Upload
courtney-dayter
View
261
Download
0
Embed Size (px)
Citation preview
Running Head: CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW?
Cell Phones and Biometrics: Where Are They Now?
Courtney Dayter
Chestnut Hill College
Philadelphia PA
A Thesis Presented To
Chestnut Hill College
In Partial Fulfillment
Of the Requirements for
Honors in Digital Forensics
April 20, 2015
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 2
DIRECTOR ______________________________________________Pamela King
READER _______________________________________________Sister Lisa Olivieri, SSJ, PhD
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 3
Abstract
This paper explores biometrics and cell phones from their history to their
implementation. It provides a definition for biometrics and discusses different types of
biometrics that can be used on cell phones. It works to explain the need for biometrics on cell
phones. Research is done to find user contact with biometrics and their use of security. It found
that a majority of users have had exposure to biometrics. The paper also inquires about the issues
researchers and users are facing with the implementation of biometrics. In doing so, the research
compares facial recognition technology to fingerprint technology on the Samsung Galaxy S4 and
the Apple iPhone 5s to find the effectiveness. The research finds that the biometrics implemented
on the iPhone 5s had better efficiency rates and was less susceptible to false positives than the
Galaxy. However, the research varies when it comes to voice recognition as the Galaxy’s
technology succeeded against the iPhone. These results are found through the use of a study and
a survey at Chestnut Hill College.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 4
Introduction
Biometrics has been examined and accepted as a possible solution for device security.
Biometrics is the use of technology to verify and identify individuals based on their biological
features or characteristics (Hopkins, 1999). There are many different types of biometrics that
could be implemented on cell phones including gait recognition, fingerprint authentication, facial
and iris recognition. The research suggests that these forms of biometrics could be successfully
implemented on cell phones if researchers could fix the current flaws and build on current
knowledge and technologies. However, researchers, law enforcement and users alike need to find
a common ground on standards for privacy with regards to biometrics. The biometric
information needs to have the same level of protection as the information it is safeguarding. If
the solution to these issues can be found research shows that biometrics could soon become
widely used on cell phones.
Biometrics
Definition of Biometrics
Hopkins (1999) defined biometrics as “the application of computational methods to
biological features, especially with regard to the study of unique biological characteristics”.
Hopkins continued to define both identification and verification with relation to the use of
biometrics. Hopkins described verification as asking the question “Am I who I say I am?’ and
identification as the broader question of “Who am I?” Hopkins explained how modern biometric
technology is already used for verification and identification of individuals and could potentially
be used elsewhere. By breaking down the steps of identifying and verifying users on cell phones
it provides insight into the implementation and use of biometrics.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 5
Pocovnicu (2009) also worked to address what biometrics is and how engineers can
incorporate biometrics into cell phones in his article “Biometric Security for Cell Phones.”
Pocovnicu described biometrics as the science and technology used to uniquely identify
individuals based on their physical, chemical or behavioral traits. He discussed the pros and cons
of each different type of biometric that can be used in cell phones. Pocovnicu explained how one
of the benefits of biometric systems is that they offer a convenient way to secure private
information. One of the drawbacks that Pocovnicu discussed was the cost of biometrics systems.
Kwapisz, Weiss and Moore (2010) defined biometrics as a form of security that uses a
person’s traits to identify them. Kwapisz, Weiss and Moore discussed Android-based cell phones
to show how their accelerometer data could be used to identify or authenticate cell phone users.
Accelerometer data is information about a person’s movements that comes from the
accelerometer technology within the cell phone.
Types of biometrics
Researchers have done studies on the different types of biometrics that can be used to
secure cell phones. Kwapisz, Weiss and Moore (2010) discussed work that allows for
identification and authentication to occur unobtrusively. This type of verification provides data
security by behavioral biometric identification that recognizes users’ daily activities. This
method doesn’t require the user to take any extra actions besides carry their cell phones. One
particular non-intrusive way discussed by Gafurov (2007) is gait biometric user identification.
However, Gafurov (2007) did note that gait should not be considered as a replacement for
traditional authentication but rather complementary.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 6
Many commonly known biometrics can be used in cell phones. Shuo Wang and Jing Liu
(2011) worked differently from the other researchers by discussing the physiological and
behavioral traits including fingerprint, iris and voice. Shou Wang and Jing Liu (2011) attempted
to show that these traits can be accessed on a mobile phone just as they are in other places. For
example, “Fingerprint biometric has been adopted widely for access control in places requiring
high levels of security” and could be utilized on a phone (Wang & Liu, 2011). Jian Lai and Pong
Yuen (2006) in their article “Face and Eye Detection from head and shoulder image on mobile
devices” also worked to address facial and eye detection on mobile devices. They examined the
functionality of cell phones to implement biometrics for security. Lai and Yuen (2006) look to
see how the processor speed, storage and images could be used for face and eye detection.
