Performance Analysis of Authentication system: A

Systematic Literature Review

Divya Singla
Deenbandhu Chhotu Ram University of Science and Technology
Neetu Verma (  neetuverma.cse@dcrustm.org )
Deenbandhu Chhotu Ram University of Science and Technology

Research Article

Keywords: Authentication, Knowledge-Based, Biometric-based, Possession-based, Multimodal

authentication, Performance

Posted Date: January 31st, 2023

DOI: https://doi.org/10.21203/rs.3.rs-2520547/v1

License:   This work is licensed under a Creative Commons Attribution 4.0 International License.
Read Full License

Additional Declarations: No competing interests reported.

 REVIEW ARTICLE

Performance Analysis of Authentication system: A

Systematic Literature Review
Divya Singla1 Neetu Verma1·

© The Author(s) 2022

Abstract
Data authentication is vital nowadays, as the development of the internet and its applications allow users to have all -time
data availability, attracting attention towards security and privacy and leading to authenticating legitimate users. We have
diversified means to gain access to our accounts, like passwords, biometrics, and smartcards, even by merging two or more
techniques or various factors of authentication. This paper presents a systematic literature review of papers published from
2010 to 2022 and gives an overview of all the authentication techniques available in the market. Our study provides a
comprehensive overview of all three authentication techniques with all the performance metrics (Accuracy, Equal Error Rate
(EER), False Acceptance Rate (FAR)), security, privacy, memory requirements, and usability (Acceptability by user)) that
will help one choose a perfect authentication technique for an application. In addition, the study also explores the
performance of multimodal and multi-factor authentication and the application areas of authentication.
Keywords Authentication, Knowledge-Based, Biometric-based, Possession-based, Multimodal authentication, Performance.

1 Introduction Because of this risk, some identification technology

Security of information is concerned with the specific
aspects of confidentiality, integrity, and availability. There
are various tools and techniques available today for
information security. This paper will focus on the
authentication concept, through which only the authorized
user can access the system and its resources. User
authentication processes allow devices to verify the user's
identity who wants to use any resource related to the
computer (Email, Mobile Phone, social media, net banking).
The identity must be checked before letting them connect to
resources they want to use, as shown in Fig 1. In the current
network society and the increase in the foundation of e-
business, people can easily access their required information
anytime and anywhere and face the risk that nonlegitimate
people can easily access the same information anytime and
anywhere.
 Divya Singla
Singla.divya05@gmail.com
Neetu Verma
neetuverma.cse@dcrus
tm.org
1
Deenbandhu Chhotu Ram University of Science and
Technology, Murthal
(authentication), which can distinguish between registered
legitimate users and imposters, is now generating interest.
Unerring user authentication is imperative to thwart illicit
access to personal computing devices (e.g., smartphones,
watches, and glasses) and online accounts (e.g., e-banking,
emails), and smart handheld devices[1,2]
Various authentication techniques can achieve the
authenticity of a user. Some of them are 1. Password-based
authentication 2. Multi-Factor Authentication 3. Certificate-
based authentication 4. Biometric Authentication 5. Token-
based Authentication. Authentication Mechanism is
generally categorized into three categories based on the
factor they use for authentication. 1. Knowledge-based
authentication (Depending upon something the legitimate
User knows) 2. Inherence-based authentication (Depending
on something integral to an individual) 3. Possession-based
authentication (depending on something a legitimate user
possesses) [3].
The main aim of this paper is to represent all the
authentication techniques with various performance analysis
factors to distinguish the best-suited authentication technique
according to the requirements.
Images can also be used for accessing a system. It was
narrated in a paper that the authentication based on images
rather than data is easy to remember. The content of an image
in its binary form is used in Content-based image
authentication scheme. Content modification deals with
adding or deleting things or objects from an image, moving
the object position from one place to another, or changing the
2
other features of the image, such as the edges, colors, pixels,
or texture [5]. The actual data represented by the image
content is preserved even though the binary representation
of data has been changed due to noise or lossy compression
in communication channels. Thus, the images can still be
used as an authenticating password [6]. Kasim [7] innovates
using lightweight cryptography and Walsh-Hadamard
transformation to ensure the security and privacy of data in
medical images.
The authentication process, as shown in Fig 1, verifies
individual identity. The credentials collected with an
incoming request are compared to the file stored in the
database. If they match, the person is authorized to access
the resources [4].
Fig 1 Authentication Process
The performance of any authentication system is
evaluated based on specific characteristics like Accuracy,
Execution time or Efficiency, Security, Privacy, Usability
(Acceptability), and Memory requirements defined below.
1. Accuracy: It is defined as the system’s success rate.
The accuracy of any authentication technique is
specified with metrics:
• False Acceptance Rate (FAR): The possibility of
identifying an imposter as an authentic user. The
low value of FAR is appreciable.
• False Rejection Rate (FRR): The possibility of
identifying an authenticated user as an impostor.
The High value of FRR is appreciable.
• Equal Error Rate (EER): The lower value of
EER indicates the higher accuracy of the system. It
is defined as the rate at which the proportion of
FAR equals FRR.
2. Execution time: The time taken by a system to perform
complete authentication is called efficiency or
execution time. It includes the time required for data
collection, feature extraction, data processing, and final
authentication decision.
3. Security: An authentication system is vulnerable to
spoofing, shoulder surfing, dictionary attack, brute
force attack, and Replay attack. The ability of the
system to resist these attacks is termed security.
4. Privacy: It goes along with information leakage,
termed privacy revelation. Therefore, if the database
containing the user's data is attacked, information stored
in it cannot be recovered through the database.
According to [8], the privacy of a biometric
is preserved if they are irreversible (difficult to
reconstruct from stored template) and unlinkable
(difficult to determine whether different biometric
templates belong to the same individual or not).
5. Usability: It is measured in terms of ease of use,
uniqueness, and consistency with time, universally
available, and based on the cost required for that
authentication technique. Based on the above factor, the
usability of an authentication technique can be defined.
6. Memory Required: The amount of space required to
store the template in a database. If the space requirement
is high, installing the machine in a system is challenging.
There exist several surveys on individual
authentication systems. Some will focus only on the iris,
fingerprint or face, and password-based authentication
schemes. But finding a research paper that compares all the
methods of authentication based on all the performance
parameters takes much work. To the best of our knowledge,
our study is the first to provide a comprehensive overview.
We are writing this paper to learn about all the
authentication techniques in a single place and their
evaluation parameters. We have explored the performance of
an authentication system with a given dataset. The study also
includes the impact of machine learning algorithms on the
evaluation parameters. Based on the surveys, figure out
several open research gaps and directions to overcome them.
The general organization of this paper is as follows:
Section 1 is an introduction to authentication techniques and
their evaluation parameters. Section 2 gives an overview of
the systematic literature survey. Section 3 discusses in detail
all authentication techniques. Section 4 explores merging
authentication techniques. Section 5 give insights into the
application areas of authentication techniques. Section 56
answers the research question, leading to the development of
this paper.
2 Systematic Literature Review:
A systematic literature review is a systematic review of
the literature conducted in the relevant discipline. It gives a
broad understanding, thus helping in finding the research
gap, and gives a direction to research.
2.1 Searching Process:
As authentication is an ancient technology thus, the
search for publications that involve authentication
techniques is spread across various journals. Therefore, a
search string has been created to look for the admissible
papers that fulfill the research goal. Thus the paper was
published between 2010 to 2022in these databases Science
Direct (https://www.sciencedirect.com/), IEEE Xplore
(https://ieeexplore.ieee.org/), Springer
Link(http://springer.com/), ACM
(https://www.acm.org/) were collected to conduct the
review.
Also, Google Scholar (https://scholar.google.com/)
helped us deepen the research for those potentially useful
publications not included in the sites mentioned above. Also,
if the research papers have restricted access, some alternate
ways are used to have paper.
 authentication authentication in
2.2 Search String: techniques various fields
Finding relevant papers from the database is a critical
stage in research. A search string is constructed with all 50
possible combinations to select relevant papers. The search
string and the number of papers found in each database are 40
defined in Table 1. 30
2.3 Criteria Selection:
The main objective was identifying and include the 20
studies that helped us answer the research questions. Only 10
some papers were relevant to the research questions in the
0
search output, so they were accessed according to their
knowledge Posession Factor Inherence
relevance, as shown in Table 1. Initially, we have 1168
Factor Factor
papers according to the search strings defined. Exclusion
and inclusion criteria were followed to search for the most ACM Springer IEEE Science Direct
relevant papers.
Exclusion Criteria Fig 2 No. of papers studied in an authentication technique
EC1: Papers where English was not the main language.
The graph in figure 3 shows that the inherence-based
EC2: Duplicated papers in all databases.
authentication technique was always the first choice of
EC3: Papers on Authentication where factors of
research. The graph shows the highest number of publications
authentication are not in context.
on inherence-based authentication techniques from 2010, but
EC4: Papers based on behavioral biometrics.
researchers are also generating interest in multimodal-based
EC5: Papers on authentication without empirical analysis
authentication techniques in the past few years.
of results.
Inclusion Criteria 15
IC1: Experimental study focused on authentication.
IC2: Pragmatic study based on at least two factors of 10
evaluation.
IC3: Empirical studies focusing on consensus mechanisms 5
and types of authentications used.
0
To answer the research question in Table 1, we have
2011

2022
2010

2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
reviewed approximately 204 papers from various journals,
including 57 papers on knowledge-based, 117 papers on
inherence-based, and 30 papers on Possession based of Inhernce Factor Token Factor
different journals, as shown in Fig 2 Mutimodal Knowledge Factor
Table 1 Research Questions.
S.No Question Motivation Fig 3 Year-wise paper distribution
RQ1 What are the various To know all the
factors that come objects that can 3 Authentication Techniques
under the basic three be used for
authentication authentication. 3.1 Knowledge Factor-Based
techniques? Authentication
RQ2 How to evaluate the To know the Knowledge factor-based authentication schemes are
performance of impact of factors generally based on the anamnesis of some text or pictures.
authentication on the So based on that, it is classified into two types: -
techniques. What performance of 1. Text-based
factors are the system. 2. Image-based
considered? 3.1.1 Authentication based on Text-based
RQ3 Can we merge various To know the (alphanumeric) Passwords
factors of impact of In this authentication technique, the user must
authentication in a merging two or answer some question(s), assuming that only the
single technique? more authenticated user knows the accurate answer. It is a
authentication traditional knowledge factor-based authentication scheme in
factors. which the user uses PINs (Personal Identification Numbers)
RQ4 What are the To know the and Passwords. To make passwords complex, users may
applications of usage of choose the name of their near ones, date of birth,
 4
Anniversaries, telephone number, hobbies, or a generally called a Brute Force attack. Although it is seen as
combination. the weakest, it is also the simplest to gain access to any
authentication system [11]. However, people using PINs as
a password for authentication needed to be doing it
Table 2 Systematic Literature Surve
Database Search String # Removing Selected Selected Selected by Final
duplication based on based on reading Full Considered
Title Abstract Paper
IEEE Xplore “All Metadata” 170
(Authentication) AND “All
Metadata:” (Knowledge
based)
356 240 203 93 93

“All Metadata” 289

(Authentication) AND “All
Metadata:” (Biometric
based)
“All Metadata” 47
(Authentication) AND “All
Metadata:” (Token based)
Science Term: authentication & 51
Direct Title, abstract, keywords:
Knowledge based
authentication technique
96 58 39 29 29

Term: authentication & 108

Title, abstract, keywords:
Biometric based
authentication technique
Term: authentication & 16
Title, abstract, keywords:
Token based
authentication technique
Springer ‘authentication” AND 147
Link “knowledge based”
178 118 82 44 44

‘authentication” AND 56
“biometric based”
‘authentication” AND 20
“Token based”
ACM [Title: 87
authentication] AND [Abstr
act: knowledge based]

