Enhancing and Reinforcing Security and Usability of User Account Authentication Using Fingerprints As Username Credential

Enhancing and Reinforcing Security and Usability of User Account Authentication using Fingerprints as Username Credential

by Mohammad Hassan Algarni

A dissertation submitted to Florida Institute of Technology in partial fulﬁllment of the requirements for the degree of

Doctor of Philosophy in Computer Science

Melbourne, Florida July 2018 We the undersigned committee hereby recommend that the attached dissertation be accepted as fulﬁlling in part the requirements for the degree of Doctor of Philosophy in Computer Science Enhancing and Reinforcing Security and Usability of User Account Authentication using Fingerprint as Username Credential by Mohammad Hassan Algarni

Lucas Stephane, Ph.D. Assistant Professor, School of Computing, Human-Centered Design Innovation Program Advisor and Committee Chair

Walter Bond, Ph.D. Associate Professor, School of Computing

Marius Silaghi, Ph.D. Associate Professor, School of Computing

Munevver Subasi, Ph.D. Associate Professor, Mathematical Sciences

Philip J. Bernhard, Ph.D. Associate Professor, Director School of Computing Computer Sciences and Cybersecurity Abstract

Title: Enhancing and Reinforcing Security and Usability of User Account Authentication using Fingerprints as Username Credential Author: Mohammad Hassan Algarni Committee Chair: Lucas Stephane, Ph.D.

With the process of logging in, the users gain access to a computer system after identifying and authenticating themselves. The user credentials are required to login, and they are typically some form of a username and a matching password. The username for logging in an account is textual. This text can be either email address or some alphanumeric or numeric or characters chosen by the user. However, if the email account of a user is compromised, the attacker can click on Forgot Password link available on the user interface of the target account. If the compromised email account has the same email address as the one used when registering to the target account, then a password reset link will be sent to the email address and the attacker will be able to compromise the target account as well. In addition, if the username of the target account is known, the attacker will just have to crack the password of that account.

iii The primary goal of this research is to address the vulnerabilities of the authentication systems and thereby strengthen the security of user accounts by enhancing and reinforcing security and usability of user account authentication using ﬁngerprints as username.

iv Contents

1 Background 1 1.1 Introduction ...... 1 1.2 Overview ...... 3 1.3 Biometrics Purposes ...... 6 1.3.1 Security ...... 6 1.3.2 Avoiding Time Loss ...... 7 1.4 Biometrics System Components ...... 7 1.4.1 Fingerprint Recognition ...... 8 1.4.2 Face Recognition ...... 12 1.4.3 Iris Recognition ...... 13 1.5 Multimodal Biometrics Systems ...... 14 1.5.1 Background ...... 14 1.5.2 Assessment ...... 16 1.5.3 Fusion ...... 18 1.5.4 Multimodal Scenarios ...... 19 1.5.5 Adaptive and Non-Adaptive Fusion ...... 21 1.5.6 Unattended and Attended Biometrics Systems ...... 24

v 1.5.7 Summary ...... 25

2 Biometrics Utilization 26 2.1 Overview ...... 26 2.2 Usage in Commerce ...... 27 2.2.1 Most Used Biometrics ...... 29 2.2.2 Usage in Online Banking ...... 33 2.2.3 Usage in Automated Teller Machine (ATM) ...... 35 2.2.4 Summary ...... 37 2.3 Usage in Government ...... 38 2.4 E-Government Models with Commercial Applications ...... 40 2.5 Social Impact ...... 42 2.6 User Experience ...... 43 2.7 Summary ...... 46

3 Biometrics Vulnerabilities and Countermeasures 48 3.1 Spooﬁng Attacks ...... 48 3.1.1 Overview ...... 49 3.1.2 Spooﬁng Attacks ...... 51 3.1.3 Summary ...... 62 3.2 Attacks on Biometric Systems ...... 62 3.2.1 Fingerprint Sensors and Attack Types ...... 65 3.3 Defense Techniques ...... 68 3.4 Revocable Biometrics ...... 70

4 Literature Review 52

vi 4.1 Overview ...... 52 4.2 Detailed Review ...... 53 4.2.1 Use of fingerprints in authentication ...... 53 4.2.2 Use of order of multiple fingerprints in authentication . . . . 55 4.2.3 Use of Multimodal Biometrics in Authentication ...... 57 4.2.4 Use of fingerprints as usernames and/or password: ...... 59 4.3 Conclusion: ...... 60

5 Research Problem Statement 62 5.1 Motivation ...... 62 5.2 Problem Statement ...... 64 5.3 Problem Goals ...... 65 5.4 Problem Questions ...... 66 5.5 Research Hypothesis ...... 66 5.6 Research Methodology ...... 68 5.6.1 Introduction ...... 68 5.6.2 Approach ...... 69 5.6.3 Research Method ...... 71

6 Survey Findings and Conclusion 73 6.0.4 Demographic Information ...... 74 6.1 Model Related Information ...... 76 6.2 Conclusion ...... 84

7 Evaluation of the Authentication Systems 86 7.1 Evaluation framework ...... 87

vii 7.2 Relevance of the framework to the proposal ...... 88 7.3 Application of the framework to the proposal ...... 89 7.3.1 Usability ...... 89 7.3.2 Security ...... 91 7.4 Security Metrics ...... 95 7.5 Summarized metric results ...... 103 7.6 Implications and Conclusion ...... 51

8 Evaluating of the User Adoption 53 8.1 Background on the proposed idea ...... 53 8.2 Proof of Concept ...... 33 8.3 Selection of Adoption model ...... 39 8.3.1 Formulating Hypothesis ...... 40 8.3.2 Methodology ...... 42

9 Analysis of the Survey 44 9.1 Results ...... 44 9.1.1 Demographic information ...... 45 9.1.2 Information related to FUAF ...... 45 9.2 Reliability ...... 91 9.3 Implications ...... 91 9.4 Analysis of Usability Metrics ...... 94

10 Conclusions and Future Work 97 10.1 Conclusion ...... 97 10.2 Directions for further research ...... 99

viii 10.3 Timeline ...... 99

A List of Publications 101

B Surveys Questions 102

ix List of Figures

1.1 Three categories of user authentication [1] ...... 6

1.2 Structure of Unimodal Biometric System...... 7

1.3 Biometrics enrollment and recognition process...... 8

1.4 Minutia in a ﬁngerprint [2]...... 9

1.5 Optical scanner [3]...... 10

1.6 Capacitive scanner [4]...... 11

1.7 Screen-shot captured from facial recognition program Aurora [5]...... 13

1.8 Example of an iris pattern [6]...... 14

1.9 Multimodal Biometric Scenarios [7]...... 22

1.10 Adaptive Fusion VS Non-Adaptive Fusion [8]...... 23

2.1 Proportion of used biometric technologies in the worlds banks [9]...... 34

2.2 A lady is getting her iris scanned by the ATM to withdraw her monthly cash

allowance. [10]...... 36

3.1 Possible attack points in a generic biometrics-based system [11]...... 50

3.2 Example of live and non-live ﬁngerprints captured by capacitive DC scanner.

(a) Live finger; (b) spoof finger made from Play-Doh; (c) spoof finger made from

gelatin; (d) cadaver ﬁnger. [12] ...... 53

x 3.3 Block diagram of the proposed cascade structure for face spooﬁng detection [13]. 57

3.4 Segmentation results and four paths in the common iris region of two images

(a) and (b) captured in illumination condition I and II. Image (b) is resized to

have the same iris diameter as that of image (a). The blue circle in image (b)

deﬁnes the pupil size in image (a) [14]...... 60

3.5 a normal eye and one with a patterned contact lens generate diﬀerent

deformations of a projected stripe pattern [15]...... 61

3.6 Possible attacks on the biometric system at various points [16]...... 63

5.1 Technology Acceptance Model (TAM) [18]...... 70

6.1 The responses percentage for the Demographic Information of participants:

Gender, Age and Education Level ...... 75

6.2 Chart showing the responses percentage for participants familiarity with

ﬁngerprint technologies ...... 77

6.3 Chart showing the responses percentage for how participants perceived

information present on their phones ...... 78

6.4 Chart showing the responses percentage for the level of privacy protection that

participants required for their information on their phones ...... 80

6.5 Chart showing the responses percentage if the participants would store more

private information on their phones if it has ﬁngerprint scanner ...... 81

6.6 Chart showing the responses percentage of participants if they think the

ﬁngerprint authentication technique was better than traditional security

methods ...... 82

6.7 Chart showing the responses percentage of participants to use ﬁngerprints as

usernames or alphanumeric usernames ...... 83

xi 8.2 Sign Up Screen ...... 33

8.3 Sign Up Screen with details entered ...... 34

8.4 Authenticate Fingerprint Screen ...... 34

8.5 Sign In screen ...... 35

8.6 Sign In screen with details entered ...... 35

8.7 Proﬁle page after successful sign in ...... 36

8.8 Reset Password screen ...... 37

8.9 Password reset email ...... 37

8.1 Home screen of the prototype app ...... 38

8.10 Technology Acceptance Model (TAM) ...... 40

9.1 The responses percentage for the Demographic Information of participants:

Gender, Age and Education Level ...... 47

9.2 Chart showing the responses percentage for participants if they think FUAF is

easy to use...... 48

9.3 Chart showing the responses percentage for participants if they think learning

FUAF is clear...... 49

9.4 Chart showing the responses percentage for participants if they think using

FUAF will be easy...... 51

9.6 Chart showing the responses percentage for participants if they think it would

be faster to sign in with FUAF...... 52

9.7 Chart showing the responses percentage for participants if they think it would

be useful not to remember textual usernames...... 53

9.8 Chart showing the responses percentage for participants if they think using

ﬁngerprints as usernames is a viable idea ...... 54

xii 9.9 Chart showing the responses percentage for participants if they think using

FUAF will be advantageous...... 87

9.10 Chart showing the responses percentage for participants if they think using

FUAF is a good idea...... 88

9.11 Chart showing the responses percentage for participants if they think using

FUAF is within their control...... 90

9.12 Chart showing the responses percentage for participants if they have the

resource, knowledge and the ability to use FUAF...... 87

9.13 Chart showing the responses percentage for participants if will able to skilfully

use the FUAF system...... 88

9.14 Chart showing the responses percentage for participants if they intends to use

FUAF...... 89

9.15 Chart showing the responses percentage for participants if they will use FUAF

frequently...... 89

9.16 Chart showing the responses percentage for participants if they will recommend

FUAF to others...... 90

9.17 Results for compering usability in both legacy system and FUAF in a three

dimensional space...... 96

xiii List of Tables

6.1 Demographic Information of Participants ...... 75 6.2 Familiarity with Fingerprint Technologies ...... 76 6.3 Participants Perceived Information Present on Their Phones . . . . 77 6.4 Level of Privacy Protection that Participants Required for Their Information on Their Phones ...... 79 6.5 Participants Would Store more Private Information on Their Phones 81 6.6 Participants Thought If the Fingerprint Authentication Technique is Better than Traditional Security Methods ...... 82 6.7 Participants Preferences Use Fingerprints as Usernames or Alphanumeric Usernames ...... 82

7.1 A comparative ﬁgure is presented below for easier representation. . 95 7.2 A comparative ﬁgure is presented below for easier representation. . 97 7.3 Comparison of security metric scores ...... 51

9.1 Demographic Information of Participants ...... 46 9.2 Participants thoughts if FUAF is easy...... 47 9.3 Participants thoughts if learning FUAF is clear...... 48 9.4 Participants thoughts if using FUAF will be easy...... 49

xiv 9.5 Participants thoughts if FUAF will not require a lot of mental eﬀort. 51 9.6 Participants thoughts if it would be faster to sign in with FUAF. . 52 9.7 Participants thoughts if it would be useful not to remember textual usernames...... 53 9.8 Participants thoughts if ﬁngerprints as usernames is a viable idea . 54 9.9 Participants thoughts if FUAF will be advantageous...... 87 9.10 Participants thoughts if using FUAF is a good idea ...... 89 9.11 Participants thoughts if using FUAF is within their control. . . . . 89 9.12 Participants thoughts if they have the resource, knowledge and the ability to use FUAF...... 89 9.13 Participants thoughts if they will be able to skilfully use the FUAF system...... 90 9.14 Participants thoughts if they intends to use FUAF...... 87 9.15 Participants thoughts if they will use FUAF frequently...... 87 9.16 Participants thoughts if they will recommend FUAF to others. . . . 88 9.17 Reliability Score for each construct of TAM ...... 91 9.18 Comparison of usability metric scores ...... 95

10.1 Timeline ...... 100

xv Acknowledgements

First and foremost, praises and thanks to the God, the Almighty, for His showers of blessings throughout my research work to complete my Ph.D. successfully. An extraordinary gratitude goes out to my government through the Saudi Arabian Cultural Mission (SACM) for helping and providing the funding for my Ph.D. program. I would like to express my deep and sincere gratitude to my advisor, Dr. Lucas Stephane for giving me the opportunity to do research and providing invaluable guidance throughout this research. His enthusiasm, vision, sincerity, and motivation have deeply inspired me. I would also like to thank him for his friendship and empathy.

I am grateful to my parents, who have provided me with moral and emotional support in my life and their wise counsel and a sympathetic ear. You are always there for me. I am very much thankful to my wife and my kids for their love, understanding, prayers and continuing support to complete this research work. I am also grateful to my sibling and other family members and friends who have supported me along the way. And ﬁnally, last but by no means least, also to everyone in the impact hub, it was

xvi excellent sharing laboratory with all of you during recent years. Thanks for all your encouragement!

xvii Declaration

I declare that the work presented in this dissertation is my own work except where cited to another author.

xviii Chapter 1

Background

1.1 Introduction

In recent years, biometric authentication has seen a wider adoption in the user recognition market and it is also addressed as the core next-generation technology. The wider adoption of biometric authentication techniques is at large due to the courtesy of a fundamentally strong characteristic that biometric systems have, that is, a person cannot easily forget or simply lose their biometrics. Governments and commercial organizations across the globe are facing rising concerns about security and fraud and they are substantially increasing their own deployment of fingerprint-based authentication systems which is a technique from the large pool of the biometric authentication techniques available. In fingerprint authentication technique, the friction ridges present on the fingers of a person prove to be useful in authentication of a person [19].

1 Fingerprint authentication systems are deployed in areas covering many applications such as physical and logical access control, consumer device access, and ATM transactions and also in several non-forensic applications [19]. There are many other biometric traits such as facial features, iris and retina features, hand geometry, etc. that have been explored but fingerprint authentication has established itself as the most dominant trait for various reasons [20]. Some of them being its success in various applications in the forensic domains, the existence of large databases and also the availability of relatively inexpensive fingerprint readers. We witness nowadays that almost all the smartphones come equipped with fingerprint authentication system. Although fingerprint authentication is one of the dominant traits in biometrics, it does have its set of loopholes. The problem with technologies that are old is that people have had more time to use it and consequently more time to exploit it to discover out its vulnerabilities. For example in case of fingerprint authentication techniques, there is now even a step by step tutorial available on a famous website wikihow.com which guides exactly on how to forge fingerprints [21]

Authentication systems that have only one fingerprint to be scanned to get access to the system are vulnerable because of the reason that only one fingerprint is required to be forged and the hacker is through. Because of the gradually spreading ubiquity of fingerprint authentication systems, it becomes a dire necessity to take a step forward in analyzing the vulnerabilities that fingerprint systems have and also proposing ways to cover up these vulnerabilities and thereby making fingerprint authentication a more secure biometric system.

2 1.2 Overview

In the field of security, authentication plays an important role. Authentication is the process of determining whether someone or something is, in fact, who or what it is claimed to be. In the process of authentication, users are identified and verified by comparing the credentials they provide to the system with those that on the file in the database of legitimate users. Authentication is preceded by authorization, which is the process of ensuring integrity and access control. Authentication can be performed based on three categories as described in the sections below.

Something You Are: “Something you are” is the biometric method of authentication. “Something you are” is based on the physical or behavioral trait of the individual by which they can be recognized for who they really are. There are several physical or behavioral characteristics which can be utilized for recognition of users, for example physical traits include ﬁnger prints, iris, face, vein, and hand geometry; behavioral traits include keystroke dynamics, voice, signature dynamics and gait.

The biometric mode of authentication requires the biometric of individual to be measured every time the user wants to get authenticated to gain access to services or resources of the system. There are four major components for any biometric system: sensor, feature extractor, database and a matcher. In the process of authentication, the biometric characteristic is captured via the sensor and the features are extracted, then the matcher compares the features extracted with respect to the templates stored in the database. The matcher then do a comparison and if any match exceeds the threshold value, then the decision is considered to

3 be a match otherwise it is a non-match. Matcher gives a binary response which is implied as true for a match and false for a non-match.

Rather than other modes in this mode of authentication the user has to go through least eﬀort. The user does not have to remember and type diﬃcult passwords or carry physical smart cards or hardware tokens. The biometric sensor automatically reads the biometric data of the user and makes a decision whether to authenticate them or not. This mode of authentication is least vulnerable to attacks because of the nature of biometrics. Biometrics has the properties like universality, uniqueness, permanence, measurability, acceptability, and circumvention [22].

Something You Have: “Something you have” implies something which you physically have and you will have to show it to prove that, you are who you claim to be. This category of authentication is based on physical credentials such as hardware tokens or smart cards. This mode of authentication is based on challenge-response and this requires the user to strictly have the physical token. This mode comes with a cost as additional hardware like card readers and physical tokens are required in order to implement this mode of authentication. The main disadvantage of this method is the insecurity that these tokens can be lost or stolen and therefore trust can be misplaced [22].

4 Something You Know: “Something you know” implies something which is a shared secret between the user and the service or resource provider. This category of authentication uses credentials consisting of information that only the user knows, for example personal identiﬁcation number (PIN), a password, or the answer to a secret questions. This method of authentication is very easy to implement in terms of hardware and software, but this method has a lot of drawbacks.

In most of the cases, passwords can be forgotten by the users and they have to be changed frequently. Passwords have to be strong and poor passwords can lead to brute force attacks. Remembering passwords is diﬃcult and it is annoying to remember passwords for multiple accounts and thus reducing the overall usability. Close people around us like friends and family know our personal information and the probability of them knowing the answers to secret questions is high. Social engineering can also be used to break this mode of authentication [22]. The modiﬁed Figure 1.1 below shows the three categories of user authentication.

5 Figure 1.1: Three categories of user authentication [1]

1.3 Biometrics Purposes

1.3.1 Security

Using biometrics enhances security as a whole which leads many enterprises to use it in their application. For instance, in the healthcare industry biometrics has been used to protect patients privacy and security. It can prevent extra information about patients from being revealed to those of the personnel who should have access to only a part of patients information, not the entire records. Hence it increases the level of patients conﬁdentiality.

6 1.3.2 Avoiding Time Loss

Using biometrics helps in ensuring the presence of employees in their workplaces. Traditional methods of signing in and out and keeping track of the presence of employees currently cost businesses ﬁve percent of their annual income and that can be decreased with the usage of biometrics [23].

1.4 Biometrics System Components

According to the Figure 1.2, unimodal biometric system consists of four modules:

1. Sensor Module: Captures the characteristic of a person in raw biometric data.

2. Feature Extractor Module: Processes the raw data and extracts the main feature of the trait from raw data.

3. Matching Module: Compares the extracted feature set with the data in the database.

4. Decision Module: Decides whether the system accepts or rejects the identity request based on the matching score.

Figure 1.2: Structure of Unimodal Biometric System.

7 Biometric recognition systems can be found in some computers that need to be equipped with this kind of verification systems for different purposes. However, it is still kind of a novelty to find it in everyday devices. The most common deployed biometric recognition systems in personal devices like smartphones and secured places are fingerprints, facial and iris recognition systems. These systems use different modalities for their verification process but they all share the similar process shown in Figure 1.3.

Figure 1.3: Biometrics enrollment and recognition process.

1.4.1 Fingerprint Recognition

The fingertip contains ridges and valleys that constitute a unique pattern for each finger. Minutiae, known as the points where ridges split or ends, are used for fingerprints recognition. All those ridges are important to the sense of touch, but they are also a unique form of identification. Even identical twins do not have the same fingerprints because small differences in pressure inside the womb cause them to be different.

8 That what makes the idea of deploying fingerprint scanners on smartphones a significant advancement which becomes a huge part of our daily routine. There are three common types of fingerprint scanners:

Figure 1.4: Minutia in a ﬁngerprint [2].

Optical scanner: The optical sensor is one of the oldest types of scanners that captures the finger image. It depends on capturing an optical photograph of the finger and then with the use of an algorithm detects patterns on the finger surface like ridges and valleys. This process can be performed by examining both dark and light areas of the picture [4].

The high-resolution camera used in the optical scanners increase the level of security as it captures higher contrast images than a normal camera. This type of scanners have a large number of diodes per inch to catch the details of the ﬁnger narrowly. It uses LED arrays to lighten the picture of the ﬁnger captured by the

9 Figure 1.5: Optical scanner [3]. camera. The key downside with such scanners is that they are not robust enough to fooling techniques since it captures only 2D pictures. As this type of technology only captures a 2D picture, high-resolution pictures and prosthetics can deceive such a scanner. As a result, optical scanners are not secure enough to be used for smartphones as it requires advance security for its scanners.

Capacitive scanners: The capacitive fingerprint scanner is a sensor made of heaps of tiny cells that are smaller than the ridges on the fingertips. Fingerprint scanners have to take onto of account smudging, dirt and all kinds of things that might give a false positive or negative. The software in the scanner searches for areas where specific ridges split into two, or where the central swirl is. It takes note of where all the different details are in comparison to each other and makes a map of landmarks on the fingerprint. Then it looks for matches to those defining characteristics every time that a user places their finger onto the scanner. The

10 software then will set the matching score to unlock the device depending on the level of security needed for the situation [4].

Currently, capacitive scanners are the most commonly used fingerprint scanners. It gathers the fingerprint data using arrays of capacitor circuits. The capacitors track the fingerprint data after it has been connected to conductive plates on scanners surface as they store electrical charge. After a fingers ridge is located over the conductive plates, the stored charge on the capacitor will change, and the air gap will make the charge unchanged. Then to track the variation of the charge, an op-amp integrator circuit is utilized and stored with a process that converts analog signals to digital ones.

Figure 1.6: Capacitive scanner [4].

11 After that, all the digital data can be analyzed and saved to compare it with the stored ﬁngerprints when the authentication process is needed. These kind of scanners has a much stronger level of security since there are not as easy to be fooled as optical scanners.

Ultrasonic scanners: The latest scanner used for fingerprint recognition system is ultrasonic scanners. Le Max Pro introduced this technology that powered by its Sense ID technology which provides better performance when compare it with the capacitive scanners that utilized by many smartphones currently. It records the fingerprints details using both an ultrasonic transmitter and a receiver. It transmits the ultrasonic pulse to the finger, and some of this pulse is transmitted back to the sensor containing the ridges and other details of the fingerprint. This technology is believed to be more secure than any other scanners [3].

1.4.2 Face Recognition

Facial recognition technology is a relatively old technique that has been introduced in the 1960s. The model back then required human involvement while it is fully automated at the present time. The surveillance system has increasingly become a great means to maintain security almost everywhere. It can be found in airports and many streets as well as public areas. The camera is used in such systems provides images for many people and then the facial recognition system is performed. Using an algorithm, the facial recognition system will perform a comparison between the obtained image with images that are already stored in the database. It identiﬁes people by measuring some facial characteristics such

12 as the width of their nose and the distance between their eyes. The new facial recognition systems are using 3D images that improve the identiﬁcation process as it collects information about the bone structure and the curves around the eyes. However, there are some limitations in facial recognition systems such processes like light variations and images angles and facial expressions [24].

Figure 1.7: Screen-shot captured from facial recognition program Aurora [5].

1.4.3 Iris Recognition

Iris recognition is the most accurate and reliable biometric technologies [25]. The iris texture varies from a person to another. A ﬁlter is utilized to produce what known as iris code which is a representation of the iris texture. This process involves some steps to generate the iris code. In the beginning, a persons’ eye is photographed, and the digital image is sent to the image processing software to isolate the iris by circling both the inner and the outer part of the iris separately.