Implementing Biometrics on Cell Phones
A biometric system is intended to follow steps of operation. Gafurov (2007) the author of
“A survey of biometric gait recognition” outlined the steps of operation as “1) capture biometric
sample of the person, 2) extract set of relevant features from captured sample, 3) and compare
the extracted feature set against the template set in the database”. He argues that these steps are
used for verification which seeks to find “Am I who I claim I am?” Hopkins (2010) agrees with
this in his article “An Intro to Biometrics and Large Scale Civilian Identification” when he stated
that biometrics is used for verification more than identification. However, Gafurov argued that
the intended steps stated above for biometric systems are not perfect and have errors. The two
types of errors with biometric systems are false accept rate (FAR) and false reject rate (FRR).
These errors wrongfully accept or reject users. Gafurov argues FAR and FRR are just two of the
issues researchers face in trying to implement gait.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 7
Many other researchers have studied biometric systems and their implementation
problems. Pocovnicu (2009) outlines a biometrics system as a sensor unit, processing unit,
database unit and a matching unit. He continued to discuss the issues with making the different
units work on a cell phone. In particular he examined facial recognition and fingerprint
recognition. Pocovincu found many issues with the technologies available for implementation of
facial recognition which will be discussed. Pocovincu is not alone; other researchers have
explored the implementation issues of facial recognition as well as issues with gait recognition,
iris detection, voice recognition and fingerprint authentication which will be explored in the
following sections.
Gait Recognition
Gafurov (2007) presents the approaches to implementing gait by presenting the different
categories of gait used to verify and identify a person by using their walking style. There are
three different gait categories which include machine vision, floor sensor and wearable sensor
gait recognition. He argued that only wearable sensor gait recognition would be used in cell
phones. His work done using MR sensor placed on different parts of the body including waist,
ankle, and hand showed recognition rates of up to 86.3 percent. He presented the idea that if the
sensor was placed in a book bag the gait recognition would be altered and fairly inaccurate.
However, Gafurov wasn’t able to test his methodology on cell phones as they lacked the
technologies needed to implement gait.
Gonzalo Bailador Del Pozo (2012) did test gait recognition on cell phones. He found the
accelerator in new generation phones is capable of capturing gait and worked on an experiment
that tested the accuracy of gait recognition at varying speeds. Similarly, Derawi (2012) also
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 8
researched the implementation of gait and its effectiveness. He focused on the different activities
a person performs and the ability of different accelerators to capture and recognize them
accurately. Derawi also addressed the need for accurate databases that are able to authenticate
the information captured by the accelerators.
Both Del Pozo and Gafurov’s work showed there is a possibility of using gait but stated
more work needs to be done. Gafurov (2007) argued that there are still too many factors that can
negatively affect the accuracy of gait recognition systems. He believes that gait should be used as
a complementary biometric as studies have shown it is not robust against impersonation attacks.
Del Pozo (2012) agreed by stating that for now gait could be used for non-critical security and is
suitable for smartphones. However, he argued that gait identification is at the stage where it
performs only one comparison and could be improved. For Derawi the improvements should be
made in data acquisition and the sensitivity of the accelerator.
Voice Recognition
One of the oldest forms of biometrics is voice recognition. Voice recognition technology
is defined as the technology that enables a machine or computer program to receive and interpret
dictation or to understand and carry out spoken commands (Singh 2011). According to Zumalt
(2005), voice recognition technologies can be traced back to James Baker in the late 1970s. His
first software, Dragon Dictate, was developed and released in the early 1990s. Since the turn of
the century, Zumbalt listed multiple companies that have been working on voice recognition
technologies (VRT) including Microsoft and IBM. According to Clark (2014), many forms of
VRT exist in today’s market, including most notably Siri and Xbox. However, he argued that
recent breakthroughs could lead to more competent machines and better systems. Similarly,
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 9
Singh (2011) wrote about the current limitations of VRT. Singh discussed the impact of accents
on word recognition accuracy as well as effective implementation and timely troubleshooting
challenges.
Voice Recognition has already been implemented and used on many cell phones within
their applications. The authors of, “Inner Voice”, (2013) focused on how IBM discussed that the
acoustics of a user's voice can be analyzed while many other technologies including Siri, an
Apple application specializing in VRT, focus on word recognition. Similarly, Palenchar (2006)
discussed how these preinstalled technologies could be used to focus on security. He stated that
VRT could create a safer environment and even be used in applications such as mobile banking.
However, VRT still have room for improvement. According to Clark (2014), this technologies
are being innovated daily and improving at rapid speeds.
Fingerprint Authentication
Fingerprints fulfill the “something you are” requirement of multi-factor security (Miller
2013) and could become increasingly used in cell phones. A person’s fingerprint is unique and
can be used as a form of identification (Derawi 2012). Fingerprint recognition systems have
already been implemented into cell phones (Pocovnicu 2009). Pocovnicu mentioned the use of
AuthenTec fingerprint recognition biometric systems in the Lenovo P960 phone as an example
of the implementation of biometrics in cell phones. Similarly, Bhutani (2013) discussed in his
article “No to Fingerprint Security System” the establishment of the Touch ID fingerprint
scanner used in the iPhone 5s. He examined how Touch ID worked by using capacitive sensors
to verify a match between two human fingerprints. The capacitive sensors generate an image of
the depressions and elevations that make each fingerprint unique by sensing electrical currents.
However, he argued that the problems do exist with Touch ID even though it is already used by
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 10
users. According to Bhutani, these problems are the ability to hack the system and its failure to
correctly identify the user.
