Professional Documents
Culture Documents
Research Article
DOI: https://doi.org/10.21203/rs.3.rs-2520547/v1
License: This work is licensed under a Creative Commons Attribution 4.0 International License.
Read Full License
Abstract
Data authentication is vital nowadays, as the development of the internet and its applications allow users to have all -time
data availability, attracting attention towards security and privacy and leading to authenticating legitimate users. We have
diversified means to gain access to our accounts, like passwords, biometrics, and smartcards, even by merging two or more
techniques or various factors of authentication. This paper presents a systematic literature review of papers published from
2010 to 2022 and gives an overview of all the authentication techniques available in the market. Our study provides a
comprehensive overview of all three authentication techniques with all the performance metrics (Accuracy, Equal Error Rate
(EER), False Acceptance Rate (FAR)), security, privacy, memory requirements, and usability (Acceptability by user)) that
will help one choose a perfect authentication technique for an application. In addition, the study also explores the
performance of multimodal and multi-factor authentication and the application areas of authentication.
Keywords Authentication, Knowledge-Based, Biometric-based, Possession-based, Multimodal authentication, Performance.
2022
2010
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
reviewed approximately 204 papers from various journals,
including 57 papers on knowledge-based, 117 papers on
inherence-based, and 30 papers on Possession based of Inhernce Factor Token Factor
different journals, as shown in Fig 2 Mutimodal Knowledge Factor
Table 1 Research Questions.
S.No Question Motivation Fig 3 Year-wise paper distribution
RQ1 What are the various To know all the
factors that come objects that can 3 Authentication Techniques
under the basic three be used for
authentication authentication. 3.1 Knowledge Factor-Based
techniques? Authentication
RQ2 How to evaluate the To know the Knowledge factor-based authentication schemes are
performance of impact of factors generally based on the anamnesis of some text or pictures.
authentication on the So based on that, it is classified into two types: -
techniques. What performance of 1. Text-based
factors are the system. 2. Image-based
considered? 3.1.1 Authentication based on Text-based
RQ3 Can we merge various To know the (alphanumeric) Passwords
factors of impact of In this authentication technique, the user must
authentication in a merging two or answer some question(s), assuming that only the
single technique? more authenticated user knows the accurate answer. It is a
authentication traditional knowledge factor-based authentication scheme in
factors. which the user uses PINs (Personal Identification Numbers)
RQ4 What are the To know the and Passwords. To make passwords complex, users may
applications of usage of choose the name of their near ones, date of birth,
4
Anniversaries, telephone number, hobbies, or a generally called a Brute Force attack. Although it is seen as
combination. the weakest, it is also the simplest to gain access to any
authentication system [11]. However, people using PINs as
a password for authentication needed to be doing it
Table 2 Systematic Literature Surve
Database Search String # Removing Selected Selected Selected by Final
duplication based on based on reading Full Considered
Title Abstract Paper
IEEE Xplore “All Metadata” 170
(Authentication) AND “All
Metadata:” (Knowledge
based)
356 240 203 93 93
‘authentication” AND 56
“biometric based”
‘authentication” AND 20
“Token based”
ACM [Title: 87
authentication] AND [Abstr
act: knowledge based]
98 54 42 38 38
[Title: 89
authentication] AND [Abstr
act: biometric based]
[Title: 88
authentication] AND [Abstr
act: token based]
Total 1168 728 470 366 204 204
of some of them as passwords, which can be attacked by properly, as a survey by SKurkovsky. et al. illustrate that
the attacker based on personal Information [9], [10]. It is once they set the password, 45% of users use the same PIN
the most widely used authentication method. It is for a lifetime and never change it. Additionally, only 13%
associated with many vulnerabilities, as the attacker can of users have changed their PIN more than once when
successfully access the targeted system by continuously someone figures it out, and 42% have changed it only once
trying the different possible password combinations unless in a lifetime [12].
he can access the system. This technique of attacking is It has also been seen that the strength of the password
chosen for the authentication process can also affect user PasswordStrengthCalculator.org to check the strength of
authentication. A study suggests that the strength of a their passwords and whether they are vulnerable to brute
password depends upon three factors- the length of the force attacks [14]. We have studied some techniques to
Password, cardinality, and entropy. Cardinality defines the Increase the strength of passwords described in table 3.
set of different characters used. For example, a cardinality Thus, the password authentication system can be
of 98 means the password has been created from a pool of used as an authentication mechanism. Still, we should
98 different characters, including uppercase alphabets (A- encourage using strong and less predictable passwords that
Z), lowercase alphabets (a-z), and digits (0-9) and some can also remember and maintain security, which seems
special characters ($, @, &). Entropy defines the strength challenging. It is considered the weakest level of
of a password in bits. A password of length 8 and 94 authentication [15], as an intruder can gain access through
cardinality will have a 52.4-bit entropy value and be various techniques [16, 17]. Although techniques in
cracked in 0.07 seconds by a supercomputer. In 20 minutes [18,19,20] described the origin of solid passwords in simple
by a PC & GPU, a password of length 12-character and 94 ways, they apply only to computers with keyboards and only
cardinalities will have a 78.7-bit entropy that will take 55 to single machines and are not useful for logging in from
days to crack by a supercomputer and 3018 years to crack multiple systems.
by PC & GPU [13]. Users can use
Table 3: Text-Based Authentication
Ref Technique used Accuracy Efficiency Security Usabil Remarks
ity
[18] ALPHApwd password ---- Password Using Probabilistic High Simple and easy to
generation strategy- creation time- 10 Context-free grammar use, Low cost, Easy to
Password is based on Sec attacking algorithm- manage
Mnemonic shape Recall Time- 11 23.3 % Success rate
Sec with 108 guesses
[19] Optiwords: - Draw a 81.8% Password Using Probabilistic High Not applicable on
drawing on the Success Rate Creation-76.6 Sec Context-free grammar different devices such
keyboard and then Authentication attacking algorithm- as ATMs,
convert the drawing Time:36.9Sec 12.1% success rate smartphones, etc.
to text. with 1014 guesses You need to
remember the shape
as well as the starting
point.
3.1.2. Authentication based on graphical based classified into two different categories:
(images) password Recognition-based graphical techniques: In this
The password-based authentication system that we technique, the user is presented with various images and is
have discussed till now requires users to select stronger authenticated by recognizing and selecting the images the
passwords that can be easy to remember, but it is well user has selected during the registration phase.
known that both these things about the passwords are Recall-based graphical techniques: The user should
contradictory to each other, as a user cannot remember regenerate what he has generated during the registration
strong password and the passwords which user can easily phase in the recall-based graphical technique.
recall are easy to guess [21,22,23]. The recall-based graphical technique is further
The subsequent authentication system under knowledge divided into two categories:
factor-based authentication is a visual pass authentication Pass Points
system. The user has to select from images shown on his Cued Click Points
GUI (Graphical User Interface) in a specific order. Greg The difference between Pass points and cued click
Blonder first give the idea of graphical passwords in the points is in table 4.
year 1996. According to a study, the human brain is more
adept at recalling what they see (pictures) than
alphanumeric characters.
Pass Point On a single Single No connection Shoulder Cued Click pass points Difficult to Susceptible to
image, all Image Surfing are developed to memorize Shoulder
objects overcome the Surfing attack
need to be disadvantage of pass
select points.
Cued Click The Multiple Based on the Shoulder To overcome attacks Easy to The persuasive
Pass point sequence images current click Surfing Persuasive, click memorize feature made it
of images next set of the points technique is images free from
based on image will be developed, which is because of shoulder surfing
click shown developed by adding the vulnerability.
the persuasive feature sequence
to CCP [25].
Thus, the goal was to motivate the use of more The entropy of this system on a password space of 226 *226 is
secure passwords for authentication by making less 83.14 bits, approximately equal to the 12-length long textual
confident choices that consume less time and are not password. In [27], Azad Et al. propose a system using
tedious, giving rise to graphical passwords. Also, Graphical multiple vibration codes and graphical patterns to
passwords are easy to remember as humans can recall authenticate. They have used a 2*2 grid, and each grid is an
pictures better than text passwords. Table 5 shows the area to acquire a vibration code (VC). The user can connect
performance analysis of the various image authentication the four cells while producing the vibration code,
techniques. constructing a pattern for authentication. The proposed
In [25] Chang. Et al. developed a graphical system is suitable for people with low vision or fatty fingers.
password-based keystroke dynamic authentication system, In [35], Nizamani. Et al. proposed a scheme with two
which captures the pressure feature from touch panels on different authentication methods to provide the trade-off
mobile devices. They used computation-efficient statistical between memorability, usability, and security. The easy login
classifiers to calculate the mean and standard deviation. The method is used in a secure environment where the user is
proposed system is highly usable as the graphical password sitting alone and can authenticate himself using traditional
may be revealed through shoulder suffering. However, the login methods. In contrast, the secure login method requires
pressure feature is still unknown and is suitable for low- a three-step procedure to authenticate. The proposed system
power handheld devices. In [26] sun. et al. propose using the is resilient to brute-force, dictionary, and shoulder-suffering
world map for graphical authentication, where the user attack.
selects two click-points as passwords on a large world map.