13 Polar coordinates are added to the picture to deﬁne the main feature of the iris that has to be analyzed. Then the pattern of both dark and light areas of the iris are transformed into a digital form. It uses a ﬁlter to convert what considered light areas, depending on the software, or else to be converted to zeros. After applying some mathematical equations, the iris code is generated and stored in a database for later authentication process [6].

Figure 1.8: Example of an iris pattern [6].

1.5 Multimodal Biometrics Systems

1.5.1 Background

In todays world, it is almost unachievable to be entirely electronically secured. As the consumption of the internet and digital data increases, the risk of losing conﬁdential information also increases and therefore it is essential to create a secure

14 environment. As we move along from the past and as time ﬂows, the methods of authentication and authorization have become more advanced and therefore at the end, the uniqueness of the user can only be recognized by their inner self, that is their biometrics. Biometrics are nothing but the unique features and characteristics that compose a human being [22]. Thus, the use of biometrics within the security is always secure until attackers have found the way even to spoof the biometrics.

Nowadays, it is possible to forge a fingerprint, facial and voice authentication techniques out of which, the most used biometrics technique i.e. the fingerprint authentication is being used currently by more than 48% of the banks [9]. This is a huge weakness since hacking a fingerprint of a person can have access to all his assets, belongings and most importantly money. Currently, it is hard to identify someone in the virtual world as there are so many fake identities floating around the deep web that it is almost impossible to recognize someone virtually. Other than the virtual world, immigration services require a person to verify their identity, and because of that, the key factors are valid passport and visa. These documents can also be forged and thus, unwanted and illegal immigrants enter the country. This urges the need to create a more efficient, secure and advanced biometric system that can be almost impossible to spoof. A single unimodal biometric system is in use in various commercial as well as government systems, but it is not secure to use the unimodal biometric system as it can be spoofed more easily than multimodal biometrics.

15 1.5.2 Assessment

Certain biometrics are used more often nowadays than before, they are more secure than password or pin authentication [26]. Most used biometric systems these days that are currently commercially available and been used everywhere are unimodal which relies on the information from a single source for authentication [7]. If we rely on just one biometric system, then the success of authentication relies mostly on the single point of source, i.e. the single input the user provides. If that data is ﬂawed or is uncertain, then the whole system fails. Below, I will highlight the drawbacks of unimodal biometric systems:

• Spoofing: The most obvious problem with the unimodal recognition biometric systems is that it is vulnerable to variety of problems such as spoofing attacks [27]. It is clearly evident that fingerprints are the most common biometric method used worldwide, but it is also a fact that fingerprints can easily be reproduced and the scanner can be easily manipulated. Not only with fingerprints, but facial recognition can also be spoofed using a picture or a video. Iris systems can also be forged using the photo or video, and voice recognition can also be forged too.

• Uncertainty of Data: We can relate this problem with the noise in data. For example, if facial recognition system is used and all the user images were captured in perfect lighting conditions and if the user wants to access during night, then the system would not recognize the face and the user wont be able to get access. Also, if a person has a temporary scar on his ﬁnger and

16 his bank requires a ﬁngerprint, then he wont be able to prove his identity if the bank only relies on ﬁngerprint recognition system.

• Non-Universality: This problem occurs when different types of authentication systems are used, and none of them are universal [7]. For example, for fingerprint recognition systems, there are three types of scanners: Optical, Capacitive, and Ultrasonic. This is a serious problem with facial recognition systems that when users have different types of cameras and if the image captured is in low resolution, it cannot recognize the image in higher resolution. Hence standardization is required for facial recognition.

Attackers have found loopholes even in the biometrics and therefore it is time to use more concrete and secure recognition systems that are almost impossible to crack. Nowadays, life is quick, and everyone wants results in seconds. Thus, we need something that is more reliable as well as optimal that gives results in microseconds. This problem can only be solved using multimodal biometric systems. Utilizing two well-secured biometric systems that can collect data both at the same time, can grant the right access in less than a second. I will further elaborate the diﬀerent multimodal biometric techniques that are still being researched but once available, can boost up the security to a higher level.

Systems that are capable of consuming more than one behavioral or physiological traits for authentication are generally referred to as multimodal biometric systems. Multimodal recognition systems can be used for enrolling the

17 data, identifying and verifying the correct match. They are more secure compared to the unimodal biometric recognition systems and are immensely more secure than the traditional. Eventually, high level of accuracy, security and liveness detection are acquired.

1.5.3 Fusion

Integration of several biometric systems in the four major modules can also create a multimodal system. However, the fusion of several biometric techniques at the starting levels of the biometric system is more eﬃcient. The following are several ways to fuse together the modules.

1. Sensor Level Fusion: Several different sensors like iris or facial or fingerprint can be combined to provide a more secured recognition system. Singh et al. [28] anticipated weighted image fusion technique which uses 2V- SVM where the weights of the classifier are assigned based on finding the activity of thermal and visible facial image. Kisku et al. [29] proposed a scheme based on the palm print and face which was sensor level.

2. Feature Level Fusion: This type of fusion is practically severe as the relationship between several features are not recognized, and there are incompatible dimensions between features. P. Xiuqin et al. [30] introduced a system based on face and ear level feature extraction where both features are obtained separately and then combined to produce a single feature vector.

18 Similarly, A. Rattani et al. [31] suggested a multimodal system that uses iris and face and like Xiuqin et al., both of the features are extracted independently and then concatenated to form a combined feature space.

3. Matching Level Fusion: Multiple classiﬁers and databases can be used, thus resulting in a stronger and secured match. S. Jahanbin et al. [32] proposed an interesting multimodal system where the combination of 2D and 3D facial recognition is used to verify identity. E. Donald et al. [33] proposed a multimodal biometric system where the ﬁngerprint and voice modalities are combined, and scores were matched.

4. Decision Level Fusion: At this level, lots of fusion of AND and OR operations are taken place and techniques such as Dempster-Shafer theory of evidence [34], weighted majority rule or majority voting [35] can be used to constitute an eﬃcient decision at the end.

1.5.4 Multimodal Scenarios

There are several ways that multimodal biometric systems can be fused together based on the biometric trait, sensors, units and classiﬁers [7]. These diﬀerent scenarios provide a broad range of usability and can be used according to the necessity.

19 1. Single Trait and Multiple Sensor: In this scenario, different types of sensors capture the same biometric characteristic. It eliminates the un- universality drawback of the unimodal recognition systems. All the types of sensors capture the same raw data, but the unique part is that all the sensors capture data according to their hardware. The database is then populated with all the possibilities from different sensors, and then if the user travels somewhere where a very low-level device is used, they can be authenticated by the recognition system. Kumar et al. [36] suggested a multimodal recognition system where hand- based verification is used which captures the palm-prints with the geometric features of the hand and matches the score. Chang et al. [37] proposes a system where both 2D and 3D images of the face are obtained and combined to get more accurate facial recognition system.

2. Single Trait and Multiple Classifier: In this scenario, only a single sensor is used to capture a single biometric trait, then the raw data is passed to several different classifiers, and these classifiers either work on the same feature set that they extracted or they generate their feature set. Jain et al. [38] anticipated a system where three different fingerprints are taken as raw data, and then the logistic function is used to match the scores that are obtained as a result. Lu et al. [39] created a system where the camera takes a picture of a person, and then three different feature set from the face were extracted, and the output was integrated for equivalent classifiers. Marcialis et al. [40] proposed a multimodal biometric system which captures several

20 ﬁngerprints at the beginning then the data is sent to several classiﬁers and the scores are matched.

3. Single Trait and Multiple Units: In this scenario, multiple features of the same trait are combined to form a more secure veriﬁcation method. This scenario is inexpensive as it does not use multiple sensors. In addition, it does not integrate any additional feature extraction or matching module technique. However, it is limited to only two ﬁngerprints or two iris.

4. Multiple Trait: In this scenario, various characteristics and traits of an individual are extracted using several sensors. The features that are extracted are never combined or fused together. Therefore it is ensured that due to this separation, the error rate would be low and the system wont be relying on one trait, and the eﬃciency will increase. Bigun et al. [41] proposed a multimodal recognition system where the speech and facial data were obtained, and then results were analyzed using Bayesian statistics. Hong et al. [42] proposed a system where the facial and ﬁngerprint traits were integrated which matches the individual correlation and then give results based on the highest match. BioID [43] is a commercial product that uses voice, facial features, lip movements to verify user identity.

1.5.5 Adaptive and Non-Adaptive Fusion

• Adaptive Fusion:

21 Figure 1.9: Multimodal Biometric Scenarios [7].

Fusion classifiers can be classified in two ways: Adaptive and Non-Adaptive. Adaptive fusion attempts to change the weight associated with modality as a function of the signal quality measured on modality. The general idea is to provide more weights to modality with higher quality. For example, when a user had successfully established their identity using their face and fingerprints and they want to verify their identity, and it is completely dark at that time. Thus the adaptive fusion would consider fingerprints rather

22 than equally considering ﬁngerprint and face, and therefore the user can successfully grant access. That is why it is called adaptive since it adapts according to the situation.

Figure 1.10: Adaptive Fusion VS Non-Adaptive Fusion [8].

• Non-Adaptive Fusion:

A non-adaptive fusion gives equal consideration to its modalities and thus wont let our user (from scenario described above) access if it is complete dark

23 as it requires both facial and fingerprint to grant access. Non-adaptive fusion works in a more simplistic way than the adaptive and does not change or vary according to the situation. It is a rigid system and is hard when enough input is not provided or if the data is flawed, even though when the right person is trying to authenticate, it will still not grant you access. If it is for everyday use, adaptive fusion is an excellent choice but if data is confidential and valuable or the place is highly secured, non-adaptive is preferable.

1.5.6 Unattended and Attended Biometrics Systems

This classiﬁcation of biometric systems is based on the biometric device during operation, whether it will be observed and guided by system management or not. Non-adaptive systems will require a supervised operation, while adaptive systems may or may not. However, nearly all the systems require supervision during the enrollment process. Both attended, and unattended biometric systems are vulnerable to diﬀerent kinds of attacks such as circumvention, collusion, and denial of service. However, it is commonly admitted that an attended biometric system does not need any liveness detection because the supervisor is expected to check that a real person is present and the real person is presenting his biometrics without any dummy biometric traits. Unattended biometrics have liveness detection mechanisms at various levels by using extra features such as movement, heat production, and blood circulation.

24 1.5.7 Summary

Unimodal biometric systems are less efficient, and the multimodal biometric system is the future for recognition systems. Also different scenarios of the multimodal biometric system could be useful for several conditions and needs which are not possible in the unimodal biometric system. However, adaptive fusion is not useful when you must deal with national security, nuclear security or similar matters or places. It is essential to utilize a robust and more rigid system that does not break according to the situation, and this is where Non-Adaptive fusion takes place. Non- Adaptive is more secure and more efficient when dealing with a more confidential situation. Nevertheless, to fully implement the multimodal biometric system, it would still take some time, but that is one efficient solution. To conclude, there is no perfect system. It is a combination of systems that makes it more useful and every system performs differently and have their advantages and disadvantages. Rather than comparing it generally, it is important to compare it according to the organization needs, and in my opinion, multimodal biometric recognition systems are really more advanced and efficient. In some situation where there is no high need for it, the unimodal biometric recognition system is an option.

25 Chapter 2

Biometrics Utilization

2.1 Overview

Biometric authentication methods have become very common in our daily life. We ﬁnd the usage of biometrics in the range of applications like physical access control, logical/PC/network access control, law enforcement, forensics, national passports, government identity management systems, air travel, border crossing/immigration, commercial identity management, time and attendance management and point of service. With the advent of all these applications, there is an increased interest and development of more convenient and secure authentication and authorization for online services.

Biometrics are widely being used in commercial and government applications. Biometrics are signiﬁcantly diﬀerent from traditional passwords and access tokens which are dynamic in nature, as they can be changed. Due to the permanent nature of biometrics, there are several challenges to be addressed with respect to

26 the security of biometric template data and privacy of the individual. Due to the multitude of users and applications that use biometrics for access control and authentication.

2.2 Usage in Commerce

Companies are working hard trying to simplify the online shopping experience and to facilitate security checks at the checkout process. However, some of these techniques that are used to provide a simple checkout have complicated the user experience. Many online shopping companies have lost millions during the checking out process due to the extreme identity check. In 2012, around 18 percent of UK online buyers did not complete their online transactions due to excessive payment security checks [44]. Also, a study shows that in 2015 around 15 percent of all cardholders suﬀered from having their payments declined because the online payment systems suspected fraud. These declined online purchases led to a total loss of $118 billion for companies as the ﬁnancial institutions assumed that these were fraudulent transactions [45].

One proposed system that might overcome this problem is the Identity Check application, a new platform, which has been introduced by MasterCard. This platform not only gives the user the option of choosing biometrics to confirm their identity, but it also enables them to pay using a selfie instead of fingerprints. It is an application that has been applied only for online e-commerce [46]. MasterCard conducted a pilot study in 2015 in the Netherlands, and the U.S.

27 which shows that 92 percent of participants preferred to use the Identity Check application rather than a password as an authentication method. Beyond that, 83 percent believed it provided more security [46].

Smartphone industries are benefiting from biometrics since Apple released iPhone 5S in 2013, followed by the Samsung smartphone S5 that was introduced in 2014. Many applications have used such a feature to authenticate users when performing certain functions. Apple has certified many applications to use Touch ID when making payments; a good example of this is the Amazon app on the iPhone. It allows users to make payments using their fingerprints stored on Apple devices without bothering to check if the user is genuine or not as it depends on the Apple device to confirm the user validity [47]. The usage of Touch ID on iOS varies from one application to another. Dropbox is using it to allow users to unlock their accounts, whereas LastPass uses it to protect stored passwords from unauthorized access allowing only the authorized account owner to access them.

There is no doubt that the global commerce activities have grown rapidly over the past few decades. As our life becomes connected with increasing exchange of goods and services, so it becomes essential that the data generated through this connectivity be stored securely and authentication and authorization processes permitting to access this data be robust and fool-proof. The biometrics have been adopted across various industries for multiple applications like physical/logical access control, identity management, time and attendance management and point of service systems. The current drive in organizations and internet service providers focus on standardizing multi-factor authentication. Popular mobile

28 phone manufacturers have embedded ﬁngerprint sensors and front camera in the hardware to detect ﬁngerprint and face biometrics to address the concerns of authentication and security. Gartner research study which was conducted in February 2014 predicted that 30% of the organizations would use biometric authentication on mobile devices by 2016, compared with 5% in early 2014 [48].

There is a monumental shift in technology and how it is being applied to everyday life. Several ﬁnancial institutions acknowledged to include biometrics in their technology base to support authentication and authorization operations and for having a high degree of fool-proof security at endpoints like ATMs and POS. Many organizations have incorporated ﬁngerprint or facial recognition based systems for the attendance and time log maintenance system for its employees rather than using traditional manual logs or RFID cards.

2.2.1 Most Used Biometrics

Biometrics in general are known as the features and characteristics that constitute human body [22]. Certain biometric traits are being used in banking and commerce fields and the usage of them are varied from one to the other. Banks and enterprises are using fingerprints specifically more than other traits for authentication purposes. The main reason is that it shows a quick result, user- friendly, provides ease of use and an excellent level of security. Nonetheless, clients that use smartphones when performing their online banking are vulnerable to get hacked when allowing a family member or a friend to store their fingerprints since

29 the smartphones give them the ability to store fingerprints for multiple fingers. Furthermore, some clients think that fingerprints cannot be duplicated where it is potential to generate a spoof fingerprint. Spoofing biometrics are widely used to counterfeit the genuine traits. Fingerprints can be spoofed as a latent representation utilized when authentication is required [9]. The following are some of the characteristics of each of the most used biometrics traits in banking and commerce:

• Fingerprint Recognition: Fingerprint authentication requires that users have to enroll their ﬁngerprint to the system initially prior the request for authentication then the system will decide if it is a match or not, depending on the preset matching score, by comparing it with the database [22]. It is a convenient biometric that explain why it has been widely utilized more than others especially by smartphone industries that [49].

• Face Recognition: It is an identiﬁcation approach that uses facial patterns and compare it with the database that has faces patterns associated with the people’s name. Smartphone vendors are using this kind of biometric as it requires a camera that already exists in smartphone without the need to equip it with another sensor like ﬁngerprints recognition system [49].

Facial recognition system is widely utilized as it does not require a direct contact between the clients and sensor. Users can take a picture of their face prior authentication and blink while recording their image to ensure that the acquired photo is live and is not someone trying to access the system with

30 a photo. It also easy to implement as it requires a camera in the end user platform to capture the image. However, the biggest problem with facial recognition system is that it is not unique enough like other biometrics. The system sometimes cannot diﬀerentiate between twins and may grant access to the wrong one. Moreover, some factors may interfere with the facial recognition process, for instance, smiles and wrinkles on the face [50].

A new emerging trend is the 3D recognition where the face is captured in 3D instead of 2D thus eliminating the spooﬁng through a picture attack. Skin texture analysis is another advanced technique where facial patterns, unique spots and lines are converted into mathematical space and then compared while verifying. This method have increased the overall performance to 20 to 25%. Thermal cameras is another technique that captures the shape of the head of a person using thermal cameras and ignores unnecessary features like glasses, hat, or even makeup but this technique is not that much eﬃcient due to its limitation to ignore the facial features.

• Iris Recognition It captures the human eye and extract features from the iris and pupil. Iris structure is unique among people which makes it efficient to identify people even between twins [22]. Iris recognition system is known as one of the most accurate biometric traits [25]. Each human eye has unique characteristics that do not match with one another. It does not require a direct contact to the device like fingerprints recognition systems. Any wearable accessories will not affect the accuracy of the system as it does

31 not change any features of the user’s eye. However, implementation of such a technology is more expensive than others like ﬁngerprint, voice or facial recognition systems [50].

Currently, some banks are utilizing iris recognition system for their ATMs. Also, the deployment of such system varies from a bank to another. Some banks require a magnetic card to be presented while performing the transactions while others require pre-steps to be taken using the customer mobile banking to be able to cash the money when they arrive at the ATM after the system scan their iris for veriﬁcation purposes [51].

• Voice Recognition: As the name suggests, the authentication is carried out using the voice and is matched against the voice sample of the users. It works by providing a voice sample of the user that have the desire to authenticate then the system compares it with the stored samples provided by the users that they registered for this technology. Verification and identification both are carried out by voice recognition: Verification means when a user claims to be someone and their voice is used to verify whether it is the same user or not while identification means determining an unknown person identity.

Voice recognition system implementation is cost eﬃcient. In most cases, it requires in most cases a microphone or a telephone. Another advantage of voice recognition system over ﬁngerprints and iris is that clients can authenticate remotely. However, this type of recognition system can be

32 aﬀected by the age variation of the user and the health status of the user [50].

• Finger Vein: Vein Recognition is an authentication system which recognizes the patterns from human finger vein beneath the skin surface. Near infrared light camera takes a picture of the placed finger or palm that shows the veins in the picture. The structure of the veins creates a unique identifier for a person. Finger vein recognition systems utilize near-infrared light that capture veins shapes inside user hand or finger, then the camera stores these patterns and associates it with certain user [50].

Similar to other authentication system, the sample of the user is taken and is sent to compare it to the database and which takes less than two seconds. As the blood vessels are unique to everyone, the patterns inside everyone blood vessels is diﬀerent too. Therefore, this is a fast, reliable and a concrete security authentication system. One of the advantages is that not only it is exceedingly arduous to counterfeit ﬁngers or hand veins, but it is noninvasive to clients. That highlights the importance of the veins recognition systems which can be the most promising biometrics technology in the future [52].

2.2.2 Usage in Online Banking

The usage of traditional authentication methods, passwords, for example, is expected to decrease sharply. A report by the New York Times shows that some American ﬁnancial institutions are adopting biometrics technology as an

33 Figure 2.1: Proportion of used biometric technologies in the worlds banks [9]. authentication means since the traditional methods are not secure enough [53] and below are some examples of banks’ biometrics technologies deployment.

• A large number of clients that use popular banks in the US like Bank of America, Wells Fargo and JPMorgan have already been using ﬁngerprints in addition to passwords when conducting their online banking transactions. This procedure introduced several months ago, allows customers to authenticate their identity using biometrics rather than with the traditional methods of authenticating. Bank oﬃcials believe that the number of users who decide to use the new features will increase rapidly, which will facilitate

34 the use of online banking for clients in the near future [53].

• Wells Fargo Bank is oﬀering clients the option of authenticating when using the online bank application by scanning their iris after they provide a picture of their eyes using a smartphone camera. In addition, Citigroup now uses voice recognition technology to authenticate more than 800,000 of credit card clients. Moreover, USAA, one of the largest insurance and banking ﬁrms in the country for military members, can verify their customers using facial shapes [53].

• HSBC has introduced voice recognition technology for its online banking service stating that this is the largest implementation of biometric technology in the UK. It is also allowing their 15 million customers to take advantage of the use of such a technology combined with the use of fingerprint recognition systems for identification verification. Angela Sasse, Director of the UK Research Institute in Science of Cyber Security, said that biometrics is a secure replacement for passwords. She told that consumers show sign of being ready to switch to biometrics because of the convenience and extra security. [54].

2.2.3 Usage in Automated Teller Machine (ATM)

Concerns regarding banking are growing due to unauthorized access. Such use of ATMs is one example of the fraud transactions that banks experience. One of the

35 solutions that can counter this problem is biometrics. With biometrics, the need to remember the PIN number or to hold the physical card is not essential as clients can authenticate using biometrics. Many banks and ﬁnancial institutes around the globe have already deployed this feature not only to provide customers secure and great banking experience but also to lessen the frauds from ATM banking transactions.

Figure 2.2: A lady is getting her iris scanned by the ATM to withdraw her monthly cash allowance. [10].

Applying biometrics for ATMs is widespread nowadays. According to Hosseini and Mohammadi, around 45 percent of banks worldwide use biometrics in their ATMs when verifying a client [9]. ATMs that use biometric for authenticating purposes have gained clients satisfaction. Barclays Bank, the leading British bank, is adopting this emerging technology and is eager to use it in its ATMs as it has gained customers trust in the U.K. Some people would think it is more applicable, or that it is easier to apply in developed countries. However, many other nations

36 like Brazil, Kenya, Jordan and Nigeria which considered as developing countries are adopting this kind of ATM. Also, India and China are among the countries who use such a technology in their ATMs systems [55].

2.2.4 Summary

The advantages of utilizing biometrics improve many aspects of our life such as security and ease of use that is it is a technology which diﬀers from a person to another and can uniquely identify individuals. More ﬁnancial institutions and businesses are progressively using these techniques to conserve their sensitive data in addition to providing a convenience way to their clients to go through a reliable and accurate authentication methods and hence increase overall security.

Utilizing biometrics in banks as an authentication method reduce cost, time as well as efforts for both users and banks. For example, clients can use their biometrics when withdrawing cash from ATMs even without the presence of the ATM cards. In this case users can authentication without bothering to go the bank and issue a new card, banks also will reduce cost by not having to issue a replacement ATM card. Biometrics offers enormous benefits for the businesses as well since it reduces fraud. It gains both businesses and consumers since it provides a high level of security. However, users privacy can be jeopardized by the misuse of biometrics. More laws should be placed to regulate and control the use of biometrics ethically and practically. The main reason is that some companies sell the biometrics database

37 that belongs to their customers to other businesses to target people based on their shopping behavior.

2.3 Usage in Government

The goal of using biometrics in government systems is to identify each individual of the nation uniquely. As only biometrics can provide negative identiﬁcation capability, it can be used for searching multiple enrollments and prevent falsiﬁcation. This process is known as de-duplication where one to many checks will be performed. According to the statistics released by the International Civil Aviation Organization (ICAO) in 2012, the governments of nearly 100 countries have already issued e-passports to its citizens. The e-passport is also known as a biometric passport because it contains the biometric information related to the passenger.

