Combining Face Recognition with Keystrokes to Reduce Spoofing Attacks on Mobile Touchscreens
No Thumbnail Available
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
A biometrics-based authentication system is a method to identify users based on their
physiological and behavioral characteristics. However, using only one biometric modality has
been shown to have some significant weaknesses. For example, fingerprints can be worn out, cut,
or stolen, and a facial image can be captured from a long distance. Spoofing attacks are a major
threat to a biometric system. Psychological or behavior biometrics are not unique and can be
found or imitated everywhere. Even though biometric modalities have weaknesses, the use of
biometric systems has increased.
As a solution, a multimodal biometric system is proposed to explore if spoofing attacks
can be minimized in a biometrics authentication system. In the proposed multimodal biometric
system, users are required to authenticate themselves using two or more modalities. A
multimodal system is expected to be more secure than a unimodal system, because it may be
more difficult to spoof two or more biometric traits than a single one.
In this thesis, we combined face recognition along with keystroke on mobile touch
screens to study the effectiveness of these modalities individually and combined to authenticate a
genuine user. Is keystroke more vulnerable than face recognition to spoofing attacks? Is it
necessary to spoof all the biometric traits to compromise a multimodal system? These questions
are important when a physiological biometric such as facial recognition is combined with a
behavioral biometric such as keystroke.
To find answers to these questions, we implemented face recognition, keystroke, and a
multimodal system on mobile touch screens. We tested the system among users to find which
modality is more effective at authenticating users. Also, we tested these systems among users, to
find which modality is more vulnerable to spoofing attacks. Different spoofing scenarios were
used to find if it is possible to spoof all the fused biometric traits to compromise a multimodal
system or if an attacker can compromise the system by spoofing only one biometric modality