Biometric authentication for mobile computing applications:

September 21st, 2019

The development of mobile communication:

The internet and other technological advances have certainly changed the way we do things today. Even the most mundane things can now be accomplished through various ways and means, which have a lot to do with technology. Just look at customer behavior, particularly on how they shop and where they shop, and you will see a marked difference from the time before the internet and e-commerce came about in mobile computing applications.

For a while, e-commerce has been a major catchphrase in business. E-commerce, also known as electronic commerce, was about trading products and services via the internet and other computer networks and electronic systems. These activities include, but are not limited to, banking, insurance, advertising and warehousing. Even transportation transactions were also completed using e-commerce. Basically, e-commerce was broadly referred to as conducting business on the internet.

The evolution of how we transact did not stop there.

 The development of M-commerce:

The increasing usage of mobile and telecommunication devices acted as another precursor to change, and that change led to the rise of mobile commerce, also known as m-commerce.

The simplest way to describe mobile commerce would be the buying and selling of products – or the conduct of commercial transactions and activities – through telecommunication and other mobile devices that run or operate on wireless network technologies.

It is safe to say that m-commerce is an upgraded version of e-commerce. In fact, m-commerce has been defined as the conduct of e-commerce activities using mobile or cellular devices. If business transactions involve the use of wireless telecommunication networks, then it is highly likely to fall under m-commerce.

While terminologies such as internet banking, electronic money transfers and online shopping were very exciting and phenomenal-in the past decade, what excites consumers now is mobile banking, money transfer via mobile and mobile bookings among many others.

Biometric process:

Biometric systems depend on some separate processes: enrollment, live capture, template extraction and comparison. The purpose of enrollment is to gather and store biometric samples beside creating numerical templates for any future comparisons. By storing the raw samples, new replacement templates can be generated in the event that a new or updated comparison algorithm is presented to the system.

Template extraction needs signal processing of the raw biometric samples  to yield a numerical template. Templates are typically generated and stored upon enrollment to secure processing time upon upcoming comparisons. Comparison of two biometric templates applies algorithmic computations to measure their likeness. At comparison level, a match score is allocated. If it is above a specified threshold, the templates are considered a match.

For better recognition rate, multiple samples for each individual are gathered through registration. At the verification step, similar set of features which have been extracted through enrollment process are extracted from the input samples scanned or recorded using input devices, to form the feature vectors. Verification is 1 to 1 matching. Within verification, the individual claims his or her identity which is confirmed by comparing these feature vectors by the feature vectors of the individual which he or she claimed to be. If the matching rate crosses the threshold then the system will validate the individual as authentic user, or the individual will be rejected.

Security Issues in Mobile Computing Applications:

The mobile computing is the communication between computing devices without a physical connection between them through wireless networks, which mean there are some of new mobile security issues that are originated from wireless security issues. The security issues and threats of mobile computing can be divided into two categories: security issues that related to transmission of information over wireless networks, and the issues that related to information and data residing on mobile devices.

  • Wireless Security Issues:

The security issues that related of wireless networks are happened by intercepted of their radio signals by hacker, and by non-management of its network entirely by user because most of wireless networks are dependent on other private networks which managed by others, so the user has less control of security procedures.

  • Denial of Service:

It’s one of common attacks of all kinds of networks and specially in wireless network, which mean the prevent of users from using network services by sending large amounts of unneeded data or connection requests to the communication server by an attacker which cause slow network and therefore the users cannot benefit from the use of its service .

  • Traffic Analysis:

It’s identifying and monitoring the communicating between users through listening to traffic flowing in the wireless channel, in order to access to private information of users that can be badly used by attacker .

  • Eavesdropping:

The attacker can be log on to the wireless network and get access to sensitive data, this happens if the wireless networks was not enough secure and also the information was not encrypted.

  • Session Interception and Messages Modification:

Its interception the session and modify transmitted data in this session by the attacker through scenario which called: man-in-the-middle which inserts the attacker’s host between sender and receiver host .

  • Spoofing:

The attacker is impersonating an authorized account of another user to access sensitive data and unauthorised services.

  • Captured and Re transmitted Messages:

Its can get some of network services to attacker by get unauthorized access through capture a total message and replay it with some modifications to the same destination or another.


Security Techniques And Requirement:

There are a number of security requirements which valid with security issues relating to distributed systems, such as identification and authentication of trusted people by using authentication mechanisms like passwords, cryptographic techniques, access control by using information and rules of access control, information confidentiality by using mechanisms of confidentiality like encryption, information integrity by using integrity mechanisms those provide a verification of integrity checks and availability and prevention of denial of service. Security requirements which related to traditional computing, but with mobile computing the security requirements have become highly important, especially with regard to data security. One of the most important security measures is maintaining of the latest update of network or mobile elements and their software. There are different security requirements and techniques which valid for both mobile devices and networks, some of them include:

  • Encryption:

If there is an important information that stored in a mobile device, it should be encrypt this information to save it from unauthorized access by external party or in case if a mobile is stolen. It also contributes to the security aspects of confidentiality and integrity.

  • Standards:

It should ensure that the mobile devices are protected and have a set of requirements like: locking, backups, antivirus software, and a strong password protection

  • Network Access Control (NAC) solutions:

This is a system used to check which mobile devices trying to connect to the network, that’s provide protection of the network from any infections or malicious code that may damage of mobile devices .

  • Control Access:

Control access to functions of mobile computing systems depending on the current location of the user, and there are already some security models which identifies some functions to certain user to use these functions.