The role of biometrics applicable for government use has to do with applications involving law enforcement, forensics, unique identiﬁcation of individuals for the purpose of issuing passports, sanctioning beneﬁts, and management. The biometrics systems used for such government applications have high threshold and sensitivity. Especially for Airport or Border crossing scenarios, there is a watch list which checks the match scores and spots the illegal subjects from crossing. After 9/11 attack, the federal government focused on the research, development, testing and evaluation in the area of biometrics modalities involving face and iris [56]. These activities were funded and coordinated by multiple agencies, and the also the

38 National Institute of Standards Technology (NIST) has improved the evaluation standards. In the year 2009, India began its AADHAAR project which is mainly focused on bringing identity as a platform. The identity of the person is determined by collecting the background information and biometric features like face, fingerprints and iris data. According to the statistics claimed by Unique Identification Authority of India, the number of users enrolled in the system has crossed 1.05 billion and is still counting [57]. This kind of identity management system enforced by the government helps to link existing identities like passport, driving license and income tax number within Aadhaar and also be linked across multiple platforms and services. The United Nation High Commissioner for Refugees (UNHCR) has set out for fingerprint and iris enrollment of refugees [58]. The government hospitals of Nepal have also adopted biometrics into their system [59]. In September 2015, the Saudi Communications and Information Technology Commission (CITC) has made it mandatory, after the Ministry of Interior requested, for SIM cards operators in the country to register prepaid and postpaid mobile SIM card users by June 2016 without exception for regulation and to end people utilizing mobile phones for purposes that threaten national security [60]. The usage of biometrics in the government sector has helped solve many forensic cases and also stopped illegal immigrants from crossing borders, thus protecting the nation. The usage of Biometrics in daily life at airports, organizations and by individuals saves a lot of time and is very effective.

39 2.4 E-Government Models with Commercial

Applications

Modern day biometrics are economically feasible, eﬃcient and biometrics are being adopted by government organizations and commercial enterprises. The governments all around the world are digitizing the records of its citizens for law enforcement and identity management. This section illustrates the use of biometrics in government applications and commercial applications. The government also work in coordination with commercial companies, and they have formed alliances for interoperable authentication.

To explain the role of biometrics for government applications consider the following examples. The ﬁrst example is border management application in the United Arab Emirates used to protect against re-entry of expellees and people on the watch list. The problem with the existing systems is the duplication and forgery of passports. The UAE government has installed an iris deportation tracking system for this application. They use a centralized framework approach for this application which makes it easy and eﬃcient. The iris templates stored in the system are encrypted using Triple Data Encryption Standards (Triple DES) with a 192-bit key. This system is designed to have high fault tolerance levels and is robust regarding performance and scalability [61] [22]. The other example is the application of biometrics to the Registered Traveler Program in the United States with a focus on interoperability standards approach. The Department of Homeland Security (DHS) of the US government, leads this program. The Registered Traveler Program is airport traveler assistance for passengers at the security checkpoint.

40 The main application of this program is to perform identity veriﬁcation [62] [22].

The last example of biometrics role in the government is India AADAHAR project. Aadhaar is a unique identity issued to an Indian resident based on their biometric and demographic data. These days it has become essential that the citizens link their Aadhaar with bank accounts, social security, and mobile phones. This initiative is taken in the interest to prevent multiple enrollments and also manage the identity of individuals [57].

There is a large amount of biometric application in the private and commercial sector. For example, Disney World in uses biometrics based on ﬁngerprints to manage the guests and link their identity with their tickets. They do not want to let others reuse the same ticket or membership card and gain access. They use a ﬁngerprint-based biometric system which is designed more for civilian application and hence has a lower threshold. Most of the banks have also adopted biometrics in their ATMs along with traditional authentication to boost security and manage identity.

Various governments are working together with companies to link the identities of people, and they are making a new set of standards for identity management, to prevent fraud and ensure the security of the citizens. Governments and companies have formed agreements and came up with FIDO. This ecosystem provides better security for online services at low cost in a straightforward and safe way. The governments also provide security to its citizens in case of identity fraud for example in the United States; Federal Trade Commission is responsible for protecting the

41 consumers.

2.5 Social Impact

Biometrics has made a profound impact and has proliferated in the society. The usage of biometrics has extended from initial government use to civil and commercial applications. There have been studies conducted to perceive and understand users concerns about the biometric technology. Studies conducted to investigate attitude of users across diﬀerent cultures towards biometrics were based on mixed opinions.

In a study carried out by Chris et. al. [63], cross-cultural differences were seen, data from countries like India and the United Kingdom were compared, and it was found that Indian responded positively about biometrics and respondents from the UK had a least positive opinion. The social impacts of biometrics usage are more contextual and specific to demographics. The success of a biometric system depends on choosing the correct biometric modality. Factors such as specifications, acceptability, and effectiveness are to be considered for deploying biometric systems across different regions. People mostly prefer non-contact based biometrics rather than contact based biometrics due to hygiene factor.

As we know about the shocking news about wrongful arrests (for example, Shirley McKie case) that happened in the past because of biometric failure and misidentiﬁcation [64]. There have been reports of crime where the ﬁnger of the car

42 owner was cut to steal the tough ignition with ﬁngerprint-based cars [65]. There were many incidents and reports in the past about how cosmetic surgery and contact lenses were used to spoof the security system and cross the borders. People have lost trust on biometrics then. Due to the latest trends in biometrics research and development, and the advanced standards we can say that trust has been regained back. The biometric systems deployed these days also check for liveliness and cannot be spoofed easily. Trust is a value which cannot be quantized. People have to trust the biometric system, and the biometric system should be secure, protected and usable. There are active research ongoing in this area to address the challenges of spooﬁng the system, privacy and security concerns of biometrics [66].

2.6 User Experience

Biometrics is in itself is a vast area, and it has different models for biometrics recognition based on face, fingerprints, iris, finger vein and other biometric traits. When a user provides their password, the user gains access to the system. If a malicious attacker gains access to password by any means and claims the false identity, the consequences are problematic. Hence, biometrics is rewarding in such cases as it helps in authentication process. However, the usage of biometrics should not annoy the user, and it should make the process more convenient. Iris recognition is considered to be better and more usable than retina based recognition as it is a non-contact mode of authentication and the user has to spend less time. In addition, Retina recognition system requires being near the eye, as is processed by looking through a magnifying lens. Likewise, an infrared light is shot in the

43 eye, so it is obtrusive and irritating to be completed all the time [67]. Below given are more examples which elaborate about the user experience of biometrics.

When considering the action of smartphone unlock screen, there are two ways of authentication. One is based on the traditional password/PIN method, and the other relies on ﬁngerprint, face or iris recognition. A study showed that ﬁngerprint-based authentication is better and is further adopted than the traditional PIN/password-based method [68]. It can be said that biometrics are more usable compared to the traditional authentication methods. In traditional methods, the user has to go through a tedious process of remembering passwords and entering them every time. Due to the small form of the keyboard on the smartphones, there are typos sometimes, and the user must enter the passwords multiple numbers of times to gain access. This example shows that traditional methods of authentication, add burden to the user and adoption of biometrics makes it more user-friendly. Nevertheless, the user can change his/her pin or password, but their biometrics identity cannot be altered.

Another example of biometrics usability for commercial application is the study that has been performed on the ATM interface by Coventry and her colleagues [69]. For this application on the commercial side, the user needs to get enrolled first, and the biometric templates are captured and stored in the database. Whenever the user wants to gain access, their biometric is verified from the template stored in the database and based on the match score generated by the matcher; authentication is granted. The authors have performed consumer-driven research on usability and user acceptance of biometric verification techniques on

44 automated teller machines (ATM). They have adopted diﬀerent quantitative and qualitative approaches for evaluation. They got promising results as they observed an increase in user acceptance for biometrics adoption compared to last decade. Moreover, when biometrics technology is used in public places, it is recommended that they implement a non-contact form of biometrics like iris technology. Using contact based biometrics like ﬁngerprints may add contamination and therefore is considered to be an unhygienic method. On the other hand, social acceptance is also important along with the usability of biometrics.

While implementing biometrics technologies, there are many social dimensions involved which are related to trust and human rights. Prior collecting user’s biometrics, users have to be aware and provided with a consent form that explains what biometric data to be collected and how it is going to be used. Privacy is one of the fundamental right of the user, and biometric surveillance is a major privacy concern. Usability of biometrics also depends on many factors; one such factor is demographics. For example, in Muslim countries, most of the women wear a burqa, and face recognition systems add inconvenience to them. So they rather prefer ﬁngerprint recognition systems or iris recognition systems. Hence when considering the usability of biometrics, also other factors like age, ethnicity, demographics, and legal and ethical concerns should be evaluated.

45 2.7 Summary

In the government applications, people usually tend to spoof and come up with false identities to get beneﬁts from the government schemes and other reasons. It is important to mitigate such false identity claims and to punish such fraudulent claimers. Hence the biometric systems used in the government applications should be more sensitive and secure. The government keeps track of all its citizens, and the number of enrollments would be very high. Hence these systems should also be optimized for faster performance and more eﬃcient recognition by using advanced recognition algorithm, improved sensors, and hardware.

On the other hand, commercial applications like banking require a very high degree of sensitivity and security. Setting higher threshold will have a false reject rate and low false accept rate and setting a low threshold value will have high false accept rate and low false reject rate. For high-security applications, the false accept rate should be minimum, and for the forensics applications, the false accept rate should be maximum. In the general civilian commercial applications can have an equal false accept and false reject rate. For applications like Disney world in Orlando as mentioned in an earlier example, it is okay to have less threshold and sensitivity as it used for a commercial civilian application. Hence in such applications, the threshold can be set to optimal minimum.

We can compare and contrast the biometric systems used for commerce and government based on evaluation factors such as the operational characteristics, type of environment it is used, based on the class of the system (online or oﬄine),

46 type (1:1 or 1:N), fault tolerance levels, scalability, performance, security enforced etc. The systems used by the government are to be more secure and reliable as these systems are designed to be performed against extreme conditions and are highly tested and proved.

47 Chapter 3

Biometrics Vulnerabilities and Countermeasures

3.1 Spooﬁng Attacks

The utilizing of biometrics verification methods levels up security and accuracy when comparing it with the traditional methods of authentication, for example, passwords. Biometrics can differentiate between genuine and impostor users that try to gain access to the system using the right credentials. Also, biometrics does not obligate the users to remember passwords or present a proof of identity since it represents the human both biological and behavioral characteristics [22]. Nevertheless, despite all the features of utilizing biometrics technology, still, biometrics has its downsides. For instance, lack of secrecy since the fingerprints can be collected without the user knowledge and face picture can be acquired easily. Different from traditional authentication methods where it is easy to get replaced, it is impossible for biometrics where a fake user can duplicate the original

48 biometric and use it as a genuine user [70].

Spoofing attacks mean stealing or replicating the biometrics features to be able to grant unauthorized access to the biometrics system. Spoofing attack does not require knowing the information about the targeted system like how is the system function regarding feature extraction and matching algorithm. Also, the digital techniques that are used to mitigate this kind of problems such as hashing or encryption are not helpful due to the way that spoofing works. Hence, these reasons make it very possible to occur more than other types of attacks against biometric systems.

3.1.1 Overview

In the authentication process, when receiving biometric data and acquiring the ﬁnal result, there are some points where attacks may occur that can grant access to unauthorized users to the biometrics system that eventually jeopardizes the overall security. Ratha and his colleague [11] have introduced a diagram that identiﬁed eight possible locations of attacks for biometric systems, shown in 3.1:

1. In this kind of attack, a fake biometric trait can be oﬀered such as a fake ﬁnger to the biometric scanner or sensor to circumvent the biometric system.

2. It is a type of attack on the channel between the sensor and the feature extractor to intercept data and resubmit it to the system.

3. It is a type of attack on the feature extractor where a Trojan horse can alter feature extractor.

49 Figure 3.1: Possible attack points in a generic biometrics-based system [11].

4. It is a type of attack on the channel between the feature extractor and the matcher. The attacker may steal the data of a legitimate user and resend them to the matcher module later as a genuine user.

5. The attack on matcher model to replace it with a Trojan horse to produce a high matching score to bypass the authentication phase.

6. The attack on the system database to alter, modify or add pre-stored templates that compromise the database and hence grant unauthorized access.

7. It is a kind of attack on the channel between the system database and the matcher model to intercept and steal the data.

8. It is a type of attack on the channel between the matcher model and the application to alter the data [11].

50 3.1.2 Spooﬁng Attacks

• Fingerprint Spoofing: Some studies highlight how spoofed fingerprints can bypass biometrics recognition systems. T. Putte and J. Keuning conducted a study to examine the vulnerability of six biometric recognition system sensors for fingerprints against duplicate fingerprints that has been created using plasticine and silicon. The study shows that five of the tested sensors granted unauthorized access to the fingerprint system using fake fingerprints from the first time and the six one allowed it at the second attempt [71].

Another report [72] conducted experiments that are similar to the previous study above and stated that duplicate fingerprints that are made of gelatin are showing better results regarding granting unauthorized access. The authors of this report tested eleven fingerprints recognition systems sensors where some of the fingerprints that have been duplicated from a latent fingerprint, unintentionally remained fingerprint on some surface, and be able to show more than 60 percent as a success rate [72].

In 2013, German club called Chaos Computer Club claim that it has hacked the new iPhone 5S by Apple using the attached fingerprint sensor just days after Apple has released it. The group made it clear that it did not acquire the fingerprint from the representation of the iPhone 5S itself but alternatively they depended on obtaining a high quality of the fingerprint through a different approach to grant access to the new iPhone. Specifically, the club stated that the team could create a duplicate fingerprint from a collected

51 fingerprint after it has been photographed from a glass surface and put on a thin film and used it to unlock the new iPhone 5S [73]. In February 2016, Anil Jain and Kai Cao at Michigan State University have found a cheaper and faster way to access mobile phones protected by fingerprint sensors using a normal inkjet printer, conductive silver ink, and a photo paper that made by AgIC along with a Brother printer. The tested phones were a Samsung Galaxy S6, Huawei Honor 7, iPhone 5s, and Meizu MX4 Pro. They succeeded to unlock two of them, Samsung, and Huawei but not the Apple and Meizu ones. The authors stated in their conclusion. This experiment further confirms the urgent need for anti- spoofing techniques for fingerprint recognition systems [72], especially for mobile devices which are being increasingly used for unlocking the phone and or payment [74].

• Fingerprint Anti-Spooﬁng Methods:

Software-based and hardware-based solution is offered by many researches and companies. For instance, a study by DeCann, Tan and Schuckers proposed a new methodology for liveness detection by region labeling of the captured fingerprints. It detects the liveness by the perspiration characteristics that categorizes live and spoof fingerprints images. Another approach by the same group that detects the liveness analyzes the valley noise on the fake finger. The result for that proposed method shows 90.9 percent efficiency for the capacitive and optical scanners. Both approaches

52 are software-based methods [12] [75].

Figure 3.2: Example of live and non-live fingerprints captured by capacitive DC scanner. (a) Live finger; (b) spoof finger made from Play-Doh; (c) spoof finger made from gelatin; (d) cadaver finger. [12]

Also R. Derakhshani et al. [76] used perspiration pattern on the fingertip on their method to detect the fingerprint liveness. This method is robust in some cases like when the fingertip is too dry or wet and other skin problems. Another study by A. Antonelli et al. [77] introduced a methodology that analyzes the finger skin distortion. They captured fingerprints at high frame rate (at least 20 fps). Then they calculate the DistortionCode by tracing the location of each block. This study examines three regions of the fingerprint: Inner, outer, and middle region of the finger. The inner region is placed on the sensor surface as the pressure stops any deformation, the outer region is light, and the skin moves with the finger and the middle region is where the skin stretches. In the acquisition process, the user is required to rotate their finger when removing their finger then it is used to detect finger liveness.

53 This method shows a successful rate of 90 percent of detecting fake fingers. However, this method requires special fingerprint device to capture, and it takes more time due to the tracing of the location of each block location for all frames. Y. Zhang et al. [78] proposed a new approach based on thin-plate spline distortion model. They use the fact that the elasticity of human skin is captured precisely when placed over the sensor surface as it is hard to mimic a live finger.

In the hardware-based solution, there are many solutions provided by researchers and IT companies that helps in liveness detection process. Baldiserra et al. [79] developed a method for liveness detection finger odor. This method utilizes a chemical sensor (electronic nose) to differentiate between real skin smell from artificial ones such as silicon and latex. The proposed methods showed significant results on detecting silicon artificial fingerprints. However, it still did not detect fingerprints made of other ingredients like gelatin. M2SYS Technology introduced a biometric finger scanner named M2-FuseID that differentiate between a real live fingerprint and a forged one. The company attached an additional finger vein sensor along the fingerprint scanner. It measures the liveness of the finger as it recognizes the live blood flow which determines if the fingerprint is a live or not [80].

In addition, Qualcomm developed Snapdragon 3D ﬁngerprint scanner that uses ultrasonic sound waves to directly enter the ﬁnger skin and capture the

54 three-dimensional details of the fingertip and detect liveness of the finger that placed on the scanner surface. This technology is claimed to be impossible to imitate and is more flexible since it can work even when the finger is too wet or dry [81].

• Facial Spoofing: Biometric traits data can be obtained easily for many reasons. First, individual’s photos usually are public through the Internet, thus available for anyone to view and store or even captured using the built-in camera without the user knowledge. Another reason is that the biometric traits data can be accessed when a hacker succeeds to access the data and gets control of it. For these reasons, it is considered as the cheapest spoofing means [82]. Some of the current facial recognition systems that some banks are utilizing these days can be spoofed by simply using a high-quality picture or video that contains eye blinking according to a report by Dan Moren [83]. He shot a video of himself with eye blinking to bypass the authentication process as the application requires the user to blink during the authentication phase. Then he presented the clip to the camera during logging in. Remarkably he was able to log into his bank account system successfully. He suggested that facial recognition system should be used with another biometric trait as two-factor authentication methods, like fingerprints or voice recognition systems for banks to ensure a high level of security since personal photo and video can be easily obtained on the internet.

55 • Facial Anti-Spooﬁng Methods:

Facial recognition systems are famous among biometric traits that vulnerable for attacks and can be spoofed by three means: Photograph, Video, and 3D model of the legitimate user [84]. It is not difficult for the human eye to recognize these kinds of methods when the attackers use one of these methods but that is not the case with recognition system. For this reason, scientists have proposed some anti-spoofing techniques to counter such problem and make this biometric presentation robust enough against vulnerable attacks. Images captured from live faces are similar to the spoofed ones and that what makes it hard to detect spoofing when authenticating using 2D or video. It is also difficult for a human to detect such spoof unless certain cues are noticed such as the motion variations on the video sequence presented to the camera. Komulainen et al. [13] gathered background information to detect if the user that presents a real face or not by examining the spoofing surroundings. For example, the photograph edge or the video screen frame or if the hands of the attacker are presented in the captured image. Also, they believe that counterfeit images are not aligned properly with the attacker upper torso.

• One of the ways that is used for a counterfeit of face spoofing is detecting liveness that observes some physiological signs like facial expression changes, eye blinking, and mouth movements. Pan et al. [84] introduced an eye blinking methods that utilized conditional random field (CRF) to detect eye blinking. Bharadwaj et al. [85] utilized Eulerian motion magnification [86] as an initial step prior exaggerating both macro and micro facial expressions in

56 Figure 3.3: Block diagram of the proposed cascade structure for face spooﬁng detection [13].

the input video. There are different motions that can be observed to detect the liveness of the user. Kollreider et al. [87] assumed that the parts of the real face move differently. They proposed an optical flow-based method to notice and trace the movement between facial parts. The same authors [88] also proposed a method that fused scores from experts then integrate the 3D motion results with the liveness detection, for instance, eye blinking and mouth movement data. Challenge response approach is one of the anti- spoofing methods that is used to detect liveness of the face.

De Marsico et al. [89] proposed a method that measures the 3D of the required continues face motion movements instead of tracking exact 3D head pose changes. This method makes the authentication process more comfortable for users. While Ng, E.S. et al. [90] asked the user to perform a random series of facial expression that these video frames from some legitimate users provide smooth and steady changes then detect any sudden change on the image. This method is considered as one of the robust methods however, since it requires user cooperation, it makes the authentication process unfriendly

57 for the user and in general, time consuming.

• Iris Spooﬁng: Iris recognition is widely known as one of the most accurate biometrics. A study by Kohli and his colleagues [91] states that the attacker can use a low-cost contact lens that has the same iris texture for the legitimate user that is obtained from a high-quality image of the person. They say that by using iris texture data, iris recognition system is vulnerable to spooﬁng [91].

Moreover, another report by Forbes says that Chaos Computer Club security researcher Jan Starbug Krissler showed that iris recognition system could be spoofed by hackers using a high-quality image with 75 percent of iris visibility that can be acquired easily from the Internet. He said that as long the person picture is vivid and large enough, it can spoof the iris recognition systems. He stated, we have managed to fool a commercial system with a printout down to an iris diameter of 75 pixels [92]. He mentioned that it is much easier than ﬁngerprints, where a clone should be created, a high-quality image is suﬃcient to perform such a process [92].

• Iris Anti-Spoofing Methods Iris presentation can be forged to mimic the genuine user iris and provided to the sensor by the attackers to bypass the authentication phase of the iris recognition system. Therefore, the need for anti-spoofing methods for iris is compulsory to minimize the vulnerability of such recognition systems against spoofing attacks. Liveness detecting for the

58 iris is critical and can utilize both optical and physiological feature of the iris.

Huang et al. [14] devolved visible light source for the image authentication systems that produces four illumination conditions that lead to pupil contraction. The measurement is based on the ratio of the pupil diameter to the iris diameter with various illuminations. However, the researchers found that this method worked only for printed iris and plastic eye but not for the contact lenses. Therefore, the same group suggested that combination between the pupil size variation and mutual information between cross- frame image patches that enhance the representation of the pupil constriction characteristics. Also, Puhan et al. [93] tried to overcome the same method by calculating the normalized Hamming distance on the binary texture features that the texture diﬀerence of the localized iris regions to verify the reﬂex of the pupil light.

The optical features of iris representation diﬀer from a real and fake iris under various lighting environments. Daugman [94] proposed a liveness detecting method for printed iris founded on the high frequency characteristics of the artiﬁcial iris. However, the high frequency feature can be lost in the captured images are out of the focus range. Thus, such images can grant access to the attackers. Purkinje images are known as four optical surface of the eye. That are, inner and outer surface of the cornea as well as the front and rear

59 Figure 3.4: Segmentation results and four paths in the common iris region of two images (a) and (b) captured in illumination condition I and II. Image (b) is resized to have the same iris diameter as that of image (a). The blue circle in image (b) deﬁnes the pupil size in image (a) [14].

of the lens.

Based on Purkinje images Lee et al. [95] suggested a method that detects counterfeit iris that works for printed iris pattern and glass or plastic eye. However, when the attacker uses a contact lenses, the method will not work since the pupil is still visible. Connell et al. [11] with the use of micro-LED projector and an offset camera, proposed an optical system to detect the characteristic optical features of authentic eyeball using constructed light projection. Both real and counterfeit iris produce several distortions of a projected striped pattern. The reflected light from the user eye is exploited to record the curvature to detect the modeled contact lenses. Nevertheless, the main drawback of this approach is that the constructed light projection is difficult to be perceived in complex environments.

60 Figure 3.5: a normal eye and one with a patterned contact lens generate diﬀerent deformations of a projected stripe pattern [15].

• Finger Vein Spoofing: Vein recognition systems are not as vulnerable as other biometric recognition systems. However, a Swiss researchers group spoofed a commercial vein sensor for the first time with some limitations. Apart from how they did that, the researchers themselves acknowledged that their approach does not work when verifying a fake finger vein against a real finger vein that was enrolled in the system. All of this information gives an indicator that vein recognition systems are yet to be spoofed using a fake finger vein [96].

61 3.1.3 Summary

Apart from the development of anti-spoofing methodologies, more work needs to be developed to resist against such threats as the fingerprint spoofing technologies are improving too, for instance, the spoofing of iPhone 5S fingerprint scanner incident. The increasing number of a critical and competitions that provide techniques for anti-spoofing face recognition systems highlights the efforts made to defeat such a growing problem with the use of photo or video or a 3D mask to fool the recognition system. The shown methodologies are still not rigid enough against the variety of face spoofing attacks. Hence, it is important to investigate this kind of spoofing and provide more solution to mitigate the spoofing danger.

On the iris recognition systems, it is clear that both optical and physiological features have their beneﬁts and weaknesses that can help in iris liveness detection. Apart from the diﬃculties hat faces these methods, combining both of them ensures taking advantages of all features associated with each of them which helps to develop a more secure and reliable iris recognition systems.

