Fingerprint and location based multifactor authentication for mobile applications
-
2019-08-25 
https://doi.org/10.14419/ijet.v8i3.27035
-
Authentication, Biometrics, location, Multifactor, Smartphone. -
Authentication, which involves the verification of identity, is one of the most important security features. It usually depends on three factors: something you know (knowledge), something you have (token) and something you are (biometrics). In this paper, we propose the use of biometrics (fingerprints) with a fourth factor, namely location (i.e., where you are), in order to develop a privacy- friendly multi-factor authentication scheme suitable for smartphone applications.
Â
Â
-
References
[1] M. Looi, Enhanced authentication services for internet systems using mobile networks, in Global Telecommunications Conference, 2001, 2001.
[2] D. E. Denning and P. F. MacDoran, Location-based authentication: Grounding cyberspace for better security, Internet besieged, October 1997, 167-174.
[3] C. Wullems, M. Looi and A. Clark, nhancing the security of internet applications using location: A new model for tamper-resistant GSM location, in Computers and Communication, 2003., July 2003.
[4] D. Dasgupta, A. Roy and A. Nag, Multi-Factor Authentication, Advances in User Authentication, 2017, 185-233. https://doi.org/10.1007/978-3-319-58808-7_5.
[5] N. Ratha, J. Connell, R. M. Bolle and S. Chikkerur, Cancelable Biometrics: A Case Study in Fingerprints, in 18th International Conference on Pattern Recognition (ICPR'06), 2006. https://doi.org/10.1109/ICPR.2006.353.
[6] N. K. Ratha, S. Chikkerur, J. H. Connell and R. M. Bolle, Generating cancelable fingerprint templates, IEEE Transactions on pattern analysis and machine intelligence, 2007, 561-572. https://doi.org/10.1109/TPAMI.2007.1004.
[7] S. Tulyakov, F. Farooq, P. Mansukhani and V. Govindaraju, Symmetric hash functions for secure fingerprint biometric systems, Pattern Recognition Letters, vol. 28, no. 16, 2007, 2427-2436 https://doi.org/10.1016/j.patrec.2007.08.008.
[8] G. Kumar, S. Tulyakov and V. Govindaraju, Combination of symmetric hash functions for secure fingerprint matching. In Pattern Recognition (ICPR), in 20th International Conference, 2010. https://doi.org/10.1109/ICPR.2010.224.
[9] M. Barni, T. Bianchi, D. Catalano, D. R. M., R. Donida Labati, P. Failla and A. Piva, Privacy-preserving fingercode authentication, in In Proceedings of the 12th ACM workshop on Multimedia and security, 2010. https://doi.org/10.1145/1854229.1854270.
[10] Y. Zhang and F. Koushanfar, Robust privacy-preserving fingerprint authentication, in In Hardware Oriented Security and Trust (HOST), 2016 IEEE International Symposium, 2016. https://doi.org/10.1109/HST.2016.7495547.
[11] D. Denning and P. Macdoran, Location-based authentication: Grounding cyberspace for better security, Computer Fraud & Security, 1996. https://doi.org/10.1016/S1361-3723(97)82613-9.
[12] Y. B. L. Cho and M. T. Goodrich, in In Mobile and Ubiquitous Systems: Networking & Services, 2006 Third Annual International Conference, 2006.
[13] H. Takamizawa and K. Kaijiri, A web authentication system using location information from mobile telephones, in n Proceedings of the IASTED International Conference Web-based Education, 2009.
[14] F. Zhang, A. Kondoro and S. Muftic, Location-based authentication and authorization using smart phones, in n Trust, Security and Privacy in Computing and Communications (TrustCom), 2012. https://doi.org/10.1109/TrustCom.2012.198.
[15] A. Hammad and P. Faith, LOCATION BASED AUTHENTICATION, U.S. Patent No. 20,170,286,953. Washington, DC: U.S. Patent and Trademark Office.â€, 2017.
[16] S. H. Khan, M. A. Akbar, F. Shahzad, M. Farooq and Z. Khan, Secure biometric template generation for multi-factor authentication, Pattern Recognition, vol. 48, no. 2, 2015, 458-472, https://doi.org/10.1016/j.patcog.2014.08.024.
[17] I. A. Lami, T. Kuseler, H. Al-Assam and S. Jassim, LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance., in In Proc. 18th Telecommunications Forum., 2010.
[18] keytool - Key and Certificate Management Tool, Oracle, http:// docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html. [Accessed 11 MAR 2018].
[19] J. Bonneau, C. Herley, P. C. Van Oorschot and F. Stajano, the quest to replace passwords: A framework for comparative evaluation of web authentication schemes, in Security and Privacy (SP), 2012 IEEE Symposium, 2012. https://doi.org/10.1109/SP.2012.44.
[20] M. MANNAN and P. C. VAN OORSCHOT, Passwords for Both Mobile and Desktop Computers.
[21] Ho, Y. L., Bendrissou, B., Azman, A., & Lau, S. H., BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired Users on Smartphones., American Journal of Applied Sciences, 2017. https://doi.org/10.3844/ajassp.2017.551.559.
[22] H Fujii and Y Tsuruoka, SV-2FA: Two-factor user authentication with SMS and voiceprint challenge response., in In Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference, 2013. https://doi.org/10.1109/ICITST.2013.6750207.