Table 5: Image-Based Authentication
Ref Technique Used Accuracy Efficiency Security Usability Memory Privacy
Requirement
[25] Graphical EER= 6.9% Classifier ---- High 7.29 X 10^8 ----
password and Building: 4ms
pressure feature Authentication
Phase=2ms
[26] PassMap (Google 81.13% Accurate 55.64Seconds Secure --- 2^26 x 2^26 x -----
Maps) (Average of 6 against 0.2905 Pixels
attempts) brute-
force
attack
[27] Vibration and 83% in two tries ------ Secure ------ ---- -----
Pattern Code
[28] Persuasive Cued 93% Success rate 68 Seconds --- --- --- ---
Click Points
[35] Alphanumeric and ----- 40.16 Seconds Yes Yes` --- ---
images
The drawback of Image-based recognition information [29,30,31].
techniques: However, a novel authentication system PassMatrix has
Image-based passwords are not vulnerable to brute force been proposed [32] to resist graphical passwords from
and dictionary attacks but are still vulnerable to shoulder shoulder suffering attacks to overcome this problem. They
surfing attacks (SSAs) [24]. To obtain the image password, use a one-time valid login indicator and circulative
the attacker may directly observe the selection pattern of the horizontal and vertical bars that cover the entire scope of
image or use a screen recorder that captures the selected pass images. Thus, even after several camera-based attacks,
series of images and can access the PINs and other sensitive the PassMatrix offers no hint for attackers to figure out the
password. They have successfully implemented the announced password-free login to android apps and used
PassMatrix on Android, thus achieving resistance to smart locks to authenticate apps [36].
shoulder suffering and the system also proves its usability. The difference between Knowledge factors based (Text
The knowledge-based authentication technique is a popular Passwords and graphical password authentication
technique used by the largest population of world users, but techniques [33,34] is shown in Table 6.
it suffers from several vulnerabilities. In May 2016, Google
Table 6: Difference Between Text-Based and Image-Based Authentication
Difference Technique Password Remembrance Processing Security Authentic
Input Speed ation
Textual In this, we use Alphanumer Weak passwords Fast Less Secure as Low
Password alphanumeric passwords ic characters are easy to recall can be easily
as authentication. than solid guessed
passwords.
Graphical This authentication works Images Easy to recall as we Minimum Difficult to Secured
Password by selecting a sequence of are good at consumption guess multiple
images in a specific order. recalling images due to images by an
digitization. attacker
[44] Non-Minutiae Poincare Index Accuracy- Not Define 08 Minutes --- --- ---
feature Based method, 81.9%
NIST SD27 neighboring
minutiae-based
descriptor
[45] Minutiae Based Ridge-based EER-1.8% Not Define 83 ms --- --- ---
FVC2002, FVC Coordinate
2004 system, graph
matching,
Breadth First
Search,
[46] Minutiae Based Classifier: SVM Accuracy- --------- ---------- ------ ----- ------
Privacy- 99.39%
Preserving:
CHAUM-
PEDERSEN
PROTOCOL
[47] Minutiae Based Minutiae based EER- 0% Yes 0.074 Sec ------ Yes -----
FVC2002, feature
FVC2004 extraction
*A low EER Value indicates a high accuracy of illumination. It has been done since Daugman,
the system. which reported very high recognition rates in a
Fingerprints are most commonly used for constrained environment when the images are taken
authentication and have various application through a near-infrared camera in a controlled
domains ranging from forensics to mobile phones. environment [61]. When the image acquisition
Today we commonly have a fingerprint scanner on condition is not constrained, many acquired images
our mobile phones, Even Mobile companies like suffer from blur by motion or defocused specular
Apple, which is one of the highest sellers of mobile reflections or the shadow of eyelids and
phones used fingerprints as authentication since segmentation errors. Iris recognition using visible
2013 when they introduced the iPhone 5s [50], light illumination has attraction and is also used in
which is also susceptible to vulnerable to spoofing mobile devices for authentication [62]. The feature
according to authors of [48,49]. We do not have to extraction algorithm to extract iris features from
use fingerprint authentication systems because they visible light must be tailored to the number of
are vulnerable to spoofing or can be readily features to improve accuracy [57]. We have
available on any surface. There are many factors reviewed various papers to analyze the performance
involved while selecting an authentication system, of retina scan systems, and the various metrics are
i.e., security to which extent required, the cost can shown in Table 8.
invest, the speed wanted from the system, and the However, the study shows that the accuracy
accuracy, i.e., EER of the system. of visible light illumination images differs from that
Based on the above factor, we can select the of near-infrared images. In the table shown above,
type of authentication like we can use a Fingerprint we have studied papers that took eye images from
for less secure information as it is an affordable various datasets like CASIA, VISOB, and UBIRIS.
device [51,52] having optimum performance and However, no research proves visible-light iris
EER. Nevertheless, all the papers discussed above recognition can achieve accuracy close to that of
do not concern privacy except [42,47], which near-infrared iris recognition in similar conditions of
proposes an alignment-free hashing algorithm that use. The visible-light iris recognition may find use
generates a graph based on the inner minutia in lower-security applications, enabled by the
minimum distance and produces a secure ubiquitous use of mobile devices. However, many
fingerprint hash of 133 bits. Privacy can be violated users have reported eye discomfort while using them
when the biometric information stored in the [64], which might lead to more severe eye-health
database can be stolen or tampered with by issues, showing the iris recognition system's
someone. usability.
3.2.2 Authentication based on Retina Scan The Hackers in [63] have exhibited that it is
Iris is one of the essential parts of the human eye as possible to capture the victim's image furtively from
it controls the size of the pupil that directs the a distance of 5m and use it to dodge the iris scan.
amount of light entering the pupil. It is situated Since the iris-scan works through infrared
behind the cornea and in front of the lens. The iris illumination on eyes from a short distance (_ 30cm).
acknowledgment was first proposed in 1987 by folm Venugopalan in [65] & Rathgeb in [66]
and safir. [53], [54], iris recognition technology create the iris texture starting from just the iris bit
offers the highest accuracy of other biometric code stored as a template in memory and create a
recognition systems. It is because the feature of the spoof iris by embedding it with any other iris texture
iris is extraordinarily stable and has not changed for which gives the same recognition rate as a natural-
many years, except for identical twins or even looking iris, thus violating the security as well as the
among the left and right eyes of a similar individual privacy of iris authentication system.
[53]. Iris’s characteristics are unique for every Kausar [68] proposes a cancelable iris-based
individual. The iris is fully formed when the human authentication system that stores the healthcare data
is ten months old and remains the same for their encrypted with AES in a smart card. The symmetric
lifetime [58]. We have studied various research key of size 252 bits is used for encryption and
papers based on iris recognition, which proves that decryption, which is also encoded using Reed-
as the size of the pupil varies based on the amount Solomon encoding scheme.
of light entering the eyes, thus generally, all iris
recognition operates usually on near-infrared
10
Ref Database Method Used Execution Accuracy/P Distance Security Privacy Memory
(Segmentation Time erformance Requirement
)
[55] VISOB K–Means 0.46 Sec RPLD - 34.3 ------ -------- ---- -----
Clustering RLD - 91.52
Daugman’s
algorithm to
find iris radius
[56] CASIA.V4 Walker’s 1.53 Sec Accuracy- >3 meter ---- ---- -----
UBIRIS.v2 algorithm 0.7 Sec 86.5% 4-9 meter
FRGC Segmentation 1.53 Sec NA
[57] CASIA.V4 Localized 368.2 sec ----- >3 meter ----- ----- -----
UBIRIS.v2 texture 136.3 Sec 4-9 meter
FRGC description 51.1 Sec NA
based on ZMs
[59] WVU-IBIDC Direct Least ----- FAR- 0.02% 4 Inches ---- --- ----
Square Ellipse
and Geometric
Calibration
[60] UBIRIS.v2 IWT 1.03 Sec Accuracy- 4-9 meter --- --- ----
98.9%
However, if we consider the equipment cost, it is vein pattens are invisible through naked eyes thus
slightly high in palm vein authentication systems. possess security but privacy protection still a need to
They have not been seen in ordinary mobile devices protect the database.
for authentication. However, they have deployed in
many areas in Japan [93]. The costliest part of the The summary of various authentication techniques
image acquisition device is the camera of high- based on the performance parameters is shown in
resolution NIR CCD, and most of the NIR devices are Table 11. The definition of quality level is defined in
not cheap [104]. However, Ramachandra in [103] Table 12.
designs a low-cost camera for vein acquisition. Palm
Table 11: Summary of biometric authentication system
Techniques Security Accuracy Privacy Execution Time Usability
Fingerprint Based Low Moderate Low Moderate High
The Possession based authentication techniques are techniques based on the performance metrics is shown
generally used in online services as they are more in Fig 4.
prone to hacking than personal devices (like mobile
phones). Therefore, they need to be more secure as 5
breaching the security may result in a heavy amount of
4
data or money loss and thus need to be secured through
3 knowledge
multiple factors. T. limbusiya et al. propose an
2 factor
authentication system using smart cards that can
withstand smartcard losing and password-guessing 1 Inherence
attacks [120]. Location-based possession 0 Factor
authentication systems are not secure as the location of
Possession
a mobile user can be easily tracked [119]. Any of the
Factor
research papers studied not show any information
about the privacy of token-based authentication
systems.