3.2 Attacks on Biometric Systems

With the growing trend in biometrics usage for authentication, the attacks on biometrics systems have also increased rapidly. Biometrics is being used for various commercial and government applications. To hack these systems, the attackers are using various techniques to attack based on the limitations and vulnerabilities across diﬀerent levels in the biometric system to involving faking their identity

62 and gain access to various platforms. The important point to remember is that if biometrics are compromised, it cannot be replaced. In another word, once a biometric is lost, it is lost forever, and there is no way to regain privacy and security [97]. Although biometrics systems have many advantages over traditional systems, they also have many vulnerabilities and threats associated with it. These loopholes decrease the security of biometrics.

Figure 3.6: Possible attacks on the biometric system at various points [16].

The attacks can occur on the actual biometric system or on the infrastructure which supports the functionality of biometric system based on that the attacks can be classified into two categories; biometric security threats and generic security threats. The essential components of any biometric system are a sensor, a feature extractor, a matcher and the database. There are various possible attacks on the biometrics system as shown in the figure above. These attacks are discussed below: The first vulnerability is the sensor and the attack on the sensor in which the attack the attacker exhibits a fake biometrics trait on the sensor like a Polaroid

63 image of a face or gummy ﬁngerprint and gains access to the system. Moreover, the second vulnerability is the real channel between the sensor and feature extractor and also feature extractor and matcher, to exploit this vulnerability the attacker captures the digital impression of the biometric trait that is presented by intercepting the communication channel and performs a replay attack. The biometrics system checks for the match score of digital footprint sent by the attacker and always gives a binary response of 1 and the malicious attacker gains access. If the biometric system is implemented without testing the attacker can exploit the vulnerabilities on the feature extractor module by injecting a Trojan horse. The next vulnerability is in the database, resulted from poor implementation without any security controls. The attacker has the potential to compromise the database by SQL injections or cracking. In either way, the attacker can steal the data, add new templates, delete the existing templates, or modify them. To conclude this discussion, the attacker can use spooﬁng techniques, intercept the channel, or inject a Trojan horse or the database on the biometric system to hack it.

Generic security threats that apply to biometrics systems include denial of service attacks, circumvention, repudiation, collusion, and coercion. These vulnerabilities are generic and exist on the infrastructure supporting the biometrics systems. Denial of service attacks occurs due to the overload of the network bandwidth by using network spooﬁng attacks or botnets. While in circumvention attack, the attacker hacks the system to gain unauthorized access. In repudiation attacks, the legitimate user accesses the resources and then claims that an intruder had circumvented the system, but most of the biometric systems are

64 non-repudiable.

In collusion attack, the user with privileges gives access to the intruder by modifying system settings. Moreover, in coercion attack, the legitimate user is forced to give an intruder access to the system. For example- in 2005 carjackers forced the user and cut his ﬁngers to get around Mercedes’ ﬁngerprint security system [98].

3.2.1 Fingerprint Sensors and Attack Types

Biometric systems consist of several modules. Sensor module captures biometric data from the user. The sensor then scans the biometric feature and converts it to digital data and send it to the feature extraction module. This module processes raw data collected by the previous module extracts necessary features and generates the template. The template then is forwarded to the matching module. The main purpose of this module is to compare the input sample with user templates that are stored in the database. As a result, a one-to-one match score is produced. Finally, decision module accepts or rejects the access attempt based on a preset threshold. If the match score is not lower than the threshold, then the decision module will grant access to the user to the system [99].

Based on components of biometric systems, there are eight attack points. All of the attacks can be grouped into two categories: direct attacks and indirect attacks. Direct attacks consist of only one type of attack that is sensor attacks. This kind

65 of attack is one of the most common as it does not require any specific knowledge about system operation [99]. Sensor attacks mean presenting a fake biometric trait (such as an artificial fingerprint) to the sensor point to bypass the system. Moreover, ?Sensors are unable to distinguish between fake and real characteristics of an individual and can be fooled easily by using synthetic fingerprints and the facial image of a person? [99]. Fingerprint sensors are one of the most widely used biometric technologies today. Therefore, the majority of studies focus on investigating the possibility of fingerprint authentication. The work of fingerprint sensors is based on the identification of papillary lines in fingers. There are three classifications of papillary lines: loop, arch, as well as whorl [100].

Currently, there are four types of fingerprint sensors. The work of optical fingerprint sensors is built upon the level of light transmission. Capacitive fingerprint sensor evaluates differences in capacities between the sensor plate and the finger. Thermal fingerprint reading devices are sensitive to heat differences between the peak and valleys of ridge lines. Finally, the ultrasonic reader sends microwaves onto the finger; waves are reflected, captured by the receiver [100]. The article by Adamek, Matysek and Neumann checked the reliability of fingerprint sensors by using fake fingerprints and showed that it is possible to gain high match score when fingerprints are made of gelatin or silicone. However, such materials will be rejected by those sensors that control liveliness [100].

A recent study showed that sensors are also vulnerable to more traditional types of attacks. Due to the increment of using biometric on mobile devices, researches in this area are increasing. Zhang et al. discovered several threats to biometric

66 systems employed in smartphones. They said that many phone manufacturers do not provide context proof for authorization objects. Also, fingerprints are not stored securely in some cases. As an example, researchers mention HTC One Max phone in which fingerprint is stored as /data/dbgraw.bmp readable file which is continually refreshed each time fingerprint sensor is used [101].

The four components of the biometric system are connected with the communication channels. The latter can also become the subject to attacks. One study showed that communication channels are vulnerable to DDoS attacks. In their experiment, El-Abed et al. conducted differences of DDoS attacks. The study revealed that attackers can perform several types of DDoS attacks depending on the purpose they want to achieve. Moreover, authors could apply hill-climbing attempt by modifying the input template until the required matching score is reached [102]. According to Guyon and Elisseeff, researchers focused on investigating feature extraction in the biometric system, there are four aspects to describe feature extraction: 1) feature construction, 2) feature subset generation, 3) evaluation criterion definition, 4) assessment method [103]. By its nature, the matching module is an executable program, which accepts two biometric feature sets XT and XQ as inputs, and outputs a match score [17].

In mobile devices, only two types of sensors are used to scan ﬁngerprints: capacitive and thermal. Thermal ﬁngerprint sensors focus on measuring the temperature of ridges as only ridges make contact with the surface. Logically, the matching module is also located in the device [104]. Apple implemented biometric

67 authentication on its devices starting from iPhone 5s. Touch ID fingerprint sensor was located on the Home button. The capacitive sensor consists of four hardware components: laser-cut sapphire crystal with the stainless-steel ring surrounding it. Once the finger is detected by the ring, the sensor becomes activated and takes high-resolution fingerprint picture. Later, the picture is compared to the templates in the secure enclave of Apple A7 chip. The user is authenticated when the matching score is acceptable. Although initially, Apple ensured that biometric data are locked to A7 cheap and that access to those data is available to the Touch ID sensor, with the release of iOS8 developers can access Touch ID. However, access to biometric data or the system is still protected from any third parties [105].

3.3 Defense Techniques

To defend these attacks on the biometrics systems which may target the vulnerabilities in the system at various levels, the following techniques can be employed. The first such defense technique to mitigate spoofing attacks is liveness detection. Liveness detection can be used to reduce the attacks on the sensor. Liveness detection can be done using either software or hardware. Software for liveness detection proves to be more adopted as it does not add to more cost and complexity. Liveness detection with software for most common biometrics that is used involves capturing eye movement for iris recognition and checking temperature, pressure, and pulse from fingerprints. Liveness detection from hardware is expensive and bulky. Liveness detection by hardware can be done by using additional hardware like stereo cameras for iris and lasers/ultrasonic sensor

68 for capturing sub-dermal ﬁngerprints.

The attacks on the communication channels in biometrics systems can be mitigated by using stenography and watermarking techniques [106]. These techniques involve secret communication and hiding information with the randomness of the transmission data. These techniques prevent replay attacks thus providing integrity of stored templates and improve the robustness of the biometric system.

Other possible defense techniques to mitigate attacks on the biometrics are soft biometrics approach and multi-model biometrics. In soft biometrics, the user is asked to provide some additional information such as gender, age, weight, and ethnicity [107] to the system to verify the user. This information submitted by the user is checked against the information against the information provided by the user during the enrollment phase. Multi-model biometrics has multiple representations of a single biometric i.e. a single biometric with multiple biometric identiﬁers. They can help in defending the spooﬁng methods imposed by the attacker on the sensor as it is hard for the attacker to spoof multiple biometric traits of a legitimate user simultaneously.

Additionally, to increase the security of biometrics systems, various encryption techniques are implemented by organizations. Strict standards have been drafted by the governments agencies like NIST, and the biometric systems have to follow these certiﬁcation standards. There are various digital laws and policies which

69 protect the user privacy and security by usage of biometrics.

3.4 Revocable Biometrics

One of the big threat regarding security raised in the biometrics community is about the long-term risks of biometrics in the case of database compromise. Author Bromba concluded in his paper [108], that there is a possibility to reconstruct the raw biometric data from the template data, and that means there is no guarantee of privacy and security. Hence there is a privacy concern for the protection of stored and transmitted data at various stages in the biometric system as shown in ﬁgure: 1. There is a strict need to strengthen the security of biometric templates. To address this issue of security, the concept of revocable or cancelable biometrics was introduced. The main purpose was to provide signiﬁcant enhancement regarding privacy and security. It consists of a repeatable distortion of a biometric signal based on a chosen transform. The biometric signal is distorted in the same fashion at each presentation, for enrollment, and for every authentication.

Revocable Biometrics incorporate ideas from computer vision, pattern recognition, cryptography and network security [109]. With this approach, every occurrence of enrollment can use a diﬀerent transform thus rendering cross- matching impossible. Furthermore, if one variant of the transformed biometric data is compromised, then the transform function can simply be changed to create a new variant (transformed representation) for re-enrollment as a new person. In general, the distortion transforms are selected to be non-invertible. So even if

70 the transform function is known and the resulting transformed biometric data are known, the original (undistorted) biometrics cannot be recovered [110]. By using this method of cancellation, it simply requires the speciﬁcation of a new distortion transform. Privacy is enhanced by using revocable biometrics because diﬀerent distortions can be used for various services and the actual biometrics are never stored or revealed to the authentication server.

Figure 3.7: Template protection techniques [17].

Figure 3.8: Authentication process when the biometric template is protected using a feature transformation method [17]. [8].

Since noise in biometric data is one of its problems [7], and the matching algorithms are often too complex, which makes it diﬃcult to apply traditional

71 cryptographic techniques, other crypto techniques such as key binding and key generation are used to safeguard the template. By using these approaches, the raw biometric data is not stored in the device or transmitted on the network, and only the template is used, which is protected with a key as shown in the ﬁgure above.

72 Chapter 4

Literature Review

4.1 Overview

It has been evident from many data breach incidents in the past that textual passwords are inadequate for ensuring maximum security of a system. Biometrics, specifically, behavioral traits such as fingerprints, faces, iris, or voices to identify users is slowly becoming an alternative to passwords [111]. When comparing biometric authentication technologies that are available, iris scanning is the most accurate in identifying users, but on the other hand, the technology is around five times more costly than fingerprint authentication systems [112].

Fingerprints are of particular importance in biometrics, unlike other biometric methods, as they can be identified easily even through a magnifying glass. In the history till date, no two fingerprints from two different fingers have been found to be having the same ridge pattern [113]. Also, it is now a fact that fingerprints do not change throughout a person life. It is justified that fingerprints

73 are significantly important as they are being used in criminal identification since a century [113]. Fingerprints were used primarily in law enforcement until the 1980s. As an advantage of the innovations in the area of electronics in the 1980s, fingerprints then became available to be used in user identification applications as well [113]. Research has been continuously carried out in this field with an aim to improve the level of security provided by fingerprint authentication systems. Various techniques have been suggested to achieve such a goal. These techniques include the merger of fingerprint authentication with other biometric technologies such as iris recognition known as multimodal biometric authentication systems, or with traditional security technologies such as passwords. These techniques include the emerging of fingerprint authentication with other biometric technologies such as iris recognition or with traditional security technologies. Throughout the literature, there have been proposed solutions to the problems related to fingerprint authentication. There have been problems associated with the solutions as well. In the section that follows, I have presented a detailed review of the solutions and also highlighted the problems associated with them.

4.2 Detailed Review

4.2.1 Use of ﬁngerprints in authentication

Prior the innovations in areas of personal computers and optical scanners, fingerprints were used in the fields of law enforcement and criminal identification. The innovations enabled the fingerprints to be used in areas of non-criminal

74 applications such as user identification [113]. Lawrence O’Gorman in his paper describes ways in which fingerprint verification works. He firstly defines features such as ridges, valleys and presented microscopic and macroscopic approaches to fingerprint matching. He then describes image processing and verification of fingerprint images. Extraction of features from the image is also described and then the final step of comparison between claimant fingerprint and enrollee fingerprint is presented [113].

The authors of the paper Fingerprint Matching describes an automated fingerprint recognition system and also identifies and presents key challenges in this area [19]. Their presentation on the performance of fingerprint authentication is interesting with the conclusion that there is a need to continuously decrease the error rates of fingerprint matchers. They describe parameters to measure the performance of fingerprint systems. Some of them are FPIR, FMR, and FNIR etc. Two parameters that are of primary importance here are FPIR and FMR. False match rate (FMR) is defined as the rate at which matcher declares a match between images from two different fingers. A false positive identification rate (FPIR) occurs when the system falsely identifies a fingerprint as authentic when it is actually not present in the system. The authors also describes the relationship between these rates as:

FPIR = 1-(1-FMR)N

where N is the number of total users enrolled in the system. Suppose that N = 100 million, then for FPIR to be 1 percent of N, FMR has to be really low. The

75 authors suggest that such a low FMR can usually be met only when fingerprints from all ten fingers are used for identification [19].The research presented above convey that increasing the number of fingerprints can result in decreasing the FMR and consequently decreasing the FPIR.

Fingerprint scanners which do not distinguish between a live finger and a fake finger can be fooled by accessing the system using a fingerprint developed using putty and gelatine [21]. This problem poses a need to research for fingerprint scanners that can detect the liveliness in a finger. The fingerprint scanners with this ability have also been investigated and developed, but they cost a lot more when compared to fingerprint scanners which cannot detect a live finger. A USB scanner can cost around $50 whereas a sophisticated fingerprint scanner with live finger detection ability can cost up to $2500 [114]. A study has also been conducted to improve the security of fingerprint scanners which do not have live fingerprint scanning ability. These systems are covered in sections presented hereunder.

4.2.2 Use of order of multiple ﬁngerprints in

authentication

Christopher Hekimian in his patent suggests ways to increase the effectiveness of fingerprint authentication system. He proposes a method that takes into account the order of sequential reading of fingerprints and also conveys that the subsequent reading may or may not be time constrained. He describes that the effectiveness is increased based upon the fact that a potential intruder would have to carry

76 out three things. First one being aware of the correct sequence of fingerprints. The second one being able to intrude the authentication server to get fingerprint image information and the third one being able to get the information about the timing properties associated with the sequential scan. The technique presented also utilizes more than one fingerprint scanner. Also, in recording fingerprints, the system also keeps track of which fingerprint was recorded on which scanner.

Furthermore, the system adds more complexity by adding timing characteristics. For example, the system also records the time between sequential scans of a fingerprint. For this implementation, the system maintains registries of data having fingerprint data, timing data and also sensor identification data. The author also explains the performance boost that this system has when compared to the traditional fingerprint scanners. For example, for a potential intruder, to break through the authentication, would have to try 1000 [45 = 1024] combinations if the system has the capacity to allow all the fingerprints of a single hand to define the order of scanning and provided that the system employs only one fingerprint scanner [115]. Another research by Kawan et al. presents a system that uses a predefined sequence of authentication mechanisms such as various biometric authentication mechanisms, authentication using credentials, authentication using a PIN, etc. Also, the system provides the facility to use sequences of a single authentication mechanism such as an order of multiple scanning of fingerprints. Scherrer et al. [116] describes the use of a sequence of multiple fingerprints in controlling sharing of personal information of users with other parties. Also, rules can be defined in the system for filtering types of information to be provided to the other parties. For example, a sequence of multiple fingerprints can be used to

77 provide all the available information relating to a user to other parties. Another sequence can be used to provide only a portion of the available information [117].

These proposed solutions focus on increasing the security of the system by introducing permutations in the authentication method. Although it does enhance the security, it takes a toll on the ease of use of a system. For example, even when only a single fingerprint is scanned for unlocking a device such as an iPhone, it has faced some complaints of being slow and able to unlock the phone just after few attempts [118]. Also when a user tries to unlock his system using the order of multiple fingerprints and if he gets an incorrect response, it leads to the question of whether he has forgotten the order or is it that the system is unable to recognize one of his registered fingerprints correctly.

4.2.3 Use of Multimodal Biometrics in Authentication

Multimodal biometric systems take into account more than one biometric trait of an individual to make a recognition decision [119]. Apart from ﬁngerprints, other biometric traits of an individual are iris, retina, face, voice, etc. To counter the problems associated with a unimodal biometric system wherein only a single biometric trait such as a ﬁngerprint is considered when making an authentication decision, there have been proposals to use multimodal biometric systems. For example, Vishi Kamer and Sule Yildirim Yayilgan proposed a novel

78 multimodal biometric authentication approach suggesting the combination of iris and fingerprints at score-level. They used various normalization techniques and fusion techniques to rate the individual that is trying to get authenticated. Based on the fused score, they were classified as a genuine or a fake subject. They tested fingerprint-based recognition and iris-based recognition on two different subject databases as well as on two separate sensors. They concluded that multi-modal biometrics overcomes problems like noisy sensor data, unacceptable error rates, etc. which affects unimodal biometrics [119]. As another example, Jain Anil K., Lin Hong, and Yatin Kulkarni proposed a multi-modal biometric authentication system using fingerprint images, face images and speech signals of users. They performed the tests on a smaller data set in their laboratory, and their system performed very well [120].

More research has also been conducted in this area focusing on overcoming the problems associated with fingerprint authentication. But there are two main problems associated with multimodal biometrics. One is that the addition of another biometric technology can mainly increase the price of the authentication system. The second one is the reduced matching level problem. The problem states that if a stronger biometric such as iris is combined with a comparatively weaker biometric such as a fingerprint the overall effectiveness of the system can go down [121].

79 4.2.4 Use of ﬁngerprints as usernames and/or password:

A user registered with a website or an account is identified with a username. Any username can be formulated as a login name. For example, a person named James Carter might have chosen his username as ”jcarter”. Also, it can be provided by the website, for instance, the user Facebook can be ”jcarter.73”. Besides, it can also be the email address that the user registered with. Users are identified with the username and are authenticated with the password. With the advent of biometrics in the field of identification, research has also been conducted in the direction of using fingerprint, a biometric trait, with username and password. For example, Bhansali, Apurva M presented a configurable system wherein users can log in with just a password, only a fingerprint or both password and fingerprint [122]. Also, McNulty, James proposed a system wherein a user is registered using username and password, and along with it any other biometric trait like a fingerprint, iris, facial features, etc. is also registered [93]. Rohatgi, Santu, Peter Rung, and Ryan Rohatgi also proposed a system in which different fingerprints can be the authenticating factor in giving access to various roles. For example, under a first username and left-hand index finger, a person might be subjected to access specific roles while under a second username and a right-hand index finger, he might be subjected to access completely different roles [123]. Also, the old school method of using PIN or password for unlocking the mobile phone has slowly started to become obsolete. People are able to unlock their phones easily with their registered fingerprints. But there has to be a tradeoff between ease of use and the security of the system. For example, it is really easy to unlock a phone or log in to a website using a fingerprint rather than a password. But as per the recent research security is compromised

80 with this implementation. For example, all it takes to spoof a fingerprint is putting a finger on a cast, filling the print on play-dough, and then a little trial and error to line up the play-dough on the fingerprint scanner and thats it, with little effort phone is unlocked. Also unknowingly to the victim, fingerprint impressions can be collected from quotidian things that the victim uses. These fingerprint impressions can be cleaned, scanned, projected on a mold and then can be used to fool a fingerprint scanner [124]. Currently, no research has been conducted in the direction of using fingerprints as usernames and along with fingerprints or textual characters as a password.

4.3 Conclusion:

The research presented in the literature review leads to identify various gaps in the security of authentication systems. People have also shown fingerprint to be used in conjunction with the sign in details like username and password. Nevertheless they are not that more significant improvement over minimizing the vulnerability of authentication systems. If the hacker gets access to username and password, he requires just one more characteristic to break through the system. Also, a research presents the idea of using a variety of fingerprint scanners. Consequently, the hardware cost increases and also along with it the complications of integration of multiple scanners with the host also increases. Furthermore, handheld devices do not have scope for allowing more than one scanner for integration, and even if it is integrated with add-on fingerprint scanner, the device no longer has the property of being called handheld. When comparing the fingerprint scanners with the

81 traditional security systems, using fingerprints as passwords is much more prone to decreasing the security of the system. Passwords should have the property of being secretive and also they should be mutable. The reason being, it should be difficult for a hacker to crack your password and also that once it is cracked, it should be able to be changed. It takes a very skilled hacker to lift your fingerprint off of certain things and being able to convert it into a fake fingerprint to fool the system. For systems, which uses no username and just fingerprint as the authentication entity, it is rather hazardous if the fingerprint of the user is compromised. Because then the hacker would be able to compromise any other system associated with the user that uses the same authentication mechanism. Also, in this particular scenario both the properties of password mentioned above are violated.

Looking at the other side of things, the ﬁndings of the literature review also lead ﬁrmly to the direction of further research in order to strengthen the security of authentication systems.

As per the research conducted, no system has been found that uses a single fingerprint as a username of an application and another fingerprint or textual characters as the password of an application. The combination and the facility to use either textual characters or biometric trait in both usernames and passwords provide for a much secure system when compared to the systems that use only a single fingerprint as the authentication entity.

82 Chapter 5

Research Problem Statement

5.1 Motivation

With the process of logging in, the users gain access to a computer system after identifying and authenticating themselves. The user credentials are required to login, and they are typically some form of a username and a matching password. The username for logging in an account is textual. This text can be either email address or some alphanumeric or numeric or characters chosen by the user. The username can be looked upon easily by the potential att by just keeping an eye on the screen when the potential target enters one. The password cannot be obtained easily as the actual one is kept hidden by replacing it with dots. Let us now consider a scenario in which the attacker wants to get access to a target account. There are two possible ways to accomplish this task.

The ﬁrst way is that if the email account of a user is compromised, the attacker can click on Forgot Password link available on the user interface of the target

83 account. If the compromised email account has the same email address as the one used when registering to the target account, then a password reset link will be sent to the email address and the attacker will be able to compromise the target account as well. Once the associated email account is compromised, it is straightforward for the attacker to compromise any other accounts of that user.

While in the second possible way, if the username of the target account is known, the attacker will just have to crack the password of that account. For cracking the password, the attacker can use any of the methods like dictionary attack, brute force attack, phishing, social engineering, etc. [125]. Once the password is cracked, the target account is compromised.

To enhance the security of the first possibility, let us assume that there is a system which has the username as a fingerprint and also it sends you the link to reset the password only after validating the username. Now for compromising a user account on such a system, the attacker would have first to compromise the email account and also with some technique, forge and prepare a fake fingerprint of the user. Moreover, using usernames as fingerprints can also strengthen the security of the second possibility. Without the usernames as fingerprints, the attacker will have to put some effort into getting the username and then some more effort for cracking the password using cracking techniques mentioned above. If the usernames are fingerprints, then the attacker will also have to forge and prepare a fake fingerprint. A considerable extra effort will have to be put up by the attacker to compromise

84 the system in this case.

Hence, the primary motivation is to address the vulnerabilities of the authentication systems as stated above and thereby strengthen the security of user accounts by using ﬁngerprints as usernames.

5.2 Problem Statement

Fingerprint authentication systems are not always accurate. For fingerprint authentication systems to be almost flawless, the False Match Rate (FMR) of the system should be as low as possible and for FMR to be low, the number of fingers to be enrolled for identification should be high [19]. Single fingerprint scanners records and authenticates only on the basis of the fingerprints of a single finger [126]. Compared to this, there are scanners available which can authenticate using more than one fingerprint [126] but they are more costly compared to single fingerprint scanners [127]. In addition to these problems, ultrasonic fingerprint scanners which can distinguish between a live finger and a fake finger are costly and not affordable by every organization having a need for biometric authentication [128]. Also, when an email of a user is compromised, there is a high probability that almost all the other accounts that use his email as the username can be compromised. A potential hacker can click on Forgot Password link on a website, and the password reset link will be sent to the registered email address which is already compromised such as Twitter account [129]. It thus proves that it is very risky if usernames are email addresses and the email account is compromised. Currently, no systems have been

85 made available that uses fingerprints as usernames when registering and along with that same or different fingerprints or textual characters as passwords.

