Professional Documents
Culture Documents
Authentication and Authorization For Mobile IoT de
Authentication and Authorization For Mobile IoT de
net/publication/330700812
CITATIONS READS
0 598
3 authors:
Abdelouahid Derhab
King Saud University
160 PUBLICATIONS 4,621 CITATIONS
SEE PROFILE
All content following this page was uploaded by Leandros Maglaras on 29 January 2019.
Data
Data
Data
Data
Data
Data
Data
Data
0
0
0
Edge computing
development and deployment on a large scale, including human
physiological (e.g., face, eyes, fingerprints-palm, or electrocar- 0
Data
Data
0
Edge
Request
methods used by authentication and authorization schemes for
Data
mobile IoT devices are provided. Threat models and countermea- Result
Data
Data
streams in the edge
IoT devices are also presented. More specifically, We analyze the 0
environment
Data
I. I NTRODUCTION AP 5G
Server 1
1b2 Users accessing
remote servers via IoT
devices
Biometric identification enables end-users to use physical Internet
.
Server 2
.
attributes instead of passwords or PINs as a secure method .
Server n
Reference Deployment Scope Focus Biomtetric Area Threat models Countermeasures ML and DM
Gafurov (2007) [4] Not mobile Gait recognition No No No
Revett et al. (2008) [5] Not mobile Mouse dynamics No No No
Yampolskiy and Govindaraju (2008) [6] Not mobile Behavioral-based No No No
Shanmugapriya and Padmavathi (2009) [7] Not mobile Keystroke dynamics No No Yes
Karnan et al. (2011) [8] Not mobile Keystroke dynamics No No Yes
Banerjee and Woodard (2012) [9] Not mobile Keystroke dynamics No No Yes
Teh et al. (2013) [10] Not mobile Keystroke dynamics No No Yes
Bhatt et al. (2013) [11] Not mobile Keystroke dynamics No No Yes
Meng et al. (2015) [12] Mobile device All Yes Yes Partial
Teh et al. (2016) [13] Mobile device Touch dynamics No No Yes
Mahfouz et al. (2017) [14] Smartphone behavioral-based No No Yes
Mahadi et al. (2018) [15] Not mobile behavioral-based No No Yes
Sundararajan and Woodard (2018) [16] Not mobile All No No Yes
Rattani and Derakhshani (2018) [17] Mobile device Face recognition Yes Yes Yes
Our survey Mobile IoT device All Yes Yes Yes
ML and DM: Machine learning (ML) and data mining (DM) algorithms
terms of privacy and privacy protection and secure access. data mining algorithms used by authentication and autho-
Mobile devices are nowadays an essential part of our every- rization schemes for mobile IoT devices. In Section IV, we
day life, as they are used for a variety of mobile applications. provide the new trends of biometric technologies including
Performing biometric authentication through mobile devices human physiological (e.g., face, eyes, fingerprints-palm, and
can provide a stronger mechanism for identity verification electrocardiogram) and behavioral (e.g., signature, voice, gait,
as the two authentication factors: "something you have" and or keystroke). In Section V, we clearly highlight the pros and
"something you are" are combined. Several solutions that in- cons of the existing authentication and authorization schemes
clude multi-biometric and behavioral authentication platforms for mobile IoT devices. Then, we discuss the challenges and
for telecom carriers, banks and other industries were recently suggest future research directions in both Section VI and VI.
introduced [19]. Lastly, Section VIII presents conclusions.
In the literature, many authentication schemes based on bio-
features models for mobile IoT devices have been proposed. II. R ELATED SURVEYS ON BIOMETRIC AUTHENTICATION
As shown in Figure I, the schemes can perform two differ- In the literature, there are different related surveys that
ent authentication operations: they either (a) authenticate the deal with user authentication. Although some of them covered
users to access the mobile devices, or (b) authenticate the different authentication methods [20], [21], [22], but we only
users to access remotes servers through mobile devices. The consider those that were fully dedicated for biometric authen-
main challenges that are facing biometric-based authentication tication. We classify the surveys according to the following
schemes are: (1) how to design an authentication mechanism criteria:
that is free from vulnerabilities, which can be exploited by • Deployment Scope: It indicate whether the authentication
adversaries to make illegal accesses, and (2) how to ensure that scheme is deployed on mobile devices or not.
the user’s biometric reference templates are not compromised • Focus biometric area: It indicates whether the survey
by a hacker at the device-level or the remote server-level. focused on all/specific biometric features.
Our contributions in this work are: • Threat models: It indicates whether the survey considered
• We classify the related surveys according to several cri- the threats against the authentication schemes.
teria, including, deployment Scope, focus biometric area, • Countermeasures: It indicates whether the survey focused
threat models, countermeasures, and ML/DM algorithms. considered the countermeasures to defend the authentica-
• We present the machine learning and data mining meth- tion schemes.
ods used by authentication and authorization schemes • Machine learning (ML) and data mining (DM) algo-
for mobile IoT devices, including, unsupervised, semi- rithms: It indicates whether the survey mentions for
supervised, and supervised approaches. each solution the used machine learning or data mining
• We present all the Bio-features used by authentication method.
and authorization schemes for mobile IoT devices. Some surveys described the authentication schemes that
• We provide a comprehensive analysis and qualitative only consider specific bio-features. For instance, the surveys
comparison of the existing authentication and authoriza- [7], [8], [9], [11], [10] only focused on the keystroke dynamics.
