dhrubajyoti Das. 2014. An overview of face liveness detection. International Journal on
Information Theory (IJIT) 3, 2 (2014).
[53] Samik Chakrab orty and Saurabh Pal. 2016. Photoplethysmogram signal based biometric recognition using linear dis-
criminant classier. In 2nd International Conference on Control, Instrumentation, Energy & Communication (CIEC’16).
[54] Yao-Jen Chang, Wende Zhang, and Tsuhan Chen. 2004. Biometrics-based cryptographic key generation. In IEEE
International Conference on Multimedia and Expo. IEEE.
[55] Huei-Huang Chen, Chien-Hsu, ChenZheng-Yu, and HoeZong-Xian Yin. 2016. Ergonomic consideration for wearable
device design in Frozen shoulder rehabilitation. Advances in Intelligent Systems and Computing (2016), 10. DOI: 319-41694- 6_40
[56] Ke Wan Ching and Manmeet Mahinderjit Singh. 2016. Wearable technology devices security and privacy vulnera-
bility analysis. International Journal of Network Security & Its Applications 8, 3 (2016), 19–30. DOI:
[57] John Chuang. 2014. One-step two-factor authentication with wearable bio-sensors. In Symposium on Usable Privacy
and Security (SOUPS’14).
[58] John Chuang. 2014. One-step two-factor authentication with wearable bio-sensors. In CMU Report.
[59] Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shirang Mare, and David Kotz. 2012. Passive bio-
metrics for pervasive wearable devices (poster paper). In Workshop on Mobile Computing Systems and Applications
(HotMobile). ACM Press, 1.
[60] Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shirang Mare, and David Kotz. 2014. Voc al Re son anc e
as a Passive Biometric. Computer Science Technical Report Series 1. Dartmouth College.
[61] Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz. 2014. A wearable system that knows
who wears it. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications and Services.
IEEE, 55–67. DOI:
[62] Jia Cui, Jian-Ping Li, and Xiao-Jun Lu. 2008. Study on multi-biometric feature fusion and recognition model. In
International Conference on Apperceiving Computing and Intelligence Analysis.DOI:
[63] Ashraf Darwish and Aboul Ella Hassanien. 2011. Wearable and implantable wireless sensor network solutions for
healthcare monitoring. MDPI Sensors 11 (2011), 34. DOI:
[64] Saad M. Darwish. 2016. Design of adaptive biometric gait recognition algorithm with free walking directions. IET
Biometrics Journal 6, 2 (2016), 53–60. DOI:
[65] Brian DeCann and Arun Ross. 2013. Relating ROC and CMC curves via the biometric menagerie. In IEEE Sixth
International Conference on Biometrics: Theory, Applications and Systems. IEEE. DOI:
[66] Anthony Delehante. 2011. Security issues in biometric identication. In University of Minnesota Computer Science
Spring Seminar. Springer.
[67] Dua Dheeru and E Karra Taniskidou. 2017. UCI Machine Learning Repository.
[68] Michael Dorn, Peter Wackersreuther, and Christian Bohm. 2012. Ecient comparison of encrypted biometric tem-
plates. Springer-Verlag.
[69] Yitao Duan and John Canny. 2005. Protecting user data in ubiquitous computing: Towards trustworthy environ-
ments. Privacy Enhancing Technologies 3424 (2005), 18. DOI:
[70] Mohammad El-Abed and Christophe Charrier. 2012. Evaluation of biometric systems. In New Trends and Develop-
ments in Biometrics. 149–169. DOI:
[71] Mohamad El-Abed, Romain Giot, Baptiste Hemery, Jean-Jacques Schwartzmann, and Christophe Rosenberger. 2012.
Towards the security evaluation of biometric authentication systems. International Journal of Engineering and Tech-
nology 4 (2012).
[72] Jocelyne Elias and Ahmed Mehaoua. 2012. Energy-aware topology design for wireless body area networks. In IEEE
International Conference on Communications.DOI:
[73] N. Erdogmus and S. Marcel. 2014. Spoong face recognition with 3D masks. IEEE Transactions on Information Foren-
sics and Security 9, 7 (2014), 1084–1097. DOI:
[74] Chris Eschbach. [n.d.]. Validation and Reliability of PerformTek Earbud Heart Rate Sensor Utilizing 12 Lead ECG.
Valencell White Paper. Valencell.
[75] L. C. Eschbach, S. Long, B. Stillwaggon, and J. A. Bunn. [n.d.]. Applicability of a Forearm-Based Biometric Sensor for
Measuring Heartrate During Exercise. Valencell White Paper. Valencell.
[76] Mohammad Esmalifalak, Zhu Han Ge Shi, and Lingyang Song. 2013. Bad data injection attack and defense in elec-
tricity market using game theory study. IEEE Transactions on Smart Grid 4, 1 (2013).
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:30 A. Sundararajan et al.
[77] Javier Espina. 2014. Network Topologies, Communication Protocols, and Standards (2nd. ed.). Springer-Verlag, London.
DOI: 4471-6374- 9
[78] Belen Fernandez-Saavedra, Raul Sanchez-Reillo, Judith Liu-Jimenez, and Oscar Miguel-Hurtado. 2013. Evaluation of
biometric system performance in the context of common criteria. Journal of Information Sciences: An International
Journal (2013), 14. DOI:
[79] Luis Filipe, Florentino Fdez-Riverola, Nuno Costa, and Antonio Pereira. 2015. Wireless body area networks for
healthcare applications: Protocol stack review. International Journal of Distributed Sensor Networks 11, 10 (2015),
1–23. DOI:
[80] Shaun Fynn. 2014. 10 Considerations for Making Wearable Devices More Wearable. Retrieved November 2017 from
[81] Davrondzhon Gafurov, Einar Snekkenes, and Patrick Bours. 2007. Gait authentication and identication using
wearable accelerometer sensor. In IEEE Workshop on Automatic Identication Advanced Technologies. IEEE. DOI:
[82] Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia. 2007. Vulnerabilities in biometric systems: Attacks and
recent advances in liveness detection. In Spanish Workshop on Biometrics. Springer.
