Fingerprint and location based multifactor authentication for mobile applications
Keywords:Authentication, Biometrics, location, Multifactor, Smartphone.
Authentication, which involves the verification of identity, is one of the most important security features. It usually depends on three factors: something you know (knowledge), something you have (token) and something you are (biometrics). In this paper, we propose the use of biometrics (fingerprints) with a fourth factor, namely location (i.e., where you are), in order to develop a privacy- friendly multi-factor authentication scheme suitable for smartphone applications.
 M. Looi, Enhanced authentication services for internet systems using mobile networks, in Global Telecommunications Conference, 2001, 2001.
 D. E. Denning and P. F. MacDoran, Location-based authentication: Grounding cyberspace for better security, Internet besieged, October 1997, 167-174.
 C. Wullems, M. Looi and A. Clark, nhancing the security of internet applications using location: A new model for tamper-resistant GSM location, in Computers and Communication, 2003., July 2003.
 D. Dasgupta, A. Roy and A. Nag, Multi-Factor Authentication, Advances in User Authentication, 2017, 185-233. https://doi.org/10.1007/978-3-319-58808-7_5.
 N. Ratha, J. Connell, R. M. Bolle and S. Chikkerur, Cancelable Biometrics: A Case Study in Fingerprints, in 18th International Conference on Pattern Recognition (ICPR'06), 2006. https://doi.org/10.1109/ICPR.2006.353.
 N. K. Ratha, S. Chikkerur, J. H. Connell and R. M. Bolle, Generating cancelable fingerprint templates, IEEE Transactions on pattern analysis and machine intelligence, 2007, 561-572. https://doi.org/10.1109/TPAMI.2007.1004.
 S. Tulyakov, F. Farooq, P. Mansukhani and V. Govindaraju, Symmetric hash functions for secure fingerprint biometric systems, Pattern Recognition Letters, vol. 28, no. 16, 2007, 2427-2436 https://doi.org/10.1016/j.patrec.2007.08.008.
 G. Kumar, S. Tulyakov and V. Govindaraju, Combination of symmetric hash functions for secure fingerprint matching. In Pattern Recognition (ICPR), in 20th International Conference, 2010. https://doi.org/10.1109/ICPR.2010.224.
 M. Barni, T. Bianchi, D. Catalano, D. R. M., R. Donida Labati, P. Failla and A. Piva, Privacy-preserving fingercode authentication, in In Proceedings of the 12th ACM workshop on Multimedia and security, 2010. https://doi.org/10.1145/1854229.1854270.
 Y. Zhang and F. Koushanfar, Robust privacy-preserving fingerprint authentication, in In Hardware Oriented Security and Trust (HOST), 2016 IEEE International Symposium, 2016. https://doi.org/10.1109/HST.2016.7495547.
 D. Denning and P. Macdoran, Location-based authentication: Grounding cyberspace for better security, Computer Fraud & Security, 1996. https://doi.org/10.1016/S1361-3723(97)82613-9.
 Y. B. L. Cho and M. T. Goodrich, in In Mobile and Ubiquitous Systems: Networking & Services, 2006 Third Annual International Conference, 2006.
 H. Takamizawa and K. Kaijiri, A web authentication system using location information from mobile telephones, in n Proceedings of the IASTED International Conference Web-based Education, 2009.
 F. Zhang, A. Kondoro and S. Muftic, Location-based authentication and authorization using smart phones, in n Trust, Security and Privacy in Computing and Communications (TrustCom), 2012. https://doi.org/10.1109/TrustCom.2012.198.
 A. Hammad and P. Faith, LOCATION BASED AUTHENTICATION, U.S. Patent No. 20,170,286,953. Washington, DC: U.S. Patent and Trademark Office.â€, 2017.
 S. H. Khan, M. A. Akbar, F. Shahzad, M. Farooq and Z. Khan, Secure biometric template generation for multi-factor authentication, Pattern Recognition, vol. 48, no. 2, 2015, 458-472, https://doi.org/10.1016/j.patcog.2014.08.024.
 I. A. Lami, T. Kuseler, H. Al-Assam and S. Jassim, LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance., in In Proc. 18th Telecommunications Forum., 2010.
 keytool - Key and Certificate Management Tool, Oracle, http:// docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html. [Accessed 11 MAR 2018].
 J. Bonneau, C. Herley, P. C. Van Oorschot and F. Stajano, the quest to replace passwords: A framework for comparative evaluation of web authentication schemes, in Security and Privacy (SP), 2012 IEEE Symposium, 2012. https://doi.org/10.1109/SP.2012.44.
 M. MANNAN and P. C. VAN OORSCHOT, Passwords for Both Mobile and Desktop Computers.
 Ho, Y. L., Bendrissou, B., Azman, A., & Lau, S. H., BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired Users on Smartphones., American Journal of Applied Sciences, 2017. https://doi.org/10.3844/ajassp.2017.551.559.