Research has also been done to examine fingerprint identification using cameras.
According to Derawi (2012), that camera images could be used to compare two separate
fingerprints to determine if they match. However, he found issues with the cell phone cameras
ability to capture images of fingerprints. He stated that the biggest problem is the different lens
types and the low megapixel resolution of cell phone cameras. He worked to find solutions for
the use of cell phone images to identify fingerprints by creating and experimenting with new
algorithms. These algorithms would work with the distortion of images. However, Derawi stated
that the creation of these algorithms is a time consuming task that still needs to be further
researched.
Facial and Iris Recognition
Facial and iris recognition are both done through the use of images. Shuo Wang and Jing
Liu (2011) argued that the image acquisition and processing capabilities of mobile phones could
be used for iris detection. However, they faced challenges with implementing iris biometrics due
to the image quality. Similarly, Byung Jun Kang (2010) found that performance can be degraded
by cell phone cameras due to changing brightness and contrast values. Byung Jun argues that
quality assessment is one of the most essential parts in using iris detection. Lai and Yuen (2006)
worked to address this problem by evaluating 2158 head and shoulder images to find that the
accuracy of iris detection is 97 percent. Similarly, Wang and Liu found an algorithm that could
be used on cell phones to detect both the iris and the pupil despite image quality. They identified
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 11
an algorithm as a mathematical formula that computes and compares the features in an image to
the database.
Much like iris detection, researchers have found that quality of images taken with a cell
phone camera is not adequate for facial detection. Lai and Yuen (2006) said that color
information and the facial boundaries from the pictures can affect the accuracy of facial
recognition. According to Lai and Yuen, images of good quality can result in a 98 percent
accuracy rate. Wang and Liu (2011) agreed in finding that facial recognition has a high accuracy
rating. Despite the accuracy, Wang and Liu (2011) have found that facial recognition is a
biometric technique with an average user preference. The problem Wang and Liu found to be the
most inconvenient is that facial recognition does have higher error rates than iris or finger
biometrics. These errors need to be eliminated to implement facial and iris recognition on cell
phones and gain user acceptance. This is true for all forms of biometrics.
Cell Phones and Privacy
The cell phone industry has grown in recent years. According to Hall (2013), “91 percent
of American adults own a cellphone, and within that group, 60 percent own smartphones”.
Similarly, the United Nations did a study that reported more people in the world have cell phones
than toilets. According to the U.N. report, six of the world’s seven billion people have mobile
phones and only 4.5 billion have a toilet necessary for sanitation (Worstall, 2013). With the mass
number of cell phone users the need to secure them is ever present. The solution to securing them
could be biometrics.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 12
Need for Cell Phone Biometrics
In these ever changing times the use of cell phones has increased and the need for
securing them is ever present. In his article “Adaptive and Flexible Smartphone Power
Modeling”, Nacci (2013) discussed the establishment of a market for smartphones and how the
popularity of cell phones has increased the amount of security threats. Nacci stated that mobile
devices are “used to store user-centric sensitive information (e.g., contacts, credentials) or,
worse, to perform financial transactions” and that they are an appealing target for modern day
criminals. Leavitt (2013) furthers Nacci’s argument when he stated the need for security of
mobile devices for the benefit of companies. Leavitt stated that personal devices can result in
security breaches and risks because they access company data and networks without being
controlled or monitored. He addressed the need for data security with the increasing number of
device vulnerabilities. Leavitt stated “almost 90 percent of mobile applications tested had one of
more security flaws”.
The article “Biometrics on Mobile Phones” by Shuo Wang and Jing Liu (2011) also
discussed the sophisticated capabilities of cell phones which make them worth high security
levels. Wang and Liu discussed the point that although cell phones are equipped with PIN, most
users prefer to apply biometrics. They stated that 36 percent of people do not even use a
password on their phone but they would consider biometrics. Biometrics would add strong
security to mobile phones that will facilitate trustworthy electronic methods for commerce,
financial transactions and medical services. Similarly, Miller (2013) describes that the world is
rapidly changing and people are carrying out personal business in new ways. According to
Miller, the Internet has allowed for electronic commerce and social networking and the
widespread use of cell phones is at fault.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 13
The increasing capabilities of cell phones and access to the Internet have created a need
for trusted communications. Miller (2013) discusses the use of multifactor authentication to build
trusted communications. He uses the “five-factor” approach for the strong authentication. Miller
(2013) states the “five-factor approach” which requires having “something you know,”
“something you have,” “something you are” with regards to physical features, “something you
are” that is location based and “something you trust,” will ensure protection of individuals and
financial institutions.
Cell Phone Capabilities
Cellular devices and mobile technologies can be traced back to the first phone call in
1946. This began the age of the development of cell phones. Cell phones originated as devices
used for the sole purpose of making phone calls (AT&T Labs, 2014). This changed on December
3, 1992 when the first text message was sent from Neil Papworth’s computer to Richard Jarvis
on his Orbitel 901 mobile phone (Arthur, 2012). According to Arthur, Nokia’s mobile phone was
the first to send a text message from a phone in 1993. This soon emerged as a new form of
communication. The popularity of text messages, technically referred to as SMS or short
message service, led to providers instituting a standard size at 128 bytes long (Arthur 2012). This
didn’t stop users from sending text messages as in 2011 it was found that over 145 billion text
messages were sent around the world. However, the use of text messages has begun to decline
due to the smartphone (Garratt & Poulter 2014).