As a result, I am proposing a new method of fingerprint authentication using the idea of fingerprints as usernames because fingerprints are Something you are and not Something you know. This method is different from the legacy fingerprint authentication systems or other researched authentication systems in a way that the fingerprints of the user will be the username for an application. The fingerprint password can be a textual one or another fingerprint of the user.

5.3 Problem Goals

1. To address the problem of making the ﬁngerprint authentication more secure as the adoption of ﬁngerprint authentication is increasing.

2. To potentially decrease the probability of attacker getting access to the system using the method of resetting passwords.

3. To utilize the single ﬁngerprint scanner to its maximum potential and thereby pursue to decrease the FMR of ﬁngerprint authentication systems.

86 4. To facilitate the authentication of the system using the registration of diﬀerent ﬁngerprints in both username and password.

5.4 Problem Questions

1. Q1: Is there a positive relationship between users perceived usefulness and their attitudes towards using ﬁngerprints as usernames.

2. Q2: Is there a positive relationship between users perceived ease of use and their attitudes towards using ﬁngerprints as usernames.

3. Q3: Is there a positive relationship between users perceived ease of use and perceived usefulness towards using ﬁngerprints as usernames.

4. Q4: Is there a positive relationship between users attitude towards using ﬁngerprints as usernames and their intentions to use ﬁngerprints as usernames.

5.5 Research Hypothesis

Literature review on biometrics states that biometric systems improve transaction speed [130]. The research conducted by Hylke Huys presents that the higher the

87 perceived usefulness, the higher the intention to accept a biometric system [131]. After studying the existing literature, the following hypothesis has been developed.

Hypothesis 1: There is a positive relationship between users perceived usefulness and their attitudes towards using ﬁngerprints as usernames.

Analyzing the fundamental constructs of TAM, the next construct is Perceived Ease of Use. Davis has presented that users will not adopt a new technology unless it is easy to use. From the research conducted by Pons and Polak, the ease of use of ﬁngerprint and their transparency are key in adoption by the users [132]. Thus, in the light of the existing studies, the following hypothesis has been developed. Hypothesis 2: There is a positive relationship between users perceived ease of use and their attitudes towards using ﬁngerprints as usernames.

Luet al and Ruth have presented that there exists a strong, positive relationship between perceived ease of use and perceived usefulness [133] [134]. If a user finds a technology easy to use, there is a probability that he may examine the technology to find out ways in which it may be useful to him. The following hypothesis then was developed. Hypothesis 3: There is a positive relationship between users perceived ease of use and perceived usefulness towards using fingerprints as usernames.

Legris and Shih, in their research, have presented that when there is a positive attitude towards using new technologies, there is bound to be strong intentions to adopt those technologies [135]. Fishbein also presented that attitudes towards

88 technologies are formulated with the user beliefs about these technologies and evaluative responses associated with this belief [136]. The following hypothesis is developed from the existing literature.

Hypothesis 4: There is a positive relationship between users attitude towards using ﬁngerprints as usernames and their intentions to use ﬁngerprints as usernames.

Using TAM and the existing literature, these four hypotheses have been developed for examining the adoption of the research presented in this research proposal.

5.6 Research Methodology

5.6.1 Introduction

As per the literature review conducted, there have been no systems that use ﬁngerprints as the usernames and another ﬁngerprint or textual characters as the password. This research proposal deals with presenting this idea and then using the Technology Acceptance Model (TAM) to evaluate the concept. Moreover, the product that can be developed out of this research is going to be used by the general public. So before even conducting extensive research in this area, it is necessary to evaluate whether the concept itself will be preferred by the general public or not. Hence, a survey was conducted which included the questions related

89 to the adoption of the idea of ﬁngerprints as usernames. This chapter presents in detail the research model; research hypothesis developed as well as the research method and the survey questions used. The results of the survey will be discussed in the next chapter.

5.6.2 Approach

Technological diffusion is the procedure by which innovations spread within and across economies. These innovations can be either new products, new processes or new management methods [137]. Technology adoption is a topic of utmost importance in understanding technology diffusion. If the technology is intended to be adopted by the general public, it is bound to diffuse [138]. In this case, the idea of using fingerprints as usernames is a technological innovation. Prior concluding that this idea, being an innovation is sure to diffuse among the population, it is necessary to get an understanding of the technology adoption. It is essential to know whether the general public is welcoming towards the idea or they are reluctant towards the idea. There has been a great number of theoretical frameworks used in the past for determining the user adoption. Many of the frameworks have been derived from certain classes of behavioral models. Some of the behavioral models available are Technology Acceptance Model (TAM), Theory of Planned Behavior (TPB), etc. The models mentioned above try to explain the behavior and intentions of the general public to use a particular innovation. It does so by linking user behavior to their beliefs. Oh et al. presented that TAM stands out as the most valid out of all the models [139]. TAM has been replicated and

90 extended in various contexts, covering samples of users with diverse demographic details [140]. Also, TAM has been concluded by et al. as a useful model for examining the adoption of new technologies [135] [141]. TAM consists of four constructs: perceived usefulness, perceived ease of use, attitudes, and intentions to use [18]. These constructs explain the adoption of new technology by the users. Going by the theory of classic TAM developed by Davis, perceived ease of use and perceived usefulness play an essential role in deciding the attitude and consequently the intention of the user towards using the new technology. Perceived usefulness construct states users perception on whether the new technology will enable them to perform a task in a better way whereas perceived ease of use states users perception on whether the new technology will enable them to perform a task easily and comfortably [142]. There has been research conducted wherein other theoretical models have been proved as favorites when compared to TAM [143]. However, TAM has received tremendous support in research related to the adoption of new technology [139]. These can be presented in the light of stating that TAM has been used extensively in technology adoption during the past 20 years [140]. Fig. 25 represents constructs of Technology Acceptance Model.

Figure 5.1: Technology Acceptance Model (TAM) [18].

91 If the general public perceives a technology as easy to use, then their perception of whether that technology will be useful is influenced by it. In this research idea that focuses on using fingerprints as usernames, we utilize TAM to formulate the survey questions for each of the constructs. From the relationship between the constructs mentioned in the classical TAM and also as shown in the Fig. 1, research hypotheses are proposed. Perceived usefulness in the biometric system is primarily an indication of the adoption of technology by the users [144]. For fingerprints as usernames, usefulness is linked to the extent to which this method will be useful in ensuring more security to their account. Also, it is connected to the extent to which it will be more useful security wise when compared to an alphanumeric password.

5.6.3 Research Method

To fit the context of using fingerprints as usernames, although it was an adoption survey, measurement scales were formulated for each of the constructs of TAM. To measure perceived usefulness, users were surveyed on whether they feel if fingerprints are more secure than traditional security methods. The response to this survey question was of Likert-type with values ranging from strongly agree to strongly disagree. Based on the answer to the question, the perception of the user about whether the fingerprint as username idea will be useful or not can be determined. To measure ease of use construct, users were surveyed on whether they would be more comfortable in using a fingerprint as username or

92 alphanumeric text as username. The response to this question can determine perceived comfort level of the users with this new idea. To measure attitude to use, users were surveyed on whether they would use their devices to store more personal information if they had fingerprint scanning features. The response to this survey question can be either yes or no. Based on the answer to the question, the perception of the user about whether the users have the positive attitude towards using a fingerprint as username can be determined. To measure intentions to use fingerprints as usernames, the answer can be derived from the attitude to use fingerprints as usernames as the literature of the fourth hypothesis described. To create a profile of respondents, the survey had demographic questions related to age, gender and education. The survey also measured the familiarity of the respondents with fingerprint authentication.

An online survey was conducted with respondents having diverse demographic properties. The sample frame was valid respondents of students and faculty staﬀ as well as teachers at Florida Institute of Technology, Melbourne, Florida, United States. In November 2017, an invitation email to participate in the online survey was sent out to FIT Forum, a number of 64 respondents completed the survey.

93 Chapter 6

Survey Findings and Conclusion

After posting the survey link on FIT Forum, 65 respondents participated in the survey. A response received by an individual was in the missing category as he did not respond to the crux questions of the survey. In total, 64 responses were valid and suitable to be considered for further analysis. Statistics, the science of collecting, analyzing and making an inference from data is important because it is used by many researchers to organize, analyze and summarize data. For communicating research findings, to support hypotheses and also to give credibility to the research methodology, statistical analysis is used [145]. One such tool available for calculating statistical analysis is SPSS by IBM [146]. SPSS provides varieties of tools and performs a variety of functions but for our consideration, statistical analysis of the responses is our need, and SPSS is well qualified to carry that out. Descriptive analysis is presented below for the survey response data that is received. It contains a summary of the demographic profile of the respondents as well as the analysis of responses to questions related to constructs of TAM. The analysis will help me identify whether my research idea of using fingerprints as

94 usernames will be adopted by the general public.

6.0.4 Demographic Information

Looking at demographic profile, around 65% of them were males, and rest of them were females. Also, most of the population was relatively young with around 50% of the respondents between the group of 18-29 years old, and about 36% between the age group of 30-49, approximately 11% between the group of 50-64 years old and rest around 3% in the group of 65 years or older. It can also be argued from the analysis that the respondents represented a bunch of qualified individuals as around 44% of them held the highest degree as a graduate degree in their fields. Around 23% and 27% held the highest degree of high school and bachelors degree respectively as shown in Table 6.1 and Figure 6.1 below.

95 Table 6.1: Demographic Information of Participants

Item and Scale Frequency Percentage (%) Gender Male 42 65.6 Female 22 34.4

Age 18-29 years old 32 50 30-49 years old 23 35.94 50-64 years old 7 10.937 65 years and over 2 3.12

Education Level High school 4 6.25 Associate degree 17 26.56 Bachelor degree 28 43.75 Graduate degree 15 23.43

Figure 6.1: The responses percentage for the Demographic Information of participants: Gender, Age and Education Level

96 6.1 Model Related Information

Relative to the constructs of Technology Acceptance Model (TAM), questions were asked in the survey. The first model relevant question shows the familiarity of the respondent with the fingerprint system. It asked whether they ever had dealt with using fingerprint authentication. Most of them, around 90% had used fingerprint at some instance in their life as shown in Table 6.2 and Figure 6.2 below.

Table 6.2: Familiarity with Fingerprint Technologies

Answers Frequency Percentage (%)

No 6 9.4 Yes 58 90.6 Total 64 100

Next, they were asked if the information present on their phones was perceived as of higher importance. The answers to this question were based on a Likert scale of 4 points ranging from 3 = High Importance to 0 = No Importance. From the statistical analysis conducted using SPSS, the range of the dataset of all the responses was found to be 3. This statistic indicates that the maximum value a respondent could have selected is 3 and the minimum value a respondent could have selected is 0. Moreover, the mode and the mean of all the valid 64 responses were found to be 3 and 2.47 respectively which represented that the average response to

97 Figure 6.2: Chart showing the responses percentage for participants familiarity with ﬁngerprint technologies

this question was High Importance. The mode of the set of answers was 3 which individually conveyed that a maximum number of people in the data set rated the information stored in their mobile phone as of high importance. The statistics of the responses for this particular question is represented below in Table 6.3.

Table 6.3: Participants Perceived Information Present on Their Phones

Attributes Values N 64 Mean 2.47 Mode 3 Range 3

The statistics show that around 58% of the respondents selected the value 3 which implied that the importance of information was high for most of the

98 participants. Figure 6.3 represents the distribution of the responses as per the selected value.

Figure 6.3: Chart showing the responses percentage for how participants perceived information present on their phones

The users after that were asked about the level of protection of privacy that they would require for protection of information on their phones. It was expected from the analysis of the previous questions’ responses that the answers to this question will be tilted towards the value of Higher protection and so was the case. From the statistical analysis provided by the SPSS tool, the value of the range of the dataset of the responses was 2. According to the analyzed data, the mode of the responses which is 3, and no participant had selected 0 as their response to this question. Thus, they were no participants that required no protection for the information stored in their mobile phones. The mode with value 3 also implied that the maximum number of people wanted the highest level of protection of privacy. The statistics of the responses to this particular question is presented in Table 6.4. The statistics indicate that no respondent had selected No Importance as their response. Around 57% of the respondents selected 3 implying that they would

99 Table 6.4: Level of Privacy Protection that Participants Required for Their Information on Their Phones

Attributes Values N 64 Mean 2.50 Mode 3 Range 2

require higher protection of privacy. Figure 6.4 represents the distribution of responses. The next question dealt with asking the respondents if they would store more private information on their mobile devices granted that they would be provided with ﬁngerprint scanning features. The majority of the responses to this question was positive. Around 69% of the respondents chose that they would store more private information. The question was related to the construct of Perceived usefulness in TAM. The response to this question was a good sign for our research as one of the user adoption factors, usefulness, was perceived positively by the respondents. Table 6.5 and Figure 6.5 represents the statistics of the responses as calculated by SPSS tool.

The next question in the survey designed on a scale of Likert-type of 5 points with values ranging from 5=strongly agree to 1=strongly disagree. The question

100 Figure 6.4: Chart showing the responses percentage for the level of privacy protection that participants required for their information on their phones

asked if the users perceived that the ﬁngerprint authentication technique was better than traditional security methods. From the values of statistical measure received from SPSS tool, the range of the responses received was 4 implying that the maximum value of all the responses will be 5 and the minimum value of all the responses will be 1. Thus the response was spread out among all the possible values expect no values presented as 0=Strongly disagree. Table 6.6 represents the statistics of all the answers recorded.

The mode of the responses was 4 indicating that the maximum number of people chose 4 as their response. It implies that most respondents agreed that ﬁngerprint

101 Table 6.5: Participants Would Store more Private Information on Their Phones

Answers Frequency Percentage (%)

No 20 31.3 Yes 44 68.8 Total 64 100

Figure 6.5: Chart showing the responses percentage if the participants would store more private information on their phones if it has fingerprint scanner technologies are more secure than traditional security methods like authentication using password or pin. Figure 6.6 represents the bar chart of the distribution. The next question in the survey relates to perceived ease of use construct of TAM. The survey participants were asked whether they would find it more comfortable to use a fingerprint as a username or alphanumeric text as a username for their accounts. The research here clearly won the votes of perceived ease to use as most of the respondents (around 72%) selected Fingerprint as a Username. The distribution of responses to this question is represented in Table 6.7, and Figure 6.7.

102 Table 6.6: Participants Thought If the Fingerprint Authentication Technique is Better than Traditional Security Methods

Attributes Values N 64 Mean 3.77 Mode 4 Range 4

Figure 6.6: Chart showing the responses percentage of participants if they think the ﬁngerprint authentication technique was better than traditional security methods

Table 6.7: Participants Preferences Use Fingerprints as Usernames or Alphanumeric Usernames

Answers Frequency Percentage (%)

Alphanumeric username 18 28.1 Fingerprint as a username 46 71.9 Total 64 100

103 Figure 6.7: Chart showing the responses percentage of participants to use ﬁngerprints as usernames or alphanumeric usernames

104 6.2 Conclusion

Fingerprint authentication has been around since long and is slowly and steadily finding its way to a more significant adoption with the arrival of fingerprint scanners on mobile devices. This proposal tries to address the need of analyzing the vulnerabilities associated with fingerprint authentication and also with the entire scope of authentication systems and then presenting a researched solution. The fact that fingerprints are the biometric characteristics of individual states that they should be inferred as ”‘who you are”’ rather than ”‘what you know”’. This finding naturally lends itself to the consideration that fingerprints should be usernames in an authentication system. Also, for a product, to be concise and supply demanding, it requires validation of adoption from the general public. The products developed are as a result of the intense research that goes into them. Hence, the idea here was to research using fingerprints as usernames, was surveyed to see if people are willing to adopt the proposed method and then set a path for further research. The survey addressed the parameters like the importance of information, protection of information, perception about usefulness, perception about ease of use, perception about the attitude to use and perception about security to measure the overall impression of the general public towards the proposed idea of using fingerprints as usernames. It can be inferred from the survey responses that majority of the respondents have information of higher importance in their mobile devices, and they require a higher level of protection for the same. Moreover, a higher majority of the respondents think that fingerprint technologies are more secure than traditional security technologies. The perception of usefulness was measured with a question to participants if they think that fingerprint technologies are more

105 secure than traditional security technologies. The perception of ease of use was measured with a question relating to the comfort while using fingerprint when compared to an alphanumeric password. The perception of the attitude to use was measured with a question relating to the comfort while using fingerprint when compared to an alphanumeric password. All of the above questions received a majority of positive responses, and the constructs of TAM are thus satisfied. As people store more critical information requiring a higher level of protection, and the analysis outcome that they have more faith in fingerprint authentication and also that they find it easy to use, it can be concluded that the idea of using fingerprints as usernames is adopted with positive responses.

106 Chapter 7

Evaluation of the Authentication Systems

Applying Technology Adoption Model (TAM) to the research proposal helped in formulating the hypothesis and survey questions. The constructs in TAM had assisted to measure the usersŠ adoption even when the research was in the proposal stage. It was analytical and logical to search for other frameworks that can support evaluating the proposed scheme of the authentication system. Further research in this area led to discovering that the researchers from Microsoft had already catered the solution to the problem of evaluating authentication systems. The new proposed authentication system that I have named, ”Fingerprint as Usernames for Authentication Framework” (FUAF) needs to be evaluated from the design perspective to better present it as an improvement from the legacy textual password system present ubiquitously. In the sections below, I will refer to the new proposed system as FUAF. The next sections present the benchmarks

107 and the metrics that can be applied to FUAF for measuring its strength in the aspects of security and usability.

7.1 Evaluation framework

The research titled ”A Quest to Replace Password” claims to present an unbiased evaluation framework of password replacement schemes [147]. The framework was developed because there are a number of problems that the password replacements schemes have been facing. The problems include diverse interests of various communities, focusing more on security when compared to usability and, neglecting practical issues related to the deployment, ignoring benefits that not provided by their scheme. In the journey of providing a reliable evaluation mechanism, Bonneau et al. [147] provide a standard scale and framework where any user authentication system can be evaluated. In the evaluation framework, a set of 25 benefits covered under the titles of Security, Usability and Deployability have been presented. Any authentication system which proposes itself as the replacement of legacy textual password system can be judged as to whether the scheme does or does not provide the set of benefits. The research then using the framework presented moves on to analyzing the already proposed systems. Schemes like Password managers, proxy, Federated, Graphical, Biometric, hardware-based, etc. are examined and evaluated using the framework of benefits. Bonneau et al. [147] conclude that no system is close to providing all the benefits that an ideal authentication system would require. Also, most of the proposed systems do not come even close to providing the benefits offered by the legacy password systems.

108 7.2 Relevance of the framework to the proposal

Analysis of the research conducted by Bonneau et al. [147] and in particular comparison of various authentication systems with the legacy password system, it was clear that the years of research in the area of password replacement schemes have not succeeded in the replacements of legacy password systems. Moreover, the research also compared the idea of using fingerprints as passwords with the using textual characters as passwords. The conclusion on the basis of various criteria was that fingerprints as password performed worse than textual passwords in the areas of efficiency, recovery from loss, infrequent errors, deployability and also failed to fare well in many areas of security. It then makes more sense to respect the legacy password system the way it is, i.e., using alphanumeric characters in the password field. There is one more important factor of the authentication systems that is the username field. The research then lends itself to increase the overall security of the authentication system by keeping the password system as is and make some changes to the way username is represented. In this research, the idea of using textual characters as password is respected, but in case of username, I propose the idea of using fingerprints. As fingerprints or in general biometrics represent Śwho you areŠ, it is essential that they are used as usernames. The survey conducted in the project proposal complements the idea that fingerprints will be more usable than textual characters. The research aims to get the benefits of the legacy password systems and also to try and increase the overall security and usability of the authentication system.

109 7.3 Application of the framework to the proposal

The framework presented by Bonneau et al. [147] cannot be directly applied to the research presented in this paper because the research is not a password replacement scheme but a username replacement scheme. However, the framework presents detail criteria on which an authentication system can be evaluated. The criteria presented are separated into the categories of security, usability and deployability. In this section, an analysis of FUAF will be performed against each criteria presented in the framework.

7.3.1 Usability

• Memorywise-Effortless: In case of legacy authentication systems where the user has to remember both the username and the password, while in the proposed system the user needs to remember only the password because username is the fingerprint of the user. Hence, the proposed system improves on the fact that legacy systems are not memorywise effortless.

• Scalable-for-Users: The legacy password systems are not scalable because there is a cognitive load on the user to keep the passwords separate for every account. Some users prefer to keep the usernames different for different accounts. However, the proposed system minimizes the load because the username which is the fingerprint can be same for multiple accounts and nothing has to be remembered by the user.

110 • Nothing-to-Carry: As the smartphone adoption increases and also the adoption of embedded ﬁngerprint sensors, nothing needs to be carried. The same assumption goes with legacy password systems when nothing is to be carried.

• Physically-Eﬀortless: In case of the proposed system it improves by a small factor where only the password has to be typed in and the username can be authenticated by scanning the ﬁngerprint.

• Easy-to-Learn: Similar to legacy authentication systems, the proposed system is easy to learn as it does not require any special training to the authenticating user.

• Efficient-to-Use: The existing devices for fingerprint scanning are inefficient but as the technology and the hardware improves, the system will take less time when registering a new user and also giving access with fingerprint.

• Infrequent-Errors: Similar to the above criteria, as the ﬁngerprint scanning technology improves, this beneﬁt can be achieved. In the legacy password systems that exist today, there can be errors when typing the username and password. So at best, both the systems can be labelled as

111 Quasi-Infrequent-Error.

• Easy-Recovery-from-Loss: The legacy password system is kept as is and hence the password can be easily changed if forgotten or if the account is compromised. However, it would require a skilled hacker to forge someone fingerprint but it would not require much skill to get someone textual username. Also in the case of forging the fingerprint to use it as a password, it is very difficult to get full controlled of the account unless the device is stolen along with a compromised email as well as the smartphone pin number.

7.3.2 Security

• Resilient-to-Physical-Observation: Legacy password authentication systems are not resilient to physical observation. The system with ﬁngerprint as username improves the security of the system by a small factor as the username is resilient to physical observation.

• Resilient-to-Targeted-Impersonation: Due to the carelessness of the users in setting the password as easily guessable and also writing them down in a paper, the legacy system is quasi resilient to target impersonation. In case of ﬁngerprints as well, ﬁngerprint of a user can be targeted but it would require a skilled user and the existence of the smartphone itself. Hence the proposed system is quasi resilient to targeted impersonation.

112 • Resilient-to-Throttled-Guessing: Passwords are not resilient to throttled guessing, the reason being it is chosen poorly. The proposed system improves the resilience by making it diﬃcult to guess usernames.

• Resilient-to-Unthrottled-Guessing: Legacy authentication systems are also not resilient to unthrottled guessing (brute force) because they are chosen poorly and can be targeted. Nevertheless, the proposed system improves the resilience because acquiring ﬁngerprint takes an extra eﬀort when compared to acquiring textual username.

• Resilient-to-Internal-Observation: Textual passwords are not resilient to internal observation as they are static tokens. Fingerprint have also been shown not resilient because captured subjects of biometric can replay in unsupervised environments.

• Resilient-to-Leaks-from-other-Verifiers: Similar to legacy password systems, the proposed system is not resistant to leaks from other verifiers. However, that will be only for the password since the username, fingerprint, is stored on the device.

• Resilient-to-Phishing: Passwords are not resilient to phishing attacks. The resilience of the proposed system towards phishing attack would depend on the implementation rather than the design. For example, if the ﬁngerprint

113 template never leaves the phone then it would be resilient to phishing attacks.

• Resilient-to-Theft: Legacy Password Authentic systems do not require any external device or hardware for authentication and so it is resilient to theft. In the proposed system a user can be targeted and his ﬁngerprint may be stolen and so at best the proposed system is Quasi Resilient-to-Theft.

