Skip to main content
SpringerLink
Log in

Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices

  • Research Article
  • Published:
International Journal of Automation and Computing Aims and scope Submit manuscript

Abstract

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. K. Zhang, X. H. Liang, X. M. Shen, R. X. Lu. Exploiting multimedia services in mobile social networks from security and privacy perspectives. IEEE Communications Magazine, vol. 52, no. 3, pp. 58–65, 2014.

    Article  Google Scholar 

  2. I. Muslukhov, Y. Boshmaf, C. Kuo, J. Lester, K. Beznosov. Understanding users’ requirements for data protection in smartphones. In Proceedings of the 28th International Conference on Data Engineering Workshops, IEEE, Arlington, USA, pp. 228–235, 2012.

    Google Scholar 

  3. M. La Polla, F. Martinelli, D. Sgandurra. A survey on security for mobile devices. IEEE Communications Surveys and Tutorials, vol. 15, no. 1, pp. 446–471, 2013.

    Article  Google Scholar 

  4. D. Ghosh, A. Joshi, T. Finin, P. Jagtap. Privacy control in smart phones using semantically rich reasoning and context modeling. In Proceedings of 2012 IEEE Symposium on Security and Privacy Workshops, IEEE, San Francisco, USA, pp. 82–85, 2012.

    Chapter  Google Scholar 

  5. N. L. Clarke, S. M. Furnell. Authentication of users on mobile telephones-A survey of attitudes and practices. Computers & Security, vol. 24, no. 7, pp. 519–527, 2005.

    Article  Google Scholar 

  6. T. Alhussain, R. AlGhamdi, S. Alkhalaf, O. Alfarraj. Users’ perceptions of mobile phone security: A survey study in the Kingdom of Saudi Arabia. International Journal of Computer Theory and Engineering, vol. 5, no. 5, pp. 793–796, 2013.

    Article  Google Scholar 

  7. C. Herley, P. C. Van Oorschot, A. S. Patrick. Passwords: If we’re so smart, why are we still using them?. In Proceedings of the 13th International Conference, Lecture Notes in Computer Science, Springer, Accra Beach, Barbados, vol. 5628, pp. 230–237, 2009.

    Article  Google Scholar 

  8. N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, S. Mller, S. On the need for different security methods on mobile phones. In Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services, ACM, New York, USA, pp. 465–473, 2011.

    Google Scholar 

  9. A. Jain, R. Bolle, S. Pankanti. Introduction to biometrics. Biometrics, A. Jain, R. Bolle, S. Pankanti, Eds., USA: Springer, pp. 1–41, 1996.

    Google Scholar 

  10. A. Pocovnicu. Biometric security for cell phones. Informatica Economică, vol. 13, no. 1, pp. 57–63, 2009.

    Google Scholar 

  11. M. Tamviruzzaman, S. I. Ahamed, C. S. Hasan, O. Casey. ePet: When cellular phone learns to recognize its owner. In Proceedings of the 2nd ACM Workshop on Assurable and Usable Security Configuration, ACM, New York, USA, pp. 13–17, 2009.

    Chapter  Google Scholar 

  12. I. Muslukhov. Survey: Data protection in smartphones against physical threats. Term Project Papers on Mobile Security, The University of British Columbia, Canada, 2012.

    Google Scholar 

  13. M. Theoharidou, A. Mylonas, D. Gritzalis. A risk assessment method for smartphones. In Proceedings of the 27th IFIP TC 11 Information Security and Privacy Conference, Springer, Heraklion, Greece, vol. 376, pp. 443–456, 2012.

    Google Scholar 

  14. T. Dorflinger, A. Voth, J. Kramer, R. Fromm. My smartphone is a safe! The user’s point of view regarding novel authentication methods and gradual security levels on smartphones. In Proceedings of the 2010 International Conference on Security and Cryptography, IEEE, Athens, Greece, pp. 1–10, 2010.

    Google Scholar 

  15. A. Arif, M. Pahud, K. Hinckley, W. Buxton. A tap and gesture hybrid method for authenticating smartphone users. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services, ACM, New York, USA, pp. 486–491, 2013.

    Google Scholar 

  16. M. Meints, H. Biermann, M. Bromba, C. Busch, G. Hornung, G. Quiring-Kock. Biometric systems and data protection legislation in Germany. In Proceedings of the International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IEEE, Harbin, China, pp. 1088–1093, 2008.

    Google Scholar 

  17. S. Furnell, N. Clarke, S. Karatzouni. Beyond the PIN: Enhancing user authentication for mobile devices. Computer Fraud and Security, vol. 2008, no. 8, pp. 12–17, 2008.

