Skip to main content

Critical Challenges in Access Management Schemes for Smartphones: An Appraisal

  • Chapter
  • First Online:
Smart Network Inspired Paradigm and Approaches in IoT Applications

Abstract

A growing trend exerted by current users in accessing sensitive data and performing critical data exchanges predominantly highlights the proliferation usage of mobile phone devices by users for accessibility. There exists a demand for a security solution capable of thwarting the existing threats while offering extended support, at the same time conserving user adaptability. In this research, an intensive survey has been conducted in which various security solutions based on biometric and non-biometric access management schemes have been contemplated. A lack of absolute or standard access control management scheme capable of delivering a secure and feasible solution on mobile phones persists. Each of the works offered by researchers has been single-handedly evaluated. Finally, loopholes and open challenges were deduced from the study conducted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. N. Abbas, Y. Zhang, A. Taherkordi, T. Skeie, Mobile edge computing: a survey. IEEE Internet Things J. 5(1), 450–465 (2018)

    Article  Google Scholar 

  2. S.J. Aboud, Secure password authentication system using smart card. Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS) 3(1), 75–79 (2014)

    Google Scholar 

  3. N. Adhikary, R. Shrivastava, A. Kumar, S.K. Verma, M. Bag, V. Singh, Battering keyloggers and screen recording software by fabricating passwords. Int. J. Comput. Netw. Inf. Secur. 4(5), 13 (2012)

    Google Scholar 

  4. M. Alzomai, A. Jøsang, The mobile phone as a multi OTP device using trusted computing, in 2010 Fourth International Conference on Network and System Security (IEEE, 2010, September), pp. 75–82

    Google Scholar 

  5. P. Ambalakat, Security of biometric authentication systems, in 21st Computer Science Seminar (2005, April), p. 1

    Google Scholar 

  6. D. An, Find Out How You Stack Up to New Industry Benchmarks for Mobile Page Speed. Think with Google. 2018. https://www.thinkwithgoogle.com/marketing-resources/data-measurement/mobile-page-speed-new-industry-benchmarks/. Accessed 30 April 2018

  7. E. Andreeva, Secret sharing in continuous access control system, using heart sounds, in 2012 XIII International Symposium on Problems of Redundancy in Information and Control Systems (RED) (IEEE, 2012, September), pp. 5–6

    Google Scholar 

  8. A.J. Aviv, K.L. Gibson, E. Mossop, M. Blaze, J.M. Smith, Smudge attacks on smartphone touch screens. Woot 10, 1–7 (2010)

    Google Scholar 

  9. W. Bao, H. Li, N. Li, W. Jiang, A liveness detection method for face recognition based on optical flow field, in International Conference on Image Analysis and Signal Processing, 2009. IASP 2009 (IEEE, 2009, April), pp. 233–236

    Google Scholar 

  10. D.A. Buchanan, J. McCalman, High Performance Work Systems: The Digital Experience (Routledge, 2018)

    Google Scholar 

  11. A. Buriro, S. Gupta, B. Crispo, Evaluation of Motion-Based Touch-Typing Biometrics for Online Banking (2017)

    Google Scholar 

  12. Y. Canbay, M. Ulker, S. Sagiroglu, Detection of mobile applications leaking sensitive data, in 2017 5th International Symposium on Digital Forensic and Security (ISDFS) (IEEE, 2017, April), pp. 1–5

    Google Scholar 

  13. I. Chingovska, A. Anjos, S. Marcel, On the effectiveness of local binary patterns in face anti-spoofing, in Proceedings of the 11th International Conference of the Biometrics Special Interest Group (No. EPFL-CONF-192369) (2012)

    Google Scholar 

  14. E.W.R. Chowdhury, M.S. Rahman, A.A. Al Islam, M.S. Rahman, Salty Secret: let us secretly salt the secret, in 2017 International Conference on Networking, Systems and Security (NSysS) (IEEE, 2017, January), pp. 115–123

    Google Scholar 

  15. D. Coldewey, NIST declares the age of SMS-based 2-factor authentication over. TechCrunch. 2018. https://beta.techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/. Accessed 30 April 2018

  16. A. Conklin, G. Dietrich, D. Walz, Password-based authentication: a system perspective, in Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004 (IEEE, 2004, January), 10 pp.

