Federated authentication using the Cloud (Cloud Aura)

Al Abdulwahid, Abdulwahid Abdullah

January 2017

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorised user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Traditionally deployed in a point-of-entry mode (although a number of implementations also provide for re-authentication), the intrusive nature of the control is a significant inhibitor. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This thesis reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between the need for high security whilst maximising user satisfaction. This is followed by a comprehensive literature survey and critical analysis of the existing research domain on continuous and transparent multibiometric authentication. It is evident that most of the undertaken studies and proposed solutions thus far endure one or more shortcomings; for instance, an inability to balance the trade-off between security and usability, confinement to specific devices, lack or negligence of evaluating users’ acceptance and privacy measures, and insufficiency or absence of real tested datasets. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilised in a universal manner. Accordingly, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. A survey of 302 digital device users was undertaken and reveals that despite the widespread interest in more security, there is a quite low number of respondents using or maintaining the available security measures. However, it is apparent that users do not avoid applying the concept of authentication security but avoid the inconvenience of its current common techniques (biometrics are having growing practical interest). The respondents’ perceptions towards Trusted Third-Party (TTP) enable utilising biometrics for a novel authentication solution managed by a TTP working on multiple devices to access multiple services. However, it must be developed and implemented considerately. A series of experimental feasibility analysis studies disclose that even though prior Transparent Authentication Systems (TAS) models performed relatively well in practice on real live user data, an enhanced model utilising multibiometric fusion outweighs them in terms of the security and transparency of the system within a device. It is also empirically established that a centralised federated authentication approach using the Cloud would help towards constructing a better user profile encompassing multibiometrics and soft biometric information from their multiple devices and thus improving the security and convenience of the technique beyond those of unimodal, the Non-Intrusive and Continuous Authentication (NICA), and the Weighted Majority Voting Fusion (WMVF) and what a single device can do by itself. Furthermore, it reduces the intrusive authentication requests by 62%-74% (of the total assumed intrusive requests without operating this model) in the worst cases. As such, the thesis proposes a novel authentication architecture, which is capable of operating in a transparent, continuous and convenient manner whilst functioning across a range of digital devices – bearing in mind it is desirable to work on differing hardware configurations, operating systems, processing capabilities and network connectivity but they are yet to be validated. The approach, entitled Cloud Aura, can achieve high levels of transparency thereby being less dependent on secret-knowledge or any other intrusive login and leveraging the available devices capabilities without requiring any external sensors. Cloud Aura incorporates a variety of biometrics from different types, i.e. physiological, behavioural, and soft biometrics and deploys an on-going identity confidence level based upon them, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s). While in use, it functions with minimal processing overhead thereby reducing the time required for the authentication decision. Ultimately, a functional proof of concept prototype is developed showing that Cloud Aura is feasible and would have the provisions of effective security and user convenience.

005.8

Uma nova versão de um sistema de detecção e reconhecimento de face utilizando a Transformada Cosseno Discreta