    Article  Google Scholar 

  18. M. Jakobsson, E. Shi, P. Golle, R. Chow. Implicit authentication for mobile devices. In Proceedings of the 4th USENIX Conference on Hot Topics in Security, USENIX Association, Berkeley, USA, pp. 9, 2009.

    Google Scholar 

  19. L. F. Wu, X. J. Du, X. W. Fu. Security threats to mobile multimedia applications: Camera-based attacks on mobile phones. IEEE Communications Magazine, vol. 52, no. 3, pp. 80–87, 2014.

    Article  Google Scholar 

  20. A. De Luca, A. Hang, F. Brudy, C. Lindner, H. Hussmann. Touch me once and I know it’s you!: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, Austin, USA, pp. 987–996, 2012.

    Google Scholar 

  21. A. De Luca, M. Harbach, E. Von Zezschwitz, M. E. Maurer, B. E. Slawik, H. Hussmann, M. Smith. Now you see me, now you don’t: Protecting smartphone authentication from shoulder surfers. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, USA, pp. 2937–2946, 2014.

    Google Scholar 

  22. A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, J. M. Smith. Smudge attacks on smartphone touch screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies, USENIX Association, Berkeley, USA, 2010.

    Google Scholar 

  23. A. De Luca, E. Von Zezschwitz, N. D. H. Nguyen, M. E. Maurer, E. Rubegni, M. P. Scipioni, M. Langheinrich. Backof-device authentication on smartphones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, USA, pp. 2389–2398, 2013.

    Chapter  Google Scholar 

  24. W. Jeon, J. Kim, Y. Lee, D. Won. A practical analysis of smartphone security. In Proceedings of the Symposium on Human Interface 2011, Lecture Notes in Computer Science, Springer, Orlando, USA, vol. 6771, pp. 311–320, 2011.

    Google Scholar 

  25. M. Qi, Y. H. Lu, J. S. Li, X. L. Li, J. Kong. User-specific iris authentication based on feature selection. In Proceedings of the 2008 International Conference on Computer Science and Software Engineering, IEEE, Wuhan, China, vol. 1, pp. 1040–1043, 2008.

    Article  Google Scholar 

  26. A. Goode. Bring your own finger-how mobile is bringing biometrics to consumers. Biometric Technology Today, vol. 2014, no. 5, pp. 5–9, 2014.

    Article  Google Scholar 

  27. Descartes Biometrics. ERGO ear biometric app: Unlock your phone with your ear, [Online], Available: http://www.descartesbiometrics.com/ergo-app/, February 10, 2015.

  28. S. Furnell, N. Clarke. Biometrics: Making the mainstream. Biometric Technology Today, vol. 2014, no. 1, pp. 5–9, 2014.

    Article  Google Scholar 

  29. Apple-iPhone-Compare models, [Online], Available: http://www.apple.com/iphone/compare/, February 10, 2015.

  30. M. Campbell. Apple further details new Touch ID fingerprint sensor, notes system is not flawless. September 11, 2013, [Online], Available: http://appleinsider.com/articles/13/09/11/apple-furtherdetails-new-touch-id-fingerprint-sensor-notes-system-isnot-flawless, February 11, 2015.

    Google Scholar 

  31. HTC one max-about the fingerprint scanner, [Online], Available: http://www.htc.com/us/support/htc-one-max/ howto/445037.html, February 10, 2015.

  32. Samsung GALAXY S5, [Online], Available: http://www.samsung.com/global/microsite/ galaxys5/features.html, February 11, 2015.

  33. P. N. A. Fahmi, E. Kodirov, D. J. Choi, G. S. Lee, A. Mohd Fikri Azli, S. Sayeed. Implicit authentication based on ear shape biometrics using smartphone camera during a call. In Proceedings of International Conference on Systems, Man, and Cybernetics, IEEE, Seoul, South Korea, pp. 2272–2276, 2012.

    Google Scholar 

  34. E. Shi, Y. Niu, M. Jakobsson, R. Chow. Implicit authentication through learning user behavior. In Proceedings of the 13th International Conference, Lecture Notes in Computer Science, Springer, Boca Raton, USA, vol. 6531, pp. 99–113, 2011.

    Article  Google Scholar 

  35. J. D. Lee, Y. S. Jeong, J. H. Park. A rhythm-based authentication scheme for smart media devices. The Scientific World Journal, vol. 2014, pp. 781014, 2014.

