Critical Challenges in Access Management Schemes for Smartphones: An Appraisal

  • Tehseen Mehraj
  • Burhan Ul Islam KhanEmail author
  • Rashidah F. Olanrewaju
  • Farhat Anwar
  • Ahmad Zamani Bin Jusoh


A growing trend exerted by current users in accessing sensitive data and performing critical data exchanges predominantly highlights the proliferation usage of mobile phone devices by users for accessibility. There exists a demand for a security solution capable of thwarting the existing threats while offering extended support, at the same time conserving user adaptability. In this research, an intensive survey has been conducted in which various security solutions based on biometric and non-biometric access management schemes have been contemplated. A lack of absolute or standard access control management scheme capable of delivering a secure and feasible solution on mobile phones persists. Each of the works offered by researchers has been single-handedly evaluated. Finally, loopholes and open challenges were deduced from the study conducted.


Authentication Access management Biometric authentication Security Mobile device 



This work was partially supported by the Ministry of Higher Education Malaysia (Kementerian Pendidikan Tinggi) under Research Initiative Grant Scheme number: RIGS16-334-0498.


  1. 1.
    N. Abbas, Y. Zhang, A. Taherkordi, T. Skeie, Mobile edge computing: a survey. IEEE Internet Things J. 5(1), 450–465 (2018)CrossRefGoogle Scholar
  2. 2.
    S.J. Aboud, Secure password authentication system using smart card. Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS) 3(1), 75–79 (2014)Google Scholar
  3. 3.
    N. Adhikary, R. Shrivastava, A. Kumar, S.K. Verma, M. Bag, V. Singh, Battering keyloggers and screen recording software by fabricating passwords. Int. J. Comput. Netw. Inf. Secur. 4(5), 13 (2012)Google Scholar
  4. 4.
    M. Alzomai, A. Jøsang, The mobile phone as a multi OTP device using trusted computing, in 2010 Fourth International Conference on Network and System Security (IEEE, 2010, September), pp. 75–82Google Scholar
  5. 5.
    P. Ambalakat, Security of biometric authentication systems, in 21st Computer Science Seminar (2005, April), p. 1Google Scholar
  6. 6.
    D. An, Find Out How You Stack Up to New Industry Benchmarks for Mobile Page Speed. Think with Google. 2018. Accessed 30 April 2018
  7. 7.
    E. Andreeva, Secret sharing in continuous access control system, using heart sounds, in 2012 XIII International Symposium on Problems of Redundancy in Information and Control Systems (RED) (IEEE, 2012, September), pp. 5–6Google Scholar
  8. 8.
    A.J. Aviv, K.L. Gibson, E. Mossop, M. Blaze, J.M. Smith, Smudge attacks on smartphone touch screens. Woot 10, 1–7 (2010)Google Scholar
  9. 9.
    W. Bao, H. Li, N. Li, W. Jiang, A liveness detection method for face recognition based on optical flow field, in International Conference on Image Analysis and Signal Processing, 2009. IASP 2009 (IEEE, 2009, April), pp. 233–236Google Scholar
  10. 10.
    D.A. Buchanan, J. McCalman, High Performance Work Systems: The Digital Experience (Routledge, 2018)Google Scholar
  11. 11.
    A. Buriro, S. Gupta, B. Crispo, Evaluation of Motion-Based Touch-Typing Biometrics for Online Banking (2017)Google Scholar
  12. 12.
    Y. Canbay, M. Ulker, S. Sagiroglu, Detection of mobile applications leaking sensitive data, in 2017 5th International Symposium on Digital Forensic and Security (ISDFS) (IEEE, 2017, April), pp. 1–5Google Scholar
  13. 13.
    I. Chingovska, A. Anjos, S. Marcel, On the effectiveness of local binary patterns in face anti-spoofing, in Proceedings of the 11th International Conference of the Biometrics Special Interest Group (No. EPFL-CONF-192369) (2012)Google Scholar
  14. 14.
    E.W.R. Chowdhury, M.S. Rahman, A.A. Al Islam, M.S. Rahman, Salty Secret: let us secretly salt the secret, in 2017 International Conference on Networking, Systems and Security (NSysS) (IEEE, 2017, January), pp. 115–123Google Scholar
  15. 15.
    D. Coldewey, NIST declares the age of SMS-based 2-factor authentication over. TechCrunch. 2018. Accessed 30 April 2018
  16. 16.
    A. Conklin, G. Dietrich, D. Walz, Password-based authentication: a system perspective, in Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004 (IEEE, 2004, January), 10 pp.Google Scholar
  17. 17.
    V. Conti, M. Collotta, G. Pau, S. Vitabile, Usability analysis of a novel biometric authentication approach for android-based mobile devices. J. Telecommun. Inf. Technol. (2014)Google Scholar
  18. 18.
