DOCSLIB.ORG

Enhancing and Reinforcing Security and Usability of User Account Authentication Using Fingerprints As Username Credential

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Enhancing and Reinforcing Security and Usability of User Account Authentication using Fingerprints as Username Credential by Mohammad Hassan Algarni A dissertation submitted to Florida Institute of Technology in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Melbourne, Florida July 2018 We the undersigned committee hereby recommend that the attached dissertation be accepted as fulfilling in part the requirements for the degree of Doctor of Philosophy in Computer Science Enhancing and Reinforcing Security and Usability of User Account Authentication using Fingerprint as Username Credential by Mohammad Hassan Algarni Lucas Stephane, Ph.D. Assistant Professor, School of Computing, Human-Centered Design Innovation Program Advisor and Committee Chair Walter Bond, Ph.D. Associate Professor, School of Computing Marius Silaghi, Ph.D. Associate Professor, School of Computing Munevver Subasi, Ph.D. Associate Professor, Mathematical Sciences Philip J. Bernhard, Ph.D. Associate Professor, Director School of Computing Computer Sciences and Cybersecurity Abstract Title: Enhancing and Reinforcing Security and Usability of User Account Authentication using Fingerprints as Username Credential Author: Mohammad Hassan Algarni Committee Chair: Lucas Stephane, Ph.D. With the process of logging in, the users gain access to a computer system after identifying and authenticating themselves. The user credentials are required to login, and they are typically some form of a username and a matching password. The username for logging in an account is textual. This text can be either email address or some alphanumeric or numeric or characters chosen by the user. However, if the email account of a user is compromised, the attacker can click on Forgot Password link available on the user interface of the target account. If the compromised email account has the same email address as the one used when registering to the target account, then a password reset link will be sent to the email address and the attacker will be able to compromise the target account as well. In addition, if the username of the target account is known, the attacker will just have to crack the password of that account. iii The primary goal of this research is to address the vulnerabilities of the authentication systems and thereby strengthen the security of user accounts by enhancing and reinforcing security and usability of user account authentication using fingerprints as username. iv Contents 1 Background 1 1.1 Introduction . .1 1.2 Overview . .3 1.3 Biometrics Purposes . .6 1.3.1 Security . .6 1.3.2 Avoiding Time Loss . .7 1.4 Biometrics System Components . .7 1.4.1 Fingerprint Recognition . .8 1.4.2 Face Recognition . 12 1.4.3 Iris Recognition . 13 1.5 Multimodal Biometrics Systems . 14 1.5.1 Background . 14 1.5.2 Assessment . 16 1.5.3 Fusion . 18 1.5.4 Multimodal Scenarios . 19 1.5.5 Adaptive and Non-Adaptive Fusion . 21 1.5.6 Unattended and Attended Biometrics Systems . 24 v 1.5.7 Summary . 25 2 Biometrics Utilization 26 2.1 Overview . 26 2.2 Usage in Commerce . 27 2.2.1 Most Used Biometrics . 29 2.2.2 Usage in Online Banking . 33 2.2.3 Usage in Automated Teller Machine (ATM) . 35 2.2.4 Summary . 37 2.3 Usage in Government . 38 2.4 E-Government Models with Commercial Applications . 40 2.5 Social Impact . 42 2.6 User Experience . 43 2.7 Summary . 46 3 Biometrics Vulnerabilities and Countermeasures 48 3.1 Spoofing Attacks . 48 3.1.1 Overview . 49 3.1.2 Spoofing Attacks . 51 3.1.3 Summary . 62 3.2 Attacks on Biometric Systems . 62 3.2.1 Fingerprint Sensors and Attack Types . 65 3.3 Defense Techniques . 68 3.4 Revocable Biometrics . 70 4 Literature Review 52 vi 4.1 Overview . 52 4.2 Detailed Review . 53 4.2.1 Use of fingerprints in authentication . 53 4.2.2 Use of order of multiple fingerprints in authentication . 55 4.2.3 Use of Multimodal Biometrics in Authentication . 57 4.2.4 Use of fingerprints as usernames and/or password: . 59 4.3 Conclusion: . 60 5 Research Problem Statement 62 5.1 Motivation . 62 5.2 Problem Statement . 64 5.3 Problem Goals . 65 5.4 Problem Questions . 66 5.5 Research Hypothesis . 66 5.6 Research Methodology . 68 5.6.1 Introduction . 68 5.6.2 Approach . 69 5.6.3 Research Method . 71 6 Survey Findings and Conclusion 73 6.0.4 Demographic Information . 74 6.1 Model Related Information . 76 6.2 Conclusion . 84 7 Evaluation of the Authentication Systems 86 7.1 Evaluation framework . 87 vii 7.2 Relevance of the framework to the proposal . 88 7.3 Application of the framework to the proposal . 89 7.3.1 Usability . 89 7.3.2 Security . 91 7.4 Security Metrics . 95 7.5 Summarized metric results . 103 7.6 Implications and Conclusion . 51 8 Evaluating of the User Adoption 53 8.1 Background on the proposed idea . 53 8.2 Proof of Concept . 33 8.3 Selection of Adoption model . 39 8.3.1 Formulating Hypothesis . 40 8.3.2 Methodology . 42 9 Analysis of the Survey 44 9.1 Results . 44 9.1.1 Demographic information . 45 9.1.2 Information related to FUAF . 45 9.2 Reliability . 91 9.3 Implications . 91 9.4 Analysis of Usability Metrics . 