Multi-factor Implicit Biometric Authentication: Analysis and Approach

MULTI-FACTOR IMPLICIT BIOMETRIC AUTHENTICATION 1

Multi-Factor Implicit Biometric Authentication: Analysis and Approach

Jigisha Aryya

Illinois Institute of Technology, Chicago

Author Note

Firstly, I thank the institute for providing a rich repository of scholarly articles and material for

carrying out this research submitted on this day of November, 2016. Any questions about this paper

should be sent through email at [email protected] I thank Prof. Raymond E. Trygstad for

suggesting improvements to this work. Second, you are hereby granted permission to use (and adapt)

this document for learning and research purposes. You may not sell this document either by itself or in

combination with other products or services. Third, if you use this document, you use it at your own

risk. The document’s accuracy and safety have been thoroughly evaluated, but they are not guaranteed.

mailto:[email protected]


Abstract

The online world is ever-growing and generates data that is valuable and needs to be

protected. With the advent of advanced technologies like IoT, smartphones, bigdata etc. it becomes a

responsibility of any government or organization to create protocols that will protect the information

exchanged by millions of devices. Authentication being the first step in restricting access to sensitive

information and data, it is important that the processes, technologies and policies for this are modified

as per the changing needs. Biometrics has a promising future. However, there are challenges like

operational feasibility, user acceptance, technical problems like mobile device resource limitations and

concern over protecting the users' personal data, that have motivated researchers to look for more

efficient and viable techniques.

Continuous implicit biometric authentication is a process of correctly identifying users

by collecting data about their behavior over a period of time and processing it using Machine Learning

algorithms, Evaluation Matrices etc. This is contrary to physiological biometrics that only uses the

physical attributes.

We look in detail the current scenario and research in physiological and continuous

implicit biometric authentication technique and its practical applicability in various sectors and discuss

the challenges that they pose and ways of overcoming them.

Keywords: authentication, implicit biometrics, behavioral traits, physiological biometrics, user acceptance, operational feasibility


Multi-Factor Implicit Biometric Authentication: Analysis and Approach

In the current digital world, most of the business and personal transactions, as well as

organizational information sharing and storage happens over a network of connected systems, be it a

cloud storage devices, smartphones or home appliances. A person or an entity is authenticated

commonly by using a login ID and password combination in order to be given access. Cyber criminals

and hackers have already figured out ways of cracking these secret credentials using phishing and brute

force techniques in order to steal or manipulate the assets that are available and accessible through the

network. On the other hand, cyber security experts, researchers and personnel are continually looking

for ways to stop these incidents from happening. Biometrics that use what the entity possesses for

determining the identity, is not a new concept but hasn't yet been adopted widely. Only in recent times,

commercial institutions like banks that handle sensitive information are looking to this method of

authentication due to its promising future. However, over time many drawbacks have been identified

that are still in the process of being resolved. Also, newer techniques are being experimented with to

counter the imminent threats. In the following sections we will see the distinct characteristics and

drawbacks of the popular techniques that are being considered world-wide and then analyze possible

solutions that might solve these issues.

Physiological versus Behavioral (Implicit) Biometrics – Implementation and Challenges

Physiological Biometrics like fingerprint authentication is being considered for widespread use

in various banks like Bank of America, Royal Bank of Scotland, HSBC etc. S.T. Bhosale and Dr. B.S.

Sawant (2012) have documented the way fingerprint authentication can lead to “cardless” ATM

transaction. Various computing and mobile devices are equipped with the hardware that is required to

scan the fingerprint of its owner and store it for future authentication. But not all devices like ATMs

widely used support this facility. The usual way of restricting the access to these devices is a PIN or a

password encrypted and stored in the system files or sent to a remote server for authentication. Same is


the case with the other physical attributes like face, retina, iris, palm vein etc. which are in fact even

more niche and rarely seen used in the consumer market or any organization that stores sensitive

information. What is hindering the presence of these technologies is the current state of the hardware

manufactured and used in the devices with which the common consumer interacts like the smartphones,

cash machines, PCs, POS, Kiosks, ATMs, home appliances connected via Internet (IoT) etc. But as

rightly pointed out by Peter Corcoran and Claudia Costache (2016), many a times it is just not possible

for system designers to efficiently incorporate a module for biometric authentication in a device due to

its complexity. The companies that are selling products with which its users might transmit or store

sensitive information, will have to take the necessary steps to enable the penetration of biometrics into

