Advertisement

Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues

  • Mohamed Amine FerragEmail author
  • Leandros Maglaras
  • Abdelouahid Derhab
  • Helge Janicke
Article
  • 7 Downloads

Abstract

This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, (1) biometric-based authentication schemes, (2) channel-based authentication schemes, (3) factors-based authentication schemes, and (4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions.

Keywords

Security Authentication Smart mobile devices Biometrics Cryptography 

Notes

References

  1. 1.
    Thuemmler, C., & Bai, C. (Eds.). (2017). Health 4.0: How virtualization and big data are revolutionizing healthcare. Cham: Springer.  https://doi.org/10.1007/978-3-319-47617-9.Google Scholar
  2. 2.
    Ferrag, M. A., Maglaras, L. A., Janicke, H., Jiang, J., & Shu, L. (2017). Authentication protocols for internet of things: A comprehensive survey. Security and Communication Networks, 2017, 1–41.  https://doi.org/10.1155/2017/6562953.Google Scholar
  3. 3.
    Khan, W. Z., Xiang, Y., Aalsalem, M. Y., & Arshad, Q. (2013). Mobile phone sensing systems: A survey. IEEE Communications Surveys & Tutorials, 15(1), 402–427.  https://doi.org/10.1109/SURV.2012.031412.00077.Google Scholar
  4. 4.
    Ferrag, M. A. (2017). Epec: An efficient privacy-preserving energy consumption scheme for smart grid communications. Telecommunication Systems, 66(4), 671–688.Google Scholar
  5. 5.
    Ferrag, M. A., Nafa, M., & Ghanemi, S. (2013). Ecpdr: An efficient conditional privacy-preservation scheme with demand response for secure ad hoc social communications. International Journal of Embedded and Real-Time Communication Systems (IJERTCS), 4(3), 43–71.Google Scholar
  6. 6.
    Qin, Z., Sun, J., Wahaballa, A., Zheng, W., Xiong, H., & Qin, Z. (2017). A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing. Computer Standards & Interfaces, 54, 55–60.  https://doi.org/10.1016/j.csi.2016.11.012.Google Scholar
  7. 7.
    Pappel, I., Pappel, I., Tepandi, J., & Draheim, D. (2017). Systematic digital signing in estonian e-government processes. In A. Hameurlain, J. Küng, R. Wagner, T. K. Dang, & N. Thoai (Eds.), Transactions on large-scale data-and knowledge-centered systems XXXVI (pp. 31–51). Berlin: Springer.Google Scholar
  8. 8.
    Schünemann, W. J., & Baumann, M. O. (Eds.). (2017). Privacy, data protection and cybersecurity in Europe. Cham: Springer.  https://doi.org/10.1007/978-3-319-53634-7.Google Scholar
  9. 9.
    Ferrag, M. A., Maglaras, L., & Derhab, A. (2019). Authentication and authorization for mobile IoT devices using biofeatures: Recent advances and future trends. Security and Communication Networks, 2019, 1–20.Google Scholar
  10. 10.
    Ferrag, M. A., Maglaras, L., Derhab, A., & Korba, A. A. (2018). Taxonomy of biometric-based authentication schemes for mobile computing devices. In 2018 3rd international conference on pattern analysis and intelligent systems (PAIS) (pp. 1–8). IEEE.Google Scholar
  11. 11.
    Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4), 49–61.  https://doi.org/10.1109/MSP.2016.2555335.Google Scholar
  12. 12.
    Evans, M., Maglaras, L. A., He, Y., & Janicke, H. (2016). Human behaviour as an aspect of cybersecurity assurance. Security and Communication Networks, 9(17), 4667–4679.  https://doi.org/10.1002/sec.1657.Google Scholar
  13. 13.
    Meng, W., Wong, D. S., Furnell, S., & Zhou, J. (2015). Surveying the development of biometric user authentication on mobile phones. IEEE Communications Surveys & Tutorials, 17(3), 1268–1293.  https://doi.org/10.1109/COMST.2014.2386915.Google Scholar
  14. 14.