• Non-Trusted-Third-Party: In case of legacy password authentication systems, there is no third party to be trusted for the authentication. Similarly, the proposed system also does not require trusting any third party. So the beneﬁt is maintained.

• Requiring-Explicit-Consent: In case of textual passwords, one needs to type them and so it requires explicit consent. Similarly one needs to scan a ﬁngerprint to authenticate them and so the proposed system requires explicit consent as well.

• Unlinkable: Legacy password authentication systems with the assumption that sites add an extra layer to the password before storage. The proposed system is at best Quasi-unlinkable because physical biometrics in itself are not unlinkable.

114 A summarized table, Table A representing the scoring received by both the systems on each of the criteria is presented below. The label ”Y” indicates that a system offers the benefit stated by the criterion, label ”N” indicates that a system does not offer the benefit and label ”Q”’ indicates that a system improves from completely not offering the benefit to providing a part of the benefit. Quantifying the scoring received by each method helps us set up a mathematical base for comparison. Scoring the systems on a same set of numbers aids us in taking a calculated decision on systems that performs better in comparison. For this purpose, the labels ”N”, ”Q” and ”Y”’ are mapped to a set of numerical values. The label ”N” has been assigned to a score of 0 to it. As ”Q”’ label indicates a better performance when compared to ”N” it has been assigned to a score of 0.5. The label ”Y” indicates that the system offers the benefit stated by a criterion. Hence, has been assigned to it a score of 1.

The cumulative score for the usability of the legacy system is 4.5 while FUAF scores 5.5. Similarly, the legacy system the cumulative score of the security of the legacy system is 4.5 and 6 for FUAF. From the table, it can be inferred and stated that in the aspects of security and usability, FUAF achieves a higher cumulative score when compared to legacy password system. It is safe then to argue that FUAF performs better than legacy password system as per the detailed criteria in the aspects of security and usability.

115 Table 7.1: A comparative ﬁgure is presented below for easier representation.

Legacy System FUAF Usability Memory wise effortless N Q Scalable for users N N Nothing to carry Y Y Physically Effortless N Q Easy to Learn Y Y Efficient to use Y Y Infrequent errors Q Q Easy recovery from loss Y Q

Security Resilient to: Physical Observation N Q Targeted Impersonation Q Q Throttled Guessing N Q Unthrottled Guessing N Q Internal Observation N Q Leaks from Other Veriﬁers N N Phishing N N Theft Y Q

No trusted third party Y Y Requiring Explicit Consent Y Y Unlinkable Y Q

7.4 Security Metrics

”Measurement is the ﬁrst step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.” This old quote by James Harrington is a main pillar in all the types of research conducted. In FUAF case, it becomes necessary to measure the security in order to understand the added advantages or drawbacks. To measure the security of any system, the

116 measurement can be represented in the form of metrics. Diﬀerent attributes or characteristics of the system can be measured with the use of metrics.

Sporild in [148] presented a system for ranking authentication systems through vectors in three-dimensional space and also presented a system of metrics to evaluate the eﬀectiveness of various security measures. It presents two classes of metrics, one is relevant to the security of the authentication system and the other is relevant to the user-friendliness of the authentication system. Applying the metrics to FUAF will help identify the strength of FUAF system and help to quantify and compare the security strengths of legacy password system with the new system FUAF.

Also, OGorman in [1] has presented an extensive research on the comparison of passwords, tokens and biometrics for user authentication. The research outlines various attacks that are pertinent to each of these methods and how the methods cost against them. This research will be extended to formulate metrics to measure security strength of authentication systems.

Metric M-1 to M-3 are relevant to the security aspects of the authentication system and metric M-4 to M-6 are relevant to the user-friendliness aspect of the authentication system as presented by Sporild in [148].

In this research, I have formulated Metric M-7 to M-8 in order to better measure the strength of the authentication systems from the point of view of security.

117 I will analyze each metric and apply it to the legacy password system and also to FUAF. In the analysis, scores will be assigned to both the systems on the basis of the purpose of the metric and how well the authentication system fulﬁls the purpose.

Metric M-1: Measures the eﬀectiveness of the system and provides points on the basis of the method used for authenticating. As per the ﬁndings in [13] points are assigned to a method on the following basis. The maximum points that can be achieved are 5.

Table 7.2: A comparative ﬁgure is presented below for easier representation.

Method Points No authentication 0 point Username / password (textual) 1 point Smart card authentication 1 point Biometric authentication 2 point Smart card / secret combination 3 point OTP / secret combination 3 point Smart card / biometric combination 4 point Combination of something you know, have and are 5 point

In FUAF, I have proposed a combination of ”something you are” and ”something you know” i.e. biometric and password. As observed from the table, there is no scoring assigned for this combination but the research presented in [148] helps us in assigning a score to FUAF. We can observe here that the combination

118 of smart card and secret gets 3 points. However, as presented in the research it is much harder to forge a biometric than to steal a smart card. This is also evident from the fact that Biometric authentication gets 2 points which is higher than the points assigned to Smart card authentication. On the basis of above reasoning, we provide 4 points to our combination, a point higher than the combination of smart card and secret. Hence, as per the metric M-1, FUAF scores a 4 out of 5 and legacy system of textual username and password scores a 1 out of 5.

Metric M-2: Tries to measure the strength of the client-server communication in FUAF. It puts forward questions related to the encryption algorithm used and the size of the key used as well as the authentication algorithm used and the size of the key used in the same. The points are assigned on the basis of answers to these questions. The questions mentioned in metric M-2 deals with how the system is implemented. With the reference that it is certainly possible to encrypt ﬁngerprints and then decrypt them [14], It can be assumed that the both the password legacy systems and FUAF score 5 out of 5 provided that the systems are implemented in the best way possible.

Metric M-3: Determines the strength of the log on associated procedures. It presents precisely ﬁve questions related to log on procedures and assigns 1 point if the procedure is implemented and 0 otherwise. Each question is analysed below with respect to both the systems.

119 1. If an error condition arises, the system does not indicate which part of the data is correct or un-correct. Analysis: This negation question is related to the implementation aspect of the systems. In case of the legacy system, it is certainly possible to let the user know if the username was incorrect or the password. In case of FUAF, besides password, it is also possible to let the user know the result of his ﬁngerprint authentication for the username ﬁeld. Both the systems follow the procedures and single points can be assigned to both.

2. Limit number of unsuccessful logon attempts with one or more of the following consequences; time delay until next possible authentication attempt, recording unsuccessful attempts, disconnect connection, alarm trap. Analysis: This question is related to the eﬀectiveness of the implementation of the systems. In case of FUAF system, the requirement of delay until the next attempt is easily realized because it is harder to brute force ﬁngerprints when compared to textual passwords [1]. On the basis of above reasoning, it is safe to argue that FUAF has a slight edge when compared to legacy system for this procedure. We assign 0.5 to legacy password system and 1 point to FUAF. All the other factors mentioned in the procedure besides time delay can be implemented for both the systems [149].

3. Limit the maximum allowed log-on time. Analysis: The question relates to the implementation aspect and with the assumption that this can be controlled at client side for any system that has

120 authentication, both the system scores full points on this procedure.

4. Does the system display the following information on completion of successful authentication attempts: Date and time of last successful authentication and detail on any unsuccessful attempts. Analysis: The question relates to the implementation aspect and with the assumption that proper bookkeeping is done at server side, both the system scores full points on this procedure.

5. All users have their own unique identifier which is for personal use only. Analysis: Fundamentally, a fingerprint is ”’who you are”’ characteristic and a username or a password is ”’what you know”’ characteristic. It is safe then to argue that fingerprints are more unique to a user compared to a textual username with the reasoning that an email id as username has more probability to be used by multiple users than a fingerprint as username. On the basis of above reasoning, we assign 0.5 to legacy password system and 1 point to FUAF. All the other factors mentioned in the procedure besides time delay can be implemented for both the systems [149]. Hence, as per the metric M-3, FUAF scores a 5 out of 5 and legacy system of textual username and password scores a 4 out of 5.

Metric M-4: The aim of this metric is to determine if the authentication method used is user-friendly. As per the ﬁndings in [148] points are assigned to a method

121 on the following basis. The maximum points that can be achieved are 5.

In FUAF, a combination of ”’something you know”’ and ”’something you are”’ i.e. biometric and password is proposed. As observed from the table, there is no mention of scoring for this combination but the research presented can help us in assigning a score to FUAF. It can be observed here that the combination of smart card and secret gets 3 points. However, as presented in the research it is easier to use a biometric rather than a smart card. This is also evident from the fact that biometric authentication gets 4 points which is higher than the points assigned to smart card authentication. On the basis of above reasoning, 2 points is provided to the combination, a point higher than the combination of smart card and secret. As per the metric M-4, FUAF scores a 2 out of 5 and legacy system of textual username and password scores a 1 out of 5.

Metric M-5: Measures the strength of the authentication system as per the learning curve associated with the system. If the learning curve is steep, the system loses points. If it is easy, the system gains the points in this aspect.

Metric M-6: Measures if the speed of authentication is acceptable by the user or not. The more it is acceptable, the system gains better points. As it is essential to verify the user-friendliness of a system from a user perspective and in order to get an accurate idea, I propose to evaluate the scores of these two metrics from

122 the answers to the questionnaire survey.

Metric M-7: It is presented with the aim to measure the security of the system on the basis of effective keyspace of an authentication method. From [1], it is understood that the effective keyspace of a password with n characters where each character can have c different values is kp, where:

kp = cn

For example, let us consider that the password is of 8 characters and they belong to a set of 62 alphanumeric characters. We then have the keyspace as

kp = 628

Also with reference to [1] the eﬀective keyspace of a ﬁngerprint is

1/0.0001 = 104

When we compare FUAF with the legacy password system, we realize that for FUAF, there is no publicly known email as the username but a fingerprint instead. So for a potential hacker, the keyspace of password is definitely applied but also along with it, the keyspace of fingerprint is considered. The reason for the above statement is that fingerprint needs to be forged to compromise the username. On the basis of above reasoning, we provide 3 points to the legacy system and 4 points

123 to FUAF.

Metric M-8: Considering that multifactor authentication is better security practice [150]. This metric is formulated to measure if multifactor authentication is one of the characteristics of the authentication system. With the consideration that ﬁngerprint also needs to be authenticated with a password in FUAF, it provides an additional factor of authentication when compared to the legacy system. On the above reasoning, we provide 3 points to the legacy system and 4 points to FUAF.

7.5 Summarized metric results

From the research presented in [148], the results of the metrics can be added to two three dimensional vectors, one representing security and the other representing usability of the system. I will consider M-1 to M-3 for security and M-4 to M-6 for usability because the analysis is for three dimensional. Now, S= (M1x, M2y, M3z) U= (M4x, M5y, M6z) An ideal result will be a vector running from (0x, 0y, 0z) to (5x, 5y, 5z). Let us say, I = (5x, 5y, 5z)

124 The Euclidean distance of both S and U are calculated from I and the results are noted for legacy systems. Similarly, the Euclidean distance is calculated for FUAF. The smaller the distance, better the authentication method.

The formula for calculating the distance of metric result from the ideal vector is as follows:

Distance between I and S (Security): d =

q (Ix − M1)2 + (Iy − M2)2 + (Iz − M3)2

Distance between S and I (Security for Legacy System): d =

q (5 − 1)2 + (5 − 5)2 + (5 − 4)2

Distance between I and U (Security for Legacy System): d = 4.12

Distance between S and I (Security for FUAF): d =

q (5 − 4)2 + (5 − 5)2 + (5 − 5)2

Distance between S and I (Security for FUAF): d = 1

125 Table 9.18 represents a summarized representation of the metric scores for both the systems and also the calculated Euclidean distance.

Table 7.3: Comparison of security metric scores

System M1 M2 M3 Euclidean Distance from I Legacy System 1 5 4 4.12 FUAF 4 5 5 1

Figure 7.1: Results for compering security in both legacy system and FUAF in a three dimensional space.

From the calculated Euclidean distance, it is straightforward to state that FUAF is closer to the ideal system when compared to legacy system and hence it performs better in the aspects of security. As the results of metrics M-5 and M-6

126 are related to the survey outcome, I will resume the further analysis of security metrics in the survey results chapter.

7.6 Implications and Conclusion

As described in the previous section, there is no ideal authentication system which offers all the benefits mentioned in the framework. Legacy password authentication systems have been irreplaceable and have been in existence since long because the trade-off between security and usability has been maintained. The proposed system aims to overcome some of the drawbacks of the legacy system and also provide some additional benefit. It tries to improve on the legacy system by performing a small factor up in many criteria. A research is applicable and trustworthy when it is not only backed by the theoretical proof but also by the practical presentation. As a further step into the research, it becomes necessary to represent the proposed idea in the form of a practical application and measure the adoption of the application by the prospective users.

127 Chapter 8

Evaluating of the User Adoption

8.1 Background on the proposed idea

In the project proposal, I presented the idea of using fingerprints as usernames and then conducted a survey on the basis of Technology Adoption Model (TAM) to gauge the prospective user adoption. The responses received were analysed and descriptive analysis was performed on them to get the adoption rate on the basis of the statistics. The responses received were positive and it was a strong indicator for us to deep dive further into the research proposal and present a proof of concept on the same. Due to the ever increasing adoption rate of smartphones in the entire world, the simplest and the most effective proof of concept that we could come up was designing a smartphone application. The android app developed depicted the process of user signup and login using the idea of using fingerprints as usernames.

128 8.2 Proof of Concept

The android app is minimalistic and has been developed with the sole purpose of presenting the idea. The ﬂow of the android app goes as follows: From the home screen, the users would navigate to Sign Up or Sign In depending on whether the user has signed up earlier.

Figure 8.1: Home screen of the prototype app

In an ideal scenario, the user would ﬁrst proceed to sign up for an account. In the registration process, details like email, password, name will be fetched. Once all the details are inserted by the user, validations are performed on each ﬁeld. On successful validation, the user is registered and an account is created.

On click of the ”Authenticate fingerprint” button displayed in Figure 8.2 and Figure 8.3, the user will be directed to the Authenticate Fingerprint screen which is displayed in Figure 8.4 On click of the fingerprint icon in the Figure 8.4 the user will be required to scan his fingerprint. The pre-condition here is that the

129 Figure 8.2: Sign Up Screen

Figure 8.3: Sign Up Screen with details entered user should have already registered one of his ﬁngerprint in the Android Native Settings App.

Once the user has successfully registered, the app will proceed to the Sign In screen displayed in Figure 8.5 The user will be once again prompted to scan the ﬁngerprint to sign in. Note here the change from the legacy systems wherin

130 Figure 8.4: Authenticate Fingerprint Screen username and password are required for login.

Figure 8.5: Sign In screen

After successful authentication of the ﬁngerprint in the sign in screen and correct match of password, the user will be signed in to his account. The details that were fetched at the time of the user sign up will be displayed as shown in Figure 8.7

131 Figure 8.6: Sign In screen with details entered

Figure 8.7: Proﬁle page after successful sign in

The application also provides the functionality of resetting the password of an account if it is compromised or if the password is forgotten by the user. On click of Forgot Password button shown in Figure 8.5 the user will be directed to Figure 8.8 where he will have to authenticate his ﬁngerprint and also provide a valid registered email address. On click of the “Forgot Password” button, the app will sent an email to the address entered. The email will contain the link to reset the password as shown in Figure 8.9 On click of forgot password link, the user will

132 be navigated to a simple web page where he will be able to enter a new password for his account.

Figure 8.8: Reset Password screen

Figure 8.9: Password reset email

8.3 Selection of Adoption model

As described in the Research model and hypothesis section in Project proposal, technology adoption is of utmost importance in understanding technology diﬀusion

133 and adoption. Of all the frameworks used for user adoption, TAM stands out as the most valid out of all the models [138]. TAM model was presented and researched in the project proposal. Also, hypothesis were formulated and survey questions were developed on the basis of the constructs of TAM. The purpose of measuring user adoption in the project proposal was to gauge if the users will be comfortable and adaptive towards the idea. Now that the actual implementation is developed, it becomes essential to formulate hypothesis relating to user adoption and survey people after they use the prototype application.

There has been application and extension of TAM in measuring user adoption in a variety of fields. To quote a few examples, Kim et. al [151] applied TAM to understand the adoption of Hotel Front Office Systems [HFOSs] by hotel frontline employees. They also went on to distribute the survey questionnaire to the employees who had used modules in HFOSs. Escobar-Rodr?ťguez et. al [152] used TAM to understand the adoption of E-Prescriptions and Automated Medication- Management Systems (EPAMMS). The EPAMMS completely restructured the way prescriptions were provided and medications were managed. The questionnaire was distributed among hospital physicians and nurses. It consisted of the questions relating to the hypothesis formulated with the help of constructs of TAM. As per the research conducted, there have been numerous instances where TAM has not only been applied to proposals but also to developed systems. As TAM has received tremendous support in research related to the adoption of new technology and due to the reason that TAM fits the requirement of an adoption model, it became essential to apply the model to gauge the user adoption of the implementation of

134 FUAF.

8.3.1 Formulating Hypothesis

As a reference for formulating hypothesis on the basis of diﬀerent constructs of TAM, below is a ﬁgure of the TAM model.

Figure 8.10: Technology Acceptance Model (TAM)

Perceived usefulness in the biometric system is predominantly an indication of the adoption of technology by the users [144]. For fingerprints as usernames, factors such as resilience to shoulder surfing, memory wise effortless, faster sign in can help decide the perceived usefulness by the prospective users. Also, it is linked to the extent to which it will be more useful security wise when compared to an alphanumeric password. The research conducted by Hylke Huys presents that the greater the perceived usefulness, the greater the intention to accept a biometric system [131]. After studying the existing literature, the following hypothesis has been developed.

135 Hypothesis 1: Perceived usefulness has a positive impact on users attitudes towards using ﬁngerprints as usernames.

Analysing the fundamental constructs of TAM, let us examine the next construct which is Perceived Ease of Use. Davis has presented that users will not adopt a new technology unless it is easy to use. From the research conducted by Pons Polak, the ease of use of fingerprint and their transparency are key in adoption by the users [132]. For fingerprints as usernames, factors such as ease of use when understanding the system, easier sign in process, interaction with the implementation can help decide the ease of use of the system. Thus, in the light of the existing studies, the following hypothesis has been developed. Hypothesis 2: Perceived ease of use has a positive impact on users attitudes towards using fingerprints as usernames.

Lu et al. have presented that there exists a strong, positive relationship between perceived ease of use and perceived usefulness [133]. If a user finds a technology easy to use, there is a probability that he may examine the technology to find out ways in which it may be useful to him. The following hypothesis was then developed with the consideration that factors relating to ease of use can help in determining perceived usefulness. Hypothesis 3: Perceived ease of use has a positive impact on perceived usefulness towards using fingerprints as usernames.

Legris and Shih, in their research, have presented that when there is a positive attitude towards using new technologies, there is bound to be strong intentions to

136 adopt those technologies [135], [153]. Factors such as recommending others to use, advantageous to use, etc. can help in determining intention to use. The following hypothesis is developed from the existing literature. Hypothesis 4: Users attitude towards using ﬁngerprints as usernames has a positive impact on their intention to use the system.

Using TAM constructs, these four hypotheses have been developed for measuring the user adoption of FUAF. The responses of the user towards a survey questionnaire that includes questions related to the constructs can help determine if the above mentioned hypothesis are satisﬁed.

8.3.2 Methodology

For the construct ”Perceived ease of use” questions related to learning, using and interacting with the FUAF system were asked. Attitude towards use and intention towards use were measured using various questions related to these constructs. For the construct ”Perceived usefulness” questions related to the speed of the FUAF system and the advantages provided by the FUAF system were asked. For the construct ”attitude towards use” question related to the control and skill of the user towards FUAF were asked. And for the construct ”intention to use” questions related to the intention and recommendation of the FUAF were asked. Each set of questions dealt with measuring the constructs to make a justiﬁed analysis. As per [154], the advantages of using Likert scale questions are that it is easy to understand, easy to draw conclusions, reports, and graphs from answers, and also

137 people can choose to be neutral as well in the responses. Hence, the responses to this survey question were of Likert-type with values ranging from strongly agree to strongly disagree. Based on the answer to these questions, the perception of the user towards FUAF can be determined. To create a proﬁle of respondents, the survey had demographic questions related to age, gender and education (see Appendix for the exact questions).

An online survey was conducted with respondents having diverse demographic properties. The sample frame included email addresses of students, colleagues and also teachers. In April 2018, an invitation email to participate in the online survey was sent out, a number of 69 respondents completed the survey. The respondents were requested to take the survey after they had a look at the developed prototype. The prototype had minimalistic information and snapshots on how they could use the actual application if they desired to.

138 Chapter 9

Analysis of the Survey

9.1 Results

Out of the 69 responses received, two of them were outliers as they did not respond to every question asked in the survey. Hence the analysis was conducted on 67 responses. As stated in [155], performing data analysis has advantages of providing meaningful insight into raw data, enabling to shut down biases when conclusions and inferences are made and many more. For communicating research findings, to support hypotheses and also to give credibility to the research methodology, statistical analysis is used [156]. A tool for conducting statistical analysis, developed by IBM is qualified to carry out statistical analysis on our responses [157]. Conducting the statistical analysis of the responses will enable me to find out users opinion on the constructs of TAM. Consequently, it can also allow me to question if the hypotheses presented are proved correct. In the below section, I present a descriptive analysis of user demographic

139 information received and also take a look at responses to each of the survey question to analyze them and draw cumulative conclusions.

9.1.1 Demographic information

Studying the demographic profile of respondents, around 61% of them were males (42 males to be exact), and rest of them were females (27 females to be precise. Also, most of the population was relatively young with around 54% of the respondents between the age group of 18-29 years old, about 41% between the age group of 30-49, and approximately 6% between the age group of 50-64 years old. It can also be inferred from the analysis that the respondents represented a bunch of qualified individuals as around 35% of them held the highest degree as a graduate degree in their fields. About 20% and 38% held the highest degree of high school and bachelor degree respectively. A minor around 7% of them had the highest degree of an Associate degree. A detailed representation of the analysis mentioned above is presented in Table 9.1 and Figure 9.1 below.

9.1.2 Information related to FUAF

The survey questions following the demography related questions were related to the constructs of TAM. A set of questions were formulated for each of the constructs. The answers to all these questions were based on a Likert scale, and they were anchored in 5 points ranging from 1=strongly disagree, 2=Disagree,

140 Table 9.1: Demographic Information of Participants

Item and Scale Frequency Percentage (%) Gender Male 42 60.87 Female 27 39.13

Age 18-29 years old 37 53.62 30-49 years old 28 40.58 50-64 years old 4 5.80 65 years and over 0 0

Education Level High school 14 20.29 Associate degree 5 7.25 Bachelor degree 26 37.68 Graduate degree 24 34.78

3=Neutral, 4=Agree, 5=strongly agree. In the section below, I analyze responses to each question and represent the responses in tables and ﬁgures to gather the outcome of the responses easily.

The ﬁrst set of questions dealt with understanding the user perception on ease of use. The ﬁrst question in the set asked if the potential users found the system easy to use. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of picks was disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.2 that a majority of the users, approx. 90% of them found FUAF easy to use.

141 Figure 9.1: The responses percentage for the Demographic Information of participants: Gender, Age and Education Level

Table 9.2: Participants thoughts if FUAF is easy.

Attributes Values N 67 Mean 4.51

The second question in the set asks if the potential users thought that learning to use FUAF is clear and easy. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. Again, the option that received the least number of selections was disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.3 that a majority of the users, approx. 84 % (100.0-16.4=83.6) of them thought that learning to use FUAF is clear.

142 Figure 9.2: Chart showing the responses percentage for participants if they think FUAF is easy to use.

Table 9.3: Participants thoughts if learning FUAF is clear.

Attributes Values N 67 Mean 4.46

The third question in the set queries if the potential users thought that using the FUAF system will be easy. This diﬀers from the ﬁrst question in the sense that this one has the context of whether the users will continue to see the new systems as easy to use. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. Again, the option that received the least number of selections was disagreeing with the statement. Concluding from the cumulative percent displayed in Table 9.4, a majority of the users, approx. 88 % (100.0-11.9=88.1) of them thought that using FUAF will be

143 Figure 9.3: Chart showing the responses percentage for participants if they think learning FUAF is clear. easy.

Table 9.4: Participants thoughts if using FUAF will be easy.

