Biometrics is the automated identification or verification of human identity through the measurement of repeatable physiological or behavioral characteristics.
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
Biometrics system penetration in mobile devices
1. Biometrics System Penetration in Mobile
Devices
A NON-CREDIT COURSE REPORT ON
BIO-METRICS AND CYBER SECURITY
SUBMITTED TO
SAVITRIBAI PHULE PUNE UNIVERSITY, PUNE
FOR THE PARTIAL FULFILLMENT OF AWARD OF DEGREE
Of
MASTER OF ENGINEERING
In
(Computer Engineering)
By
Swapnil S. Jagtap
Semester-III Roll No: ******
UNDER THE GUIDANCE OF
Guide Name
(Department of Computer Engineering)
VPCOE, Baramati.
DEPARTMENT OF COMPUTER
ENGINEERING
Vidya Pratishthan’s Kamalnayan Bajaj Institute of
Engineering & Technology,
Vidyanagari Bhigawan Road
Baramati, Dist. Pune - 413133
2016-2017
2. CERTIFICATE
This is to certify that Mr. Swapnil S. Jagtap has successfully submitted
his report to Department of Computer Engineering, VPKBIET, Baramati,
on
Biometrics System Penetration in Mobile
Devices
During the academic year 2016-2017 in the partial fulfillment towards
completion of Second Year of
Master of Engineering in Computer Engineering, of
Savitribai Phule Pune University, Pune(Maharashtra)
Swapnil S. Jagtap Guide Name
Student Guide
Dept. of Comp. Engg. Dept. of Comp. Engg.
Date :
Place: VPKBIET, Baramati.
4. Chapter 1
Introduction
What is Biometrics?
“Biometrics is the automated identification or verification of human iden-
tity through the measurement of repeatable physiological or behavioral char-
acteristics.”
Identification:
The search of a biometric sample against a database of other samples in
order to ascertain whether the donor is already contained in or new to the
database.
Verification:
It refers to the ‘one to one’comparison between a sample and another
to ask the question, ‘are you who you say you are?’The term “biometrics”is
derived from the Greek words bio (life) and metric (to measure). For our
use, biometrics refers to technologies for measuring and analyzing a person’s
physiological or behavioral characteristics, such as fingerprints, irises, voice
patterns, facial patterns, and hand measurements for identification and ver-
ification purposes.
3
5. Figure 1.1: Explains the meaning of definition
Identification and verification have long been accomplished by showing
something you have, such as a license or a passport. Sometimes it also
required something you know, such as a password or a PIN. As we move
into a time when we need more secure and accurate measures, we begin to
look at using something you are biometrics. Biometrics are automated
methods of recognizing a person based on a physiological or behavioral char-
acteristic.
History of Biometrics:
Chinese Precursor:
Possibly the first known example of biometrics in practice was a form of
finger printing being used in China in the 14th century, as reported by ex-
plorer Joao de Barros. He wrote that the Chinese merchants were stamping
children’s palm prints and footprints on paper with ink to distinguish the
young children from one another. This is one of the earliest known cases of
biometrics in use and is still being used today.
European Origins:
Until the late 1800s, identification largely relied upon “photographic
memory.”In the 1890s, an anthropologist and police desk clerk in Paris
named Alphonse Bertillon sought to fix the problem of identifying convicted
criminals and turned biometrics into a distinct field of study. He devel-
oped a method of multiple body measurements which got named after him
(Bertillonage).
4
6. His system was used by police authorities throughout the world, until
it quickly faded when it was discovered that some people shared the same
measurements and based on the measurements alone, two people could get
treated as one. After the failure of Bertillonage, the police started using
finger printing, which was developed by Richard Edward Henry of Scotland
Yard, essentially reverting to the same methods used by the Chinese for years.
