Abstract
With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.
Similar content being viewed by others
References
K. Zhang, X. H. Liang, X. M. Shen, R. X. Lu. Exploiting multimedia services in mobile social networks from security and privacy perspectives. IEEE Communications Magazine, vol. 52, no. 3, pp. 58–65, 2014.
I. Muslukhov, Y. Boshmaf, C. Kuo, J. Lester, K. Beznosov. Understanding users’ requirements for data protection in smartphones. In Proceedings of the 28th International Conference on Data Engineering Workshops, IEEE, Arlington, USA, pp. 228–235, 2012.
M. La Polla, F. Martinelli, D. Sgandurra. A survey on security for mobile devices. IEEE Communications Surveys and Tutorials, vol. 15, no. 1, pp. 446–471, 2013.
D. Ghosh, A. Joshi, T. Finin, P. Jagtap. Privacy control in smart phones using semantically rich reasoning and context modeling. In Proceedings of 2012 IEEE Symposium on Security and Privacy Workshops, IEEE, San Francisco, USA, pp. 82–85, 2012.
N. L. Clarke, S. M. Furnell. Authentication of users on mobile telephones-A survey of attitudes and practices. Computers & Security, vol. 24, no. 7, pp. 519–527, 2005.
T. Alhussain, R. AlGhamdi, S. Alkhalaf, O. Alfarraj. Users’ perceptions of mobile phone security: A survey study in the Kingdom of Saudi Arabia. International Journal of Computer Theory and Engineering, vol. 5, no. 5, pp. 793–796, 2013.
C. Herley, P. C. Van Oorschot, A. S. Patrick. Passwords: If we’re so smart, why are we still using them?. In Proceedings of the 13th International Conference, Lecture Notes in Computer Science, Springer, Accra Beach, Barbados, vol. 5628, pp. 230–237, 2009.
N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, S. Mller, S. On the need for different security methods on mobile phones. In Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services, ACM, New York, USA, pp. 465–473, 2011.
A. Jain, R. Bolle, S. Pankanti. Introduction to biometrics. Biometrics, A. Jain, R. Bolle, S. Pankanti, Eds., USA: Springer, pp. 1–41, 1996.
A. Pocovnicu. Biometric security for cell phones. Informatica Economică, vol. 13, no. 1, pp. 57–63, 2009.
M. Tamviruzzaman, S. I. Ahamed, C. S. Hasan, O. Casey. ePet: When cellular phone learns to recognize its owner. In Proceedings of the 2nd ACM Workshop on Assurable and Usable Security Configuration, ACM, New York, USA, pp. 13–17, 2009.
I. Muslukhov. Survey: Data protection in smartphones against physical threats. Term Project Papers on Mobile Security, The University of British Columbia, Canada, 2012.
M. Theoharidou, A. Mylonas, D. Gritzalis. A risk assessment method for smartphones. In Proceedings of the 27th IFIP TC 11 Information Security and Privacy Conference, Springer, Heraklion, Greece, vol. 376, pp. 443–456, 2012.
T. Dorflinger, A. Voth, J. Kramer, R. Fromm. My smartphone is a safe! The user’s point of view regarding novel authentication methods and gradual security levels on smartphones. In Proceedings of the 2010 International Conference on Security and Cryptography, IEEE, Athens, Greece, pp. 1–10, 2010.
A. Arif, M. Pahud, K. Hinckley, W. Buxton. A tap and gesture hybrid method for authenticating smartphone users. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services, ACM, New York, USA, pp. 486–491, 2013.
M. Meints, H. Biermann, M. Bromba, C. Busch, G. Hornung, G. Quiring-Kock. Biometric systems and data protection legislation in Germany. In Proceedings of the International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IEEE, Harbin, China, pp. 1088–1093, 2008.
S. Furnell, N. Clarke, S. Karatzouni. Beyond the PIN: Enhancing user authentication for mobile devices. Computer Fraud and Security, vol. 2008, no. 8, pp. 12–17, 2008.