[83] Javier Galbally, Marta Gomez-Barrero, Arun Ross, Julian Fierrez, and Javier Ortega-Garcia. 2014. Securing iris recog-
nition systems against masquerade attacks. In Biometric and Surveillance Technology for Human and Activity Identi-
cation Proceedings of SPIE, Vol. 8172. SPIE. DOI:
[84] Javier Galbally, Chris McCool, Julian Fierrez, Sebastian Marcel, and Javier Ortega-Garcia. 2010. On the vulnerability
of face verication systems to hill-climbing attacks. Pattern Recognition 43, 3 (2010), 11. DOI:
[85] Romain Giot, Mohamad El-Abed, and Christophe Rosenberger. 2013. Fast computation of the performance evalua-
tion of biometric systems: Application to multibiometrics. Future Generation Computer Systems 29, 3 (2013), 788–799.
[86] Ines Goicoechea-Telleria, Belen Fernandez-Saavedra, Judith Liu-Jimenez, and Raul Sanchez-Reillo. 2016. An evalu-
ation of presentation attack detection of ngerprint biometric systems applying ISO/IEC 30107-3. In International
Biometric Performance Conference.
[87] Alex Goldschmidt. 2016. Intercept-Replay Attack Vulnerabilities and Mitigation Strategies. ECE Senior Capstone
Project 2016 Tech Notes. Tufts University.
[88] Marta Gomez-Barrero, Javier Galbally, Pedro Tome, and Julian Fierrez. 2012. On the vulnerability of iris-based sys-
tems to a software attack based on a genetic algorithm. In CIARP. Springer-Verlag, 114–121.
[89] Dmitry O. Gorodnichy. 2009. Evolution and evaluation of biometric systems. In IEEE Symposium on Computational
Intelligence for Security and Defense Applications.DOI:
[90] Madasu Hanmandlu, Jyotsana Grover, Ankit Gureja, and H. M. Gupta. 2011. Score-level fusion of multimodal bio-
metrics using triangular norms. Pattern Recognition Letters 32, 14 (2011), 1843–1850.
[91] Dimitrios Hatzinakos and Umang Yadav. 2017. BioSec.Lab PPG Dataset - Benchmark Dataset for PPG Biometrics.
[92] Simon Haykin. 2005. Cognitive radio: Brain-empowered wireless communications. IEEE Journal on Selected Areas in
Communications 23, 2 (2005). DOI:
[93] Mingxing He, Shi-Jinn Horngg, Pingzhi Fan, Ray-Shine Run, Rong-Jian Chen, Jui-Lin Lai, Muhammad Khurram
Khan, and Kevin Octavius Sentosa. 2010. Performance evaluation of score level fusion in multimodal biometric
systems. Pattern Recognition 43, 3 (2010), 1789–1800.
[94] Wendi Rabiner Heinzelman, Anantha Chandrakasan, and Hari Balakrishnan. 2000. Energy-ecient communication
protocol for wireless microsensor networks. In Proceedings of the Hawaii International Conference on System Sciences.
[95] Charlotte Hill. 2015. Wearables – The Future of Biometric Technology? Biometric Technology Today 2015, 8 (2015),
[96] Ekram Hossain, Mehdi Rasti, Hina Tabassum, and Amr Abdelnasser. 2014. Evolution toward 5G-multi-tier cellular
wireless networks: An interference management perspective. IEEE Wireless Communications 21, 3 (2014), 118–127.
[97] Katrin Hänsel, Natalie Wilde, Hamed Haddadi, and Akram Alomainy. 2015. Challenges with current wearable tech-
nology in monitoring health data and providing positive behavioural support. In Proceedings of the 5th EAI Inter-
national Conference on Wireless Mobile Communication and Healthcare.DOI:
[98] Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das, Mohammad Wazid, and Vanga Odelu. 2016. Secure anony-
mous mutual authentication for star two-tier wireless body area networks. Computer Methods and Programs in
Biomedicine 135 (2016), 37–50. DOI:
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:31
[99] Assessing Identity Theft in the Internet of Things. 2014. IT CoNvergence PRActice (INPRA). In Nature, Vol. 2. 15–21.
[100] ISO-IEC. 2016. Information Technology – Biometric Presentation Attack Detection Part 1: Framework. ISO Standard for
Biometric Presentation Attack Detection. ISO/IEC 30107-1:2016.
[101] ISO-IEC. 2017. Information Technology – Biometric Presentation Attack Detection Part 3: Testing and Reporting.ISO
Standard for Biometric PAD. ISO/IEC 30107-3:2017.
[102] Elena S. Izmailova, John A. Wagner, and Eric D. Perakslis. 2018. Wearable devices in clinical trials: Hype and hy-
pothesis. Journal of American Society of Clinical Pharmacology and Therapeutics 104, 1 (2018). DOI:
[103] Anil K. Jain, Karthik Nandakumar, and Abhishek Nagar. 2008. Biometric template security: Review article. EURASIP
Journal on Advances in Signal Processing 2008 (2008), 1–17. DOI:
[104] Anil K. Jain, Arun Ross, and Umut Uludag. 2005. Biometric template security: Challenges and solutions. In 13th
European Signal Processing Conference.
[105] Prabhakar Pankanti Jain. 2003. Biometric recognition: Security and privacy concerns. IEEE Security & Privacy 99, 2
(2003), 33–42.
[106] Adehayo Kolawole John, Adekoya Adewale M., and Ekwonna Chinnasa. 2016. Temperament and mood detection
using case-based reasoning. International Journal of Intelligent Systems and Applications 3 (2016), 11. DOI:https://
[107] Ari Juels and Madhu Sudan. 2006. A fuzzy vault scheme. Designs, Codes and Cryptography 38, 2 (2006), 237–257.
DOI: 6343-z
[108] Ari Juels and Martin Wattenberg. 1998. A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on
Computer and Communications Society. 28–36. DOI:
[109] Chris Karlof and David Wagner. 2003. Secure routing in wireless sensor networks: Attacks and countermeasures. In
IEEE International Workshop on Sensor Network Protocols and Applications.DOI:
[110] Manvjeet Kaur, Dr. Sanjeev Sofat, and Deepak Saraswat. 2010. Template and database security in biometric systems:
A challenging task. International Journal of Computer Applications 4, 5 (2010).