    Meng, Y., Wong, D. S., Schlegel, R., & Kwok, L. F. (2013). Touch gestures based biometric authentication scheme for touchscreen mobile phones (pp. 331–350).  https://doi.org/10.1007/978-3-642-38519-3_21.
  15. 15.
    Li, S., Ashok, A., Zhang, Y., Xu, C., Lindqvist, J., & Gruteser, M. (2016). Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns. In 2016 IEEE international conference pervasive computing and communications (pp. 1–9). IEEE.  https://doi.org/10.1109/PERCOM.2016.7456514.
  16. 16.
    Yang, J. H., & Chang, C. C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & Security, 28(3–4), 138–143.  https://doi.org/10.1016/j.cose.2008.11.008.Google Scholar
  17. 17.
    Xi, K., Ahmad, T., Han, F., & Hu, J. (2011). A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Security and Communication Networks, 4(5), 487–499.  https://doi.org/10.1002/sec.225.Google Scholar
  18. 18.
    Ferrag, M. A., Maglaras, L., & Ahmim, A. (2017). Privacy-preserving schemes for ad hoc social networks: A survey. IEEE Communications Surveys & Tutorials, 19(4), 3015–3045.  https://doi.org/10.1109/COMST.2017.2718178.Google Scholar
  19. 19.
    La Polla, M., Martinelli, F., & Sgandurra, D. (2013). A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, 15(1), 446–471.  https://doi.org/10.1109/SURV.2012.013012.00028.Google Scholar
  20. 20.
    Harris, M. A., & Patten, K. P. (2014). Mobile device security considerations for small-and medium-sized enterprise business mobility. Information Management & Computer Security, 22(1), 97–114.  https://doi.org/10.1108/IMCS-03-2013-0019.Google Scholar
  21. 21.
    Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., et al. (2015). Android security: A survey of issues, malware penetration, and defenses. IEEE Communications Surveys & Tutorials, 17(2), 998–1022.  https://doi.org/10.1109/COMST.2014.2386139.Google Scholar
  22. 22.
    Teh, P. S., Zhang, N., Teoh, A. B. J., & Chen, K. (2016). A survey on touch dynamics authentication in mobile devices. Computers & Security, 59, 210–235.  https://doi.org/10.1016/j.cose.2016.03.003.Google Scholar
  23. 23.
    Alizadeh, M., Abolfazli, S., Zamani, M., Baharun, S., & Sakurai, K. (2016). Authentication in mobile cloud computing: A survey. Journal of Network and Computer Applications, 61, 59–80.  https://doi.org/10.1016/j.jnca.2015.10.005.Google Scholar
  24. 24.
    Gandotra, P., Kumar Jha, R., & Jain, S. (2017). A survey on device-to-device (D2D) communication: Architecture and security issues. Journal of Network and Computer Applications, 78, 9–29.  https://doi.org/10.1016/j.jnca.2016.11.002.Google Scholar
  25. 25.
    Spreitzer, R., Moonsamy, V., Korak, T., & Mangard, S. (2017). Systematic classification of side-channel attacks: A case study for mobile devices. IEEE Communications Surveys & Tutorials, 20, 1.  https://doi.org/10.1109/COMST.2017.2779824.Google Scholar
  26. 26.
    Kunda, D., & Chishimba, M. (2018). A survey of android mobile phone authentication schemes. Mobile Networks and Applications.  https://doi.org/10.1007/s11036-018-1099-7.
  27. 27.
    Aslam, M. U., Derhab, A., Saleem, K., Abbas, H., Orgun, M., Iqbal, W., et al. (2017). A survey of authentication schemes in telecare medicine information systems. Journal of Medical Systems, 41(1), 14.  https://doi.org/10.1007/s10916-016-0658-3.Google Scholar
  28. 28.
    Velásquez, I., Caro, A., & Rodríguez, A. (2018). Authentication schemes and methods: A systematic literature review. Information and Software Technology, 94, 30–37.  https://doi.org/10.1016/j.infsof.2017.09.012.Google Scholar
  29. 29.