  • Application Sand boxing:

When creating mobile applications, it determined declarative permissions which will not be changed at run time of application, these permissions can be improve to the security aspect of mobile devices by isolation and control of application from accessing to the system or interact with other applications that may be infected by malware code and virus, it also contributes to determine of resources that may be shared.


They have been reviewing some of the security requirements for mobile computing, which included: Encryption, Standards, Network Access Control, Control access to functions depending on location of user, Application Sand boxing, and Memory Randomization are also the integral part of mobile computing applications.



Biometric authentication: What method works best?

August 10th, 2019

Biometrics has long been put forth as the next big thing in authentication, replacing or supplementing the concept of things that you know like passwords, PINs and so on.

Each of the different methods of biometric identification have something which are less invasive, some can be done without the knowledge of the subject, some are very difficult to fake.

But despite lots of advances in the realm of biometric authentication, it’s clear that there’s still plenty room of improvement.

Hackers have found ways to trick and circumvent biometric authentication that relies on factors like fingerprints and facial recognition and it’s not hard to imagine that they will also find ways around more advanced authentication methods . Some experts even worry that biometrics are inherently fallible because they rely on some factors that could change throughout a person’s life.

In the end , what may prove most effective is a mixture of methods. There is no shortage of qualities that are unique to each person on the planet and which could be potentially combined to create a comprehensive picture of you that also be really hard to fake. While you may be familiar with security that employs fingerprints, voice and retinas at least a few of these biometric authentication are under development.

 Biometric face recognition technology:

Facial recognition systems has always been a concept that lived in fictional words. The technology has developed this field significantly as we are seeing it has become more common in our everyday lives.

It analyses the characteristics of a person’s face to identity or verify a person.

This technology uses distinguishable facial features such as nose width and cheekbone shape to compare a digital image to your identity. This technology is able to identify key factors within a very busy visual environment, making it very useful in picking out individuals even on crowded places.

The technology works by mapping that person’s facial features and saving this unique information as a “fingerprint”. The software can compare an image of a person’s face to the information saved in the database to confirm their identity. This type of technology is mostly used for security and data protection purposes but other uses are becoming more widespread.

Fingerprint scanner security system:

It reduces the possibility of identity theft through another employee using coworkers RFID badge or another form of identification to access secure areas.

The system verify a person’s identity to ensure they have permission to access a secure area.

It provides a reliable way to track people and don’t need to worry about storing extra data since the system only requires a fingerprint.

Fingerprint based systems provide the ability to detect an individual out of millions of fingerprints accurately.

This system can save money on hardware and material costs. It tends to consist of a simple fingerprint reader and software that identifies the individual. Most upgrades to the system come in the form of software based upgrades which reduces costs further. It also helps in reprogramming badges, assigning employee pass codes or maintaining inventory.

Retina scanner security system:

The retina is deemed to be very stable and hardly ever changes over the lifetime an individual. In this regard, it is considered to be the most reliable Biometric technology which is available in the marketplace today.

Given the small file size of the Retinal Recognition templates helps to confirm the identity of an individual is very quick and can take place in just less than two seconds.

Because of the high number of unique data points the Retina possesses , there is almost no error that when an identity of an individual is confirmed. The statistical probability of an imposter being fake accepted is almost non existent.

It is not prone to the harshness of the external environment like Hand Geometry Recognition and Fingerprint Recognition.

Voice analysis security system:

A person’s voice is one of a human being’s most unique attributes as individual as fingerprints and retinas. It is used to verify a person’s claimed identity or to identity a particular person by evaluating his or her voice . That is why voice Biometrics solutions provide powerful and convenient methods of authentication.

Voice Biometric solutions which balance strong authentication with usability provide powerful tools for preventing fraud and promoting empowerment through self service and helps organisations save money and reduce administration costs.

There’s been a sharp increase in the number of companies using voice Biometric technology in the past few years.

Voice is the only available Biometric identifier over landline.

Unlike passwords and other log in information, people can’t lose or forget their voice.

Voice Biometrics cannot be impersonated. Attempts to impersonate usually fail due to the distinctive details of the voiceprint used for comparison .

Voice Biometrics reduces the amount of time that each agent spends with each caller , creating additional overhead savings .

Voice Biometrics can enhance an organisation’s existing security methods to enable multi factor authentication by adding few more features to recognise the person.

Biometrics sensors on mobile devices all  work on the same basic principle getting users to verify their identity using unique personal physical characteristics.

With the latest technology, people can choose Biometric authentication options which includes facial recognition, fingerprint and so on. These biometric authentication technologies continue to improve with more sophisticated sensors and algorithms helping to reduce false acceptance rates and block attempts at spoofing.

On the other hand, Biometric must take into account user convenience and environmental considerations such as how quickly the user can unlock the devices and in what bade it will work effectively.

It requires controlled and accurate enrollment process and careful monitoring of security settings to ensure that the risk of unauthorized entry is low and well designed interfaces to ensure rapid acquisition and matching poor system design and implementation can slow down the authentication process and expose new vulnerabilities.

Verification of identity:

  • Non-identification:

This will check that the person who is checking is not enrolled on the system before and on database.

  • Closed-set identification:

It recognizes a person by sue in one of the characteristics which is being the closest match to a person on a master database of such characteristics.

  • Open-set identification:

This means that the person is not that who claim to be and rejecting as a fake identity or performing closed-set identification to match the characteristics.

The analyses the principle to understand the application problem for developer , user and observer.

To know more about the pros and cons of biometric technology you can refer to the link mentioned :