M. Jakobsson, E. Shi, P. Golle, R. Chow. Implicit authentication for mobile devices. In Proceedings of the 4th USENIX Conference on Hot Topics in Security, USENIX Association, Berkeley, USA, pp. 9, 2009.
L. F. Wu, X. J. Du, X. W. Fu. Security threats to mobile multimedia applications: Camera-based attacks on mobile phones. IEEE Communications Magazine, vol. 52, no. 3, pp. 80–87, 2014.
A. De Luca, A. Hang, F. Brudy, C. Lindner, H. Hussmann. Touch me once and I know it’s you!: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, Austin, USA, pp. 987–996, 2012.
A. De Luca, M. Harbach, E. Von Zezschwitz, M. E. Maurer, B. E. Slawik, H. Hussmann, M. Smith. Now you see me, now you don’t: Protecting smartphone authentication from shoulder surfers. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, USA, pp. 2937–2946, 2014.
A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, J. M. Smith. Smudge attacks on smartphone touch screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies, USENIX Association, Berkeley, USA, 2010.
A. De Luca, E. Von Zezschwitz, N. D. H. Nguyen, M. E. Maurer, E. Rubegni, M. P. Scipioni, M. Langheinrich. Backof-device authentication on smartphones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, USA, pp. 2389–2398, 2013.
W. Jeon, J. Kim, Y. Lee, D. Won. A practical analysis of smartphone security. In Proceedings of the Symposium on Human Interface 2011, Lecture Notes in Computer Science, Springer, Orlando, USA, vol. 6771, pp. 311–320, 2011.
M. Qi, Y. H. Lu, J. S. Li, X. L. Li, J. Kong. User-specific iris authentication based on feature selection. In Proceedings of the 2008 International Conference on Computer Science and Software Engineering, IEEE, Wuhan, China, vol. 1, pp. 1040–1043, 2008.
A. Goode. Bring your own finger-how mobile is bringing biometrics to consumers. Biometric Technology Today, vol. 2014, no. 5, pp. 5–9, 2014.
Descartes Biometrics. ERGO ear biometric app: Unlock your phone with your ear, [Online], Available: http://www.descartesbiometrics.com/ergo-app/, February 10, 2015.
S. Furnell, N. Clarke. Biometrics: Making the mainstream. Biometric Technology Today, vol. 2014, no. 1, pp. 5–9, 2014.
Apple-iPhone-Compare models, [Online], Available: http://www.apple.com/iphone/compare/, February 10, 2015.
M. Campbell. Apple further details new Touch ID fingerprint sensor, notes system is not flawless. September 11, 2013, [Online], Available: http://appleinsider.com/articles/13/09/11/apple-furtherdetails-new-touch-id-fingerprint-sensor-notes-system-isnot-flawless, February 11, 2015.
HTC one max-about the fingerprint scanner, [Online], Available: http://www.htc.com/us/support/htc-one-max/ howto/445037.html, February 10, 2015.
Samsung GALAXY S5, [Online], Available: http://www.samsung.com/global/microsite/ galaxys5/features.html, February 11, 2015.
P. N. A. Fahmi, E. Kodirov, D. J. Choi, G. S. Lee, A. Mohd Fikri Azli, S. Sayeed. Implicit authentication based on ear shape biometrics using smartphone camera during a call. In Proceedings of International Conference on Systems, Man, and Cybernetics, IEEE, Seoul, South Korea, pp. 2272–2276, 2012.
E. Shi, Y. Niu, M. Jakobsson, R. Chow. Implicit authentication through learning user behavior. In Proceedings of the 13th International Conference, Lecture Notes in Computer Science, Springer, Boca Raton, USA, vol. 6531, pp. 99–113, 2011.
J. D. Lee, Y. S. Jeong, J. H. Park. A rhythm-based authentication scheme for smart media devices. The Scientific World Journal, vol. 2014, pp. 781014, 2014.