[111] Emad Taha Khalaf and Norrozila Sulaiman. 2015. A new secure storing system for biometric templates based encryp-
tion and concealment. Journal of Applied Sciences 15, 5 (2015), 773–782. DOI:
[112] Arjun Kharpal. 2015. Biggest Hacking Threat to Business? Wearables. Technical Web Report. CNBC.
[113] Sarika Khatarkar and Rachana Kamble. 2013. Wireless sensor network MAC protocol: SMAC & TMAC. Indian Jour-
nal of Computer Science & Engineering 4, 4 (2013).
[114] Paul Kocher, Joshua Jae, and Benjamin Jun. 1999. Dierential power analysis. In Advances in Cryptology. 388–397.
DOI: 48405-1_25
[115] Markos Kos and Iztok Kramberger. 2017. A wearable device and system for movement and biometric data acquisition
for sports applications. IEEE Access 5 (2017), 6411–6420. DOI:
[116] Nissan Kunju, Neelesh Kumar, Dinesh Pankaj, Aseem Dhawan, and Amod Kumar. 2009. EMG signal analysis for
identifying walking patterns of normal healthy individuals. Indian Journal of Biomechanics: Special Issue (2009).
[117] Maryam Lakh, Patrick Lacharme, Chsirtophe Rosenberger, Mounia Mikram, and Sanaa Ghouzali. 2015. Vulnerabil-
ities of fuzzy vault schemes using biometric data with traces. In International Wireless Communications and Mobile
Computing Conference.DOI:
[118] Benoit Latre, Bart Braem, Ingrid Moerman, Chris Blondia, and Piet Demeester. 2010. A survey on wireless body area
networks. Journal of Wireless Networks 17, 1 (Nov. 2010), 18. DOI:
[119] S. Leboeuf. 2016. Medical Active Signal Characterization Boosts Accuracy of Wearables. Sensors Online Article. Va-
lencell, Inc. Retrieved on August, 2017.
[120] Steven Francis Leboeuf, Michael E. Aumera, William E. Kraus, Johanna L. Johnson, and Brian Duscha. 2014. Earbud-
based sensor for the assessment of energy expenditure, HR, and VO2max. Medicine & Science in Sports & Exercise
46, 5 (2014). DOI:
[121] Steven Francis LeBoeuf, Jesse Berkley Tucker, Michael Edward Aumer, Eric Douglas Romesburg, and Joseph Norman
Morris. 2014. Apparatus and methods for monitoring physiological data during environmental interference. United
States Patent Application Publication Number US 8,888,701 B2.
[122] Dan Ledger and Daniel McCarey. [n.d.]. Inside Wearables: How the Science of Human Behavior Change Oers the
Secret to Long-Term Engagement. Endeavor Partners LLC Technical White Paper Report. Endeavor Partners LLC.
[123] Anthony Lee and Younghyun Kim. 2015. Photoplethysmography as a form of biometric authentication. IEEE Sensors
(2015). DOI:
[124] Hyun-Ju Lee, Woo-Young Kim, and Ji-Yeon Yoo. 2015. Wearable devices’ security risk analysis and its countermea-
sures: Korean cases. International Journal of Innovative Science, Engineering & Technology 2, 7 (2015).
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:32 A. Sundararajan et al.
[125] Justin Lee. 2015. STMicroelectronics, Valencell Launch Biometric Sensor Platform for Wearables, IoT. Retrieved
March, 2017 from biometric-
sensor-platform- for-wearables- iot.
[126] Justin Lee. 2017. University of Surrey Testing Blockchain for Wearable Biometric Data Storage and Anal-
ysis. Biometric Update Online Article. testing-
blockchain-for- wearable-biometric- data%e2%80%8e-storage-and- analysis.
[127] Young Sil Lee, Esko Alasaarela, and Hoon Jae Lee. 2014. An ecient encryption scheme using elliptic curve cryptog-
raphy (ECC) with symmetric algorithm for healthcare system. International Journal of Security and Its Applications
8, 3 (2014), 63–70. DOI:
[128] Young Sil Lee, Hoon Jae Lee, and Esko Alasaarela. 2013. Mutual authentication in wireless body sensor networks
(WBSN) based on physical unclonable function (PUF). In 9th International Wireless Communications and Mobile
Computing Conference.DOI:
[129] D. C. Leonard, A. Pons, and S. Asfour. 2009. Realization of a universal patient identier through biometric technol-
ogy. IEEE Transactions of Biomedicine 13, 4 (2009).
[130] V. Leonov, P. Fiorini, S. Sedky, T. Torfs, and C. Van Hoof. 2005. Thermoelectric MEMS generators as a power sup-
plyforabodyareanetwork.In13th International Conference on Solid-State Sensors, Actuators and Microsystems.
[131] Miaoxin Li and Mingjie Zhuang. 2012. An overview of physical layers on wireless body area network. In International
Conference on Anti-Counterfeiting, Security and Identication.DOI:
[132] Meng-Hui Lim and Pong C. Yuen. 2016. Entropy measurement for biometric verication systems. IEEE Transactions
on Cybernetics 46, 5 (2016). DOI:
[133] Huang Lin, Xiaoyan Zhu, Y. Fang, Chi Zhang, and Zhenfu Cao. 2011. Ecient trust based information sharing
schemes over distributed collaborative networks. In Military Communications Conference. 1399–1403. DOI:https://
[134] M. Lont. 2014. Wake-up Receiver based Ultra-Low-Power WBAN. Analog Circuits and Signal Processing. Springer.
DOI: 319-06450- 5_2
[135] Panida Lorwongtragool, Enrico Sowade, Natthapol Watthanawisuth, Reinhard R. Baumann, and Teerakiat Kerd-
charoen. 2014. A novel wearable electronic nose for healthcare based on exible printed chemical sensor array.
MDPI Sensors 14 (2014), 12. DOI:
[136] A. Lymberis. 2003. Smart wearable systems for personalised health management: Current R&D and future chal-
lenges. In Proceedings of the 25th Annual International Conference of the IEEE EMBS.