98 54 42 38 38

[Title: 89
authentication] AND [Abstr
act: biometric based]
[Title: 88
authentication] AND [Abstr
act: token based]
Total 1168 728 470 366 204 204

of some of them as passwords, which can be attacked by
the attacker based on personal Information [9], [10]. It is
the most widely used authentication method. It is
associated with many vulnerabilities, as the attacker can
successfully access the targeted system by continuously
trying the different possible password combinations unless
he can access the system. This technique of attacking is
properly, as a survey by SKurkovsky. et al. illustrate that
once they set the password, 45% of users use the same PIN
for a lifetime and never change it. Additionally, only 13%
of users have changed their PIN more than once when
someone figures it out, and 42% have changed it only once
in a lifetime [12].
It has also been seen that the strength of the password
 chosen for the authentication process can also affect user
authentication. A study suggests that the strength of a
password depends upon three factors- the length of the
Password, cardinality, and entropy. Cardinality defines the
set of different characters used. For example, a cardinality
of 98 means the password has been created from a pool of
98 different characters, including uppercase alphabets (A-
Z), lowercase alphabets (a-z), and digits (0-9) and some
special characters ($, @, &). Entropy defines the strength
of a password in bits. A password of length 8 and 94
cardinality will have a 52.4-bit entropy value and be
cracked in 0.07 seconds by a supercomputer. In 20 minutes
by a PC & GPU, a password of length 12-character and 94
cardinalities will have a 78.7-bit entropy that will take 55
days to crack by a supercomputer and 3018 years to crack
by PC & GPU [13]. Users can use
Table 3: Text-Based Authentication
Ref Technique used Accuracy Efficiency
PasswordStrengthCalculator.org to check the strength of
their passwords and whether they are vulnerable to brute
force attacks [14]. We have studied some techniques to
Increase the strength of passwords described in table 3.
Thus, the password authentication system can be
used as an authentication mechanism. Still, we should
encourage using strong and less predictable passwords that
can also remember and maintain security, which seems
challenging. It is considered the weakest level of
authentication [15], as an intruder can gain access through
various techniques [16, 17]. Although techniques in
[18,19,20] described the origin of solid passwords in simple
ways, they apply only to computers with keyboards and only
to single machines and are not useful for logging in from
multiple systems.
Security Usabil Remarks
ity

[18] ALPHApwd password ---- Password Using Probabilistic High Simple and easy to
generation strategy- creation time- 10 Context-free grammar use, Low cost, Easy to
Password is based on Sec attacking algorithm- manage
Mnemonic shape Recall Time- 11 23.3 % Success rate
Sec with 108 guesses

[19] Optiwords: - Draw a 81.8% Password Using Probabilistic High Not applicable on
drawing on the Success Rate Creation-76.6 Sec Context-free grammar different devices such
keyboard and then Authentication attacking algorithm- as ATMs,
convert the drawing Time:36.9Sec 12.1% success rate smartphones, etc.
to text. with 1014 guesses You need to
remember the shape
as well as the starting
point.

3.1.2. Authentication based on graphical based
(images) password
The password-based authentication system that we
have discussed till now requires users to select stronger
passwords that can be easy to remember, but it is well
known that both these things about the passwords are
contradictory to each other, as a user cannot remember
strong password and the passwords which user can easily
recall are easy to guess [21,22,23].
The subsequent authentication system under knowledge
factor-based authentication is a visual pass authentication
system. The user has to select from images shown on his
GUI (Graphical User Interface) in a specific order. Greg
Blonder first give the idea of graphical passwords in the
year 1996. According to a study, the human brain is more
adept at recalling what they see (pictures) than
alphanumeric characters.
classified into two different categories:
Recognition-based graphical techniques: In this
technique, the user is presented with various images and is
authenticated by recognizing and selecting the images the
user has selected during the registration phase.
Recall-based graphical techniques: The user should
regenerate what he has generated during the registration
phase in the recall-based graphical technique.
The recall-based graphical technique is further
divided into two categories:
Pass Points
Cued Click Points
The difference between Pass points and cued click
points is in table 4.

Graphical based passwords techniques are further

 6
Table 4 Difference between Pass Point and Cued Click Pass Point
Differenc Technique No. of Connection Vulnerab Vulnerability User Security
e based images between le To overcome by Friendlines
Images s

Pass Point On a single Single No connection Shoulder Cued Click pass points Difficult to Susceptible to
image, all Image Surfing are developed to memorize Shoulder
objects overcome the Surfing attack
need to be disadvantage of pass
select points.

Cued Click The Multiple Based on the Shoulder To overcome attacks Easy to The persuasive
Pass point sequence images current click Surfing Persuasive, click memorize feature made it
of images next set of the points technique is images free from
based on image will be developed, which is because of shoulder surfing
click shown developed by adding the vulnerability.
the persuasive feature sequence
to CCP [25].

Thus, the goal was to motivate the use of more The entropy of this system on a password space of 226 *226 is
secure passwords for authentication by making less 83.14 bits, approximately equal to the 12-length long textual
confident choices that consume less time and are not password. In [27], Azad Et al. propose a system using
tedious, giving rise to graphical passwords. Also, Graphical multiple vibration codes and graphical patterns to
passwords are easy to remember as humans can recall authenticate. They have used a 2*2 grid, and each grid is an
pictures better than text passwords. Table 5 shows the area to acquire a vibration code (VC). The user can connect
performance analysis of the various image authentication the four cells while producing the vibration code,
techniques. constructing a pattern for authentication. The proposed
In [25] Chang. Et al. developed a graphical system is suitable for people with low vision or fatty fingers.
password-based keystroke dynamic authentication system, In [35], Nizamani. Et al. proposed a scheme with two
which captures the pressure feature from touch panels on different authentication methods to provide the trade-off
mobile devices. They used computation-efficient statistical between memorability, usability, and security. The easy login
classifiers to calculate the mean and standard deviation. The method is used in a secure environment where the user is
proposed system is highly usable as the graphical password sitting alone and can authenticate himself using traditional
may be revealed through shoulder suffering. However, the login methods. In contrast, the secure login method requires
pressure feature is still unknown and is suitable for low- a three-step procedure to authenticate. The proposed system
power handheld devices. In [26] sun. et al. propose using the is resilient to brute-force, dictionary, and shoulder-suffering
world map for graphical authentication, where the user attack.
selects two click-points as passwords on a large world map.
Table 5: Image-Based Authentication
Ref Technique Used Accuracy Efficiency Security Usability Memory Privacy
Requirement
[25] Graphical EER= 6.9% Classifier ---- High 7.29 X 10^8 ----
password and Building: 4ms
pressure feature Authentication
Phase=2ms
[26] PassMap (Google 81.13% Accurate 55.64Seconds Secure --- 2^26 x 2^26 x -----
Maps) (Average of 6 against 0.2905 Pixels
attempts) brute-
force
attack
[27] Vibration and 83% in two tries ------ Secure ------ ---- -----
Pattern Code

[28] Persuasive Cued 93% Success rate 68 Seconds --- --- --- ---
Click Points

[35] Alphanumeric and ----- 40.16 Seconds Yes Yes` --- ---
images
 The drawback of Image-based recognition
techniques:
Image-based passwords are not vulnerable to brute force
and dictionary attacks but are still vulnerable to shoulder
surfing attacks (SSAs) [24]. To obtain the image password,
the attacker may directly observe the selection pattern of the
image or use a screen recorder that captures the selected
series of images and can access the PINs and other sensitive
password. They have successfully implemented the
PassMatrix on Android, thus achieving resistance to
shoulder suffering and the system also proves its usability.
The knowledge-based authentication technique is a popular
technique used by the largest population of world users, but
it suffers from several vulnerabilities. In May 2016, Google
Table 6: Difference Between Text-Based and Image-Based Authentication
Difference Technique Password Remembrance
Input
Textual In this, we use Alphanumer
Password alphanumeric passwords ic characters
as authentication.
Graphical This authentication works Images
Password by selecting a sequence of
images in a specific order.
3.2 Authentication Based on Inherence
Factor:
Using biometrics makes it possible to establish an
identity based on who they are rather than what someone
possesses, such as an ID card, or what someone remembers,
such as a password [37]. With Biometric scanners on
smartphones, laptops, and other devices, traditional
authentication (e.g., Password and PINs are increasingly
being replaced by biometric technology- Because of their
obvious drawback of being forgotten, lost, or stolen by
someone. The inherent-based authentication system works
on the things inherent to the authenticator. It asks the user
to prove their identity by presenting the unique features of
their inherent factor. A biometric system contains two
stages [38]: Enrollment and Verification. In this inherent
factor-based authentication, the user has to enroll with
multiple samples of their unique feature, either a Physical
Feature (Fingerprint, iris, Face) or a Behavioral Feature
(Tapping Speed, Arm movement). Once these samples are
collected, the feature extraction algorithm extracts and
stores some features in a database to make authentication
possible. During the verification phase of authentication,
the user provides a sample of the same inherence trait (e.g.,
Fingerprint, retina, palm vein), from which some features
are extracted (Like in the enrollment phase) by using the
information [29,30,31].
However, a novel authentication system PassMatrix has
been proposed [32] to resist graphical passwords from
shoulder suffering attacks to overcome this problem. They
use a one-time valid login indicator and circulative
horizontal and vertical bars that cover the entire scope of
pass images. Thus, even after several camera-based attacks,
the PassMatrix offers no hint for attackers to figure out the
announced password-free login to android apps and used
smart locks to authenticate apps [36].
The difference between Knowledge factors based (Text
Passwords and graphical password authentication
techniques [33,34] is shown in Table 6.
Processing Security Authentic
Speed ation
Weak passwords Fast Less Secure as Low
are easy to recall can be easily
than solid guessed
passwords.
Easy to recall as we Minimum Difficult to Secured
are good at consumption guess multiple
recalling images due to images by an
digitization. attacker
same algorithm (as in the enrollment) and compared with
the features stored in the database during the enrollment
phase.
The entrenched physical biometrics include Fingerprint,
face recognition, Retina Recognition, and Palm Vein
Recognition.
3.2.1 Authentication based on Fingerprint
In the Fingerprint-based authentication system, a
hierarchy of three levels of features, namely Level 1
(Pattern), Level 2 (Minutiae Points), and Level 3 (Pores
and ridge Shape), is used during verification and
identification [39]. The fingerprint Matching techniques are
generally classified into Correlation-based, minutiae-based,
and non-minutiae based. We have studied various research
papers [2010-21] based on the above-mentioned approaches,
and their accuracy is mentioned in Table 7.
In [40], Xiang.et.al propose a tensor matching
strategy based on the minutia tensor matrix (MTM),
whose diagonal elements correspond to similarity and
nondiagonal elements indicate pairwise compatibilities
of the minutia pairs. For local and global matching, local
and global MTM was constructed where local MTM
Considers the local rigidity and global MTM considers the
entire minutia sets. The benefits of constructing both
local and global MTM results in promising effectiveness
as full fingerprint characteristics are considered. The
 8
techniques focus only on the minutiae, all other features a extracted and hashed algorithm is applied to abstract
like ridges and phase direction, are completely ignored. In the information of minutiae points. Then minimum
[41] Rodrigues.et. al proposes a computationally fewer distance graph (MDG) is constructed using core points
complex minutiae extraction method that explores the and minutiae points. The feature set obtained after
ridge end and bifurcation in the image and its dual. The hashing is non-invertible, distinct and robust to
proposed method takes approximately 83ms per translation, and cropping. The proposed system’s entropy
fingerprint for minutiae extraction. The proposed feature is very high, making it secure against brute force attacks.
extraction method is immune to false minutiae detection, The system has a high time complexity of O(L)2, L is the
reducing the cost of pre-processing. In [42] Das.et.al no. of minutiae features extracted after preprocessing.
proposed a hashing algorithm on based minimum
distance matching. The Minutiae features and core points
Table 7: Fingerprint-Based Authentication
Ref Approach Method Used Accuracy Security Execution Usability Privacy Memory
Based time Requirement
[40] Minutiae Based Minutia Tensor EER- Not Define 1.02 ms --- --- ---
FVC 2002, FVC Matrix (MTM). 2.47% (2.80 GHz
2004 Spectral Processor)
Matching
[41] Minutiae Based Planar Graph EER- ----- 0.19066 --- ---- 127.44
FVC 2002 Delaunay 1.005% Sec bits/structure
triangulation,
characteristic
Vector Model
[42] Minutiae Based Alignment free EER- Hash size of 6.7 ---- Yes ----
FVC2002 hashing 2.27% 133 bit, Seconds
algorithm, thus
Minimum fingerprints
Distance Graph, intractable.
Correspondence
Search Algorithm
[43] Minutiae Based Minutia Cylinder- EER- Not Define 3530.3 (ms ---- ---- -----
NIST DB4,14 Code algorithm 0.62% in GPU)
(MCC)

[44] Non-Minutiae Poincare Index Accuracy- Not Define 08 Minutes --- --- ---
feature Based method, 81.9%
NIST SD27 neighboring
minutiae-based
descriptor