The comparisons of Knowledge based, Fig 4 Comparison of various authentication Techniques
Inherence Based and Possession based authentication
4 Merging of Authentication Techniques
A system using more than one factor for brute force and other dictionary attacks. Sajjad.et.al in
authentication is called multifactor authentication [124] Proposes an anti-spoofing system on the
system (MFA). In multifactor authentication one can combination of fingerprints, palm veins, and face
combine any two or more authentication techniques datasets. The proposed system proves 100% anti-
in one to allow authentication. A review of MFA is spoofing security to authentication, although it
given below in a table 14. increases the computational cost. Kim.et.al in [126]
Sinha.et.al in [123] proposes pattern based creates a smart CCTV surveillance environment for
multifactor authentication techniques by combining smart cities implementation using Face expressions
text and pass grid of images for identifying the and RFID.
legitimate user and proves the system is secure against
Table 14: Multi-Factor authentication Techniques
Ref Factors Used Accuracy Execution Security Privacy Memory Usability
time Required
Merging various Factors of authentication of a single authentication. However, the authentication accuracy
authentication is as called multimodal authentication. decreases to 89.29% in streets which is not enough for
A review of multimodal authentication is represented real time applications.Toygar.et.al in [130] propose a
in table 15. system based on hand crafted feature extractors along
Wu [127] proposes a multimodal authentication with CNN on multimodal features. The system
system by merging lip movement and voice (Inherence achieves an accuracy of 100% with increase I the
Factor) into a single authentication system and proves computational complexity than unimodal
an accuracy of 95% and also publishes a new data set authentication system. The paper discussed in table
of 104 participants of the same. The system estimates below does not talk about the security and privacy of
the lip movement or shape while speaking the various the system they proposed.
words and consider it as a one of the parameters for
Table 15: Multi Modal authentication Techniques
Ref Factors Used Accuracy Execution Security Privacy Memory Usability
Time Required
Recreation
[150,151 ,152] To secure data on the cloud
25% Healthcare
27%
Education [153,154] In Healthcare
authentication systems, including accuracy, execution 9. Li, Y., Wang, H., & Sun, K. (2016). A study of personal
time, security, and privacy, should be emphasized in information in human-chosen passwords and its
security implications. In IEEE INFOCOM 2016 - The 35th
future research. Annual IEEE International Conference on Computer
Communications. IEEE INFOCOM 2016 - IEEE
Research Data Policy and Data Availability Statements Data Conference on Computer Communications. IEEE.
sharing not applicable to this article as no datasets were https://doi.org/10.1109/infocom.2016.7524583
generated or analyzed during the current study. 10. Wang, D., Zhang, Z., Wang, P., Yan, J., & Huang, X. (2016).
Targeted Online Password Guessing. In Proceedings of
the 2016 ACM SIGSAC Conference on Computer and
Declarations Communications Security. CCS’16: 2016 ACM SIGSAC
Conference on Computer and Communications Security.
Competing Interest Divya Singla declares that she has no ACM. https://doi.org/10.1145/2976749.2978339
conflict of interest. Neetu Verma declares that she has no 11. Kaka, J. G., Ishaq, O. O., & Ojeniyi, J. O. (2021).
conflict of interest. Recognition-Based Graphical Password Algorithms: A
Divya Singla certify that this article has no financial or non- Survey. In 2020 IEEE 2nd International Conference on
financial interest to disclose. Neetu Verma certify that this Cyberspace (CYBER NIGERIA). 2020 IEEE 2nd
article has no financial or non-financial interest to disclose. International Conference on Cyberspace (CYBER
NIGERIA). IEEE.
https://doi.org/10.1109/cybernigeria51635.2021.942
8801
Ethical Approval This article does not submit same copy to 12. Haggenmüller, S., Krieghoff-Henning, E., Jutzi, T., Trapp,
more than one journal for considerations. N., Kiehl, L., Utikal, J. S., Fabian, S., & Brinker, T. J. (2021).
Digital Natives’ Preferences on Mobile Artificial
References Intelligence Apps for Skin Cancer Diagnostics: Survey
1. Shah, S. W., & Kanhere, S. S. (2019). Recent Trends in Study. In JMIR mHealth and uHealth (Vol. 9, Issue 8, p.
User Authentication – A Survey. In IEEE Access (Vol. 7, e22909). JMIR Publications Inc.
pp. 112505–112519). Institute of Electrical and https://doi.org/10.2196/22909
Electronics Engineers (IEEE). 13. Ju, Z., Zhang, H., Li, X., Chen, X., Han, J., & Yang, M. (2022).
https://doi.org/10.1109/access.2019.2932400 A Survey on Attack Detection and Resilience for
2. Das, A. K., Zeadally, S., & Wazid, M. (2017). Lightweight Connected and Automated Vehicles: From Vehicle
authentication protocols for wearable devices. In Dynamics and Control Perspective. In IEEE Transactions
Computers & Electrical Engineering (Vol. 63, pp. on Intelligent Vehicles (pp. 1–24). Institute of Electrical
196–208). Elsevier BV. and Electronics Engineers (IEEE).
https://doi.org/10.1016/j.compeleceng.2017.03.008 https://doi.org/10.1109/tiv.2022.3186897
3. Velásquez, I., Caro, A., & Rodríguez, A. (2018). 14. Password strength calculator
Authentication schemes and methods: A systematic http://ww25.passwordstrengthcalculator.org/
literature review. In Information and Software [Accessed Feb 20, 2022]
Technology (Vol. 94, pp. 30–37). Elsevier BV. 15. İşler, D., Küpçü, A., & Coskun, A. (2019). User Perceptions
https://doi.org/10.1016/j.infsof.2017.09.012 of Security and Usability of Mobile-Based Single
4. How do authentication process work. Password Authentication and Two-Factor
https://indiancybersecuritysolutions.com/how-do- Authentication. In Lecture Notes in Computer Science
authentication-process-work/[Accessed Feb, 2022] (pp. 99–117). Springer International Publishing.
5. Walton, S. (1995). Image authentication for a slippery https://doi.org/10.1007/978-3-030-31500-9_7
new age. Dr. Dobb's Journal, 20(4), 18-26. 16. Wang, D., & Wang, P. (2015). Offline Dictionary Attack on
6. Atwady, Y., & Hammoudeh, M. (2017). A Survey on Password Authentication Schemes Using Smart Cards. In
Authentication Techniques for the Internet of Things. In Lecture Notes in Computer Science (pp. 221–237).
Proceedings of the International Conference on Future Springer International Publishing.
Networks and Distributed Systems. ICFNDS ’17: https://doi.org/10.1007/978-3-319-27659-5_16
International Conference on Future Networks and 17. Heartfield, R., & Loukas, G. (2016). A Taxonomy of
Distributed Systems. ACM. Attacks and a Survey of Defence Mechanisms for
https://doi.org/10.1145/3102304.3102312 Semantic Social Engineering Attacks. In ACM Computing
7. Kasim, Ö. (2022). Secure medical image encryption with Surveys (Vol. 48, Issue 3, pp. 1–39). Association for
Walsh–Hadamard transform and lightweight Computing Machinery (ACM).
cryptography algorithm. In Medical & Biological https://doi.org/10.1145/2835375
Engineering & Computing (Vol. 60, Issue 6, pp. 18. Song, J., Wang, D., Yun, Z., & Han, X. (2019). Alphapwd: A
1585–1594). Springer Science and Business Media LLC. Password Generation Strategy Based on Mnemonic
https://doi.org/10.1007/s11517-022-02565-5 Shape. In IEEE Access (Vol. 7, pp. 119052–119059).
8. ISO/IEC JTC1 SC27 Security Techniques, ISO/IEC Institute of Electrical and Electronics Engineers (IEEE).
24745:2022. Information Technology - Security https://doi.org/10.1109/access.2019.2937030
Techniques - Biometric Information Protection, 19. Guo, Y., Zhang, Z., & Guo, Y. (2019). Optiwords: A new
International Organization for Standardization, 2022. password policy for creating memorable and strong
https://www.iso.org/standard/75302.html (accessed passwords. In Computers & Security (Vol. 85, pp.