tion schemes for mobile IoT devices. On the other hand, Gafurov [4] presented biometric gait recog-
• We emphasize the challenges and open issues of authenti- nition systems. Revett et al. [5] surveyed biometric authenti-
cation and authorization schemes for mobile IoT devices. cation systems that rely on mouse movements. Yampolskiy
The rest of this paper is organized as follows. Section and Govindaraju [6] presented a a comprehensive study on
II gives the related surveys on biometric authentication. In behavioral biometrics. Mahadi et al. [15] surveyed behavioral-
Section III, we present the different machine learning and based biometric user authentication, and determined the set of
best classifiers for behavioral-based biometric authentication. TABLE II
Sundararajan and Woodard [16] surveyed different 100 ap- M ACHINE LEARNING AND DATA MINING METHODS USED BY
AUTHENTICATION AND AUTHORIZATION SCHEMES FOR MOBILE I OT
proaches that leveraged deep learning and various biometric DEVICES
modalities to identify users. Teh et al. [13] presented different Machine learning and data mining methods Schemes
authentication solutions that rely on touch dynamics in mobile
Agglomerative complete link clustering ap- [23]
devices. Rattani and Derakhshani [17] provided the state-of- proach
the-art related to face biometric authentication schemes that Support vector distribution estimation [24] [25]
are designed for mobile devices. They also discussed the Gaussian mixture model [26]
spoof attacks that target mobile face biometrics as well as Embedded hidden Markov model [26]
the anti-spoofing methods. Mahfouz et al. [14] surveyed the k-nearest-neighbors (kNN) [25] [27] [28] [29] [30]
behavioral biometric authentication schemes that are applied Support-vector machine (SVM) [25] [31] [32] [33] [34] [35] [36]
on smartphones. Meng et al. [12] surveys the authentication [27] [28] [37] [38] [39] [30]
frameworks using biometric user on mobile phones. They A computation efficient statistical classifier [40]
identified eight potential attack against these authentication Deep learning [41] [42] [43] [44] [45]
systems along with promising countermeasures. Our survey Local binary patterns algorithm [46]
and [12] both focus on authentication schemes that are de- Mel frequency cepstral coefficients [47]
signed for mobile device, and consider all the biometric Pupillary light reflex [48]
features, and deal with threat models and countermeasures. Euclidean distance, hamming distance [49]
However, [12] do not give information related to the used Deep convolutional neural network [32] [50] [51] [52]
machine learning or data mining method of all the surveyed Genetic algorithm [53]
solutions. In addition, [12] only covers papers up to 2014, Artificial neural network (ANN) [36]
whereas the coverage of our survey is up to 2018. To the best Gauss-newton based neural network [54]
of our knowledge, this work is the first that thoroughly covers Radial integration transform [55]
threats, models, countermeasures, and the machine learning Weibull distribution [56]
algorithms of the biometric authentication schemes. Online learning algorithms [57]
Counter-Propagation Artificial Neural Net- [36]
III. M ACHINE LEARNING AND DATA MINING ALGORITHMS work (CPANN)
Random Forest (RF) [58]
In this section, we lists the different machine learning and
data mining algorithms used by biometric-based authentication Neural Network (NN) [59] [28] [29]
rbf-kernel. The study [27] combines three classifiers, namely, Electrocardiogram [71] [72]
the kNN algorithm, support vector machines, and decision Voice recognition [26] [35] [73] [45]
trees. The study [28] combines three models, including, 1) Signature recognition [24]
for teeth authentication. For the voice authentication on mobile Palm dorsal vein [95]
IoT devices, the study use pitch and mel-frequency cepstral Hand geometry [95]
2007 Clarke and - Keystroke - Introducing the concept - Sony Ericsson T68; + Keystroke latency Low
Furnell [96] analysis of advanced user authenti- - HP IPAQ H5550; - Process of continuous and non-intrusive authen-
cation tication
2007 Clarke and - Keystroke - Enable continuous and - Nokia 5110 + GRNN has the largest spread of performances High
Furnell [97] analysis transparent identity verifica- - The threat model is not defined
tion
2008 Khan et al. - Fingerprint - Introducing the chaotic - N/A + Can prevent from server spoofing attack Low
[77] hash-based fingerprint - The proposed scheme is not tested on mobile
devices
2010 Li and Hwang - Smart card - Providing the non- - N/A + Can prevent from parallel session attacks 10TH
[83] repudiation - Storage costs are not considered
2011 Xi et al. [78] - Fingerprint - Providing the authentica- - Mobile device with + Secure the genuine biometric feature at FAR=0.1% ,
tion using bio-cryptographic Java Platform - Server-side attack is not considered GAR=78.69%
2012 Chen et al. [79] - Fingerprint - Using only hashing func- - N/A + Solve asynchronous problem 7TH
tions - Privacy-preserving is not considered
2013 Frank et al. - Touchscreen - Providing a behavioral - Google Nexus One + Sufficient to authenticate a user 11 to 12 strokes,
[25] biometric for continuous au- - Not applicable for long-term authentication EER=2%–3%
thentication
2014 Khan et al. - Fingerprint - Improve the Chen et al.’s - N/A + Quick wrong password detection 18T H
[80] scheme - Location privacy is not considered
2015 Hoang et al. - Gait recogni- - Employing a fuzzy com- - Google Nexus One + Efficient against brute force attacks Low
[74] tion mitment scheme - Privacy model is not defined
2016 Arteaga- - Electrocar- - Introducing the concept - AliveCor + Concealing the biometric features during authen- TAR=81.82%
Falconi et al. diogram of electrocardiogram-based tication and FAR=1.41%
[71] authentication - Privacy model is not considered.
2017 Abate et al. - Ear Shape - Implicitly authenticate the - Samsung Galaxy S4 + Implicit authentication EER=1%–1.13%
[46] person authentication smartphone - Process of continuous and non-intrusive authen-
tication
2017 Khamis et al. - Gaze and - Protect multimodal and - N/A + Secure against the side attack model and the SSR =
[70] Touch authorization on mobile IoT iterative attack model 68% to 10.4%
devices - Vulnerable to video attacks
2017 Feng et al. [85] - Fingerprints - Introduced a biometrics- - Google Nexus One + Anonymity and unlinkability C1 = 8T E mul +
or iris scans based authentication with - Interest privacy in not considered 24TH
key distribution
2017 Ghosh et al. - Fingerprint - Proposing a near-field - N/A + Authentication and authorization for P2P pay- High
[81] communication with bio- ment
metric authentication - Threat model is not defined
2017 Mishra et al. - Biometric - Removing the drawback of - N/A + Efficient password change C1 = 8TH +
[98] identifier the Li et al. scheme [99] + Off-line password guessing T E e nc/d e c +
- Location privacy in not considered 2T E mul
2018 Li et al. [82] - Fingerprint - Introduced three-factor au- - N/A + Quickly detection for wrong password C1 = 9T E mul +
thentication using finger- + Traceability of mobile user 2Te + 20TH
print identification - Backward privacy is not considered
2018 Yeh et al. [94] - Plantar bio- - Introduced critical charac- - Raspberry PI plat- + High verification accuracy RV =
metrics teristics of new biometrics form - Threat model is not defined 83, 88% to 99, 60%
2018 Bazrafkan and - Iris - Use deep learning for en- - N/A + The iris segmentation task on mobile IoT devices S A = 99.3%
Corcoran [43] hancing Iris authentication - Privacy preserving is not considered
Notations: TAR: True acceptance rate; FAR: False acceptance rate; FPR: False-positive rate; EER: Equal error rate; GAR: Genuine acceptance rate; TH : Time of executing a
one-way hash function SSR : Shoulder surfing attack rate; C1 : Computational cost of client and server (total); T E mul : Time of executing an elliptic curve point multiplication ;
T E e nc/d e c : Time complexity of symmetric key encryption/decryption; Te : Time of executing a bilinear pairing operation; RV : Accuracy ratio of entity verification; S A:
Segmentation accuracy.
