Mobile devices as a platform for biometric user authentication Gavrikov I. (Russian Federation) Мобильные устройства как платформа для биометрической аутентификации
пользователей Гавриков И. В. (Российская Федерация)
Гавриков Илья Владимирович / Gavrikov Ilya — студент, кафедра бизнес-информатики и математического моделирования, Институт экономики и управления Крымский федеральный университет им. В. И. Вернадского, г. Симферополь
Abstract: the article describes theoretical and practical aspects of MBS technology (Mobile Biometric Security) - the prospective use of mobile devices as budget platforms for user authentication based on a range of biometric data.
Аннотация: данная статья описывает теоретические и практические аспекты технологии MBS (мобильной биометрической безопасности) — перспективного применения мобильных устройств как бюджетных платформ для аутентификации пользователей по спектру биометрических данных.
Keywords: mobile devices, biometrics, authentication, information security.
Ключевые слова: мобильные устройства, биометрия, аутентификация, информационная безопасность.
As the evolution of personal mobile devices continues, more and more functionality is being introduced to replace existing devices. Many appliances commonly owned by the average user in the past - cameras, pagers, etc. -have become either obsolete or mostly limited to experts and power users. In the case of cameras, total shipments and production of compact cameras have fallen some 45 % in the first half of 2013 compared to 2012 [1].
At the same time, information security and mobile devices are becoming more and more intertwined. Two factor authentication (2FA) has become the norm since its advent in 2012-2013 [2], having been implemented by companies like Google, Twitter, Facebook, Apple, Microsoft, Valve Software, Blizzard Entertainment and others, even being introduced as a security measure to MIT. However, 2FA also has its vulnerabilities [3], which drives vendors and developers to use more sophisticated authentication algorithms. One such option is biometric authentication.
At its core, two factor authentication, and multi-factor authentication in general, depends on a baseline authentication factor - usually a knowledge factor, something a user knows, such as a password or PIN. The baseline factor is then extended with another factor or a number of factors, which may include a possession factor - something a user has - and an intrinsic factor - something a user is. Today, two factor authentication commonly depends on possession factors, which are implemented as codes sent to the user or generated by an app on the user's device. Intrinsic factors include fingerprints, facial features, irides and voiceprints. They are easier for the user to provide, since they are always available and cannot be forgotten, but at the same time, they are more difficult to register and store, in no small part due to privacy concerns.
Compared to possession factors, intrinsic factors have not been used as widely. However, despite being a relatively nascent field, major companies are already beginning to use biometrics in their user authentication algorithms. With the introduction of a fingerprint scanner to the iPhone 5S, biometric authentication has entered the mass market. Research predicts a 17 % increase in the shipments of fingerprint sensors by 2020 [4]. The voice biometrics market is also experiencing significant growth, predicted at some 22 % for the 20142019 period [5]. Facial biometrics, too, are entering the market, with MasterCard launching a pilot programme to support user authentication through selfies [6]. Of particular note is Samsung's recent announcement of the inclusion of iris scanning functionality into its new Galaxy Note 7 [7].
The ever-increasing demand for security and the advantages offered by biometric authentication complement each other, but up until recently, implementing biometric authentication in a company required significant funds and resources, which presented a disadvantage to smaller businesses looking to use biometrics in their security policy. However, with the advent of biometric technology in modern mobile devices, a similar level of security can be achieved at a much lower cost. With mobile biometric security (MBS) technology, any business that can afford a mobile device is able to implement biometric security in its security policy.
Due to the number and variety of different sensors and functionality built into modern mobile devices, MBS software can be used to create a multi-layer security system using only one hardware device. As such, a modern smartphone with sophisticated enough MBS software can authenticate users based on their fingerprint,
voiceprint, face and iris simultaneously, which, coupled with a simple PIN or password baseline factor, presents a significant challenge to any potential hacker wishing to break through the company's security. The MBS software on the mobile device can be used to protect a variety of company assets, from information, to work stations, to the actual building or premises.
The main drawback of MBS technology, as it stands currently, is the relative difficulty of creating algorithms to reliably identify and verify biometric data. Since the hardware used in many procedures, such as cameras and microphones, is standard, the authentication procedures rely primarily on the software. However, costs related to research and development, when compared to those behind commercial suites and entire security complexes, are significantly lower.
References
1. Camera shipments continue to fall. [Electronic resource]: DPReview. URL: https://www.dpreview.com/articles/2101371529/camera-shipments-2013-cipa (date of access: 18.08.2016).
2. Parker Higgins. How to Enable Two-Factor Authentication on Twitter (And Everywhere Else). [Electronic resource]: Electronic Frontier Foundation. URL: https://www.eff.org/deeplinks/2013/05/howto-two-factor-authentication-twitter-and-around-web/ (date of access: 18.08.2016).
3. Radhesh Krishnan Konoth, Victor van der Veen, Herbert Bos. How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication. VU University Amsterdam, 2015. 17 s.
4. Biometrics Market Boosted By Fingerprint Sensors in Smartphones. [Electronic resource]: ABIresearch. URL: https://www.abiresearch.com/press/biometrics-market-boosted-by-fingerprint-sensors-i/ (date of access: 18.08.2016).
5. Swapnil Devale. Voice Recognition Biometrics Market Statistics. [Electronic resource]: LinkedIn. URL: https://www.linkedin.com/pulse/voice-recognition-biometrics-market-statistics-expected-devale (date of access: 18.08.2016).
6. Replacing Passwords with Selfies. [Electronic resource]: MasterCard Newsroom. URL: http://newsroom.mastercard.com/videos/replacing-passwords-with-selfies/ (date of access: 18.08.2016).
7. Samsung doubles down on security with iris scanner in Galaxy Note 7. [Electronic resource]: The Verge. URL: http://www.theverge.com/2016/8/2/12348580/samsung-doubles-down-on-security-with-iris-scanner-in-galaxy-note-7/ (date of access: 20.08.2016).