Mobile Authentication Research Articles

A Review on Secure Authentication Mechanisms for Mobile Security

Cybersecurity, complimenting authentication, has become the backbone of the Internet of Things. In the authentication process, the word authentication is of the utmost importance, as it is the door through which both Mr. Right Guy and Mr. Wrong Guy can pass. It is the key to opening the most important and secure accounts worldwide. When authentication is complete, surely there will be passwords. Passwords are a brain-confusing option for the user to choose when making an account during the registration/sign-up process. Providing reliable, effective, and privacy-preserving authentication for individuals in mobile networks is challenging due to user mobility, many attack vectors, and resource-constrained devices. This review paper explores the transformation and modern mobile authentication schemes, categorizing them into password, graphical, behavioral, keystroke, biometric, touchscreen, color, and gaze-based methodologies. It aims to examine the strengths and limitations focused on challenges like security and usability. Standard datasets and performance evaluation measures are also discussed. Finally, research gaps and future directions in this essential and emerging area of research are discussed.

LightAuth: A Lightweight Sensor Nodes Authentication Framework for Smart Health System

ABSTRACTCounterfeit medical devices pose a threat to patient safety, necessitating a secure device authentication system for medical applications. Resource‐constrained sensory nodes are vulnerable to hacking, prompting the need for robust security measures. Token‐based authentication schemes, such as one‐time passwords (OTPs), smart cards, key fobs, and mobile authentication apps, along with certificate‐based authentication methods, such as client and code‐signing, employ cryptographic frameworks like elliptical curve cryptography (ECC) and physical unclonable functions (PUF). However, these methods face challenges, including block sequence issues and susceptibility to side‐channel attacks. To address these issues, we propose a framework for mutual authentication using private Ethereum. This framework integrates private Ethereum and cryptographic techniques for encrypting and decrypting data using mathematical algorithms to overcome block sequence issues and side‐channel attacks. Similarly, fog nodes are utilised to enhance local computing, storage, and networking capabilities for sensors. The framework is evaluated using metrics such as communication costs, execution costs, and computation costs based on Ethereum gas consumption. The performance of the LightAuth framework is compared with that of the Smart Contracts Against Counterfeit IoMT (SCACIoMT) framework, designed for Internet of Medical Things (IoMT) devices. The effectiveness of LightAuth is verified through formal security analysis using BAN logic.

Quality of Essential Medicines from Different Sources in Enugu and Anambra, Nigeria.

This study investigated the quality of 13 essential medicines in the states of Enugu and Anambra, Nigeria. A total of 260 samples were purchased from licensed pharmaceutical manufacturers and wholesalers and from vendors in pharmaceutical markets with unclear licensing status. Samples were analyzed for identity, content, and dissolution according to the United States Pharmacopeia (USP) 42 monographs. Forty-five samples of this study could be examined for authenticity with the Mobile Authentication Service scheme of the Nigerian National Agency for Food and Drug Administration and Control. Out of all samples, 25.4% did not comply with the USP 42 specifications. Strikingly, 21 out of 22 dexamethasone tablet samples (95%) were out of specification (OOS). Nine out of 19 glibenclamide samples (47%) failed dissolution testing, and 7 out of 17 cotrimoxazole samples (41%) failed assay testing. Medicines against noncommunicable diseases showed a slightly higher percentage of OOS samples than anti-infectives (21.2% versus 17.6%). The rates of OOS samples were similar in medicines stated to be produced in Nigeria, India, and China but were very different between individual manufacturers from each of these countries of origin. Therefore, prequalification of products, manufacturers, and suppliers are very important for quality assurance in medicine procurement. Unexpectedly, the total proportions of OOS samples were similar from licensed vendors (25.2%) and from markets (25.5%). Four samples (1.5%), all collected in markets, were clearly falsified and did not contain the declared active pharmaceutical ingredients. The proportion of falsified medicines was found to be lower than frequently reported in the media for Nigeria.