In order to discuss smartphones it is important to realize their dependence on World Wide
Web (web) services. It wasn’t until the 1990s that web services became an option on a phone
(AT&T Labs, 2014). In the 1990s the 2G or “second generation” emerged with the development
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 14
of GSM and CDMA standards (Shakkottai, 2010). These standards led to the creation of
smartphones due to their use of digital transmissions and in 1998 media content became
available on mobile phones (AT&T Labs, 2014). In the late 1990s, the demand for data was
growing which led to 3G networks being launched in 2001 as the “next generation technology”
(Shakkottai, 2010.) According to Shakkottai, 3G systems enabled a transformation in the
industry. Frenzel (2006) refers to this transformation as the age of next-generation cell phones.
Next-generation cell phones are commonly known as smartphones. In the article “Who
are Smartphone Users?”, it stated that over 80 percent of American adults own a cell phone with
over 40 percent having access to the internet and web applications. According to Frenzel (2006),
a cell phone is an entertainment device as much as it is a phone. He stated that the next-
generation cell phones featured audio, games, video, television and email access. Similarly, the
article “Who are Smartphone Users?” discussed how phones offer a wide range of features
including access to the internet, music, and tools through applications. However, he argued that
the most important feature is the ability to access the internet.
Due to the growing smartphone use 3G networks became overwhelmed and the industry
created a 4th generation network (4G). The Long Term Evolution (LTE) standard was the first 4G
network to be released in 2009 with the intent to serve the high amount of users (Shakkottai,
2010). According to Frenzel (2006), the release was a year earlier than targeted. While many
users are only concerned about user features it is important to consider the hardware a cell phone
contains.
There are many different smartphones made by various companies in the market. The
phone that changed the smart phone world was the iPhone in 2007. Since then, phones and
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 15
processors have become smaller and faster while memory has grown (Siew Wei and Yau Yuen,
2014). According to Siew Wei and Yau Yuen (2014), the technical capabilities of cell phones
include acceleration sensors, light sensors, microphone, cameras and Global Positioning System
(GPS). All of the hardware makes smartphones capable of performing the necessary tasks and
storing information. This information includes videos, text messages, images, files, e-mails,
records, web history, call logs, locations, voicemail and contacts (AT&T Labs, 2014).
Password “Protection”
It can be argued that biometrics is a more secure form of a password. However, research
hasn’t been done on the ability of law enforcement to search a cell phone with biometrics.
Research has been done on the ability of police officers to search cell phones with passwords.
According to Gershowitz (2011), the search incident to arrest exception gave police broad
authority. He stated that the police’s authority allows them to search a cell phone even if it is
password protected. Essentially, police have been allowed to break passwords without the
owner’s consent and demand the password to be turned over by an arrestee without violating the
Fifth Amendment and Miranda Protections (Gershowitz, 2011).
In a separate article, Gershowitz (2011) argued that password protection hasn’t been
addressed in court. He stated that the courts and police alike have treated a cell phone as a
container. Police are permitted to try all of the keys on an arrestee’s keychain to find the one who
unlocks the glove compartment. Gershowitz believes courts will rule along the same lines as
their previous rulings. However, he argues the issue that remains is how long a police officer can
spend trying to crack to password or obtain the password.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 16
Cell Phone Theft
Law enforcement may not be the only people able to access a cell phone. Cell Phone theft
has become more common and places the cell phone as risk to being intruded. In the article
“Cellphone Theft”, Brown (2013) stated that smartphone and cellphone thefts made up 30
percent-40 percent of all robberies in major cities of the United States in 2011. Brown states that
stolen and lost phones cost American consumers $30 billion per year. Similarly, the Federal
Communications Commission reported that one out of three robberies in 2012 involved cell
phone theft ("Cell phones and," 2014).
The article “Cell Phones and Wireless Communications” reports cell phone theft as a
serious issue. Their concerns are mobile phones allow thieves to access email, contacts,
applications which may include banking ones or even confidential texts ("Cell phones and,"
2014). According to Brown (2013), these concerns have been answered by cell phone
manufacturers who have created kill switches to destroy cell phones. However, Glisson (2011)
argues that this is not enough and that even devices that evidence has been removed from still
contains personal information. Glisson proves his point by using mobile forensic toolkits to
examine re-sold cellphones. In all of the devices examined he found user information as well as
11,135 artifacts from a mere 49 devices. Glisson highlights the need to ensure personal data is
secure on cell phones in everyday life and cases of theft alike. Overall, it is believed that cell
phones contain data that may be accessed by people other than the owner. Glisson, Brown and
the author of “Cell Phones and Wireless Communications” believe that a solution needs to be
found to protect users.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 17
Privacy and Biometrics
Privacy is a major concern when it comes to biometrics. Biometrics requires the use of
personal identification methods to authenticate. However, users desire their biometric
information to be protected just as much as their data (Alterman, 2003). Alterman stated that the
ethical concern of implementing biometrics is concerned with the storing and sharing of
biometric identification information. He warned that technical errors could cause the release of
biometric information that would then allow access to the personal data associated with the ID.