F. D. Li, N. Clarke, M. Papadaki, P. Dowland. Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security, vol. 13, no. 3, pp. 229–244, 2014.
D. Gafurov, K. Helkala, T. Sndrol. Biometric gait authentication using accelerometer sensor. Journal of Computers, vol. 1, no. 7, pp. 51–59, 2006.
T. Hoang, D. Choi. Secure and privacy enhanced gait authentication on smart phone. The Scientific World Journal, vol. 2014, pp. 438254, 2014.
C. S. Koong, T. I. Yang, C. C. Tseng. A user authentication scheme using physiological and behavioral biometrics for multitouch devices. The Scientific World Journal, vol. 2014, pp. 781234, 2014.
Cardiograph, [Online], Available: https://play.google.com/store/apps/detailsid=com. macropinch. hydra. android&hl=en, February 11, 2015.
Y.D. Lin, H.Y. Ho, C. C. Tsai, S. F.Wang, K. P. Lin, H. H. Chang. Simultaneous heartbeat and respiration monitoring using PPG and RIIV on a smartphone device. Biomedical Engineering: Applications, Basis and Communications, vol. 25, no. 4, pp. 1350041, 2013.
P. S. Sanjekar, J. B. Patil. An overview of multimodal biometrics. Signal & Image Processing: An International Journal, vol. 4, no. 1, pp. 57–64, 2013.
H. Aronowitz, M. Li, O. Toledo-Ronen, S. Harary, A. Geva, S. Ben-David, A. Rendel, R. Hoory, N. Ratha, S. Pankanti, D. Nahamoo. Multi-modal biometrics for mobile authentication. In Proceedings of the 2014 IEEE International Joint Conference on Biometrics, IEEE, Clearwater, USA, pp. 1–8, 2014.
P. Ruggiero, J. Foote. Cyber threats to mobile phones. In Proceedings of Operating Systems Design and Implementation, Carnegie Mellon University, Carnegie, USA, pp. 1–6, 2011.
K. I. Shin, J. S. Park, Y. J. Lee, J. H. Park. Design and implementation of improved authentication system for android smartphone users. In Proceedings of the 26th International Conference on Advanced Information Networking and Applications Workshops, IEEE, Fukuoka, Japan, pp. 704–707, 2012.
H. Khan, U. Hengartner. Towards application-centric implicit authentication on smartphones. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, ACM, New York, USA, 2014.
S. Chris, C. Nickel, C. Busch. Fingerphoto recognition with smartphone cameras. In Proceedings of International Conference of the Biometrics Special Interest Group, IEEE, Darmstadt, Germany, pp. 1–12, 2012.
F. Schaub, M. Walch, B. Knings, M. Weber. Exploring the design space of graphical passwords on smartphones. In Proceedings of the 9th Symposium on Usable Privacy and Security, ACM, New York, USA, 2013.
W. Z. Meng, D. S.Wong, L. F. Kwok. The effect of adaptive mechanism on behavioural biometric based mobile phone authentication. Information Management & Computer Security, vol. 22, no. 2, pp. 155–166, 2014.
K. W. Bowyer, K. P. Hollingsworth, P. J. Flynn. A survey of iris biometrics research: 2008–2010. Handbook of Iris Recognition, Mark J. Burge, K. W. Bowyer, Eds., London, UK: Springer, pp. 15–54, 2013.
L. Lane. International standards bodies address biometric security. Biometric Technology Today, vol. 2011, no. 8, pp. 2, 2011.
A. Buchoux, N. L. Clarke. Deployment of keystroke analysis on a smartphone. In Proceedings of Australian Information Security Management Conference, Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia, 2008.
L. Wang, R. F. Li, K. Wang, J. Chen. Feature representation for facial expression recognition based on FACS and LBP. International Journal of Automation and Computing, vol. 11, no. 5, pp. 459–468, 2014.
I. A. Lami, T. Kuseler, H. Al-Assam, S. Jassim. LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance. In Proceedings of the 18th Telecommunications Forum, IEEE, Belgrade, Serbia, pp. 151–154, 2010.
