Combining Face Recognition with Keystrokes to Reduce Spoofing Attacks on Mobile Touchscreens

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
A biometrics-based authentication system is a method to identify users based on their physiological and behavioral characteristics. However, using only one biometric modality has been shown to have some significant weaknesses. For example, fingerprints can be worn out, cut, or stolen, and a facial image can be captured from a long distance. Spoofing attacks are a major threat to a biometric system. Psychological or behavior biometrics are not unique and can be found or imitated everywhere. Even though biometric modalities have weaknesses, the use of biometric systems has increased. As a solution, a multimodal biometric system is proposed to explore if spoofing attacks can be minimized in a biometrics authentication system. In the proposed multimodal biometric system, users are required to authenticate themselves using two or more modalities. A multimodal system is expected to be more secure than a unimodal system, because it may be more difficult to spoof two or more biometric traits than a single one. In this thesis, we combined face recognition along with keystroke on mobile touch screens to study the effectiveness of these modalities individually and combined to authenticate a genuine user. Is keystroke more vulnerable than face recognition to spoofing attacks? Is it necessary to spoof all the biometric traits to compromise a multimodal system? These questions are important when a physiological biometric such as facial recognition is combined with a behavioral biometric such as keystroke. To find answers to these questions, we implemented face recognition, keystroke, and a multimodal system on mobile touch screens. We tested the system among users to find which modality is more effective at authenticating users. Also, we tested these systems among users, to find which modality is more vulnerable to spoofing attacks. Different spoofing scenarios were used to find if it is possible to spoof all the fused biometric traits to compromise a multimodal system or if an attacker can compromise the system by spoofing only one biometric modality