Biometric Authentication for secure e-transactions: Research Opportunities and Trends Fahad M. Al-Harby College of Computer and Information Security Naif Arab University for Security Sciences (NAUSS) fahad.alharby@nauss.edu.sa Within the current level of reliance on Information Systems in a daily basis, authenticating end-users for security purposes within public and private sectors has never been more significant to all enterprises. Furthermore, the necessity for automated methods for securing online systems are critical and challenging issues. Within any security procedure, users authentication considered as the first action to confirm security and control access. Today, Biometrics can play a major role in information security and authentication within any information system. In fact, as a result of users demand for secure devices, application, transactions and payment methods, Biometrics technology becomes a solid research field. In combine with other technologies Biometrics Authentication can solve various difficult security issues. This paper will outline the research directions that have newly emerged in the field of biometric-based authentication systems. This work will also shed some light on the position of biometrics technology in the existing domain of Security. In addition, the state of the art methodologies being used for better Biometrics authentication technologies has been investigated. The paper concludes with a number of possible challenges and barriers which could face researchers in the field of biometric authentication. Keywords: Authentication, Biometric, E-transactions, Security. BACKGROUND Recently, the security research field has perceived great development to all information access aspects. Distinguished growth has been made in emerging effective methods to challenge the difficulties of user authentication, encryption and protection, information security and privacy. Within the domain of security research, biometric authentication firmly well-known itself as one of the most effective and reliable tools for delivering flexible access control to a secure system (M. Gavrilova, et al., 2013). Although recent methods for biometric authentication are becoming gradually easy to use and strong, unfortunately the same cannot be said about the security of end-users populating cyber worlds. Biometric technologies are one of the most important innovation in the IT field, and the biometric system industry and market have grown and is projected to reach a value of $24.44 billion by 2020, according to MarketsandMarkets In fact, confirming secure communication amongst individuals besides their identities presents massive challenges to academics and industry. Identity theft, security breaches, credit card scam, and e-criminal activities are just some of security problems that plague our society. Nevertheless, one of the most critical mechanisms for guaranteeing security within
our online activates; the connection of online users with their identities in the everyday life has been mainly unnoticed. Studies and efforts to develop effective security solutions to this critical issues are the key motivation of this paper. Biometrics are defined as measurable physiological and/or behavioural features that can be utilised to verify the identity a person. Biometrics include fingerprint verification, hand geometry, retinal scanning, iris scanning, face recognition, and signature verification (Ashbourn, 2000). Generally, physical and behavioural characteristics used by biometrics include the following taxonomy (Zhang 2000): Figure 1: Physical and behavioural characteristics used by biometrics (Zhang 2000) There are three main socio-cultural anxiety regarding biometrics: information privacy, physical privacy, and religious objections Woodward et al. (2001): Information privacy Some concerns were identified such the concern about the tracking and misuse of data, especially within web environment (Prabhakar, et al., 2003). Physical privacy Several biometrics have a certain stigma attached to them and can avoid individuals from using the biometrics technology at ease. Fingerprint, for instance, has an undeserved stigma from its association with criminal manners. Religious objections
Different countries have different cultures and religious beliefs which rule business and social practices, and persons will be uncertain to adopt practices considered contrary to their cultural or religious dictates(f. Al-Harby, et al., 2009). A TYPICAL BIOMETRIC SYSTEM Any biometric system contains five components (S. Salawadgi, 2014).: 1- A sensor to gather the data and convert the information to a digital format. 2- Signal processing algorithms to achieve quality control activities and progress the biometric template. 3- A data storage element which retains information that new biometric templates will be compared to. 4- A matching algorithm which compares the new biometric template to one or more templates kept in data storage. 5- A decision process which uses the results from the matching component to make a system-level decision. A Biometric system includes three parts: Input Device: such as scanner to record any inputs which are then used by the software part. Biometrics Software: a software processes the input and converts it into digital form, extract the features, and compare all the results. Database: to store the information, which used for evaluation. As well, features extracted from input samples are stored in the database and storing features in the database saves the time for processing. BIOMETRIC PROCESSES Biometric systems depend on some separate processes: enrolment, live capture, template extraction and comparison. The purpose of enrolment is to gather and store biometric samples beside creating numerical templates for any future comparisons. By storing the raw samples, new replacement templates can be generated in the event that a new or updated comparison algorithm is