Fingerprint and location based multifactor authentication for mobile applications

  • Authors

    • Norah Abdullah Aldumiji Umm Al-Qura University
    • Esam Ali Khan Umm Al-Qura University
    2019-08-25
    https://doi.org/10.14419/ijet.v8i3.27035
  • Authentication, Biometrics, location, Multifactor, Smartphone.

  • Abstract

    Authentication, which involves the verification of identity, is one of the most important security features. It usually depends on three factors: something you know (knowledge), something you have (token) and something you are (biometrics). In this paper, we propose the use of biometrics (fingerprints) with a fourth factor, namely location (i.e., where you are), in order to develop a privacy- friendly multi-factor authentication scheme suitable for smartphone applications.

     

     

  • References

    1. [1] M. Looi, Enhanced authentication services for internet systems using mobile networks, in Global Telecommunications Conference, 2001, 2001.

      [2] D. E. Denning and P. F. MacDoran, Location-based authentication: Grounding cyberspace for better security, Internet besieged, October 1997, 167-174.

      [3] C. Wullems, M. Looi and A. Clark, nhancing the security of internet applications using location: A new model for tamper-resistant GSM location, in Computers and Communication, 2003., July 2003.

      [4] D. Dasgupta, A. Roy and A. Nag, Multi-Factor Authentication, Advances in User Authentication, 2017, 185-233. https://doi.org/10.1007/978-3-319-58808-7_5.

      [5] N. Ratha, J. Connell, R. M. Bolle and S. Chikkerur, Cancelable Biometrics: A Case Study in Fingerprints, in 18th International Conference on Pattern Recognition (ICPR'06), 2006. https://doi.org/10.1109/ICPR.2006.353.

      [6] N. K. Ratha, S. Chikkerur, J. H. Connell and R. M. Bolle, Generating cancelable fingerprint templates, IEEE Transactions on pattern analysis and machine intelligence, 2007, 561-572. https://doi.org/10.1109/TPAMI.2007.1004.

      [7] S. Tulyakov, F. Farooq, P. Mansukhani and V. Govindaraju, Symmetric hash functions for secure fingerprint biometric systems, Pattern Recognition Letters, vol. 28, no. 16, 2007, 2427-2436 https://doi.org/10.1016/j.patrec.2007.08.008.

      [8] G. Kumar, S. Tulyakov and V. Govindaraju, Combination of symmetric hash functions for secure fingerprint matching. In Pattern Recognition (ICPR), in 20th International Conference, 2010. https://doi.org/10.1109/ICPR.2010.224.

      [9] M. Barni, T. Bianchi, D. Catalano, D. R. M., R. Donida Labati, P. Failla and A. Piva, Privacy-preserving fingercode authentication, in In Proceedings of the 12th ACM workshop on Multimedia and security, 2010. https://doi.org/10.1145/1854229.1854270.

      [10] Y. Zhang and F. Koushanfar, Robust privacy-preserving fingerprint authentication, in In Hardware Oriented Security and Trust (HOST), 2016 IEEE International Symposium, 2016. https://doi.org/10.1109/HST.2016.7495547.

      [11] D. Denning and P. Macdoran, Location-based authentication: Grounding cyberspace for better security, Computer Fraud & Security, 1996. https://doi.org/10.1016/S1361-3723(97)82613-9.

      [12] Y. B. L. Cho and M. T. Goodrich, in In Mobile and Ubiquitous Systems: Networking & Services, 2006 Third Annual International Conference, 2006.

      [13] H. Takamizawa and K. Kaijiri, A web authentication system using location information from mobile telephones, in n Proceedings of the IASTED International Conference Web-based Education, 2009.

      [14] F. Zhang, A. Kondoro and S. Muftic, Location-based authentication and authorization using smart phones, in n Trust, Security and Privacy in Computing and Communications (TrustCom), 2012. https://doi.org/10.1109/TrustCom.2012.198.

      [15] A. Hammad and P. Faith, LOCATION BASED AUTHENTICATION, U.S. Patent No. 20,170,286,953. Washington, DC: U.S. Patent and Trademark Office.â€, 2017.

      [16] S. H. Khan, M. A. Akbar, F. Shahzad, M. Farooq and Z. Khan, Secure biometric template generation for multi-factor authentication, Pattern Recognition, vol. 48, no. 2, 2015, 458-472, https://doi.org/10.1016/j.patcog.2014.08.024.

      [17] I. A. Lami, T. Kuseler, H. Al-Assam and S. Jassim, LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance., in In Proc. 18th Telecommunications Forum., 2010.

      [18] keytool - Key and Certificate Management Tool, Oracle, http:// docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html. [Accessed 11 MAR 2018].

      [19] J. Bonneau, C. Herley, P. C. Van Oorschot and F. Stajano, the quest to replace passwords: A framework for comparative evaluation of web authentication schemes, in Security and Privacy (SP), 2012 IEEE Symposium, 2012. https://doi.org/10.1109/SP.2012.44.

      [20] M. MANNAN and P. C. VAN OORSCHOT, Passwords for Both Mobile and Desktop Computers.

      [21] Ho, Y. L., Bendrissou, B., Azman, A., & Lau, S. H., BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired Users on Smartphones., American Journal of Applied Sciences, 2017. https://doi.org/10.3844/ajassp.2017.551.559.

      [22] H Fujii and Y Tsuruoka, SV-2FA: Two-factor user authentication with SMS and voiceprint challenge response., in In Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference, 2013. https://doi.org/10.1109/ICITST.2013.6750207.