PINs, and 3) Entry of text messages. The Clarke and Furnell’s is feasible to employ keystroke dynamics on mobile phones
scheme [96] can provide not only transparent authentication of with the statistical classifier for keystroke recognition in order
the user, but it is also efficient in terms of FRR and FAR under to employ it as a password hardening mechanism. In addition,
three types of mobile IoT devices, namely, Sony Ericsson T68, the combination of pressure and time features is proved by
HP IPAQ H5550, and Sony Clie PEG NZ90. To demonstrate Tasia et al. in [40] that is is among the effective solutions for
the ability of neural network classifiers, the same authors in authentication and authorization.
[97] proposed an authentication framework based on mobile The passwords have been widely used by the remote authen-
handset keypads in order to support keystroke analysis. The tication schemes, which they can be easily guessed, hacked,
three pattern recognition approaches used in this framework and cracked. However, to deal with the drawbacks of only-
are, 1) Feed forward multi-layered perceptron network, 2) password-based remote authentication, Khan et al. [77] pro-
Radial basis function network, and 3) Generalised regression posed the concept of chaotic hash-based fingerprint biometrics
neural network. Therefore, Maiorana et al. [23] proved that it remote user authentication scheme. Theoretically, the scheme
TABLE V
T HREAT MODELS AND COUNTERMEASURES
[77] can prevent from fives attacks, namely, parallel session mobile IoT devices. To classify users, Meng et al.’s scheme
attack, reflection attack, Forgery attack, impersonation attack, performs an experiment with 20 users using Android touch-
DoS attack, and server spoofing attack, but it is not tested on screen phones and applies known machine learning algorithms
mobile devices and may be vulnerable to biometric template (e.g. Decision Tree, Naive Bayes). Through simulations, the
attacks. results show that Meng et al.’s scheme succeeds to reduce the
In order to avoid the biometric template attack, Xi et al. [78] average error rate down to 2.92% (FAR of 2.5% and FRR of
proposed an idea based on the transformation of the locally 3.34%). The question we ask here: is it possible to use the
matched fuzzy vault index to the central server for biometric multi-touch as an authentication mechanism? Sae-Bae et al.
authentication using the public key infrastructure. Compared [86] in 2012, introduced an authentication approach based on
to [100], [77], and [78], Chen et al. [79] proposed an idea that multi-touch gestures using an application on the iPad with
uses only hashing functions on fingerprint biometric remote version 3.2 of iOS. Compared with Meng et al.’s scheme
authentication scheme to solve the asynchronous problem on [101], Sae-Bae et al.’s approach is efficient with 10% EER
mobile devices. In 2014, Khan et al. [80] improved the Chen on average for single gestures, and 5% EER on average for
et al.’s scheme and Truong et al.’s scheme with quick wrong double gestures. Similar to Sae-Bae et al.’s approach [86],
password detection, but location privacy is not considered. Feng et al. [102] proposed an authentication and authorization
scheme using multi-touch gesture for mobile IoT devices,
Biometric keys have some advantages, namely, 1) cannot
named FAST, that incurs FAR=4.66% and FRR= 0.13% for
be lost, 2) very difficult to copy, 3) hard to distribute, and
the continuous post-login user authentication. In addition, the
4) cannot be easily guessed. In 2010, Li and Hwang [83]
FAST scheme can provide a good post-login access security,
proposed a biometric-based remote user authentication scheme
but the threat model is very limited and privacy-preservation
using smart cards, in order to provide non-repudiation. With-
is not considered.
out using identity tables and storing password tables in the
authentication system, Li and Hwang’s scheme [83] can resist Arteaga-Falconi et al. [71] introduced the concept of authen-
masquerading attacks, replay attacks, and parallel session tication and authorization using electrocardiogram for mobile
attacks. Authors did not specify the application environment IoT devices. Specifically, the authors considered five factors,
of their scheme, but it can be applied to mobile IoT devices namely, the number of electrodes, quality of mobile ECG
as the network model is not too complicated. Note that Li and sensors, time required to gain access to the phone, FAR, and
Hwang’s scheme was cryptanalyzed for several times. TAR. Before applying the ECG authentication algorithm, the
Touch dynamics for user authentication are initialed on preprocessing stages for the ECG signal pass by the fiducial
desktop machines and finger identification applications. In point detection. The ECG authentication algorithms is based
2012, Meng et al. [101] focused on authentication and au- on two aspects: 1) employing feature-specific percentage of
thorization using user behavioral bio-features such as touch tolerance and 2) employing of a hierarchical validation frame-
duration and touch direction. Specifically, they proposed an au- work. The results reveal that the algorithm [71] has 1.41%
thentication scheme that uses touch dynamics on touchscreen FAR and 81.82% TAR with 4s of signal acquisition. Note
that ECG signals from mobile IoT devices may be affected verify the user’s identity. Adversarial machine learning aims
by noise due to the type of motion and signal acquisition, to manipulate the input data to exploit specific vulnerabilities
as discussed by Kang et al. [72]. However, the advantage of of the learning algorithms. An adversary using adversarial
using ECG authentication is concealing the biometric features machine learning methods tries to compromise biometric-
during authentication, but it is a serious problem if privacy based authentication schemes and gain illegal access to the
preservation is not considered. system or the mobile device. The future research efforts should
focus on dealing with this kind of threats.
VI. F UTURE D IRECTIONS
Several challenges still remain that opens interesting re- E. Machine learning and blockchain-based authentication
search opportunities for future work, including, doppler radar, The blockchain technology is being used in different ap-
vocal resonance, mobile malware threats, and adversarial ma- plication domains beyond the cryptocurrencies, e.g., SDN,
chine learning. Internet of Things, Fog computing, etc.[107]. To developing a
machine learning and blockchain-based solution for authenti-
A. Doppler radar cating mobile IoT devices, we have to take in mind the specific
requirements of the blockchain, e.g., 1) when IoT data needed
A team of researchers at Buffalo University, led by Wenyao
to be checked by the IoT entities without any central authority,
Xu, developed a system that exploits a Doppler radar capable
2) the ledger copies are required to be synchronized across
of "reading" the human heart! It works roughly like any other
all of the IoT entities · etc. In addition, the vulnerabilities of
radar, emitting microwaves and analyzing the return signal in
the peer-to-peer blockchain networks during the authentication
order to detect changes in motion [103]. As scientists say,
need to be considered, including, private key leakage, double
the process of identifying a person through the method takes
spending, transaction privacy leakage, 51% vulnerability, and
about eight seconds, and radar power is just 5 milliwatts -
selfish and reputation-based behaviors. Hence, the machine
which means that radiation is not dangerous to the body. This
learning-based authentication schemes using the blockchain
method can be a basis for future biometric systems that can
technology should be investigated in the future.
be fast, efficient and recognize unique characteristics of the
human body.
F. Developing a novel authentication scheme
B. Vocal Resonance For developing a novel authentication scheme for mobile
In [104], the authors proposed using vocal resonance, that IoT devices using bio-features, we propose the following six-
is, the sound of the person’s voice as it travels through the step process:
person’s body. Vocal resonance can be used as a passive bio- 1) Definition of IoT network components (Cloud comput-
metric, and it achieves high accuracy in terms of identification ing, Fog computing, IoT devices, ...etc),
and verification problems. It is a method that is suitable for 2) Choose the threat models (e.g., iterative attacks, shoulder
devices worn on the chest, neck, or initially but could also be surfing attacks, thermal attacks, smudge attacks, eaves-
used in the near future for recognizing any device that a user dropping attacks),
posses. 3) Choose the bio-features (e.g., face, eyes, fingerprints-
palm, electrocardiogram, signature, voice, gait,
keystroke, ...etc).
C. Mobile malware threats against biometric reference tem-
4) Choose the machine learning and data mining methods
plate
(unsupervised, semi-supervised, or supervised),
In 2016 [105], [106], an Android malware succeeded in 5) Proposition of the main steps (e.g., Enrollment steps,
bypassing the two-factor authentication scheme of many bank- Classifier building step, and user authentication step),
ing mobile applications that are installed on the user’s mobile 6) Evaluate the scheme’s performance using classification
device. The malware can intercept two-factor authentication metrics, including, TAR, FAR, FPR, EER,...etc.
code (i.e., verification code sent through SMS), and forward
it the attacker. In case of biometric-based authentication, this VII. D ISCUSSION
threat can be evolved to access the biometric reference tem-
plate, which are stored at the mobile device, and send it to the There is a big discussion regarding the use of biometric
attacker. One research direction to prevent this kind of attacks characteristics of the users from new systems or technologies.
is to employ policy-enforcement access control mechanisms Biometric technology can be used to protect privacy, since
that are appropriate for resource-constrained mobile devices. only a minimum amount of information is required to deter-
mine whether someone is authorized, for example, to enter a
specific area. On the other hand, since biometrics can reveal
D. Adversarial machine learning against biometric-based au- sensitive information about a person, controlling the usafe of
thentication schemes information may be tricky, especially now that the technology
Some biometric-based authentication mechanisms, and es- has reached the stage of being applied in mobile devices which
pecially behavioral-based ones, use machine learning tech- can be easily lost or stolen [108]. Those who are against
niques for extracting features and building a classifier to the use of such features raise concerns about how these data
are going to be used. These concerns could be mitigated by [3] D. Springall, T. Finkenauer, Z. Durumeric, J. Kitcat, H. Hursti,
making clear to people that their data is only stored for a M. MacAlpine, and J. A. Halderman, “Security analysis of the estonian
internet voting system,” in Proceedings of the 2014 ACM SIGSAC
limited time, and explaining who will process this data and Conference on Computer and Communications Security. ACM, 2014,
for what purposes [109]. To that sense, the General Data pp. 703–715.
Protection Regulation (GDPR) for European Member States [4] D. Gafurov, “A survey of biometric gait recognition: Approaches,
security and challenges,” in Annual Norwegian computer science
addresses biometric data storage and processes in terms of data conference, 2007, pp. 19–21.
protection and privacy. EU countries are affected including [5] K. Revett, H. Jahankhani, S. T. de Magalhães, and H. M. Santos, “A
the UK and all companies that store or process data of EU survey of user authentication based on mouse dynamics,” in Global
E-Security. Springer, 2008, pp. 210–219.
citizens. On the other hand, in the United States, there is no [6] R. V. Yampolskiy and V. Govindaraju, “Behavioural biometrics: a
single comprehensive federal law regulating the collection and survey and classification,” International Journal of Biometrics, vol. 1,
processing of biometric data. Only three states Washington, no. 1, pp. 81–113, 2008.
[7] D. Shanmugapriya and G. Padmavathi, “A survey of biometric
Texas, and Illinois, which have a biometric privacy law in keystroke dynamics: Approaches, security and challenges,” arXiv
spite that US regulators are also increasingly focusing on preprint arXiv:0910.0817, 2009.
the protection of biometric data. Moreover, In August 2017, [8] M. Karnan, M. Akila, and N. Krishnaraj, “Biometric personal authen-
tication using keystroke dynamics: A review,” Applied soft computing,
India’s supreme court decision about a landmark case that vol. 11, no. 2, pp. 1565–1573, 2011.
named privacy a "fundamental right"showcased that biometric [9] S. P. Banerjee and D. L. Woodard, “Biometric authentication and
data protection is top on regulators’ agenda. identification using keystroke dynamics: A survey,” Journal of Pattern
Recognition Research, vol. 7, no. 1, pp. 116–139, 2012.
Except from data use issues, general terms such as
[10] P. S. Teh, A. B. J. Teoh, and S. Yue, “A survey of keystroke dynamics
computer f ear and technophobia also provide established biometrics,” The Scientific World Journal, vol. 2013, 2013.
accounts of individuals resistance to use new and unfamiliar [11] S. Bhatt and T. Santhanam, “Keystroke dynamics for biometric authen-
information technologies, especially for elder people [110]. ticationâĂŤa survey.”
[12] W. Meng, D. S. Wong, S. Furnell, and J. Zhou, “Surveying the
Moving one step further, companies that produce applications Development of Biometric User Authentication on Mobile Phones,”
or methods that use biometric characteristics must comply with IEEE Commun. Surv. Tutorials, vol. 17, no. 3, pp. 1268–1293, jan
a code of ethics or a consistent legal framework governing this 2015.
[13] P. S. Teh, N. Zhang, A. B. J. Teoh, and K. Chen, “A survey on touch
kind of data collection which is still absent. For that reason dynamics authentication in mobile devices,” Comput. Secur., vol. 59,
IEEE P7000, is the first standard IEEE is ever going to publish pp. 210–235, jun 2016.
on ethical issues in system design in the next couple of years [14] A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, “A survey on behav-
ioral biometric authentication on smartphones,” Journal of Information
[111]. Security and Applications, vol. 37, pp. 28–37, 2017.
[15] N. A. Mahadi, M. A. Mohamed, A. I. Mohamad, M. Makhtar, M. F. A.
Kadir, and M. Mamat, “A survey of machine learning techniques for
VIII. C ONCLUSION behavioral-based biometric user authentication,” in Recent Advances in
Cryptography and Network Security. IntechOpen, 2018.
In this article, we have presented a comprehensive literature [16] K. Sundararajan and D. L. Woodard, “Deep learning for biometrics: A
review, focusing on authentication and authorization for mo- survey,” ACM Computing Surveys (CSUR), vol. 51, no. 3, p. 65, 2018.
[17] A. Rattani and R. Derakhshani, “A survey of mobile face biometrics,”
bile IoT devices using bio-features, which were published be- Computers & Electrical Engineering, vol. 72, pp. 39–52, 2018.
tween 2007 and 2018. We presented the machine learning and [18] R. Sen and S. Borle, “Estimating the contextual risk of data breach:
data mining algorithms used by authentication and authoriza- An empirical approach,” Journal of Management Information Systems,
vol. 32, no. 2, pp. 314–341, 2015.
tion schemes for mobile IoT devices, including, unsupervised, [19] “United biometrics,” http://unitedbiometrics.com/, accessed: 2018-30-
semi-supervised, and supervised approaches. We reviewed 11.
all the Bio-features used by authentication and authorization [20] M. Alizadeh, S. Abolfazli, M. Zamani, S. Baharun, and K. Sakurai,
schemes for mobile IoT devices. We presented the pitfalls “Authentication in mobile cloud computing: A survey,” J. Netw. Com-
put. Appl., vol. 61, pp. 59–80, feb 2016.
and limitations of the existing authentication and authorization [21] M. U. Aslam, A. Derhab, K. Saleem, H. Abbas, M. Orgun, W. Iqbal,
schemes for mobile IoT devices. Several challenging research and B. Aslam, “A survey of authentication schemes in telecare medicine
areas (e.g., doppler radar, vocal resonance, mobile malware information systems,” Journal of medical systems, vol. 41, no. 1, p. 14,
2017.
threats, adversarial machine learning, machine learning and [22] D. Kunda and M. Chishimba, “A survey of android mobile phone
blockchain-based authentication) will open doors for possible authentication schemes,” Mobile Networks and Applications, pp. 1–9,
future research directions for mobile IoT devices. 2018.
[23] E. Maiorana, P. Campisi, N. González-Carballo, and A. Neri,
“Keystroke dynamics authentication for mobile phones,” in Proc. 2011
ACM Symp. Appl. Comput. - SAC ’11. New York, New York, USA:
C ONFLICTS OF I NTEREST ACM Press, 2011, p. 21.
[24] M. Shahzad, A. X. Liu, and A. Samuel, “Behavior Based Human Au-
The authors declare that they have no conflicts of interest. thentication on Touch Screen Devices Using Gestures and Signatures,”
IEEE Trans. Mob. Comput., vol. 16, no. 10, pp. 2726–2741, oct 2017.
[25] M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song, “Touchalytics:
R EFERENCES On the Applicability of Touchscreen Input as a Behavioral Biometric
for Continuous Authentication,” IEEE Trans. Inf. Forensics Secur.,
[1] J. S. del Rio, D. Moctezuma, C. Conde, I. M. de Diego, and E. Cabello, vol. 8, no. 1, pp. 136–148, jan 2013.
“Automated border control e-gates and facial recognition systems,” [26] D.-S. Kim and K.-S. Hong, “Multimodal biometric authentication using
computers & security, vol. 62, pp. 49–72, 2016. teeth image and voice in mobile environment,” IEEE Trans. Consum.
[2] P. Vinkel and R. Krimmer, “The how and why to internet voting Electron., vol. 54, no. 4, pp. 1790–1797, nov 2008.
an attempt to explain e-stonia,” in International Joint Conference on [27] C.-C. Lin, C.-C. Chang, and D. Liang, “A new non-intrusive authen-
Electronic Voting. Springer, 2016, pp. 178–191. tication approach for data protection based on mouse dynamics,” in
Biometrics and Security Technologies (ISBAST), 2012 International system,” Expert Systems with Applications, vol. 42, no. 1, pp. 649–656,
Symposium on. IEEE, 2012, pp. 9–14. 2015.
[28] C. Shen, Z. Cai, and X. Guan, “Continuous authentication for mouse [50] Y. Liu, J. Ling, Z. Liu, J. Shen, and C. Gao, “Finger vein secure
dynamics: A pattern-growth approach,” in Dependable Systems and biometric template generation based on deep learning,” Soft Computing,
Networks (DSN), 2012 42nd Annual IEEE/IFIP International Confer- vol. 22, no. 7, pp. 2257–2265, 2018.
ence on. IEEE, 2012, pp. 1–12. [51] R. Ranjan, S. Sankaranarayanan, A. Bansal, N. Bodla, J.-C. Chen,
[29] H. Jagadeesan and M. S. Hsiao, “A novel approach to design of V. M. Patel, C. D. Castillo, and R. Chellappa, “Deep learning for
user re-authentication systems,” in Biometrics: Theory, Applications, understanding faces: Machines may be just as good, or better, than
and Systems, 2009. BTAS’09. IEEE 3rd International Conference on. humans,” IEEE Signal Processing Magazine, vol. 35, no. 1, pp. 66–83,
IEEE, 2009, pp. 1–6. 2018.
[30] A. Buriro, B. Crispo, and M. Conti, “Answerauth: A bimodal behavioral [52] A. Rattani, N. Reddy, and R. Derakhshani, “Multi-biometric con-
biometric-based user authentication scheme for smartphones,” Journal volutional neural networks for mobile user authentication,” in 2018
of Information Security and Applications, vol. 44, pp. 89–103, 2019. IEEE International Symposium on Technologies for Homeland Security
[31] Z. Sitova, J. Sedenka, Q. Yang, G. Peng, G. Zhou, P. Gasti, and (HST). IEEE, 2018, pp. 1–6.
K. S. Balagani, “HMOG: New Behavioral Biometric Features for [53] A. B. Khalifa, S. Gazzah, and N. E. B. Amara, “Multimodal biometric
Continuous Authentication of Smartphone Users,” IEEE Trans. Inf. authentication using choquet integral and genetic algorithm,” arXiv
Forensics Secur., vol. 11, no. 5, pp. 877–892, may 2016. preprint arXiv:1804.00528, 2018.
[32] S. Sarkar, V. M. Patel, and R. Chellappa, “Deep feature-based face [54] O. Alpar, “Frequency spectrograms for biometric keystroke authentica-
detection on mobile devices,” in 2016 IEEE Int. Conf. Identity, Secur. tion using neural network based classifier,” Knowledge-Based Systems,
Behav. Anal. IEEE, feb 2016, pp. 1–8. vol. 116, pp. 163–171, 2017.
[33] U. Mahbub, V. M. Patel, D. Chandra, B. Barbello, and R. Chellappa, [55] C. Ntantogian, S. Malliaros, and C. Xenakis, “Gaithashing: a two-factor
“Partial face detection for continuous authentication,” in 2016 IEEE authentication scheme based on gait features,” Computers & Security,
Int. Conf. Image Process. IEEE, sep 2016, pp. 2991–2995. vol. 52, pp. 17–32, 2015.
[34] H. Gunasinghe and E. Bertino, “PrivBioMTAuth: Privacy Preserving [56] H. Gamboa, A. Fred, and A. Jain, “Webbiometrics: User verification
Biometrics-Based and User Centric Protocol for User Authentication via web interaction,” in Proceedings of Biometrics Symposium, 2007,
From Mobile Phones,” IEEE Trans. Inf. Forensics Secur., vol. 13, no. 4, pp. 1–6.
pp. 1042–1057, apr 2018. [57] Y. Cai, H. Jiang, D. Chen, and M.-C. Huang, “Online learning clas-
[35] Y. Chen, J. Sun, R. Zhang, and Y. Zhang, “Your song your way: sifier based behavioral biometric authentication,” in 2018 IEEE 15th
Rhythm-based two-factor authentication for multi-touch mobile de- International Conference on Wearable and Implantable Body Sensor
vices,” in 2015 IEEE Conf. Comput. Commun. IEEE, apr 2015, pp. Networks (BSN). IEEE, March 2018, pp. 62–65.
2686–2694. [58] C. Feher, Y. Elovici, R. Moskovitch, L. Rokach, and A. Schclar, “User
[36] S. Mondal and P. Bours, “A study on continuous authentication using identity verification via mouse dynamics,” Information Sciences, vol.
a combination of keystroke and mouse biometrics,” Neurocomputing, 201, pp. 19–36, 2012.
vol. 230, pp. 1–22, 2017.
[59] A. A. Ahmed and I. Traore, “Biometric recognition based on free-text
[37] N. Zheng, A. Paloski, and H. Wang, “An efficient user verification
keystroke dynamics,” IEEE transactions on cybernetics, vol. 44, no. 4,
system via mouse movements,” in Proceedings of the 18th ACM
pp. 458–472, 2014.
conference on Computer and communications security. ACM, 2011,
[60] Y. Sheng, V. V. Phoha, and S. M. Rovnyak, “A parallel decision tree-
pp. 139–150.
based method for user authentication based on keystroke patterns,”
[38] K. O. Bailey, J. S. Okolica, and G. L. Peterson, “User identification and
IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cy-
authentication using multi-modal behavioral biometrics,” Computers &
bernetics), vol. 35, no. 4, pp. 826–833, 2005.
Security, vol. 43, pp. 77–89, 2014.
[39] L. Fridman, A. Stolerman, S. Acharya, P. Brennan, P. Juola, R. Green- [61] H. J. Patel, M. A. Temple, and R. O. Baldwin, “Improving zigbee
stadt, and M. Kam, “Multi-modal decision fusion for continuous device network authentication using ensemble decision tree classifiers
authentication,” Computers & Electrical Engineering, vol. 41, pp. 142– with radio frequency distinct native attribute fingerprinting,” IEEE
156, 2015. Transactions on Reliability, vol. 64, no. 1, pp. 221–233, 2015.
[40] C.-J. Tasia, T.-Y. Chang, P.-C. Cheng, and J.-H. Lin, “Two novel [62] A. Kumar, M. Hanmandlu, and H. Gupta, “Fuzzy binary decision tree
biometric features in keystroke dynamics authentication systems for for biometric based personal authentication,” Neurocomputing, vol. 99,
touch screen devices,” Secur. Commun. Networks, vol. 7, no. 4, pp. pp. 87–97, 2013.
750–758, apr 2014. [63] Y. Nakkabi, I. Traoré, and A. A. E. Ahmed, “Improving mouse dy-
[41] A. Ferdowsi and W. Saad, “Deep learning-based dynamic watermarking namics biometric performance using variance reduction via extractors
for secure signal authentication in the internet of things,” in 2018 IEEE with separate features,” IEEE Transactions on Systems, Man, and
International Conference on Communications (ICC). IEEE, 2018, pp. Cybernetics-Part A: Systems and Humans, vol. 40, no. 6, pp. 1345–
1–6. 1353, 2010.
[42] R. Das, A. Gadre, S. Zhang, S. Kumar, and J. M. Moura, “A deep [64] I. Traore, I. Woungang, M. S. Obaidat, Y. Nakkabi, and I. Lai,
learning approach to iot authentication,” in 2018 IEEE International “Combining mouse and keystroke dynamics biometrics for risk-based
Conference on Communications (ICC). IEEE, 2018, pp. 1–6. authentication in web environments,” in Digital Home (ICDH), 2012
[43] S. Bazrafkan and P. Corcoran, “Enhancing iris authentication on hand- Fourth International Conference on. IEEE, 2012, pp. 138–145.
held devices using deep learning derived segmentation techniques,” in [65] S. H. Khan, M. A. Akbar, F. Shahzad, M. Farooq, and Z. Khan, “Secure
2018 IEEE Int. Conf. Consum. Electron. IEEE, jan 2018, pp. 1–2. biometric template generation for multi-factor authentication,” Pattern
[44] B. Bayar and M. C. Stamm, “A deep learning approach to universal Recognition, vol. 48, no. 2, pp. 458–472, 2015.
image manipulation detection using a new convolutional layer,” in [66] W. Louis, M. Komeili, and D. Hatzinakos, “Continuous authentication
Proceedings of the 4th ACM Workshop on Information Hiding and using one-dimensional multi-resolution local binary patterns (1dmrlbp)
Multimedia Security. ACM, 2016, pp. 5–10. in ecg biometrics,” IEEE Transactions on Information Forensics and
[45] M. Alhussein and G. Muhammad, “Voice pathology detection using Security, vol. 11, no. 12, pp. 2818–2832, 2016.
deep learning on mobile healthcare framework,” IEEE Access, vol. 6, [67] Y.-P. Liao and C.-M. Hsiao, “A novel multi-server remote user au-
pp. 41 034–41 041, 2018. thentication scheme using self-certified public keys for mobile clients,”
[46] A. F. Abate, M. Nappi, and S. Ricciardi, “I-Am: Implicitly Authenticate Futur. Gener. Comput. Syst., vol. 29, no. 3, pp. 886–900, mar 2013.
