A survey of continuous and transparent multibiometric authentication systems
Curran Associates Inc.
Security Research Institute
he advancement of technologies and the increasing number of users utilising them has given rise to a significant concern over protecting them from misuse. The integral aim of any IT system is to safeguard resources against any illegitimate access and authentication is the cornerstone to enabling this. Arguably, existing user authentication approaches have not adequately advanced proportionally with the advancement of digital devices technologies. The majority of implementations also operate merely at point-of-entry, providing little consideration to on-going identity confidence, leaving the system susceptible to misuse. Research has proposed continuous authentication as an alternative that can provide additional security, albeit introducing an additional burden upon the user if not implemented considerately. A range of studies have been proposed to overcome these downsides without compromising the user convenience by continuously and transparently authenticating the user throughout. This paper performs a survey and critical analysis of the domain, in particular focussing upon the role that multibiometrics has and its viability in practice. Studies have found that a variety of biometrics techniques have been investigated including physiological only, behavioural only and both, with the addition of soft biometrics or even passwords, rendering them not to be completely transparent thereby suffering from intrusive authentication drawbacks. The operational context also varies, including PC, mobile, wearable, various devices, and the Internet/cloud. Therefore, it is evident that there is a lack of anempirical solution that can be accomplished seamlessly in a location, technology and service independent fashion. With respect to performance, many studies never undertook an evaluation; others declared heterogeneous metrics, making a comparison implausible. Despite the fact that most of the studies deployed an identity confidence/trust adaptation, a small proportion of them associated it to the differing risk level of a particular data, action, or service. It is perceived that the success of a particular mechanism has the merit of ensuring an effective authentication method together with user acceptance. However, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. Furthermore, all these requirements should be implemented and evaluated extensively on real data in order to prove that such a system is viable, including its acceptability and usability.