Attributes Values N 67 Mean 4.45

The fourth question in the set measures if the potential users felt that FUAF will not require a lot of mental eﬀort. Similarly, the same pattern that was seen in the above three questions was followed here as well. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was disagreeing with the statement. Concluding from the cumulative percent displayed in Table 9.5, a majority of the users, approximately 84% felt that for a user, FUAF will not require a lot of mental

144 Figure 9.4: Chart showing the responses percentage for participants if they think using FUAF will be easy. eﬀort.

Table 9.5: Participants thoughts if FUAF will not require a lot of mental eﬀort.

Attributes Values N 67 Mean 4.45

The second set of questions dealt with understanding the user perception regarding the usefulness of the system. The ﬁrst question in the set asks if the potential users thought that using FUAF will enable faster sign in. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least amount of picks was disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.6 that a majority of the users, approx. 85% of them thought that it would be faster

145 Figure 9.5: Chart showing the responses percentage for participants if they think FUAF will not require a lot of mental eﬀort. to sign in with FUAF.

Table 9.6: Participants thoughts if it would be faster to sign in with FUAF.

Attributes Values N 67 Mean 4.24

The second question in the set asks if the potential users thought that it will be useful not to remember textual usernames. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.7 that a majority of the users, approx. 85% of them thought that it would be useful not to remember

146 Figure 9.6: Chart showing the responses percentage for participants if they think it would be faster to sign in with FUAF. textual usernames.

Table 9.7: Participants thoughts if it would be useful not to remember textual usernames.

Attributes Values N 67 Mean 4.46

The third question in the set asks if the potential users thought that using fingerprints as usernames is a viable idea since fingerprints cannot be looked upon when a person is scanning his fingerprint. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.8 that a majority of the users, approx. 84% of them thought that fingerprints as usernames is a viable

147 Figure 9.7: Chart showing the responses percentage for participants if they think it would be useful not to remember textual usernames. idea.

Table 9.8: Participants thoughts if ﬁngerprints as usernames is a viable idea

Attributes Values N 67 Mean 4.42

The fourth question in the set asks if the potential users ﬁnd that using FUAF is advantageous. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was strongly disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.9 that a substantial a majority of the users, approx. 82% of them thought that FUAF is advantageous.

148 Figure 9.8: Chart showing the responses percentage for participants if they think using ﬁngerprints as usernames is a viable idea

Table 9.9: Participants thoughts if FUAF will be advantageous.

Attributes Values N 67 Mean 4.33

The third set of questions dealt with understanding the users attitude towards the use of the system. The ﬁrst question in the set asks if the potential users thought that using FUAF is a good idea. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was strongly disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.10 that a majority of the users, approx. 88% of them thought that using FUAF is a good idea.

149 Figure 9.9: Chart showing the responses percentage for participants if they think using FUAF will be advantageous.

Table 9.10: Participants thoughts if using FUAF is a good idea

Attributes Values N 67 Mean 4.42

The second question in the set asks if the potential users thought that using FUAF is within their control. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.11 that a majority of the users, approx. 87% of them thought that using FUAF is within their control.

The third question in the set asks if the potential users have the resource, knowledge and the ability to use FUAF. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option

150 Figure 9.10: Chart showing the responses percentage for participants if they think using FUAF is a good idea.

Table 9.11: Participants thoughts if using FUAF is within their control.

Attributes Values N 67 Mean 4.46

that received the next higher number of selections was agreed. The option that received the least number of selections was strongly disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.12 that a majority of the users, approx. 85% of them has the resource, knowledge and the ability to use FUAF.

The fourth question in the set asks if the potential users will be able to skilfully use the FUAF system in the future. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was strongly disagreeing with the statement.

151 Figure 9.11: Chart showing the responses percentage for participants if they think using FUAF is within their control.

Table 9.12: Participants thoughts if they have the resource, knowledge and the ability to use FUAF.

Attributes Values N 67 Mean 4.31

We can conclude from the cumulative percent displayed in Table 9.13 that a majority of the users, approx. 82% of them said that they will be able to skilfully use the FUAF system.

The fourth set of questions dealt with understanding the users intention to use the system. The ﬁrst question in the set asks if the potential users intends to use FUAF. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was strongly disagreeing with the statement. We can conclude from the cumulative

152 Figure 9.12: Chart showing the responses percentage for participants if they have the resource, knowledge and the ability to use FUAF.

Table 9.13: Participants thoughts if they will be able to skilfully use the FUAF system.

Attributes Values N 67 Mean 4.34

percent displayed in Table 9.14 that a majority of the users, approx. 84% of them intends to use FUAF.

Table 9.14: Participants thoughts if they intends to use FUAF.

Attributes Values N 67 Mean 4.21

The second question in the set asks if the potential users will frequently use FUAF. The responses received to this question highlighted that most respondents

153 Figure 9.13: Chart showing the responses percentage for participants if will able to skilfully use the FUAF system. strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the least number of selections was strongly disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.15 that a majority of the users, approx. 82% of them will use FUAF frequently.

Table 9.15: Participants thoughts if they will use FUAF frequently.

Attributes Values N 67 Mean 4.18

The third and the ﬁnal question in the set queries if the potential users will recommend FUAF to others. The responses received to this question highlighted that most respondents strongly agreed to the statement. The option that received the next higher number of selections was agreed. The option that received the

154 Figure 9.14: Chart showing the responses percentage for participants if they intends to use FUAF. least number of selections was strongly disagreeing with the statement. We can conclude from the cumulative percent displayed in Table 9.16 that a majority of the users, approx. 81% of them will recommend FUAF to others.

Table 9.16: Participants thoughts if they will recommend FUAF to others.

Attributes Values N 67 Mean 4.27

155 Figure 9.15: Chart showing the responses percentage for participants if they will use FUAF frequently.

Figure 9.16: Chart showing the responses percentage for participants if they will recommend FUAF to others.

156 9.2 Reliability

To gauge the instrument quality, a reliability analysis has to be conducted which is used as a pointer for the internal consistency. Cronbach's alpha is widely utilized for such an analysis where values fall in the range of 0 to 1 [158]. The four construct of TAM was measured, and all of them showed a high level of Cronbach's alpha values. Perceived ease of use, perceived usefulness, attitudes, and intentions to use had scored (.91), (.86), (.90) and (.94) respectively as shown in Table 9.17.

Table 9.17: Reliability Score for each construct of TAM

Constructs Cronbach α value Perceived Ease of Use .91 Perceived Usefulness .86 Attitudes .90 Intentions to Use .94

9.3 Implications

From the statistical analysis presented in the above section, it can be stated that the potential users ﬁnd FUAF easy and useful to use and they also have a positive attitude towards using the system and therefore a positive intention to use FUAF. We can calculate the average of positive responses to all the questions relating to a construct to determine the overall impact of each construct. The average formula can then be formulated as below:

P cumulative percentage of positive responses of all questions averege = number of questions

157 Calculating the average for ease of use (eu) construct, we have

P 88.1, 83.6, 88.1, 83.6 averege = eu 4

averegeeu = 85.85

Calculating the average for perceived usefulness (pu) construct, we have

P 85.1, 85.1, 83.6, 82.1 averege = pu 4

averegepu = 83.97

Calculating the average for attitude towards use (au) construct, we have

P 88.1, 86.6, 85.1, 82.1 averege = au 4

averegeau = 85.47

Calculating the average for intention to use (iu) construct, we have

158 P 83.6, 82.1, 80.6, 83.6 averege = iu 4

averegeiu = 82.10

It can be stated from the above averages that the user’s perceived usefulness had a positive impact on their attitude towards using FUAF because approximately 84% users found that FUAF is useful and about 85% users also had a positive attitude towards using FUAF. Hypothesis 1 can be argued to be correct in the light of these findings. Also, hypothesis 2 can be argued to be correct with the evidence that approximately 86% users found that FUAF is easy to use and about 85% users also had a positive attitude towards using FUAF. Thus, a user’s perceived ease of use had a positive impact on their attitude towards using FUAF. It can also be stated from the above averages that the user’s ease of use and perceived usefulness had positive impacts towards using FUAF because approximately 86% users found that FUAF is easy and about 84% users also found that FUAF is useful. Hence, hypothesis 3 can be argued to be correct. The fourth and the final hypothesis states that user’s attitude towards use will have a positive impact on their intention to use the system. This can be argued to be correct with the finding that approximately 85% users had a positive attitude towards the system use and about 83% users also had a positive intention to use FUAF.

159 9.4 Analysis of Usability Metrics

Security metrics were presented and analyzed in the previous chapter. We left the analysis of metrics M-5 and M-6 because the results of those can be derived from the survey results. Metric M-5 measures the strength of the authentication system as per the learning curve associated with the system. Metric M-6 measures if the speed of authentication is acceptable by the user or not. From the survey results and analysis presented in the previous section, we see that 83.6% of the users agreed that learning FUAF is clear. In addition to this, 85.1% of the users agreed that FUAF will enable faster sign in process. By these survey ﬁndings, we can assign scores to metrics M-5 and M-6 out of a max score of 5. Mapping the percentage score to a value out of 5, we get 4.18 score for metric M-5 and 4.25 score for metric M-6. In case of the legacy system, for the metric M-5 we can argue that the user will have to remember the username of an account while in case of FUAF, they will not have to. So for M-5, we can assign a score of equal or less to the legacy system when compared to the score of FUAF. We assign here an equal score of 4.18 to both the systems. In FUAF, a user will not have to key in a username while in legacy systems, a user will have to type in a username. When signing in, FUAF can have an advantage of speed compared to legacy systems. Let us be optimistic and assign an equal score of 4.25 to both the systems. We know from earlier analysis that U= (M4x, M5y, M6z) I = (5x, 5y, 5z)

160 Distance between I and U (Usability): d =

q (Ix − M4)2 + (Iy − M5)2 + (Iz − M6)2

Distance between S and I (Usability for Legacy System): d =

q (5 − 1)2 + (5 − 4.18)2 + (5 − 4.25)2

Distance between I and U (Usability for Legacy System): d = 4.15

Distance between S and I (Usability for FUAF): d =

q (5 − 2)2 + (5 − 4.18)2 + (5 − 4.25)2

Distance between S and I (Usability for FUAF): d = 3.19

Table 5 represents a summarised representation of the metric scores for both the systems and also the calculated Euclidean distance.

Table 9.18: Comparison of usability metric scores

System M4 M5 M6 Euclidean Distance from I Legacy System 1 4.18 4.25 4.15 FUAF 2 4.18 4.25 3.19

161 Figure 9.17: Results for compering usability in both legacy system and FUAF in a three dimensional space.

162 Chapter 10

Conclusions and Future Work

10.1 Conclusion

Biometrics is an essential property of humans, and it has been around since the beginning of humankind. Biometric technologies have also been developed and researched since long time ago. Biometrics have a strong characteristic that a person cannot forget easily or lose their biometrics. This has been the reason why biometric authentication has been researched at large through the security literature. Also as biometrics is hard to fake, unique to each individual and it increases the convenience, they present a strong case as a candidate for authentication systems. Biometric technologies like Fingerprint identiﬁcation, Hand Geometry, Iris scan, Face Recognition, etc. are methods of verifying a living person based on a physiological or in some cases behavioral characteristics. Currentley authentication systems include authenticating a user account using a textual username and a textual password. It has been recognized that fundamentally for a user account, username should be ”’who you are”’ and

163 a password should be ”’what you know”’. In most cases, username in a user account is an email address of the user. Also, for uniquely identifying a person and to connect them to an individual level, we make our email addresses public. A potential hacker with an intent to compromise a user account only needs to make an effort to crack the password of the account as ”’what you know”’, i.e., an email address is easily available. Another problem with this established system is that it is over-reliant on email account of a user. Once the email account is compromised, almost all the accounts associated with that email address can be easily found thru the email and hence compromised. It is impossible to develop a system with an optimistic assumption that an authentication system, however reliable, will never be compromised. There have been proposals of authentication systems in the past that uses biometric as passwords. This has also been critiqued a lot due to the fundamental argument that as privacy is one of the most significant concerns of biometrics, once the data is compromised, it is nearly impossible to change the biometric characteristics. It then becomes necessary to not focus on developing a password replacement scheme but focus on the other parts of the authentication process. In this research, to reinforce security and usability of authentication systems, a system that does not challenge the concept of textual passwords but instead focuses on enhancing the username of an account was presented. The idea of using fingerprints as username and textual characters as a password was researched from the viewpoints of security metrics, usability metrics as well as user adoption. The approach presented in the research was validated and can be argued that it is more secure and usable when compared to legacy password systems. After the analysis was conducted using metrics, the method was validated with the help of TAM by measuring user

164 adoption using survey. The fact that the idea of using ﬁngerprints as usernames was well received by the potential users gives a strong validation to the research and encourages further research as well as an implementation of the proposed design.

10.2 Directions for further research

Directions for further research The design presented in FUAF could be validated in the light of other literature to show an even stronger case. There could be multiple ways of implementing the proposed system. For example, it could be performed using mobile-only approach by utilizing embedded ﬁngerprint scanners present on smartphones, or it could also be implemented using mobile as well as web approach. A detailed analysis could be conducted on how the system should be implemented. The system presented here takes into consideration ﬁngerprint as a username. However, this research could be extended to use any of the biometric characteristics as a username. As the technology of Blockchain achieves newer breakthroughs and make progress, the idea of saving biometrics of a user in a decentralized manner in a Blockchain data structure could be researched.

10.3 Timeline

165 Table 10.1: Timeline

Start date End date Task Summer 2015 Fall 2016 Required course completed Fall 2015 Fall 2016 Written comprehensive exams completed Fall 2017 Spring 2017 Oral comprehensive exam completed Summer 2017 Fall 2017 Proposal development and defense Fall 2017 Spring 2018 System implementation for ﬁngerprint as usernames Spring 2018 Spring 2018 TAM study, Metrics Analysis and Dissertation write-up Spring 2018 Summer 2018 Dissertation write-up

166 Appendix A

List of Publications

The following are the publications that have been produced during the course of this Ph.D. research.

Paper1. Towards Enhanced ComprehensionÂăof Human Errors in Cybersecurity Attack

Paper2. Inspirational Messages to Motivate Students: A Human Centered Smartphone Application for Stress Relieve.

167 Appendix B

Surveys Questions

The Adoption of Fingerprints as Usernames

1. What is your gender? O Male O Female

2. What is your age? O 18-29 years old O 30-49 years old O 50-65 years old O 65 years and over

3. What is the highest level of education you have completed? O High school O Associate degree O Bachelor degree

168 O Graduate degree

4. Have you ever used Fingerprint Identiﬁcation on mobile phone or when logging in to a computer or in any other use case? O Yes O No

5. How would you rate the level of importance of the information stored in your mobile device? [136] O High importance O Moderate importance O Low importance O No importance

6. What level of protection of privacy do you require for the information in your mobile device? [136] O High protection O Moderate protection O Low protection O No protection

7. If you would have ﬁngerprint scanning features on your mobile device, would you store more private information on your device? [136]

169 O Yes O No

8. Do you feel that bio-metric technologies are more secure than traditional IT security methods? [159] O Strongly Agree O Disagree O Agree O Strongly Disagree.

9. When authenticating using a username on a trusted platform, which one do ﬁnd more comfortable to use, ﬁngerprint as a username or alphanumeric username? O Fingerprint as a username O Alphanumeric username

10. How do you ﬁnd the idea of using ﬁngerprints as a username in authentication process?

......

170 ......

171 Evaluation of Fingerprints as Usernames for Authentication Framework (FUAF) Using TAM

Demographic questions

1. What is your gender? O Male O Female

2. What is your age? O 18-29 years old O 30-49 years old O 50-65 years old O 65 years and over

3. What is the highest level of education you have completed? O High school O Associate degree O Bachelor degree O Graduate degree

Perceived ease of use

172 4. I ﬁnd the new systems (FUAF) easy to use. O Strongly Agree O Disagree O Agree O Strongly Disagree.

5. I think learning to use the new system (FUAF) is clear. O Strongly Agree O Disagree O Agree O Strongly Disagree.

6. I think using the new system (FUAF) will be easy. O Strongly Agree O Disagree O Agree O Strongly Disagree.

7. I feel that interaction with the new system (FUAF) does not require a lot of mental eﬀort. O Strongly Agree O Disagree O Agree

173 O Strongly Disagree.

Perceived usefulness

8. I think that using this new system (FUAF) will make it faster for me to sign in. O Strongly Agree O Disagree O Agree O Strongly Disagree.

9. I think it is useful for me not to remember textual usernames. O Strongly Agree O Disagree O Agree O Strongly Disagree.

10. I think that ﬁngerprints as usernames is viable because ﬁngerprints cannot be looked upon easily. O Strongly Agree O Disagree O Agree O Strongly Disagree.

174 11. Overall, I would ﬁnd using the new system (FUAF) to be advantageous O Strongly Agree O Disagree O Agree O Strongly Disagree.

Attitude towards use

12. Using the new system (FUAF) is a good idea. O Strongly Agree O Disagree O Agree O Strongly Disagree.

13. Using the new system (FUAF) is within my control. O Strongly Agree O Disagree O Agree O Strongly Disagree.

14. I have the resource, knowledge and ability to use the new system (FUAF). O Strongly Agree O Disagree O Agree

175 O Strongly Disagree.

15. I will be able to skillfully use the new system (FUAF) in the future. O Strongly Agree O Disagree O Agree O Strongly Disagree.

Intention to use

16. Given the chance, I intend to use the new system (FUAF). O Strongly Agree O Disagree O Agree O Strongly Disagree.

17. I will frequently use the new system (FUAF) in the future. O Strongly Agree O Disagree O Agree O Strongly Disagree.

176 18. I will recommend the new system (FUAF) to others. O Strongly Agree O Disagree O Agree O Strongly Disagree.

177 Bibliography

[1] Lawrence O’Gorman. Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12):2021–2040, 2003.

[2] John. Working of Fingerprint Scanner. http://www.circuitstoday. com/working-of-fingerprint-scanner-2/, 2011. [Online; accessed 14- November-2016].

[3] Robert Triggs. How ﬁngerprint scanners work: optical, capacitive, and ultrasonic variants explained, 2016. [Online; accessed 14-November-2016].

[4] Tom Harris. How Fingerprint Scanners Work. http://computer. howstuffworks.com/fingerprint-scanner.htm/, 2015. [Online; accessed 12-November-2016].

[5] WTF News. Boston Police Used Facial Recognition Software To Grab Photos Of Every

Person Attending Local Music Festivals. http://wtfrly.com/2014/08/19/ boston-police-used-facial-recognition-software-to-grab-photos/ of-every-person-attending-local-music-festivals/#.WOH2V28rJhE/, 2014. [Online; accessed 14-November-2016].

178 [6] John Daugman. How Iris Recognition Works. In The Essential Guide to Image Processing, pages 715–739. 2009.

[7] Arun Ross and Anil K Jain. Multimodal biometrics: An overview. In Signal Processing Conference, 2004 12th European, pages 1221–1224. IEEE, 2004.

[8] Norman Poh, Thirimahos Bourlai, and Josef Kittler. Multimodal information fusion. Multimodal signal processing theory and applications for human computer interaction, page 153, 2010.

[9] S Samine Hosseini and Shahriar Mohammadi. Review banking on biometric in the worldŠs banks and introducing a biometric model for IranŠs banking system. Journal of Basic and Applied Scientiﬁc Research, 2(9):9152–9160, 2012.

[10] UNHCR. Biometric Cash Assistance. http://innovation.unhcr.org/ labs_post/cash-assistance/. [Online; accessed 18-September-2016].

[11] Ratha Nalini, Connell Jonathan, and Ruud Bolle. An Analysis of Minutiae Matching Strength. Audio- and Video-Based Biometric Person Authentication, 2001.

[12] Bozhao Tan and Stephanie Schuckers. New approach for liveness detection in ﬁngerprint scanners based on valley noise analysis. Journal of Electronic Imaging, 17(1):11009, 2008.

[13] Jukka Komulainen, Abdenour Hadid, and Matti Pietik¨ainen. Context based face anti-spooﬁng. In 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS), pages 1–8, 2013.

179 [14] Xinyu Huang, Changpeng Ti, Qi Zhenq Hou, Alade Tokuta, and Ruigang Yang. An experimental study of pupil constriction for liveness detection. In Proceedings of IEEE Workshop on Applications of Computer Vision, pages 252–258, 2013.

[15] Jonathan Connell, Nalini Ratha, James Gentile, and Ruud Bolle. Fake iris detection using structured light. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on, pages 8692–8696. IEEE, 2013.

[16] S.P. Venkatachalam, P.M. Kannan, and V. Palanisamy. Combining cryptography with biometrics for enhanced security. 2009 International Conference on Control, Automation, Communication and Energy Conservation, 2009.

[17] Fred D Davis. A technology acceptance model for empirically testing new end- user information systems: Theory and results. PhD thesis, Massachusetts Institute of Technology, 1985.

[18] Anil K Jain, Jianjiang Feng, and Karthik Nandakumar. Fingerprint matching. Computer, 43(2), 2010.

[19] Birgit Kaschte. Biometric authentication systems today and in the future. University of Auckland, 2005.

[20] wikihow.com. How to Fake Fingerprints. http://www.wikihow.com/ Fake-Fingerprints. [Online; accessed 01-October-2017].

180 [21] Anil Jain, Patrick Flynn, and Arun A Ross. Handbook of biometrics. Springer Science & Business Media, 2007.

[22] SynerionBlog. Top 3 Uses of Biometrics in Business. http://blog. synerion.com/top-3-uses-of-biometrics-in-business/, 2015. [Online; accessed 12-September-2016].

[23] Neil Lydick. A Brief Overview of

facial recognition. http://www.eecs.umich.edu/courses/eecs487/w07/ sa/pdf/nlydick-facial-recognition.pdf/, 2007. [Online; accessed 14- November-2016].

[24] Richard Yew Fatt Ng, Yong Haur Tay, and Kai Ming Mok. An eﬀective segmentation method for iris recognition system. 2008.

[25] Andrew D’Souza. Your Heartbeat May Soon Be Your Only Password. https: //www.wired.com/insights/2014/06/heartbeat-may-soon-password/, 2014. [Online; accessed 05-April-2017].

[26] Vijay M Mane and Dattatray V Jadhav. Review of multimodal biometrics: applications, challenges and research areas. International Journal of Biometrics and Bioinformatics (IJBB), 3(5):90–95, 2009.

[27] Richa Singh, Mayank Vatsa, and Afzel Noore. Integrated multilevel image fusion and match score fusion of visible and infrared face images for robust face recognition. Pattern Recognition, 41(3):880–893, 2008.

[28] Dakshina Ranjan Kisku, Jamuna Kanta Sing, Massimo Tistarelli, and Phalguni Gupta. Multisensor biometric evidence fusion for person

181 authentication using wavelet decomposition and monotonic-decreasing graph. In Proceedings of the 7th International Conference on Advances in Pattern Recognition, ICAPR 2009, pages 205–208, 2009.

[29] Pan Xiuqin, X Xiaona, L Yong, and C Youngcun. Feature fusion of multimodal recognition based on ear and proﬁle face. In Proceedings of SPIE, the International Society for Optical Engineering, pages 71272I–1. Society of Photo-Optical Instrumentation Engineers, 2008.

[30] Ajita Rattani and Massimo Tistarelli. Robust multi-modal and multi- unit feature level fusion of face and iris biometrics. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artiﬁcial Intelligence and Lecture Notes in Bioinformatics), volume 5558 LNCS, pages 960–969, 2009.

[31] Sina Jahanbin, Hyohoon Choi, and Alan C. Bovik. Passive multimodal 2- D+3-D face recognition using gabor features and landmark distances. IEEE Transactions on Information Forensics and Security, 6(4):1287–1304, 2011.

[32] Donald E. Maurer and John P. Baker. Fusing multimodal biometrics with quality estimates via a Bayesian belief network. Pattern Recognition, 41(3):821–832, 2008.

[33] G Hemantha Kumar and Mohammad Imran. Research avenues in multimodal biometrics. IJCA Special Issue on ŞRecent Trends in Image Processing and Pattern RecognitionŤ, RTIPPR, 2010.