the consumer market. Along with that the storage of the information collected from the users that is

irreplaceable, unlike a password will have to be transmitted to the servers if required and stored as

securely as possible as Peter Corocon et al have rightly quoted “A key problem with biometrics is that

they cannot be revoked”. These are the first and foremost requirements for rapid adoption of

physiological biometrics authentication. Yana Welinder (2016) has mentioned “They will nevertheless

get hacked”. Dr. Thomas P. Keenan in his article has spoken about several serious security breach

possibilities that continue to haunt this technology. So, detection of security bypasses and immediate

remedies for replacement of the unique identity information is also crucial. Second comes

understanding the way these repeated actions of authentication either at the system access level or

application access level weigh on the users, so that they agree to use them for their online security.

Battery power consumption, time of completion of the authentication process, prevention of misuse,

loss or corruption of data etc. are the factors that come into play in this case ( intensive technical

analysis by Paolo Gasti et al, 2016). We will discuss the possible ways by which these issues can be

addressed by the current research in this area similar to what has been proposed by Jigisha Aryya

(2008) and Paolo Gasti et al. (2016).


Behavioral or Implicit biometrics on the other hand, collects data that reflect the way the user

interacts with the system. Voice authentication is being adopted by Banks like Singapore Bank,

Barclays Capital, Citi Bank etc. Keystroke dynamics, mouse dynamics, location information and

touchscreen interaction are ways of identifying a user while they are either aware or unaware of the fact

that they are giving behavior specific identity information for their authentication. Similarly, gait, hand

waving, signature etc. Some of these are relevant only to mobile devices like gait and touchscreen as of

now. However, again, authentication only at the entry point of a system is not enough and should be a

continuous process to ensure complete integrity. This is where continuous behavioral biometrics

authentication takes over. But, doing so can be costly again in terms of user experience and resource

consumption. With a sophisticated design this can be handled well. Abdulaziz Alzubaidi and Jugal

Kalita in their research on the various methods compares the uniqueness and challenges very well and

dives deep into the technicalities. Their work has influenced this paper to a large extent. But as their

work is more focused on mobile devices used by the common consumers, only a part of it has been

picked for further analysis. We will try to analyze the methods and possible better solutions that can be

implemented at a faster and cheaper rate.

The Challenges with Physiological Biometrics and Possible Solutions

Securing the templates

The face impression, fingerprint, iris image, retina or palm print can never be changed and hence used

for identifying a person. And it is always present with the person, meaning it is unlike a password or a

PIN that could be forgotten or become invalid. It is also quick to provide. While this gives an edge to

biometric security systems, it also means that special precautionary measures are needed to store the

templates for comparison and as securely as possible. For any large organization, it is not difficult to

provide machines for identity verification at various points whether online or physical access. These

machines sometimes can capture the impression easily, for example, at a security check point of an


airline where iris verification is done for international travelers. The camera has to align with the eyes

and then take the picture to compare with the already stored iris template. These machines could be

connected to a remote server that receives the template as soon as it is taken and then sends the result.

Additionally they can be encrypted after converting them to bytes of data or obfuscated and again made

right with a known algorithm and key at the server side. This can prevent identity theft. On the other

hand, if we choose to store it locally like in a smartphone or a laptop or desktop, then the operating

system of that machine has to locally encrypt this data and then store at a safe section of the hard disk.

Theft with fake sources like videos can be prevented with liveness check like pupil contraction with

exposure to light. The fast exchange of data between the local computer and the server and processing

speed is the key to its success be it iris, fingerprint or face.

Technical feasibility and User acceptance

For a terminal authenticating a person requesting access, it is easy to set up a system that will have the

hardware to get the impression of the eye, face or palm etc. correctly. But for an online access, it is not

always convenient or feasible to get the picture correctly specially of the face or iris/retina since the

camera resolution might not be of good enough or the user might not be able to align the eye or face

correctly. As such, the authentication system will not get an accurate picture to test. Hence, most

computers and mobile phone have at the most, palm or fingerprint authentication. Unless the hardware

is improved and proper system-generated feedback to the user is not given to align properly, a useful

picture cannot be taken. This might although annoy the person being authenticated, and so, it is best to

use an alternative attribute that is easier to collect. Behavioral biometrics have an upper hand in such

scenarios. Many a times the user is unaware since the interaction itself functions as the “password”.