Using QR Code and a Smartphone to Provide University of Cross River State (UNICROSS) Certificate Authentication

In the modern world, people frequently fabricate their credentials in order to secure a job or to show up where and when it is necessary. Verification is the most effective approach to identify those fraudulent certificates. Despite this, the paper verification method requires a drawn-out and time-consuming process to handle certificate verification because the certificates must be returned to the institutions who awarded them. As a result, the certificates either fail to pass verification or are delayed by the lengthy process. Hence, a certificate verification method using QR codes is developed in this study for quick verification of University of Cross River State (UNICROSS) certificate genuineness. A Smartphone and 3D Printed QR Code were employed for the enhancement of UNICROSS certificate mobile authentication services. ScanTrust anti-counterfeiting services were used to secure and host the encrypted information. Results show that our framework is effective for creating mobile authentication services with high user satisfaction rate and having reasonably low computing requirements.

Securing Digital Vaults: Advanced Tactics for Protecting Personal Information Online

Abstract: This research explores the critical significance of robust password security in protecting personal and sensitive data on digital platforms. It emphasizes key factors contributing to password vulnerability, including length, structure, recycling, and irregular updates. The paper stresses the paramount importance of creating strong, unique passwords while avoiding personal details and refraining from password reuse. Additionally, it discusses advanced techniques like the Honeyword technique and HoneyEncryption to enhance password security. User education on mobile authentication and preventing shoulder-surfing attacks is highlighted. Privacy implications related to sensitive personal data usage are also examined. Moreover, the potential benefits of graphical passwords in improving security and user convenience are explored. Ultimately, this paper provides valuable insights and practical recommendations for individuals and organizations to prioritize and strengthen password security, thus safeguarding their personal information online.

Counterfeit Drugs Detection in the Nigeria Pharma-Chain via Enhanced Blockchain-based Mobile Authentication Service

Drugs has since become a major source of livelihood for Nigerians. It also accounts for over 85% of the total food consumed within her borders. The sector has maintained improved productivity and profitability via a concerted effort to address critical issues such as an unorganized regulatory system, lack of food safety data, no standards in agricultural produce, non-adaptation to precision farming, and non-harmony via inventory trace supports. This study proposes blockchain-based tracer-support system in a continued effort to ensure food quality, consumer safety, and trading of food assets. It uses the radio-frequency identification sensors to register and trace drugs manufacture cum administration process and provide a databank to trace the drug records via the shipment to its distribution centers. To ascertain, if the drug is genuine or fake, the user scans the QRcode via the mobile application API, which then generates feedback. Results achieves the following: (a) presents a framework and roadmap for adoption by the National Agency for Food and Drug Administration and Control (NAFDAC) to ensure pharmaceutical blockchain, (b) show ensemble is scalable for up-to 7500users to yield a performance of 1138-transactions per seconds with response time of 88secs for page retrieval and 128secs for queries respectively, and (c) yields slightly longer time for increased number of users via its world-state as stored in the permissionless blockchain hyper-fabric ledger. Thus, the framework can directly query and retrieve data without it traversing the whole ledger. This, in turn, improves the efficiency and effectiveness of the traceability system. Keywords: Nigerian Pharma-Chain, Fake/Counterfeit drugs, Healthcare, CORDA, hyper-ledger fabric, NAFDAC Ejeh, P.O., Okpor, M.D., Yoro, R.E., Ifioko, A.M., Onyemenem, I.S., Odiakaose, C,C., Ojugo, A.A., Ako, R.E., Emordi, F.U., Geteloma, V.O., Counterfeit Drugs Detection in the Nigeria Pharma-Chain via Enhanced Blockchain-based Mobile Authentication Service. Journal of Advances in Mathematical & Computational Science. 2024, Vol. 12, No. 1. Pp 25-44. Available online at www.isteams.net/mathematics-computationaljournal. dx.doi.org/10.22624/AIMS/MATHS/V12N2P3

Spoofing Attacks and Anti-Spoofing Methods for Face Authentication Over Smartphones

The ubiquitous usages of smartphones demand reliable mobile authentication systems, which are expected to play an indispensable role in protecting users' sensitive and private information. Among various mobile authentication mechanisms, face authentication (FA) has become the most popular choice on modern smartphones, owing to its excellent performance and user experience. Unfortunately, emerging advanced attacks have brought in severe security concerns against FA systems (e.g., privacy leakage, property damage), which have also triggered increased attention on face anti-spoofing designs. This paper provides a concise review of the advanced face anti-spoofing systems over smartphones from a practical perspective. We first review the presentation attacks (PAs) toward FA systems and classify them according to the geometry and dynamic property of the presentation mediums. Then we survey the state-ofthe- art presentation attack detection (PAD) approaches over smartphones and categorize these methods into four categories based on the cues they leverage. Furthermore, we present a comprehensive comparison of their advantages and disadvantages from various practical aspects. Finally, we provide recommendations for future directions. We hope our viewpoints would shed light on potential pathways for more reliable FA in the future.