Marinho, Adriano da Silva

30 July 2012

Made available in DSpace on 2015-05-14T12:36:38Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 2501696 bytes, checksum: a1f65e686060aa68aa5e43dee1e6c0b5 (MD5) Previous issue date: 2012-07-30 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Reliable identification systems have become key components in many applications that provide services to authenticated users. Since traditional authentication methods (such as using passwords or smartcards) can be manipulated in order to bypass the systems, biometric authentication methods have been receiving more attention in recent years. One of the biometric traits is the face. The problem of recognizing faces in video and photo still is an object of research, since there are many factors that influence the detection and recognition, such as lighting, position of the face, the background image, different facial expressions, etc. One can perform face recognition using Discrete Cosine Transform (DCT). In order to adjust a face recognition system to uncontrolled environments, two improvements for it were developed in this work: a image normalization module with respect to rotation and scale, and a change in the feature extraction module through the insertion of a non-ideal low-pass filter. The system and its modifications were tested on the following face databases: UFPB, ORL, Yale, and VSoft GTAV, developed specially for the job. Tests showed the efficiency of the image normalization module, but the system still is not adequate for every environment. / Sistemas de identificação confiáveis tornaram-se componentes chaves de várias aplicações que disponibilizam serviços para usuários autenticados. Uma vez que métodos de autenticação tradicionais (como os que utilizam senhas ou smartcards) podem ser manipulados com o objetivo de burlar os sistemas, métodos de autenticação biométrica vêm recebendo mais atenção nos últimos anos. Um dos traços biométricos é a face. O problema do reconhecimento de faces em vídeo e foto é objeto de pesquisa, uma vez que existem muitos fatores que influenciam na detecção e no reconhecimento, tais como: iluminação, posição da face, imagem ao fundo, diferentes expressões faciais, etc. É possível realizar reconhecimento facial utilizando a Transformada Cosseno Discreta (DCT). Com o intuito de adequar um Sistema de Detecção e Reconhecimento de Faces a ambientes não controlados, neste trabalho foram desenvolvidas duas melhorias para ele: um módulo normalizador de imagens em relação à rotação e à escala e uma modificação na etapa de seleção de atributos, por meio da inserção de um filtro passa-baixas não ideal. O sistema e suas modificações foram testados nos bancos de faces UFPB, ORL, Yale, GTAV e Vsoft, desenvolvido especialmente para o trabalho. Os testes mostraram a eficácia do módulo de normalização da imagem, mas ainda assim o sistema não é adequado para qualquer ambiente.

Autenticação biométrica

Reconhecimento Facial

DCT

Biometric authentication

Face recognition

DCT

Strong key derivation from noisy sources

Fuller, Benjamin Woodbury

12 March 2016

A shared cryptographic key enables strong authentication. Candidate sources for creating such a shared key include biometrics and physically unclonable functions. However, these sources come with a substantial problem: noise in repeated readings. A fuzzy extractor produces a stable key from a noisy source. It consists of two stages. At enrollment time, the generate algorithm produces a key from an initial reading of the source. At authentication time, the reproduce algorithm takes a repeated but noisy reading of the source, yielding the same key when the two readings are close. For many sources of practical importance, traditional fuzzy extractors provide no meaningful security guarantee. This dissertation improves key derivation from noisy sources. These improvements stem from three observations about traditional fuzzy extractors. First, the only property of a source that standard fuzzy extractors use is the entropy in the original reading. We observe that additional structural information about the source can facilitate key derivation. Second, most fuzzy extractors work by first recovering the initial reading from the noisy reading (known as a secure sketch). This approach imposes harsh limitations on the length of the derived key. We observe that it is possible to produce a consistent key without recovering the original reading of the source. Third, traditional fuzzy extractors provide information-theoretic security. However, security against computationally bounded adversaries is sufficient. We observe fuzzy extractors providing computational security can overcome limitations of traditional approaches. The above observations are supported by negative results and constructions. As an example, we combine all three observations to construct a fuzzy extractor achieving properties that have eluded prior approaches. The construction remains secure even when the initial enrollment phase is repeated multiple times with noisy readings. Furthermore, for many practical sources, reliability demands that the tolerated noise is larger than the entropy of the original reading. The construction provides security for sources of this type by utilizing additional source structure, producing a consistent key without recovering the original reading, and providing computational security.