[34] Yu A Zuev and S K Ivanov. The voting as a way to increase the decision reliability. Journal of the Franklin Institute, 336(2):361–378, 1999.

182 [35] Ajay Kumar, David Wong, Helen Shen, and Anil Jain. Personal Veriﬁcation Using Palmprint and Hand Geometry Biometric. Audio- and Video-Based Biometric Person Authentication, 2688:1060, 2003.

[36] K.I. Chang, K.W. Bowyer, and P.J. Flynn. Face recognition using 2D and 3D facial data. ACM Workshop on Multimodal User . . . , pages 25–32, 2003.

[37] Anil K. Jain, Salil Prabhakar, and Shaoyun Chen. Combining multiple matchers for a high security ﬁngerprint veriﬁcation system. Pattern Recognition Letters, 20(11-13):1371–1379, 1999.

[38] Xiaoguang Lu Xiaoguang Lu, Yunhong Wang Yunhong Wang, and A.K. Jain. Combining classiﬁers for face recognition. 2003 International Conference on Multimedia and Expo., 3:13–16, 2003.

[39] Gian Luca Marcialis, Fabio Roli, Josef Kittler, and M S Nixon. Experimental results on fusion of multiple ﬁngerprint matchers. In 4th International Conference on Audio and Video-Based Person Authentication, AVBPA 2003, volume LNCS 2688, pages 814–820, 2003.

[40] E Big¨un,J Big¨un,B Duc, and S Fischer. Expert conciliation for multi modal person authentication systems by Bayesian statistics. Biometric Person Authentication, pages 291–300, 1997.

[41] Lin Hong and Anil Jain. Integrating faces and fingerprints for personal identification. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), volume 1351, pages 16–23, 1997.

183 [42] R.W. Frischholz and U. Dieckmann. BiolD: a multimodal biometric identiﬁcation system. Computer, 33(2):64–68, 2000.

[43] Statista. Reasons for online shopping cart abandonment 2012 — Statistic.

http://www.statista.com/statistics/232285/ reasons-for-online-shopping-cart-abandonment/, 2012. [Online; accessed 21-September-2016].

[44] Al Pascual.

Future Prooﬁng Card Authorization. https://www.javelinstrategy.com/ coverage-area/future-proofing-card-authorization/, 2015. [Online; accessed 15-September-2016].

[45] Tina Amirtha. Pay by selﬁe, pay by ﬁngerprint-Coming your way soon

after MasterCard’s Dutch experiment. http://www.zdnet.com/article/ pay-by-selfie-pay-by-fingerprint-coming-your-way-soon-after/ mastercards-dutch-experiment/, 2016. [Online; accessed 15-September- 2016].

[46] Alan Goode. Bring your own ﬁnger - How mobile is bringing biometrics to consumers. Biometric Technology Today, 2014(5):5–9, 2014.

[47] Conn Stamford. Gartner Says 30 Percent of Organizations Will Use

Biometric Authentication for Mobile Devices by 2016. http://www. gartner.com/newsroom/id/2661115/, 2014. [Online; accessed 25-January- 2017].

[48] Liam M. Mayron. Biometric Authentication on Mobile Devices. IEEE Security & Privacy, 13(3):70–73, 2015.

184 [49] Chien Le and R Jain. A survey of biometrics security systems. EEUU. Washington University in St. Louis, 2009.

[50] NerdWallet. Banks Turn to Biometrics to Boost Security. https://www. nerdwallet.com/blog/banking/ biometrics-when-your-bank-scans-your-voice-face-or-eyes/, 2016. [Online; accessed 23-September-2016].

[51] Jinfeng Yang, Yihua Shi, and Jinli Yang. Finger-vein recognition based on a bank of Gabor ﬁlters. In Asian Conference on Computer Vision, pages 374–383. Springer, 2009.

[52] Michael Corkery. Goodbye, Password. Banks Opt to Scan Fingers and Faces

Instead. https://www.nytimes.com/2016/06/22/business/dealbook/ goodbye-password-banks-opt-to-scan-fingers-and-faces-instead. html?_r=0/, 2016. [Online; accessed 15-September-2016].

[53] Tom Reeve. HSBC and First Direct rolling out biomet-

rics to retail customers. http://www.scmagazineuk.com/ hsbc-and-first-direct-rolling-out-biometrics-to-retail-customers/ article/477931/, 2016. [Online; accessed 23-September-2016].

[54] Sarah Le. Can Biometric Technology

Secure the Prevalence of ATMs. https://www.engadget.com/2015/08/16/ can-biometric-technology-secure-the-prevalence-of-atms/, 2015. [Online; accessed 18-September-2016].

[55] National Science and Technology Council. Biometrics in government post 9/11, 2008.

185 [56] Government of India. IDAI generates a billion (100 crore) Aadhaars A

Historic Moment for India. http://pib.nic.in/newsite/PrintRelease. aspx?relid=138555/, 2016. [Online; accessed 27-January-2017].

[57] Ismail Yante. UNHCR - Fingerprints mark new direction in

refugee registration. http://www.unhcr.org/en-us/news/latest/2006/ 11/456ede422/ fingerprints-mark-new-direction-refugee-registration.html/, 2006. [Online; accessed 26-January-2017].

[58] FindBiometricsBlog. Nepal Initializing Biometric National ID Project. http: //findbiometrics.com/nepal-biometric-national-id-308173/, 2016. [Online; accessed 27-January-2017].

[59] MiddleEast Eye. Saudi Arabia to gather ﬁngerprints of mo-

bile phone users. http://www.middleeasteye.net/news/ saudi-arabia-gather-fingerprints-mobile-phone-users-835997531/, 2016. [Online; accessed 27-January-2017].

[60] John Daugman and Imad Malhas. Iris recognition border-crossing system in the UAE. Interantional Airport Review, 44(2), 2004.

[61] Lalita Acharya and Tomasz Kasprzycki. Biometrics and government. Parliamentary Information and Research Service, 2006.

[62] Chris Riley, Kathy Buckner, Graham Johnson, and David Benyon. Culture & biometrics: Regional diﬀerences in the perception of biometric authentication technologies. In AI and Society, volume 24, pages 295–306, 2009.

186 [63] BBC News. Inquiry on Shirley McKie case blames ’human error’. http: //www.bbc.com/news/uk-scotland-glasgow-west-16181875/, 2011. [Online; accessed 29-January-2017].

[64] Jonathan Kent. Malaysia Car Thieves Steal Finger. http://news.bbc. co.uk/2/hi/asia-pacific/4396831.stm/, 2005. [Online; accessed 29- January-2017].

[65] Anil Jain, Arun A Ross, and Karthik Nandakumar. Introduction to biometrics. Springer Science & Business Media, 2011.

[66] Martijn Oostdijk, Arnout van Velzen, Joost van Dijk, and Arnout Terpstra. State-of-the-art in biometrics for multi-factor authentication in a federative context.

[67] Shri Karthikeyan, Sophia Feng, Ashwini Rao, and Norman Sadeh. Smartphone ﬁngerprint authentication versus pins: A usability study (cmu- cylab-14-012). 2014.

[68] Lynne Coventry, Antonella De Angeli, and Graham Johnson. Usability and Biometric Veriﬁcation at the ATM Interface. Conference on Human Factors in Computing Systems (CHI), 5(1):153–160, 2003.

[69] Javier Galbally, Julian Fierrez-Aguilar, and Javier Ortega-Garcia. Vulnerabilities in biometric systems: attacks and recent advances in liveness detection. Database, 1(3):4, 2007.

187 [70] Ton Van der Putte and Jeroen Keuning. Biometrical ﬁngerprint recognition: donŠt get your ﬁngers burned. In Smart Card Research and Advanced Applications, pages 289–303. Springer, 2000.

[71] Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino. Impact of Artiﬁcial “Gummy” Fingers on Fingerprint Systems. Proceedings of SPIE, 4677(1):275–289, 2002.

[72] Chaos Computer Club. CCC — Chaos Computer Club analyzes government malware, 2013.

[73] Kai Cao and Anil K Jain. Hacking Mobile Phones Using 2D Printed Fingerprints. Technical report, 2016.

[74] Brian DeCann, Bozhao Tan, and Stephanie Schuckers. A novel region based liveness detection approach for ﬁngerprint scanners. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artiﬁcial Intelligence and Lecture Notes in Bioinformatics), volume 5558 LNCS, pages 627–636, 2009.

[75] Reza Derakhshani, Stephanie A C Schuckers, Larry A. Hornak, and Lawrence O’Gorman. Determination of vitality from a non-invasive biomedical measurement for use in ﬁngerprint scanners. Pattern Recognition, 36(2):383– 396, 2003.

[76] Athos Antonelli, Raﬀaele Cappelli, Dario Maio, and Davide Maltoni. A new approach to fake ﬁnger detection based on skin distortion. In International Conference on Biometrics, pages 221–228. Springer, 2006.

188 [77] Yangyang Zhang, Jie Tian, Xinjian Chen, Xin Yang, and Peng Shi. Fake Finger Detection Based on Thin-Plate Spline Distortion Model. In Advances in Biometrics, pages 742–749. 2007.

[78] Denis Baldisserra, Annalisa Franco, Dario Maio, and Davide Maltoni. Fake Fingerprint Detection by Odor Analysis. In Advances in Biometrics, pages 265–272, 2006.

[79] John Trader. Iris Recognition vs. Retina Scanning Ű What are

the Diﬀerences? http://www.m2sys.com/blog/biometric-hardware/ iris-recognition-vs-retina-scanning-what-are-the-differences/, 2012. [Online; accessed 08-December-2016].

[80] SnapdragonSenseID.

Phone Fingerprint Scanner Lock Authentication. https://www.qualcomm. com/products/features/security/sense-id/, 2016. [Online; accessed 01- December-2016].

[81] Gang Pan, Lin Sun, Zhaohui Wu, and Shihong Lao. Eyeblink-based anti- spooﬁng in face recognition from a generic webcamera. In Proceedings of the IEEE International Conference on Computer Vision, 2007.

[82] Dan Moren. Face Recognition Security, Even With A Blink Test Is Easy To Trick, 2015.

[83] Gang Pan, Zhaohui Wu, and Lin Su. Liveness Detection for Face Recognition. Recent Advances in Face Recognition, (December):236, 2008.

189 [84] Samarth Bharadwaj, Tejas I. Dhamecha, Mayank Vatsa, and Richa Singh. Computationally efficient face spoofing detection with motion magnification. In IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, pages 105–110, 2013.

[85] Hao-Yu Wu, Michael Rubinstein, Eugene Shih, John Guttag, Fr´edoDurand, and William Freeman. Eulerian video magniﬁcation for revealing subtle changes in the world. ACM Transactions on Graphics, 31(4):1–8, 2012.

[86] K. Kollreider, H. Fronthaler, and J. Bigun. Non-intrusive liveness detection by face images. Image and Vision Computing, 27(3):233–244, 2009.

[87] K. Kollreider, H. Fronthaler, and J. Bigun. Verifying liveness by multiple experts in face biometrics. In 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, CVPR Workshops, 2008.

[88] Maria De Marsico, Michele Nappi, Daniel Riccio, and Jean Luc Dugelay. Moving face spooﬁng detection via 3D projective invariants. In Proceedings - 2012 5th IAPR International Conference on Biometrics, ICB 2012, pages 73–78, 2012.

[89] E.-S. Ng and A.Y.-S. Chia. Face veriﬁcation using temporal aﬀective cues. In Proceedings - International Conference on Pattern Recognition, pages 1249– 1252, 2012.

[90] Naman Kohli, Daksha Yadav, Mayank Vatsa, Richa Singh, and Afzel Noore. Detecting medley of iris spooﬁng attacks using DESIST. In Biometrics

190 Theory, Applications and Systems (BTAS), 2016 IEEE 8th International Conference on, pages 1–6. IEEE, 2016.

[91] Thomas Fox-Brewster. Hacking Putin’s Eyes: How To Bypass Biometrics The Cheap And Dirty Way With Google Images, 2015.

[92] J. McNulty. Secure information storage and retrieval apparatus and method, April 12 2016. US Patent 9,311,465.

[93] John Daugman. Demodulation by complex-valued wavelets for stochastic pattern recognition. International Journal of Wavelets, Multiresolution and Information Processing, 1(01):1–17, 2003.

[94] Eui Chul Lee, Kang Ryoung Park, and Jaihie Kim. Fake iris detection by using purkinje image. In Advances in Biometrics, pages 397–403, 2005.

[95] PlanetBiometricsNews. Commercial vein sensor spoofed -

so what. http://www.planetbiometrics.com/article-details/i/2181/ desc/comment-commercial-vein-sensor-spoofed--so-what/, 2014.

[96] Bruce Schneier. The uses and abuses of biometrics. Communications of the ACM, 42(8):136–136, 1999.

[97] John Lettice. Carjackers swipe biometric Mercedes plus owner’s

ﬁnger. https://www.theregister.co.uk/2005/04/04/fingerprint_ merc_chop/, 2005. [Online; accessed 27-February-2017].

[98] Rubal Jain and Chander Kant. Attacks on Biometric Systems: An Overview. International Journal of Advances in Scientiﬁc Research, 1(7):283–288, 2015.

191 [99] Milan Ad´amek,Miroslav Mat´ysek,and Petr Neumann. Security of biometric systems. In Energy Procedia, volume 100, pages 169–176, 2015.

[100] Yulong Zhang, Zhaofeng Chen, Hui Xue, and Tao Wei. Fingerprints On Mobile Devices: Abusing and Leaking. In Black Hat Conference, 2015.

[101] Mohamad El-Abed, Patrick Lacharme, and Christophe Rosenberger. Privacy and security assessment of biometric systems, 2015.

[102] Isabelle Guyon and Andr´eElisseeﬀ. An introduction to feature extraction. In Feature extraction, pages 1–25. Springer, 2006.

[103] Karthik Nandakumar, Anil K. Jain, and Abhishek Nagar. Biometric template security. Eurasip Journal on Advances in Signal Processing, 2008, 2008.

[104] Ming Gao, Xihong Hu, Bo Cao, and Dianxin Li. Fingerprint sensors in mobile devices. In Industrial Electronics and Applications (ICIEA), 2014 IEEE 9th Conference on, pages 1437–1440. IEEE, 2014.

[105] Rene Ritchie. How Touch ID works-Making sense of Apple’s ﬁngerprint

identity sensor. http://www.imore.com/how-touch-id-works/, 2013. [Online; accessed 12-March-2017].

[106] Anil K. Jain and Umut Uludag. Hiding biometric data. IEEE Transactions on Pattern Analysis and Machine Intelligence, 25(11):1494–1498, 2003.

[107] Anil K Jain, Sarat C Dass, and Karthik Nandakumar. Can soft biometric traits assist user recognition? In Defense and Security, pages 561–572. International Society for Optics and Photonics, 2004.

192 [108] Manfred Bromba. On the reconstruction of biometric raw data from template data. Bromba Biometrics, 6, 2006.

[109] Terrance E Boult, Walter J Scheirer, and Robert Woodworth. Revocable ﬁngerprint biotokens: Accuracy and security analysis. In Computer Vision and Pattern Recognition, 2007. CVPR’07. IEEE Conference on, pages 1–8. IEEE, 2007.

[110] N. K. Ratha, J. H. Connell, and R. M. Bolle. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3):614–634, 2001.

[111] gcn.com. Passwords vs. biometrics. https://gcn.com/blogs/cybereye/ 2014/09/passwords-vs-biometrics.aspx. [Online; accessed 08-October- 2017].

[112] iristech909.blogspot.in. Iris recognition technology. https://gcn. com/blogs/cybereye/2014/09/passwords-vs-biometrics.aspx. [Online; accessed 08-October-2017].

[113] Lawrence O’Gorman. Fingerprint veriﬁcation. In Biometrics, pages 43–64. Springer, 1996.

[114] D. Thakkar. 8 Questions and Answers about Fingerprint Scanners. https: //www.bayometric.com/8-questions-answers-fingerprint-scanners/. [Online; accessed 10-October-2017].

193 [115] Christopher Hekimian. Technique using order and timing for enhancing ﬁngerprint authentication system eﬀectiveness, December 20 2003. US Patent App. 10/741,087.

[116] J. Scherrer and M.A. Scherrer. System and method to provide secure access to personal information, July 22 2010. US Patent App. 12/688,823.

[117] J.C. Kawan, Y. Smushkovich, and R.K.H. Chu. System and method for user authentication, May 2 2006. US Patent 7,039,812.

[118] Ghani. How To Increase Touch ID Accuracy On iPhone, iPad. https://www. wccftech.com/increase-touch-id-accuracy-iphone-ipad/. [Online; accessed 17-October-2017].

[119] Kamer Vishi and Sule Yildirim Yayilgan. Multimodal biometric authentication using ﬁngerprint and iris recognition in identity management. In Intelligent Information Hiding and Multimedia Signal Processing, 2013 Ninth International Conference on, pages 334–341. IEEE, 2013.

[120] Anil K Jain, Lin Hong, and Yatin Kulkarni. A multimodal biometric system using ﬁngerprint, face and speech. In Proceedings of 2nd Int’l Conference on Audio-and Video-based Biometric Person Authentication, Washington DC, pages 182–187, 1999.

[121] Khan I. Multimodal BiometricsâĂŞ Is Two Better Than

One? https://www.frost.com/prod/servlet/market-insight-print. pag?docid=80082644. [Online; accessed 17-October-2017].

194 [122] Apurva M Bhansali, Mehul R Patel, Kamal M Dhanani, Rajnish S Chauhan, and David Cheung. Methods, systems, and apparatuses for managing a hard drive security system, October 29 2015. US Patent App. 14/926,939.

[123] Santu Rohatgi, Peter Rung, and Ryan Rohatgi. Method for authenticating a user proﬁle for providing user access to restricted information based upon biometric conﬁrmation, March 2 2005. US Patent App. 11/070,484.

[124] R Brandom. Your phone’s biggest

vulnerability is your ﬁngerprint. https://www.theverge.com/2016/5/2/ 11540962/iphone-samsung-fingerprint-duplicate-hack-security. [Online; accessed 15-October-2017].

[125] D. Winder. Top ten password cracking techniques. http://www.alphr.com/ features/371158/top-ten-password-cracking-techniques. [Online; accessed 19-November-2017].

[126] bioenabletech.com. Ten print Slap scanner based Time Atten-

dance Access control system. http://www.bioenabletech.com/ ten-print-slapscanner-based-time-attendance-access-control-system. html. [Online; accessed 02-October-2017].

[127] biometricsupply.com. Fingerprint scanners. http://www.biometricsupply. com/cgi-bin/fingerprint-scanners-list.cgi. [Online; accessed 25- September-2017].

[128] 360biometrics.com. http://www.360biometrics.com/faq/fingerprint_ scanners.php#1. [Online; accessed 02-October-2017].

195 [129] Eva Zangerle and G¨unther Specht. Sorry, i was hacked: a classiﬁcation of compromised twitter accounts. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, pages 587–593. ACM, 2014.

[130] Jungsun Kim. A Comprehensive Structural Model of Factors Inﬂuencing Customers’ Intention to Use Biometrics in the Hospitality Industry. ERIC, 2009.

[131] Hylke Huys. Consumer Acceptance of Identiﬁcation Technology. PhD thesis, Ghent University, 2014.

[132] Alexander P Pons and Peter Polak. Understanding user perspectives on biometric technology. Communications of the ACM, 51(9):115–118, 2008.

[133] June Lu, Chang Liu, Chun-Sheng Yu, and Kanliang Wang. Determinants of accepting wireless mobile data services in china. Information & Management, 45(1):52–64, 2008.

[134] Christopher John Ruth. Applying a modiﬁed technology acceptance model to determine factors aﬀecting behavioral intentions to adopt electronic shopping on the World Wide Web: A structural equation modeling approach. Drexel University, 2000.

[135] Paul Legris, John Ingham, and Pierre Collerette. Why do people use information technology? a critical review of the technology acceptance model. Information & management, 40(3):191–204, 2003.

196 [136] Thamer Omar Alhussain. Factors Inﬂuencing the Adoption of Biometric Authentication in Mobile Government Security. PhD thesis, Griﬃth University, 2012.

[137] PL Stoneman et al. Technological diﬀusion: the viewpoint of economic theory. Technical report, University of Warwick, Department of Economics, 1985.

[138] Sang Hyun Oh, Yong Man Kim, Chong Whan Lee, Gyu Yeol Shim, Min Sook Park, and Hong Seob Jung. Consumer adoption of virtual stores in korea: Focusing on the role of trust and playfulness. Psychology & Marketing, 26(7):652–668, 2009.

[139] Gil Son Kim, Se-Bum Park, and Jungsuk Oh. An examination of factors inﬂuencing consumer adoption of short message service (sms). Psychology & Marketing, 25(8):769–786, 2008.

[140] Jeroen Schepers and Martin Wetzels. A meta-analysis of the technology acceptance model: Investigating subjective norm and moderation eﬀects. Information & management, 44(1):90–103, 2007.

[141] Qingxiong Ma and Liping Liu. The technology acceptance model: A meta- analysis of empirical ﬁndings. Journal of Organizational and End User Computing (JOEUC), 16(1):59–72, 2004.

[142] Fred D Davis. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS quarterly, pages 319–340, 1989.

197 [143] Shirley Taylor and Peter A Todd. Understanding information technology usage: A test of competing models. Information systems research, 6(2):144– 176, 1995.

[144] G Premkumar, K Ramamurthy, and Hsin-Nan Liu. Internet messaging: An examination of the impact of attitudinal, normative, and control belief systems. Information & Management, 45(7):451–457, 2008.

[145] IBM.

IBM SPSS Software. https://www.ibm.com/analytics/data-science/ predictive-analytics/spss-statistical-software. [Online; accessed 19-November-2017].

[146] bcps.org. The Role of Statistics in Research. https://www.bcps.org/ offices/lis/researchcourse/statistics_role.html. [Online; accessed 19-November-2017].

[147] Joseph Bonneau, Cormac Herley, Paul C Van Oorschot, and Frank Stajano. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 553–567. IEEE, 2012.

[148] Morten Sporild. Method for evaluating authentication system quality. Master’s thesis, 2007.

[149] Larry Talley. User Login (Authentication) Failures and Lockout Mechanism.

https://elandings.atlassian.net/wiki/spaces/es/pages/40370191/ User+Login+Authentication+Failures+and+Lockout+Mechanism. [Online; accessed 03-March-2018].

198 [150] Torben Andersen. Why multi-factor

authentication is a security best practice. https://www.scmagazineuk.com/ why-multi-factor-authentication-is-a-security-best-practice/ article/540513/. [Online; accessed 04-March-2018].

[151] Tae Goo Kim, Jae Hyoung Lee, and Rob Law. An empirical examination of the acceptance behaviour of hotel front oﬃce systems: An extended technology acceptance model. Tourism management, 29(3):500–513, 2008.

[152] Tom´as Escobar Rodr´ıguez, Pedro Monge Lozano, and Ma Mercedes Romero-Alonso. Acceptance of e-prescriptions and automated medication- management systems in hospitals: An extension of the technology acceptance model. Journal of information systems, 26(1):77–96, 2012.

[153] Hung-Pin Shih. Extended technology acceptance model of internet utilization behavior. Information & Management, 41(6):719–729, 2004.

[154] Blog SmartSurvey. Advantages of Using Likert Scale Questions. https: //blog.smartsurvey.co. uk/advantages-of-using-likert-scale-questions/. [Online; accessed 29-April-2018].

[155] Eunylson Lopes. How Researchers Can Beneﬁt from Data Analysis! https: //unitedstatisticians.com/blog/data-analysis/?lang=en. [Online; accessed 29-April-2018].

[156] IBM Analytic. Why

IBM SPSS Software. https://www.ibm.com/analytics/data-science/

199 predictive-analytics/spss-statistical-software. [Online; accessed 29-April-2018].

[157] BCPS Independent Research Seminar. The Role of Statistics

in Research. https://www.bcps.org/offices/lis/researchcourse/ statistics_role.html. [Online; accessed 30-April-2018].

[158] J Martin Bland and Douglas G Altman. Statistics notes: Cronbach’s alpha. Bmj, 314(7080):572, 1997.

[159] Irfan Iqbal and Bilal Qadir. Biometrics Technology: Attitudes & inﬂuencing factors when trying to adopt this technology in Blekinge healthcare. 2012.

200