    Kilinc, H. H., & Yanik, T. (2014). A survey of SIP authentication and key agreement schemes. IEEE Communications Surveys & Tutorials, 16(2), 1005–1023.  https://doi.org/10.1109/SURV.2013.091513.00050.Google Scholar
  30. 30.
    Wang, D., Shen, J., Liu, J. K., & Choo, K. K. R. (2018). Rethinking authentication on smart mobile devices. Wireless Communications and Mobile Computing,.  https://doi.org/10.1155/2018/7079037.Google Scholar
  31. 31.
    He, D., Bu, J., Chan, S., Chen, C., & Yin, M. (2011). Privacy-preserving universal authentication protocol for wireless communications. IEEE Transactions on Wireless Communications, 10(2), 431–436.  https://doi.org/10.1109/TWC.2010.120610.101018.Google Scholar
  32. 32.
    Varshavsky, A., Scannell, A., LaMarca, A., & de Lara, E. (2007). Amigo: Proximity-based authentication of mobile devices. In UbiComp 2007 ubiquitous computing (pp. 253–270).  https://doi.org/10.1007/978-3-540-74853-3_15.
  33. 33.
    Khan, M. K., Zhang, J., & Wang, X. (2008). Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons & Fractals, 35(3), 519–524.  https://doi.org/10.1016/j.chaos.2006.05.061.Google Scholar
  34. 34.
    Li, C. T., Hwang, M. S., & Liu, C. Y. (2008). An electronic voting protocol with deniable authentication for mobile ad hoc networks. Computer Communications, 31(10), 2534–2540.  https://doi.org/10.1016/j.comcom.2008.03.018.Google Scholar
  35. 35.
    Yoon, E. J., & Yoo, K. Y. (2009). Robust ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In 2009 international conference computational science and engineering (pp. 633–640). IEEE.  https://doi.org/10.1109/CSE.2009.363.
  36. 36.
    Wu, T. Y., & Tseng, Y. M. (2010). An ID-based mutual authentication and key exchange protocol for low-power mobile devices. The Computer Journal, 53(7), 1062–1070.  https://doi.org/10.1093/comjnl/bxp083.Google Scholar
  37. 37.
    Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.  https://doi.org/10.1016/j.jnca.2009.08.001.Google Scholar
  38. 38.
    Park, H. A., Hong, J. W., Park, J. H., Zhan, J., & Lee, Dong Hoon. (2010). Combined authentication-based multilevel access control in mobile application for dailylifeservice. IEEE Transactions on Mobile Computing, 9(6), 824–837.  https://doi.org/10.1109/TMC.2010.30.Google Scholar
  39. 39.
    Chang, C. C., Yang, J. H., & Wang, D. W. (2010). An efficient and reliable E-DRM scheme for mobile environments. Expert Systems with Applications, 37(9), 6176–6181.  https://doi.org/10.1016/j.eswa.2010.02.110.Google Scholar
  40. 40.
    Chen, C. L., Lee, C. C., & Hsu, C. Y. (2012). Mobile device integration of a fingerprint biometric remote authentication scheme. International Journal of Communication Systems, 25(5), 585–597.  https://doi.org/10.1002/dac.1277.Google Scholar
  41. 41.
    Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.  https://doi.org/10.1016/j.future.2012.03.017.Google Scholar
  42. 42.
    Khan, M. K., Kumari, S., & Gupta, M. K. (2014). More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing, 96(9), 793–816.  https://doi.org/10.1007/s00607-013-0308-2.Google Scholar
  43. 43.
    Galdi, C., Nappi, M., & Dugelay, J. L. (2016). Multimodal authentication on smartphones: Combining iris and sensor recognition for a double check of user identity. Pattern Recognition Letters, 82, 144–153.  https://doi.org/10.1016/j.patrec.2015.09.009.Google Scholar
  44. 44.
    Islam, S. H., & Biswas, G. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898.  https://doi.org/10.1016/j.jss.2011.06.061.Google Scholar
  45. 45.
    Sun, H. M., & Leu, M. C. (2009). An efficient authentication scheme for access control in mobile pay-TV systems. IEEE Transactions on Multimedia, 11(5), 947–959.  https://doi.org/10.1109/TMM.2009.2021790.Google Scholar
  46. 46.
