A Survey of Android Mobile Phone Authentication Schemes

The Android operating system is the most popular mobile operating system resulting in a great number of applications being developed for the platform. This makes them vulnerable to security threats such as social engineering, shoulder surfing and Malware. Therefore, Android devices require a secure authentication scheme in order to control access to the device. This paper briefly discusses the mobile security threats, the authentication protocols and Android Security. Then the paper presents an analysis of some of the authentication schemes that are used in mobile devices and some of the threats and technical issues faced. Authentication schemes discussed include password/pin, pattern based authentication, fingerprint recognition, facial recognition, vocal recognition and iris based authentication. In discussing the various authentication methods, it was observed that while biometric based authentication schemes offered the greatest level of security, there was always a trade-off between computational complexity and ease of use/implementation/cost that ensured that more traditional authentication schemes, while not as secure as biometric schemes, are still widely used in mobile devices.

[1]  Sergey Maydebura,et al.  Understanding environmental influences on performing password-based mobile authentication , 2013, 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI).

[2]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[3]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[4]  R. C. Johnson,et al.  Secure voice-based authentication for mobile devices: vaulted voice verification , 2012, Defense, Security, and Sensing.

[5]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[6]  Jaihie Kim,et al.  An eye detection method robust to eyeglasses for mobile iris recognition , 2017, Expert Syst. Appl..

[7]  Selina Sharmin,et al.  A Survey of Biometrics Security System , 2011 .

[8]  Daan Broeder,et al.  A data infrastructure reference model with applications: towards realization of a ScienceTube vision with a data replication service , 2013, Journal of Internet Services and Applications.

[9]  Sahin Albayrak,et al.  Enhancing security of linux-based android devices , 2008 .

[10]  Jian Shen,et al.  An ID-Based Linearly Homomorphic Signature Scheme and Its Application in Blockchain , 2018, IEEE Access.

[11]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[12]  Jaihie Kim,et al.  An empirical study on iris recognition in a mobile phone , 2016, Expert Syst. Appl..

[13]  William Klieber,et al.  Smartphone Security , 2015, IEEE Pervasive Computing.

[14]  Thirimachos Bourlai,et al.  Face recognition outside the visible spectrum , 2016, Image Vis. Comput..

[15]  Carol J. Fung,et al.  A Survey of Android Security Threats and Defenses , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[16]  Kavita Sharma,et al.  Smartphone Security: Review of Challenges and Solution , 2016, ICTCS.

[17]  Nasir D. Memon,et al.  DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices , 2017, Comput. Secur..

[18]  Luisa Verdoliva,et al.  Iris liveness detection for mobile devices based on local descriptors , 2015, Pattern Recognit. Lett..

[19]  Jian Shen,et al.  Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[20]  Gregory D. Abowd,et al.  A gesture-based authentication scheme for untrusted public terminals , 2004, UIST '04.

[21]  Sholom Cohen,et al.  Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits , 2014, 2014 IEEE Security and Privacy Workshops.

[22]  Seok Won Lee,et al.  A Security Analysis and Reinforcement Design Adopting Fingerprints over Drawbacks of Passwords Based Authentication in Remote Home Automation Control System , 2017 .

[23]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[24]  Serge Egelman,et al.  The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens , 2016, CHI.

[25]  MalkinNathan,et al.  THE ANATOMY OF SMARTPHONE UNLOCKING , 2017 .

[26]  Daniel González-Jiménez,et al.  Face recognition for authentication on mobile devices , 2016, Image Vis. Comput..

[27]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[28]  Johannes Sametinger,et al.  Secure and usable authentication on mobile devices , 2012, MoMM '12.

[29]  Slinger Jansen,et al.  Mobile Software Security Threats in the Software Ecosystem, a Call to Arms , 2017, ICSOB.

[30]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[31]  Zhaoquan Cai,et al.  Towards secure and flexible EHR sharing in mobile health cloud under static assumptions , 2017, Cluster Computing.

[32]  Amira B. Sallow,et al.  Android Security: A Review , 2017 .

[33]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[34]  Stephanie Schuckers,et al.  Determination of vitality from a non-invasive biomedical measurement for use in fingerprint scanners , 2003, Pattern Recognit..