Feb. 15, 2022) 423–435). Elsevier BV.
https://doi.org/10.1016/j.cose.2019.05.015 Systems, Man, and Cybernetics: Systems (Vol. 44, Issue
20. Lyu, S., Yao, Q., & Song, J. (2022). AvoidPwd: A mnemonic 6, pp. 716–727). Institute of Electrical and Electronics
password generation strategy based on keyboard Engineers (IEEE).
transformation. In China Communications (Vol. 19, Issue https://doi.org/10.1109/tsmc.2013.2270227
10, pp. 92–101). Institute of Electrical and Electronics 31. Greenberg, A. (2014). Google glass snoopers can steal
Engineers (IEEE). your passcode with a glance,” Wired.
https://doi.org/10.23919/jcc.2022.00.027 https://www.wired.com/2014/06/google-glass-
21. Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., & snoopers-can-steal-your-passcode-with-a-glance/
Memon, N. (2005). Authentication using graphical [Accessed 20 march,2022]
passwords. In Proceedings of the 2005 symposium on 32. Sun, H.-M., Chen, S.-T., Yeh, J.-H., & Cheng, C.-Y. (2018). A
Usable privacy and security - SOUPS ’05. the 2005 Shoulder Surfing Resistant Graphical Authentication
symposium. ACM Press. System. In IEEE Transactions on Dependable and Secure
https://doi.org/10.1145/1073001.1073002 Computing (Vol. 15, Issue 2, pp. 180–193). Institute of
22. Ndako Adama, V., Oyebisi Oyefolahan, I., & Ndunagu, J. Electrical and Electronics Engineers (IEEE).
(2021). Pure Recall-Based Graphical User https://doi.org/10.1109/tdsc.2016.2539942
Authentication Schemes: Perspectives from a Closer 33. Patra, K., Nemade, B., Mishra, D. P., & Satapathy, P. P.
Look. In 3rd African Human-Computer Interaction (2016). Cued-Click Point Graphical Password Using
Conference. AfriCHI 2021: 3rd African Human-Computer Circular Tolerance to Increase Password Space and
Interaction Conference. ACM. Persuasive Features. In Procedia Computer Science (Vol.
https://doi.org/10.1145/3448696.3448721 79, pp. 561–568). Elsevier BV.
23. Chiasson, S., Stobert, E., Forget, A., Biddle, R., & Van https://doi.org/10.1016/j.procs.2016.03.071
Oorschot, P. C. (2012). Persuasive Cued Click-Points: 34. Sosa Valles, P. A., Villalobos-Serrano, J. G., Martinez
Design, Implementation, and Evaluation of a Knowledge- Pelaez, R., Garcia, V., Parra Michel, J. R., Velarde Alvarado,
Based Authentication Mechanism. In IEEE Transactions P., & Mena, L. (2018). My Personal Images as My
on Dependable and Secure Computing (Vol. 9, Issue 2, Graphical Password. In IEEE Latin America Transactions
pp. 222–235). Institute of Electrical and Electronics (Vol. 16, Issue 5, pp. 1516–1523). Institute of Electrical
Engineers (IEEE). and Electronics Engineers (IEEE).
https://doi.org/10.1109/tdsc.2011.55 https://doi.org/10.1109/tla.2018.8408449
24. Carter, N. J. (2015). Graphical Passwords for Older 35. Nizamani, S. Z., Hassan, S. R., Shaikh, R. A., Abozinadah, E.
Computer Users. In Proceedings of the 28th Annual ACM A., & Mehmood, R. (2021). A Novel Hybrid Textual-
Symposium on User Interface Software & Graphical Authentication Scheme With Better Security,
Technology - UIST ’15 Adjunct. the 28th Annual ACM Memorability, and Usability. In IEEE Access (Vol. 9, pp.
Symposium. ACM Press. 51294–51312). Institute of Electrical and Electronics
https://doi.org/10.1145/2815585.2815593 Engineers (IEEE).
25. Chang, T.-Y., Tsai, C.-J., & Lin, J.-H. (2012). A graphical- https://doi.org/10.1109/access.2021.3069164
based password keystroke dynamic authentication 36. Google plans to bring password-free logins to Android
system for touch screen handheld mobile devices. In apps by year-end.
Journal of Systems and Software (Vol. 85, Issue 5, pp. https://techcrunch.com/2016/05/23/google-plans-to-
1157–1165). Elsevier BV. bring-password-free-logins-to-android-apps-by-year-
https://doi.org/10.1016/j.jss.2011.12.044 end/ [Accessed 24, March 2022]
26. Sun, H.-M., Chen, Y.-H., Fang, C.-C., & Chang, S.-Y. (2012). 37. Handbook of Biometric Anti-Spoofing. (2019). In S.
PassMap. In Proceedings of the 7th ACM Symposium on Marcel, M. S. Nixon, J. Fierrez, & N. Evans (Eds.),
Information, Computer and Communications Security - Advances in Computer Vision and Pattern Recognition.
ASIACCS ’12. the 7th ACM Symposium. ACM Press. Springer International Publishing.
https://doi.org/10.1145/2414456.2414513 https://doi.org/10.1007/978-3-319-92627-8
27. Azad, S., Rahman, M., Ranak, M. S. A. N., Ruhee, B. M. F. K., 38. Awad, A. I., & Hassanien, A. E. (2014). Impact of Some
Nisa, N. N., Kabir, N., Rahman, A., & Mohamad Zain, J. Biometric Modalities on Forensic Science. In Studies in
(2017). VAP code: A secure graphical password for Computational Intelligence (pp. 47–62). Springer
smart devices. In Computers & Electrical International Publishing. https://doi.org/10.1007/978-
Engineering (Vol. 59, pp. 99–109). Elsevier BV. 3-319-05885-6_3
https://doi.org/10.1016/j.compeleceng.2016.12.007 39. Ali, S. F., Khan, M. A., & Aslam, A. S. (2020). Fingerprint
28. Shah, A., Ved, P., Deora, A., Jaiswal, A., & D’silva, M. matching, spoof and liveness detection: classification
(2015). Shoulder-surfing Resistant Graphical Password and literature review. In Frontiers of Computer Science
System. In Procedia Computer Science (Vol. 45, pp. 477– (Vol. 15, Issue 1). Springer Science and Business Media
484). Elsevier BV. LLC. https://doi.org/10.1007/s11704-020-9236-4
https://doi.org/10.1016/j.procs.2015.03.084 40. Fu, X., & Feng, J. (2015). Minutia Tensor Matrix: A New
29. Amruth, M. D., & Praveen, K. (2015). Android Smudge Strategy for Fingerprint Matching. In W.-B. Du (Ed.),
Attack Prevention Techniques. In Advances in Intelligent PLOS ONE (Vol. 10, Issue 3, p. e0118910). Public Library
Systems and Computing (pp. 23–31). Springer of Science (PLoS).
International Publishing. https://doi.org/10.1007/978- https://doi.org/10.1371/journal.pone.0118910
3-319-23258-4_3 41. de Macedo Rodrigues, R., Costa, M. G. F., & Costa Filho, C.
30. Kwon, T., Shin, S., & Na, S. (2014). Covert Attentional F. F. (2013). Fingerprint verification using characteristic
Shoulder Surfing: Human Adversaries Are More vectors based on planar graphics. In Signal, Image and
Powerful Than Expected. In IEEE Transactions on Video Processing (Vol. 9, Issue 5, pp. 1121–1135).
20
Springer Science and Business Media LLC. Conference & Workshop on Emerging Trends in
https://doi.org/10.1007/s11760-013-0548-9 Technology - ICWET ’11. the International Conference &
42. Das, P., Karthik, K., & Chandra Garai, B. (2012). A robust Workshop. ACM Press.
alignment-free fingerprint hashing algorithm based on https://doi.org/10.1145/1980022.1980038
minimum distance graphs. In Pattern Recognition (Vol. 54. Shah, S., & Ross, A. (2009). Iris Segmentation Using
45, Issue 9, pp. 3373–3388). Elsevier BV. Geodesic Active Contours. In IEEE Transactions on
https://doi.org/10.1016/j.patcog.2012.02.022 Information Forensics and Security (Vol. 4, Issue 4, pp.
43. Gutierrez, P. D., Lastra, M., Herrera, F., & Benitez, J. M. 824–836). Institute of Electrical and Electronics
(2014). A High Performance Fingerprint Matching Engineers (IEEE).
System for Large Databases Based on GPU. In IEEE https://doi.org/10.1109/tifs.2009.2033225
Transactions on Information Forensics and Security 55. Reddy, N., Rattani, A., & Derakhshani, R. (2016). A robust
(Vol. 9, Issue 1, pp. 62–71). Institute of Electrical and scheme for iris segmentation in mobile environment. In
Electronics Engineers (IEEE). 2016 IEEE Symposium on Technologies for Homeland
https://doi.org/10.1109/tifs.2013.2291220 Security (HST). 2016 IEEE Symposium on Technologies
44. Jain, A. K., & Jianjiang Feng. (2011). Latent Fingerprint for Homeland Security (HST). IEEE.
Matching. In IEEE Transactions on Pattern Analysis and https://doi.org/10.1109/ths.2016.7568948
Machine Intelligence (Vol. 33, Issue 1, pp. 88–100). 56. Tan, C.-W., & Kumar, A. (2013). Towards Online Iris and
Institute of Electrical and Electronics Engineers (IEEE). Periocular Recognition Under Relaxed Imaging
https://doi.org/10.1109/tpami.2010.59 Constraints. In IEEE Transactions on Image Processing
45. Choi, H., Choi, K., & Kim, J. (2011). Fingerprint Matching (Vol. 22, Issue 10, pp. 3751–3765). Institute of Electrical
Incorporating Ridge Features With Minutiae. In IEEE and Electronics Engineers (IEEE).