[45] Minutiae Based Ridge-based EER-1.8% Not Define 83 ms --- --- ---
FVC2002, FVC Coordinate
2004 system, graph
matching,
Breadth First
Search,
[46] Minutiae Based Classifier: SVM Accuracy- --------- ---------- ------ ----- ------
Privacy- 99.39%
Preserving:
CHAUM-
PEDERSEN
PROTOCOL
[47] Minutiae Based Minutiae based EER- 0% Yes 0.074 Sec ------ Yes -----
FVC2002, feature
FVC2004 extraction
 *A low EER Value indicates a high accuracy of
the system.
Fingerprints are most commonly used for
authentication and have various application
domains ranging from forensics to mobile phones.
Today we commonly have a fingerprint scanner on
our mobile phones, Even Mobile companies like
Apple, which is one of the highest sellers of mobile
phones used fingerprints as authentication since
2013 when they introduced the iPhone 5s [50],
which is also susceptible to vulnerable to spoofing
according to authors of [48,49]. We do not have to
use fingerprint authentication systems because they
are vulnerable to spoofing or can be readily
available on any surface. There are many factors
involved while selecting an authentication system,
i.e., security to which extent required, the cost can
invest, the speed wanted from the system, and the
accuracy, i.e., EER of the system.
Based on the above factor, we can select the
type of authentication like we can use a Fingerprint
for less secure information as it is an affordable
device [51,52] having optimum performance and
EER. Nevertheless, all the papers discussed above
do not concern privacy except [42,47], which
proposes an alignment-free hashing algorithm that
generates a graph based on the inner minutia
minimum distance and produces a secure
fingerprint hash of 133 bits. Privacy can be violated
when the biometric information stored in the
database can be stolen or tampered with by
someone.
3.2.2 Authentication based on Retina Scan
Iris is one of the essential parts of the human eye as
it controls the size of the pupil that directs the
amount of light entering the pupil. It is situated
behind the cornea and in front of the lens. The iris
acknowledgment was first proposed in 1987 by folm
and safir. [53], [54], iris recognition technology
offers the highest accuracy of other biometric
recognition systems. It is because the feature of the
iris is extraordinarily stable and has not changed for
many years, except for identical twins or even
among the left and right eyes of a similar individual
[53]. Iris’s characteristics are unique for every
individual. The iris is fully formed when the human
is ten months old and remains the same for their
lifetime [58]. We have studied various research
papers based on iris recognition, which proves that
as the size of the pupil varies based on the amount
of light entering the eyes, thus generally, all iris
recognition operates usually on near-infrared
illumination. It has been done since Daugman,
which reported very high recognition rates in a
constrained environment when the images are taken
through a near-infrared camera in a controlled
environment [61]. When the image acquisition
condition is not constrained, many acquired images
suffer from blur by motion or defocused specular
reflections or the shadow of eyelids and
segmentation errors. Iris recognition using visible
light illumination has attraction and is also used in
mobile devices for authentication [62]. The feature
extraction algorithm to extract iris features from
visible light must be tailored to the number of
features to improve accuracy [57]. We have
reviewed various papers to analyze the performance
of retina scan systems, and the various metrics are
shown in Table 8.
However, the study shows that the accuracy
of visible light illumination images differs from that
of near-infrared images. In the table shown above,
we have studied papers that took eye images from
various datasets like CASIA, VISOB, and UBIRIS.
However, no research proves visible-light iris
recognition can achieve accuracy close to that of
near-infrared iris recognition in similar conditions of
use. The visible-light iris recognition may find use
in lower-security applications, enabled by the
ubiquitous use of mobile devices. However, many
users have reported eye discomfort while using them
[64], which might lead to more severe eye-health
issues, showing the iris recognition system's
usability.
The Hackers in [63] have exhibited that it is
possible to capture the victim's image furtively from
a distance of 5m and use it to dodge the iris scan.
Since the iris-scan works through infrared
illumination on eyes from a short distance (_ 30cm).
Venugopalan in [65] & Rathgeb in [66]
create the iris texture starting from just the iris bit
code stored as a template in memory and create a
spoof iris by embedding it with any other iris texture
which gives the same recognition rate as a natural-
looking iris, thus violating the security as well as the
privacy of iris authentication system.
Kausar [68] proposes a cancelable iris-based
authentication system that stores the healthcare data
encrypted with AES in a smart card. The symmetric
key of size 252 bits is used for encryption and
decryption, which is also encoded using Reed-
Solomon encoding scheme.
10

Table 8: Performance Analysis of Retina Scan System

Ref Database Method Used Execution Accuracy/P Distance Security Privacy Memory
(Segmentation Time erformance Requirement
)
[55] VISOB K–Means 0.46 Sec RPLD - 34.3 ------ -------- ---- -----
Clustering RLD - 91.52
Daugman’s
algorithm to
find iris radius
[56] CASIA.V4 Walker’s 1.53 Sec Accuracy- >3 meter ---- ---- -----
UBIRIS.v2 algorithm 0.7 Sec 86.5% 4-9 meter
FRGC Segmentation 1.53 Sec NA

[57] CASIA.V4 Localized 368.2 sec ----- >3 meter ----- ----- -----
UBIRIS.v2 texture 136.3 Sec 4-9 meter
FRGC description 51.1 Sec NA
based on ZMs

[59] WVU-IBIDC Direct Least ----- FAR- 0.02% 4 Inches ---- --- ----
Square Ellipse
and Geometric
Calibration
[60] UBIRIS.v2 IWT 1.03 Sec Accuracy- 4-9 meter --- --- ----
98.9%

[67] CASIA Evolutionary --- 98.12% --- --- --- ---

UBIRIS.v2 fuzzy 82.25%
Clustering
[68] CASIA.V3 Hough ---- FRR=7% --- Yes Yes 889bits Per
Transform Code

RPLD-Rate of limbic and pupil boundary detection

RLD – The rate of outer iris boundary (limbic boundary) correct detection
3.2.3 Authentication based on Face Scan
It is a biometric technology based on the
facial features of a person. The authentication
system matches the facial features of an already
enrolled person with the features of the person who
wants to get access. Once a perfect match is found,
that person can access the system. However, it is
challenging to identify human faces due to varying
light effects and aging factors, varying facial
expressions or poses of the face of human being
[69]. The face of a human being is a
multidimensional figure and therefore has a "curse
of dimensionality," that is, processing a face
requires a lot of memory and time [70]. The face
recognition system is used in various applications,
from personal devices like the Samsung S8 and
iPhone 11 to access control. Even banking sectors
are also using it for authentication. A review of
various face recognition systems has been studied
using various methods, and the result is shown in
Table 9.
As the Face recognition system is used in
various critical applications, it must have low error
rates, strong recognition power, and be secure enough
against attacks so that it is resistant to presentation
attacks or template invariability. We studied research
papers based on the vulnerability of face recognition
systems. Guangcan et al. [76] proposed a de-
Convolution Neural network (D-CNN) to construct
the face images from their deep templates and
achieved an accuracy rate of 95.02% at FAR 0.1%.
When images are trained using the VGG dataset shows
the vulnerability of face recognition against template
invertibility. Wen.et.al in [77] have developed an
ensemble classifier consisting of multiple SVM
Classifiers to train the system from photo spoof and
video replay attacks. Kose et al. [78] prove that mask
attacks can also spoof face recognition systems. It also
shows that the 3D face shape analysis systems are the
most vulnerable to spoofing through mask attacks
compared to 2D Face shapes. Peng Li. Et. Al in [82]
works on the security and privacy of face recognition
systems by making the system secure against man-in-
 middle attacks and temper attacks. J. Galbally et al. in
[79] show that the Bayesian hill-climbing attack is
effective and faster than the brute force attack for all
operating points. The number of broken accounts
remains unaltered (100% for all cases). The face
authentication system is also affected by facial
expressions, hair growth (beard), lightening, and
wearing glasses. Scherhag.et.al in [80] shows the
vulnerability of face recognition system to morphed
images (a mix of features of two or more objects).

Table 9: Performance analysis of face scan authentication technique

Ref Database Algorithm Used Accuracy Security Privacy Memory Execution
Requiremen Time
t
[71] LFW attribute Classifier 94.27% ----- ----- ----- -----
[72] LFW LBP + coupled- 69.45% ----- ----- ----- 9.68
discriminant face Seconds
descriptor
[73] FERET Gabor volume based 82.55% ----- ----- ----- -----
Local Binary pattern
[74] LFW LBP PLDA 90.01% ----- ----- ----- -----
[75] ORL Principal Component 97% ----- ----- ----- -----
Analysis+ SVM
[76] LFW D-CNN 95% ----- ----- ----- 84.1 ms

[78] Mask attack LBP-Depth 88.94% Vulnerable ----- ---- ------

database to spoofing
with a mask
[79] XM2VTS GMM & PCA based 100% Vulnerable ----- ---- ------
approach with Hill
climbing algorithm
[80] Digital Verniface SDK 100% Vulnerable ----- ---- ------
HP 99.7%
RICOH 99.3%
[81] AT&T ExIntTy2KBSRM Error rate- ------- ----- ---- 2.99
(extended interval 1.25% Seconds
type-II and kernel-
based sparse
representation
method)
[82] LFW Privacy Eigen Face 84% Yes Yes ---- ----
Algorithm (PEEP)

3.2.4 Authentication based on Palm Vein

Palm vein recognition has significantly
hiked in the security and privacy policy, as it uses the
pattern of blood vessels under the human skin for
recognition which is generally not visible through the
naked eye and captured using near-infrared light
(NIR). Capturing the vein pattern inside a person's
palm needs blood flow that adds liveness and makes
our detection or reading data more reliable and private.
In other words, it gave the option of uniqueness to the
human body. Users can find acceptability and
convenience through their palm recognition that
nobody else has. Fujitsu 2005 constructed a palm vein
authentication system with FAR = 0.0008% [83],
leading the market through its product [92]. The
feature extraction procedure can be categorized into
two different approaches based on the nature of the
feature extracted, i.e., the geometric-based method and
the holistic-based method. The holistic-based method
is further divided into three distinctive categories:
texture-based approach, local invariant-based
approach, and sub-space-based approach. Table 10
shows the accuracy and security of various palm vein
recognition systems.
The acquisition of palm vein images is a
nonintrusive or contactless task, as people have to put
their palms certain centimeters above the sensor.
There is no contamination from the sensor to the
person's hand. This system is hygienic and can be
highly used in the current scenario of COVID-19.
Moreover, external conditions of the hand, like
12

sweating and dirt, do not affect the vein structure as it system.

is inside the skin. To protect the privacy of templates, We have not seen any paper proving the vulnerability
biometric cryptosystems use Advanced Encryption of the palm vein authentication system. Thus, this area
Standard (AES) and RSA encryption techniques [99], needs to be explored. However, it isn’t easy to spoof.
and secure multiparty computation such as the palm vein system because of its complexity, and
homomorphism cryptosystems [100], [101]. The the deoxidized blood needs to be present during image
encrypted templates are secure, and information stored acquisition.
in templates cannot be easily used, thus confirming the
privacy and security of the palm vein authentication
Table 10: Performance Analysis of Palm Vein Scan authentication technique
Ref Database The Feature Accuracy Privacy Security Memory Execution
feature Extraction Requirement time
extraction Method
approach
used
[84] PolyU (2000 Texture LDA 95.5 % ----- ----- ------ 0.284 seconds
Images) based
approach
[85] Self Design Texture 2-D Gabor Filter 99% ----- ------ 2520 bits/per 0.6 Sec
(4,140 based Error rate-0.4% palm
images) approach
[86] CASIA V1.0 sub space- DCT and k-PCA 99% --- ---- ---- Comparatively
based low execution
approach time
[87] PUT Vein sub space DWT and PCA 98.65% -------- ------ ------ minimal
Database based with particle computation
(1200 approach swarm time
images) optimization
(PSO)
[88] FYO (1940 Texture Gabor Filter 97.50% ----- yes ----- 189.9 Seconds
Images) based
(Multimodal approach
database)
[89] Self-Built ------ CNN EER= 2.30% ----- ---- 3 *3*1792 ------
(12000 o/p image
Images) dimension
[90] Self-Built (63 Texture Gabor Filter ERR=1.44% ----- ----- ----- 15.30 Sec
Images) based Accuracy=99.59&
approach
[91] CASIA V1.0 Geometry Minutiae based Accuracy = 91% ----- ----- ------ -----
(600 images) based extraction
method Technique
[94] CASIA V1.0 Texture Mutual EER= 0.26% ----- ------ ----- ------
(600 images) based foreground LBP
method (MF-LBP) & K-
means method
for texture
extraction
[95] CASIA V1.0 local SIFT & ORB EER= 0.36% ----- ------ ----- ------
(600 images) invariant
based
approach
[96] PolyU Texture Discriminative EER=0.079% ----- ------ ----- ------
based LBP(DLBP)
approach
[97] CASIA local LBP EER=0.98% ----- ---- ----- 2.48 Seconds
invariant- +Bidirectional
based Matching
approach
 [98] PolyU Texture Wave Atom 98.78% Yes Yes ------ 0.43 Sec
based Transform
approach (WAT)
[102] CASIA V1.0 Geometry Neighborhood 99% ----- ---- 384 bytes -----
(600 images) based matching radon
method transform
(NMRT)
[105] Own Geometry Gaussian based 99% ----- Yes ---- 16.08ms
database based directional EER 0.51%
(5120 method filter bank
images)
[106] Own Texture Adaptive Gabor 99% ----- ---- ----- 1.08 Sec
database based Filter
(4140 approach
images)
[107] PolyU [6000 Texture Multi scale- 99% ----- ---- ----- 0.342 Sec
images] based Local Binary
approach pattern