Modern Times:
In the past three decades biometrics has moved from a single method (fin-
gerprinting) to more than ten discreet methods. Companies involved with
new methods number in the hundreds and continue to improve their meth-
ods as the technology available to them advances. Prices for the hardware
required continue to fall making systems more feasible for low and mid-level
budgets. As the industry grows however, so does the public concern over
privacy issues. Laws and regulations continue to be drafted and standards
are beginning to be developed. While no other biometric has yet reached the
breadth of use of fingerprinting, some are beginning to be used in both legal
and business areas.
5
7. Chapter 2
Working Principle of
Biometrics
Biometric devices consist of a reader or scanning device, software that
converts the gathered information into digital form, and a database that
stores the biometric data for comparison with previous records. When con-
verting the biometric input, the software identifies specific points of data as
match points. The match points are processed using an algorithm into a
value that can be compared with biometric data in the database. All Bio-
metric authentications require comparing a registered or enrolled biometric
sample (biometric template or identifier) against a newly captured biometric
sample (for example, a fingerprint captured during a login).
Enrollment Mode:
A sample of the biometric trait is captured, processed by a computer, and
stored for later comparison. Biometric recognition can be used in Identifi-
cation mode, where the biometric system identifies a person from the entire
enrolled population by searching a database for a match based solely on the
biometric. For example, an entire database can be searched to verify a per-
son has not applied for entitlement benefits under two different names. This
is sometimes called “one-to-many”matching.
Verification Mode:
In this mode, biometric system authenticates a person claimed iden-
tity from their previously enrolled pattern. This is also called “one-to-
one”matching. In most computer access or network access environments,
verification mode would be used. A user enters an account, user name or
6
8. inserts a token such as a smart card, but instead of entering a password, a
simple glance at a camera is enough to authenticate the user.
Types of Biometrics:
There are two types of biometrics:
1. Behavioral biometrics: Used for verification.
2. Physical biometrics: Used for either identification or verification.
Behavioral biometrics:
• Speaker Recognition - Analyzing vocal behavior.
• Signature - Analyzing signature dynamics.
• Keystroke - Measuring the time spacing of typed words.
Physical biometrics:
• Fingerprint - Analyzing fingertip patterns.
• Facial Recognition - Measuring facial characteristics.
• Hand Geometry - Measuring the shape of the hand.
• Iris recognition - Analyzing features of colored ring of the eye.
• Vascular Patterns - Analyzing vein patterns.
• Retinal Scan - Analyzing blood vessels in the eye.
• Bertillonage - Measuring body lengths.
7
9. Characteristics of Biometrics:
Biometric characteristics can be divided in two main classes,
1. Physiological
2. Behavioral
Physiological - are related to the shape of the body. The oldest traits,
that have been used for more than 100 years, are fingerprints. Other exam-
ples are face recognition, hand geometry and iris recognition.
Behavioral - are related to the behavior of a person. The first charac-
teristic to be used, still widely used today, is the signature. More modern
approaches are the study of keystroke dynamics and of voice.
Figure 2.1: Facial Recognition
The human face is one of the easiest characteristic which can be used in
biometric security system to identify a user. Face recognition technology, is
very popular and is used more widely because it does not require any kind of
physical contact between the users and device. Cameras scan the user face
and match it to a database for verification. Furthermore, it is easy to install
8
10. and does not require any expensive hardware. Facial recognition technology
is used widely in a variety of security systems such as physical access control
or computer user accounts.
Figure 2.2: Iris Recognition
The human iris is a thin circular structure in the eyes which is responsible
for controlling the diameter and size of the pupils. It also controls the amount
of light which is allowed through to retinal in order to protect the eye’s retina.
Iris color is also a variable different to each person depending upon their
genes. Iris color will decide eye color for each individual. There are several
colors for iris such as: brown, green, blue, grey, hazel, violet, pink. The iris
also has its own patterns from eye to eye and person to person, this will make
up to uniqueness for each individual.