Similarly, Mordini and Ottolini (2007) argued that the ethical issue lies within the security and
storage of biometric identity features in modern databases and on cell phones. She stated that
there is no way to guarantee complete protection of information due to technology failures.
According to Alterman (2003), technology failures aren’t the only concern. He argues
that sharing identification information with databases allow for hacking of personal information.
He states that people could easily get their hands on identification information through databases
used to authenticate biometrics. Bhutani (2013) addressed this issue in relation to TouchID. His
concern was that fingerprint information was shared across the cloud. De Capitani Di Vimercati
(2012) argues that this issue illustrates problems with data protection techniques that need to be
addressed to ensure data privacy.
Van der Ploeg (2005) argued differently stating the problem occurs before the collection
of physical features. He stated that rapid use of technologies is where the ethical issue lies. Van
der Ploeg believes that society should avoid “informatization” of the body. He argues that by not
disposing this valuable information people are able to protect themselves and secure their
privacy. Alterman (2003) agreed stating that voluntarily disposing information causes the ethical
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 18
issues to occur. He argued that while the ideal is to avoid exposing personal biometric
information to ensure anonymity it is unavoidable due to modern day technology.
Whether users choose to dispose their biometric information or they do not the research
shows that privacy is to be valued and society agrees. The belief is that personal identity is
valuable and individuals should protect it. According to Kizza, the general opinion on privacy is
that society has an ethical duty to protect their information as well as to protect the information
of others. However, Alterman stated there will always be people who act in an unethical manner
and that advances in technologies encourage their behavior. Regardless Barkhuus (2003) argues
that society is in control of their destiny and need to be aware of the impacts of their actions.
Testing and Comparing Biometric Methods
Facial recognition and fingerprint authentication are two different forms of biometrics
that have been implemented on cell phones. While they can be found on many devices their
capabilities are still being questioned. The research in this experiment will serve to answer: If
facial recognition technology and fingerprint technology were compared which one would prove
to be more efficient and have better success rates?
Test Methodology
In an effort to test facial recognition and fingerprint authentication, a study was set up
using two main stream smartphones, the Apple iPhone 5s and the Samsung Galaxy S4. The
Apple iPhone 5s was a black 16 gigabyte device running the iOS 8.1 operating system. The
Samsung Galaxy S4 was also a 16 gigabyte using the Android 4.4.2 operating system which is
also known as “KitKat.” Using these devices, the researcher and another student collaborated to
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 19
test the biometric applications they each offered. In doing so, the same plan was set in place to
use on each device even though the technologies differed.
The test plan consisted of a variety of tests in attempt to find the efficiency and false
positive rates in unlocking the device and accessing the information. For fingerprint
authentication, the first student would attempt to unlock the device 25 times using their right
thumb making this the control. The student then followed with 25 attempts using their right
pointer finger to see whether the device was able to detect different fingerprints and then 25
attempts with their left thumb trying to detect false positives. The final test was performed by the
second student who attempted 25 times with their thumb also trying to find false positives.
The procedure for facial recognition technologies was very similar to the one for
fingerprint authentication. Two students preformed tests attempting to unlock each phone. One
student attempted to unlock the phone using a blank face for 25 attempts and documenting the
results. She then made various faces for 25 times trying to determine if this would alter the
results. The next test has the other student attempt 25 times with their face in hopes of finding
false positives. The final test tried to unlock the phone using a picture of the first student for 25
times trying to see if the phone could detect the false positives.
Results and Discussion
The Samsung Galaxy S4 and the iPhone 5s both have different capabilities. For starters,
the Samsung Galaxy comes with facial recognition preinstalled as a security feature that
Samsung lists as “low security” and no fingerprint technologies. The opposite is true of the
iPhone 5s that comes preinstalled with touchID, a scanning device and application that is
considered the highest form of security on Apple devices, and no facial recognition technologies.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 20
However, in the perspective “App Stores” for each device, applications can be downloaded to
take advantage of both biometric technologies. On the iPhone 5s, the application “FastAccess
Face Recognition” received the best reviews for a facial recognition application in the “Apple
Store” therefore it was downloaded for use in the study. On the Galaxy S4, the application
“Fingerprint Screen Lock ICS” had received good reviews in “Google Play” therefore it was
downloaded to complete the applications needed to compare efficiency and false positive rates.
Using the selected applications for the study, the following chart shows the success of the
test plan for face recognition.
Control Picture Faces Different User0%
20%
40%
60%
80%
100%
120%
Face Recognition: Success Rates
GalaxyiPhone
Figure 1
Based on the Figure 1, it can be determined that facial recognition technologies have high
efficiency rates on both the iPhone and Galaxy. Both devices had a 100 percent efficiency rate
with a standard picture and an overall efficiency rate of 97 percent with the programmed user.
The false positive rate stood at 2 percent with only 2 attempts working out of the 100 made.