Since in the remote server scenario, authentication is done by communication over a network, it is

important to keep in mind chances of server and network failures with designing the system and ways

of handling such incidents. Server images containing replica of the templates in a different network can


help in cases of technical failures like these. Cloud based systems are also feasible as described by

Salman H. Khan et al. (2015).

Privacy Issues

For any organization to authenticate a personnel at all required check points is acceptable only

if an individual agrees to be tracked with physical data whenever required and continuously if so. Same

is the case with any commercial application. But since this data is private and permanent, a person

might feel uncomfortable being tracked of his or her location and activities. It is important that

surveillance area are marked properly and the videos and data captured are only accessible to

authorized personnels. If any other person manages to get the access and decides to misuse it, the

reputation of the organization will be spoiled irreversibly. The government or the organization should

keep levels of access for the identification of an individual when using biometric data like face

recognition for security purposes. Managers, Security experts etc. have to be labeled and privileges

identified for getting access to this data sensitively. Access controls to designated areas containing this

information need to be defined as Mandatory Access Controls (MACs) or Non-discretionary controls

that are decided by the top executives and independent advisors and are role based.

The Challenges with Implicit Biometrics and Possible Solutions

Diversity of application

The behavior of an individual like voice, keystroke, touchscreen etc. are very specific and can

be collected mostly with mobile devices accurately. The gait for example cannot be used any other

fixed form of hardware system since it uses the movement of the person. Voice is the most diverse of

all since any machine with a microphone and CPU can capture or process audio data. Keystroke and

touch behavior are also feasible if the device is equipped with a keypad and touch sensitive surface

which is very common in smartphones. Hardware collecting fingerprints is different from touch based

surfaces. But touch interaction would typically require a bit more time to correctly identify a user. That


makes it a trait to be tracked only in smartphones where the user is using it continuously so that

training data can be collected for feeding into a machine learning software system. Same is the case

with keystroke. Other traits like hand-waving and signature are comparatively convenient. Cameras and

optical surfaces that have the ability to capture pen movement are apt for these features. Hence, in

terms of implementation at a physical security check terminal, behavior might pose to be a challenge

except for voice input. Gait could be tracked with surveillance cameras from a certain distance till the

final check point. But again that would also require identifying parallely with face recognition.

Device resource limitations

We know that smartphones and small smart appliances have resource limitations like battery life

and network bandwidth. Authenticating continuously or frequently can levy heavily on it. Researchers

now are working on the core technicalities of the software for making it efficient. Algorithms are

modified with better mathematical techniques. Paolo Gasti et al have given optimized Manhattan and

Hamming distance calculation formula. Compressing the data is crucial to make the authentication

process leaner.

Privacy Issues

Just like physiological traits, behavioral information is also unique and needs to be protected

from cyber criminals. More importantly, it should be informed to the user unless and until the

sensitiveness is not too high or the demand is such.

Adapting to Changing Behavior

A system that authenticates using behavioral features needs to be aware that these

characteristics might change with age and ailment more rapidly than physical attributes. As such, the

software has to be intelligent enough to adapt to the changes. Artificial Intelligence along with machine

learning algorithms can help to a large extent. Only concern is economic and operational feasibility

since building, deploying and maintaining such a system might be costly.


A Hybrid Approach

It is important to understand the pros and cons of each type of biometrics before deciding on its

implementation and design. Cost, effort, time frame and organizational impact depending on the type of

entities to be authenticated are factors that need to be considered. For a robust and futuristic design that

will hold good for atleast sometime, it is a good approach to combine both the types and create a hybrid

authentication system. We know that any institution like a bank or a government organization, access to

information and assets happen at different times and under different conditions depending on its

criticality.

There are basically two levels at which authentication is desired: Entry level and Interaction

level. For physical systems, physiological biometrics like fingerprint, palm print or iris verification is a

quick and easy method. After getting access, the person's movement, face etc. can be monitored till a

certain time to completely ensure that it is indeed the authenticated person. In digital systems that are

mobile, it is possible to have physiological or behavioral biometrics at entry level followed by

continuously authenticating using behavioral traits . It is also feasible and convenient to have a

complete behavioral biometric security system. UnifyID is one of those technological startups that are

working to create products to completely replace any other methods with implicit biometrics for initial

and continuous authentication. However, this is focused only on smartphones, which is not always the

case and the main assumption is that, it is being used only by a single user. Hence, the ideal system has

to adapt to the device size and underlying system architecture. Personal computers that are used to

access electronic portals can be very basic that might not even have a working microphone facility or a

camera. In that case, only implicit biometrics like keystroke dynamics has to be the extra input apart

from some traditional techniques like OTP or a password. Bakelman et al have carried out experiments

of various categories of passwords and keyboard inputs that could be also used for keystroke type of


implicit authentication which is very valuable in terms of creating a more realistic and strong cyber

security system.