Figure 2.3: Vascular Patterns
One of the recent biometric technologies invented is the vein recognition
system. Veins are blood vessels that carry blood to the heart. Each person’s
9
11. veins have unique physical and behavioral traits. Taking advantage of this,
biometrics uses unique characteristics of the veins as a method to identify
the user. Vein recognition systems mainly focus on the veins in the users
hands. Each finger on human hand has veins which connect directly with
the heart and it has its own physical traits.
Figure 2.4: Fingerprint types
Our fingerprint is made of a number of ridges and valley on the sur-
face of finger that are unique to each human. “Ridges are the upper skin
layer segments of the finger and valleys are the lower segments”. The ridges
form two minutiae points: ridge endings-where the ridges end, and ridge
bifurcations-where the ridges split in two. The uniqueness of a fingerprint
can be determined by the different patterns of ridges and furrows as well as
the minutiae points. There are five basic patterns which make up the finger-
print: the arch such as tented and plain arch covers 5% of fingerprint; left
and right loop covers 60% of fingerprints; whorl covers 34% of fingerprints
and accidental whorls covers 1% of fingerprints.
10
12. Chapter 3
Basic Mechanisms
The diagram shows a simple block diagram of a biometric system. When such
a system is networked together with telecommunications technology, biomet-
ric systems become tele biometric systems. The main operations a system
can perform are enrollment and test. During the enrollment, biometric infor-
mation from an individual is stored. During the test, biometric information
is detected and compared with the stored information. Note that it is crucial
that storage and retrieval of such systems themselves be secure if the bio-
metric system is robust. The first block (sensor) is the interface between the
real world and our system; it has to acquire all the necessary data. Most of
the times it is an image acquisition system, but it can change according to
the characteristics desired. The second block performs all the necessary pre-
processing: it has to remove artifacts from the sensor, to enhance the input
(e.g. removing background noise), to use some kind of normalization, etc.
In the third block features needed are extracted. This step is an important
step as the correct features need to be extracted and the optimal way. A
vector of numbers or an image with particular properties is used to create a
template. A template is a synthesis of all the characteristics extracted from
the source, in the optimal size to allow for adequate identifiability.
3.1 Biometric Collection
Biometrics are typically collected using a device called a sensor. These sen-
sors are used to acquire the data needed for recognition and to convert the
data to a digital form. The quality of the sensor used has a significant impact
on the recognition results. Example “sensors”could be digital cameras (for
face recognition) or a telephone (for voice recognition).
11
13. 3.2 Biometric Templates
A biometric template is a digital representation of an individuals distinct
characteristics, representing information extracted from a biometric sample.
Biometric templates are what are actually compared in a biometric recog-
nition system. Templates can vary between biometric modalities as well as
vendors. Not all biometric devices are template based. For example, voice
recognition is based on models. The difference between templates and models
is beyond the scope of this paper.
3.3 Biometrics Identification Schemes
There are several types of biometric identification schemes:
1. Face - the analysis of facial characteristics.
2. Fingerprint - the analysis of an individuals unique fingerprints.
3. Hand geometry - the analysis of the shape of the hand and the length
of the fingers.
4. Retina - the analysis of the capillary vessels located at the back of the
eye.
5. Iris - the analysis of the colored ring that surrounds the eyes pupil.
6. Signature - the analysis of the way a person signs his name.
7. Vein - the analysis of pattern of veins in the back of the hand and the
wrist.
8. Voice - the analysis of the tone, pitch, cadence and frequency of a
persons voice.
3.4 Comparison of Various Biometric Tech-
nologies
It is possible to understand if a human characteristic can be used for biomet-
rics in terms of the following parameters:
1. Uniqueness - is how well the biometric separates individually from
another.
12
14. 2. Permanence - measures how well a biometric resist aging.
3. Collectability - eases of acquisition for measurement.
4. Performance - accuracy, speed, and robustness of technology used.
5. Acceptability - degree of approval of a technology.
6. Circumvention - eases of use of a substitute.
3.5 Biometric Modalities
Different applications and environments have different constraints. For in-
stance, adequate fingerprint samples require user cooperation; whereas, a
face image can be Captured by a surveillance camera. Furthermore, Finger-
prints are not available for many of the suspects on Watch lists. There are
also multiple biometric modalities for technical and financial reasons. Many
scientists become interested in developing a system based on their own re-
search. Upon a successful implementation, venture capitalist, interested in
the implementation of such a system, commercialize a product. Therefore,
wide varieties of modalities are being researched and are available on the
market.