Computer science

Biometric authentication

Error correcting codes

Fuzzy extractors

Information theory

Key derivation

Gerenciamento e autenticação de identidades digitais usando feições faciais

Ribeiro, Matheus Antônio Corrêa

January 2008

Em nossa vida diária, são utilizadas identidades digitais (IDDs) para acessar contas de e-mail, bancos e lojas virtuais, locais restritos, computadores compartilhados, e outros. Garantir que apenas usuários autorizados tenham o acesso permitido é um aspecto fundamental no desenvolvimento destas aplicações. Atualmente, os métodos de controle de acesso simples como senhas ou números de identificação pessoal não devem ser considerados suficientemente seguros, já que um impostor pode conseguir estas informações sem o conhecimento do usuário. Ainda, no caso de utilização de dispositivos físicos como cartões de identificação, estes podem ser roubados ou forjados. Para tornar estes sistemas mais confiáveis, técnicas de autenticação de identidades utilizando múltiplas verificações são propostas. A utilização de características biométricas surge como a alternativa mais confiável para tratar este problema, pois são, teoricamente, únicas para cada pessoa. Contudo, algumas características biométricas como a aparência facial podem variar com o tempo, implicando em um grande desafio para os sistemas de reconhecimento facial. Neste trabalho é combinado o acesso tradicional por senha com a análise da face para realizar a autenticação. Um método de aprendizagem supervisionada é apresentado e sua adaptação é baseada na melhora contínua dos modelos faciais, que são representados por misturas de gaussianas. Os resultados experimentais, obtidos sobre um conjunto de teste reduzido, são encorajadores, com 98% de identificação correta dos usuários e custo computacional relativamente baixo. Ainda, a comparação com um método apresentado na literatura indicou vantagens do método proposto quando usado como um pré-selecionador de faces. / In our daily life, we use digital identities (DIDs) to access e-mails, e-banks, e-shops, physical environments, shared computers, and so on. Guarantee that only authorized users are granted access is an important aspect in the development of such applications. Nowadays, the simple access control methods like passwords or personal identification numbers can not be considered secure enough, because an impostor can obtain and use these information without user knowledge. Also, physical devices like ID cards can be stolen. To make these systems more reliable, multimodal DID authentication techniques combining different verification steps are proposed. Biometric features appears as one of the most reliable alternatives to deal with this problem because, theoretically, they are unique for each person. Nevertheless, some biometric features like face appearances may change in time, posing a serious challenge for a face recognition system. In this thesis work, we use the traditional password access combined with human face analysis to perform the authentication task. An intuitive supervised appearance learning method is presented, and its adaptation is based on continuously improving face models represented using the Gaussian mixture modeling approach. The experimental results over a reduced test set show encouraging results, with 98% of the users correctly identified, with a relatively small computational effort. Still, the comparison with a method presented in the literature indicated advantages of the proposed method when used as a pre-selector of faces.

Biometria

Identidade digital

Processamento de imagens

Imagem digital

Access control

Biometric authentication

Biometrics

Identity management systems

Facial features

User modeling

Gerenciamento e autenticação de identidades digitais usando feições faciais

Ribeiro, Matheus Antônio Corrêa

January 2008

Em nossa vida diária, são utilizadas identidades digitais (IDDs) para acessar contas de e-mail, bancos e lojas virtuais, locais restritos, computadores compartilhados, e outros. Garantir que apenas usuários autorizados tenham o acesso permitido é um aspecto fundamental no desenvolvimento destas aplicações. Atualmente, os métodos de controle de acesso simples como senhas ou números de identificação pessoal não devem ser considerados suficientemente seguros, já que um impostor pode conseguir estas informações sem o conhecimento do usuário. Ainda, no caso de utilização de dispositivos físicos como cartões de identificação, estes podem ser roubados ou forjados. Para tornar estes sistemas mais confiáveis, técnicas de autenticação de identidades utilizando múltiplas verificações são propostas. A utilização de características biométricas surge como a alternativa mais confiável para tratar este problema, pois são, teoricamente, únicas para cada pessoa. Contudo, algumas características biométricas como a aparência facial podem variar com o tempo, implicando em um grande desafio para os sistemas de reconhecimento facial. Neste trabalho é combinado o acesso tradicional por senha com a análise da face para realizar a autenticação. Um método de aprendizagem supervisionada é apresentado e sua adaptação é baseada na melhora contínua dos modelos faciais, que são representados por misturas de gaussianas. Os resultados experimentais, obtidos sobre um conjunto de teste reduzido, são encorajadores, com 98% de identificação correta dos usuários e custo computacional relativamente baixo. Ainda, a comparação com um método apresentado na literatura indicou vantagens do método proposto quando usado como um pré-selecionador de faces. / In our daily life, we use digital identities (DIDs) to access e-mails, e-banks, e-shops, physical environments, shared computers, and so on. Guarantee that only authorized users are granted access is an important aspect in the development of such applications. Nowadays, the simple access control methods like passwords or personal identification numbers can not be considered secure enough, because an impostor can obtain and use these information without user knowledge. Also, physical devices like ID cards can be stolen. To make these systems more reliable, multimodal DID authentication techniques combining different verification steps are proposed. Biometric features appears as one of the most reliable alternatives to deal with this problem because, theoretically, they are unique for each person. Nevertheless, some biometric features like face appearances may change in time, posing a serious challenge for a face recognition system. In this thesis work, we use the traditional password access combined with human face analysis to perform the authentication task. An intuitive supervised appearance learning method is presented, and its adaptation is based on continuously improving face models represented using the Gaussian mixture modeling approach. The experimental results over a reduced test set show encouraging results, with 98% of the users correctly identified, with a relatively small computational effort. Still, the comparison with a method presented in the literature indicated advantages of the proposed method when used as a pre-selector of faces.