For computers and mobile devices having hardware to support audio and video input, face

recognition, handwaving and voice recognition techniques can be used. There are also computers that

have inbuilt hardware for detecting the fingerprint. Smartphone operating systems that support

fingerprint detection also are slowly penetrating the consumer markets. Mouse movement in computers

is equivalent to touchscreen dynamics in smartphones which is a behavioral characteristic. Gait is

specific to smartphones. In the figure below we try to list the different types based on their

implementation ease and practicality.

Entry level → Interaction level

Keystroke dynamics (Implicit) Mouse / Touchscreen interaction (Implicit)

Voice recognition (Implicit) Keystroke dynamics (Implicit)

Face recognition (Physiological) Voice inputs (Implicit)

Hand-waving (Implicit) Gait (Implicit)

Iris/Retina recognition (Physiological)

Fingerprint recognition (Physiological)

Palm print recognition (Physiological)

Signature (Implicit)

Continuous Implicit Biometrics

It is known well the details of physiological biometrics. But to implement a continuous

biometric authentication system that collects and sends the biometric data to a server for learning or

verification using matrices, it is important to evaluate the hardware and software implicates. It is


possible to authenticate digitally end to end using implicit techniques, without the person having to

consciously enter any identity information. But initial identity capturing has be through the hardware as

mentioned above to create the training set or evaluation matrices of values that will be used later for

comparison. This is the future of biometrics and authentication as a whole but if the system fails to

efficiently identify the data, it might lead to login failures, system locks, corruption of behavior data

and overall user dissatisfaction. For digital systems this looks feasible and specially in mobile devices.

For physical assets like storage devices and servers, continuous process might be challenging in terms

of quick implementation. Target Mimicry attacks and Reconstruction attacks as have been studied by

J. Morris Chang et al and Daniel Vogel et al are a reality and need to tackled with great precision. As

the user continues to use a system, even with long gaps of use, the system has to build and modify the

data in order to accommodate any changes in the behavior due to aging. Also special cases when the

actual user isn't being able to interact normally, the system should be intelligent enough not to deny

access to the user. It is always good to have a standby system of alternate authentication in case of such

failures. This is to ensure we do not frustrate the user by causing a great deal of inconvenience.

Looking Beyond Biometrics - Mindmetrics

It is interesting to see that those who are inclined to contribute to the field of cyber security in a

more practical ways have always started with the ease of development and deployment of the

technology. There are researchers who have proposed determining the correct users by testing their

personality with a desired one, which is very similar to psychometric tests. This is often clubbed with

behavioral biometrics like keystroke dynamics to increase its strength. The end user requesting access

is asked certain questions, the answers to which are expected only from the right user. In fact, entering

password is completely eliminated and login id is asked for only later from a set of choices. This design

proposed by Juyeon Jo et al (2014) has been developed using a simple interface coded using an

application programming language. The user feedback was good as per their user acceptance tests. This


is not a solid proof of its feasibility at a large scale but it definitely indicates that there is a new

possibility and direction in biometric authentication that is not only easy to implement but also tests the

person using a more complex parameter which are private information or psychology.

A Complete Biometric based Security System

An organization like bank which is the foremost in implementing biometrics has several divisions,

products and personnels with varied roles who access and modify the data related to the capital

managed by the bank. In the figure below we try to visualize all the possible places where biometrics

could be used in a multi-modal fashion.

Account access by Customer through a Bank branch

Account access by Customer through an ATM

Account access by Customer through a Web portal using a browser

Account access by Customer through a Smartphone Application

Bank employee's access to customer data

IT Manager's access to servers containing sensitive data of customers

DBA's access to bank databases

IT Infrastructure personnel's access to network servers and storage devices like cloud servers

Technical team's access to software governing the customer and bank data

Areas in the bank's corporate offices where software development and data maintenance

takes place


These are just a few name. There are several other repositories of data containing financial reports and

fund management data that need very secure handling. Biometrics can either make or break the security

system depending on how it is understood and implemented.

