|
| Scheme | Biofeature | Threat model | Data attacked | Countermeasure |
|
| Khamis et al. [67] | Gaze gestures | (i) Iterative attacks
(ii) Side attacks | (i) Observe the user several times from different viewpoints | (i) Multimodal authentication based on combining gaze and touch |
|
| Khamis et al. [68] | Gaze gestures | (i) Shoulder surfing
(ii) Thermal attacks
(iii) Smudge attacks | (i) Uncover a user’s password | (i) Multimodal authentication based on combining gaze and touch |
|
| Arteaga-Falconi et al. [70] | Electrocardiogram | (i) Adversarial machine learning | (i) Attacking ECG data sensors | (i) ECG authentication algorithm |
|
| Kang et al. [71] | Electrocardiogram | (i) Adversarial machine learning | (i) Attacking ECG data sensors | (i) Cross-correlation of the templates extracted |
|
| Chen et al. [72] | Voice recognition | (i) Random-guessing attack | (i) Malicious bystanders try to observe the password of the legitimate user | (i) Rhythm-based two-factor authentication |
|
| Shahzad et al. [23] | Signature recognition | (i) Shoulder surfing attack
(ii) Smudge attack | (i) Malicious bystanders try to observe the password of the legitimate user | (i) Behavior-based user authentication using gestures and signatures |
|
| Sitova et al. [32] | Behavior profiling | (i) Population attacks | (i) Guess the user’s feature vector | (i) Using the notion of guessing distance |
|
| Shahzad et al. [23] | Behavior profiling | (i) Shoulder surfing attack
(ii) Smudge attack | (i) Spying on the owner when he performs an action | (i) Authentication scheme based on the gesture and signature behavior |
|
| Khamis et al. [69] | Touch dynamics | (i) Side attack model
(ii) Iterative attack model | (i) Spying on the owner when he performs an action | (i) Multimodal authentication |
|
| Ferdowsi and Saad [39] | N/A | (i) Eavesdropping attacks | (i) Extract the watermarked information | (i) Deep learning algorithm with long short-term memory |
|
| Khan et al. [79] | Fingerprint | (i) Replay attacks, forgery attack and impersonation attack, server spoofing attack | (i) Replaying of an old login message | (i) Chaotic hash-based authentication |
|