    Google Scholar 

  17. V. Conti, M. Collotta, G. Pau, S. Vitabile, Usability analysis of a novel biometric authentication approach for android-based mobile devices. J. Telecommun. Inf. Technol. (2014)

    Google Scholar 

  18. S.F. Darwaish, E. Moradian, T. Rahmani, M. Knauer, Biometric identification on android smartphones. Procedia Comput. Sci. 35, 832–841 (2014)

    Article  Google Scholar 

  19. M. De Marsico, C. Galdi, M. Nappi, D. Riccio, Firme: face and iris recognition for mobile engagement. Image Vis. Comput. 32(12), 1161–1172 (2014)

    Article  Google Scholar 

  20. Y. Durmus, K. Langendoen, Wifi authentication through social networks—a decentralized and context-aware approach, in 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops) (IEEE, 2014, March), pp. 532–538

    Google Scholar 

  21. P. Elftmann, Secure alternatives to password-based authentication mechanisms. Laboratory for Dependable Distributed Systems, RWTH Aachen University (2006)

    Google Scholar 

  22. L. Fridman, S. Weber, R. Greenstadt, M. Kam, Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Syst. J. 11(2), 513–521 (2017)

    Article  Google Scholar 

  23. J. Galbally, S. Marcel, J. Fierrez, Image quality assessment for fake biometric detection: application to iris, fingerprint, and face recognition. IEEE Trans. Image Process. 23(2), 710–724 (2014)

    Article  MathSciNet  Google Scholar 

  24. C.K. Goel, G. Arya, Hacking of passwords in windows environment. Int. J. Comput. Sci. Commun. Netw. 2(3), 430–435 (2012)

    Google Scholar 

  25. J. Hu, L. Peng, L. Zheng, XFace: a face recognition system for Android mobile phones, in 2015 IEEE 3rd International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA) (IEEE, 2015, August), pp. 13–18

    Google Scholar 

  26. S. Hussain, B.U.I. Khan, F. Anwar, R.F. Olanrewaju, Secure annihilation of out-of-band authorization for online transactions. Indian J. Sci. Technol. 11(5), 1–9 (2018)

    Article  Google Scholar 

  27. S.H. Islam, G.P. Biswas, A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J. Syst. Softw. 84(11), 1892–1898 (2011)

    Article  Google Scholar 

  28. A.K. Jain, A. Ross, S. Pankanti, Biometrics: a tool for information security. IEEE Trans. Inf. Forensics Secur. 1(2), 125–143 (2006)

    Article  Google Scholar 

  29. H.K. Jee, S.U. Jung, J.H. Yoo, Liveness detection for embedded face recognition system. Int. J. Biol. Med. Sci. 1(4), 235–238 (2006)

    Google Scholar 

  30. J. Jeong, M.Y. Chung, H. Choo, Integrated OTP-based user authentication and access control scheme in home networks, in Asia-Pacific Network Operations and Management Symposium (Springer, Berlin, Heidelberg, 2007, October), pp. 123–133

    Google Scholar 

  31. B.U.I. Khan, A.M. Baba, R.F. Olanrewaju, S.A. Lone, N.F. Zulkurnain, SSM: secure-split-merge data distribution in cloud infrastructure, in 2015 IEEE Conference on Open Systems (ICOS) (IEEE, 2015, August), pp. 40–45

    Google Scholar 

  32. B.U.I. Khan, R.F. Olanrewaju, A.M. Baba, A.A. Langoo, S. Assad, A compendious study of online payment systems: past developments, present impact, and future considerations. Int. J. Adv. Comput. Sci. Appl. 8(5), 256–271 (2017)

    Google Scholar 

  33. B.U.I. Khan, R.F. Olanrewaju, F. Anwar, R.N. Mir, A.R. Najeeb, Scrutinizing internet banking security solutions. Special Issue on Multimedia Information Security Solutions on Social Networks (in press) (2018)

    Google Scholar 

  34. J.M. Kizza, Ethical and Social Issues in the Information Age, vol. 999 (Springer, 2007)

    Google Scholar 

  35. W.H. Lee, R. Lee, Implicit sensor-based authentication of smartphone users with smartwatch, in Proceedings of the Hardware and Architectural Support for Security and Privacy 2016 (ACM, 2016, June), p. 9

    Google Scholar 

  36. G. Lovisotto, R. Malik, I. Sluganovic, M. Roeschlin, P. Trueman, I. Martinovic, Mobile biometrics in financial services: a five factor framework. Technical Report CS-RR-17–03, Oxford University (2017)

    Google Scholar 

  37. J. Määttä, A. Hadid, M. Pietikäinen, Face spoofing detection from single images using micro-texture analysis, in 2011 international joint conference on Biometrics (IJCB) (IEEE, 2011, October, pp. 1–7

    Google Scholar 

  38. U. Mahbub, R. Chellappa, PATH: person authentication using trace histories, in Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), IEEE Annual (IEEE, 2016, October), pp. 1–8

    Google Scholar 

  39. S. Mare, A.M. Markham, C. Cornelius, R. Peterson, D. Kotz, Zebra: zero-effort bilateral recurring authentication, in 2014 IEEE Symposium on Security and Privacy (SP) (IEEE, 2014, May), pp. 705–720