Managerial Precautions in Launching the Advanced Biometrics

It is always advised to follow the TAM (Technolody Adoption Model) to introduce some new

technology into the system. The acceptance has to be tested no matter how ambitious and futuristic it

is. People being authenticated several times in several different ways can have dire consequences if it

comes as a surprise. But at the same time the management has to convince the employees and the

customers equally of its criticality. Policies governing the tapping of user biometrics data and analyzing

the same for some useful insights also need serious consideration in case it leads to legal issues

claiming breach of privacy rights of individuals. The security aspect must not become a hindrance in

the normal business processes and so an investment in this area requires considering failure scenarios.

The cyber security insurance domain is the newest upcoming area of innovation and advancement as

security can lead to disastrous consequences due to external attacks or internal issues. This makes it

worth the investment necessary. Optimizing the system in terms of the selection of the factors that will

be authenticated against, the management can come up with something that is feasible in terms of cost

and acceptance. As surveyed by Licky Richard Erastus et al., an Emerging Market might not accept an

extensive biometrics based security system as easily as a developed economy. Hence, pilot projects

with these methods is very much advised.


Conclusion

There are several benefits and challenges in using physiological and implicit biometrics. Continuous

implicit biometrics authentication combining two or more factors is the future. If implemented in a

sophisticated manner it can lead to not only higher security assurance but also better user experience.

However, if we fail to address the drawbacks that it suffers from, like precision and efficiency needs, it

can lead to disastrous results in terms of access and system performance. We see in multi-factor

authentication that it is indeed wise to combine physiological biometrics with implicit or behavioral

biometrics rather than depending on just one type. This along with adaptive algorithms implemented at

the low level software design can make a pure biometrics based authentication not only robust but also

a means of improving user experience. What factors need to be used depend on the system architecture

in question. Face, fingerprint, voice recognition and keystroke dynamics along with iris recognition

look popular and accepted so far in sectors like banking. We need to explore more on touchscreen

dynamics since smartphones and mobile devices are the future of information access.


References

Bhosale, S.T. , Dr. Sawant, B.S. (2012) Security in e-banking via card less biometric ATMs,

International Journal of Advanced Technology & Engineering Research (IJATER), Volume 2,

Issue 4, July 2012.

Welinder, Yana (2016) Biometrics in Banking is Not Secure. The New York Times, July 13, 2016 from

http://www.nytimes.com/roomfordebate/2016/07/05/biometrics-and-banking/biometrics-in- banking-is-not-secure

Gasti, Paolo, Šedˇ nka, Jaroslav ,Yang, Qing, Zhou, Gang, Balagani, Kiran S. (2016) Secure, Fast, and

Energy-Efficient Outsourced Authentication for Smartphones. IEEE TRANSACTIONS ON

INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 11, NOVEMBER 2016.

Aryya, Jigisha (2008) Algorithm Selection for Sorting in embedded and Mobile systems, PES Institute

of Technology, April 2008, Bangalore, India from

http://www.slideshare.net/jigishaaryya/algorithm-selection-for-sorting-in-embedded-and-mobile-systems-29727477

Corcoran, Peter, Costache, Claudia (2016) Biometric Technology and Smartphone. IEEE Consumer

Electronics Magazine, April 2016

Alzubaidi, Abdulaziz and Kalita, Jugal (2016) Authentication of Smartphone Users Using

Behavioral Biometrics. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18,

NO. 3, THIRD QUARTER 2016.

Ahmad, Dhurgham T. and Hariri, Mohammad, (2012) User Acceptance of Biometrics in E-banking to

improve Security. Business Management Dynamics Vol.2, No.1, Jul 2012, pp.01-04.

http://www.slideshare.net/jigishaaryya/algorithm-selection-for-sorting-in-embedded-and-mobile-systems-29727477

http://www.nytimes.com/roomfordebate/2016/07/05/biometrics-and-banking/biometrics-in-banking-is-not-secure

http://www.nytimes.com/roomfordebate/2016/07/05/biometrics-and-banking/biometrics-in-


Kekre, H. B., Bharadi, V.A. , (2009) Ageing Adaptation for Multimodal Biometrics using Adaptive

Feature Set Update Algorithm. IEEE International Advance Computing Conference (IACC

2009) Patiala, India, 6-7 March 2009.