Transactions on Information Forensics and Security https://doi.org/10.1109/tip.2013.2260165
(Vol. 6, Issue 2, pp. 338–345). Institute of Electrical and 57. Tan, C.-W., & Kumar, A. (2012). Unified Framework for
Electronics Engineers (IEEE). Automated Iris Segmentation Using Distantly Acquired
https://doi.org/10.1109/tifs.2010.2103940 Face Images. In IEEE Transactions on Image Processing
46. Tran, Q. N., Turnbull, B. P., Wang, M., & Hu, J. (2022). A (Vol. 21, Issue 9, pp. 4068–4079). Institute of Electrical
Privacy-Preserving Biometric Authentication System and Electronics Engineers (IEEE).
With Binary Classification in a Zero Knowledge Proof https://doi.org/10.1109/tip.2012.2199125
Protocol. In IEEE Open Journal of the Computer Society 58. Khoirunnisaa, A. Z., Hakim, L., & Wibawa, A. D. (2019).
(Vol. 3, pp. 1–10). Institute of Electrical and Electronics The Biometrics System Based on Iris Image Processing:
Engineers (IEEE). A Review. In 2019 2nd International Conference of
https://doi.org/10.1109/ojcs.2021.3138332 Computer and Informatics Engineering (IC2IE). 2019
47. Ali, A., Baghel, V. S., & Prakash, S. (2022). A novel 2nd International Conference of Computer and
technique for fingerprint template security in biometric Informatics Engineering (IC2IE). IEEE.
authentication systems. In The Visual Computer. https://doi.org/10.1109/ic2ie47452.2019.8940832
Springer Science and Business Media LLC. 59. Moi, S. H., Asmuni, H., Hassan, R., & Othman, R. M. (2014).
https://doi.org/10.1007/s00371-022-02726-5 A unified approach for unconstrained off-angle iris
48. The Guardian. (2013). iPhone 5S Fingerprint Sensor recognition. In 2014 International Symposium on
Hacked by Germany's Chaos Computer Club. (Online). Biometrics and Security Technologies (ISBAST). 2014
Available: www. International Symposium on Biometrics and Security
theguardian.com/technology/2013/sep/22/apple- Technologies (ISBAST). IEEE.
iphone-ngerprintscanner-hacked. [Accessed August, https://doi.org/10.1109/isbast.2014.7013091
2022] 60. Singh, G., Singh, R. K., Saha, R., & Agarwal, N. (2020). IWT
49. Yang, W., Hu, J., Fernandes, C., Sivaraman, V., & Wu, Q. Based Iris Recognition for Image Authentication. In
(2016). Vulnerability analysis of iPhone 6. In 2016 14th Procedia Computer Science (Vol. 171, pp. 1868–1876).
Annual Conference on Privacy, Security and Trust (PST). Elsevier BV.
2016 14th Annual Conference on Privacy, Security and https://doi.org/10.1016/j.procs.2020.04.200
Trust (PST). IEEE. 61. Daugman, J. (2006). Probing the Uniqueness and
https://doi.org/10.1109/pst.2016.7907000 Randomness of IrisCodes: Results From 200 Billion Iris
50. Macworld. (2013). The iPhone 5s fingerprint reader: Pair Comparisons. In Proceedings of the IEEE (Vol. 94,
what you need to know. (online) Issue 11, pp. 1927–1935). Institute of Electrical and
https://www.macworld.com/article/221849/the- Electronics Engineers (IEEE).
iphone-5s-fingerprint-reader-what-you-need-to- https://doi.org/10.1109/jproc.2006.884092
know.html. [Accessed August, 2022]. 62. Trokielewicz, M., & Bartuzi, E. (2018). Cross-spectral Iris
51. Bayometric. (online) https://www.bayometric.com/ Recognition for Mobile Applications using High-quality
[Accessed August, 2022]. Color Images. arXiv.
52. Rui, Z., & Yan, Z. (2019). A Survey on Biometric https://doi.org/10.48550/ARXIV.1807.04061
Authentication: Toward Secure and Privacy-Preserving 63. ArsTECHNICA. Breaking the iris scanner locking
Identification. In IEEE Access (Vol. 7, pp. 5994–6009). Samsung’s galaxy S8 is laughable easy.
Institute of Electrical and Electronics Engineers (IEEE). https://arstechnica.com/information-
https://doi.org/10.1109/access.2018.2889996 technology/2017/05/breaking-the-iris-scanner-
53. Kekre, H. B., Thepade, S. D., Jain, J., & Agrawal, N. (2011). locking-samsungs-galaxy-s8-is-laughably-easy/[
Iris recognition using texture features extracted from Accessed September, 2022]
Walshlet pyramid. In Proceedings of the International 64. Shah, S. W., & Kanhere, S. S. (2019). Recent Trends in
User Authentication – A Survey. In IEEE Access (Vol. 7, 75. Sharma, S., Bhatt, M., & Sharma, P. (2020). Face
pp. 112505–112519). Institute of Electrical and Recognition System Using Machine Learning Algorithm.
Electronics Engineers (IEEE). In 2020 5th International Conference on Communication
https://doi.org/10.1109/access.2019.2932400 and Electronics Systems (ICCES). 2020 5th International
65. Venugopalan, S., & Savvides, M. (2011). How to Generate Conference on Communication and Electronics Systems
Spoofed Irises From an Iris Code Template. In IEEE (ICCES). IEEE.
Transactions on Information Forensics and Security https://doi.org/10.1109/icces48766.2020.9137850
(Vol. 6, Issue 2, pp. 385–395). Institute of Electrical and 76. Mai, G., Cao, K., Yuen, P. C., & Jain, A. K. (2019). On the
Electronics Engineers (IEEE). Reconstruction of Face Images from Deep Face
https://doi.org/10.1109/tifs.2011.2108288 Templates. In IEEE Transactions on Pattern Analysis and
66. Rathgeb, C., & Busch, C. (2017). On the feasibility of Machine Intelligence (Vol. 41, Issue 5, pp. 1188–1202).
creating morphed iris-codes. In 2017 IEEE International Institute of Electrical and Electronics Engineers (IEEE).
Joint Conference on Biometrics (IJCB). 2017 IEEE https://doi.org/10.1109/tpami.2018.2827389
International Joint Conference on Biometrics (IJCB). 77. Di Wen, Hu Han, & Jain, A. K. (2015). Face Spoof
IEEE. https://doi.org/10.1109/btas.2017.8272693 Detection With Image Distortion Analysis. In IEEE
67. Srivastava, V., Tripathi, B. K., & Pathak, V. K. (2012). Transactions on Information Forensics and Security
Biometric recognition by hybridization of evolutionary (Vol. 10, Issue 4, pp. 746–761). Institute of Electrical and
fuzzy clustering with functional neural networks. In Electronics Engineers (IEEE).
Journal of Ambient Intelligence and Humanized https://doi.org/10.1109/tifs.2015.2400395
Computing (Vol. 5, Issue 4, pp. 525–537). Springer 78. Kose, N., & Dugelay, J.-L. (2013). On the vulnerability of
Science and Business Media LLC. face recognition systems to spoofing mask attacks. In
https://doi.org/10.1007/s12652-012-0161-8 2013 IEEE International Conference on Acoustics,
68. Kausar, F. (2021). Iris based cancelable biometric Speech and Signal Processing. ICASSP 2013 - 2013 IEEE
cryptosystem for secure healthcare smart card. In International Conference on Acoustics, Speech and
Egyptian Informatics Journal (Vol. 22, Issue 4, pp. 447– Signal Processing (ICASSP). IEEE.
453). Elsevier BV. https://doi.org/10.1109/icassp.2013.6638076
https://doi.org/10.1016/j.eij.2021.01.004 79. Galbally, J., McCool, C., Fierrez, J., Marcel, S., & Ortega-
69. Sigal, L., Sclaroff, S., & Athitsos, V. (2004). Skin color- Garcia, J. (2010). On the vulnerability of face verification
based video segmentation under time-varying systems to hill-climbing attacks. In Pattern Recognition
illumination. In IEEE Transactions on Pattern Analysis (Vol. 43, Issue 3, pp. 1027–1038). Elsevier BV.
and Machine Intelligence (Vol. 26, Issue 7, pp. 862–877). https://doi.org/10.1016/j.patcog.2009.08.022
Institute of Electrical and Electronics Engineers (IEEE). 80. Scherhag, U., Raghavendra, R., Raja, K. B., Gomez-
https://doi.org/10.1109/tpami.2004.35 Barrero, M., Rathgeb, C., & Busch, C. (2017). On the
70. Borkar, N. R., & Kuwelkar, S. (2017). Real-time vulnerability of face recognition systems towards
implementation of face recognition system. In 2017 morphed face attacks. In 2017 5th International
International Conference on Computing Methodologies Workshop on Biometrics and Forensics (IWBF). 2017
and Communication (ICCMC). 2017 International 5th International Workshop on Biometrics and
Conference on Computing Methodologies and Forensics (IWBF). IEEE.