J. Fenske. Biometrics in new era of mobile access control. Biometric Technology Today, vol. 2012, no. 9, pp. 9–11, 2012.
Y. Zheng, J. C. Xia, D. K. He. Trusted user authentication scheme combining password with fingerprint for mobile devices. In Proceedings of the International Symposium on Biometrics and Security Technologies, IEEE, Islamabad, Pakistan, pp. 1–8, 2008.
L. J. Li, X. X. Zhao, G. L. Xue. Unobservable reauthentication for smartphones. In Proceedings of the 20th Network and Distributed System Security Symposium, San Diego, USA, vol. 13, 2013.
S. Kang, J. Kim, M. Hong. Go anywhere: User-verifiable authentication over distance-free channel for mobile devices. Personal and Ubiquitous Computing, vol. 17, no. 5, pp. 933–943, 2013.
S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, S. Ben-David. Biometric authentication on a mobile device: A study of user effort, error and task disruption. In Proceedings of the 28th Annual Computer Security Applications Conference, ACM, New York, USA, pp. 159–168, 2012.
Author information
Authors and Affiliations
Corresponding author
Additional information
Recommended by Associate Editor Jangmyung Lee
Syeda Mariam Muzammal received B. Sc. degree in computer science from COMSATS Institute of Information Technology, Islamabad, Pakistan in 2012. Currently, she is a master student in computer science at COMSATS Institute of Information Techology, Islamabad, Pakistan. Her M. Sc. dissertation topic is based on Security Attacks and User’s Privacy Protection in Smartphones.
Her research interests include, security risks and threats in smartphones, ethical hacking, information security, data warehousing and expert systems.
ORCID iD: 0000-0003-2960-1814
Munam Ali Shah received the B. Sc. and M. Sc. degrees, both in computer science from University of Peshawar, Pakistan in 2001 and 2003, respectively. He received the M. Sc. degree in security technologies and applications from University of Surrey, UK in 2010, and received the Ph.D. degree from University of Bedfordshire, UK in 2013. Since July 2004, he has been an assistant professor, Department of Computer Science, COMSATS Institute of Information Technology, Islamabad, Pakistan. He is the author of more than 30 research articles published in various conferences and journals. He also received the Best Paper Award of the International Conference on Automation and Computing in 2012.
His research interests include MAC protocol design, QoS and security issues in wireless communication systems.
ORCID iD: 0000-0002-4037-3405
Si-Jing Zhang received his B. Sc. and M. Sc. degrees, both in computer science, from Jilin University China in 1982 and 1988, respectively. He received a Ph.D. degree in computer science from the University of York, UK in 1997. He joined the Network Technology Research Centre of Nanyang Technological University, Singapore, as a post-doctoral fellow in 1996, and he then returned to the UK to work as a research fellow with the Centre for Communication Systems Research of the University of Cambridge, UK in 1998. He joined the University of Derby, UK as a senior lecturer in 2000. Since October 2004, he has been working as a Senior lecturer with the University of Bedfordshire.
Hong-Ji Yang received the B. Sc. and M. Sc. degrees from Jilin University, China in 1982 and 1985, respectively, and received the Ph.D. degree from Durham University, UK. He served as a programme co-chair at IEEE International Conference on Software Maintenance 1999 and is serving as the programme chair at IEEE Computer Software and Application Conference 2002. He is chief editor of the International Journal of Creative Computing. He has published five books and well over 300 papers in software engineering, computer networking and creative computing. He is deputy director of the Centre for Creative Computing at Bath Spa University, UK.
His current research interests include software engineering and creative computing.
Rights and permissions
About this article
Cite this article
Muzammal, S.M., Shah, M.A., Zhang, SJ. et al. Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices. Int. J. Autom. Comput. 13, 350–363 (2016). https://doi.org/10.1007/s11633-016-1011-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11633-016-1011-5