However, if we consider the equipment cost, it is vein pattens are invisible through naked eyes thus
slightly high in palm vein authentication systems. possess security but privacy protection still a need to
They have not been seen in ordinary mobile devices protect the database.
for authentication. However, they have deployed in
many areas in Japan [93]. The costliest part of the The summary of various authentication techniques
image acquisition device is the camera of high- based on the performance parameters is shown in
resolution NIR CCD, and most of the NIR devices are Table 11. The definition of quality level is defined in
not cheap [104]. However, Ramachandra in [103] Table 12.
designs a low-cost camera for vein acquisition. Palm
Table 11: Summary of biometric authentication system
Techniques Security Accuracy Privacy Execution Time Usability
Fingerprint Based Low Moderate Low Moderate High

Iris Low Low Low Moderate Moderate

Face Recognition Low Moderate Low High High

Palm Vein Pattern Moderate High Moderate Low Moderate

Table 12: Quality level Definition

Performance Parameters
Levels Security Accuracy Privacy Execution Time Usability
High A soundproof FAR, EER is less than A soundproof privacy The cost of The biometric
security solution 2%. or Accuracy is solution has been implementation is less feature is highly
has been proposed. above 98% proposed. than 1 second and can used for
be implemented for authentication in the
real-time real world.
authentication.
Moderate The biometric FAR, EER is between The feature can be The cost of The biometric
feature is secure 2%- 7%. or Accuracy stored in a database in implementation is feature is less widely
and can’t be is above 90% an irreversible format. between 1-3 seconds. used for
spoofed. authentications in
real-world
applications.
Low The biometric FAR is higher than The data from the The computational There is no practical
feature is not 7%. database is reversible. cost is higher than 3 application based on
secure and can be seconds and thus can’t it.
spoofed. be implemented for
real-time applications.
14

software and the second factor is the password, not

3.3 Authentication based on
Possession Factor
It is a category of user authentication based
on the items that the users have with them, like smart
cards, Credit cards. The possession factor of user
authentication generally requires two-factor
authentications that can be easily seen as a
combination of an ATM CARD (something you
possess) and PASSWORD (something you know) to
access your bank account for any operation. In two
factors based on authentication, one factor is
something they possess that can be hardware or
Table13: Performance Analysis of Possession based authentication
Ref Possession Factor Accuracy
biometrics. Although biometrics is very secure and
used in many organizations but not much used in
online transactions and ATMs because of the
hardware cost & maintenance, and storage capacity
required [108]. RFID Cards can also be used as
authentication [109].
There are generally two types of tokens:
1. Hardware (A small chip and easy to carry)
2. Software (Programs for one-time passwords)
Some of the two factor-based applications are Duo
Mobile [111], Google authenticator, and Microsoft
authenticator [110]. The performance analysis of
possession-based authentication is in Table 13.
Privacy Security Memory Execution
Requirement time

[112] Mobile Phones 95% in noisy ------ Yes ----- 2 seconds

outdoors with
distance 1-2m
[113] 0EISUA Application 93.5% ---- Yes ----- 5.98 Seconds

[114] Location ------ ----- ----- ------ -----

[115] WIFI Based Accuracy = 94% ----- ----- ------ -----

[116] Mobile Phone (OTP) ------ ---- Yes ---- ----

[117] Handwritten EER= 7.28% ---- Yes ---- -----

Signatures

[118] Smart Card ------ ----- ------ 3616 bits 540ms

The Possession based authentication techniques are techniques based on the performance metrics is shown
generally used in online services as they are more in Fig 4.
prone to hacking than personal devices (like mobile
phones). Therefore, they need to be more secure as 5
breaching the security may result in a heavy amount of
4
data or money loss and thus need to be secured through
3 knowledge
multiple factors. T. limbusiya et al. propose an
2 factor
authentication system using smart cards that can
withstand smartcard losing and password-guessing 1 Inherence
attacks [120]. Location-based possession 0 Factor
authentication systems are not secure as the location of
Possession
a mobile user can be easily tracked [119]. Any of the
Factor
research papers studied not show any information
about the privacy of token-based authentication
systems.
The comparisons of Knowledge based, Fig 4 Comparison of various authentication Techniques
Inherence Based and Possession based authentication
4 Merging of Authentication Techniques
A system using more than one factor for
authentication is called multifactor authentication
system (MFA). In multifactor authentication one can
combine any two or more authentication techniques
in one to allow authentication. A review of MFA is
given below in a table 14.
Sinha.et.al in [123] proposes pattern based
multifactor authentication techniques by combining
text and pass grid of images for identifying the
legitimate user and proves the system is secure against
Table 14: Multi-Factor authentication Techniques
Ref Factors Used Accuracy Execution
time
brute force and other dictionary attacks. Sajjad.et.al in
[124] Proposes an anti-spoofing system on the
combination of fingerprints, palm veins, and face
datasets. The proposed system proves 100% anti-
spoofing security to authentication, although it
increases the computational cost. Kim.et.al in [126]
creates a smart CCTV surveillance environment for
smart cities implementation using Face expressions
and RFID.
Security Privacy Memory Usability
Required

[121] Password + ----- ------ Yes ----- ---- ----

Fingerprint +
OTP
[122] Password + ----- 17.524ms Yes ------ 1336 bits ----
Smartcard +
Fingerprint
[123] Text + images ----- ----- Yes ----- 178 bits ----

[124] Fingerprint+ ----- 14.78 Sec Yes ----- ---- ----

Palm Vein+
Face
[125] Id+ Password+ ----- 10ms Yes ---- ---- ----
Biometric

[126] CCTV (Facial ----- ------ ------ ----- ---- -----

Recognition) +
RFID

Merging various Factors of authentication of a single authentication. However, the authentication accuracy
authentication is as called multimodal authentication. decreases to 89.29% in streets which is not enough for
A review of multimodal authentication is represented real time applications.Toygar.et.al in [130] propose a
in table 15. system based on hand crafted feature extractors along
Wu [127] proposes a multimodal authentication with CNN on multimodal features. The system
system by merging lip movement and voice (Inherence achieves an accuracy of 100% with increase I the
Factor) into a single authentication system and proves computational complexity than unimodal
an accuracy of 95% and also publishes a new data set authentication system. The paper discussed in table
of 104 participants of the same. The system estimates below does not talk about the security and privacy of
the lip movement or shape while speaking the various the system they proposed.
words and consider it as a one of the parameters for
Table 15: Multi Modal authentication Techniques
Ref Factors Used Accuracy Execution Security Privacy Memory Usability
Time Required

[127] Lip Movement + 95% 1.235 ----- ---- ----- -----

Voice Seconds
[128] Face + Voice 90.28% 0.341 ------ ----- ----- -----
Seconds
16

[129] Slap Fingerprints + 100% ----- ----- ----- ---- ----

Palm dorsal vein + IR
Hand Geometry

[130] Palmar + dorsal + 100% Training ----- Yes ---- ----

wrist Veins Time=
12670.98
Seconds
Testing Time
= 19.67
Seconds

[131] Fingerprint + iris 93% ------ ------ ---- ---- ----

privacy and security of the highly sensitive

5 Applications
Authentication techniques are used in every
sector today, including the Aadhar Cards issued by
the government for verification of an individual,
forensics, border security, healthcare, and education.
The percentage of usage in various fields is shown in
Fig 5.
Applying any authentication technique ultimately
depends on the performance offered by that
technique. In wireless sensor networks-based
healthcare systems like remote health monitoring,
electronic medical record, and telecare medicine,
security and privacy are strictly needed
[132,133,134]. Prabhusundar. et al. propose using
biometric passports or e-passports to enhance the
information on passports and decrease the checking
time at checkpoints. The passports contain encrypted
information in RFID chips that the electronic
machine can read at the checkpoint [135,136]. IoT
offers a handful of applications like smart farming
system, smart homes, and smart traffic monitoring
system, which requires efficient communication
among the sensor devices that serve as a data
warehouse. Secure communication is required in the
cloud-based IoT environment where a legalized user
and sensor can communicate securely [137]. The
authentication is needed in various fields to protect
the user information from leakage. This gives rise to
know the performance of each authentication
technique available.

Table16: Application of authentication

Application Percentage Ref Application Field

[138,139 ,140] Connected and autonomous

4%2% Vehicle (CAVs)
6% Government [141,142, 143] Attendance Management System
23%
Technical
13% [144,145 ,146] Internet of things
Financial
Workplace [147,148 ,149] In mobile Devices

Recreation
[150,151 ,152] To secure data on the cloud
25% Healthcare
27%
Education [153,154] In Healthcare