An Investigation into NAFDAC Intervention on the Incidence of Fake and Counterfeit Drugs in Nigeria

Various interventions, including innovative technologies, have been used to solve problems. Over the years, the Nigerian government has introduced a good healthcare delivery system, including providing quality, efficacious and affordable drugs. The study used a qualitative design method adopting a focus group discussion approach. The selected states for the study are Lagos, Kano, Anambra and FCT Abuja. The study population comprised NAFDAC stakeholders who are dealers in pharmaceutical products or Marketing Authorization Holders (MAHs) of medicines, Consumers and Policymakers. The focus group participants were selected based on convenience sampling. The interventions highlighted were Mobile Authentication Services (MAS), on-the-spot checks on drugs through a TruScan, Black-Eye and Radio Frequency Identification Devices (RFID). The respondents also highlighted using NAFDAC registration numbers and holograms as important ways of checking the features of medicine before using it. The participants also highlighted the lack of public awareness about these interventions and the need for proper regulation and enforcement of laws against the sale and distribution of fake drugs as challenges that hinder the successful development and implementation of interventions against fake and counterfeit drugs. The participants suggested KYC measures to address issues within the supply chain to evaluate the effectiveness of their current strategies. Regular meetings, advocacy efforts, and educational workshops are recommended to raise awareness and educate stakeholders about their roles and responsibilities in pursuit of addressing the challenges related to counterfeit drug interventions. Keywords: Focus group discussion (FGD), Investigation, Intervention, Counterfeit, Technology.

SwipeFormer: Transformers for mobile touchscreen biometrics

The growing number of mobile devices over the past few years brings a large amount of personal information, which needs to be properly protected. As a result, several mobile authentication methods have been developed. In particular, behavioural biometrics has become one of the most relevant methods due to its ability to extract the uniqueness of each subject in a secure, non-intrusive, and continuous way. This article presents SwipeFormer, a novel Transformer-based system for mobile subject authentication by means of swipe gestures in an unconstrained scenario (i.e., subjects could use their personal devices freely, without restrictions on the direction of swipe gestures or the position of the device). Our proposed system contains two modules: (i) a Transformer-based feature extractor, and (ii) a similarity computation module. Mobile data from the touchscreen and different background sensors (accelerometer and gyroscope) have been studied, including in the analysis both Android and iOS operating systems. A complete analysis of SwipeFormer is carried out using an in-house large-scale database acquired in unconstrained scenarios. In these operational conditions, SwipeFormer achieves Equal Error Rate (EER) values of 6.6% and 3.6% on Android and iOS respectively, outperforming the state of the art. In addition, we evaluate SwipeFormer on the popular publicly available databases Frank DB and HuMIdb, achieving EER values of 11.0% and 5.0% respectively, outperforming previous approaches under the same experimental setup.

Mobile authentication of copy detection patterns

In the recent years, the copy detection patterns (CDP) attracted a lot of attention as a link between the physical and digital worlds, which is of great interest for the internet of things and brand protection applications. However, the security of CDP in terms of their reproducibility by unauthorized parties or clonability remains largely unexplored. In this respect, this paper addresses a problem of anti-counterfeiting of physical objects and aims at investigating the authentication aspects and the resistances to illegal copying of the modern CDP from machine learning perspectives. A special attention is paid to a reliable authentication under the real-life verification conditions when the codes are printed on an industrial printer and enrolled via modern mobile phones under regular light conditions. The theoretical and empirical investigation of authentication aspects of CDP is performed with respect to four types of copy fakes from the point of view of (i) multi-class supervised classification as a baseline approach and (ii) one-class classification as a real-life application case. The obtained results show that the modern machine-learning approaches and the technical capacities of modern mobile phones allow to reliably authenticate CDP on end-user mobile phones under the considered classes of fakes.