94 10 Conclusions and Future Work 97 10.1 Conclusion . 97 10.2 Directions for further research . 99 viii 10.3 Timeline . 99 A List of Publications 101 B Surveys Questions 102 ix List of Figures 1.1 Three categories of user authentication [1] .................6 1.2 Structure of Unimodal Biometric System. ..................7 1.3 Biometrics enrollment and recognition process. ...............8 1.4 Minutia in a fingerprint [2]. ........................9 1.5 Optical scanner [3]. ............................ 10 1.6 Capacitive scanner [4]. ........................... 11 1.7 Screen-shot captured from facial recognition program Aurora [5]. ....... 13 1.8 Example of an iris pattern [6]. ....................... 14 1.9 Multimodal Biometric Scenarios [7]. .................... 22 1.10 Adaptive Fusion VS Non-Adaptive Fusion [8]. ................ 23 2.1 Proportion of used biometric technologies in the worlds banks [9]. ...... 34 2.2 A lady is getting her iris scanned by the ATM to withdraw her monthly cash allowance. [10]. .............................. 36 3.1 Possible attack points in a generic biometrics-based system [11]. ....... 50 3.2 Example of live and non-live fingerprints captured by capacitive DC scanner. (a) Live finger; (b) spoof finger made from Play-Doh; (c) spoof finger made from gelatin; (d) cadaver finger. [12] ....................... 53 x 3.3 Block diagram of the proposed cascade structure for face spoofing detection [13]. 57 3.4 Segmentation results and four paths in the common iris region of two images (a) and (b) captured in illumination condition I and II. Image (b) is resized to have the same iris diameter as that of image (a). The blue circle in image (b) defines the pupil size in image (a) [14]. ................... 60 3.5 a normal eye and one with a patterned contact lens generate different deformations of a projected stripe pattern [15]. ............... 61 3.6 Possible attacks on the biometric system at various points [16]. ....... 63 5.1 Technology Acceptance Model (TAM) [18]. ................. 70 6.1 The responses percentage for the Demographic Information of participants: Gender, Age and Education Level ..................... 75 6.2 Chart showing the responses percentage for participants familiarity with fingerprint technologies .......................... 77 6.3 Chart showing the responses percentage for how participants perceived information present on their phones .................... 78 6.4 Chart showing the responses percentage for the level of privacy protection that participants required for their information on their phones .......... 80 6.5 Chart showing the responses percentage if the participants would store more private information on their phones if it has fingerprint scanner ....... 81 6.6 Chart showing the responses percentage of participants if they think the fingerprint authentication technique was better than traditional security methods ................................. 82 6.7 Chart showing the responses percentage of participants to use fingerprints as usernames or alphanumeric usernames ................... 83 xi 8.2 Sign Up Screen .............................. 33 8.3 Sign Up Screen with details entered .................... 34 8.4 Authenticate Fingerprint Screen ...................... 34 8.5 Sign In screen ............................... 35 8.6 Sign In screen with details entered ..................... 35 8.7 Profile page after successful sign in ..................... 36 8.8 Reset Password screen ........................... 37 8.9 Password reset email ........................... 37 8.1 Home screen of the prototype app ..................... 38 8.10 Technology Acceptance Model (TAM) ................... 40 9.1 The responses percentage for the Demographic Information of participants: Gender, Age and Education Level ..................... 47 9.2 Chart showing the responses percentage for participants if they think FUAF is easy to use. ................................ 48 9.3 Chart showing the responses percentage for participants if they think learning FUAF is clear. .............................. 49 9.4 Chart showing the responses percentage for participants if they think using FUAF will be easy. ............................ 51 9.6 Chart showing the responses percentage for participants if they think it would be faster to sign in with FUAF. ...................... 52 9.7 Chart showing the responses percentage for participants if they think it would be useful not to remember textual usernames. ............... 53 9.8 Chart showing the responses percentage for participants if they think using fingerprints as usernames is a viable idea .................. 54 xii 9.9 Chart showing the responses percentage for participants if they think using FUAF will be advantageous. ........................ 87 9.10 Chart showing the responses percentage for participants if they think using FUAF is a good idea. ........................... 88 9.11 Chart showing the responses percentage for participants if they think using FUAF is within their control. ....................... 90 9.12 Chart showing the responses percentage for participants if they have the resource, knowledge and the ability to use FUAF.
Recommended publications
  • Counteracting Presentation Attacks in Face, Fingerprint and Iris Recognition

    Counteracting Presentation Attacks in Face, Fingerprint and Iris Recognition

    Counteracting Presentation Attacks in Face, Fingerprint and Iris Recognition Allan Pinto1, Helio Pedrini1, Michael Krumdick2, Benedict Becker2, Adam Czajka2,3,4, Kevin W. Bowyer2, and Anderson Rocha1 1Institute of Computing, University of Campinas, Brazil 2Computer Science and Engineering, University of Notre Dame, U.S.A. 3Research and Academic Computer Network (NASK), Poland 4Warsaw University of Technology, Poland April 1, 2017 Abstract This chapter explores data-driven approaches to presentation attack detection for three biometric modalities: face, iris and fingerprint. The primary aim of this chapter is to show how pre-trained deep neural networks can be used to build classifiers that can distinguish between authentic images of faces, irises and fingerprints and their static imitations. The most important, publicly available benchmarks representing various attack types were used in a unified presentation attack detection framework in both same-dataset and cross-dataset experiments. The pre-trained VGG neural networks, being the core of this solution, tuned independently for each modality and each dataset present almost perfect accuracy for all three biometric techniques. In turn, low classification accuracies achieved in cross-dataset evaluations show that models based on deep neural networks are sensitive not only to features specific to biometric imitations, but also to dataset-specific properties of samples. Thus, such models can provide a rapid solution in scenarios in which properties of imitations can be predicted but appropriate feature engineering is difficult. However, these models will perform worse if the properties of imitations being detected are unknown. This chapter includes also a current literature review summarizing up-to-date data-driven solutions to face, iris and finger liveness detection.
  • Mobile Biometric Device (MBD) Technology: Summary of Selected First Responder Experiences in Pilot Projects

    Mobile Biometric Device (MBD) Technology: Summary of Selected First Responder Experiences in Pilot Projects