These statistics prove that the facial recognition technologies implemented on these phones are
successfully working to secure the data on cell phones.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 21
The results from the fingerprint tests were very different as indicated in the graph below
(Figure 2). On the iPhone 5s, the fingerprint technologies were very efficient with a 96 percent
success rate using the right thumb and a 100 percent success rate using the pointer finger. The
technology was so successful that it even produced a 0 percent false positive rate. However, the
Samsung Galaxy was very inefficient with less than a 44 percent success rate and an 8 percent
failure rate. The technologies on the Galaxy S4 were not up to the same level of the iPhone. The
Galaxy attempted to use the screen to correctly identify the fingerprint of the user and not a
scanner like the iPhone led to its failures. Therefore fingerprint biometric technologies have not
been implemented on a widespread level that can be readily accepted as a successful way to
secure the information on cell phones.
Control Pointer Finger Opposite Thumb Different User0%
20%
40%
60%
80%
100%
120%
Fingerprint Authentication: Success Rates
SamsungiPhone
Figure 2
Voice Recognition Technologies
In an effort to expand the study, a similar test was set up using the same two
smartphones, the Apple iPhone 5s and the Samsung Galaxy S4. The Apple iPhone 5s is a black
16 gigabyte device now running Apple’s iOS 8.3 operating system and the Samsung Galaxy S4
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 22
remained unchanged. Using these devices, the same two students collaborated to test the voice
recognition technologies they each offered. In doing so, the same plan was set in place to use on
each device even though their technologies differed.
The test plan consisted of a variety of tests in attempt to find the efficiency and false
positive rates in unlocking the device on the Galaxy and correctly identifying information on the
iPhone. For the Galaxy, the first student attempted to unlock the device 25 times using the word
“lighting.” The student then followed with 25 attempts using the word “lightning” to see whether
the device was able to detect different words and then 25 attempts with their voice muffled by
talking with their nose plugged. The final test was performed by the second student who
attempted 25 times with their voice trying to find false positives.
Results and Discussion
The Samsung Galaxy S4 and the iPhone 5s both have different capabilities. For starters,
the Samsung Galaxy comes with voice recognition preinstalled as a security feature that
Samsung lists as “low security.” The opposite is true of the iPhone 5s that doesn’t come with a
voice recognition technology for security, but does come loaded with Siri a voice recognition
technology designed towards the ease of using apple phones and technologies. With this in mind
the test faltered in the false positive section on the iPhone 5s end. Using the selected
applications for the study, the following chart shows the success of the test plan for voice
recognition.
Figure 3
Based on Figure 3, it can be determined that voice recognition technologies have high
efficiency rates on both the iPhone and Galaxy. The iPhone had a 100 percent efficiency rate
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 23
with the
control word
and only
missed one
attempt of the
voice
change. The
Galaxy had similar efficiency with a 94 percent total success rate in the same two fields.
Similarly, the Galaxy fell just below the iPhone 5s missing 2 more attempts of slight word
change to “lightning”. However, the Galaxy stood out far better than the iPhone as it only
accepted one false positive while the iPhone accepted 92 percent. This fall back for the iPhone is
greatly due to the fact that the iPhone’s voice recognition technology wasn’t made for security
purposes. These statistics prove that the voice recognition technologies implemented on the
Galaxy are successfully working to secure the data on cell phones. It also proves that Apple
needs to improve its technologies in order to use them for security.
The Technologies Compared
Overall, the technologies faired decently in the study. The Apple iPhone had better
success rates when it came to correctly identifying the proper person using fingerprint, facial and
voice recognition. The iPhone maintained a 98 percent success rate in every category. However,
the Galaxy didn’t fare as well with only a 78 percent success rate because of low fingerprint
rates. In total, the biometrics combined for an 88 percent success rate. While this number might
come higher than expected it is still not enough when it comes using biometrics for security. The
"Lighting" "Lightning" Voice Change Different User0%
20%
40%
60%
80%
100%
120%
Voice Recognition: Success Rates
GalaxyiPhone
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 24
chart below, Figure 4, shows the success rates for each biometric on the devices and the room for
improvement in security.
Fingerprint Facial Voice0%
100%
Success Rates
SamsungiPhone
Figure 4
Acceptance of Biometrics
While there are many forms of biometrics that have been implemented on cell phones,
user’s knowledge of these technologies has been questioned. In many cases, researchers have
even studied the use of any security on cells phones. In order to study these questions, a survey
was conducted at Chestnut Hill College on the availability of biometrics and the use of security
including biometrics.
Survey and Procedures
The intent of the survey was to find consumers’ opinions on biometrics and security. In
creating the survey the selection of the questions was essential to get the desired answers. After
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 25
three revisions of the survey and approval from the Institutional Review Board (IRB) the survey
was distributed around Chestnut Hill College campus to 50 random undergraduate students. The
survey included 7 questions. The first questions aimed at determining the types of phones users
own, the importance of data on their phones, if they used security, and what kind of security they
used. The rest of the questions targeted the use of biometrics. These questions included whether
users have used biometrics in any way, whether their phones had biometric capabilities, and their
acceptance of biometrics as an adequate form of security for cell phones.
Table 1 shows the types of cell phones that were listed by the survey respondents. Based
on the table, it can be determined that at least 50 percent of the users had biometric capabilities
on their phones as both the iPhone 5s, 6 or 6Plus and the Samsung Galaxy S4, S5 and Note 3 are
built with biometric technologies. This table also supports the findings listed in figure 3 as the
responses from 25 people stated they had biometrics capabilities on their cell phones.