Privacy-Preserving Continuous Authentication for Mobile and IoT Systems Using Warmup-Based Federated Learning

Continuous authentication for mobile devices acknowledges users by studying their behavioural interactions with their devices. It provides an extended protection mechanism that supplies an additional layer of security for smartphones and Internet of Things (IoT) devices and locks out intruders in cases of stolen credentials or hijacked sessions. Most of the continuous authentication efforts in the literature consist of collecting behavioural, sensory data from users and extracting statistical patterns through adopting various Machine Learning (ML) techniques. The main drawback of these approaches is their heavy reliance on acquiring the users' personal data, which exposes the latter's privacy. To address this limitation, we introduce a novel Federated Learning (FL) based continuous authentication mechanism for mobile and IoT devices. Our approach preserves the users' privacy by allowing each individual to locally train an ML model that captures his/her behaviour and then shares the model weights with the server for global aggregation. An extended scheme with a warmup FL approach for continuous authentication is proposed. Performance evaluation is done with a unique non-IID dataset built from three well-known datasets MNIST, CIFAR-10 and FEMNIST. The extensive experimental results show a major accuracy increase in user authentication.

The vulnerability and enhancement of AKA protocol for mobile authentication in LTE/5G networks

The Long-Term Evolution (LTE)/5G network connects much of the world’s population to provide subscriber’s voice calls and mobile data delivery, with security provided by the Authentication and Key Agreement (AKA) defined by 3GPP, which makes the LTE/5G network more secure than all its predecessors. Primarily due to the access limitations of LTE systems, the vulnerabilities of AKA protocol and potential attacks have not received much investigation, which is essential to LTE users with a tremendous amount of cellular services. In this study, we focus on two questions: (i) what are the vulnerabilities that can be exploited to carry out attacks in practice? and (ii) how to design an enhanced AKA protocol against such attacks? We examine the detailed procedures of Evolved Packet System (EPS)-AKA protocol by 3GPP, and have identified three types of attacks with respect to catching, location tracking, and jamming. We have designed and implemented attacks with commercial equipment to evaluate their threats in practice. In addition, we propose an enhanced AKA protocol that essentially relies on asymmetric encryption rather than symmetric in the AKA protocol and additional digital signatures to countermeasure these attacks. Finally, we verified our solution through formal verification to prove that our solution can mitigate the newly found vulnerabilities.

How Urgent is Mobile Authentication in Special Need/Education? A Review Systematic of Cyber Security and Psychological Approach

The use of mobile apps due to the Covid-19 pandemic for the distance learning process, learning media, entertainment, and payment instruments creates an awareness of how urgently cyber security is needed in special education. Students, teachers, parents, and therapists, in special education who has interests and have the responsibility data, must be kept confidential or protected as the authenticity of their work, as well as the diversity of levels of disability, trying to study in a systematic review through scientific journal searches related to contemporary mobile authentication methods, authenticity. The review was conducted through several scientific search engines and mobile apps. The results show that authentication is a challenging study for mobile app (computing) developers but it is not easy to facilitate the unique, diverse needs of disability, and the privacy of personal data is still not following cyber security standards while the need for mobile apps in the health and education sectors is growing rapidly.

Comprehensive analysis of continuous authentication for mobile devices

Continuous mobile authentication is an imperative aspect of ensuring the security and privacy of data in the contemporary mobile computing landscape. With the proliferation of mobile devices and the increasing dependency on mobile applications, traditional authentication methods are steadily becoming inadequate to protect sensitive information from unauthorized access. Continuous authentication techniques aim to provide ongoing and seamless verification of user identities, enhancing security while minimizing user inconvenience. This survey paper presents a comprehensive analysis of traditional authentication methods, highlighting key techniques, their integration in mobile systems, applications, and limitations. Then, we elaborate on the various techniques employed in continuous authentication. By examining the strengths and weaknesses of different approaches, this survey aims to provide researchers, practitioners, and developers with a comprehensive understanding of continuous mobile authentication, enabling them to make informed decisions when implementing authentication mechanisms in mobile applications.