      [23] S. Mare, A. Molina-Markham, C. Cornelius, R. Peterson and D. Kotz, ZEBRA: Zero-Effort Bilateral Recurring Authentication., Companion report, 2014. https://doi.org/10.1109/SP.2014.51.

      [24] X. Zhu, S. Yu and Q. Pei, QuickAuth: Two-Factor Quick Authentication Based on Ambient Sound., in In Global Communications Conference (GLOBECOM), 2016. https://doi.org/10.1109/GLOCOM.2016.7842192.

      [25] A. S. Arif, A. Mazalek and W. Stuerzlinger, The use of pseudo pressure in authenticating smartphone users., in Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, 2014. https://doi.org/10.4108/icst.mobiquitous.2014.257919.

      [26] K. I. Shin, J. S. Park, J. Y. Lee and J. H. Park, Design and implementation of improved authentication system for android smartphone users., in Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference, 2012. https://doi.org/10.1109/WAINA.2012.31.

      [27] I. Jermyn, A. Mayer, F. Monrose, M. K. Reoter and A. D. Rubin, The Design and Analysis of Graphical Passwords, in Proceedings of the 8th USENIX Security Symposium, Washington, DC., 2000.

      [28] A. F. Syukri, E. Okamoto and M. Mambo, A user identification system using signature written with mouse, in Australasian Conference on Information Security and Privacy, Berlin, Heidelberg., 1998, July. https://doi.org/10.1007/BFb0053751.

      [29] C. Varenhorst, M. V. Kleek and L. Rudolph, Passdoodles: A lightweight authentication method., in Research Science Institute., 2004.

      [30] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy and N. Memon, Authentication using graphical passwords: Effects of tolerance and image choice., in Proceedings of the 2005 symposium on Usable privacy and security, 2005, July. https://doi.org/10.1145/1073001.1073002.

      [31] A. Bhand, V. Desale, S. Shirke and S. P. Shirke, Enhancement of password authentication system using graphical images, in Information Processing (ICIP), 2015 International Conference, 2015, December. https://doi.org/10.1109/INFOP.2015.7489381.

      [32] V. Moraskar, S. Jaikalyani, M. Saiyyed, J. Gurnani and K. Pendke, Cued Click Point Technique for Graphical Password Authentication, International Journal of Computer Science and Mobile Computing 3 (1)., 2014, 166-172.

      [33] P. Corporation, The science behind Passfaces, http:// http://www.passfaces.com/enterprise/resources/white_papers.htm. [Accessed 11 8 2018].

      [34] R. Dhamija and A. Perrig, "Deja Vu: A User Study. Using Images for Authentication, in Proceedings of the 9th USENIX Security Symposium, August 2000.

      [35] L. Sobrado and J. C. Birget, Graphical passwords., The Rutgers Scholar, an electronic Bulletin for undergraduate research., vol. 4, no. 2002, 12-18.

      [36] S. Venugopalan and M. Savvides, How to generate spoofed irises from an iris code template., IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, 2011, 385-395. https://doi.org/10.1109/TIFS.2011.2108288.

      [37] A. Swaminathan, N. Kumar and M. R. Kumar, Review of Numerous Facial Recognition Techniques in Image Processing., 2014.

      [38] C. Brown, Palm vein authentication system launched for mobile devices, http:// nfcworld.com/2017/01/13/349444/palm-vein-authentication-system-launched-mobile-devices/, [Accessed 15 August 2017].

      [39] Y. Renard, F. Lotte, G. Gibert, et al, Open VibE: An Open Source Software Platform to design, Test and Use Brain-Computer Interfaces in Real and Virtual Environments, teleoperators and virtual environments, vol. 19, no. 1, 2010, 35-53. https://doi.org/10.1162/pres.19.1.35.

      [40] N. Sae-Bae, K. Ahmed, K. Isbister and N. Memon, Biometric-rich gestures: a novel approach to authentication on multi-touch devices., in n Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 2012. https://doi.org/10.1145/2207676.2208543.

      [41] U. Garg and Y. K. Meena, User authentication using keystroke recognition., in In Proceedings of international conference on advances in computing, New Delhi, 2013. https://doi.org/10.1007/978-81-322-0740-5_17.

      [42] J. C. D. Lima, C. C. Rocha and I. Augustin, A Context-Aware Recommendation System to Behavioral Based Authentication in Mobile and Pervasive Environments., in in 2011 IFIP Ninth International Conference on Embedded and Ubiquitous Computing, October 2011. https://doi.org/10.1109/EUC.2011.2.

      [43] M. Jakobsson, E. G. Shi, P. and R. Chow, Implicit authentication for mobile devices,"in In Proceedings of the 4th USENIX conference on Hot topics in security., 2009.

      [44] N. Haller, C. Metz, P. Nesser and M. Straw, A one-time password system (No. RFC 2289), 1998. https://doi.org/10.17487/rfc2289.

      [45] google 2-step Verification, google, http:// google.com/landing/2step/.

  • Downloads

    Additional Files

  • How to Cite

    Abdullah Aldumiji, N., & Ali Khan, E. (2019). Fingerprint and location based multifactor authentication for mobile applications. International Journal of Engineering & Technology, 8(3), 193-204. https://doi.org/10.14419/ijet.v8i3.27035

    Received date: 2019-02-03

    Accepted date: 2019-06-12

    Published date: 2019-08-25