    Google Scholar 

  36. F. D. Li, N. Clarke, M. Papadaki, P. Dowland. Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security, vol. 13, no. 3, pp. 229–244, 2014.

    Article  Google Scholar 

  37. D. Gafurov, K. Helkala, T. Sndrol. Biometric gait authentication using accelerometer sensor. Journal of Computers, vol. 1, no. 7, pp. 51–59, 2006.

    Article  Google Scholar 

  38. T. Hoang, D. Choi. Secure and privacy enhanced gait authentication on smart phone. The Scientific World Journal, vol. 2014, pp. 438254, 2014.

    Google Scholar 

  39. C. S. Koong, T. I. Yang, C. C. Tseng. A user authentication scheme using physiological and behavioral biometrics for multitouch devices. The Scientific World Journal, vol. 2014, pp. 781234, 2014.

    Article  Google Scholar 

  40. Cardiograph, [Online], Available: https://play.google.com/store/apps/detailsid=com. macropinch. hydra. android&hl=en, February 11, 2015.

  41. Y.D. Lin, H.Y. Ho, C. C. Tsai, S. F.Wang, K. P. Lin, H. H. Chang. Simultaneous heartbeat and respiration monitoring using PPG and RIIV on a smartphone device. Biomedical Engineering: Applications, Basis and Communications, vol. 25, no. 4, pp. 1350041, 2013.

    Google Scholar 

  42. P. S. Sanjekar, J. B. Patil. An overview of multimodal biometrics. Signal & Image Processing: An International Journal, vol. 4, no. 1, pp. 57–64, 2013.

    Google Scholar 

  43. H. Aronowitz, M. Li, O. Toledo-Ronen, S. Harary, A. Geva, S. Ben-David, A. Rendel, R. Hoory, N. Ratha, S. Pankanti, D. Nahamoo. Multi-modal biometrics for mobile authentication. In Proceedings of the 2014 IEEE International Joint Conference on Biometrics, IEEE, Clearwater, USA, pp. 1–8, 2014.

    Google Scholar 

  44. P. Ruggiero, J. Foote. Cyber threats to mobile phones. In Proceedings of Operating Systems Design and Implementation, Carnegie Mellon University, Carnegie, USA, pp. 1–6, 2011.

    Google Scholar 

  45. K. I. Shin, J. S. Park, Y. J. Lee, J. H. Park. Design and implementation of improved authentication system for android smartphone users. In Proceedings of the 26th International Conference on Advanced Information Networking and Applications Workshops, IEEE, Fukuoka, Japan, pp. 704–707, 2012.

    Chapter  Google Scholar 

  46. H. Khan, U. Hengartner. Towards application-centric implicit authentication on smartphones. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, ACM, New York, USA, 2014.

    Google Scholar 

  47. S. Chris, C. Nickel, C. Busch. Fingerphoto recognition with smartphone cameras. In Proceedings of International Conference of the Biometrics Special Interest Group, IEEE, Darmstadt, Germany, pp. 1–12, 2012.

    Google Scholar 

  48. F. Schaub, M. Walch, B. Knings, M. Weber. Exploring the design space of graphical passwords on smartphones. In Proceedings of the 9th Symposium on Usable Privacy and Security, ACM, New York, USA, 2013.

    Google Scholar 

  49. W. Z. Meng, D. S.Wong, L. F. Kwok. The effect of adaptive mechanism on behavioural biometric based mobile phone authentication. Information Management & Computer Security, vol. 22, no. 2, pp. 155–166, 2014.

    Article  Google Scholar 

  50. K. W. Bowyer, K. P. Hollingsworth, P. J. Flynn. A survey of iris biometrics research: 2008–2010. Handbook of Iris Recognition, Mark J. Burge, K. W. Bowyer, Eds., London, UK: Springer, pp. 15–54, 2013.

    Chapter  Google Scholar 

  51. L. Lane. International standards bodies address biometric security. Biometric Technology Today, vol. 2011, no. 8, pp. 2, 2011.

    Google Scholar 

  52. A. Buchoux, N. L. Clarke. Deployment of keystroke analysis on a smartphone. In Proceedings of Australian Information Security Management Conference, Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia, 2008.

    Google Scholar 

  53. L. Wang, R. F. Li, K. Wang, J. Chen. Feature representation for facial expression recognition based on FACS and LBP. International Journal of Automation and Computing, vol. 11, no. 5, pp. 459–468, 2014.

    Article  Google Scholar 

  54. I. A. Lami, T. Kuseler, H. Al-Assam, S. Jassim. LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance. In Proceedings of the 18th Telecommunications Forum, IEEE, Belgrade, Serbia, pp. 151–154, 2010.