Few-Shot Continuous Authentication for Mobile-Based Biometrics

The rapid growth of smartphone financial services raises the need for secure mobile authentication. Continuous authentication is a user-friendly way to strengthen the security of smartphones by implicitly monitoring a user’s identity through sessions. Mobile continuous authentication can be viewed as an anomaly detection problem in which models discriminate between one genuine user and the rest of the impostors (anomalies). In practice, complete impostor profiles are hardly available due to the time and monetary cost, while leveraging genuine data alone yields poorly generalized models due to the lack of knowledge about impostors. To address this challenge, we recast continuous mobile authentication as a few-shot anomaly detection problem, aiming to enhance the inference robustness of unseen impostors by using partial knowledge of available impostor profiles. Specifically, we propose a novel deep learning-based model, namely a local feature pooling-based temporal convolution network (LFP-TCN), which directly models raw sequential mobile data, aggregating global and local feature information. In addition, we introduce a random pattern mixing augmentation to generate class-unconstrained impostor data for the training. The augmented pool enables characterizing various impostor patterns from limited impostor data. Finally, we demonstrate practical continuous authentication using score-level fusion, which prevents long-term dependency or increased model complexity due to extended re-authentication time. Experiments on two public benchmark datasets show the effectiveness of our method and its state-of-the-art performance.

Mobile behavioral biometrics for passive authentication

• We present a first benchmark of HuMIdb, a publicly available HCI database. • We evaluate touchscreen and background sensor data for mobile passive authentication. • We train a recurrent neural network with triplet loss for each individual modality. • A multimodal system is achieved through the fusion of modalities at score level. • Our results show the suitability of behavioral biometrics for mobile authentication. Current mobile user authentication systems based on PIN codes, fingerprint, and face recognition have several shortcomings. Such limitations have been addressed in the literature by exploring the feasibility of passive authentication on mobile devices through behavioral biometrics. In this line of research, this work carries out a comparative analysis of unimodal and multimodal behavioral biometric traits acquired while the subjects perform different activities on the phone such as typing, scrolling, drawing a number, and tapping on the screen, considering the touchscreen and the simultaneous background sensor data (accelerometer, gravity sensor, gyroscope, linear accelerometer, and magnetometer). Our experiments are performed over HuMIdb, 1 1 https://github.com/BiDAlab/HuMIdb one of the largest and most comprehensive freely available mobile user interaction databases to date. A separate Recurrent Neural Network (RNN) with triplet loss is implemented for each single modality. Then, the weighted fusion of the different modalities is carried out at score level. In our experiments, the most discriminative background sensor is the magnetometer, whereas among touch tasks the best results are achieved with keystroke in a fixed-text scenario. In all cases, the fusion of modalities is very beneficial, leading to Equal Error Rates (EER) ranging from 4% to 9% depending on the modality combination in a 3-second interval.

SMASG: Secure Mobile Authentication Scheme for Global Mobility Network

The rapid growth of the Internet of Things (IoT) has enabled prompt services over mobile devices. The Global Mobility Network (GLOMONET) is an important global network that allows mobile users to access the Internet anywhere. Although implementing a secure mechanism in GLOMONET is a difficult and complex task due to the computational and processing limitations of most mobile devices, an authentication system is vital for secure communications among such mobile devices. In 2021, Rahmani <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed an authentication method, called the advanced mobile authentication protocol for GLOMONET (AMAPG). However, we found three serious vulnerabilities in AMAPG. First, AMAPG contains large amounts of information on the smart card of the mobile phone. Therefore, they are vulnerable to attacks that steal critical information. Second, it is susceptible to password-guessing attacks. Third, AMAPG cannot guarantee the security of future messages because attackers can steal the session key. In this study, we discuss the weaknesses of AMAPG and propose a new three-factor authentication scheme called the secure mobile authentication scheme for GLOMONET (SMASG). We performed informal and formal security analyses using ProVerif and BAN Logic on SMASG. In addition, we analyzed and compared its performance with that of the latest GLOMONET-based authentication schemes. SMASG saves an average of 93% time in user login and authentication phase.

