|
Scheme | Biofeature | Threat model | Data attacked | Countermeasure |
|
Khamis et al. [67] | Gaze gestures | (i) Iterative attacks (ii) Side attacks | (i) Observe the user several times from different viewpoints | (i) Multimodal authentication based on combining gaze and touch |
|
Khamis et al. [68] | Gaze gestures | (i) Shoulder surfing (ii) Thermal attacks (iii) Smudge attacks | (i) Uncover a user’s password | (i) Multimodal authentication based on combining gaze and touch |
|
Arteaga-Falconi et al. [70] | Electrocardiogram | (i) Adversarial machine learning | (i) Attacking ECG data sensors | (i) ECG authentication algorithm |
|
Kang et al. [71] | Electrocardiogram | (i) Adversarial machine learning | (i) Attacking ECG data sensors | (i) Cross-correlation of the templates extracted |
|
Chen et al. [72] | Voice recognition | (i) Random-guessing attack | (i) Malicious bystanders try to observe the password of the legitimate user | (i) Rhythm-based two-factor authentication |
|
Shahzad et al. [23] | Signature recognition | (i) Shoulder surfing attack (ii) Smudge attack | (i) Malicious bystanders try to observe the password of the legitimate user | (i) Behavior-based user authentication using gestures and signatures |
|
Sitova et al. [32] | Behavior profiling | (i) Population attacks | (i) Guess the user’s feature vector | (i) Using the notion of guessing distance |
|
Shahzad et al. [23] | Behavior profiling | (i) Shoulder surfing attack (ii) Smudge attack | (i) Spying on the owner when he performs an action | (i) Authentication scheme based on the gesture and signature behavior |
|
Khamis et al. [69] | Touch dynamics | (i) Side attack model (ii) Iterative attack model | (i) Spying on the owner when he performs an action | (i) Multimodal authentication |
|
Ferdowsi and Saad [39] | N/A | (i) Eavesdropping attacks | (i) Extract the watermarked information | (i) Deep learning algorithm with long short-term memory |
|
Khan et al. [79] | Fingerprint | (i) Replay attacks, forgery attack and impersonation attack, server spoofing attack | (i) Replaying of an old login message | (i) Chaotic hash-based authentication |
|