Abstract
Biometric authentication on smartphones is a modern solution for more practical and secure login security. This technology offers advantages such as speed of access and resistance to forgery compared to password-based methods. However, there are various weaknesses, such as the potential for exploitation through malware, spoofing, or brute force attacks that exploit security holes, such as Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL). Additionally, hacked biometric data cannot be replaced, leaving users vulnerable to long-term security threats. To overcome these weaknesses, this article recommends a security approach based on Trusted Execution Environment (TEE), AES-256 encryption, spoofing detection based on liveness recognition, anti-tamper mechanisms, and the application of rate limiting. The secure authentication flow implementation is designed to protect biometric data locally without transmission to external servers, ensuring user integrity and privacy is maintained. This flow includes suspicious activity detection, login encryption, and data protection with advanced encryption. Through a combination of these technologies, the biometric authentication system is characterized as being able to significantly maximize security by minimizing the risk of attacks on user data. This research provides evaluation results that the DNN deep neural network model trained with AES-256 is characterized as being able to produce accuracy above 99.9% with less than 5,000 power traces. Then, the implementation of liveness detection is characterized as being able to produce an F1-Score of 97.78% and an HTER of 8.47% in the intra-dataset scenario, as well as an F1-Score of 74.77% and an HTER of 29.05% in the cross-dataset scenario. This combination of technologies provides secure and efficient biometric authentication without compromising user comfort.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call