[155,156] In Payment Gateways

Fig 5 Application of biometric

6 Results
This section presents the analysis done based on research
questions in the authentication.
8.1 Answering Research questions
This section will answer the research questions
mentioned in Table 1.
RQ1: What are the various factors that come under
the basic three authentication techniques?
The answer to RQ1 has been described in detail in the
above portion of this paper. Moreover, after studying all
three authentication techniques, we learned about the
factors of each. The result is described in the figure 6.
Fig 6 Authentication technique methods
The figure describes the various methods that came under
a single authentication technique. Also, Figure 2 shows
the number of research papers studied on each
authentication technique.
It can also be seen from figure 3 about the year wise
distribution of papers based on each authentication
technique from 2010 to 2022. It is clear from the graph
that inherence factor (biometric-based) authentication is
always the first choice of the researchers. In the last few
years, i.e., 2018, multimodal authentication has been
gaining interest, in which the combination of two or more
biometric traits is used as an authentication factor.
RQ2: How to evaluate the performance of
authentication techniques. What factors are
considered?
The various factors that describe the
performance of the authentication technique is mentioned
in the Introduction section. The factors are:
1. Accuracy
2. Execution time
3. Security
4. Privacy
5. Usability
6. Memory requirement
The performance of all three authentication techniques is
shown in Figure 4. A scale from 0 to 4 has been used to
indicate the performance metrics. The inherence factor
gives an excellent performance as they generally span on
high accuracy (EER is comparatively low), low execution
time (less than one sec), and high on usability (high
uniqueness, remain consistent with time, ease to carry).
Accuracy is measured using FAR, FRR, ERR.
FAR = (Number of illegitimate samples declared as
legitimate samples / Total number of illegitimate
samples) *100%
FRR = Number of legitimate user samples declared as
illegitimate samples / Total number of legitimate
samples) * 100%
RQ3. Can we merge various factors or authentication
techniques?
Yes, we can merge the various methods of a
single authentication technique and combine two
different authentication techniques.
It is called a multifactor technique when we merge
different authentication techniques like knowledge with a
token or biometric or biometric with the token. The
performance of MFA is shown in table 14.
We can also merge the various methods of the
same authentication technique, termed multimodal
authentication. The performance metric is mentioned in
table 15.
RQ4. What are the applications of authentication
techniques
Application areas of authentication techniques
are mentioned in Section 5.
Conclusion:
Based on our surveys, we found several issues:
No research gives a balance between all the performance
characteristics. Thus, developing an authentication
system that balances accuracy, security, privacy,
execution time, and usability is still open for research.
Balance is still a fundamental challenge in achieving high
accuracy and high privacy and security, and low
execution time, although these things are conflicting.
There need to be more solutions for the privacy protection
of authentication systems. It has been seen from the
review that the researchers are working to improve the
accuracy or execution time, but only some of them focus
on privacy and security. This area also needs to be
explored as privacy disclosure brings a significant loss to
the users.
In this paper, we reviewed the recent advances in the
authentication field. We compared recent literature on
authentication by dividing the existing authentication
schemes into three categories (knowledge, inherence, and
token) and also reviewed the comparative analysis of
multifactor and multimodal authentication. We pointed
out the algorithm used, the database used, the technique
used for feature extraction and verification, and the
performance of each feature extraction method. Also, we
proposed several issues and future research directions.
We found that most of the existing system suffers from
security and privacy issues. Improving the overall
18
authentication systems, including accuracy, execution
time, security, and privacy, should be emphasized in
future research.
Research Data Policy and Data Availability Statements Data
sharing not applicable to this article as no datasets were
generated or analyzed during the current study.
Declarations
Competing Interest Divya Singla declares that she has no
conflict of interest. Neetu Verma declares that she has no
conflict of interest.
Divya Singla certify that this article has no financial or non-
financial interest to disclose. Neetu Verma certify that this
article has no financial or non-financial interest to disclose.
Ethical Approval This article does not submit same copy to
more than one journal for considerations.
References
1. Shah, S. W., & Kanhere, S. S. (2019). Recent Trends in
User Authentication – A Survey. In IEEE Access (Vol. 7,
pp. 112505–112519). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2019.2932400
2. Das, A. K., Zeadally, S., & Wazid, M. (2017). Lightweight
authentication protocols for wearable devices. In
Computers & Electrical Engineering (Vol. 63, pp.
196–208). Elsevier BV.
https://doi.org/10.1016/j.compeleceng.2017.03.008
3. Velásquez, I., Caro, A., & Rodríguez, A. (2018).
Authentication schemes and methods: A systematic
literature review. In Information and Software
Technology (Vol. 94, pp. 30–37). Elsevier BV.
https://doi.org/10.1016/j.infsof.2017.09.012
4. How do authentication process work.
https://indiancybersecuritysolutions.com/how-do-
authentication-process-work/[Accessed Feb, 2022]
5. Walton, S. (1995). Image authentication for a slippery
new age. Dr. Dobb's Journal, 20(4), 18-26.
6. Atwady, Y., & Hammoudeh, M. (2017). A Survey on
Authentication Techniques for the Internet of Things. In
Proceedings of the International Conference on Future
Networks and Distributed Systems. ICFNDS ’17:
International Conference on Future Networks and
Distributed Systems. ACM.
https://doi.org/10.1145/3102304.3102312
7. Kasim, Ö. (2022). Secure medical image encryption with
Walsh–Hadamard transform and lightweight
cryptography algorithm. In Medical & Biological
Engineering & Computing (Vol. 60, Issue 6, pp.
1585–1594). Springer Science and Business Media LLC.
https://doi.org/10.1007/s11517-022-02565-5
8. ISO/IEC JTC1 SC27 Security Techniques, ISO/IEC
24745:2022. Information Technology - Security
Techniques - Biometric Information Protection,
International Organization for Standardization, 2022.
https://www.iso.org/standard/75302.html (accessed
Feb. 15, 2022)
9. Li, Y., Wang, H., & Sun, K. (2016). A study of personal
information in human-chosen passwords and its
security implications. In IEEE INFOCOM 2016 - The 35th
Annual IEEE International Conference on Computer
Communications. IEEE INFOCOM 2016 - IEEE
Conference on Computer Communications. IEEE.
https://doi.org/10.1109/infocom.2016.7524583
10. Wang, D., Zhang, Z., Wang, P., Yan, J., & Huang, X. (2016).
Targeted Online Password Guessing. In Proceedings of
the 2016 ACM SIGSAC Conference on Computer and
Communications Security. CCS’16: 2016 ACM SIGSAC
Conference on Computer and Communications Security.
ACM. https://doi.org/10.1145/2976749.2978339
11. Kaka, J. G., Ishaq, O. O., & Ojeniyi, J. O. (2021).
Recognition-Based Graphical Password Algorithms: A
Survey. In 2020 IEEE 2nd International Conference on
Cyberspace (CYBER NIGERIA). 2020 IEEE 2nd
International Conference on Cyberspace (CYBER
NIGERIA). IEEE.
https://doi.org/10.1109/cybernigeria51635.2021.942
8801
12. Haggenmüller, S., Krieghoff-Henning, E., Jutzi, T., Trapp,
N., Kiehl, L., Utikal, J. S., Fabian, S., & Brinker, T. J. (2021).
Digital Natives’ Preferences on Mobile Artificial
Intelligence Apps for Skin Cancer Diagnostics: Survey
Study. In JMIR mHealth and uHealth (Vol. 9, Issue 8, p.
e22909). JMIR Publications Inc.
https://doi.org/10.2196/22909
13. Ju, Z., Zhang, H., Li, X., Chen, X., Han, J., & Yang, M. (2022).
A Survey on Attack Detection and Resilience for
Connected and Automated Vehicles: From Vehicle
Dynamics and Control Perspective. In IEEE Transactions
on Intelligent Vehicles (pp. 1–24). Institute of Electrical
and Electronics Engineers (IEEE).
https://doi.org/10.1109/tiv.2022.3186897
14. Password strength calculator
http://ww25.passwordstrengthcalculator.org/
[Accessed Feb 20, 2022]
15. İşler, D., Küpçü, A., & Coskun, A. (2019). User Perceptions
of Security and Usability of Mobile-Based Single
Password Authentication and Two-Factor
Authentication. In Lecture Notes in Computer Science
(pp. 99–117). Springer International Publishing.
https://doi.org/10.1007/978-3-030-31500-9_7
16. Wang, D., & Wang, P. (2015). Offline Dictionary Attack on
Password Authentication Schemes Using Smart Cards. In
Lecture Notes in Computer Science (pp. 221–237).
Springer International Publishing.
https://doi.org/10.1007/978-3-319-27659-5_16
17. Heartfield, R., & Loukas, G. (2016). A Taxonomy of
Attacks and a Survey of Defence Mechanisms for
Semantic Social Engineering Attacks. In ACM Computing
Surveys (Vol. 48, Issue 3, pp. 1–39). Association for
Computing Machinery (ACM).
https://doi.org/10.1145/2835375
18. Song, J., Wang, D., Yun, Z., & Han, X. (2019). Alphapwd: A
Password Generation Strategy Based on Mnemonic
Shape. In IEEE Access (Vol. 7, pp. 119052–119059).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2019.2937030
19. Guo, Y., Zhang, Z., & Guo, Y. (2019). Optiwords: A new
password policy for creating memorable and strong
passwords. In Computers & Security (Vol. 85, pp.
423–435). Elsevier BV.
 https://doi.org/10.1016/j.cose.2019.05.015
20. Lyu, S., Yao, Q., & Song, J. (2022). AvoidPwd: A mnemonic
password generation strategy based on keyboard
transformation. In China Communications (Vol. 19, Issue
10, pp. 92–101). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.23919/jcc.2022.00.027
21. Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., &
Memon, N. (2005). Authentication using graphical
passwords. In Proceedings of the 2005 symposium on
Usable privacy and security - SOUPS ’05. the 2005
symposium. ACM Press.
https://doi.org/10.1145/1073001.1073002
22. Ndako Adama, V., Oyebisi Oyefolahan, I., & Ndunagu, J.
(2021). Pure Recall-Based Graphical User
Authentication Schemes: Perspectives from a Closer
Look. In 3rd African Human-Computer Interaction
Conference. AfriCHI 2021: 3rd African Human-Computer
Interaction Conference. ACM.
https://doi.org/10.1145/3448696.3448721
23. Chiasson, S., Stobert, E., Forget, A., Biddle, R., & Van
Oorschot, P. C. (2012). Persuasive Cued Click-Points:
Design, Implementation, and Evaluation of a Knowledge-
Based Authentication Mechanism. In IEEE Transactions
on Dependable and Secure Computing (Vol. 9, Issue 2,
pp. 222–235). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tdsc.2011.55
24. Carter, N. J. (2015). Graphical Passwords for Older
Computer Users. In Proceedings of the 28th Annual ACM
Symposium on User Interface Software &
Technology - UIST ’15 Adjunct. the 28th Annual ACM
Symposium. ACM Press.
https://doi.org/10.1145/2815585.2815593
25. Chang, T.-Y., Tsai, C.-J., & Lin, J.-H. (2012). A graphical-
based password keystroke dynamic authentication
system for touch screen handheld mobile devices. In
Journal of Systems and Software (Vol. 85, Issue 5, pp.
1157–1165). Elsevier BV.
https://doi.org/10.1016/j.jss.2011.12.044
26. Sun, H.-M., Chen, Y.-H., Fang, C.-C., & Chang, S.-Y. (2012).
PassMap. In Proceedings of the 7th ACM Symposium on
Information, Computer and Communications Security -
ASIACCS ’12. the 7th ACM Symposium. ACM Press.
https://doi.org/10.1145/2414456.2414513