    Google Scholar 

  40. J. Marous, Millennials Are Leading the Digital Banking Revolution (2017). The Financial Brand. https://thefinancialbrand.com/64369/millennials-mobile-banking-digital-engagement-trends/. Accessed 30 April 2018

  41. B.K. Marshall, Tips for Avoiding Bad Authentication Challenge Questions. White Paper (2007)

    Google Scholar 

  42. M. Masihuddin, B.U.I. Khan, M.M.U.I. Mattoo, R.F. Olanrewaju, A survey on e-payment systems: elements, adoption, architecture, challenges and security concepts. Indian J. Sci. Technol. 10(20), 1–19 (2017)

    Article  Google Scholar 

  43. S. McQuiggan, J. McQuiggan, J. Sabourin, L. Kosturko, Mobile Learning: A Handbook for Developers, Educators, and Learners (Wiley, 2015)

    Google Scholar 

  44. R. McWaters, A Blueprint for Digital Identity (World Economic Forum, 2016)

    Google Scholar 

  45. T. Mehraj, B. Rasool, B.U.I. Khan, A. Baba, A.G. Lone, Contemplation of effective security measures in access management from adoptability perspective. Int. J. Adv. Comput. Sci. Appl. 6(8), 188–200 (2015)

    Google Scholar 

  46. W. Meng, W.H. Lee, S.R. Murali, S.P.T. Krishnan, Charging me and I know your secrets! towards juice filming attacks on smartphones, in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (ACM, 2015, April), pp. 89–98

    Google Scholar 

  47. W. Meng, D.S. Wong, S. Furnell, J. Zhou, Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1268–1293 (2015)

    Article  Google Scholar 

  48. M.S. Mir, M.B.A. Suhaimi, B.U.I. Khan, M.M.U.I. Mattoo, R.F. Olanrewaju, Critical security challenges in cloud computing environment: an appraisal. J. Theor. Appl. Inf. Technol. 95(10), 2234–2248 (2017)

    Google Scholar 

  49. A. Narayanan, V. Shmatikov, Fast dictionary attacks on passwords using time-space tradeoff, in Proceedings of the 12th ACM Conference on Computer and Communications Security (ACM, 2005, November), pp. 364–372

    Google Scholar 

  50. N.C. Nguyen, O.J. Bosch, F.Y. Ong, J.S. Seah, A. Succu, T.V. Nguyen, K.E. Banson, A systemic approach to understand smartphone usage in Singapore. Syst. Res. Behav. Sci. 33(3), 360–380 (2016)

    Article  Google Scholar 

  51. W. Ockenden, AM—eBay suffers catastrophic data breach in hack attack 22/05/2014. abc.net.au. 2014. http://www.abc.net.au/am/content/2014/s4009539.htm. Accessed 30 April 2018

  52. L. O’Gorman, Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(12), 2021–2040 (2003)

    Article  Google Scholar 

  53. R.F. Olanrewaju, B.U.I. Khan, A. Baba, R.N. Mir, S.A. Lone, RFDA: reliable framework for data administration based on split-merge policy, in SAI Computing Conference (SAI), 2016 (IEEE, 2016, July), pp. 545–552

    Google Scholar 

  54. R.F. Olanrewaju, B.U.I. Khan, M.M.U.I. Mattoo, F. Anwar, A.N.B. Nordin, R.N. Mir, Securing electronic transactions via payment gateways—a systematic review. Int. J. Internet Technol. Secur. Trans. 7(3), 245–269 (2017)

    Article  Google Scholar 

  55. R.F. Olanrewaju, B.U.I. Khan, M.M.U.I. Mattoo, F. Anwar, A.N.B. Nordin, R.N. Mir, Z. Noor, Adoption of cloud computing in higher learning institutions: a systematic review. Indian J. Sci. Technol. 10(36), 1–19 (2017)

    Article  Google Scholar 

  56. Online fraud happened hacking my icici bank credit card (2013). http://www.grahakseva.com/complaints/130310/online-fraud-happened-hacking-my-icici-bank-credit-card. Accessed 30 April 2018

  57. A. Osseiran, J.F. Monserrat, P. Marsch (eds.), 5G Mobile and Wireless Communications Technology (Cambridge University Press, 2016)

    Google Scholar 

  58. B.R. Pampori, T. Mehraj, B.U.I. Khan, A.M. Baba, Z.A. Najar, Securely eradicating cellular dependency for e-banking applications. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 9(2), 385–398 (2018)

    Google Scholar 

  59. G. Pan, L. Sun, Z. Wu, S. Lao, Eyeblink-Based Anti-Spoofing in Face Recognition from a Generic Web Camera (2007)

    Google Scholar 

  60. K.B. Raja, R. Raghavendra, M. Stokkenes, C. Busch, Multi-modal authentication system for smartphones using face, iris and periocular, in 2015 International Conference on Biometrics (ICB) (IEEE, 2015, May), pp. 143–150