    SANDIA REPORT SAND2013-4922 Printed June 2013 Mobile Biometric Device (MBD) Technology: Summary of Selected First Responder Experiences in Pilot Projects Chris Aldridge Prepared by Sandia National Laboratories Albuquerque, New Mexico 87185 and Livermore, California 94550 Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. Further dissemination only as authorized to U.S. Government agencies and their contractors; other requests shall be approved by the originating facility or higher DOE programmatic authority. Issued by Sandia National Laboratories, operated for the United States Department of Energy by Sandia Corporation. NOTICE: This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government, nor any agency thereof, nor any of their employees, nor any of their contractors, subcontractors, or their employees, make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represent that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government, any agency thereof, or any of their contractors or subcontractors. The views and opinions expressed herein do not necessarily state or reflect those of the United States Government, any agency thereof, or any of their contractors.
  • Biometric Recognition: Challenges and Opportunities

    Biometric Recognition: Challenges and Opportunities

    This PDF is available from The National Academies Press at http://www.nap.edu/catalog.php?record_id=12720 Biometric Recognition: Challenges and Opportunities ISBN Joseph N. Pato and Lynette I. Millett, Editors; Whither Biometrics 978-0-309-14207-6 Committee; National Research Council 182 pages 6 x 9 PAPERBACK (2010) Visit the National Academies Press online and register for... Instant access to free PDF downloads of titles from the NATIONAL ACADEMY OF SCIENCES NATIONAL ACADEMY OF ENGINEERING INSTITUTE OF MEDICINE NATIONAL RESEARCH COUNCIL 10% off print titles Custom notification of new releases in your field of interest Special offers and discounts Distribution, posting, or copying of this PDF is strictly prohibited without written permission of the National Academies Press. Unless otherwise indicated, all materials in this PDF are copyrighted by the National Academy of Sciences. Request reprint permission for this book Copyright © National Academy of Sciences. All rights reserved. Biometric Recognition: Challenges and Opportunities Joseph N. Pato and Lynette I. Millett, Editors Whither Biometrics Committee Computer Science and Telecommunications Board Division on Engineering and Physical Sciences Copyright © National Academy of Sciences. All rights reserved. Biometric Recognition: Challenges and Opportunities THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Gov- erning Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engi- neering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.
  • From Password to Person the Evolution of Biometrics

    From Password to Person the Evolution of Biometrics

    From Password to Person The Evolution of Biometrics May 2020 Table of contents Executive Summary 01 Long-Range Iris Recognition 13 Knowledge and Recognition 02 Spoof and Liveness 14 Why Biometrics? 03 Detection Software A Superior Experience 04 Machine Learning and 14 Artificial Intelligence The Impact of the Smartphone 05 Expansion of Uses 14 Protecting Biometric Data 06 Internet of Things 14 Security, Convenience, and Thresholds 07 Travel 14 Usability Factors 07 Workplace 15 Fingerprint 08 Healthcare 15 Face 09 Ethical Considerations and Policy 16 Palm 10 Conclusion 17 Voice 10 Passive Biometrics and Behavioral Analytics 11 Recent Advances in Biometrics 13 Technology 13 Touchless Fingerprint Scanners 13 In-Display Fingerprint Readers 13 Fingerprint on Card 13 3D Facial Recognition 13 Executive Summary In recent years, identity verifiers have moved to address the vulnerabilities of knowledge-based identity data by employing biometric solutions. The verification of biometric data, liveness detection, and associated security processing are key areas of innovation. Physical biometrics such as fingerprint, face, or palm are being combined with technologies that recognize behavioral traits and associated devices to create seamless, intelligent, and more secure methods of authentication. This document: • Provides a comparative overview of different biometric modalities • Assesses security and usability issues • Reviews recent advances in technology and the expansion of uses • Discusses regulatory trends and ethical considerations From Password to Person: The Evolution of Biometrics was produced in association with the International Center for Biometric Research and The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. 1 Knowledge and Recognition How can you be confident that someone is who they say they are? Long ago, this wasn’t a problem.