    S.F. Darwaish, E. Moradian, T. Rahmani, M. Knauer, Biometric identification on android smartphones. Procedia Comput. Sci. 35, 832–841 (2014)CrossRefGoogle Scholar
  19. 19.
    M. De Marsico, C. Galdi, M. Nappi, D. Riccio, Firme: face and iris recognition for mobile engagement. Image Vis. Comput. 32(12), 1161–1172 (2014)CrossRefGoogle Scholar
  20. 20.
    Y. Durmus, K. Langendoen, Wifi authentication through social networks—a decentralized and context-aware approach, in 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops) (IEEE, 2014, March), pp. 532–538Google Scholar
  21. 21.
    P. Elftmann, Secure alternatives to password-based authentication mechanisms. Laboratory for Dependable Distributed Systems, RWTH Aachen University (2006)Google Scholar
  22. 22.
    L. Fridman, S. Weber, R. Greenstadt, M. Kam, Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Syst. J. 11(2), 513–521 (2017)CrossRefGoogle Scholar
  23. 23.
    J. Galbally, S. Marcel, J. Fierrez, Image quality assessment for fake biometric detection: application to iris, fingerprint, and face recognition. IEEE Trans. Image Process. 23(2), 710–724 (2014)MathSciNetCrossRefGoogle Scholar
  24. 24.
    C.K. Goel, G. Arya, Hacking of passwords in windows environment. Int. J. Comput. Sci. Commun. Netw. 2(3), 430–435 (2012)Google Scholar
  25. 25.
    J. Hu, L. Peng, L. Zheng, XFace: a face recognition system for Android mobile phones, in 2015 IEEE 3rd International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA) (IEEE, 2015, August), pp. 13–18Google Scholar
  26. 26.
    S. Hussain, B.U.I. Khan, F. Anwar, R.F. Olanrewaju, Secure annihilation of out-of-band authorization for online transactions. Indian J. Sci. Technol. 11(5), 1–9 (2018)CrossRefGoogle Scholar
  27. 27.
    S.H. Islam, G.P. Biswas, A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11), 1892–1898 (2011)CrossRefGoogle Scholar
  28. 28.
    A.K. Jain, A. Ross, S. Pankanti, Biometrics: a tool for information security. IEEE Trans. Inf. Forensics Secur. 1(2), 125–143 (2006)CrossRefGoogle Scholar
  29. 29.
    H.K. Jee, S.U. Jung, J.H. Yoo, Liveness detection for embedded face recognition system. Int. J. Biol. Med. Sci. 1(4), 235–238 (2006)Google Scholar
  30. 30.
    J. Jeong, M.Y. Chung, H. Choo, Integrated OTP-based user authentication and access control scheme in home networks, in Asia-Pacific Network Operations and Management Symposium (Springer, Berlin, Heidelberg, 2007, October), pp. 123–133Google Scholar
  31. 31.
    B.U.I. Khan, A.M. Baba, R.F. Olanrewaju, S.A. Lone, N.F. Zulkurnain, SSM: secure-split-merge data distribution in cloud infrastructure, in 2015 IEEE Conference on Open Systems (ICOS) (IEEE, 2015, August), pp. 40–45Google Scholar
  32. 32.
    B.U.I. Khan, R.F. Olanrewaju, A.M. Baba, A.A. Langoo, S. Assad, A compendious study of online payment systems: past developments, present impact, and future considerations. Int. J. Adv. Comput. Sci. Appl. 8(5), 256–271 (2017)Google Scholar
  33. 33.
    B.U.I. Khan, R.F. Olanrewaju, F. Anwar, R.N. Mir, A.R. Najeeb, Scrutinizing internet banking security solutions. Special Issue on Multimedia Information Security Solutions on Social Networks (in press) (2018)Google Scholar
  34. 34.
    J.M. Kizza, Ethical and Social Issues in the Information Age, vol. 999 (Springer, 2007)Google Scholar
  35. 35.
    W.H. Lee, R. Lee, Implicit sensor-based authentication of smartphone users with smartwatch, in Proceedings of the Hardware and Architectural Support for Security and Privacy 2016 (ACM, 2016, June), p. 9Google Scholar
  36. 36.
    G. Lovisotto, R. Malik, I. Sluganovic, M. Roeschlin, P. Trueman, I. Martinovic, Mobile biometrics in financial services: a five factor framework. Technical Report CS-RR-17–03, Oxford University (2017)Google Scholar
  37. 37.
    J. Määttä, A. Hadid, M. Pietikäinen, Face spoofing detection from single images using micro-texture analysis, in 2011 international joint conference on Biometrics (IJCB) (IEEE, 2011, October, pp. 1–7Google Scholar
  38. 38.
    U. Mahbub, R. Chellappa, PATH: person authentication using trace histories, in Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), IEEE Annual (IEEE, 2016, October), pp. 1–8Google Scholar
  39. 39.