User’s Cell PhonesCell Phone Types Number of UsersiPhone 5s, 6 or 6 Plus 19Older iPhone 15Samsung Galaxy S4, S5, Note
6
Older Galaxy 3Other 7
Table 1
Earlier research suggested that there is an evident need for the security of cell phones due
to the desires of user privacy and to protect the type of data stored on cell phones. According to
the results of the survey, 86 percent of users agreed with this statement by stating that they use
security on their cell phones. The figure below (Figure 5) demonstrates the various forms of
security users have enabled on their phone for security. While the survey contained many
security options, only four of them were selected by users. Fingerprint recognition was the only
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 26
form of biometric security. However, the passcode came in as the highest used at 57 percent with
fingerprint recognition coming in second at 25 percent. The use of security also represents
32
6
14
4
Forms of Users' Security
Passcode
Password
Fingerprint
Finger Swipe
Figure 5
the importance of data on the user’s devices. Table 2 states the responses recorded from the users
on how important the data is on their phones. The table uses the Likert scale with 1 being the
least important and 5 being the most important. Based on the table, 64 percent of users believe
their data is important to very important with only 8 percent stating their information to be
unimportant.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 27
Table 2
Earlier research had stated that passwords didn’t provide the desired level of security
because they made cellphones susceptible to cell phone searches and theft of their important
data. With this in mind the survey questioned users’ likelihood of considering biometrics as an
adequate way to secure their phone using a Likert scale. Based on the survey, 74 percent of users
accepted biometrics, 18 percent of users was unsure and 8 percent did not. The acceptance rate
stood out as it was higher than the number of people that had interacted with biometrics which
stood at 68 percent. Regardless, the user’s acceptance rates of biometrics according to survey
didn’t match up to the number of users that claimed the use of biometrics. The following figure
(Figure 6) shows the use of biometric technologies by users. Only 50 percent of users had
knowledge of biometric technologies on their cell phones and of that 52 percent used it. These
stats show the gap between biometric technologies and their implementation in regards to user’s
acceptability.
Importance of Data on User’s PhonesImportance Number of Responsesnot important 0somewhat important 4neither 14important 17very important 15
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 28
Further
Research
This research was conducted at Chestnut Hill College to the best ability of the
researchers. However, the research left room for further research to be conducted on the subject.
In regards to the hands on study of biometrics, it could be done on a larger level. The study could
have included other cell phones in the comparison such as LG, Motorola or Microsoft devices.
With more technologies and devices the study could also include a larger number of tests with
more attempts to see the long lasting effectiveness of biometrics on cell phones. By including
these different forms of research, it would allow for further investigation into the efficiency of
biometrics in correctly securing cell phones and their information.
The information in this paper could go even further and expand the survey. The survey
was conducted around the Chestnut Hill College campus with a total of 50 surveys as the end
result. Using the same survey, there are many options. The survey could be employed in different
environments to see if the answers that college students gave vary from business people or even
parents. The survey could also be employed on an even larger scale and placed on the Internet
and throughout many different places allowing for a higher number of result of people from all
9
1612
13
Use of Biometric Technologies by Users
I don't know
I don’t have it
I don't use it
I use biometrics
Figure 6
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 29
over the world. By employing the survey in different places it would allow for advanced research
and the creation of claims on a larger more accepted scale.
Conclusion
Biometrics is being implemented on cell phones and many similar devices. The standard
for biometrics is 100 percent security of information that it protects. In the case of cell phones,
the data suggests that there is still work to be done to reach the desired level of security and
efficiency rates. However, users are starting to accept and use biometrics as an adequate way to
secure their cell phones. Further research can lead to the solution of device security. Until then,
biometrics will work with other securities to secure cell phones and their data.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 30
References
Alterman, A. (2003). ``A piece of yourself'': Ethical issues in biometric identification. Ethics and
information technology, 5(3), 139-150.
Arthur, C. (2012, December 3). Text messages turns 20 – but are their best years behind them?.
Retrieved from http://www.theguardian.com/technology/2012/dec/02/text-messaging-
turns-20
AT&T Labs. (2014). Technology timeline. Retrieved from
http://www.corp.att.com/attlabs/reputation/timeline
Barkhuus, L., & Dey, A. K. (2003). Location-Based Services for Mobile Telephony: a Study of
Users' Privacy Concerns. In INTERACT (Vol. 3, pp. 702-712).
Bhutani, T. (2013). No to fingerprint security system. International Journal of Computer Science
and Management Research, 2(10), 3583-3587.
Brown, R. (2013). Cellphone THEFT. Rural Telecom, 32(2), 19-21.
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 31
Byung Jun, K., & Park, K. (2010). A new multi-unit iris authentication based on quality
assessment and score level fusion for mobile phones. Machine Vision & Applications,
21(4), 541-553.
Cell phones and wireless communication. (2014, March 04). Retrieved from
http://www.usa.gov/topics/science/communications/phones/cell-phones.shtml
Clark, J. (2014). Speech Recognition Better Than a Human's Exists. You Just Can't Use It
Yet.Global Tech.