 H Fujii and Y Tsuruoka, SV-2FA: Two-factor user authentication with SMS and voiceprint challenge response., in In Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference, 2013. https://doi.org/10.1109/ICITST.2013.6750207.
 S. Mare, A. Molina-Markham, C. Cornelius, R. Peterson and D. Kotz, ZEBRA: Zero-Effort Bilateral Recurring Authentication., Companion report, 2014. https://doi.org/10.1109/SP.2014.51.
 X. Zhu, S. Yu and Q. Pei, QuickAuth: Two-Factor Quick Authentication Based on Ambient Sound., in In Global Communications Conference (GLOBECOM), 2016. https://doi.org/10.1109/GLOCOM.2016.7842192.
 A. S. Arif, A. Mazalek and W. Stuerzlinger, The use of pseudo pressure in authenticating smartphone users., in Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, 2014. https://doi.org/10.4108/icst.mobiquitous.2014.257919.
 K. I. Shin, J. S. Park, J. Y. Lee and J. H. Park, Design and implementation of improved authentication system for android smartphone users., in Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference, 2012. https://doi.org/10.1109/WAINA.2012.31.
 I. Jermyn, A. Mayer, F. Monrose, M. K. Reoter and A. D. Rubin, The Design and Analysis of Graphical Passwords, in Proceedings of the 8th USENIX Security Symposium, Washington, DC., 2000.
 A. F. Syukri, E. Okamoto and M. Mambo, A user identification system using signature written with mouse, in Australasian Conference on Information Security and Privacy, Berlin, Heidelberg., 1998, July. https://doi.org/10.1007/BFb0053751.
 C. Varenhorst, M. V. Kleek and L. Rudolph, Passdoodles: A lightweight authentication method., in Research Science Institute., 2004.
 S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy and N. Memon, Authentication using graphical passwords: Effects of tolerance and image choice., in Proceedings of the 2005 symposium on Usable privacy and security, 2005, July. https://doi.org/10.1145/1073001.1073002.
 A. Bhand, V. Desale, S. Shirke and S. P. Shirke, Enhancement of password authentication system using graphical images, in Information Processing (ICIP), 2015 International Conference, 2015, December. https://doi.org/10.1109/INFOP.2015.7489381.
 V. Moraskar, S. Jaikalyani, M. Saiyyed, J. Gurnani and K. Pendke, Cued Click Point Technique for Graphical Password Authentication, International Journal of Computer Science and Mobile Computing 3 (1)., 2014, 166-172.
 P. Corporation, The science behind Passfaces, http:// http://www.passfaces.com/enterprise/resources/white_papers.htm. [Accessed 11 8 2018].
 R. Dhamija and A. Perrig, "Deja Vu: A User Study. Using Images for Authentication, in Proceedings of the 9th USENIX Security Symposium, August 2000.
 L. Sobrado and J. C. Birget, Graphical passwords., The Rutgers Scholar, an electronic Bulletin for undergraduate research., vol. 4, no. 2002, 12-18.
 S. Venugopalan and M. Savvides, How to generate spoofed irises from an iris code template., IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, 2011, 385-395. https://doi.org/10.1109/TIFS.2011.2108288.
 A. Swaminathan, N. Kumar and M. R. Kumar, Review of Numerous Facial Recognition Techniques in Image Processing., 2014.
 C. Brown, Palm vein authentication system launched for mobile devices, http:// nfcworld.com/2017/01/13/349444/palm-vein-authentication-system-launched-mobile-devices/, [Accessed 15 August 2017].
 Y. Renard, F. Lotte, G. Gibert, et al, Open VibE: An Open Source Software Platform to design, Test and Use Brain-Computer Interfaces in Real and Virtual Environments, teleoperators and virtual environments, vol. 19, no. 1, 2010, 35-53. https://doi.org/10.1162/pres.19.1.35.
 N. Sae-Bae, K. Ahmed, K. Isbister and N. Memon, Biometric-rich gestures: a novel approach to authentication on multi-touch devices., in n Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 2012. https://doi.org/10.1145/2207676.2208543.
 U. Garg and Y. K. Meena, User authentication using keystroke recognition., in In Proceedings of international conference on advances in computing, New Delhi, 2013. https://doi.org/10.1007/978-81-322-0740-5_17.
 J. C. D. Lima, C. C. Rocha and I. Augustin, A Context-Aware Recommendation System to Behavioral Based Authentication in Mobile and Pervasive Environments., in in 2011 IFIP Ninth International Conference on Embedded and Ubiquitous Computing, October 2011. https://doi.org/10.1109/EUC.2011.2.
 M. Jakobsson, E. G. Shi, P. and R. Chow, Implicit authentication for mobile devices,"in In Proceedings of the 4th USENIX conference on Hot topics in security., 2009.
 N. Haller, C. Metz, P. Nesser and M. Straw, A one-time password system (No. RFC 2289), 1998. https://doi.org/10.17487/rfc2289.
 google 2-step Verification, google, http:// google.com/landing/2step/.