[137] Molly Mackinlay. 2013. Phases of accuracy diagnosis: (In) visibility of system status in the tbit. Intersect Stanford
University Journals 6, 2 (2013), 9.
[138] Magpi. 2016. BigDataandHealth. Technical Magazine. Magpi. Retrieved July, 2018 from
cta/big-data- and-health/.
[139] Emanuele Maiorana, Gabriel Emile Hine, and Patrizio Campisi. 2015. Hill-climbing attacks on multibiometrics
recognition systems. IEEE Transactions on Information Forensics and Security 10, 5 (2015), 900–915. DOI:https:
[140] Anindya Maiti, Murtuza Jadliwala, Jibo He, and Igor Bilogrevic. 2015. (Smart)watch your taps: Side-channel key-
stroke inference attacks using smartwatches. In ISWC. 27–30. DOI:
[141] Ayodeji S. Makinde, Yaw Nkansah-Gyekye, and Loserian S. Laizer. 2014. Enhancing the accuracy of biometric feature
extraction fusion using Gabor lter and Mahalanobis distance algorithm. International Journal of Computer Science
and Information Security 12, 7 (2014).
[142] Mohammed Mana, Mohamme d Feham, and Boucif Amar Bensaber. 2011. Trustkey management scheme for wireless
body area networks. International Journal of Network Security 12, 2 (2011), 8.
[143] S. S. Manivannan and E. Sathiyamoorthy. 2016. A prevention model for session hijack attacks in wireless networks
using strong and encrypted session ID. Cybernetics and Information Technologies 14, 3 (2016), 46–60. DOI:https:
// 0032
[144] R. Manjusha and R. Ramachandran. 2015. Sharing data in cloud based on trust attribute based encryption (TABE).
ARPN Journal of Engineering and Applied Sciences 10, 9 (2015), 3. DOI:
[145] Stevan Marinkovic, Emanuel Popovici, and Emil Jovanov. 2012. Improving power eciency in WBAN communica-
tion using wake up methods. In International Conference on Wireless Mobile Communication and Healthcare. Springer,
303–317. DOI: 642-37893- 5_34
[146] Thomas Martin, Michael Hsiao, Dong Ha, and Jayan Krishnaswami. 2004. Denial-of-service attacks on battery-
powered mobile computers. In 2nd IEEE International Conference on Pervasive Computing and Communications.
[147] Ignacio Martin-Diaz, Daniel Morinigo-Sotelo, Oscar Duque-Perez, and Rene De J. Romero-Troncoso. 2016. Advances
in classier evaluation: Novel insights for an electric data-driven motor diagnosis. IEEE Access 4 (2016), 14. DOI:
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:33
[148] Garima Mehta, Malay Kishore Dutta, and Pyung Soo Kim. 2016. A secure encr yption method for biometric templates
based on chaotic theory. Transactions on Computational Science XXVII 9570 (2016), 120–140. DOI:
1007/978-3- 662-50412- 3_8
[149] Abhishek Mitra, Saurabh Bisht, and Vikas Ranjan. 2002. Voice based Biometric Security System. Student project report.
[150] Jerey Montes. 2015. Validation and Reliability of the Hexoskin and FitBit Wearable BIO Collection Devices. Master’s
thesis. UNLV.
[151] Vivian Genaro Motti and Kelly Caine. 2014. Human factors considerations in the design of wearable devices. In
Proceedings of the Human Factors and Ergonomics Society 58th Annual Meeting.
[152] Judith M. Myerson. 2012. What is New? Data Security Management. Auerbach Publications.CRC Press, LLC.
[153] Dellys Hachemi Nabil, Benatchba Karima, Koudil Mouloud, and Bouridane Ahmed. 2013. Threat models on bio-
metric systems: A comparative study. In 4th International Conference on Computational Aspects of Social Networks.
[154] Abhishek Nagar, Karthik Nandakumar, and Anil K. Jain. 2010. Biometric template transformation: A security anal-
ysis. In Proceedings of SPIE 7541, Media Forensics and Security II.SPIE.DOI:
[155] Ani Nahapetian. 2016. Side-channel attacks on mobile and wearable systems. In 13th IEEE Annual Consumer Com-
munications & Networking Conference.
[156] Ben Nassi, Alona Levy, Yuval Elovici, and Erez Shmueli. 2016. Handwritten signature verication using hand-worn
devices. arXiv (2016). DOI:
[157] Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, and Carl A. Gunter. 2014. Inside job:
Understanding and mitigating the threat to external device mis-bonding on Android. Internet Society (2014).
[158] J. A. Nelder and R. Mead. 1965. A simplex method for function minimization. Journal of Computation (1965).
[159] Caitlin Newark. 2016. Trends in Biometric Data Collections. Technical Report.
trends-in-biometric-data- collections/.
[160] James Newsome, Elaine Shi, Dawn Song, and Adrian Perrig. 2004. The sybil attack in sensor networks: Analysis &
defenses. In 3rd International Symposium on Information Processing in Sensor Networks.DOI:
[161] Zedong Nie, Yuhang Liu, Changjiang Duan, Zhongzhou Ruan, Jingzhen Li, and Lei Wang. 2015. Wearable biometric
authentication based on human body communication. In 12th International Conference on Wearable and Implantable
Body Sensor Networks.DOI:
[162] Ifeoma U. Ohaeri, Michael Esifarienrhe, and Naison Gasela. 2005. Multimodal biometrics as attacks measure in
biometric systems. In International Conference on Wireless Networks.
[163] Adam Page, Siddharth Pramod, Tim Oates, and Tinoosh Mohsenin. 2015. An ultra low power feature extraction and
classication system for wearable seizure detection. In 37th Annual International Conference of the IEEE Engineering
in Medicine and Biology Society.DOI:
[164] Pascal Paillier. [n.d.]. Paillier Encryption and Signature Schemes. PEM: Privacy-Enhanced Mail.