De Capitani Di Vimercati, S., Foresti, S., Livraga, G., & Samarti, P. (2012). Data Privacy:
Definitions and Techniques. International Journal Of Uncertainty, Fuzziness &
Knowledge-Based Systems, 20(6), 793-817. doi:10.1142/S0218488512400247
Del Pozo, G., Sanches-Ávila, C., De-Santos-Sierra, A., & Guerra-Casanova, J. (2012).Speed-
Independent gait identification for mobile devices. International Journal Of Pattern
Recognition & Artificial Intelligence, 26(8), 1-13. doi:10.1142/S0218001412600130
Derawi, M. (2012). Smartphones and biometrics. (Doctoral dissertation).
Frenzel, L. E. (2006). the CELL Phone now that's entertainment. (Cover story). Electronic
Design, 54(10), 42-50.
Gafurov, D. (2007, November). A survey of biometric gait recognition: Approaches, security and
challenges. In Annual Norwegian Computer Science Conference (pp. 19-21).
Garratt, L., & Poulter, S. (2014, January 13). Number of text messages being sent falls for the
first time ever. Retrieved from
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 32
http://www.dailymail.co.uk/sciencetech/article-2538488/SMS-takes-seat-IM-number-
texts-sent-Britain-falls-time.html
Gershowitz, A. M., Can police search your cell phone and even break your password, during an
arrest?, 2011 Nat'l Ass'n of Crim. Def. Lawyers, Inc. 1-13 (2011, November).
Gershowitz, A. M., Password Protected? Can a Password Save Your Cell Phone from a Search
Incident to Arrest?, 2011 Iowa L. Rev. 1-39 (2011).
Glisson, W., Storer, T., Mayall, G., Moug, I., & Grispos, G. (2011). Electronic retention: what
does your mobile phone reveal about you?. International Journal Of Information Security,
10(6), 337-349.
Hall, O. M. (2013). Smarter Phones, Smarter Solutions. Human Ecology, 41(2), 12-15.
Hopkins, R. (1999). An Introduction to Biometrics and Large Scale Civilian Identification.
International Review Of Law, Computers & Technology, 13(3), 337-363.
INNER VOICE. (2013). Engineering & Technology (17509637), 8(7), 36-37.
Kizza, Joseph Migga. (2007). Ethical and social issues in the information age. Vol. 999.
Springer.
Kwapisz, J.R.; Weiss, G.M.; Moore, S.A., (2010) "Cell phone-based biometric identification,"
Biometrics: Theory Applications and Systems (BTAS), 2010 Fourth IEEE International
Conference on , vol., no., pp.1,7
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 33
Lai, J., & Yuen, P. C. (2006). Face and eye detection from head and shoulder image on mobile
devices. International Journal Of Pattern Recognition & Artificial Intelligence, 20(7),
1053-1075.
Leavitt, N. (2013). Today's Mobile Security Requires a New Approach. Computer, 46(11), 16-
19.
Miller, D. (2013). Strong authentication for mobile commerce.opusresearch report, 1-12.
Retrieved from http://opusresearch.net/wordpress/featured-research/
Mordini, E., & Ottolini, C. (2007). Body identification, biometrics and medicine: ethical and
social considerations. Annali-Istituto Superiore Di Sanita, 43(1), 51.
Nacci, A. A., Trovò, F. F., Maggi, F. F., Ferroni, M. M., Cazzola, A. A., Sciuto, D. D., &
Santambrogio, M. M. (2013). Adaptive and Flexible Smartphone Power Modeling.
Mobile Networks & Applications, 18(5), 600-609.
Palenchar, J. (2003). New Voice-Recognition Technology Added To Handsets. TWICE: This
Week In Consumer Electronics, 18(11), 34.
Pocovnicu, A. (2009). Biometric Security for Cell Phones. Informatica Economica, 13(1), 57-63.
Shakkottai, S. S., Fomenkov, M. M., Koga, R. R., Krioukov, D. D., & Claffy, K. C. (2010).
Evolution of the Internet AS-level ecosystem. European Physical Journal B -- Condensed
Matter, 74(2), 271-278.
Wang, S.and Liu, J. (2011). Biometrics on mobile phone, Recent Application in Biometrics, Dr.
Jucheng Yang (Ed.), ISBN: 978-953-307-488-7, InTech, Available from:
CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 34
http://www.intchophen.com/books/recent-application-in-biometrics/biometrics-on-
mobile-phone
Siew Wei, T., & Yau Yuen, Y. (2014). Innovative use of Smartphones. Teaching Science: The
Journal Of The Australian Science Teachers Association, 60(1), 39-42.
Singh, M., & Pal, T. R. (2011). Voice Recognition Technology Implementation in Surgical
Pathology: Advantages and Limitations. Archives Of Pathology & Laboratory Medicine,
135(11), 1476-1481
Van der Ploeg, I. (2005). Biometric identification technologies: ethical implications of the
informatization of the body. BITE Policy Paper, 1.
Worstall, T. (2013, March 23). More people have mobile phones than toilets. Retrieved from
http://www.forbes.com/sites/timworstall/2013/03/23/more-people-have-mobile-phones-
than-toilets/