    S. Mare, A.M. Markham, C. Cornelius, R. Peterson, D. Kotz, Zebra: zero-effort bilateral recurring authentication, in 2014 IEEE Symposium on Security and Privacy (SP) (IEEE, 2014, May), pp. 705–720Google Scholar
  40. 40.
    J. Marous, Millennials Are Leading the Digital Banking Revolution (2017). The Financial Brand. Accessed 30 April 2018
  41. 41.
    B.K. Marshall, Tips for Avoiding Bad Authentication Challenge Questions. White Paper (2007)Google Scholar
  42. 42.
    M. Masihuddin, B.U.I. Khan, M.M.U.I. Mattoo, R.F. Olanrewaju, A survey on e-payment systems: elements, adoption, architecture, challenges and security concepts. Indian J. Sci. Technol. 10(20), 1–19 (2017)CrossRefGoogle Scholar
  43. 43.
    S. McQuiggan, J. McQuiggan, J. Sabourin, L. Kosturko, Mobile Learning: A Handbook for Developers, Educators, and Learners (Wiley, 2015)Google Scholar
  44. 44.
    R. McWaters, A Blueprint for Digital Identity (World Economic Forum, 2016)Google Scholar
  45. 45.
    T. Mehraj, B. Rasool, B.U.I. Khan, A. Baba, A.G. Lone, Contemplation of effective security measures in access management from adoptability perspective. Int. J. Adv. Comput. Sci. Appl. 6(8), 188–200 (2015)Google Scholar
  46. 46.
    W. Meng, W.H. Lee, S.R. Murali, S.P.T. Krishnan, Charging me and I know your secrets! towards juice filming attacks on smartphones, in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (ACM, 2015, April), pp. 89–98Google Scholar
  47. 47.
    W. Meng, D.S. Wong, S. Furnell, J. Zhou, Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1268–1293 (2015)CrossRefGoogle Scholar
  48. 48.
    M.S. Mir, M.B.A. Suhaimi, B.U.I. Khan, M.M.U.I. Mattoo, R.F. Olanrewaju, Critical security challenges in cloud computing environment: an appraisal. J. Theor. Appl. Inf. Technol. 95(10), 2234–2248 (2017)Google Scholar
  49. 49.
    A. Narayanan, V. Shmatikov, Fast dictionary attacks on passwords using time-space tradeoff, in Proceedings of the 12th ACM Conference on Computer and Communications Security (ACM, 2005, November), pp. 364–372Google Scholar
  50. 50.
    N.C. Nguyen, O.J. Bosch, F.Y. Ong, J.S. Seah, A. Succu, T.V. Nguyen, K.E. Banson, A systemic approach to understand smartphone usage in Singapore. Syst. Res. Behav. Sci. 33(3), 360–380 (2016)CrossRefGoogle Scholar
  51. 51.
    W. Ockenden, AM—eBay suffers catastrophic data breach in hack attack 22/05/2014. 2014. Accessed 30 April 2018
  52. 52.
    L. O’Gorman, Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(12), 2021–2040 (2003)CrossRefGoogle Scholar
  53. 53.
    R.F. Olanrewaju, B.U.I. Khan, A. Baba, R.N. Mir, S.A. Lone, RFDA: reliable framework for data administration based on split-merge policy, in SAI Computing Conference (SAI), 2016 (IEEE, 2016, July), pp. 545–552Google Scholar
  54. 54.
    R.F. Olanrewaju, B.U.I. Khan, M.M.U.I. Mattoo, F. Anwar, A.N.B. Nordin, R.N. Mir, Securing electronic transactions via payment gateways—a systematic review. Int. J. Internet Technol. Secur. Trans. 7(3), 245–269 (2017)CrossRefGoogle Scholar
  55. 55.
    R.F. Olanrewaju, B.U.I. Khan, M.M.U.I. Mattoo, F. Anwar, A.N.B. Nordin, R.N. Mir, Z. Noor, Adoption of cloud computing in higher learning institutions: a systematic review. Indian J. Sci. Technol. 10(36), 1–19 (2017)CrossRefGoogle Scholar
  56. 56.
    Online fraud happened hacking my icici bank credit card (2013). Accessed 30 April 2018
  57. 57.
    A. Osseiran, J.F. Monserrat, P. Marsch (eds.), 5G Mobile and Wireless Communications Technology (Cambridge University Press, 2016)Google Scholar
  58. 58.
    B.R. Pampori, T. Mehraj, B.U.I. Khan, A.M. Baba, Z.A. Najar, Securely eradicating cellular dependency for e-banking applications. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 9(2), 385–398 (2018)Google Scholar
  59. 59.