3.5.1 Fingerprint
The patterns of friction ridges and valleys on an individual’s fingertips are
unique to that individual. For decades, law enforcement has been classify-
ing and determining identity by matching key points of ridge endings and
bifurcations. Fingerprints are unique for each finger of a person including
identical twins. One of the most commercially available biometric technolo-
gies, fingerprint recognition devices for desktop and laptop access are now
widely available from many different vendors at a low cost. With these de-
vices, users no longer need to type passwords - instead, only a touch provides
instant access. Fingerprint systems can also be used in identification mode.
Several states check fingerprints for new applicants to social services benefits
to ensure recipients do not fraudulently obtain benefits under fake names.
New York State has over 900,000 people enrolled in such a system.
Advantages:
• Subjects have multiple fingers.
13
15. • Easy to use, with some training
• Some systems require little space.
• Large amounts of existing data to allow background and/or watch list
checks.
• Has proven effective in many large-scale systems over years of use.
• Fingerprints are unique to each finger of each individual and the ridge
arrangement remains permanent during one’s lifetime.
Disadvantages:
• Public Perceptions.
• Privacy concerns of criminal implications.
• Health or societal concerns with touching a sensor used by countless
individuals.
3.5.2 Face Image
The identification of a person by their facial image can be done in a number
of different ways such as by capturing an image of the face in the visible
spectrum using an inexpensive camera or by using the infrared patterns of
facial heat emission. Facial recognition in visible light typically model key
features from the central portion of a facial image. Using a wide assortment
of cameras, the visible light systems extract features from the captured im-
ages that do not change over time while avoiding superficial features such as
facial expressions or hair. Several approaches to modeling facial images in
the visible spectrum are Principal Component Analysis, Local Feature Anal-
ysis, neural networks, elastic graph theory, and multi-resolution analysis.
Some of the challenges of facial recognition in the visual spectrum include
reducing the impact of variable lighting and detecting a mask or photograph.
Some facial recognition systems may require a stationary or posed user in
order to capture the image, though many systems use a real-time process
to detect a person’s head and locate the face automatically. Major benefits
of facial recognition are that it is non-intrusive, hands-free, continuous and
accepted by most users.
14
16. Advantages:
• No contact required.
• Commonly available sensors (cameras).
• Large amounts of existing data to allow background and/or watch list
checks.
• Easy for humans to verify results.
Disadvantages:
• Face can be obstructed by hair, glasses, hats, scarves etc.
• Sensitive to changes in lighting, expression, and poses faces changeover
time.
• Propensity for users to provide poor-quality video images yet to expect
accurate results.
3.5.3 Hand Geometry
These methods of personal authentication are well established. Hand recog-
nition has been available for over twenty years. To achieve personal authen-
tication, a system may measure either physical characteristics of the fingers
or the hands. These include length, width, thickness and surface area of the
hand. One interesting characteristic is that some systems require a small
biometric sample (a few bytes). Hand geometry has gained acceptance in a
range of applications. It can frequently be found in physical access control
in commercial and residential applications, in time and attendance systems
and in general personal authentication applications.
Advantages:
• Easy to capture.
• Believed to be a highly stable pattern over the adult lifespan.
Disadvantages:
• Use requires some training.
• Not sufficiently distinctive for identification over large Databases.
• Usually used for verification of a claimed enrollment identity.
• System requires a large amount of physical space.