Biometria

Identidade digital

Processamento de imagens

Imagem digital

Access control

Biometric authentication

Biometrics

Identity management systems

Facial features

User modeling

Gerenciamento e autenticação de identidades digitais usando feições faciais

Ribeiro, Matheus Antônio Corrêa

January 2008

Em nossa vida diária, são utilizadas identidades digitais (IDDs) para acessar contas de e-mail, bancos e lojas virtuais, locais restritos, computadores compartilhados, e outros. Garantir que apenas usuários autorizados tenham o acesso permitido é um aspecto fundamental no desenvolvimento destas aplicações. Atualmente, os métodos de controle de acesso simples como senhas ou números de identificação pessoal não devem ser considerados suficientemente seguros, já que um impostor pode conseguir estas informações sem o conhecimento do usuário. Ainda, no caso de utilização de dispositivos físicos como cartões de identificação, estes podem ser roubados ou forjados. Para tornar estes sistemas mais confiáveis, técnicas de autenticação de identidades utilizando múltiplas verificações são propostas. A utilização de características biométricas surge como a alternativa mais confiável para tratar este problema, pois são, teoricamente, únicas para cada pessoa. Contudo, algumas características biométricas como a aparência facial podem variar com o tempo, implicando em um grande desafio para os sistemas de reconhecimento facial. Neste trabalho é combinado o acesso tradicional por senha com a análise da face para realizar a autenticação. Um método de aprendizagem supervisionada é apresentado e sua adaptação é baseada na melhora contínua dos modelos faciais, que são representados por misturas de gaussianas. Os resultados experimentais, obtidos sobre um conjunto de teste reduzido, são encorajadores, com 98% de identificação correta dos usuários e custo computacional relativamente baixo. Ainda, a comparação com um método apresentado na literatura indicou vantagens do método proposto quando usado como um pré-selecionador de faces. / In our daily life, we use digital identities (DIDs) to access e-mails, e-banks, e-shops, physical environments, shared computers, and so on. Guarantee that only authorized users are granted access is an important aspect in the development of such applications. Nowadays, the simple access control methods like passwords or personal identification numbers can not be considered secure enough, because an impostor can obtain and use these information without user knowledge. Also, physical devices like ID cards can be stolen. To make these systems more reliable, multimodal DID authentication techniques combining different verification steps are proposed. Biometric features appears as one of the most reliable alternatives to deal with this problem because, theoretically, they are unique for each person. Nevertheless, some biometric features like face appearances may change in time, posing a serious challenge for a face recognition system. In this thesis work, we use the traditional password access combined with human face analysis to perform the authentication task. An intuitive supervised appearance learning method is presented, and its adaptation is based on continuously improving face models represented using the Gaussian mixture modeling approach. The experimental results over a reduced test set show encouraging results, with 98% of the users correctly identified, with a relatively small computational effort. Still, the comparison with a method presented in the literature indicated advantages of the proposed method when used as a pre-selector of faces.