27. Azad, S., Rahman, M., Ranak, M. S. A. N., Ruhee, B. M. F. K.,
Nisa, N. N., Kabir, N., Rahman, A., & Mohamad Zain, J.
(2017). VAP code: A secure graphical password for
smart devices. In Computers & Electrical
Engineering (Vol. 59, pp. 99–109). Elsevier BV.
https://doi.org/10.1016/j.compeleceng.2016.12.007
28. Shah, A., Ved, P., Deora, A., Jaiswal, A., & D’silva, M.
(2015). Shoulder-surfing Resistant Graphical Password
System. In Procedia Computer Science (Vol. 45, pp. 477–
484). Elsevier BV.
https://doi.org/10.1016/j.procs.2015.03.084
29. Amruth, M. D., & Praveen, K. (2015). Android Smudge
Attack Prevention Techniques. In Advances in Intelligent
Systems and Computing (pp. 23–31). Springer
International Publishing. https://doi.org/10.1007/978-
3-319-23258-4_3
30. Kwon, T., Shin, S., & Na, S. (2014). Covert Attentional
Shoulder Surfing: Human Adversaries Are More
Powerful Than Expected. In IEEE Transactions on
Systems, Man, and Cybernetics: Systems (Vol. 44, Issue
6, pp. 716–727). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tsmc.2013.2270227
31. Greenberg, A. (2014). Google glass snoopers can steal
your passcode with a glance,” Wired.
https://www.wired.com/2014/06/google-glass-
snoopers-can-steal-your-passcode-with-a-glance/
[Accessed 20 march,2022]
32. Sun, H.-M., Chen, S.-T., Yeh, J.-H., & Cheng, C.-Y. (2018). A
Shoulder Surfing Resistant Graphical Authentication
System. In IEEE Transactions on Dependable and Secure
Computing (Vol. 15, Issue 2, pp. 180–193). Institute of
Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tdsc.2016.2539942
33. Patra, K., Nemade, B., Mishra, D. P., & Satapathy, P. P.
(2016). Cued-Click Point Graphical Password Using
Circular Tolerance to Increase Password Space and
Persuasive Features. In Procedia Computer Science (Vol.
79, pp. 561–568). Elsevier BV.
https://doi.org/10.1016/j.procs.2016.03.071
34. Sosa Valles, P. A., Villalobos-Serrano, J. G., Martinez
Pelaez, R., Garcia, V., Parra Michel, J. R., Velarde Alvarado,
P., & Mena, L. (2018). My Personal Images as My
Graphical Password. In IEEE Latin America Transactions
(Vol. 16, Issue 5, pp. 1516–1523). Institute of Electrical
and Electronics Engineers (IEEE).
https://doi.org/10.1109/tla.2018.8408449
35. Nizamani, S. Z., Hassan, S. R., Shaikh, R. A., Abozinadah, E.
A., & Mehmood, R. (2021). A Novel Hybrid Textual-
Graphical Authentication Scheme With Better Security,
Memorability, and Usability. In IEEE Access (Vol. 9, pp.
51294–51312). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/access.2021.3069164
36. Google plans to bring password-free logins to Android
apps by year-end.
https://techcrunch.com/2016/05/23/google-plans-to-
bring-password-free-logins-to-android-apps-by-year-
end/ [Accessed 24, March 2022]
37. Handbook of Biometric Anti-Spoofing. (2019). In S.
Marcel, M. S. Nixon, J. Fierrez, & N. Evans (Eds.),
Advances in Computer Vision and Pattern Recognition.
Springer International Publishing.
https://doi.org/10.1007/978-3-319-92627-8
38. Awad, A. I., & Hassanien, A. E. (2014). Impact of Some
Biometric Modalities on Forensic Science. In Studies in
Computational Intelligence (pp. 47–62). Springer
International Publishing. https://doi.org/10.1007/978-
3-319-05885-6_3
39. Ali, S. F., Khan, M. A., & Aslam, A. S. (2020). Fingerprint
matching, spoof and liveness detection: classification
and literature review. In Frontiers of Computer Science
(Vol. 15, Issue 1). Springer Science and Business Media
LLC. https://doi.org/10.1007/s11704-020-9236-4
40. Fu, X., & Feng, J. (2015). Minutia Tensor Matrix: A New
Strategy for Fingerprint Matching. In W.-B. Du (Ed.),
PLOS ONE (Vol. 10, Issue 3, p. e0118910). Public Library
of Science (PLoS).
https://doi.org/10.1371/journal.pone.0118910
41. de Macedo Rodrigues, R., Costa, M. G. F., & Costa Filho, C.
F. F. (2013). Fingerprint verification using characteristic
vectors based on planar graphics. In Signal, Image and
Video Processing (Vol. 9, Issue 5, pp. 1121–1135).
20
Springer Science and Business Media LLC.
https://doi.org/10.1007/s11760-013-0548-9
42. Das, P., Karthik, K., & Chandra Garai, B. (2012). A robust
alignment-free fingerprint hashing algorithm based on
minimum distance graphs. In Pattern Recognition (Vol.
45, Issue 9, pp. 3373–3388). Elsevier BV.
https://doi.org/10.1016/j.patcog.2012.02.022
43. Gutierrez, P. D., Lastra, M., Herrera, F., & Benitez, J. M.
(2014). A High Performance Fingerprint Matching
System for Large Databases Based on GPU. In IEEE
Transactions on Information Forensics and Security
(Vol. 9, Issue 1, pp. 62–71). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/tifs.2013.2291220
44. Jain, A. K., & Jianjiang Feng. (2011). Latent Fingerprint
Matching. In IEEE Transactions on Pattern Analysis and
Machine Intelligence (Vol. 33, Issue 1, pp. 88–100).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tpami.2010.59
45. Choi, H., Choi, K., & Kim, J. (2011). Fingerprint Matching
Incorporating Ridge Features With Minutiae. In IEEE
Transactions on Information Forensics and Security
(Vol. 6, Issue 2, pp. 338–345). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/tifs.2010.2103940
46. Tran, Q. N., Turnbull, B. P., Wang, M., & Hu, J. (2022). A
Privacy-Preserving Biometric Authentication System
With Binary Classification in a Zero Knowledge Proof
Protocol. In IEEE Open Journal of the Computer Society
(Vol. 3, pp. 1–10). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/ojcs.2021.3138332
47. Ali, A., Baghel, V. S., & Prakash, S. (2022). A novel
technique for fingerprint template security in biometric
authentication systems. In The Visual Computer.
Springer Science and Business Media LLC.
https://doi.org/10.1007/s00371-022-02726-5
48. The Guardian. (2013). iPhone 5S Fingerprint Sensor
Hacked by Germany's Chaos Computer Club. (Online).
Available: www.
theguardian.com/technology/2013/sep/22/apple-
iphone-ngerprintscanner-hacked. [Accessed August,
2022]
49. Yang, W., Hu, J., Fernandes, C., Sivaraman, V., & Wu, Q.
(2016). Vulnerability analysis of iPhone 6. In 2016 14th
Annual Conference on Privacy, Security and Trust (PST).
2016 14th Annual Conference on Privacy, Security and
Trust (PST). IEEE.
https://doi.org/10.1109/pst.2016.7907000
50. Macworld. (2013). The iPhone 5s fingerprint reader:
what you need to know. (online)
https://www.macworld.com/article/221849/the-
iphone-5s-fingerprint-reader-what-you-need-to-
know.html. [Accessed August, 2022].
51. Bayometric. (online) https://www.bayometric.com/
[Accessed August, 2022].
52. Rui, Z., & Yan, Z. (2019). A Survey on Biometric
Authentication: Toward Secure and Privacy-Preserving
Identification. In IEEE Access (Vol. 7, pp. 5994–6009).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2018.2889996
53. Kekre, H. B., Thepade, S. D., Jain, J., & Agrawal, N. (2011).
Iris recognition using texture features extracted from
Walshlet pyramid. In Proceedings of the International
Conference & Workshop on Emerging Trends in
Technology - ICWET ’11. the International Conference &
Workshop. ACM Press.
https://doi.org/10.1145/1980022.1980038
54. Shah, S., & Ross, A. (2009). Iris Segmentation Using
Geodesic Active Contours. In IEEE Transactions on
Information Forensics and Security (Vol. 4, Issue 4, pp.
824–836). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tifs.2009.2033225
55. Reddy, N., Rattani, A., & Derakhshani, R. (2016). A robust
scheme for iris segmentation in mobile environment. In
2016 IEEE Symposium on Technologies for Homeland
Security (HST). 2016 IEEE Symposium on Technologies
for Homeland Security (HST). IEEE.
https://doi.org/10.1109/ths.2016.7568948
56. Tan, C.-W., & Kumar, A. (2013). Towards Online Iris and
Periocular Recognition Under Relaxed Imaging
Constraints. In IEEE Transactions on Image Processing
(Vol. 22, Issue 10, pp. 3751–3765). Institute of Electrical
and Electronics Engineers (IEEE).
https://doi.org/10.1109/tip.2013.2260165
57. Tan, C.-W., & Kumar, A. (2012). Unified Framework for
Automated Iris Segmentation Using Distantly Acquired
Face Images. In IEEE Transactions on Image Processing
(Vol. 21, Issue 9, pp. 4068–4079). Institute of Electrical
and Electronics Engineers (IEEE).
https://doi.org/10.1109/tip.2012.2199125
58. Khoirunnisaa, A. Z., Hakim, L., & Wibawa, A. D. (2019).
The Biometrics System Based on Iris Image Processing:
A Review. In 2019 2nd International Conference of
Computer and Informatics Engineering (IC2IE). 2019
2nd International Conference of Computer and
Informatics Engineering (IC2IE). IEEE.
https://doi.org/10.1109/ic2ie47452.2019.8940832
59. Moi, S. H., Asmuni, H., Hassan, R., & Othman, R. M. (2014).
A unified approach for unconstrained off-angle iris
recognition. In 2014 International Symposium on
Biometrics and Security Technologies (ISBAST). 2014
International Symposium on Biometrics and Security
Technologies (ISBAST). IEEE.
https://doi.org/10.1109/isbast.2014.7013091
60. Singh, G., Singh, R. K., Saha, R., & Agarwal, N. (2020). IWT
Based Iris Recognition for Image Authentication. In
Procedia Computer Science (Vol. 171, pp. 1868–1876).
Elsevier BV.
https://doi.org/10.1016/j.procs.2020.04.200
61. Daugman, J. (2006). Probing the Uniqueness and
Randomness of IrisCodes: Results From 200 Billion Iris
Pair Comparisons. In Proceedings of the IEEE (Vol. 94,
Issue 11, pp. 1927–1935). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/jproc.2006.884092
62. Trokielewicz, M., & Bartuzi, E. (2018). Cross-spectral Iris
Recognition for Mobile Applications using High-quality
Color Images. arXiv.
https://doi.org/10.48550/ARXIV.1807.04061
63. ArsTECHNICA. Breaking the iris scanner locking
Samsung’s galaxy S8 is laughable easy.
https://arstechnica.com/information-
technology/2017/05/breaking-the-iris-scanner-
locking-samsungs-galaxy-s8-is-laughably-easy/[
Accessed September, 2022]
64. Shah, S. W., & Kanhere, S. S. (2019). Recent Trends in
 User Authentication – A Survey. In IEEE Access (Vol. 7,
pp. 112505–112519). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2019.2932400
65. Venugopalan, S., & Savvides, M. (2011). How to Generate
Spoofed Irises From an Iris Code Template. In IEEE
Transactions on Information Forensics and Security
(Vol. 6, Issue 2, pp. 385–395). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/tifs.2011.2108288
66. Rathgeb, C., & Busch, C. (2017). On the feasibility of
creating morphed iris-codes. In 2017 IEEE International
Joint Conference on Biometrics (IJCB). 2017 IEEE
International Joint Conference on Biometrics (IJCB).
IEEE. https://doi.org/10.1109/btas.2017.8272693
67. Srivastava, V., Tripathi, B. K., & Pathak, V. K. (2012).
Biometric recognition by hybridization of evolutionary
fuzzy clustering with functional neural networks. In
Journal of Ambient Intelligence and Humanized
Computing (Vol. 5, Issue 4, pp. 525–537). Springer
Science and Business Media LLC.
https://doi.org/10.1007/s12652-012-0161-8
68. Kausar, F. (2021). Iris based cancelable biometric
cryptosystem for secure healthcare smart card. In
Egyptian Informatics Journal (Vol. 22, Issue 4, pp. 447–
453). Elsevier BV.
https://doi.org/10.1016/j.eij.2021.01.004
69. Sigal, L., Sclaroff, S., & Athitsos, V. (2004). Skin color-
based video segmentation under time-varying
illumination. In IEEE Transactions on Pattern Analysis
and Machine Intelligence (Vol. 26, Issue 7, pp. 862–877).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tpami.2004.35
70. Borkar, N. R., & Kuwelkar, S. (2017). Real-time
implementation of face recognition system. In 2017
International Conference on Computing Methodologies
and Communication (ICCMC). 2017 International
Conference on Computing Methodologies and
Communication (ICCMC). IEEE.
https://doi.org/10.1109/iccmc.2017.8282685
71. Kumar, N., Berg, A., Belhumeur, P. N., & Nayar, S. (2011).
Describable Visual Attributes for Face Verification and
Image Search. In IEEE Transactions on Pattern Analysis
and Machine Intelligence (Vol. 33, Issue 10, pp. 1962–
1977). Institute of Electrical and Electronics Engineers