Me Person Authentication on Mobile Devices Through Ear Shape and [68] M. Khamis, F. Alt, M. Hassib, E. von Zezschwitz, R. Hasholzner, and
Arm Gesture,” IEEE Trans. Syst. Man, Cybern. Syst., pp. 1–13, 2017. A. Bulling, “GazeTouchPass,” in Proc. 2016 CHI Conf. Ext. Abstr.
[47] Z. Yan and S. Zhao, “A usable authentication system based on personal Hum. Factors Comput. Syst. - CHI EA ’16. New York, New York,
voice challenge,” in Advanced Cloud and Big Data (CBD), 2016 USA: ACM Press, 2016, pp. 2156–2164.
International Conference on. IEEE, 2016, pp. 194–199. [69] M. Khamis, R. Hasholzner, A. Bulling, and F. Alt, “GTmoPass,” in
[48] V. Yano, A. Zimmer, and L. L. Ling, “Extraction and application of Proc. 6th ACM Int. Symp. Pervasive Displays - PerDis ’17. New
dynamic pupillometry features for biometric authentication,” Measure- York, New York, USA: ACM Press, 2017, pp. 1–9.
ment, vol. 63, pp. 41–48, 2015. [70] M. Khamis, M. Hassib, E. von Zezschwitz, A. Bulling, and F. Alt,
[49] K. Annapurani, M. Sadiq, and C. Malathy, “Fusion of shape of the ear “GazeTouchPIN: protecting sensitive data on mobile devices using
and tragus–a unique feature extraction method for ear authentication secure multimodal authentication,” in Proc. 19th ACM Int. Conf.
Multimodal Interact. - ICMI 2017. New York, New York, USA: ACM [93] C. Holz, S. Buthpitiya, and M. Knaust, “Bodyprint: Biometric user
Press, 2017, pp. 446–450. identification on mobile devices using the capacitive touchscreen to
[71] J. S. Arteaga-Falconi, H. Al Osman, and A. El Saddik, “ECG Au- scan body part,” in Proc. 33rd Annu. ACM Conf. Hum. Factors Comput.
thentication for Mobile Devices,” IEEE Trans. Instrum. Meas., vol. 65, Syst. - CHI ’15. New York, New York, USA: ACM Press, 2015, pp.
no. 3, pp. 591–600, mar 2016. 3011–3014.
[72] S. J. Kang, S. Y. Lee, H. I. Cho, and H. Park, “ECG Authentication [94] K.-H. Yeh, C. Su, W. Chiu, and L. Zhou, “I Walk, Therefore I
System Design Based on Signal Analysis in Mobile and Wearable Am: Continuous User Authentication with Plantar Biometrics,” IEEE
Devices,” IEEE Signal Process. Lett., vol. 23, no. 6, pp. 805–808, jun Commun. Mag., vol. 56, no. 2, pp. 150–157, feb 2018.
2016. [95] P. Gupta and P. Gupta, “Multibiometric authentication system using
[73] Z. Ali, M. S. Hossain, G. Muhammad, I. Ullah, H. Abachi, and slap fingerprints, palm dorsal vein, and hand geometry,” IEEE Trans-
A. Alamri, “Edge-centric multimodal authentication system using en- actions on Industrial Electronics, vol. 65, no. 12, pp. 9777–9784, 2018.
crypted biometric templates,” Future Generation Computer Systems, [96] N. Clarke and S. Furnell, “Advanced user authentication for mobile
vol. 85, pp. 76–87, 2018. devices,” Comput. Secur., vol. 26, no. 2, pp. 109–119, mar 2007.
[74] T. Hoang, D. Choi, and T. Nguyen, “Gait authentication on mobile [97] N. L. Clarke and S. M. Furnell, “Authenticating mobile phone users
phone using biometric cryptosystem and fuzzy commitment scheme,” using keystroke analysis,” Int. J. Inf. Secur., vol. 6, no. 1, pp. 1–14,
Int. J. Inf. Secur., vol. 14, no. 6, pp. 549–560, nov 2015. dec 2006.
[75] Y. Yang and J. Sun, “Energy-efficient W-layer for behavior-based [98] D. Mishra, S. Kumari, M. K. Khan, and S. Mukhopadhyay, “An
implicit authentication on mobile devices,” in IEEE INFOCOM 2017 anonymous biometric-based remote user-authenticated key agreement
- IEEE Conf. Comput. Commun. IEEE, may 2017, pp. 1–9. scheme for multimedia systems,” Int. J. Commun. Syst., vol. 30, no. 1,
[76] S.-s. Hwang, S. Cho, and S. Park, “Keystroke dynamics-based authenti- p. e2946, jan 2017.
cation for mobile devices,” Comput. Secur., vol. 28, no. 1-2, pp. 85–93, [99] X. Li, J. Niu, M. K. Khan, J. Liao, and X. Zhao, “Robust three-factor
feb 2009. remote user authentication scheme with key agreement for multimedia
[77] M. K. Khan, J. Zhang, and X. Wang, “Chaotic hash-based fingerprint systems,” Security and Communication Networks, vol. 9, no. 13, pp.
biometric remote user authentication scheme on mobile devices,” 1916–1927, 2016.