Jo, Juyeon, Kim,Yoohwan, and Lee, Sungchul (2014) Mindmetrics: Identifying users without their

login IDs. 2014 IEEE International Conference on Systems, Man, and Cybernetics, October 5-

8, 2014, San Diego, CA, USA

Erastus, Licky Richard, Jere, Nobert, Shava, Fungai Bhunu (2015) Exploring Challenges of Biometric

Technology Adoption:A Namibian Review. Emerging Trends in Networks and Computer

Communications (ETNCC), 2015 International Conference on

Keenan, Dr. Thomas P., (2015) Hidden Risks of Biometric Identifiers and How to Avoid Them, Black

Hat USA 2015.

Khan, Salman H., Akbar, M. Ali (2015) Multi-Factor Authentication on Cloud. Digital Image

Computing: Techniques and Applications (DICTA), 2015 International Conference on.

IEEE International Conference on Consumer Electronics (ICCE) 2016.

Patel, Heena M., Panuwala, Chirag N., Vora, Aarohi (2016) Hybrid Feature level approach for Multi-

biometricCryptosystem. IEEE WiSPNET 2016

Almuairfi, Sadiq , Veeraraghavan, Parakash, Chilamkurti, Naveen (2011) IPAS: Implicit Password

Authentication System. Workshops of International Conference on Advanced Information

Networking and Applications 2016

in passwords, 5th ISSNIP-IEEE Biosignals and Biorobotics Conference (2014): Biosignals and

Robotics for Better and Safer Living (BRC)

http://ieeexplore.ieee.org.ezproxy.gl.iit.edu/xpl/mostRecentIssue.jsp?punumber=6871744







Bakelman, Ned, Monaco, John V., Sung-Hyuk Cha, and Charles C. Tappert (2013) Keystroke

Biometric Studies on Password and Numeric Keypad Input 2013 European Intelligence and

Security Informatics Conference.

Panja, Biswajit, Fattaleh, Dennis, Mercado, Mark, Robinson, Adam, Meharia, Priyanka (2014)

Cybersecurity in Banking and Financial Sector:Security Analysis of a Mobile Banking

Application. Collaboration Technologies and Systems (CTS), 2013 International Conference on.

Bhargav, Abilasha, Squicciarini, Anna, Bertino, Elisa (2006) Privacy Preserving Multi-Factor

Authentication with Biometrics. DIM’06, November 3, 2006, Alexandria, Virginia, USA.

Khan, Hassan, Hengartner, Urs, Vogel, Daniel (2016) Targeted Mimicry Attacks on Touch Input Based

Implicit Authentication Schemes. MobiSys’16, June 25-30, 2016, Singapore, Singapore.

Chun, Hu, Elmehdwi, Yousef, Li, Feng, Bhattacharya, Prabir, Jiang, Wei (2014) Outsourceable Two-

Party Privacy-Preserving Biometric Authentication. ASIA CCS’14, June 4–6, 2014, Kyoto,

Japan.

Tanviruzzaman, Mohammad, Ahamed, Sheikh Iqbal (2014) Your phone knows you: Almost transparent

authentication for smartphones. 2014 IEEE 38th Annual International Computers, Software and

Applications Conference.

Li, Yanyan, Yang, Junshuang, Mengjun Xie, Carlson, Dylan, Jang, Han Gil, Bian, Jiang (2015)

Comparison of PIN- and Pattern-based Behavioral Biometric Authentication on Mobile

Devices. Milcom 2015 Track 3 - Cyber Security and Trusted Computing.

Ford, Bryan (2015) Private Eyes: Secure Remote Biometric Authentication. 12th International

Joint Conference on e-Business and Telecommunications (ICETE)





Gatali, Inkingi Fred, Lee, Kyung Young, Park, Sang Un, Kang, Juyong (2016) A Qualitative Study on

Adoption of Biometrics Technologies: Canadian Banking Industry. ICEC '16, August 17 - 19,

2016, Suwon, Republic of Korea.

Michael, Katina, Michael, MG, Tootell, Holly, Baker, Valerie (2006) The Hybridization of Automatic

Identification Techniques in Mass Market Applications: Towards a Model of Coexistence.

Management of Innovation and Technology, 2006 IEEE International Conference on.

Al-Rubaie, Mohammad, Chang, J. Morris (2016) Reconstruction Attacks Against Mobile-Based

Continuous Authentication Systems in the Cloud. IEEE TRANSACTIONS ON INFORMATION

FORENSICS AND SECURITY, VOL. 11, NO. 12, DECEMBER 2016.


Multi-factor Implicit Biometric Authentication: Analysis and Approach

Technology

Transcript of Multi-factor Implicit Biometric Authentication: Analysis and Approach