presented to the system. Template extraction needs signal processing of the raw biometric samples (e.g. images or audio samples) to yield a numerical template. Templates are typically generated and stored upon enrolment to secure processing time upon upcoming comparisons. Comparison of two biometric templates applies algorithmic computations to measure their likeness. At comparison level, a match score is allocated. If it is above a specified threshold, the templates are considered a match. For better recognition rate, multiple samples for each individual are gathered through registration. At the verification step, similar set of features which have been extracted through enrolment process are extracted from the input samples scanned or recorded using input devices, to form the feature vectors. Verification is 1 to 1 matching. Within verification, the individual claims his or her identity which is confirmed by comparing these feature
vectors by the feature vectors of the individual which he or she claimed to be. If the matching rate crosses the threshold then the system will validate the individual as authentic user, or the individual will be rejected (S. Salawadgi, 2014). Likewise, for the identification similar set of features which have been extracted during enrolment process are extracted from the input samples scanned or recorded using input devices, to form the feature vectors. Identification is 1 to n matching. The feature vectors of the individual are compared with the feature vectors of every individual stored in the database. If the highest matching score crosses the threshold, at that time it identifies the individual as the person whose similar rate is the highest ( M.L. Gavrilova, 2014). Fig. 2. Biometric System Architecture (Source: Aware, Inc. What Are Biometrics? Research Paper (2014) Bedford, MA) PERFORMANCE The accuracy of a biometric system is typically measured mostly by a receiver operating characteristic, or ROC curve plot which represent its false match rate (FMR) and false non-match rate (FNMR) counter to some biometric sample gallery. While FMR is the frequency with which biometric samples from diverse sources are incorrectly evaluated to be from the matching source, FNMR is the frequency with which samples from the exact source are erroneously assessed to be from different sources (Aware, 2014).
Fig. 3. An ROC curve for a given biometric matching system and dataset. (Source: Aware, Inc. What Are Biometrics? Research Paper (2014) Bedford, MA). Typically, a well-performing biometric system is characterized by prompt results and low rates of FMR and FNMR. The accuracy of a system falls on a point on the ROC curve whose location is a function of the matching threshold applied. A higher match threshold reduces false match rate but increases false non-match rate (higher security, lower convenience). As well, a lower match threshold reduces the false non-match rate but increases false match rate (higher convenience, lower security). Higher quantities of data (e.g. more fingerprints) and higher-quality (highly consistent) samples are required for one-to-many search processes as compared to one-to-one matching for authentication (Aware, 2014). Fig. 4. Density functions of comparison scores between a) samples from different sources and b) samples from the same sources, illustrating FMR and FNMR. (Source: Aware, Inc. What Are Biometrics? Research Paper (2014) Bedford, MA).
STATE-OF-THE ART METHODOLOGY The state-of-the art methodology for biometric authentication involves of: Appearance based and feature methods for recognizing and comparing similar patterns in different user s biometric data ( S. Yanushkevich, et al., 2007). Dimensionality-reduction techniques for extracting and learning the most important biometric characteristic, for example, Principal Component Analysis (PCA), k-mean clustering and Chaotic Neural Networks ( Y. Tian, et al., 2012). Novel decision-making techniques based on information fusion, Markov chains, fuzzy logic, and cognitive informatics (M. Gavrilova, et al., 2013). Researchers argues for the use of multi-modal biometric system rather than the single biometric method (M. Monwar, et al., 2009). It has been well recognized during the last decade that individual biometrics have a number of lacks, together with issues of universality, uniqueness, poor sample quality, human error and changes over time. Due to the fact that multimodal biometric system can integrate two or more individual biometric characters, the overall system recognition rate can rise significantly. This issue remains accurate even in the presence of erroneous, incomplete or missing data. EMERGING METHODOLOGY Recently, three new approaches have been presented to biometric technology with implications for Cyberworld security problems: Discovering the capabilities of multi-modal biometric fusion methods within the setting of Cyberworld user identity recognition (M. Gavrilova, et al., 2011). Enhancing a set of metrics for classifying abnormal user behaviours through recognition of their physiological and behavioural traits ( S. Yanushkevich, et al., 2007). Presenting the concept of biometric cancellability in the framework of Cyberworld authentication (P. Paul, et al., 2012) These new approaches will offer a strong and unique methodology for improving user security via on-line societies. CHALLENGES Nowadays, new research continues to develop every day in the biometric authentication field; nevertheless, some challenges remain that are both essential and precise to Cyberworld. The recent issues facing the biometric authentication domain are ( M.L. Gavrilova, 2014): Further effective methods for intruder detection and prevention. Requirement for better privacy policies to protect user confidentiality. In case of changes in databases over time might need more advance training methods. Capability to use appropriate information gained in parallel to main biometric features.