[165] Tom Parker, Gertjan Halkes, Maarten Bezemer, and Koen Langendoen. 2010. The λMAC framework: Reden-
ing MAC protocols for wireless sensor networks. Wireless Networks 16, 7 (2010), 16. DOI:
s11276-010- 0241-7
[166] Imtiaz Parvez, Mahdi Jamei, Aditya Sundararajan, and Arif I. Sarwat. 2014. RSS based loop-free compass routing
protocol for data communication in advanced metering infrastructure (AMI) of smart grid. In IEEE Symposium Series
on Computational Intelligence. IEEE. DOI:
[167] G. Peng, G. Zhou, D. T. Nguyen, X. Qi, Q. Yang, and S. Wang. 2017. Continuous authentication with touch behavioral
biometrics and voice on wearable glasses. IEEE Transactions on Human-Machine Systems 47, 3 (June 2017), 404–416.
[168] N. Poh, C. H. Chan, J. Kittler, Julian Fierrez, and Javier Galbally. 2015. Description of Metrics for the Evaluation of
Biometric Performance. Retrieved March, 2017 from
[169] Drew Prindle. 2015. Kokoon EEG Headphones Can Detect when You’re in Deep Sleep, Trigger Lucid Dreams. Re-
trieved March, 2017 from headphones/.
[170] Mahmudur Rahman, Bogdan Carbunar, and Umut Topkara. 2014. Concise paper: SensCrypt: A secure protocol for
managing low power tness trackers. In IEEE 2nd International Conference on Network Protocols.DOI:https://doi.
[171] Mahmudur Rahman, Bogdan Carbunar, and Umut Topkara. 2016. Secure management of low power tness trackers.
IEEE Transactions on Mobile Computing 15, 2 (2016). DOI:
[172] Mahmudur Rahman, Umut Topkara, and Bogdan Carbunar. 2015. Movee: Video liveness verication for mobile
devices using built-in motion sensors. IEEE Transactions on Mobile Computing (2015). DOI:
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:34 A. Sundararajan et al.
[173] Raghavendra Ramachandra and Christoph Busch. 2017. Presentation attack detection methods for face recognition
systems: A comprehensive survey. ACM Computing Surveys 50, 8 (2017). DOI:
[174] Christian Rathgeb and Andreas Uhl. 2011. A survey on biometric cryptosystems and cancelable biometrics. EURASIP
Journal on Information Security (2011). DOI:
[175] Abhimanyu Rathore. 2015. Wearable and Big Data: Potential Challenges, Potential Rewards. Retrieved
November 2017 from data-potential- challenges-
[176] Alvalapati Goutham Reddy, Ashok Kumar Das, Vanga Odelu, and Kee-Young Yoo. 2016. An Enhanced Biometric Based
Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.ECE
Senior Capstone Project 2016 Tech Notes. PLoS One.
[177] Deloitte Technical Report. 2015. Harnessing Safety Data from Wearable Devices. Technical Report. https://www2. lshc-harnessing-safety-data-from-
wearable-devices.pdf .
[178] ABI Research. 2014. Internet of Things vs. Internet of Everything: What’s the Dierence? ABI Research Technical
Report. ABI Research.
[179] Injong Rhee, Ajit Warrier, Mahesh Aia, Jeongki Min, and Mihail L. Sichitiu. 2008. Z-MAC: A hybrid MAC for wire-
less sensor networks. IEEE/ACM Transactions on Networking 3, 7 (2008), 16. DOI:
[180] Alejandro Riera, Stephen Dunne, Ivan Cester, and Giulio Runi. 2011. STARFAST: A Wireless Wearable EEG/ECG
Biometric System based on the ENOBIO Sensor. Technical Report.
[181] Chris Roberts. 2006. Biometric Attack Vectors and Defenses. Danish Biometrics Technical Report. Danish Biometrics.
[182] Eric Douglas Romesburg. 2015. Re duction of physiological metric error due to internal cadence.Patent. Unite d States
Patent Application Publication.
[183] Markus Schatten, Miroslav Baca, and Mirko Cubrilo. 2009. Towards a general denition of biometric systems. Inter-
national Journal of Computer Science Issues (IJCSI) 2 (2009), 7. DOI:
[184] Stefan Schneegass, Youssef Oualil, and Andreas Bulling. 2016. SkullConduct: Biometric user identication on eye-
wear computers using bone conduction through the skull. In CHI Conference on Human Factors in Computing Systems.
1379–1384. DOI:
[185] MirHojjat Seyedi, Behailu Kibret, Sravanreddy Salibindla, and Daniel T. H. Lai. 2015. An overview of intra-
body communication transceivers for biomedical applications. In IGI Global.IGI.DOI:
978-1- 4666-5888- 2.ch045
[186] B. Shanthini and S. Swamynathan. 2012. A novel multimodal biometric fusion te chnique for security. In International
Conference on Information and Knowledge Management. IACSIT Press.
[187] Hugo Silva, Andre Lourenco, Filipe Canento, Ana Fred, and Nuno Raposo. 2015. ECG biometrics: Principles and
applications. In Proceedings of the International Conference on the Bio-Inspired Systems and Signal Processing. 215–
220. DOI:
[188] Vinay Singh and Rahul Sharma. 2013. Performance analysis of Mac protocols for WBAN on varying transmitted
output power of nodes. International Journal of Computer Applications 67, 7 (2013). DOI:
[189] Lukas Smital, Clifton Haider, Pavel Leinveber, Pavel Jurak, Barry Gilbert, and David Holmes. 2016. Towards real-
time QRS feature extraction for wearable monitors. In 38th Annual International Conference of the IEEE Engineering
in Medicine and Biology Society.DOI:
[190] Nicko Van Someren. 2015. 3 Tips for Securing Wearable Technology in the Work Place. Review Article. Wearable Tech.
[191] Ctirad Sousedik and Christoph Busch. 2013. Presentation attack detection methods for ngerprint recognition sys-
tems: A survey. IET Biometrics (2013). DOI:
[192] Colin Soutar, Danny Roberge, Alex Stoianov, Rene Gilroy, and B. V. K. Vijaya Kumar. 1998. Biometric encryption
TM using image processing. In Proceedings of SPIE, Vol. 3314. 422–431. DOI:
[193] Denis Speicher. 2006. Vulnerability Analysis of Biometric Systems Using Attack Trees. Master’s Thesis.
[194] Edmund Spinella. 2003. Biometric Scanning Technologies: Finger, Facial and Retinal Scanning. SANS Institute InfoSec
Reading Room Report. SANS Institute.
[195] Edmund Spinella. 2004. An Exploration of Voice Biometrics. SANS Institute InfoSec Reading Room Report. SANS
[196] Alina Elena Stanciu, Lacramiora-Mihaela Nemtol, and Ilona Madalina Moise. 2012. Considerations regarding the
spectral eciency of orthogonal frequency division multiplexing. In 11th International Conference on Development
and Application Systems.
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
A Survey on Biometric Systems and Wearables 39:35
[197] Aditya Sundararajan, Alexander Pons, and Arif Sarwat. 2014. A generic framework for eeg-based biometric authen-
tication. In 12th International Conference on Information Technology—New Generations. IEEE, 139–144. DOI:https://
[198] Kamil Surmacz, Khalid Saeed, and Piotr Rapta. 2013. An improved algorithm for feature extraction from a ngerprint
fuzzy image. Optica Applicata XLIII, 3 (2013). DOI:
[199] Yagiz Sutcu, Qiming Li, and Nasir Memon. 2007. Protecting biometric templates with sketch: Theory and practice.
IEEE Transactions on Information Forensics and Security 2, 3 (2007).
[200] Yagiz Sutcu, Qiming Li, and Nasir Memon. 2007. Security and Privacy in Biometrics (1st. ed.). Vol. 9. Springer-Verlag,
London, Chapter 4, 69–104. DOI: 4471-5230- 9_4
[201] Mihai T. Tarata. 2003. Mechanomyography versus Electromyography, in monitoring the muscular fatigue. Biomed-
ical Engineering Online.
[202] Andrew Beng Jin Teoh and Jaihie Kim. 2015. Error Correction Codes for Biometric Cryptosystem: An Overview.ECE
Senior Capstone Project 2016 Tech Notes. Yonsie University.
[203] K. M. S. Thotahewa. 2014. MAC Protocols for UWB-Based WBAN Applications. Springer. DOI:
978-3- 319-05287- 8_2
[204] Zouheir Trabelsi, Mohamed Al Hemairy, and Mohammad M. Masud. 2014. Resilience of ngerprint and iris readers
against common denial of service attacks. In World Congress on Computer Applications and Information Systems.
[205] Pim Tuyls, Anton H. M. Akkermans, Tom A. M. Kevenaar, Geert-Jan Schrijen, Asker M. Bazen, and Raymond N.
J. Veldhuis. 2005. Pratical biometric authentication with template protection. In International Conference on Audio-
and Video-Based Biometric Person Authentication, Vol. 92. Springer. DOI:
[206] Umut Uludag, Sharath Pankanti, Salil Prabhakar, and Anil K. Jain. 2010. Biometric cryptosystems: Issues and chal-
lenges. In Proceedings of the IEEE, Vol. 92. IEEE.
[207] John Kelsey Bruce Schneier David Wagner and Chris Hall. 1998. Cryptanalytic attacks on pseudorandom number
generators. In 5th International Workshop on Fast Software Encryption.
[208] Yujie Wang, Liudong Xing, and Honggang Wang. 2016. Reliability modeling of relay-assisted wireless body area
networks. In Annual Reliability and Maintainability Symposium.DOI:
[209] James L. Wayman. 1999. Error-rate equations for the general biometric system. In IEEE Robotics & Automation Mag-
azine. IEEE.
[210] J. Wei. 2014. How wearables intersect with the cloud and the internet of things: Considerations for the developers
of wearables. IEEE Consumer Electronics Magazine 3, 3 (2014), 3. DOI:
[211] Bruce R. Wilkins. 2014. Wearable Technology and Its Associated Security Risk. Technical Survey Report. ISACA.
[212] Meredydd Williams, Louise Axon, Jason R. C. Nurse, and Sadie Creese. 2016. Protecting user data in ubiquitous
computing: Towards trustworthy environments. In IEEE 2nd International Forum on Research and Technologies for
Society and Industry Leveraging a Better Tomorrow (RTSI’16).6.
[213] Brad Wing. 2014. Information Technology: American National Standard for Information Systems. NIST SP-500-290 1.
[214] Fengyuan Xu, Zhengrui Qin, Chiu C. Tan, Baosheng Wang, and Qun Li. 2011. IMDGuard: Securing implantable
medical devices with the external wearable guardian. In IEEE INFOCOM. IEEE. DOI:
[215] Bian Yang, Christoph Busch, Koen de Groot, Haiyun Xu, and Raymond N. J. Veldhuis. 2012. Performance evaluation
of fusing protected ngerprint minutiae templates on the decision level. MDPI Sensors (2012). DOI:
[216] Shenglin Yang and Ingrid Verbauwhede. 2010. Secure iris verication. In IEEE International Conference on Acoustics,
Speech and Signal Processing,Vol.2.SPIE.DOI:
[217] Zamboni. 2013. Attacking Biometric Access Control Systems. Retrieved March, 2017 from
images/defcon-13/dc13- presentations/DC_13-Zamboni.pdf .
[218] William Zeller and Edward W. Felten. 2008. Cross-Site Request Forgeries: Exploitation and Prevention. Technical Re-
port. Princeton University.
[219] Xuebing Zhou, Stephen D. Wolthusen, Christoph Busch, and Arjan Kuijper. 2009. Vulnerabilities of fuzzy vault
schemes using biometric data with traces. In 5th International Conference on Intelligent Information Hiding and Mul-
timedia Signal Processing.DOI:
[220] Ziuming Zhu, Song Han, Pei-Chi Huang, Aloysius K. Mok, and Deji Chen. 2011. MBStar: A real-time communication
protocol for wireless body area networks. In Euromicro Conference on Real-Time Systems.
[221] Thomas Guthrie Zimmerman. 1995. Personal Area Networks (PAN): Near-Field Intra-Body Communication. Master’s
Thesis. Media Arts and Sciences.
[222] A. Khalid. 2012. Electricity usage monitoring using face recognition technique. International Journal of Emerging
Technology and Advanced Engineering 2, 10 (2012), 274–276.
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
39:36 A. Sundararajan et al.