    Yang, X., Huang, X., & Liu, J. K. (2016). Efficient handover authentication with user anonymity and untraceability for mobile cloud computing. Future Generation Computer Systems, 62, 190–195.  https://doi.org/10.1016/j.future.2015.09.028.Google Scholar
  47. 47.
    Liu, J., Zhang, Z., Chen, X., & Kwak, K. S. (2014). Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Transactions on Parallel and Distributed Systems, 25(2), 332–342.  https://doi.org/10.1109/TPDS.2013.145.Google Scholar
  48. 48.
    Guo, L., Zhang, C., Sun, J., & Fang, Y. (2014). A privacy-preserving attribute-based authentication system for mobile health networks. IEEE Transactions on Mobile Computing, 13(9), 1927–1941.  https://doi.org/10.1109/TMC.2013.84.Google Scholar
  49. 49.
    Sun, J., Zhang, R., Zhang, J., & Zhang, Y. (2014). Touchin: Sightless two-factor authentication on multi-touch mobile devices. In 2014 IEEE conference on communications and network security (pp. 436–444). IEEE.  https://doi.org/10.1109/CNS.2014.6997513.
  50. 50.
    Wu, T. Y., & Tseng, Y. M. (2010). An efficient user authentication and key exchange protocol for mobile client-server environment. Computer Networks, 54(9), 1520–1530.  https://doi.org/10.1016/j.comnet.2009.12.008.Google Scholar
  51. 51.
    Chen, C. M., Wang, K. H., Wu, T. Y., Pan, J. S., & Sun, H. M. (2013). A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Transactions on Information Forensics and Security, 8(8), 1318–1330.  https://doi.org/10.1109/TIFS.2013.2270106.Google Scholar
  52. 52.
    Jeong, Y. S., Park, J. S., & Park, J. H. (2015). An efficient authentication system of smart device using multi factors in mobile cloud service architecture. International Journal of Communication Systems, 28(4), 659–674.  https://doi.org/10.1002/dac.2694.Google Scholar
  53. 53.
    Clarke, N., & Furnell, S. (2007). Advanced user authentication for mobile devices. Computers & Security, 26(2), 109–119.  https://doi.org/10.1016/j.cose.2006.08.008.Google Scholar
  54. 54.
    Clarke, N. L., & Furnell, S. M. (2006). Authenticating mobile phone users using keystroke analysis. International Journal of Information Security, 6(1), 1–14.  https://doi.org/10.1007/s10207-006-0006-6.Google Scholar
  55. 55.
    Crawford, H., Renaud, K., & Storer, T. (2013). A framework for continuous, transparent mobile device authentication. Computers & Security, 39, 127–136.  https://doi.org/10.1016/j.cose.2013.05.005.Google Scholar
  56. 56.
    Abate, A. F., Nappi, M., & Ricciardi, S. (2017). I-Am: Implicitly authenticate Me person authentication on mobile devices through ear shape and arm gesture. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 13, 1.  https://doi.org/10.1109/TSMC.2017.2698258.Google Scholar
  57. 57.
    Arteaga-Falconi, J. S., Al Osman, H., & El Saddik, A. (2016). ECG authentication for mobile devices. IEEE Transactions on Instrumentation and Measurement, 65(3), 591–600.  https://doi.org/10.1109/TIM.2015.2503863.Google Scholar
  58. 58.
    Kang, S. J., Lee, S. Y., Cho, H. I., & Park, H. (2016). ECG authentication system design based on signal analysis in mobile and wearable devices. IEEE Signal Processing Letters, 23(6), 805–808.  https://doi.org/10.1109/LSP.2016.2531996.Google Scholar
  59. 59.
    Holz, C., Buthpitiya, S., & Knaust, M. (2015). Bodyprint: Biometric user identification on mobile devices using the capacitive touchscreen to scan body part. In Proceedings of the 33rd annual ACM conference on human factors in computing systems—CHI ’15 (pp. 3011–3014). NY, USA: ACM Press.  https://doi.org/10.1145/2702123.2702518.
  60. 60.