Biometria

Identidade digital

Processamento de imagens

Imagem digital

Access control

Biometric authentication

Biometrics

Identity management systems

Facial features

User modeling

Autentisiering av användare i datoriserade miljöer hos SMF - biometri kontra tokens : En jämförelse av två sätt att implementera autentisering av användare / Authentication of users in computerized environments at SME - biometrics versus tokens : A comparison of two ways to implement authentication of users

Hedberg, David

January 2020

Allt eftersom mer och mer information sparas på datorer så ökar även trycket på att denna information sparas säkert, och att endast behöriga personer kommer åt den.Syftet med arbetet var att se vilka skillnader som finns mellan biometri och tokens, och vilka skillnader som små till medelstora företag borde ta i beaktande när de väljer en autentiseringsmetod. Det förväntade resultatet var då en beskrivning, i form av ett ramverk, över vilka för- och nackdelar som finns med de två metoderna, och således vilken metod som ett enskilt företag som använder ramverket borde använda sig utav.Arbetet genomfördes via en litteraturstudie, i vilket tre databaser användes för att samla information. IEEEXplore, ACM Digital Library, och ScienceDirect var de tre databaser som användes för arbetet. I dessa identifierades ett antal artiklar, som delades upp i kodade kategorier utefter innehåll. Detta i syfte att utföra en tematisk kodad analys.Totalt identifierades 28 artiklar i de olika databaserna. I dessa artiklar identifierades kostnad, säkerhet, integritet, och användarvänlighet som några av de mesta omtalade ämnena. 7 utav de 28 artiklarna pratade om kostnad, 20 av artiklarna nämnde säkerhet, 5 nämnde integritet, och 9 pratade om användarvänlighet. Det fanns även ett antal mindre teman i tvåfaktorsautentisering, skalbarhet, typer av biometri, typer av tokens, och framtida teknologi inom biometri.Efter genomförd analys formulerades ett ramverk i vilket ett smått till medelstort företag kan se vilken metod av autentisering som passar deras företag bäst. / As technology evolves, corporations and enterprises are forced to evolve alongside it. Storing company information and data on servers and computers have become common practice.Initially, the goal with the work presented was to compare biometric authentication and token authentication in relation so SMEs. In the current landscape there is no comprehensive study in these two methods of authentication in relation to SMEs. A framework was developed for system administrators to use when choosing one of these methods of authentication. The framework is a summarization of the works analytical part.A literature study was conducted to reach the goal. Three databases were used as sources of information. These three were namely IEEEXplore, ACM Digital Library, and ScienceDirect. From these sources, literature was identified on which the study was then based. Thematic coding was used to analyze the collected data.After the process of collecting and including/excluding was complete, a total of 28 articles remained. From these articles a total of 10 themes were identified from the thematic coding. These themes were cost, integrity, usability, security pros, security cons, two-factor authentication, scalability, biometric types, token types, and future biometric technology. Four of these were more prevalent, namely cost, integrity, usability, and security.After the analysis was finished the themes that emerged as important were integrity and usability. Because of this, the framework is heavily influenced by these themes and they are particularly important for system administrators to consider.

Biometric authentication

token-based authentication

authentication

authentication SME

information security

biometrisk autentisering

token-baserad autentisering

autentisering

autentisering SMF

informationssäkerhet

Information Systems

Anställdas inställning till biometrisk autentisering : En studie på svenska små- och medelstora företag / Employees' attitude to biometric authentication