Communication (ICCMC). IEEE. https://doi.org/10.1109/iwbf.2017.7935088
https://doi.org/10.1109/iccmc.2017.8282685 81. Yadav, S., & Vishwakarma, V. P. (2019). Extended
71. Kumar, N., Berg, A., Belhumeur, P. N., & Nayar, S. (2011). interval type-II and kernel based sparse representation
Describable Visual Attributes for Face Verification and method for face recognition. In Expert Systems with
Image Search. In IEEE Transactions on Pattern Analysis Applications (Vol. 116, pp. 265–274). Elsevier BV.
and Machine Intelligence (Vol. 33, Issue 10, pp. 1962– https://doi.org/10.1016/j.eswa.2018.09.032
1977). Institute of Electrical and Electronics Engineers 82. Xie, Y., Li, P., Nedjah, N., Gupta, B. B., Taniar, D., & Zhang,
(IEEE). https://doi.org/10.1109/tpami.2011.48 J. (2022). Privacy protection framework for face
72. Zhen Lei, Pietikainen, M., & Li, S. Z. (2014). Learning recognition in edge-based Internet of Things. In Cluster
Discriminant Face Descriptor. In IEEE Transactions on Computing. Springer Science and Business Media LLC.
Pattern Analysis and Machine Intelligence (Vol. 36, Issue https://doi.org/10.1007/s10586-022-03808-8
2, pp. 289–302). Institute of Electrical and Electronics 83. Watanabe, M., Endoh, T., Shiohara, M., & Sasaki, S. (2005,
Engineers (IEEE). September). Palm vein authentication technology and its
https://doi.org/10.1109/tpami.2013.112 applications. In Proceedings of the biometric consortium
73. Zhen Lei, Shengcai Liao, Pietikäinen, M., & Li, S. Z. (2011). conference (pp. 19-21).
Face Recognition by Exploring Information Jointly in 84. Elnasir, S., & Shamsuddin, S. M. (2014). Proposed scheme
Space, Scale and Orientation. In IEEE Transactions on for palm vein recognition based on Linear
Image Processing (Vol. 20, Issue 1, pp. 247–256). Discrimination Analysis and nearest neighbour
Institute of Electrical and Electronics Engineers (IEEE). classifier. In 2014 International Symposium on
https://doi.org/10.1109/tip.2010.2060207 Biometrics and Security Technologies (ISBAST). 2014
74. Peng Li, Yun Fu, Mohammed, U., Elder, J. H., & Prince, S. J. International Symposium on Biometrics and Security
D. (2012). Probabilistic Models for Inference about Technologies (ISBAST). IEEE.
Identity. In IEEE Transactions on Pattern Analysis and https://doi.org/10.1109/isbast.2014.7013096
Machine Intelligence (Vol. 34, Issue 1, pp. 144–157). 85. Lee, J.-C. (2012). A novel biometric system based on
Institute of Electrical and Electronics Engineers (IEEE). palm vein image. In Pattern Recognition Letters (Vol. 33,
https://doi.org/10.1109/tpami.2011.104 Issue 12, pp. 1520–1528). Elsevier BV.
22
https://doi.org/10.1016/j.patrec.2012.04.007 97. Yan, X., Kang, W., Deng, F., & Wu, Q. (2015). Palm vein
86. Yunanto, P. E., Nugroho, H., & Agung Budi, W. T. (2016). recognition based on multi-sampling and feature-level
Automatic features reduction procedures in palm vein fusion. In Neurocomputing (Vol. 151, pp. 798–807).
recognition. In 2016 International Conference on Elsevier BV.
Advanced Computer Science and Information Systems https://doi.org/10.1016/j.neucom.2014.10.019
(ICACSIS). 2016 International Conference on Advanced 98. Ahmad, F., Cheng, L.-M., & Khan, A. (2020). Lightweight
Computer Science and Information Systems (ICACSIS). and Privacy-Preserving Template Generation for Palm-
IEEE. https://doi.org/10.1109/icacsis.2016.7872738 Vein-Based Human Recognition. In IEEE Transactions on
87. Abed, M. H., Alsaeedi, A. H., Alfoudi, A. D., Otebolaku, A. Information Forensics and Security (Vol. 15, pp. 184–
M., & Razooqi, Y. S. (2020). Palm Vein Identification 194). Institute of Electrical and Electronics Engineers
based on hybrid features selection model (Version 1). (IEEE). https://doi.org/10.1109/tifs.2019.2917156
arXiv. https://doi.org/10.48550/ARXIV.2007.16195 99. Nandakumar, K., & Jain, A. K. (2015). Biometric Template
88. Toygar, O., Babalola, F. O., & Bitirim, Y. (2020). FYO: A Protection: Bridging the performance gap between
Novel Multimodal Vein Database With Palmar, Dorsal theory and practice. In IEEE Signal Processing Magazine
and Wrist Biometrics. In IEEE Access (Vol. 8, pp. 82461– (Vol. 32, Issue 5, pp. 88–100). Institute of Electrical and
82470). Institute of Electrical and Electronics Engineers Electronics Engineers (IEEE).
(IEEE). https://doi.org/10.1109/access.2020.2991475 https://doi.org/10.1109/msp.2015.2427849
89. Zhang, L., Cheng, Z., Shen, Y., & Wang, D. (2018). 100. Bringer, J., Chabanne, H., & Patey, A. (2013). Privacy-
Palmprint and Palmvein Recognition Based on DCNN Preserving Biometric Identification Using Secure
and A New Large-Scale Contactless Palmvein Dataset. In Multiparty Computation: An Overview and Recent
Symmetry (Vol. 10, Issue 4, p. 78). MDPI AG. Trends. In IEEE Signal Processing Magazine (Vol. 30,
https://doi.org/10.3390/sym10040078 Issue 2, pp. 42–52). Institute of Electrical and Electronics
90. Cancian, P., Di Donato, G. W., Rana, V., & Santambrogio, Engineers (IEEE).
M. D. (2017). An embedded Gabor-based palm vein https://doi.org/10.1109/msp.2012.2230218
recognition system. In 2017 IEEE EMBS International 101. Lagendijk, R. L., & Barni, M. (2013). Encrypted signal
Conference on Biomedical & Health Informatics processing for privacy protection: Conveying the utility
(BHI). 2017 IEEE EMBS International Conference on of homomorphic encryption and multiparty
Biomedical & Health Informatics (BHI). IEEE. computation. In IEEE Signal Processing Magazine (Vol.
https://doi.org/10.1109/bhi.2017.7897291 30, Issue 1, pp. 82–105). Institute of Electrical and
91. Wirayuda, T. A. B. (2015). Palm vein recognition based- Electronics Engineers (IEEE).
on minutiae feature and feature matching. In 2015 https://doi.org/10.1109/msp.2012.2219653
International Conference on Electrical Engineering and 102. Zhou, Y., & Kumar, A. (2011). Human Identification
Informatics (ICEEI). 2015 International Conference on Using Palm-Vein Images. In IEEE Transactions on
Electrical Engineering and Informatics (ICEEI). IEEE. Information Forensics and Security (Vol. 6, Issue 4, pp.
https://doi.org/10.1109/iceei.2015.7352525 1259–1274). Institute of Electrical and Electronics
92. Handbook of Vascular Biometrics. (2020). In A. Uhl, C. Engineers (IEEE).
Busch, S. Marcel, & R. Veldhuis (Eds.), Advances in https://doi.org/10.1109/tifs.2011.2158423
Computer Vision and Pattern Recognition. Springer 103. Ramachandra, R., Raja, K. B., Venkatesh, S. K., &
International Publishing. https://doi.org/10.1007/978- Busch, C. (2019). Design and Development of Low-Cost
3-030-27731-4 Sensor to Capture Ventral and Dorsal Finger Vein for
93. Sayed, M. (2015). Palm Vein Authentication Based on the Biometric Authentication. In IEEE Sensors Journal (Vol.
Coset Decomposition Method. In Journal of Information 19, Issue 15, pp. 6102–6111). Institute of Electrical and
Security (Vol. 06, Issue 03, pp. 197–205). Scientific Electronics Engineers (IEEE).
Research Publishing, Inc. https://doi.org/10.1109/jsen.2019.2906691
https://doi.org/10.4236/jis.2015.63020 104. Wang, J.-G., Yau, W.-Y., Suwandy, A., & Sung, E.