15
17. 3.5.4 Speech/voice
Speech recognition has a history dating back some four decades, where the
output of several analog filters was averaged over time for matching. Speech
recognition uses the acoustic features of speech that have been found to differ
between individuals. These acoustic patterns reflect both anatomy (e.g., size
and shape of the throat and mouth) and learned behavioral patterns (e.g.,
voice pitch, speaking style). This incorporation of learned patterns into the
voice templates (the latter called “voiceprints”) has earned speaker recogni-
tion its classification as a “behavioral biometric”. Speech recognition systems
employ three styles of spoken input: text-dependent, text-prompted and text
independent. Most speaker verification applications use text-dependent in-
put, which involves selection and enrollment of one or more voice passwords.
Text-prompted input is used whenever there is concern of imposters. The
various technologies used to process and store voiceprints includes hidden
Markov models, pattern matching algorithms, neural networks, matrix repre-
sentation and decision trees. Some systems also use “anti-speaker”techniques,
such as cohort models, and world models. Ambient noise levels can impede
both collection of the initial and subsequent voice samples. Performance
degradation can result from changes in behavioral attributes of the voice and
from enrollment using one telephone and verification on another telephone.
Voice changes due to aging also need to be addressed by recognition systems.
Many companies market speaker recognition engines, often as part of large
voice processing, control and switching systems. Capture of the biometric
is seen as non-invasive. The technology needs little additional hardware by
using existing microphones and voice-transmission technology allowing recog-
nition over long distances via ordinary telephones (wire line or wireless).
Advantages:
• Public Acceptance.
• No Contact Required.
• Commonly Available Sensors (telephones & microphones).
Disadvantages:
• Difficult to control sensor and channel variances that significantly im-
pact capabilities.
• Not sufficiently distinctive for identification over large databases.
16
18. 3.5.5 Iris
This recognition method uses the iris of the eye which is the colored area that
surrounds the pupil. Iris patterns are thought unique. The iris patterns are
obtained through a video-based image acquisition system. Iris scanning de-
vices have been used in personal authentication applications for several years.
Systems based on iris recognition have substantially decreased in price and
this trend is expected to continue. The technology works well in both veri-
fication and identification modes. Current systems can be used even in the
presence of eyeglasses and contact lenses. The technology is not intrusive. It
does not require physical contact with a scanner. Iris recognition has been
demonstrated to work with individuals from different ethnic groups and na-
tionalities.
Advantages:
• No contact Required.
• Protected internal organ, less prone to injury.
• Believed to be highly stable over lifetime.
Disadvantages:
• Difficult to capture for some individuals.
• Easily obscured by eyelashes, eyelids, lens and reflections from the
cornea.
• Public myths and fears related to scanning the eye with a light source.
• Acquisition of an iris image requires more training and attentiveness
than most biometrics.
• Lack of existing data ability to use for background or watch list checks.
• Cannot be verified by a human.
3.5.6 Signature Verification
This technology uses the dynamic analysis of a signature to authenticate a
person. The technology is based on measuring speed, pressure and angle used
by the person when a signature is produced. One focus for this technology
has been e-business applications and other applications where signature is
an accepted method of personal authentication.
17
19. Chapter 4
Where to use Biometrics?
Biometric use involves controlling access to physical locations (laboratories,
buildings etc.) Biometrics can be used to determine whether or not a person
is already in database such as for social service or national id applications.
Biometrics can be used in environments where recognition of an individual
is required. Applications vary and range from logical access to a personal
computer to physical access of a secured laboratory. They can be used in
a variety of collection environments as identification systems. Biometrics
are also used for accountability applications such as recording the biometric
identities of individuals.
Wireless Biometrics:
As biometrics systems improve, become smaller and require less power
for operation, the potential to integrate into new application grows. The
ability to operate the biometrics verification solution from battery supply is
unprecedented. Previously, biometrics have been used in combination with
personal computers and based on a stringent platform to maintain reasonable
performance. However, as the technology for fingerprint recognition is being
miniaturized and streamlined for performance, new avenues of application
can be found when technologies are integrated together in small, simple and
stand-alone packaging. Wireless biometrics will consist of both the hardware
and software for the fingerprint scanning devices that will be embedded in
wireless handheld devices. The solution will come as a bundle of a range
of validation, transaction management and content protection services based
on the devices.
