Mobile biometrics issues investigated by AMBER researchers
The use of biometric technologies via apps or inbuilt software on smartphones has skyrocketed, but concerns about the technology remain, as attendees of a recent AMBER webinar heard. Mainly geared toward faster logins, or indeed a more secure transaction; voice recognition, facial recognition and fingerprinting for authentication have become the norm.
However, biometric hacking through algorithms and sensor data has exposed the weaknesses of some of these methods. Spoofing methods like artificial fingerprint reproduction have been proven effective against some biometric systems. Furthermore, a spoofing attack can be used to access an individual’s other sensitive data. AMBER underlines particularly children’s privacy as a concern. “User age is strongly related to biometric accuracy” said Dr. Richard Guest of the University of Kent during the webinar, and AMBER is working toward ‘policies and guidelines… for Informed Consent protocol design’.
The AMBER (enhAnced Mobile BiomEtRics) project is funded through the European Commission’s Horizon 2020 programme. Comprising five universities across Europe and early stage researchers, within 3 years AMBER has delved deep into the challenges surrounding ‘biometric solutions on mobile devices.’
AMBER aims to address three core themes in these areas, working to protect society, while facilitating good user interface.
The ‘mobile platform usability and reliability’ theme focuses on advancing existing knowledge of errors surrounding touch screen interaction, and accessibility of authentication within unsupervised environments. Progressing understanding of these areas is important to identify which factors such as age, psychological and usability aspects are at play.
This included research investigating diabetes sufferers, and their ‘non-obvious’ affected irises to examine recognition accuracy through an eye scan. Considering that the world prevalence of diabetes in adults is 8.5 percent, this study is increasingly important for mobile users and systems developers. They discovered that in fact iris recognition systems were less accurate in detecting diabetes-affected eyes.
The research on ‘novel solutions for mobile biometric interaction’ investigates different mobile platforms, using the already installed sensors of ‘GPS, accelerometers and gyroscopes’ to understand the role these play while biometric features are in use. Understanding these is crucial in designing secure solutions, and through distinguishing attacks – from genuine users.
In a report, the team aimed to determine which threat models contained security risks to fingerprint, face and iris biometric platforms. This included assessing vulnerable areas for solution creation.
Research was also conducted on ‘privacy, security and confidence in mobile biometric interaction’ targets individual privacy and the safeguarding of individual data, especially regarding ‘confidential transactions’. This theme stresses the need for a protection framework, and the goal is to create a data-based structure which will identify these issues within the device. Ultimately, building on this structure, to reassure users of the security of biometric systems.
Their research in this area incorporated the user, in an experimental self-governing design. Giving participants control was important in determining the limits that people are comfortable with, regarding their data collection. Using this design, the team established essential privacy requirements; for example, a protocol surrounding the processing and storage of the biometric data.
Other projects cover research into continuous authentication whereby future technology could be linked between an individual’s mobile device and a car which would enable ‘refueling the car by using your fingerprint’ and ‘buying snacks by palm vein,’ as indicated by webinar slides.
The EU hopes to reap back the socio-economic benefits through this project, culminating in December, as these new field experts will hold the keys for future systems development and individual protection under GDPR regulations in Europe.
Rıdvan Salih Kuzu, a student member of AMBER, answered a question on upcoming areas in research; he anticipates vascular biometrics to underpin mobile research over the next ten years. Our external biometrics, like fingerprints leave physical traces – yet the vein network provides implicit security as an internal network, and there is currently no device that can access this information.
When asked about future predictions in mobile phone modality, Emanuele Maiorana, another student member, answered that mobile phones will be used as an orchestration platform to manage all of these other platforms. Whether through transportation, making payments, or opening doors. The next step will be using all kinds of biometric modalities, even cognitive, through the mobile device.
In the future, AMBER hopes to be able to further investigate the direction of biometric data flows, asking whether biometric data remains on the device or is transmitted to the wider internet. The group also want to interrogate the use of big data systems and their implications for legal aspects, as they are increasingly involved in courts of law.