    Saevanee, H., Clarke, N., Furnell, S., & Biscione, V. (2015). Continuous user authentication using multi-modal biometrics. Computers & Security, 53, 234–246.  https://doi.org/10.1016/j.cose.2015.06.001.Google Scholar
  61. 61.
    Hoang, T., Choi, D., & Nguyen, T. (2015). Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme. International Journal of Information Security, 14(6), 549–560.  https://doi.org/10.1007/s10207-015-0273-1.Google Scholar
  62. 62.
    Chen, Y., Sun, J., Zhang, R., & Zhang, Y. (2015). Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices. In 2015 IEEE conference on computer communications (pp. 2686–2694). IEEE.  https://doi.org/10.1109/INFOCOM.2015.7218660.
  63. 63.
    Seto, J., Wang, Y., & Lin, X. (2015). User-habit-oriented authentication model: Toward secure, user-friendly authentication for mobile devices. IEEE Transactions on Emerging Topics in Computing, 3(1), 107–118.  https://doi.org/10.1109/TETC.2014.2379991.Google Scholar
  64. 64.
    Meng, Y., Wong, D. S., Schlegel, R., & Kwok, L. f. (2013). Touch gestures based biometric authentication scheme for touchscreen mobile phones. In International conference on information security and cryptology (pp. 331–350). Berlin: Springer.  https://doi.org/10.1007/978-3-642-38519-3_21.
  65. 65.
    Sae-Bae, N., Ahmed, K., Isbister, K., & Memon. N. (2012). Biometric-rich gestures. In Proceedings of the 2012 ACM annual conference on human factors in computing systems—CHI ’12 (p. 977). NY, USA: ACM Press.  https://doi.org/10.1145/2207676.2208543.
  66. 66.
    Feng, T., Liu, Z., Kwon, K. A., Shi, W., Carbunar, B., Jiang, Y., & Nguyen, N. (2012). Continuous mobile authentication using touchscreen gestures. In 2012 IEEE conference on technologies for homeland security (pp. 451–456). IEEE.  https://doi.org/10.1109/THS.2012.6459891.
  67. 67.
    Maiorana, E., Campisi, P., González-Carballo, N., & Neri, A. (2011). Keystroke dynamics authentication for mobile phones. In Proceedings of the 2011 ACM symposium on applied computing—SAC ’11 (p. 21). NY, USA: ACM Press.  https://doi.org/10.1145/1982185.1982190.
  68. 68.
    Chang, T. Y., Tsai, C. J., & Lin, J. H. (2012). A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices. Journal of Systems and Software, 85(5), 1157–1165.  https://doi.org/10.1016/j.jss.2011.12.044.Google Scholar
  69. 69.
    Tasia, C. J., Chang, T. Y., Cheng, P. C., & Lin, J. H. (2014). Two novel biometric features in keystroke dynamics authentication systems for touch screen devices. Security and Communication Networks, 7(4), 750–758.  https://doi.org/10.1002/sec.776.Google Scholar
  70. 70.
    Kambourakis, G., Damopoulos, D., Papamartzivanos, D., & Pavlidakis, E. (2016). Introducing touchstroke: Keystroke-based authentication system for smartphones. Security and Communication Networks, 9(6), 542–554.  https://doi.org/10.1002/sec.1061.Google Scholar
  71. 71.
    Kim, D. S., & Hong, K. S. (2008). Multimodal biometric authentication using teeth image and voice in mobile environment. IEEE Transactions on Consumer Electronics, 54(4), 1790–1797.  https://doi.org/10.1109/TCE.2008.4711236.Google Scholar
  72. 72.
    Frank, M., Biedert, R., Ma, E., Martinovic, I., & Song, D. (2013). Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security, 8(1), 136–148.  https://doi.org/10.1109/TIFS.2012.2225048.Google Scholar
  73. 73.
    Mahbub, U., Patel, V. M., Chandra, D., Barbello, B., & Chellappa, R. (2016). Partial face detection for continuous authentication. In 2016 IEEE international conference on image processing (pp. 2991–2995). IEEE.  https://doi.org/10.1109/ICIP.2016.7532908.
  74. 74.
