Biometric authentication for mobile computing applications:

September 21st, 2019

The development of mobile communication:

The internet and other technological advances have certainly changed the way we do things today. Even the most mundane things can now be accomplished through various ways and means, which have a lot to do with technology. Just look at customer behavior, particularly on how they shop and where they shop, and you will see a marked difference from the time before the internet and e-commerce came about in mobile computing applications.

For a while, e-commerce has been a major catchphrase in business. E-commerce, also known as electronic commerce, was about trading products and services via the internet and other computer networks and electronic systems. These activities include, but are not limited to, banking, insurance, advertising and warehousing. Even transportation transactions were also completed using e-commerce. Basically, e-commerce was broadly referred to as conducting business on the internet.

The evolution of how we transact did not stop there.

 The development of M-commerce:

The increasing usage of mobile and telecommunication devices acted as another precursor to change, and that change led to the rise of mobile commerce, also known as m-commerce.

The simplest way to describe mobile commerce would be the buying and selling of products – or the conduct of commercial transactions and activities – through telecommunication and other mobile devices that run or operate on wireless network technologies.

It is safe to say that m-commerce is an upgraded version of e-commerce. In fact, m-commerce has been defined as the conduct of e-commerce activities using mobile or cellular devices. If business transactions involve the use of wireless telecommunication networks, then it is highly likely to fall under m-commerce.

While terminologies such as internet banking, electronic money transfers and online shopping were very exciting and phenomenal-in the past decade, what excites consumers now is mobile banking, money transfer via mobile and mobile bookings among many others.

Biometric process:

Biometric systems depend on some separate processes: enrollment, live capture, template extraction and comparison. The purpose of enrollment is to gather and store biometric samples beside creating numerical templates for any future comparisons. By storing the raw samples, new replacement templates can be generated in the event that a new or updated comparison algorithm is presented to the system.

Template extraction needs signal processing of the raw biometric samples  to yield a numerical template. Templates are typically generated and stored upon enrollment to secure processing time upon upcoming comparisons. Comparison of two biometric templates applies algorithmic computations to measure their likeness. At comparison level, a match score is allocated. If it is above a specified threshold, the templates are considered a match.

For better recognition rate, multiple samples for each individual are gathered through registration. At the verification step, similar set of features which have been extracted through enrollment process are extracted from the input samples scanned or recorded using input devices, to form the feature vectors. Verification is 1 to 1 matching. Within verification, the individual claims his or her identity which is confirmed by comparing these feature vectors by the feature vectors of the individual which he or she claimed to be. If the matching rate crosses the threshold then the system will validate the individual as authentic user, or the individual will be rejected.

Security Issues in Mobile Computing Applications:

The mobile computing is the communication between computing devices without a physical connection between them through wireless networks, which mean there are some of new mobile security issues that are originated from wireless security issues. The security issues and threats of mobile computing can be divided into two categories: security issues that related to transmission of information over wireless networks, and the issues that related to information and data residing on mobile devices.

  • Wireless Security Issues:

The security issues that related of wireless networks are happened by intercepted of their radio signals by hacker, and by non-management of its network entirely by user because most of wireless networks are dependent on other private networks which managed by others, so the user has less control of security procedures.

  • Denial of Service:

It’s one of common attacks of all kinds of networks and specially in wireless network, which mean the prevent of users from using network services by sending large amounts of unneeded data or connection requests to the communication server by an attacker which cause slow network and therefore the users cannot benefit from the use of its service .

  • Traffic Analysis:

It’s identifying and monitoring the communicating between users through listening to traffic flowing in the wireless channel, in order to access to private information of users that can be badly used by attacker .

  • Eavesdropping:

The attacker can be log on to the wireless network and get access to sensitive data, this happens if the wireless networks was not enough secure and also the information was not encrypted.

  • Session Interception and Messages Modification:

Its interception the session and modify transmitted data in this session by the attacker through scenario which called: man-in-the-middle which inserts the attacker’s host between sender and receiver host .

  • Spoofing:

The attacker is impersonating an authorized account of another user to access sensitive data and unauthorised services.

  • Captured and Re transmitted Messages:

Its can get some of network services to attacker by get unauthorized access through capture a total message and replay it with some modifications to the same destination or another.


Security Techniques And Requirement:

There are a number of security requirements which valid with security issues relating to distributed systems, such as identification and authentication of trusted people by using authentication mechanisms like passwords, cryptographic techniques, access control by using information and rules of access control, information confidentiality by using mechanisms of confidentiality like encryption, information integrity by using integrity mechanisms those provide a verification of integrity checks and availability and prevention of denial of service. Security requirements which related to traditional computing, but with mobile computing the security requirements have become highly important, especially with regard to data security. One of the most important security measures is maintaining of the latest update of network or mobile elements and their software. There are different security requirements and techniques which valid for both mobile devices and networks, some of them include:

  • Encryption:

If there is an important information that stored in a mobile device, it should be encrypt this information to save it from unauthorized access by external party or in case if a mobile is stolen. It also contributes to the security aspects of confidentiality and integrity.

  • Standards:

It should ensure that the mobile devices are protected and have a set of requirements like: locking, backups, antivirus software, and a strong password protection

  • Network Access Control (NAC) solutions:

This is a system used to check which mobile devices trying to connect to the network, that’s provide protection of the network from any infections or malicious code that may damage of mobile devices .

  • Control Access:

Control access to functions of mobile computing systems depending on the current location of the user, and there are already some security models which identifies some functions to certain user to use these functions.

  • Application Sand boxing:

When creating mobile applications, it determined declarative permissions which will not be changed at run time of application, these permissions can be improve to the security aspect of mobile devices by isolation and control of application from accessing to the system or interact with other applications that may be infected by malware code and virus, it also contributes to determine of resources that may be shared.


They have been reviewing some of the security requirements for mobile computing, which included: Encryption, Standards, Network Access Control, Control access to functions depending on location of user, Application Sand boxing, and Memory Randomization are also the integral part of mobile computing applications.