Point-of-Care Anti-Counterfeit Medicines Technologies

Background: Substandard and falsified medicines pose a serious threat to public health throughout the world but disproportionately afflict under-resourced nations with weak pharmaceutical regulatory mechanisms. The prescription of medicines is an event in which a medical practitioner(MP) is a decision maker for the ultimate consumer who is the patient.&#x0D; Aim: The study was aimed at describing awareness, identification, utilization, and barriers to utilization of point of-care overt anti-counterfeit medicine technologies(ACMTs) and the drivers, dangers and preventive measures of substandard and falsified medicines among MPs in Abia State.&#x0D; Methods: This was a cross-sectional study done on 178 MPs in Abia State, Nigeria. Data were collected using a self-administered questionnaire that elicited information on awareness, identification, utilization of overt ACMTs and its barriers. The drivers, dangers and preventive measures for substandard and falsified medicines were also studied.&#x0D; Results: The mean age±SD of the respondents was 34±8.2 (Range 24-72 years). There were 159(89.3%) males. All the respondents (100%) were aware of the point-of-care overt ACMTs with the most commonly identified types being labelling (100%), packaging (100%), printing graphics (100%), and mobile authentication numbers(MAN) (100%). The most commonly utilized ACMTs were labelling (100%), packaging (100%) and printing (100%) technologies. Time constraint (100%) was the predominant predisposing barrier to utilization of overt ACMTs. The commonest classes of falsified and substandard medicines were anti-malarial (100%), anti-bacterial (100%) and analgesics (100%). The most common driver and danger of substandard and falsified medicines alluded to by the respondents were poor pharmaceutical products regulatory systems (100%) and treatment failures (100%), respectively. The most recommended preventive measure was securing supply chain of medicines (100%).&#x0D; Conclusion: Awareness of point-of-care overt ACMTs was very high but did not appear to translate to comparable utilizations for all types. The most commonly utilized overt ACMTs were labelling, packaging and printing technologies. Time constraint was identified as a possible predominant barrier to utilization of overt ACMTs. The commonest classes of substandard and falsified medicines were anti-malarial, anti-bacterial and analgesic medicines. It was believed that the commonest driver of substandard and falsified medicines was poor pharmaceutical products regulatory system and all these could result in treatment failures. Securing supply chain of medicinal products may serve as an effective preventive measure.

Mobile authentication scheme based on QKD and IBE

In order to handle the safety problems in mobile communication systems, a mobile identity authentication scheme based on QKD and IBE is proposed. First, the quantum key distribution technology is introduced to handle the safety problems between the private key generator and the cloud services. Next, the IBE algorithm is introduced to encrypt IMSI which makes the scheme more flexible and more efficient. Finally, the quantum time parameter is proposed to manage users’ secret key. Comparing with the existing schemes, the proposed scheme can make full use of the advantages of the QKD and IBE. The mobile identity authentication scheme based on QKD and IBE can be more safe and more efficient.

A Framework for Behavioral Biometric Authentication Using Deep Metric Learning on Mobile Devices

Mobile authentication using behavioral biometrics has been an active area of research. Existing research relies on building machine learning classifiers to recognize an individual’s unique patterns. However, these classifiers are not powerful enough to learn the discriminative features. When implemented on the mobile devices, they face new challenges from the behavioral dynamics, data privacy and side-channel leaks. To address these challenges, we present a new framework to incorporate training on battery-powered mobile devices, so private data never leaves the device and training can be flexibly scheduled to adapt the behavioral patterns at runtime. We re-formulate the classification problem into deep metric learning to improve the discriminative power and design an effective countermeasure to thwart side-channel leaks by embedding a noise signature in the sensing signals without sacrificing too much usability. The experiments demonstrate authentication accuracy over 95 percent on three public datasets, a sheer 15 percent gain from multi-class classification with less data and robustness against brute-force and side-channel attacks with 99 and 90 percent success, respectively. We show the feasibility of training with mobile CPUs, where training 100 epochs takes less than 10 mins and can be boosted 3-5 times with feature transfer. Finally, we profile memory, energy and computational overhead. Our results indicate that training consumes lower energy than watching videos and slightly higher energy than playing games.