    Sharaf-Dabbagh, Y., & Saad, W. (2016). On the authentication of devices in the Internet of things. In 2016 IEEE 17th international symposium on a world of wireless, mobile and multimedia networks (pp. 1–3). IEEE.  https://doi.org/10.1109/WoWMoM.2016.7523532.
  75. 75.
    Richard, Yu F, Tang, H., Leung, V. C. M., Liu, J., & Lung, C. H. (2008). Biometric-based user authentication in mobilead hoc networks. Security and Communication Networks, 1(1), 5–16.  https://doi.org/10.1002/sec.6.Google Scholar
  76. 76.
    He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.  https://doi.org/10.1016/j.adhoc.2012.01.002.Google Scholar
  77. 77.
    He, D., Kumar, N., Shen, H., & Lee, J. H. (2016). One-to-many authentication for access control in mobile pay-TV systems. Science China Information Sciences, 59(5), 052108.  https://doi.org/10.1007/s11432-015-5469-5.Google Scholar
  78. 78.
    Islam, S. H., & Khan, M. K. (2016). Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. International Journal of Communication Systems, 29(17), 2442–2456.  https://doi.org/10.1002/dac.2847.Google Scholar
  79. 79.
    Wu, L., Zhang, Y., Xie, Y., Alelaiw, A., & Shen, J. (2017). An efficient and secure identity-based authentication and key agreement protocol with user anonymity for mobile devices. Wireless Personal Communications, 94(4), 3371–3387.  https://doi.org/10.1007/s11277-016-3781-z.Google Scholar
  80. 80.
    Almuairfi, S., Veeraraghavan, P., & Chilamkurti, N. (2013). A novel image-based implicit password authentication system (IPAS) for mobile and non-mobile devices. Mathematical and Computer Modelling, 58(1–2), 108–116.  https://doi.org/10.1016/j.mcm.2012.07.005.Google Scholar
  81. 81.
    Shi, L., Li, M., Yu, S., & Yuan, J. (2013). BANA: Body area network authentication exploiting channel characteristics. IEEE Journal on Selected Areas in Communications, 31(9), 1803–1816.  https://doi.org/10.1109/JSAC.2013.130913.Google Scholar
  82. 82.
    De Marsico, M., Galdi, C., Nappi, M., & Riccio, D. (2014). FIRME: Face and iris recognition for mobile engagement. Image and Vision Computing, 32(12), 1161–1172.  https://doi.org/10.1016/j.imavis.2013.12.014.Google Scholar
  83. 83.
    Shahandashti, S. F., Safavi-Naini, R., & Safa, N. A. (2015). Reconciling user privacy and implicit authentication for mobile devices. Computers & Security, 53, 215–233.  https://doi.org/10.1016/j.cose.2015.05.009.Google Scholar
  84. 84.
    Khamis, M., Alt, F., Hassib, M., von Zezschwitz, E., Hasholzner, R., & Bulling, A. (2016). Gazetouchpass. In Proceedings of the 2016 CHI conference extended abstracts on human factors in computing systems—CHI EA ’16 (pp. 2156–2164). NY, USA: ACM Press.  https://doi.org/10.1145/2851581.2892314.
  85. 85.
    Shahzad, M., Liu, A. X., & Samuel, A. (2017). Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Transactions on Mobile Computing, 16(10), 2726–2741.  https://doi.org/10.1109/TMC.2016.2635643.Google Scholar
  86. 86.
    Hankerson, D., Menezes, A. J., & Vanstone, S. (2006). Guide to elliptic curve cryptography. Berlin: Springer.Google Scholar
  87. 87.
    Ferrag, M. A., Maglaras, L., Argyriou, A., Kosmanos, D., & Janicke, H. (2018). Security for 4G and 5G cellular networks: A survey of existing authentication and privacy-preserving schemes. Journal of Network and Computer Applications, 101, 55–82.  https://doi.org/10.1016/j.jnca.2017.10.017.Google Scholar
  88. 88.
    Ferrag, M. A., Maglaras, L. A., Janicke, H., Jiang, J., & Shu, L. (2018). A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustainable Cities and Society, 38, 806–835.Google Scholar
  89. 89.