Challenges with big data that request real-time performance with high recognition rates on very large data sources. FUTURE RESEARCH DIRECTIONS It is important to realise that other important issues may remain open for investigation such as ( M.L. Gavrilova, 2014): Recognition of normal vs abnormal on-line user behaviour over progressive pattern analysis of appearance-based and behavioural biometrics (typing patterns, voice, blogs). Examining on-line social network activities as new type of biometric traits, i.e. social biometrics (such as: Twitter, Facebook and LinkedIn). Emerging research into spatio-temporal biometrics for e-communities. Considering mechanism that contribute to generating effective on-line communities; Learning leadership and common personality traits in Cyberworld. Although work on some of the problems listed above has started, most of them continue untouched and present forthcoming research directions in the domain of biometric authentication. REFERENCES AL-Harby, F., Qahwaji, R., & Kamala, M. (2013). End-Users Acceptance of Biometrics Authentication to Secure E-Commerce within the Context of Saudi Culture: Applying the UTAUT Model. In I. Management Association (Ed.), IT Policy and Ethics: Concepts, Methodologies, Tools, and Applications (pp. 1356-1376). Hershey, PA: Information Science Reference. doi:10.4018/978-1-4666-2919-6.ch061 AL-Harby, F., Qahwajim, R., & Kamala, M. (2012). Towards an Understanding of User Acceptance to Use Biometrics Authentication Systems in E-Commerce: Using an Extension of the Technology Acceptance Model. In I. Lee (Ed.), Transformations in E-Business Technologies and Commerce: Emerging Impacts (pp. 113-134). Hershey, PA: Business Science Reference. doi:10.4018/978-1-61350-462-8.ch007 Al-Harby F., R Qahwaji, and M Kamala, The effects of gender differences in the acceptance of biometrics authentication systems within online transaction, CYBERWORLD 2009, Published by IEEE computer society pp. 203-210, September 7 11, 2009, UK AL-Harby F., R Qahwaji, & M Kamala, Users Acceptance of Secure Biometrics Authentication System: Reliability and Validate of an Extended UTAUT Model. The Second International Conference on Networked Digital Technologies (NDT 2010), Springer Lecture Notes in Computer Science.
Ashbourn, J. (2000). Biometrics: Advanced identity verification: The complete guide. London: Springer. Aware, Inc. What Are Biometrics? Research Paper (2014) Bedford, MA. Jain, A. (2004). Biometric recognition: How do I know who you are? Paper presented at the Signal Processing and Communications Applications Conference Proceedings of the 12th IEEE. Jain, A., Hong, L., & Pankanti, S. (2000). Biometric identification. Communications of the ACM, 43(2), 91-98. M.L. Gavrilova, Biometric-Based Authentication for Cyberworld Security: Challenges and Opportunities, University of Calgary June, 2014 M Gavrilova and R Yampolskiy Applying biometric principles to avatar recognition Transactions on computational science XII, 140-158, 2011 M. Gavrilova and M. Monwar Multimodal Biometrics and Intelligent Image Processing for Security Systems, IGI, book, 2013 M. Monwar and M. Gavrilova, Multimodal Biometric System Using Rank-Level Fusion Approach, IEEE Trans. on System, Man and Cybernetics, pp.867 878, vol. 39, no. 4, 2009 P. Paul and M. Gavrilova Multimodal Cancellable Biometric, 10th Int C on Cognitive Informatics & Cognitive Computing ICCI*CC 2012, IEEE, 43-50, 2012. Prabhakar, S., S. Pankanti, S., & Jain, A. K. (2003). Biometrics recognition: Security and privacy concerns. IEEE Security & Privacy, 1(2), 33-42 Sarita Salawadgi, Biometrics: A Security Tool for 21 st Century, International Journal of Innovation and Applied Studies, vol. 8, no. 2, pp. 743 749, September 2014 S. Yanushkevich, M. Gavrilova, P. Wang and S. Srihari, Image Pattern Recognition: Synthesis and Analysis in Biometrics, World Scientific Publishers, book, 2007 Y. Tian, Y. Wang, M. Gavrilova and G. Ruhe, A Formal Knowledge Representation System for the Intelligent Knowledge Base of a Cognitive Learning Engine, Int. J. of Software Science and Computational Intelligence IJSCCI, IGI, 1-17, 2012. Woodward, J. D., Webb, K. W., Newton, E. M., Bradley, M., & Rubenson, D. (2001). Army biometric applications: RAND Corporation. Zhang, D. (2000). Automated Biometrics: Technologies and Systems Norwell, MA: Kluwer Academic Publishers.