18
20. Tele-Biometrics:
Tele-biometrics applies biometrics to telecommunications and telecommu-
nications to remote biometric sensing. With the emergence of multimodal
biometrics systems gathering data from different sensors and contexts, Inter-
national Standards that support systems performing biometric enrollment
and verification or identification have begun to focus on human physiological
thresholds as constraints and frameworks for “plug and play”tele-biometric
networks. Attending to these wetware protocols has become particularly ur-
gent in the context of a recent study suggesting possible pathological effects
from RFID transponders implanted in dogs.
4.1 Biometric Devices:
• Optical Fingerprint Scanner - Our biometric hamster is the next
generation model of popular and versatile biometric fingerprint readers.
Packaged in a comfortable, ergonomic design, this biometric scanner
features the industry’s most rugged and advanced optical sensor using
patented SEIR fingerprint biometric technology.
• Optic-Mouse - Optic-Mouse is an innovative optical tracking mouse
that can operate on almost any surface with exceptional response, it
features the industry’s most rugged and advanced optical sensor using
patented SEIR fingerprint biometric technology.
• iGuard - Integrated Access Control and Time Attendance Sys-
tem - iGuard is a complete solution combining a access control system
and time attendance system. It utilizes patented embedded web server
technology combined with biometrics and smart card authentication.
This is the world sonly available system that has achieved advanced op-
erability using world-renowned TCP/IP networking protocol without
having to compromise on security.
• Personal Fingerprint Safes - Biometric personal safes are revolu-
tionary locking storage cases that open with just the touch of your
finger. These products are designed as “access denial”secure storage
for medications, jewelry, weapons, documents, and other valuable or
potentially harmful items.
• Biometric Fingerprint Door Locks - Your fingerprint is the key
with our revolutionary fingerprint door lock. This amazing new prod-
19
21. uct replaces keyed locking mechanisms with a fingerprint sensor that
actually recognizes who is and who is not authorized to enter.
• Biometric Versus Forensic - While both biometrics and forensic
involves human recognition, biometrics is typically applied using au-
tomated techniques to prevent situation application such as gaining
access to sensitive information or to a secured facility. Forensic appli-
cations typically occur after a crime has occurred, and may not use
fully automated methods. Forensic methods are often used to assist in
the legal process. Forensic usually requires days of processing and are
held to much higher accuracy requirements.
4.2 Biometric Applications
• Biometric Time Clocks - Which are being increasingly used in var-
ious organizations to control employee timekeeping.
• Biometric safes and biometric locks - Provides security to the
homeowners.
• Biometric access control systems - Providing strong security at
entrances. Biometric systems are also developed for securing access to
PC’s and providing single logon facilities.
• Wireless biometrics - for high end security and providing safer trans-
actions from wireless devices like PDA’s, etc.
• Identifying DNA Patterns - of biometrics technology in identifying
DNA patterns for identifying criminals, etc.
• Biometrics airport security - devices are also deployed at some of
the worlds famous airports to enhance the security standards.
4.3 Biometric Security
A concern is how a person’s biometric, once collected, can be protected. Aus-
tralia has therefore introduced a Biometrics Institute Privacy Code Biomet-
rics Institute in order to protect consumer personal data beyond the current
protections offered by the Australian Privacy Act.
20
22. Sociological Concerns:
As technology advances, and time goes on, more private companies and
public utilities may use biometrics for safe, accurate identification. These
advances are likely to raise concerns such as:
• Physical - Some believe this technology can cause physical harm to an
individual using the methods or that instruments used are unsanitary.
For example, there are concerns that retina scanners might not always
be clean.
• Personal Information - There are concerns whether our personal in-
formation taken through biometric methods can be misused, tampered
with or sold, e.g. by criminals stealing, rearranging or copying the bio-
metric data. Also, the data obtained using biometrics can be used in
unauthorized ways without the individual’s consent.