    Wang, D., He, D., Wang, P., & Chu, C. H. (2014). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.Google Scholar
  90. 90.
    Li, X., Niu, J., Kumari, S., Wu, F., & Choo, K. K. R. (2018). A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Generation Computer Systems, 83, 607–618.  https://doi.org/10.1016/j.future.2017.04.012.Google Scholar
  91. 91.
    Li, W., Gu, Q., Zhao, Y., & Wang, P. (2017). Breaking two remote user authentication systems for mobile devices. In 2017 IEEE 3rd international conference on big data security on cloud (bigdatasecurity), IEEE international conference on high performance and smart computing, IEEE international conference on intelligent data and security (pp. 37–42). IEEE.  https://doi.org/10.1109/BigDataSecurity.2017.34.
  92. 92.
    Jia, Z., Zhang, Y., Shao, H., Lin, Y., & Wang, J. (2006). A remote user authentication scheme using bilinear pairings and ECC. In Sixth international conference on intelligent systems design and applications (Vol. 2, pp. 1091–1094). IEEE.  https://doi.org/10.1109/ISDA.2006.253764.
  93. 93.
    Wang, D., Li, W., & Wang, P. (2018). Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 14(9), 4081–4092.Google Scholar
  94. 94.
    Wang, D., & Wang, P. (2016). Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Transactions on Dependable and Secure Computing, 15(4), 708–722.Google Scholar
  95. 95.
    Wang, D., Gu, Q., Cheng, H., & Wang, P. (2016). The request for better measurement: A comparative evaluation of two-factor authentication schemes. In Proceedings of the 11th ACM on Asia conference on computer and communications security (pp. 475–486). ACM.Google Scholar
  96. 96.
    Zhang, Q., Li, H., Sun, Z., & Tan, T. (2018). Deep feature fusion for iris and periocular biometrics on mobile devices. IEEE Transactions on Information Forensics and Security, 13(11), 2897–2912.Google Scholar
  97. 97.
    Samangouei, P., Patel, V. M., & Chellappa, R. (2017). Facial attributes for active authentication on mobile devices. Image and Vision Computing, 58, 181–192.  https://doi.org/10.1016/j.imavis.2016.05.004.Google Scholar
  98. 98.
    Wu, L., Wang, J., Choo, K. K. R., & He, D. (2018). Secure key agreement and key protection for mobile device user authentication. IEEE Transactions on Information Forensics and Security, 14(2), 319–330.Google Scholar
  99. 99.
    Sitova, Z., Sedenka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., et al. (2016). HMOG: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security, 11(5), 877–892.  https://doi.org/10.1109/TIFS.2015.2506542.Google Scholar
  100. 100.
    Fridman, L., Weber, S., Greenstadt, R., & Kam, M. (2017). Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Systems Journal, 11(2), 513–521.  https://doi.org/10.1109/JSYST.2015.2472579.Google Scholar
  101. 101.
    Boechat, G. C., Ferreira, J. C., & Carvalho Filho, E. C. B. (2007). Authentication personal. In 2007 international conference on intelligent and advanced systems (pp. 254–256). IEEE.  https://doi.org/10.1109/ICIAS.2007.4658385.
  102. 102.
    Gragnaniello, D., Sansone, C., & Verdoliva, L. (2015). Iris liveness detection for mobile devices based on local descriptors. Pattern Recognition Letters, 57, 81–87.  https://doi.org/10.1016/j.patrec.2014.10.018.Google Scholar
  103. 103.
    Feng, Q., He, D., Zeadally, S., Kumar, N., & Liang, K. (2018). Ideal lattice-based anonymous authentication protocol for mobile devices. IEEE Systems Journal, 99, 1–11.Google Scholar
  104. 104.
    McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., et al. (2008). Openflow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.Google Scholar
  105. 105.
    Doria, A., Salim, J. H., Haas, R., Khosravi, H., Wang, W., Dong, L., Gopal, R., & Halpern, J. (2010). Forwarding and control element separation (forces) protocol specification. Technical report.Google Scholar
  106. 106.