(IEEE). https://doi.org/10.1109/tpami.2011.48
72. Zhen Lei, Pietikainen, M., & Li, S. Z. (2014). Learning
Discriminant Face Descriptor. In IEEE Transactions on
Pattern Analysis and Machine Intelligence (Vol. 36, Issue
2, pp. 289–302). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tpami.2013.112
73. Zhen Lei, Shengcai Liao, Pietikäinen, M., & Li, S. Z. (2011).
Face Recognition by Exploring Information Jointly in
Space, Scale and Orientation. In IEEE Transactions on
Image Processing (Vol. 20, Issue 1, pp. 247–256).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tip.2010.2060207
74. Peng Li, Yun Fu, Mohammed, U., Elder, J. H., & Prince, S. J.
D. (2012). Probabilistic Models for Inference about
Identity. In IEEE Transactions on Pattern Analysis and
Machine Intelligence (Vol. 34, Issue 1, pp. 144–157).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tpami.2011.104
75. Sharma, S., Bhatt, M., & Sharma, P. (2020). Face
Recognition System Using Machine Learning Algorithm.
In 2020 5th International Conference on Communication
and Electronics Systems (ICCES). 2020 5th International
Conference on Communication and Electronics Systems
(ICCES). IEEE.
https://doi.org/10.1109/icces48766.2020.9137850
76. Mai, G., Cao, K., Yuen, P. C., & Jain, A. K. (2019). On the
Reconstruction of Face Images from Deep Face
Templates. In IEEE Transactions on Pattern Analysis and
Machine Intelligence (Vol. 41, Issue 5, pp. 1188–1202).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tpami.2018.2827389
77. Di Wen, Hu Han, & Jain, A. K. (2015). Face Spoof
Detection With Image Distortion Analysis. In IEEE
Transactions on Information Forensics and Security
(Vol. 10, Issue 4, pp. 746–761). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/tifs.2015.2400395
78. Kose, N., & Dugelay, J.-L. (2013). On the vulnerability of
face recognition systems to spoofing mask attacks. In
2013 IEEE International Conference on Acoustics,
Speech and Signal Processing. ICASSP 2013 - 2013 IEEE
International Conference on Acoustics, Speech and
Signal Processing (ICASSP). IEEE.
https://doi.org/10.1109/icassp.2013.6638076
79. Galbally, J., McCool, C., Fierrez, J., Marcel, S., & Ortega-
Garcia, J. (2010). On the vulnerability of face verification
systems to hill-climbing attacks. In Pattern Recognition
(Vol. 43, Issue 3, pp. 1027–1038). Elsevier BV.
https://doi.org/10.1016/j.patcog.2009.08.022
80. Scherhag, U., Raghavendra, R., Raja, K. B., Gomez-
Barrero, M., Rathgeb, C., & Busch, C. (2017). On the
vulnerability of face recognition systems towards
morphed face attacks. In 2017 5th International
Workshop on Biometrics and Forensics (IWBF). 2017
5th International Workshop on Biometrics and
Forensics (IWBF). IEEE.
https://doi.org/10.1109/iwbf.2017.7935088
81. Yadav, S., & Vishwakarma, V. P. (2019). Extended
interval type-II and kernel based sparse representation
method for face recognition. In Expert Systems with
Applications (Vol. 116, pp. 265–274). Elsevier BV.
https://doi.org/10.1016/j.eswa.2018.09.032
82. Xie, Y., Li, P., Nedjah, N., Gupta, B. B., Taniar, D., & Zhang,
J. (2022). Privacy protection framework for face
recognition in edge-based Internet of Things. In Cluster
Computing. Springer Science and Business Media LLC.
https://doi.org/10.1007/s10586-022-03808-8
83. Watanabe, M., Endoh, T., Shiohara, M., & Sasaki, S. (2005,
September). Palm vein authentication technology and its
applications. In Proceedings of the biometric consortium
conference (pp. 19-21).
84. Elnasir, S., & Shamsuddin, S. M. (2014). Proposed scheme
for palm vein recognition based on Linear
Discrimination Analysis and nearest neighbour
classifier. In 2014 International Symposium on
Biometrics and Security Technologies (ISBAST). 2014
International Symposium on Biometrics and Security
Technologies (ISBAST). IEEE.
https://doi.org/10.1109/isbast.2014.7013096
85. Lee, J.-C. (2012). A novel biometric system based on
palm vein image. In Pattern Recognition Letters (Vol. 33,
Issue 12, pp. 1520–1528). Elsevier BV.
22
https://doi.org/10.1016/j.patrec.2012.04.007
86. Yunanto, P. E., Nugroho, H., & Agung Budi, W. T. (2016).
Automatic features reduction procedures in palm vein
recognition. In 2016 International Conference on
Advanced Computer Science and Information Systems
(ICACSIS). 2016 International Conference on Advanced
Computer Science and Information Systems (ICACSIS).
IEEE. https://doi.org/10.1109/icacsis.2016.7872738
87. Abed, M. H., Alsaeedi, A. H., Alfoudi, A. D., Otebolaku, A.
M., & Razooqi, Y. S. (2020). Palm Vein Identification
based on hybrid features selection model (Version 1).
arXiv. https://doi.org/10.48550/ARXIV.2007.16195
88. Toygar, O., Babalola, F. O., & Bitirim, Y. (2020). FYO: A
Novel Multimodal Vein Database With Palmar, Dorsal
and Wrist Biometrics. In IEEE Access (Vol. 8, pp. 82461–
82470). Institute of Electrical and Electronics Engineers
(IEEE). https://doi.org/10.1109/access.2020.2991475
89. Zhang, L., Cheng, Z., Shen, Y., & Wang, D. (2018).
Palmprint and Palmvein Recognition Based on DCNN
and A New Large-Scale Contactless Palmvein Dataset. In
Symmetry (Vol. 10, Issue 4, p. 78). MDPI AG.
https://doi.org/10.3390/sym10040078
90. Cancian, P., Di Donato, G. W., Rana, V., & Santambrogio,
M. D. (2017). An embedded Gabor-based palm vein
recognition system. In 2017 IEEE EMBS International
Conference on Biomedical & Health Informatics
(BHI). 2017 IEEE EMBS International Conference on
Biomedical & Health Informatics (BHI). IEEE.
https://doi.org/10.1109/bhi.2017.7897291
91. Wirayuda, T. A. B. (2015). Palm vein recognition based-
on minutiae feature and feature matching. In 2015
International Conference on Electrical Engineering and
Informatics (ICEEI). 2015 International Conference on
Electrical Engineering and Informatics (ICEEI). IEEE.
https://doi.org/10.1109/iceei.2015.7352525
92. Handbook of Vascular Biometrics. (2020). In A. Uhl, C.
Busch, S. Marcel, & R. Veldhuis (Eds.), Advances in
Computer Vision and Pattern Recognition. Springer
International Publishing. https://doi.org/10.1007/978-
3-030-27731-4
93. Sayed, M. (2015). Palm Vein Authentication Based on the
Coset Decomposition Method. In Journal of Information
Security (Vol. 06, Issue 03, pp. 197–205). Scientific
Research Publishing, Inc.
https://doi.org/10.4236/jis.2015.63020
94. Kang, W., & Wu, Q. (2014). Contactless Palm Vein
Recognition Using a Mutual Foreground-Based Local
Binary Pattern. In IEEE Transactions on Information
Forensics and Security (Vol. 9, Issue 11, pp. 1974–1985).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tifs.2014.2361020
95. Yan, X., Deng, F., & Kang, W. (2014). Palm Vein
Recognition Based on Multi-algorithm and Score-Level
Fusion. In 2014 Seventh International Symposium on
Computational Intelligence and Design. 2014 7th
International Symposium on Computational Intelligence
and Design (ISCID). IEEE.
https://doi.org/10.1109/iscid.2014.93
96. Wang, J., & Wang, G. (2017). Quality-Specific Hand Vein
Recognition System. In IEEE Transactions on
Information Forensics and Security (Vol. 12, Issue 11, pp.
2599–2610). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tifs.2017.2713340
97. Yan, X., Kang, W., Deng, F., & Wu, Q. (2015). Palm vein
recognition based on multi-sampling and feature-level
fusion. In Neurocomputing (Vol. 151, pp. 798–807).
Elsevier BV.
https://doi.org/10.1016/j.neucom.2014.10.019
98. Ahmad, F., Cheng, L.-M., & Khan, A. (2020). Lightweight
and Privacy-Preserving Template Generation for Palm-
Vein-Based Human Recognition. In IEEE Transactions on
Information Forensics and Security (Vol. 15, pp. 184–
194). Institute of Electrical and Electronics Engineers
(IEEE). https://doi.org/10.1109/tifs.2019.2917156
99. Nandakumar, K., & Jain, A. K. (2015). Biometric Template
Protection: Bridging the performance gap between
theory and practice. In IEEE Signal Processing Magazine
(Vol. 32, Issue 5, pp. 88–100). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/msp.2015.2427849
100. Bringer, J., Chabanne, H., & Patey, A. (2013). Privacy-
Preserving Biometric Identification Using Secure
Multiparty Computation: An Overview and Recent
Trends. In IEEE Signal Processing Magazine (Vol. 30,
Issue 2, pp. 42–52). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/msp.2012.2230218
101. Lagendijk, R. L., & Barni, M. (2013). Encrypted signal
processing for privacy protection: Conveying the utility
of homomorphic encryption and multiparty
computation. In IEEE Signal Processing Magazine (Vol.
30, Issue 1, pp. 82–105). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/msp.2012.2219653
102. Zhou, Y., & Kumar, A. (2011). Human Identification
Using Palm-Vein Images. In IEEE Transactions on
Information Forensics and Security (Vol. 6, Issue 4, pp.
1259–1274). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tifs.2011.2158423
103. Ramachandra, R., Raja, K. B., Venkatesh, S. K., &
Busch, C. (2019). Design and Development of Low-Cost
Sensor to Capture Ventral and Dorsal Finger Vein for
Biometric Authentication. In IEEE Sensors Journal (Vol.
19, Issue 15, pp. 6102–6111). Institute of Electrical and
Electronics Engineers (IEEE).
https://doi.org/10.1109/jsen.2019.2906691
104. Wang, J.-G., Yau, W.-Y., Suwandy, A., & Sung, E.
(2008). Person recognition by fusing palmprint and
palm vein images based on “Laplacianpalm”
representation. In Pattern Recognition (Vol. 41, Issue 5,
pp. 1514–1527). Elsevier BV.
https://doi.org/10.1016/j.patcog.2007.10.021
105. Wu, K.-S., Lee, J.-C., Lo, T.-M., Chang, K.-C., & Chang, C.-
P. (2013). A secure palm vein recognition system. In
Journal of Systems and Software (Vol. 86, Issue 11, pp.
2870–2876). Elsevier BV.
https://doi.org/10.1016/j.jss.2013.06.065
106. Han, W.-Y., & Lee, J.-C. (2012). Palm vein recognition
using adaptive Gabor filter. In Expert Systems with
Applications (Vol. 39, Issue 18, pp. 13225–13234).
Elsevier BV.
https://doi.org/10.1016/j.eswa.2012.05.079
107. Aberni, Y., Boubchir, L., & Daachi, B. (2020). Palm
vein recognition based on competitive coding scheme
using multi-scale local binary pattern with ant colony
optimization. In Pattern Recognition Letters (Vol. 136,
 pp. 101–110). Elsevier BV.
https://doi.org/10.1016/j.patrec.2020.05.030
108. Huseynov, E., & Seigneur, J.-M. (2017). Context-
Aware Multifactor Authentication Survey. In Computer
and Information Security Handbook (pp. 715–726).
Elsevier. https://doi.org/10.1016/b978-0-12-803843-
7.00050-8
109. Hanny, D., Pachano, M. A., Thompson, L. G., Banks, J.
(2007). RFID Applied. United Kingdom: Wiley.
110. The best Tech products and services 2022.
https://www.pcmag.com/picks/the-best-tech-
products. [Accessed September, 2022]
111. Multifactor authentication https://duo.com/
[Accessed September, 2022]
112. Zhang, J., Tan, X., Wang, X., Yan, A., & Qin, Z. (2018).
T2FA: Transparent Two-Factor Authentication. In IEEE
Access (Vol. 6, pp. 32677–32686). Institute of Electrical
and Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2018.2844548
113. AlQahtani, A. A. S., Alamleh, H., & Gourd, J. (2020).
0EISUA: Zero Effort Indoor Secure User Authentication.
In IEEE Access (Vol. 8, pp. 79069–79078). Institute of
Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2020.2990604
114. Zhang, F., Kondoro, A., & Muftic, S. (2012). Location-
Based Authentication and Authorization Using Smart
Phones. In 2012 IEEE 11th International Conference on
Trust, Security and Privacy in Computing and
Communications. 2012 IEEE 11th International
Conference on Trust, Security and Privacy in Computing
and Communications (TrustCom). IEEE.
https://doi.org/10.1109/trustcom.2012.198
115. Shah, S. W., & Kanhere, S. S. (2017). Wi-Auth. In
Proceedings of the 14th EAI International Conference on
Mobile and Ubiquitous Systems: Computing, Networking
and Services. MobiQuitous 2017: Computing,
Networking and Services. ACM.
https://doi.org/10.1145/3144457.3144468
116. Erdem, E., & Sandikkaya, M. T. (2019). OTPaaS—One
Time Password as a Service. In IEEE Transactions on