    G. Pan, L. Sun, Z. Wu, S. Lao, Eyeblink-Based Anti-Spoofing in Face Recognition from a Generic Web Camera (2007)Google Scholar
  60. 60.
    K.B. Raja, R. Raghavendra, M. Stokkenes, C. Busch, Multi-modal authentication system for smartphones using face, iris and periocular, in 2015 International Conference on Biometrics (ICB) (IEEE, 2015, May), pp. 143–150Google Scholar
  61. 61.
    N.K. Ratha, J.H. Connell, R.M. Bolle, An analysis of minutiae matching strength, in International Conference on Audio-and Video-Based Biometric Person Authentication (Springer, Berlin, Heidelberg, 2001, June), pp. 223–228Google Scholar
  62. 62.
    C. Rathgeb, A. Uhl, A survey on biometric cryptosystems and cancelable biometrics. EURASIP J. Inf. Secur. 2011(1), 3 (2011)CrossRefGoogle Scholar
  63. 63.
    K. Rathi, S. Sawarkar, Finger print matching algorithm for android. Int. J. Eng. Res. Technol. (IJERT) 2(10), 3819–3823 (2013)Google Scholar
  64. 64.
    A.S. Reid, Financial crime in the twenty-first century: the rise of the virtual collar criminal, in White Collar Crime and Risk (Palgrave Macmillan, London, 2018), pp. 231–251Google Scholar
  65. 65.
    A.A. Ross, K. Nandakumar, A.K. Jain, Handbook of Biometrics (Springer, US, 2008)Google Scholar
  66. 66.
    A.R. Sadeghi, T. Schneider, I. Wehrenberg, Efficient privacy-preserving face recognition, in International Conference on Information Security and Cryptology (Springer, Berlin, Heidelberg, 2009, December), pp. 229–244CrossRefGoogle Scholar
  67. 67.
    B. Shebaro, O. Oluwatimi, E. Bertino, Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 12(2), 150–163 (2015)CrossRefGoogle Scholar
  68. 68.
    D.F. Smith, A. Wiliem, B.C. Lovell, Face recognition on consumer devices: reflections on replay attacks. IEEE Trans. Inf. Forensics Secur. 10(4), 736–745 (2015)CrossRefGoogle Scholar
  69. 69.
    Standards for Biometric Technologies. NIST. 2018. Accessed 30 April 2018
  70. 70.
    J. Téllez, S. Zeadally, Mobile Payment Systems: Secure Network Architectures and Protocols (Springer, 2017)Google Scholar
  71. 71.
    C.C. Teo, H.F. Neo, Behavioral fingerprint authentication: the next future, in Proceedings of the 9th International Conference on Bioinformatics and Biomedical Technology (ACM, 2017, May), pp. 1–5Google Scholar
  72. 72.
    C.J. Tsai, C.C. Peng, M.L. Chiang, T.Y. Chang, W.J. Tsai, H.S. Wu, Work in progress: a new approach of changeable password for keystroke dynamics authentication system on smart phones, in 2014 9th International Conference on Communications and Networking in China (CHINACOM) (IEEE, 2014, August), pp. 353–356Google Scholar
  73. 73.
    Y. Yang, J.S. Sun, C. Zhang, P. Li, Retraining and dynamic privilege for implicit authentication systems, in 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems (MASS) (IEEE, 2015, October), pp. 163–171Google Scholar
  74. 74.
    P. Zhang, Y. Pei, A technology of user access-control table and identity authentication based on USB in LAN, in 2010 International Conference on Biomedical Engineering and Computer Science (ICBECS) (IEEE, 2010, April), pp. 1–3Google Scholar
  75. 75.
    Z. Zhao, Z. Dong, Y. Wang, Security analysis of a password-based authentication protocol proposed to IEEE 1363. Theoret. Comput. Sci. 352(1–3), 280–287 (2006)MathSciNetCrossRefGoogle Scholar
  76. 76.
    B.U.I. Khan, R.F. Olanrewaju, F. Anwar, Rehashing system security solutions in e-banking. Int. J. Eng. Technol. 7(4), 4905–4910 (2018)Google Scholar
  77. 77.
    B.U.I. Khan, R.F. Olanrewaju, F. Anwar, M. Yaacob, Offline OTP based solution for secure internet banking access, in IEEE Conference on e-Learning, e-Management and e-Services (IC3e) (IEEE, 2018, November), pp. 167–172Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Tehseen Mehraj
    • 1
  • Burhan Ul Islam Khan
    • 2
    Email author
  • Rashidah F. Olanrewaju
    • 2
  • Farhat Anwar
    • 2
  • Ahmad Zamani Bin Jusoh
    • 2
  1. 1.Department of ECEIslamic University of Science & TechnologyAwantiporaIndia
  2. 2.Department of ECE, Kulliyyah of EngineeringInternational Islamic University MalaysiaKuala LumpurMalaysia

Personalised recommendations