[223] A. Khalid, A. Sundararajan, and A. I. Sarwat. 2019. A multi-step predictive model to estimate Li-Ion state of charge
for higher C-Rates. IEEE Conference on Environment and Electrical Engineering and I&CPS. Genoa, Italy, In Press.
[224] A. Khalid, A. Sundararajan, I. Acharya, and A. I. Sarwat. 2019. Prediction of Li-Ion battery state of charge using
multilayer perceptron and long short-term memory models. IEEE Transportation Electrication Conference & Expo
(ITEC). Novi, Michigan, USA, In Press.
[225] A. Sundararajan, T. Khan, A. Moghadasi, and A. I. Sarwat. 2018. Survey on synchrophasor data quality and cyber-
security challenges, and evaluation of their interdependencies. Journal of Modern Power Systems and Clean Energy
6, 7 (2018), 1–19. DOI: 0473-6
Received November 2017; revised November 2018; accepted January 2019
ACM Computing Surveys, Vol. 52, No. 2, Article 39. Publication date: May 2019.
... However, secret and symbolic information can be forgotten, estimated, stolen, lost, or exchanged; this affects the security and privacy of applications or services. For this reason, biometric systems are an excellent niche opportunity to improve safety in applications or services based on pattern recognition systems, especially pattern recognition systems implemented in IoT devices or wireless and low-cost devices [6]- [8]. ...
Full-text available
An essential part of cloud computing, IoT, and in general the broad field of digital systems, is constituted by the mechanisms which provide access to a number of services or applications. Biometric techniques aim to manage the access to such systems based on personal data; however, some biometric traits are openly exposed in the daily life, and in consequence, they are not secret, e.g., voice or face in social networks. In many cases, biometric data are non-cancelable and non-renewable when compromised. This document examines the vulnerabilities and proposes hardware and software countermeasures for the protection and confidentiality of biometric information using randomly created supplementary information. Consequently, a taxonomy is proposed according to the operating principle and the type of supplementary information supported by protection techniques, analyzing the security, privacy, revocability, renewability, computational complexity, and distribution of biometric information. The proposed taxonomy has five categories: (1) biometric cryptosystems, (2) cancelable biometrics, (3) protection schemes based on machine learning or deep learning, (4) hybrid protection schemes, and (5) multibiometric protection schemes. Furthermore, this document proposes quantitative evaluation measures to compare the performance of protection techniques. Likewise, this research highlights the advantages of injective and linear mapping for the protection of authentication and identification systems, allowing the non-retraining of these systems when the protected biometric information is canceled and renewed. Finally, this work mentions commercial products for cancelable biometric systems and proposes future directions for adaptive and cancelable biometric systems in low-cost IoT devices.
... Although the reviewed articles described potential applications and the demand for intelligent systems, they provided little evidence related to the usability and practicality of the proposed device. However, additional metrics such as smart helmet versatility, power consumption, and durability should be determined to examine the usefulness of the system, as well as comfort and ease of use for different population characteristics [98,99]. Without practical applications, user acceptance of smart helmets will not develop [100,101], and consequently, this technology will remain a proof of concept. ...
Full-text available
Background As a form of the Internet of Things (IoT)–gateways, a smart helmet is one of the core devices that offers distinct functionalities. The development of smart helmets connected to IoT infrastructure helps promote connected health and safety in various fields. In this regard, we present a comprehensive analysis of smart helmet technology and its main characteristics and applications for health and safety. Objective This paper reviews the trends in smart helmet technology and provides an overview of the current and future potential deployments of such technology, the development of smart helmets for continuous monitoring of the health status of users, and the surrounding environmental conditions. The research questions were as follows: What are the main purposes and domains of smart helmets for health and safety? How have researchers realized key features and with what types of sensors? Methods We selected studies cited in electronic databases such as Google Scholar, Web of Science, ScienceDirect, and EBSCO on smart helmets through a keyword search from January 2010 to December 2021. In total, 1268 papers were identified (Web of Science: 87/1268, 6.86%; EBSCO: 149/1268, 11.75%; ScienceDirect: 248/1268, 19.55%; and Google Scholar: 784/1268, 61.82%), and the number of final studies included after PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) study selection was 57. We also performed a self-assessment of the reviewed articles to determine the quality of the paper. The scoring was based on five criteria: test environment, prototype quality, feasibility test, sensor calibration, and versatility. Results Smart helmet research has been considered in industry, sports, first responder, and health tracking scenarios for health and safety purposes. Among 57 studies, most studies with prototype development were industrial applications (18/57, 32%), and the 2 most frequent studies including simulation were industry (23/57, 40%) and sports (23/57, 40%) applications. From our assessment-scoring result, studies tended to focus on sensor calibration results (2.3 out of 3), while the lowest part was a feasibility test (1.6 out of 3). Further classification of the purpose of smart helmets yielded 4 major categories, including activity, physiological and environmental (hazard) risk sensing, as well as risk event alerting. Conclusions A summary of existing smart helmet systems is presented with a review of the sensor features used in the prototyping demonstrations. Overall, we aimed to explore new possibilities by examining the latest research, sensor technologies, and application platform perspectives for smart helmets as promising wearable devices. The barriers to users, challenges in the development of smart helmets, and future opportunities for health and safety applications are also discussed. In conclusion, this paper presents the current status of smart helmet technology, main issues, and prospects for future smart helmet with the objective of making the smart helmet concept a reality.
... The recorded data could be then either transmitted to a server where the recognition process has to be carried out, or directly processed within the employed device, in order to decide whether the wearer is really the legitimate owner of the device, before granting logical or physical access to certain areas or services. In addition to a greater ease of use with respect to standard desktop biometric systems, recognition approaches relying on wearable devices could also guarantee improved security, due to the fact that the characteristics recorded by wearable devices typically cannot be captured remotely, making them difficult to steal and replicate, inherently provide liveness detection, and could also be examined to infer about the mental and emotional states of an individual, providing the means to detect compulsion attacks [6]. Moreover, since the acquisition of the interested traits can be done at any time and any place, wearable biometric systems make it feasible to perform continuous recognition, meaning that the identity of a user can be verified throughout the duration of a session, preventing hijacking and avoiding attackers' unauthorized access after an initial successful recognition [7]. ...