Danger to owners of secured items:
When thieves cannot get access to secure properties, there is a chance
that person secured items the thieves will stalk and assault the property
owner to gain access. If the item is secured with a biometric device, the
damage to the owner could be irreversible, and potentially cost more than
the secured property. In 2005, Malaysian car thieves cut off the finger of a
Mercedes-Benz S-Class owner when attempting to steal the car.
Cancelable Biometrics:
Physical features, such as face, fingerprint, iris, retina, hand, or behav-
ioral features, such as signature, voice, gait, must fulfill a certain criterion
to qualify for use in recognition. They must be unique, universal, accept-
able, collectable and convenient to the person, in addition, to reliability at
recognition, performance and circumvention. However, most importantly,
permanence is a key feature for biometrics. They must retain all the above
features in particular the uniqueness unchanged, or acceptably changed, over
the lifetime of the individual. On the other hand, this fundamental feature
has brought biometrics to challenge a new risk. If biometric data is obtained,
for example compromised from a database, by unauthorized users, the gen-
uine owner will lose control over them forever and lose his/her identity.
21
23. Chapter 5
Security Threats for Mobile
Platforms
The usage of the mobile phone over the last few years has made fundamental
changes in our daily life. Mobile devices, namely Personal Digital Assistants
(PDAs) and smart phones are containing ever more personal information,
including address books, schedules as well as payment information. Smart
phones or mobile phones with advanced capabilities like those of personal
computers (PCs) are appearing in more peoples pockets, purses, and brief-
cases. Smart phones popularity and relatively lack security have made them
attractive targets for attackers.
Mobile phones are becoming more and more valuable as targets for attack.
People are using smart phones for an increasing number of activities and
often store sensitive data, such as email, calendars, contact information and
password on the devices. Mobile applications for social networking keep a
wealth of personal information.
5.1 Vulnerablity
A weakness that is inherent in every network and device. This includes
routers, switches, desktops, servers and even security devices themselves.
5.2 Threats
People eager, willing and qualified to take advantage of each security weak-
ness and they continually search for new exploits and weaknesses.
22
24. 5.3 Attacks
Threats use a variety of tools, scripts and programs to launch attacks against
networks and network devices. Typically the network devices under attack
are the endpoints such as servers and desktops. Table below shows the various
attacks on mobile devices.
Attacks Causes Attack Type Mobile Security
(Features) Affects
Mobility Lost or Authentication,
theft device Confidentiality
Limited resources DoS (Denial of Service) Data Integrity,
Confidentiality,
Availability
Strong Connectivity Viruses or worms Data Integrity,
Requirement (malware) Confidentiality
and Charging
Table 5.1: Various Attacks on Mobile Devices
Several major security issues loom over the use of such devices, including
• Mobile devices are often stolen or missing, due to their small size.
• The contents in the mobile devices are unencrypted or encrypted under
a flawed protocol.
• Mobile devices are pron to middle-man attack or viruses attack from
wireless connection.
• User authentication is weak or disabled or in a common default mode,
the authentication mechanism is single static password authentication
can be circumvented easily.
23
25. Chapter 6
Biometrics Performance
Evaluation
Biometrics does not operate like passwords, where the correct input of the
secret knowledge can assure access to the system with 100provide a sample,
but several factors may still cause them to be rejected by the system. These
factors might be environmental or related to the underlying uniqueness of the
characteristics involved. This might not only lead to rejecting an authorized
user but also in accepting an impostor. The quality metrics used to evaluate
the performance of the biometric system are as follows:
• False Acceptance Rate (FAR) - which represents the probability of
an impostor getting accepted by the system (sometimes referred to as
the Impostor Pass Rate).
• False Rejection Rate (FRR) - which represents the probability of
falsely rejecting an authorized user (sometimes referred to as the False
Alarm Rate).
• Failure to Enroll Rate (FTE) - which refers to situation where the
sample is not able to provide enough information to create a template.