Information Forensics and Security (Vol. 14, Issue 3, pp.
743–756). Institute of Electrical and Electronics
Engineers (IEEE).
https://doi.org/10.1109/tifs.2018.2866025
117. Khan, S. H., Ali Akbar, M., Shahzad, F., Farooq, M., &
Khan, Z. (2015). Secure biometric template generation
for multi-factor authentication. In Pattern Recognition
(Vol. 48, Issue 2, pp. 458–472). Elsevier BV.
https://doi.org/10.1016/j.patcog.2014.08.024
118. Wang, D., & Wang, P. (2016). Two Birds with One
Stone: Two-Factor Authentication with Security Beyond
Conventional Bound. In IEEE Transactions on
Dependable and Secure Computing (pp. 1–1). Institute of
Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tdsc.2016.2605087
119. Fatahpour, S. (2018). Token based privacy
preserving and authentication technique for wireless
mobile networks. In 2018 4th International Conference
on Web Research (ICWR). 2018 4th International
Conference on Web Research (ICWR). IEEE.
https://doi.org/10.1109/icwr.2018.8387253
120. Limbasiya, T., Soni, M., & Mishra, S. K. (2018).
Advanced formal authentication protocol using smart
cards for network applicants. In Computers &
Electrical Engineering (Vol. 66, pp. 50–63). Elsevier BV.
https://doi.org/10.1016/j.compeleceng.2017.12.045
121. Hassan, M. A., & Shukur, Z. (2021). A Secure Multi
Factor User Authentication Framework for Electronic
Payment System. In 2021 3rd International Cyber
Resilience Conference (CRC). 2021 3rd International
Cyber Resilience Conference (CRC). IEEE.
https://doi.org/10.1109/crc50527.2021.9392564
122. Khalid, H., Hashim, S. J., Ahmad, S. M. S., Hashim, F., &
Chaudhary, M. A. (2021). SELAMAT: A New Secure and
Lightweight Multi-Factor Authentication Scheme for
Cross-Platform Industrial IoT Systems. In Sensors (Vol.
21, Issue 4, p. 1428). MDPI AG.
https://doi.org/10.3390/s21041428
123. . P., Sinha, A., Shrivastava, G., & Kumar, P. (2019). A
Pattern-Based Multi-Factor Authentication System. In
Scalable Computing: Practice and Experience (Vol. 20,
Issue 1, pp. 101–112). Scalable Computing: Practice and
Experience. https://doi.org/10.12694/scpe.v20i1.1460
124. Sajjad, M., Khan, S., Hussain, T., Muhammad, K.,
Sangaiah, A. K., Castiglione, A., Esposito, C., & Baik, S. W.
(2019). CNN-based anti-spoofing two-tier multi-factor
authentication system. In Pattern Recognition Letters
(Vol. 126, pp. 123–131). Elsevier BV.
https://doi.org/10.1016/j.patrec.2018.02.015
125. Liu, W., Wang, X., & Peng, W. (2020). Secure Remote
Multi-Factor Authentication Scheme Based on Chaotic
Map Zero-Knowledge Proof for Crowdsourcing Internet
of Things. In IEEE Access (Vol. 8, pp. 8754–8767).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2019.2962912
126. Kim, J., & Park, N. (2019). Lightweight knowledge-
based authentication model for intelligent closed-circuit
television in mobile personal computing. In Personal and
Ubiquitous Computing (Vol. 26, Issue 2, pp. 345–353).
Springer Science and Business Media LLC.
https://doi.org/10.1007/s00779-019-01299-w
127. Wu, L., Yang, J., Zhou, M., Chen, Y., & Wang, Q. (2020).
LVID: A Multimodal Biometrics Authentication System
on Smartphones. In IEEE Transactions on Information
Forensics and Security (Vol. 15, pp. 1572–1585).
Institute of Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/tifs.2019.2944058
128. Zhang, X., Cheng, D., Jia, P., Dai, Y., & Xu, X. (2020). An
Efficient Android-Based Multimodal Biometric
Authentication System With Face and Voice. In IEEE
Access (Vol. 8, pp. 102757–102772). Institute of
Electrical and Electronics Engineers (IEEE).
https://doi.org/10.1109/access.2020.2999115
129. Gupta, P., & Gupta, P. (2018). Multibiometric
Authentication System Using Slap Fingerprints, Palm
Dorsal Vein, and Hand Geometry. In IEEE Transactions
on Industrial Electronics (Vol. 65, Issue 12, pp. 9777–
9784). Institute of Electrical and Electronics Engineers
(IEEE). https://doi.org/10.1109/tie.2018.2823686
130. Toygar, O., Babalola, F. O., & Bitirim, Y. (2020). FYO:
A Novel Multimodal Vein Database With Palmar, Dorsal
and Wrist Biometrics. In IEEE Access (Vol. 8, pp. 82461–
82470). Institute of Electrical and Electronics Engineers
(IEEE). https://doi.org/10.1109/access.2020.2991475
131. Othman, A., & Ross, A. (2015). Fingerprint + Iris =
IrisPrint. In I. A. Kakadiaris, A. Kumar, & W. J. Scheirer
(Eds.), SPIE Proceedings. SPIE.
https://doi.org/10.1117/12.2181075
24
132. Juyal, S., Sharma, S., & Shankar Shukla, A. (2021).
Security and privacy issues in unified IoT-based skin
monitoring system. In Materials Today: Proceedings
(Vol. 46, pp. 10815–10820). Elsevier BV.
https://doi.org/10.1016/j.matpr.2021.01.718
133. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., &
Kumar, N. (2018). A robust and anonymous patient
monitoring system using wireless medical sensor
networks. In Future Generation Computer Systems (Vol.
80, pp. 483–495). Elsevier BV.
https://doi.org/10.1016/j.future.2016.05.032
134. Liu, C.-H., & Chung, Y.-F. (2017). Secure user
authentication scheme for wireless healthcare sensor
networks. In Computers & Electrical Engineering
(Vol. 59, pp. 250–261). Elsevier BV.
https://doi.org/10.1016/j.compeleceng.2016.01.002
135. Prabhusundhar, P., Kumar, V. K. N., & Srinivasan, B.
(2013). Border crossing security and privacy in
biometric passport using cryptographic authentication
protocol. In 2013 International Conference on Computer
Communication and Informatics. 2013 International
Conference on Computer Communication and
Informatics (ICCCI). IEEE.
https://doi.org/10.1109/iccci.2013.6466144
136. Papaioannou, M., Mantas, G., Lymberopoulos, D., &
Rodriguez, J. (2020). User Authentication and
Authorization for Next Generation Mobile Passenger ID
Devices for Land and Sea Border Control. In 2020 12th
International Symposium on Communication Systems,
Networks and Digital Signal Processing (CSNDSP). 2020
12th International Symposium on Communication
Systems, Networks and Digital Signal Processing
(CSNDSP). IEEE.
https://doi.org/10.1109/csndsp49049.2020.9249574
137. Wazid, M., Das, A. K., Hussain, R., Succi, G., &
Rodrigues, J. J. P. C. (2019). Authentication in cloud-
driven IoT-based big data environment: Survey and
outlook. In Journal of Systems Architecture (Vol. 97, pp.
185–196). Elsevier BV.
https://doi.org/10.1016/j.sysarc.2018.12.005
138. Thing, V. L. L., & Wu, J. (2016). Autonomous Vehicle
Security: A Taxonomy of Attacks and Defences. In 2016
IEEE International Conference on Internet of Things
(iThings) and IEEE Green Computing and
Communications (GreenCom) and IEEE Cyber, Physical
and Social Computing (CPSCom) and IEEE Smart Data
(SmartData). 2016 IEEE International Conference on
Internet of Things (iThings) and IEEE Green Computing
and Communications (GreenCom) and IEEE Cyber,
Physical and Social Computing (CPSCom) and IEEE
Smart Data (SmartData). IEEE.
https://doi.org/10.1109/ithings-greencom-cpscom-
smartdata.2016.52
139. Maeng, K., Kim, W., & Cho, Y. (2021). Consumers’
attitudes toward information security threats against
connected and autonomous vehicles. In Telematics and
Informatics (Vol. 63, p. 101646). Elsevier BV.
https://doi.org/10.1016/j.tele.2021.101646
140. Pham, M., & Xiong, K. (2021). A survey on security
attacks and defense techniques for connected and
autonomous vehicles. In Computers & Security
(Vol. 109, p. 102269). Elsevier BV.
https://doi.org/10.1016/j.cose.2021.102269
141. Hooi, Y. K., Shafee Kalid, K., & Tachmammedov, S.
(2018). MULTI-FACTOR ATTENDANCE
AUTHENTICATION SYSTEM. In International Journal of
Software Engineering and Computer Systems (Vol. 4,
Issue 2, pp. 62–79). Universiti Malaysia Pahang
Publishing.
https://doi.org/10.15282/ijsecs.4.2.2018.5.0049
142. Mohamed, B. K. P., & Raghu, C. V. (2012). Fingerprint
attendance system for classroom needs. In 2012 Annual
IEEE India Conference (INDICON). 2012 Annual IEEE
India Conference (INDICON). IEEE.
https://doi.org/10.1109/indcon.2012.6420657
143. Aziz, A., Sukarno, P., & Yasirandi, R. (2021). How Can
National Identity Card Reduce Authentication Risks in
Enterprise Attendance Management System? In 2021
IEEE 7th International Conference on Smart
Instrumentation, Measurement and Applications
(ICSIMA). 2021 IEEE 7th International Conference on
Smart Instrumentation, Measurement and Applications
(ICSIMA). IEEE.
https://doi.org/10.1109/icsima50015.2021.9526302
144. Albalawi, A., Almrshed, A., Badhib, A., & Alshehri, S.
(2019). A Survey on Authentication Techniques for the
Internet of Things. In 2019 International Conference on
Computer and Information Sciences (ICCIS). 2019
International Conference on Computer and Information
Sciences (ICCIS). IEEE.
https://doi.org/10.1109/iccisci.2019.8716401
145. Atwady, Y., & Hammoudeh, M. (2017). A Survey on
Authentication Techniques for the Internet of Things. In
Proceedings of the International Conference on Future
Networks and Distributed Systems. ICFNDS ’17:
International Conference on Future Networks and
Distributed Systems. ACM.
https://doi.org/10.1145/3102304.3102312
146. Wazid, M., Das, A. K., Hussain, R., Succi, G., &
Rodrigues, J. J. P. C. (2019). Authentication in cloud-
driven IoT-based big data environment: Survey and
outlook. In Journal of Systems Architecture (Vol. 97, pp.
185–196). Elsevier BV.
https://doi.org/10.1016/j.sysarc.2018.12.005
147. Wang, C., Wang, Y., Chen, Y., Liu, H., & Liu, J. (2020).
User authentication on mobile devices: Approaches,
threats and trends. In Computer Networks (Vol. 170, p.
107118). Elsevier BV.
https://doi.org/10.1016/j.comnet.2020.107118
148. Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B.
(2016). Continuous User Authentication on Mobile
Devices: Recent progress and remaining challenges. In
IEEE Signal Processing Magazine (Vol. 33, Issue 4, pp.
49–61). Institute of Electrical and Electronics Engineers
(IEEE). https://doi.org/10.1109/msp.2016.2555335
149. Fathy, M. E., Patel, V. M., & Chellappa, R. (2015). Face-
based Active Authentication on mobile devices. In 2015
IEEE International Conference on Acoustics, Speech and
Signal Processing (ICASSP). ICASSP 2015 - 2015 IEEE
International Conference on Acoustics, Speech and
Signal Processing (ICASSP). IEEE.
https://doi.org/10.1109/icassp.2015.7178258
150. Alizadeh, M., Abolfazli, S., Zamani, M., Baharun, S., &
Sakurai, K. (2016). Authentication in mobile cloud
computing: A survey. In Journal of Network and
Computer Applications (Vol. 61, pp. 59–80). Elsevier BV.
https://doi.org/10.1016/j.jnca.2015.10.005
151. Al-Assam, H., Hassan, W., & Zeadally, S. (2018).
 Automated Biometric Authentication with Cloud
Computing. In Biometric-Based Physical and
Cybersecurity Systems (pp. 455–475). Springer
International Publishing. https://doi.org/10.1007/978-
3-319-98734-7_18
152. Chang, H., & Choi, E. (2011). User Authentication in
Cloud Computing. In Communications in Computer and
Information Science (pp. 338–342). Springer Berlin
Heidelberg. https://doi.org/10.1007/978-3-642-
20998-7_42
153. Ali, R., & Pal, A. K. (2018). Cryptanalysis and
Biometric-Based Enhancement of a Remote User
Authentication Scheme for E-Healthcare System. In
Arabian Journal for Science and Engineering (Vol. 43,
Issue 12, pp. 7837–7852). Springer Science and Business
Media LLC. https://doi.org/10.1007/s13369-018-3220-
4
154. Mason, J., Dave, R., Chatterjee, P., Graham-Allen, I.,
Esterline, A., & Roy, K. (2020). An Investigation of
Biometric Authentication in the Healthcare
Environment. In Array (Vol. 8, p. 100042). Elsevier BV.
https://doi.org/10.1016/j.array.2020.100042
155. Dhamija, D., & Dhamija, A. (2022). A Secure and
Reliable Architecture for User Authentication Through
OTP in Mobile Payment System. In Algorithms for
Intelligent Systems (pp. 95–109). Springer Singapore.
https://doi.org/10.1007/978-981-16-5747-4_9
156. Sturgess, J., Eberz, S., Sluganovic, I., & Martinovic, I.
(2022). WatchAuth: User Authentication and Intent
Recognition in Mobile Payments using a Smartwatch
(Version 2). arXiv.
https://doi.org/10.48550/ARXIV.2202.01736
26

13