Fingerprint authentication and security risks in smart devices

The smartphone market is growing rapidly and enriching our digital lives by instant of information sharing. As smartphone devices contain sensitive data of users, it is very essential to protect this information efficiently. To fulfill this, modern smartphones are adopting fingerprint scanners for biometric authentication. Fingerprint biometric authentication is simple and quick, however, it is vulnerable to attacks as hackers can steel fingerprint biometric data. Therefore, a consistent fingerprint biometric authentication mechanism is required to protect personal information of the user as well as biometrics data. In this paper, we will analyze different attacks and security risks associated with fingerprint authentication. Previously, there are eight levels of attacks studied to compromise biometric data. Here, we propose two additional levels of attacks to provide a more robust mechanism to deal with security vulnerabilities in future.

[1]  Umut Uludag,et al.  Biometric Matching and Fusion System for Fingerprints from Non-Distal Phalanges , 2015, ArXiv.

[2]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[3]  Arun Ross,et al.  Toward reconstructing fingerprints from minutiae points , 2005, SPIE Defense + Commercial Sensing.

[4]  Anil K. Jain,et al.  Altered Fingerprints: Analysis and Detection , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[5]  Tomi Kinnunen,et al.  Spoofing and countermeasures for automatic speaker verification , 2013, INTERSPEECH.

[6]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[7]  Shaogang Gong,et al.  Audio- and Video-based Biometric Person Authentication , 1997, Lecture Notes in Computer Science.

[8]  Stephanie Schuckers,et al.  Time-series detection of perspiration as a liveness test in fingerprint devices , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[9]  Driss Aboutajdine,et al.  Application of new alteration attack on biometric authentication systems , 2015, 2015 First International Conference on Anti-Cybercrime (ICACC).

[10]  Arun Ross,et al.  Detecting Altered Fingerprints , 2010, 2010 20th International Conference on Pattern Recognition.

[11]  Bhagavatula Vijaya Kumar,et al.  Biometric Encryption: enrollment and verification procedures , 1998, Defense + Commercial Sensing.

[12]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[13]  Sanjay Kumar Singh,et al.  Fusion of electrocardiogram with unobtrusive biometrics: An efficient individual authentication system , 2012, Pattern Recognit. Lett..

[14]  Sanjay Kumar Singh,et al.  A taxonomy of biometric system vulnerabilities and defences , 2013, Int. J. Biom..

[15]  Abdulmonam Omar Alaswad,et al.  Vulnerabilities of Biometric Authentication “Threats and Countermeasures” , 2006 .

[16]  Michael Zimmerman Biometrics and User Authentication , 2018 .

[17]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[18]  Julian Fierrez,et al.  Hill-climbing attack to an Eigenface-based face verification system , 2009, 2009 First IEEE International Conference on Biometrics, Identity and Security (BIdS).

[19]  Andy Adler Sample images can be independently restored from face recognition templates , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[20]  Yulong Zhang,et al.  Towards Discovering and Understanding Task Hijacking in Android , 2015, USENIX Security Symposium.

[21]  Saudi Arabia Securing Mobile Cloud Using Finger Print Authentication , 2013 .

[22]  Anil K. Jain,et al.  Biometric template transformation: a security analysis , 2010, Electronic Imaging.

[23]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[24]  Ton van der Putte,et al.  Biometrical Fingerprint Recognition: Don't Get Your Fingers Burned , 2001, CARDIS.

[25]  Thomas Stols A Taxonomy of Architecture-specific Use Cases, Security Risks and Mitigations in Biometric Solutions for Mobile Devices , 2015 .

[26]  Anil K. Jain,et al.  Face Spoof Detection With Image Distortion Analysis , 2015, IEEE Transactions on Information Forensics and Security.

[27]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[28]  Zhen Wang,et al.  uWave: Accelerometer-based Personalized Gesture Recognition and Its Applications , 2009, PerCom.

[29]  Byung Hee Lee,et al.  The Implementation of Secure Mobile Biometric System , 2013 .

[30]  Carsten Gottschlich Skilled Impostor Attacks Against Fingerprint Verification Systems And Its Remedy , 2015, ArXiv.

[31]  Jean-Luc Dugelay,et al.  Impact analysis of nose alterations on 2D and 3D face recognition , 2012, 2012 IEEE 14th International Workshop on Multimedia Signal Processing (MMSP).

[32]  Claude Barral Biometrics & [and] Security , 2010 .

[33]  Nalini K. Ratha,et al.  An Analysis of Minutiae Matching Strength , 2001, AVBPA.

[34]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[35]  Ruby B. Lee,et al.  Implicit Authentication for Smartphone Security , 2015, ICISSP.

[36]  Jaime S. Cardoso,et al.  Iris liveness detection methods in the mobile biometrics scenario , 2014, 2014 International Joint Conference on Neural Networks (IJCNN).

[37]  Puja Sahay Prasad,et al.  Vulnerabilities of Biometric System , 2013 .

[38]  Jiankun Hu,et al.  A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment , 2011, Secur. Commun. Networks.

[39]  Gian Luca Marcialis,et al.  Power spectrum-based fingerprint vitality detection , 2007, 2007 IEEE Workshop on Automatic Identification Advanced Technologies.

[40]  Anil K. Jain,et al.  Automatic Detection of Altered Fingerprints , 2012, Computer.

[41]  M. Ramakrishnan,et al.  A NEW APPROACH OF ALTERED FINGERPRINTS DETECTION ON THE ALTERED AND NORMAL FINGERPRINT DATABASE , 2013 .

[42]  Y. S. Moon,et al.  Wavelet based fingerprint liveness detection , 2005 .

[43]  Greig Paul,et al.  Fingerprint Authentication is here, but are we ready for what it brings? , 2015 .

[44]  Arun Ross,et al.  Biometric template security: Challenges and solutions , 2005, 2005 13th European Signal Processing Conference.

[45]  Driss Aboutajdine,et al.  Trace Attack against Biometric Mobile Applications , 2016, Mob. Inf. Syst..

[46]  Mun-Kyu Lee,et al.  Security Analysis and Improvement of Fingerprint Authentication for Smartphones , 2016, Mob. Inf. Syst..

[47]  Ruby B. Lee,et al.  Multi-sensor authentication to improve smartphone security , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).