That can be due to noise from the capture or a lack of features from
the user, for example burned fingers.
• Failure to Acquire Rate (FTA) - which refers to the situation where
the system is unable to acquire a sample from the user.
24
26. Chapter 7
Future Outlook
According to most experts, the future of biometrics is dependent upon two
critical areas: Standardization and the use of Hybrid Technologies.
Standardization:
Currently, the biometrics industry is very fragmented, with more than
150 companies with their own proprietary systems and methodologies. Stan-
dards have only recently been established in order to provide direction for the
development of a common interface that will allow for shared biometric tem-
plates. The BioAPI standard created by the BioAPI Consortium, a group of
more than 60 vendors and government agencies, defines a common structure
for interfacing with biometrics. Yet, competitive forces remain as technol-
ogy giants like Microsoft have abandoned the consortium and the BioAPI
standard in order to develop their own proprietary software standards. The
development and acceptance of a primary standard is critical for the growth
and applicability of the biometrics industry. Only after the technological
standard is more established can systems integrate and interact efficiently.
Hybrid Technologies:
One of the critical concerns with the use of biometric technologies is that
of privacy and security of stored personal biometric data. To have personal
data stored in a centralized database leaves the information potentially open
to theft or compromise. The concept of combining smart card or public
key infrastructures with biometric readers where the biometric template is
stored on an individually controlled key has been suggested as a solution for
the privacy concern and is considered by some critical to the advancement of
biometric applications. Biometrics is a powerful combination of science and
25
27. technology that can be used to protect and secure our most valuable infor-
mation and property. The future holds no limits for this industry as more
applications are found. Further, the technology itself continues to improve in
terms of application and accuracy. From the application of total body scan-
ning for highest security areas to speed and accuracy of identification when
shopping on-line, the applications are boundless. Imagine a world where in-
terstate air travel is allowed automatically via a full body scan that not only
verifies identity but simultaneously searches for insecure or illegal parapher-
nalia. Where access to one is bank or credit accounts is only granted after
identification via iris or retina scan. Where a shopping trip is made possible
by a vehicle that operates only with biometric verification of ownership and
payment is made via a fingerprint scan that links directly to one is credit
account. In the future, we will live in a faster paced, more secure world where
verification of one is identity is critical for daily activities. While some might
argue that privacy and personal “freedom”are sacrificed with this level of
control, most believe that it is the necessary price for a secure world envi-
ronment.
26
28. Chapter 8
References
1. M.Sujithra, Dr. G.Padmavathi, “Mobile Device Security-A survey
on Mobile Device Threats, Vulnerabilities and their Defensive Mech-
anism,”International Journal of Computer Applications (IJCA), Vol.
56, No. 14, 2012.
2. Anurag Kumar Jain, DevendraShanbhag, “Addressing Security and
Risks in Mobile Applications,”2012.
3. Roberta Cozza, “Forecast: Mobile Communications Devices by Open
Operating System, Worldwide,”Gartner, 2011.
4. M.Sujithra, Dr. G.Padmavathi, “Biometrics for Low Power Mobile
Devices,”International Conference on Mathematical Modelling and Ap-
plied Soft Computing, Vol. 2, 2012.
5. Paul Ruggiero and Jon Foote, “Cyber Threats to Mobile,”Produced
for US-CERT, a government organization, Carnegie Mellon University
- US, 2011.
6. C.R. Mulliner, “Security of smart phones,”Masters thesis submitted to
University of California, Santa Barbara, 2006.
7. M.Sujithra, Dr. G.Padmavathi, “Biometric System Penetration in Re-
source Constrained Mobile Device,”International Journal on Bioinfor-
matics & Biosciences (IJBB) Vol. 3, No. 1, March 2013.
8. Anil K. Jain, Arun Ross and Salil Prabhakar, “An Introduction to
Biometric Recognition,”IEEE Transactions on Circuits and Systems
for Video Technologies, Vol. 14, No. 1, 2004.
27