    Wang, D., Cheng, H., He, D., & Wang, P. (2016). On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Systems Journal, 12(1), 916–925.Google Scholar
  107. 107.
    Truong, T. T., Tran, M. T., & Duong, A. D. (2012). Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In 2012 26th international conference on advanced information networking and applications workshops (pp. 698–703). IEEE.Google Scholar
  108. 108.
    Li, X., Zhang, Y., Liu, X., Cao, J., & Zhao, Q. (2012). A lightweight roaming authentication protocol for anonymous wireless communication. In 2012 IEEE global communications conference (GLOBECOM) (pp. 1029–1034). IEEE.Google Scholar
  109. 109.
    Zhang, G., Fan, D., Zhang, Y., Li, X., & Liu, X. (2015). A privacy preserving authentication scheme for roaming services in global mobility networks. Security and Communication Networks, 8(16), 2850–2859.Google Scholar
  110. 110.
    Wang, Z. (2017). An identity-based data aggregation protocol for the smart grid. IEEE Transactions on Industrial Informatics, 13(5), 2428–2435.Google Scholar
  111. 111.
    Wang, Z. (2018). A privacy-preserving and accountable authentication protocol for IoT end-devices with weaker identity. Future Generation Computer Systems, 82, 342–348.Google Scholar
  112. 112.
    Chen, C. L. (2008). A secure and traceable E-DRM system based on mobile device. Expert Systems with Applications, 35(3), 878–886.  https://doi.org/10.1016/j.eswa.2007.07.029.Google Scholar
  113. 113.
    Android malware defeats two-factor authentication (2016). Retrieved March 11, 2018, from https://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/.
  114. 114.
    Android banking trojan masquerades as flash player and bypasses 2fa (2016). Retrieved March 11, 2018, from https://thestack.com/security/2016/01/18/android-malware-defeats-two-factor-authentication/.
  115. 115.
    Unhackable computer under development with 3.6m darpa grant (2018). Retrieved March 11, 2018, from http://ns.umich.edu/new/releases/25336-unhackable-computer-under-development-with-3-6m-darpa-grant.
  116. 116.
    Maglaras, L. A., & Jiang, J. (2014). Ocsvm model combined with k-means recursive clustering for intrusion detection in scada systems. In 2014 10th international conference on heterogeneous networking for quality, reliability, security and robustness (QShine) (pp. 133–134). IEEE.Google Scholar
  117. 117.
    Dewa, Z., & Maglaras, L. A. (2016). Data mining and intrusion detection systems. International Journal of Advanced Computer Science and Applications, 7(1), 62–71.Google Scholar
  118. 118.
    Li, B., Lu, R., Wang, W., & Choo, K. K. R. (2017). Distributed host-based collaborative detection for false data injection attacks in smart grid cyber-physical system. Journal of Parallel and Distributed Computing, 103, 32–41.Google Scholar
  119. 119.
    Nguyen, V. G., Brunstrom, A., Grinnemo, K. J., & Taheri, J. (2017). SDN/NFV-based mobile packet core network architectures: A survey. IEEE Communications Surveys & Tutorials, 19(3), 1567–1602.Google Scholar
  120. 120.
    Maglaras, L., Ferrag, M. A., Derhab, A., Mukherjee, M., & Janicke, H. (2019). Cyber security: From regulations and policies to practice. In A. Kavoura, E. Kefallonitis, & A. Giovanis (Eds.), Strategic innovative marketing and tourism (pp. 763–770). Berlin: Springer.Google Scholar
  121. 121.
    Harrison, S., Tzounis, A., Maglaras, L. A., Siewe, F., Smith, R., & Janicke, H. (2016). A security evaluation framework for UK e-goverment services agile software development. arXiv preprint arXiv:1604.02368.

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceGuelma UniversityGuelmaAlgeria
  2. 2.School of Computer Science and InformaticsDe Montfort UniversityLeicesterUK
  3. 3.General Secretariat of Digital PolicyAthensGreece
  4. 4.Center of Excellence in Information Assurance (CoEIA)King Saud UniversityRiyadhSaudi Arabia

Personalised recommendations