Full-text available
Wearable devices are increasingly used, thanks to the wide set of applications that can be deployed exploiting their ability to monitor physical activity and health-related parameters. Their usage has been recently proposed to perform biometric recognition, leveraging on the uniqueness of the recorded traits to generate discriminative identifiers. Most of the studies conducted on this topic have considered signals derived from cardiac activity, detecting it mainly using electrical measurements thorugh electrocardiography, or optical recordings employing photoplethysmography. In this paper we instead propose a BIOmetric recognition approach using Wearable Inertial Sensors detecting Heart activity (BIOWISH). In more detail, we investigate the feasibility of exploiting mechanical measurements obtained through seismocardiography and gyrocardiography to recognize a person. Several feature extractors and classifiers, including deep learning techniques relying on transfer learning and siamese training, are employed to derive distinctive characteristics from the considered signals, and differentiate between legitimate and impostor subjects. An multi-session database, comprising acquisitions taken from subjects performing different activities, is employed to perform experimental tests simulating a verification system. The obtained results testify that identifiers derived from measurements of chest vibrations, collected by wearable inertial sensors, could be employed to guarantee high recognition performance, even when considering short-time recordings.
... As the temperature and humidity rise owing to mask-wearing, the adhesion between the sensor and the skin may decrease, and sweat generated by humidity may negatively affect accurate sensor signal measurement. Beyond sensing accuracy and reliability, it is important to consider additional metrics, such as smart mask interoperability, versatility, power consumption, and durability, to examine the usefulness of the system as well as comfort and ease of use for different population characteristics [87,88]. ...
Full-text available
Unstructured: Face masks are an important way to fight the COVID-19 pandemic. However, the prolonged pandemic has revealed confounding problems of the current face masks, not only the spread of the disease but also concurrent psychological, social, and economic complications. As face masks have been worn for a long time, people have been interested in expanding the purpose of masks from protection to comfort and health, leading to the release of various "smart" mask products around the world. To envision how the smart masks will be extended, this paper reviewed 25 smart masks (12 from commercial products and 13 from academic prototypes) that emerged after the pandemic. While most smart masks presented in the market focus on solving user breathing discomfort problems that arise from prolonged use, academic prototypes were designed for not just sensing COVID-19 but for general health monitoring aspects. Next, we investigated several specific sensors that can be incorporated into the mask for expanding biophysical features. On a larger scale, we discussed the architecture and possible applications with the help of connected smart masks. Namely, beyond a personal sensing application, a group or community sensing application may share an aggregate version of information with the broader population. In addition, this kind of collaborative sensing will also address the challenges of individual sensing, such as reliability and coverage. Lastly, we identified possible service application fields and further considerations for actual use. Along with daily life health monitoring, smart masks may work as a general respiratory health tool for sports training, emergency room/ambulatory setting, protection for industry workers and firefighters, and soldier safety and survivability. For further considerations, we investigated design aspects in terms of sensor reliability and reproducibility, ergonomic design for user acceptance, and privacy-aware data handling. Overall, we aim to explore new possibilities by examining the latest research, sensor technologies, and application platform perspectives for smart masks as one of the promising wearable devices. By integrating biomarkers of respiration symptoms, a smart mask can be a truly cutting-edge device that expands further knowledge on health monitoring to reach the next level of wearables.
... Work on wearable technologies for learning, or educational wearables, has advanced with few attempts at integration. Many reviews on wearables exist, but they address either wearables at a general level (i.e., aspects of wearables that are independent of application domain) (e.g., Berglund, Duvall, and Dunne (2016); Kumari, Mathew, and Syal (2017) ;Liew, Wah, Shuja, Daghighi, et al. (2015)), or wearables in the areas of healthcare (Baig, Gholamhosseini, and Connolly (2013); Pantelopoulos and Bourbakis (2008); Wang, Mintchev, et al. (2013)), assistive technologies (e.g., Dakopoulos and Bourbakis (2009) ;Tapu, Mocanu, and Tapu (2014)), or security (Blasco, Chen, Tapiador, and Peris-Lopez (2016); Sundararajan, Sarwat, and Pons (2019)). Our literature search uncovered 10 survey or review papers that can be considered as being related to wearables for learning. ...
Full-text available
A good amount of research has explored the use of wearables for educational or learning purposes. We have now reached a point when much literature can be found on that topic, but few attempts have been made to make sense of that literature from a holistic perspective. This paper presents a systematic review of the literature on wearables for learning. Literature was sourced from conferences and journals pertaining to technology and education, and through an ad hoc search. Our review focuses on identifying the ways that wearables have been used to support learning and provides perspectives on that issue from a historical dimension, and with regards to the types of wearables used, the populations targeted, and the settings addressed. Seven different ways of how wearables have been used to support learning were identified. We propose a framework identifying five main components that have been addressed in existing research on how wearables can support learning and present our interpretations of unaddressed research directions based on our review results.
... A survey of heart biometrics was presented in [23] in the context of heart signals for user authentication, but it suffers from a superficial coverage in PPG signals with six papers. A review on wearable biometric systems was provided in [24] with only a few acquisition methods for PPG signals. We attempt to comprehensively investigate PPG signals in cybersecurity applications. ...
Full-text available
Biometric authentication prospered during the 2010s. Vulnerability to spoofing attacks remains an inherent problem with traditional biometrics. Recently, unobservable physiological signals (e.g., Electroencephalography, Photoplethysmography, Electrocardiography) as biometrics have been considered a potential solution to this problem. In particular, Photoplethysmography (PPG) measures the change of blood flow of the human body by an optical method. Clinically, researchers commonly use PPG signals to obtain patients' blood oxygen saturation, heart rate, and other information to assist in diagnosing heart-related diseases. Since PPG signals are easy to obtain and contain a wealth of individual cardiac information, researchers have begun to explore its potential applications in information security. The unique advantages (simple acquisition, difficult to steal, and live detection) of the PPG signal allow it to improve the security and usability of the authentication in various aspects. However, the research on PPG-based authentication is still in its infancy. The lack of systematization hinders new research in this field. We conduct a comprehensive study of PPG-based authentication and discuss these applications' limitations before pointing out future research directions.