Chaos, Solitons & Fractals, vol. 35, no. 3, pp. 519–524, feb 2008. [100] Hyun-A Park, Jong Wook Hong, Jae Hyun Park, J. Zhan, and Dong
[78] K. Xi, T. Ahmad, F. Han, and J. Hu, “A fingerprint based bio- Hoon Lee, “Combined Authentication-Based Multilevel Access Con-
cryptographic security protocol designed for client/server authentica- trol in Mobile Application for DailyLifeService,” IEEE Trans. Mob.
tion in mobile computing environment,” Secur. Commun. Networks, Comput., vol. 9, no. 6, pp. 824–837, jun 2010.
vol. 4, no. 5, pp. 487–499, may 2011. [101] Y. Meng, D. S. Wong, R. Schlegel, and L.-f. Kwok, “Touch Ges-
[79] C.-L. Chen, C.-C. Lee, and C.-Y. Hsu, “Mobile device integration of a tures Based Biometric Authentication Scheme for Touchscreen Mobile
fingerprint biometric remote authentication scheme,” Int. J. Commun. Phones,” in Int. Conf. Inf. Secur. Cryptol. Springer, Berlin, Heidelberg,
Syst., vol. 25, no. 5, pp. 585–597, may 2012. 2013, pp. 331–350.
[102] T. Feng, Z. Liu, K.-A. Kwon, W. Shi, B. Carbunar, Y. Jiang, and
[80] M. K. Khan, S. Kumari, and M. K. Gupta, “More efficient key-hash
N. Nguyen, “Continuous mobile authentication using touchscreen ges-
based fingerprint remote authentication scheme using mobile device,”
tures,” in 2012 IEEE Conf. Technol. Homel. Secur. IEEE, nov 2012,
Computing, vol. 96, no. 9, pp. 793–816, sep 2014.
pp. 451–456.
[81] S. Ghosh, A. Majumder, J. Goswami, A. Kumar, S. P. Mohanty, and
[103] F. Lin, C. Song, Y. Zhuang, W. Xu, C. Li, and K. Ren, “Cardiac scan:
B. K. Bhattacharyya, “Swing-Pay: One Card Meets All User Payment
A non-contact and continuous heart-based user authentication system,”
and Identity Needs: A Digital Card Module using NFC and Biometric
in Proceedings of the 23rd Annual International Conference on Mobile
Authentication for Peer-to-Peer Payment,” IEEE Consum. Electron.
Computing and Networking. ACM, 2017, pp. 315–328.
Mag., vol. 6, no. 1, pp. 82–93, jan 2017.
[104] R. Liu, C. Cornelius, R. Rawassizadeh, R. Peterson, and D. Kotz,
[82] X. Li, J. Niu, S. Kumari, F. Wu, and K.-K. R. Choo, “A robust bio-
“Vocal resonance: Using internal body voice for wearable authenti-
metrics based three-factor authentication scheme for Global Mobility
cation,” Proceedings of the ACM on Interactive, Mobile, Wearable and
Networks in smart city,” Futur. Gener. Comput. Syst., vol. 83, pp. 607–
Ubiquitous Technologies, vol. 2, no. 1, p. 19, 2018.
618, jun 2018.
[105] “Android malware defeats two-factor authentica-
[83] C.-T. Li and M.-S. Hwang, “An efficient biometrics-based remote user tion,” https://www.welivesecurity.com/2016/03/09/
authentication scheme using smart cards,” J. Netw. Comput. Appl., android-trojan-targets-online-banking-users/, accessed: 2018-03-
vol. 33, no. 1, pp. 1–5, jan 2010. 11.
[84] D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu, “A strong user [106] “Android banking trojan masquerades as flash player
authentication scheme with smart cards for wireless communications,” and bypasses 2fa,” https://thestack.com/security/2016/01/18/
Comput. Commun., vol. 34, no. 3, pp. 367–374, mar 2011. android-malware-defeats-two-factor-authentication/, accessed: 2018-
[85] Q. Feng, D. He, S. Zeadally, and H. Wang, “Anonymous biometrics- 03-11.
based authentication scheme with key distribution for mobile multi- [107] M. A. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L. Maglaras,
server environment,” Futur. Gener. Comput. Syst., aug 2017. and H. Janicke, “Blockchain technologies for the internet of things:
[86] N. Sae-Bae, K. Ahmed, K. Isbister, and N. Memon, “Biometric-rich Research issues and challenges,” IEEE Internet of Things Journal,
gestures,” in Proc. 2012 ACM Annu. Conf. Hum. Factors Comput. Syst. 2018.
- CHI ’12. New York, New York, USA: ACM Press, 2012, p. 977. [108] L. Royakkers, J. Timmer, L. Kool, and R. van Est, “Societal and ethical
[87] J. Sun, R. Zhang, J. Zhang, and Y. Zhang, “TouchIn: Sightless two- issues of digitization,” Ethics and Information Technology, vol. 20,
factor authentication on multi-touch mobile devices,” in 2014 IEEE no. 2, pp. 127–142, 2018.
Conf. Commun. Netw. Secur. IEEE, oct 2014, pp. 436–444. [109] A.-M. Oostveen, “Non-use of automated border control systems: iden-
[88] T.-Y. Chang, C.-J. Tsai, and J.-H. Lin, “A graphical-based password tifying reasons and solutions,” in Proceedings of the 28th International
keystroke dynamic authentication system for touch screen handheld BCS Human Computer Interaction Conference on HCI 2014-Sand, Sea
mobile devices,” J. Syst. Softw., vol. 85, no. 5, pp. 1157–1165, may and Sky-Holiday HCI. BCS, 2014, pp. 228–233.
2012. [110] N. Selwyn, “Apart from technology: understanding people’s non-use
[89] M. De Marsico, C. Galdi, M. Nappi, and D. Riccio, “FIRME: Face and of information and communication technologies in everyday life,”
Iris Recognition for Mobile Engagement,” Image Vis. Comput., vol. 32, Technology in society, vol. 25, no. 1, pp. 99–116, 2003.
no. 12, pp. 1161–1172, dec 2014. [111] S. Spiekermann, “Ieee p7000 the first global standard process for
[90] E. Vazquez-Fernandez and D. Gonzalez-Jimenez, “Face recognition for addressing ethical concerns in system design,” Multidisciplinary Digital
authentication on mobile devices,” Image Vis. Comput., vol. 55, pp. 31– Publishing Institute Proceedings, vol. 1, no. 3, p. 159, 2017.
33, nov 2016.
[91] D. Gragnaniello, C. Sansone, and L. Verdoliva, “Iris liveness detection
for mobile devices based on local descriptors,” Pattern Recognit. Lett.,
vol. 57, pp. 81–87, may 2015.
[92] C. Galdi, M. Nappi, and J.-L. Dugelay, “Multimodal authentication
on smartphones: Combining iris and sensor recognition for a double
check of user identity,” Pattern Recognit. Lett., vol. 82, pp. 144–153,
oct 2016.