A Biometric Security Model for Mobile Applications

A Biometric Security Model for Mobile Applications

International Journal of Communications Sorin Soviany et al http://www.iaras.org/iaras/journals/ijoc A Biometric Security Model for Mobile Applications SORIN SOVIANY1, SORIN PUSCOCI1, VIRGINIA SANDULESCU1, CRISTINA SOVIANY2 Communication Terminals and Telematics (T.C.T.) 1 National Communications Research Institute (I.N.S.C.C.) 1 Bd. Preciziei, No. 6, Bucharest 1 ROMANIA1 Features Analytics2 2, rue de Charleroi 1400 Nivelles2 BELGIUM2 [email protected], [email protected], [email protected], [email protected], http://www.inscc.ro1 https://features-analytics.com/2 Abstract: - A biometric security model for mobile applications is defined. It is a low-complexity design with a security architecture including 2 biometric traits (fingerprint and iris). The fingerprint processing for feature generation is optimized on the mobile device, but the iris template optimization is performed on server. In both cases, the feature space is transformed to provide a suitable trade-off performance vs. complexity for a properly reduced dimensionality. The matching is based on a target-vs.-non-target classification in order to meet the requirements of an identification process in which only a target identity must be recognized. The target identity belongs to the mobile device owner. Key-Words: - security model, feature, data fusion, mobile application 1 Introduction In this paper, a biometric security model for The extending usage of the mobile applications is mobile applications is defined, with design for low- enabled by the technological advances in hardware, complexity applications, using 2 biometric traits software and mobile networking. The mobility (fingerprint and iris). The feature space is became a key factor for such applications design, transformed to provide a suitable trade-off requiring optimizations according to several performance vs. complexity for a reduced constraints for processing, storage and transfer rate. dimensionality. The matching is performed with a A critical issue for the mobile applications is the target-vs.-non-target classifier in order to meet the security. The conventional data protection requirements of an identification process for a target mechanisms are constrained in this case by the identity belonging to the mobile device owner, storage and processing limitations. The security supporting the secured access to an application issues for mobile applications are generated by the service such as m-Banking or m-Health. emerging of the new threats. The inappropriate The remainder of the paper has the following usage of the mobile devices, the bugs within the structure: Section 2-the general design of the new apps, the authentication issues, the client data security architecture for mobile applications; sensitivity, the mobile communication networks Section 3–the biometric data processing and vulnerabilities are a few reasons to develop experimental results; Section 4- conclusions. innovative security solutions for mobile applications. The authentication remains one of the most 2 The Security Architecture design important security mechanisms. For the for Mobile Applications conventional applications the multi-factor authentication is a common approach. The multi- biometric solutions (with several biometric traits) 2.1 Actual technical developments are already applied on large scale. The problem is As concerning the mobile devices with password- how to use these methodologies for the mobile use- free security, there are already available cases while ensuring at least the same performances smartphones including the biometric authentication. as for the desktop apps under the specific The biometric approach for the smartphone security constraints. started to be largely considered only since 2013. ISSN: 2367-8887 85 Volume 3, 2018 International Journal of Communications Sorin Soviany et al http://www.iaras.org/iaras/journals/ijoc Currently many smartphones integrate several A secured Android application including biometrics. This allows the multimodal biometric biometric authentication is presented in [2]. The solutions development for mobile applications. The security mechanism includes cryptographic initial usage of biometrics for smartphones was to operations and fingerprint samples registration on unlock these devices for reaching the home screens the mobile device. The main usage in this case is for [1]. Now the biometrics usage concerns more the device unlocking. sophisticated applications, such as the authentication A review of facial recognition actual applications for m-Banking, m-Health and other Application- for smart devices (with focus on mobile ones) is layer mobile services. given in [3]. It explains why the facial recognition The following biometric methods are considered could have a reliable potential to become a trusted for mobile users [1]: form of authentication, even for mobile use-cases. fingerprint scanning, firstly introduced in 2013 The ensured security degree is explored considering by Apple into iPhone 5S to unlock the device the use-cases of mobile device applications and later for user’s authentication to secure a available for Android and iOS platforms. iOS facial mobile payment application (Apple Pay), and recognition apps are more secure than the Google then by other smartphones manufacturers with Play store apps for Android devices. their devices (Samsung Galaxy S8, LG G6, A biometric authentication method for Android- Huawei Mate 10; based mobile devices is presented in [4]: a facial recognition, for Samsung Galaxy S8, a fingerprint-based authentication system with Google and Samsung smartphone (Galaxy implementation on a LG Nexus 5 device. Nexus), also an Apple product iPhone X -with The recognition of fingerprints on mobile an application option via Apple Pay, beside its applications is approached in [5] with an Android unlocking method Face ID. While Face ID case study. This is an application with fingerprint provides a proper security to authenticate recognition using camera from the mobile device. Apple Pay operations, the face recognition The facial identification on Android smartphones provided on many Android-based smartphones is approached in [6]. An implementation of was not so secure for applications requiring a biometric identification for large datasets is high degree of data protection. Recently, the presented, together with its performance evaluation. facial recognition started to be considered again Another use-case is a biometric authentication as a feasible option for mobile security through a virtual keyboard for smartphones [7]. The applications, due to the technological advances focus is on the authentication with keystroke in hardware, algorithms and their software dynamics, with new features that are extracted for implementation. Other mobile devices with this biometric when applied for mobile devices. facial recognition are Galaxy Note 8, LG V30, These are only a few examples of recent Huawei P10; developments of biometric authentication solutions iris recognition. Among the first smartphones for mobile devices looking to secure applications with this capability one can mention Fujitsu with high- and medium-sensitivity data. NX F-04G and Microsoft Lumia 950 (2015); The integration of several biometrics (fingerprint, Samsung introduced this biometric in 2016 face and/or iris, voice recognition as an additional (Galaxy Note 7) and then in 2017 for Galaxy trait) on the same mobile device could represent a S8 and Galaxy Note 7. So far, the iris useful option, even for the Android devices; several recognition on Android smartphones is not biometrics provide a higher security, but with a considered as secure enough for the careful consideration for the complexity issues. The authentication in m-Banking, despite of the potential of multimodal approaches was proved in high performance provided by iris recognition many security applications, such as the example of a for desktop applications. The main usages cryptographic key generation with multiple remained the phone unlocking; biometric modalities given in [8]. voice recognition is included in LG V30 with a voice-unlock capability (Voice Print). The Android operating system integrates voice 2.2 The security architecture specification recognition through the Smart Lock setting. The security architecture specification includes the overall security model (section 2.2.1) with its As concerning the applications with biometric functional components (section 2.2.2). The data credentials for mobile devices, one can mention processing for the mobile user authentication is some recent developments. detailed within the section 3. ISSN: 2367-8887 86 Volume 3, 2018 International Journal of Communications Sorin Soviany et al http://www.iaras.org/iaras/journals/ijoc 2.2.1 The overall security architectural model includes only one function: IPP (Iris Pre- The overall security model is defined for the target Processing). The advanced iris processing (IP mobile application architecture depicted in fig.1. module) is performed on server. For each biometric, the PP (Pre-Processing) function performs the samples processing for feature extraction to generate an initial feature set: FV0,F (fingerprint feature vector) and FV0,I (iris feature vector). The P (Processing) function performs more advanced feature space transformations and feature selection to provide the best features with the suitable discriminant power. FP generates the fingerprint credential that has to be sent to the authentication

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us