    Google Scholar 

  61. N.K. Ratha, J.H. Connell, R.M. Bolle, An analysis of minutiae matching strength, in International Conference on Audio-and Video-Based Biometric Person Authentication (Springer, Berlin, Heidelberg, 2001, June), pp. 223–228

    Google Scholar 

  62. C. Rathgeb, A. Uhl, A survey on biometric cryptosystems and cancelable biometrics. EURASIP J. Inf. Secur. 2011(1), 3 (2011)

    Article  Google Scholar 

  63. K. Rathi, S. Sawarkar, Finger print matching algorithm for android. Int. J. Eng. Res. Technol. (IJERT) 2(10), 3819–3823 (2013)

    Google Scholar 

  64. A.S. Reid, Financial crime in the twenty-first century: the rise of the virtual collar criminal, in White Collar Crime and Risk (Palgrave Macmillan, London, 2018), pp. 231–251

    Google Scholar 

  65. A.A. Ross, K. Nandakumar, A.K. Jain, Handbook of Biometrics (Springer, US, 2008)

    Google Scholar 

  66. A.R. Sadeghi, T. Schneider, I. Wehrenberg, Efficient privacy-preserving face recognition, in International Conference on Information Security and Cryptology (Springer, Berlin, Heidelberg, 2009, December), pp. 229–244

    Chapter  Google Scholar 

  67. B. Shebaro, O. Oluwatimi, E. Bertino, Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 12(2), 150–163 (2015)

    Article  Google Scholar 

  68. D.F. Smith, A. Wiliem, B.C. Lovell, Face recognition on consumer devices: reflections on replay attacks. IEEE Trans. Inf. Forensics Secur. 10(4), 736–745 (2015)

    Article  Google Scholar 

  69. Standards for Biometric Technologies. NIST. 2018. https://www.nist.gov/speech-testimony/standards-biometric-technologies. Accessed 30 April 2018

  70. J. Téllez, S. Zeadally, Mobile Payment Systems: Secure Network Architectures and Protocols (Springer, 2017)

    Google Scholar 

  71. C.C. Teo, H.F. Neo, Behavioral fingerprint authentication: the next future, in Proceedings of the 9th International Conference on Bioinformatics and Biomedical Technology (ACM, 2017, May), pp. 1–5

    Google Scholar 

  72. C.J. Tsai, C.C. Peng, M.L. Chiang, T.Y. Chang, W.J. Tsai, H.S. Wu, Work in progress: a new approach of changeable password for keystroke dynamics authentication system on smart phones, in 2014 9th International Conference on Communications and Networking in China (CHINACOM) (IEEE, 2014, August), pp. 353–356

    Google Scholar 

  73. Y. Yang, J.S. Sun, C. Zhang, P. Li, Retraining and dynamic privilege for implicit authentication systems, in 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems (MASS) (IEEE, 2015, October), pp. 163–171

    Google Scholar 

  74. P. Zhang, Y. Pei, A technology of user access-control table and identity authentication based on USB in LAN, in 2010 International Conference on Biomedical Engineering and Computer Science (ICBECS) (IEEE, 2010, April), pp. 1–3

    Google Scholar 

  75. Z. Zhao, Z. Dong, Y. Wang, Security analysis of a password-based authentication protocol proposed to IEEE 1363. Theoret. Comput. Sci. 352(1–3), 280–287 (2006)

    Article  MathSciNet  Google Scholar 

  76. B.U.I. Khan, R.F. Olanrewaju, F. Anwar, Rehashing system security solutions in e-banking. Int. J. Eng. Technol. 7(4), 4905–4910 (2018)

    Google Scholar 

  77. B.U.I. Khan, R.F. Olanrewaju, F. Anwar, M. Yaacob, Offline OTP based solution for secure internet banking access, in IEEE Conference on e-Learning, e-Management and e-Services (IC3e) (IEEE, 2018, November), pp. 167–172

    Google Scholar 

Download references

Acknowledgements

This work was partially supported by the Ministry of Higher Education Malaysia (Kementerian Pendidikan Tinggi) under Research Initiative Grant Scheme number: RIGS16-334-0498.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Burhan Ul Islam Khan .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Mehraj, T., Khan, B.U.I., Olanrewaju, R.F., Anwar, F., Jusoh, A.Z.B. (2019). Critical Challenges in Access Management Schemes for Smartphones: An Appraisal. In: Elhoseny, M., Singh, A. (eds) Smart Network Inspired Paradigm and Approaches in IoT Applications. Springer, Singapore. https://doi.org/10.1007/978-981-13-8614-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-8614-5_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-8613-8

  • Online ISBN: 978-981-13-8614-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics