Abstract
The Android operating system is the most popular mobile operating system resulting in a great number of applications being developed for the platform. This makes them vulnerable to security threats such as social engineering, shoulder surfing and Malware. Therefore, Android devices require a secure authentication scheme in order to control access to the device. This paper briefly discusses the mobile security threats, the authentication protocols and Android Security. Then the paper presents an analysis of some of the authentication schemes that are used in mobile devices and some of the threats and technical issues faced. Authentication schemes discussed include password/pin, pattern based authentication, fingerprint recognition, facial recognition, vocal recognition and iris based authentication. In discussing the various authentication methods, it was observed that while biometric based authentication schemes offered the greatest level of security, there was always a trade-off between computational complexity and ease of use/implementation/cost that ensured that more traditional authentication schemes, while not as secure as biometric schemes, are still widely used in mobile devices.
Similar content being viewed by others
References
Kharpal A (2016) Google Android hits market share record with nearly 9 in every 10 smartphones using it. [Online]. Available: https://www.cnbc.com/2016/11/03/google-android-hits-market-share-record-with-nearly-9-in-every-10-smartphones-using-it.html. [Accessed: 13 May 2018]
Schlöglhofer R, Sametinger J (2012) Secure and usable authentication on mobile devices. In: Khalil I (ed) Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia (MoMM ‘12), p 257–262
Hashizume K, Rosado DG, Fernández-Medina E, Fernandez EB (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1):1–13
Nagpal D, Sharma D (2016) Survey on threats attacks and implement ation of security in cloud infrastructure. Int J Res Comput Appl Robot 4(5):55–61
Patel SN, Pierce JS, Abowd GD (2004) A gesture-based authentication scheme for untrusted public terminals. In: Proceedings of the 17th annual ACM symposium on User interface software and technology - UIST ‘04
Maydebura SV, Jeong DH, Yu B (2013) Understanding environmental influences on performing password-based mobile authentication. In: 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI), p 728–731
Greitzer FL, Strozer JR, Cohen S, Moore AP , Mundie D, Cowley J (2014) Analysis of unintentional insider threats deriving from social engineering exploits. In: Proceedings - IEEE Symposium on Security and Privacy, vol. 2014–January, p 236–250
Chantal M, Lee SW, Kim KH (2017) A security analysis and reinforcement design adopting fingerprints over drawbacks of passwords based authentication in remote home automation control system. In: Proceedings of the 6th International Conference on Informatics, Environment, Energy and Applications - IEEA ‘17, New York, New York, USA, p 71–75
Singh V, Sharma K (2016) Smartphone security. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies - ICTCS ‘16, New York, New York, USA, p 1–3
Krupskiy A, Blessinga R, Scholte J, Jansen S (2017) Mobile software security threats in the software ecosystem, a call to arms. In: International Conference of Software Business. Springer, Cham, pp 161–175
Shen J, Gui Z, Ji S, Shen J, Tan H, Tang Y (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl 106:117–123
Lin Q, Yan H, Huang Z, Chen W, Shen J, Tang Y (2018) An ID-based linearly homomorphic signature scheme and its application in Blockchain. IEEE Access 6:20632–20640
Al-Riyami SS, Paterson KG (2003) Certificateless public key cryptography. Springer, Berlin, Heidelberg, pp 452–473
Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018) Significant permission identification for machine learning based android malware detection. In: IEEE Transactions on Industrial Informatics. IEEE. https://doi.org/10.1109/TII.2017.2789219
Schmidt A, Schmidt H, Clausen J, Camtepe A, Albayrak S (2008) Enhancing security of linux-based android devices. In: Proceedings of 15th International Linux Kongress
Android Open Source Project (2017) Android open source project. [Online]. Available: https://source.android.com/. [Accessed: 13-May-2018]
Smalley S, Craig R (2013) Security Enhanced (SE) Android: Bringing Flexible MAC to Android. 20th Annual Network and Distributed System Security Symposium, vol. 310, p 20–38
Rashidi B, Fung C (2015) A survey of android security threats and defenses. JoWUA 6(3):3–35
Ahmed O, Sallow A (2017) Android security: a review. Acad J Nawroz Univ 6(3):135–140
Cai Z, Yan H, Li P, Huang ZA, Gao C (2017) Towards secure and flexible EHR sharing in mobile health cloud under static assumptions. Clust Comput 20(3):2415–2422
Harbach M, De Luca A, Egelman S (2016) The anatomy of smartphone unlocking. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI ‘16, New York, New York, USA, p. 4806–4817
Nguyen TV, Sae-Bae N, Memon N (2017) DRAW-A-PIN: authentication using finger-drawn PIN on touch devices. Comput Secur 66:115–128
Ye G, Tang Z, Fangy D, Cheny X, Kimz KI, Taylorx B, Wang Z (2017) Cracking android pattern lock in five attempts. In: Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17), Reston VA
Uddin MN, Sharmin S, Hasnat A, Ahmed S, Hasan E (2011) A survey of biometrics security system. IJCSNS 11(10):16–23
Vazquez-Fernandez E, Gonzalez-Jimenez D (2016) Face recognition for authentication on mobile devices. Image Vis Comput 55:31–33
Jakobsson M, Shi E, Golle P, Chow R (2009) Implicit authentication for mobile devices. USENIX Association
Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons Fractals 35(3):519–524
Matsumoto T, Matsumoto H, Yamada K, Hoshino S (2002) Impact of artificial ‘gummy’ fingers on fingerprint systems. In: Proceedings of SPIE Vol. #4677, Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677, p 275–289
Derakhshani R, Schuckers SAC, Hornak LA, O’Gorman L (2003) Determination of vitality from a non-invasive biomedical measurement for use in fingerprint scanners. Pattern Recogn 36(2):383–396
Bourlai T, Hornak LA (2016) Face recognition outside the visible spectrum. Image Vis Comput 55:14–17
Dave G, Chao X, Sriadibhatla K (2010) Face recognition in mobile phones. Department of Electrical Engineering Stanford University, USA
Johnson RC, Scheirer WJ, Boult TE (2013) Secure voice based authentication for mobile devices: vaulted voice verification. Proceedings of SPIE 8712, Biometric and Surveillance Technology for Human and Activity Identification X, 87120P. https://doi.org/10.1117/12.2015649
Gragnaniello D, Sansone C, Verdoliva L (2015) Iris liveness detection for mobile devices based on local descriptors. Pattern Recogn Lett 57:81–87
Kim D, Jung Y, Toh K-A, Son B, Kim J (2016) An empirical study on iris recognition in a mobile phone. Expert Syst Appl 54:328–339
Jung Y, Kim D, Son B, Kim J (2017) An eye detection method robust to eyeglasses for mobile iris recognition. Expert Syst Appl 67:178–188
Nok Nok Labs, Four barriers to adopting strong authentication. [Online]. Available: https://www.noknok.com/sites/default/files/whitepapers/4barrierswhitepaper_0.pdf. [Accessed: 20 Jun 2017]
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kunda, D., Chishimba, M. A Survey of Android Mobile Phone Authentication Schemes. Mobile Netw Appl 26, 2558–2566 (2021). https://doi.org/10.1007/s11036-018-1099-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-018-1099-7