Karlsson, Jakob, Malmberg, Sebastian

January 2022

Denna studie undersöker anställdas inställning till BA som MFA-metod på svenska SMF, även vilken BA-metod som anses lämpligast för användning. Tidigare studier har främst fokuserat på större organisationer och företag med kvantitativa forskningsmetoder. Därav har denna studie valt att undersöka SMF med en kvalitativ inriktning i formen av en semistrukturerad intervjustudie. Studien genomförde totalt nio intervjuer från varierande företag med respondenter aven mängd olika arbetsroller. Utifrån dessa intervjuer kunde flera teman identifieras, dessa användes för att dra slutsatser kring användarens inställning och vilken BA-metod som föredras i företagskontext. Teman som identifierades utgjorde grunden förde anställdas inställning, exempelvis vilka positiva och negativa aspekter de anställda kunde se med BA som MFA. Resultaten visade att de anställda generellt sett var positivt inställda till BA som MFA-metod och att de flesta kunde tänka sig implementera detta på sin arbetsplats. Av fingeravtryck, röstigenkänning,ansiktsigenkänning och irisskanning föredrog respondenterna fingeravtryck som BA-metod i företagskontext. Studien valde att inte fokusera på företag som redan implementerat BA som MFA. Applikationer och program som anställda använder där BA erbjuds anses inte som att företaget implementerat BA som MFA. / This study examines employees' attitudes towards BA (Biometric Authentication) as an MFA (Multi-Factor Authentication) method at Swedish SMEs, as well as which BA method is considered most suitable for use. Previous studies have focused on larger organizations and companies with quantitative research methods. Therefore, this study has chosen to examine SMEs with a qualitative focus by conducting semistructured interviews. The study conducted a total of nine interviews from various companies with respondents from a variety of work roles. Based on these interviews, several themes could be identified, these were used to draw conclusions about the employees’ attitude and which BA method is preferred in a business context. Themes that were identified formed the basis for the employees' attitude, for example what positive and negative aspects the employees could see with BA as MFA. The results showed that the employees were generally positive about BA as an MFA method and that most could imagine implementing this in their workplace. Focusing on fingerprints, voice recognition, face recognition and iris scanning, the respondents preferred fingerprints as a BA method. The study chose not to focus on companies that have already implemented BA as MFA. Applications and programs that employees use where BA is offered are not considered that the company has implemented BA as MFA.

BA

Biometric authentication

Facial recognition

Fingerprint

Iris scanning

MFA

SME

Voice recognition

Ansiktsigenkänning

Användaracceptans

BA

Biometriskautentisering

Fingeravtryck

Irisskanning

MFA

Röstigenkänning

SMF

Information Systems

The Evolution of Biometric Authentication: A Deep Dive Into Multi-Modal Facial Recognition: A Review Case Study

Abdul-Al, Mohamed, Kyeremeh, George Kumi, Qahwaji, Rami, Ali, N.T., Abd-Alhameed, Raed

18 October 2024

Yes / This survey provides an insightful overview of recent advancements in facial recognition technology, mainly focusing on multi-modal face recognition and its applications in security biometrics and identity verification. Central to this study is the Sejong Face Database, among other prominent datasets, which facilitates the exploration of intricate aspects of facial recognition, including hidden and heterogeneous face recognition, cross-modality analysis, and thermal-visible face recognition. This paper delves into the challenges of accurately identifying faces under various conditions and disguises, emphasising its significance in security systems and sensitive sectors like banking. The survey highlights novel contributions such as using Generative Adversarial Networks (GANs) to generate synthetic disguised faces, Convolutional Neural Networks (CNNs) for feature extractions, and Fuzzy Extractors to integrate biometric verification with cryptographic security. The paper also discusses the impact of quantum computing on encryption techniques and the potential of post-quantum cryptographic methods to secure biometric systems. This survey is a critical resource for understanding current research and prospects in biometric authentication, balancing technological advancements with ethical and privacy concerns in an increasingly digital society. / European Union’s Horizon-Marie Skłodowska-Curie Actions (MSCA)-RISE-2019-2023, Marie Skłodowska-Curie, Research, and Innovation Staff Exchange (RISE), titled: Secure and Wireless Multimodal Biometric Scanning Device for Passenger Verification Targeting Land and Sea Border Control

Facial recognition (FR)

Multi-modal face recognition

Security biometrics

Identity verification

Sejong face database

Deep learning techniques

Facial disguises

Biometric authentication

Machine learning models

Face recognition

Accuracy

Feature extraction

Thermal analysis

Surveys

Ethics

Databases

Quantum computing

Privacy