    Google Scholar 

  55. J. Fenske. Biometrics in new era of mobile access control. Biometric Technology Today, vol. 2012, no. 9, pp. 9–11, 2012.

    Article  Google Scholar 

  56. Y. Zheng, J. C. Xia, D. K. He. Trusted user authentication scheme combining password with fingerprint for mobile devices. In Proceedings of the International Symposium on Biometrics and Security Technologies, IEEE, Islamabad, Pakistan, pp. 1–8, 2008.

    Google Scholar 

  57. L. J. Li, X. X. Zhao, G. L. Xue. Unobservable reauthentication for smartphones. In Proceedings of the 20th Network and Distributed System Security Symposium, San Diego, USA, vol. 13, 2013.

  58. S. Kang, J. Kim, M. Hong. Go anywhere: User-verifiable authentication over distance-free channel for mobile devices. Personal and Ubiquitous Computing, vol. 17, no. 5, pp. 933–943, 2013.

    Article  Google Scholar 

  59. S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, S. Ben-David. Biometric authentication on a mobile device: A study of user effort, error and task disruption. In Proceedings of the 28th Annual Computer Security Applications Conference, ACM, New York, USA, pp. 159–168, 2012.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, COMSATS Institute of Information Technology, Islamabad, Pakistan

    Syeda Mariam Muzammal & Munam Ali Shah

  2. Department of Computer Science and Technology, University of Bedfordshire, Luton, LU13JU, UK

    Si-Jing Zhang

  3. Centre for Creative Computing, Bath Spa University, Bath, BA2 9BN, UK

    Hong-Ji Yang

Authors
  1. Syeda Mariam Muzammal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Munam Ali Shah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Si-Jing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hong-Ji Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Munam Ali Shah.

Additional information

Recommended by Associate Editor Jangmyung Lee

Syeda Mariam Muzammal received B. Sc. degree in computer science from COMSATS Institute of Information Technology, Islamabad, Pakistan in 2012. Currently, she is a master student in computer science at COMSATS Institute of Information Techology, Islamabad, Pakistan. Her M. Sc. dissertation topic is based on Security Attacks and User’s Privacy Protection in Smartphones.

Her research interests include, security risks and threats in smartphones, ethical hacking, information security, data warehousing and expert systems.

ORCID iD: 0000-0003-2960-1814

Munam Ali Shah received the B. Sc. and M. Sc. degrees, both in computer science from University of Peshawar, Pakistan in 2001 and 2003, respectively. He received the M. Sc. degree in security technologies and applications from University of Surrey, UK in 2010, and received the Ph.D. degree from University of Bedfordshire, UK in 2013. Since July 2004, he has been an assistant professor, Department of Computer Science, COMSATS Institute of Information Technology, Islamabad, Pakistan. He is the author of more than 30 research articles published in various conferences and journals. He also received the Best Paper Award of the International Conference on Automation and Computing in 2012.

His research interests include MAC protocol design, QoS and security issues in wireless communication systems.

ORCID iD: 0000-0002-4037-3405

Si-Jing Zhang received his B. Sc. and M. Sc. degrees, both in computer science, from Jilin University China in 1982 and 1988, respectively. He received a Ph.D. degree in computer science from the University of York, UK in 1997. He joined the Network Technology Research Centre of Nanyang Technological University, Singapore, as a post-doctoral fellow in 1996, and he then returned to the UK to work as a research fellow with the Centre for Communication Systems Research of the University of Cambridge, UK in 1998. He joined the University of Derby, UK as a senior lecturer in 2000. Since October 2004, he has been working as a Senior lecturer with the University of Bedfordshire.

Hong-Ji Yang received the B. Sc. and M. Sc. degrees from Jilin University, China in 1982 and 1985, respectively, and received the Ph.D. degree from Durham University, UK. He served as a programme co-chair at IEEE International Conference on Software Maintenance 1999 and is serving as the programme chair at IEEE Computer Software and Application Conference 2002. He is chief editor of the International Journal of Creative Computing. He has published five books and well over 300 papers in software engineering, computer networking and creative computing. He is deputy director of the Centre for Creative Computing at Bath Spa University, UK.

His current research interests include software engineering and creative computing.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Muzammal, S.M., Shah, M.A., Zhang, SJ. et al. Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices. Int. J. Autom. Comput. 13, 350–363 (2016). https://doi.org/10.1007/s11633-016-1011-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11633-016-1011-5

Keywords

Search

Navigation