[23] S. Mare, A. Molina-Markham, C. Cornelius, R. Peterson and D. Kotz, ZEBRA: Zero-Effort Bilateral Recurring Authentication., Companion report, 2014. https://doi.org/10.1109/SP.2014.51.
[24] X. Zhu, S. Yu and Q. Pei, QuickAuth: Two-Factor Quick Authentication Based on Ambient Sound., in In Global Communications Conference (GLOBECOM), 2016. https://doi.org/10.1109/GLOCOM.2016.7842192.
[25] A. S. Arif, A. Mazalek and W. Stuerzlinger, The use of pseudo pressure in authenticating smartphone users., in Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, 2014. https://doi.org/10.4108/icst.mobiquitous.2014.257919.
[26] K. I. Shin, J. S. Park, J. Y. Lee and J. H. Park, Design and implementation of improved authentication system for android smartphone users., in Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference, 2012. https://doi.org/10.1109/WAINA.2012.31.
[27] I. Jermyn, A. Mayer, F. Monrose, M. K. Reoter and A. D. Rubin, The Design and Analysis of Graphical Passwords, in Proceedings of the 8th USENIX Security Symposium, Washington, DC., 2000.
[28] A. F. Syukri, E. Okamoto and M. Mambo, A user identification system using signature written with mouse, in Australasian Conference on Information Security and Privacy, Berlin, Heidelberg., 1998, July. https://doi.org/10.1007/BFb0053751.
[29] C. Varenhorst, M. V. Kleek and L. Rudolph, Passdoodles: A lightweight authentication method., in Research Science Institute., 2004.
[30] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy and N. Memon, Authentication using graphical passwords: Effects of tolerance and image choice., in Proceedings of the 2005 symposium on Usable privacy and security, 2005, July. https://doi.org/10.1145/1073001.1073002.
[31] A. Bhand, V. Desale, S. Shirke and S. P. Shirke, Enhancement of password authentication system using graphical images, in Information Processing (ICIP), 2015 International Conference, 2015, December. https://doi.org/10.1109/INFOP.2015.7489381.
[32] V. Moraskar, S. Jaikalyani, M. Saiyyed, J. Gurnani and K. Pendke, Cued Click Point Technique for Graphical Password Authentication, International Journal of Computer Science and Mobile Computing 3 (1)., 2014, 166-172.
[33] P. Corporation, The science behind Passfaces, http:// http://www.passfaces.com/enterprise/resources/white_papers.htm. [Accessed 11 8 2018].
[34] R. Dhamija and A. Perrig, "Deja Vu: A User Study. Using Images for Authentication, in Proceedings of the 9th USENIX Security Symposium, August 2000.
[35] L. Sobrado and J. C. Birget, Graphical passwords., The Rutgers Scholar, an electronic Bulletin for undergraduate research., vol. 4, no. 2002, 12-18.
[36] S. Venugopalan and M. Savvides, How to generate spoofed irises from an iris code template., IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, 2011, 385-395. https://doi.org/10.1109/TIFS.2011.2108288.
[37] A. Swaminathan, N. Kumar and M. R. Kumar, Review of Numerous Facial Recognition Techniques in Image Processing., 2014.
[38] C. Brown, Palm vein authentication system launched for mobile devices, http:// nfcworld.com/2017/01/13/349444/palm-vein-authentication-system-launched-mobile-devices/, [Accessed 15 August 2017].
[39] Y. Renard, F. Lotte, G. Gibert, et al, Open VibE: An Open Source Software Platform to design, Test and Use Brain-Computer Interfaces in Real and Virtual Environments, teleoperators and virtual environments, vol. 19, no. 1, 2010, 35-53. https://doi.org/10.1162/pres.19.1.35.
[40] N. Sae-Bae, K. Ahmed, K. Isbister and N. Memon, Biometric-rich gestures: a novel approach to authentication on multi-touch devices., in n Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 2012. https://doi.org/10.1145/2207676.2208543.
[41] U. Garg and Y. K. Meena, User authentication using keystroke recognition., in In Proceedings of international conference on advances in computing, New Delhi, 2013. https://doi.org/10.1007/978-81-322-0740-5_17.
[42] J. C. D. Lima, C. C. Rocha and I. Augustin, A Context-Aware Recommendation System to Behavioral Based Authentication in Mobile and Pervasive Environments., in in 2011 IFIP Ninth International Conference on Embedded and Ubiquitous Computing, October 2011. https://doi.org/10.1109/EUC.2011.2.
[43] M. Jakobsson, E. G. Shi, P. and R. Chow, Implicit authentication for mobile devices,"in In Proceedings of the 4th USENIX conference on Hot topics in security., 2009.
[44] N. Haller, C. Metz, P. Nesser and M. Straw, A one-time password system (No. RFC 2289), 1998. https://doi.org/10.17487/rfc2289.
[45] google 2-step Verification, google, http:// google.com/landing/2step/.
-
Downloads
Additional Files
-
-
How to Cite
Abdullah Aldumiji, N., & Ali Khan, E. (2019). Fingerprint and location based multifactor authentication for mobile applications. International Journal of Engineering & Technology, 8(3), 193-204. https://doi.org/10.14419/ijet.v8i3.27035