94. Kang, W., & Wu, Q. (2014). Contactless Palm Vein (2008). Person recognition by fusing palmprint and
Recognition Using a Mutual Foreground-Based Local palm vein images based on “Laplacianpalm”
Binary Pattern. In IEEE Transactions on Information representation. In Pattern Recognition (Vol. 41, Issue 5,
Forensics and Security (Vol. 9, Issue 11, pp. 1974–1985). pp. 1514–1527). Elsevier BV.
Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1016/j.patcog.2007.10.021
https://doi.org/10.1109/tifs.2014.2361020 105. Wu, K.-S., Lee, J.-C., Lo, T.-M., Chang, K.-C., & Chang, C.-
95. Yan, X., Deng, F., & Kang, W. (2014). Palm Vein P. (2013). A secure palm vein recognition system. In
Recognition Based on Multi-algorithm and Score-Level Journal of Systems and Software (Vol. 86, Issue 11, pp.
Fusion. In 2014 Seventh International Symposium on 2870–2876). Elsevier BV.
Computational Intelligence and Design. 2014 7th https://doi.org/10.1016/j.jss.2013.06.065
International Symposium on Computational Intelligence 106. Han, W.-Y., & Lee, J.-C. (2012). Palm vein recognition
and Design (ISCID). IEEE. using adaptive Gabor filter. In Expert Systems with
https://doi.org/10.1109/iscid.2014.93 Applications (Vol. 39, Issue 18, pp. 13225–13234).
96. Wang, J., & Wang, G. (2017). Quality-Specific Hand Vein Elsevier BV.
Recognition System. In IEEE Transactions on https://doi.org/10.1016/j.eswa.2012.05.079
Information Forensics and Security (Vol. 12, Issue 11, pp. 107. Aberni, Y., Boubchir, L., & Daachi, B. (2020). Palm
2599–2610). Institute of Electrical and Electronics vein recognition based on competitive coding scheme
Engineers (IEEE). using multi-scale local binary pattern with ant colony
https://doi.org/10.1109/tifs.2017.2713340 optimization. In Pattern Recognition Letters (Vol. 136,
pp. 101–110). Elsevier BV. Electrical Engineering (Vol. 66, pp. 50–63). Elsevier BV.
https://doi.org/10.1016/j.patrec.2020.05.030 https://doi.org/10.1016/j.compeleceng.2017.12.045
108. Huseynov, E., & Seigneur, J.-M. (2017). Context- 121. Hassan, M. A., & Shukur, Z. (2021). A Secure Multi
Aware Multifactor Authentication Survey. In Computer Factor User Authentication Framework for Electronic
and Information Security Handbook (pp. 715–726). Payment System. In 2021 3rd International Cyber
Elsevier. https://doi.org/10.1016/b978-0-12-803843- Resilience Conference (CRC). 2021 3rd International
7.00050-8 Cyber Resilience Conference (CRC). IEEE.
109. Hanny, D., Pachano, M. A., Thompson, L. G., Banks, J. https://doi.org/10.1109/crc50527.2021.9392564
(2007). RFID Applied. United Kingdom: Wiley. 122. Khalid, H., Hashim, S. J., Ahmad, S. M. S., Hashim, F., &
110. The best Tech products and services 2022. Chaudhary, M. A. (2021). SELAMAT: A New Secure and
https://www.pcmag.com/picks/the-best-tech- Lightweight Multi-Factor Authentication Scheme for
products. [Accessed September, 2022] Cross-Platform Industrial IoT Systems. In Sensors (Vol.
111. Multifactor authentication https://duo.com/ 21, Issue 4, p. 1428). MDPI AG.
[Accessed September, 2022] https://doi.org/10.3390/s21041428
112. Zhang, J., Tan, X., Wang, X., Yan, A., & Qin, Z. (2018). 123. . P., Sinha, A., Shrivastava, G., & Kumar, P. (2019). A
T2FA: Transparent Two-Factor Authentication. In IEEE Pattern-Based Multi-Factor Authentication System. In
Access (Vol. 6, pp. 32677–32686). Institute of Electrical Scalable Computing: Practice and Experience (Vol. 20,
and Electronics Engineers (IEEE). Issue 1, pp. 101–112). Scalable Computing: Practice and
https://doi.org/10.1109/access.2018.2844548 Experience. https://doi.org/10.12694/scpe.v20i1.1460
113. AlQahtani, A. A. S., Alamleh, H., & Gourd, J. (2020). 124. Sajjad, M., Khan, S., Hussain, T., Muhammad, K.,
0EISUA: Zero Effort Indoor Secure User Authentication. Sangaiah, A. K., Castiglione, A., Esposito, C., & Baik, S. W.
In IEEE Access (Vol. 8, pp. 79069–79078). Institute of (2019). CNN-based anti-spoofing two-tier multi-factor
Electrical and Electronics Engineers (IEEE). authentication system. In Pattern Recognition Letters
https://doi.org/10.1109/access.2020.2990604 (Vol. 126, pp. 123–131). Elsevier BV.
114. Zhang, F., Kondoro, A., & Muftic, S. (2012). Location- https://doi.org/10.1016/j.patrec.2018.02.015
Based Authentication and Authorization Using Smart 125. Liu, W., Wang, X., & Peng, W. (2020). Secure Remote
Phones. In 2012 IEEE 11th International Conference on Multi-Factor Authentication Scheme Based on Chaotic
Trust, Security and Privacy in Computing and Map Zero-Knowledge Proof for Crowdsourcing Internet
Communications. 2012 IEEE 11th International of Things. In IEEE Access (Vol. 8, pp. 8754–8767).
Conference on Trust, Security and Privacy in Computing Institute of Electrical and Electronics Engineers (IEEE).
and Communications (TrustCom). IEEE. https://doi.org/10.1109/access.2019.2962912
https://doi.org/10.1109/trustcom.2012.198 126. Kim, J., & Park, N. (2019). Lightweight knowledge-
115. Shah, S. W., & Kanhere, S. S. (2017). Wi-Auth. In based authentication model for intelligent closed-circuit
Proceedings of the 14th EAI International Conference on television in mobile personal computing. In Personal and
Mobile and Ubiquitous Systems: Computing, Networking Ubiquitous Computing (Vol. 26, Issue 2, pp. 345–353).
and Services. MobiQuitous 2017: Computing, Springer Science and Business Media LLC.
Networking and Services. ACM. https://doi.org/10.1007/s00779-019-01299-w
https://doi.org/10.1145/3144457.3144468 127. Wu, L., Yang, J., Zhou, M., Chen, Y., & Wang, Q. (2020).
116. Erdem, E., & Sandikkaya, M. T. (2019). OTPaaS—One LVID: A Multimodal Biometrics Authentication System
Time Password as a Service. In IEEE Transactions on on Smartphones. In IEEE Transactions on Information
Information Forensics and Security (Vol. 14, Issue 3, pp. Forensics and Security (Vol. 15, pp. 1572–1585).
743–756). Institute of Electrical and Electronics Institute of Electrical and Electronics Engineers (IEEE).
Engineers (IEEE). https://doi.org/10.1109/tifs.2019.2944058
https://doi.org/10.1109/tifs.2018.2866025 128. Zhang, X., Cheng, D., Jia, P., Dai, Y., & Xu, X. (2020). An
117. Khan, S. H., Ali Akbar, M., Shahzad, F., Farooq, M., & Efficient Android-Based Multimodal Biometric
Khan, Z. (2015). Secure biometric template generation Authentication System With Face and Voice. In IEEE
for multi-factor authentication. In Pattern Recognition Access (Vol. 8, pp. 102757–102772). Institute of
(Vol. 48, Issue 2, pp. 458–472). Elsevier BV. Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1016/j.patcog.2014.08.024 https://doi.org/10.1109/access.2020.2999115
118. Wang, D., & Wang, P. (2016). Two Birds with One 129. Gupta, P., & Gupta, P. (2018). Multibiometric
Stone: Two-Factor Authentication with Security Beyond Authentication System Using Slap Fingerprints, Palm
Conventional Bound. In IEEE Transactions on Dorsal Vein, and Hand Geometry. In IEEE Transactions
Dependable and Secure Computing (pp. 1–1). Institute of on Industrial Electronics (Vol. 65, Issue 12, pp. 9777–
Electrical and Electronics Engineers (IEEE). 9784). Institute of Electrical and Electronics Engineers
https://doi.org/10.1109/tdsc.2016.2605087 (IEEE). https://doi.org/10.1109/tie.2018.2823686
119. Fatahpour, S. (2018). Token based privacy 130. Toygar, O., Babalola, F. O., & Bitirim, Y. (2020). FYO:
preserving and authentication technique for wireless A Novel Multimodal Vein Database With Palmar, Dorsal
mobile networks. In 2018 4th International Conference and Wrist Biometrics. In IEEE Access (Vol. 8, pp. 82461–
on Web Research (ICWR). 2018 4th International 82470). Institute of Electrical and Electronics Engineers
Conference on Web Research (ICWR). IEEE. (IEEE). https://doi.org/10.1109/access.2020.2991475
https://doi.org/10.1109/icwr.2018.8387253 131. Othman, A., & Ross, A. (2015). Fingerprint + Iris =
120. Limbasiya, T., Soni, M., & Mishra, S. K. (2018). IrisPrint. In I. A. Kakadiaris, A. Kumar, & W. J. Scheirer
Advanced formal authentication protocol using smart (Eds.), SPIE Proceedings. SPIE.
cards for network applicants. In Computers & https://doi.org/10.1117/12.2181075
24
132. Juyal, S., Sharma, S., & Shankar Shukla, A. (2021). (2018). MULTI-FACTOR ATTENDANCE
Security and privacy issues in unified IoT-based skin AUTHENTICATION SYSTEM. In International Journal of
monitoring system. In Materials Today: Proceedings Software Engineering and Computer Systems (Vol. 4,
(Vol. 46, pp. 10815–10820). Elsevier BV. Issue 2, pp. 62–79). Universiti Malaysia Pahang
https://doi.org/10.1016/j.matpr.2021.01.718 Publishing.
133. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., & https://doi.org/10.15282/ijsecs.4.2.2018.5.0049
Kumar, N. (2018). A robust and anonymous patient 142. Mohamed, B. K. P., & Raghu, C. V. (2012). Fingerprint
monitoring system using wireless medical sensor attendance system for classroom needs. In 2012 Annual
networks. In Future Generation Computer Systems (Vol. IEEE India Conference (INDICON). 2012 Annual IEEE
80, pp. 483–495). Elsevier BV. India Conference (INDICON). IEEE.
https://doi.org/10.1016/j.future.2016.05.032 https://doi.org/10.1109/indcon.2012.6420657
134. Liu, C.-H., & Chung, Y.-F. (2017). Secure user 143. Aziz, A., Sukarno, P., & Yasirandi, R. (2021). How Can
authentication scheme for wireless healthcare sensor National Identity Card Reduce Authentication Risks in
networks. In Computers & Electrical Engineering Enterprise Attendance Management System? In 2021
(Vol. 59, pp. 250–261). Elsevier BV. IEEE 7th International Conference on Smart
https://doi.org/10.1016/j.compeleceng.2016.01.002 Instrumentation, Measurement and Applications
135. Prabhusundhar, P., Kumar, V. K. N., & Srinivasan, B. (ICSIMA). 2021 IEEE 7th International Conference on
(2013). Border crossing security and privacy in Smart Instrumentation, Measurement and Applications
biometric passport using cryptographic authentication (ICSIMA). IEEE.
protocol. In 2013 International Conference on Computer https://doi.org/10.1109/icsima50015.2021.9526302
Communication and Informatics. 2013 International 144. Albalawi, A., Almrshed, A., Badhib, A., & Alshehri, S.
Conference on Computer Communication and (2019). A Survey on Authentication Techniques for the
Informatics (ICCCI). IEEE. Internet of Things. In 2019 International Conference on
https://doi.org/10.1109/iccci.2013.6466144 Computer and Information Sciences (ICCIS). 2019
136. Papaioannou, M., Mantas, G., Lymberopoulos, D., & International Conference on Computer and Information
Rodriguez, J. (2020). User Authentication and Sciences (ICCIS). IEEE.
Authorization for Next Generation Mobile Passenger ID https://doi.org/10.1109/iccisci.2019.8716401
Devices for Land and Sea Border Control. In 2020 12th 145. Atwady, Y., & Hammoudeh, M. (2017). A Survey on
International Symposium on Communication Systems, Authentication Techniques for the Internet of Things. In
Networks and Digital Signal Processing (CSNDSP). 2020 Proceedings of the International Conference on Future
12th International Symposium on Communication Networks and Distributed Systems. ICFNDS ’17:
Systems, Networks and Digital Signal Processing International Conference on Future Networks and
(CSNDSP). IEEE. Distributed Systems. ACM.
https://doi.org/10.1109/csndsp49049.2020.9249574 https://doi.org/10.1145/3102304.3102312
137. Wazid, M., Das, A. K., Hussain, R., Succi, G., & 146. Wazid, M., Das, A. K., Hussain, R., Succi, G., &
Rodrigues, J. J. P. C. (2019). Authentication in cloud- Rodrigues, J. J. P. C. (2019). Authentication in cloud-
driven IoT-based big data environment: Survey and driven IoT-based big data environment: Survey and
outlook. In Journal of Systems Architecture (Vol. 97, pp. outlook. In Journal of Systems Architecture (Vol. 97, pp.
185–196). Elsevier BV. 185–196). Elsevier BV.
https://doi.org/10.1016/j.sysarc.2018.12.005 https://doi.org/10.1016/j.sysarc.2018.12.005
138. Thing, V. L. L., & Wu, J. (2016). Autonomous Vehicle 147. Wang, C., Wang, Y., Chen, Y., Liu, H., & Liu, J. (2020).
Security: A Taxonomy of Attacks and Defences. In 2016 User authentication on mobile devices: Approaches,
IEEE International Conference on Internet of Things threats and trends. In Computer Networks (Vol. 170, p.
(iThings) and IEEE Green Computing and 107118). Elsevier BV.
Communications (GreenCom) and IEEE Cyber, Physical https://doi.org/10.1016/j.comnet.2020.107118
and Social Computing (CPSCom) and IEEE Smart Data 148. Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B.
(SmartData). 2016 IEEE International Conference on (2016). Continuous User Authentication on Mobile
Internet of Things (iThings) and IEEE Green Computing Devices: Recent progress and remaining challenges. In
and Communications (GreenCom) and IEEE Cyber, IEEE Signal Processing Magazine (Vol. 33, Issue 4, pp.
Physical and Social Computing (CPSCom) and IEEE 49–61). Institute of Electrical and Electronics Engineers
Smart Data (SmartData). IEEE. (IEEE). https://doi.org/10.1109/msp.2016.2555335
https://doi.org/10.1109/ithings-greencom-cpscom- 149. Fathy, M. E., Patel, V. M., & Chellappa, R. (2015). Face-
smartdata.2016.52 based Active Authentication on mobile devices. In 2015
139. Maeng, K., Kim, W., & Cho, Y. (2021). Consumers’ IEEE International Conference on Acoustics, Speech and
attitudes toward information security threats against Signal Processing (ICASSP). ICASSP 2015 - 2015 IEEE
connected and autonomous vehicles. In Telematics and International Conference on Acoustics, Speech and
Informatics (Vol. 63, p. 101646). Elsevier BV. Signal Processing (ICASSP). IEEE.
https://doi.org/10.1016/j.tele.2021.101646 https://doi.org/10.1109/icassp.2015.7178258
140. Pham, M., & Xiong, K. (2021). A survey on security 150. Alizadeh, M., Abolfazli, S., Zamani, M., Baharun, S., &
attacks and defense techniques for connected and Sakurai, K. (2016). Authentication in mobile cloud
autonomous vehicles. In Computers & Security computing: A survey. In Journal of Network and
(Vol. 109, p. 102269). Elsevier BV. Computer Applications (Vol. 61, pp. 59–80). Elsevier BV.
https://doi.org/10.1016/j.cose.2021.102269 https://doi.org/10.1016/j.jnca.2015.10.005
141. Hooi, Y. K., Shafee Kalid, K., & Tachmammedov, S. 151. Al-Assam, H., Hassan, W., & Zeadally, S. (2018).
Automated Biometric Authentication with Cloud
Computing. In Biometric-Based Physical and
Cybersecurity Systems (pp. 455–475). Springer
International Publishing. https://doi.org/10.1007/978-
3-319-98734-7_18
152. Chang, H., & Choi, E. (2011). User Authentication in
Cloud Computing. In Communications in Computer and
Information Science (pp. 338–342). Springer Berlin
Heidelberg. https://doi.org/10.1007/978-3-642-
20998-7_42
153. Ali, R., & Pal, A. K. (2018). Cryptanalysis and
Biometric-Based Enhancement of a Remote User
Authentication Scheme for E-Healthcare System. In
Arabian Journal for Science and Engineering (Vol. 43,
Issue 12, pp. 7837–7852). Springer Science and Business
Media LLC. https://doi.org/10.1007/s13369-018-3220-
4
154. Mason, J., Dave, R., Chatterjee, P., Graham-Allen, I.,
Esterline, A., & Roy, K. (2020). An Investigation of
Biometric Authentication in the Healthcare
Environment. In Array (Vol. 8, p. 100042). Elsevier BV.
https://doi.org/10.1016/j.array.2020.100042
155. Dhamija, D., & Dhamija, A. (2022). A Secure and
Reliable Architecture for User Authentication Through
OTP in Mobile Payment System. In Algorithms for
Intelligent Systems (pp. 95–109). Springer Singapore.
https://doi.org/10.1007/978-981-16-5747-4_9
156. Sturgess, J., Eberz, S., Sluganovic, I., & Martinovic, I.
(2022). WatchAuth: User Authentication and Intent
Recognition in Mobile Payments using a Smartwatch
(Version 2). arXiv.
https://doi.org/10.48550/ARXIV.2202.01736
26
13