A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems

03/06/2019
by   Aditya Sundararajan, et al.
0

Biometric research is directed increasingly towards Wearable Biometric Systems (WBS) for user authentication and identification. However, prior to engaging in WBS research, how their operational dynamics and design considerations differ from those of Traditional Biometric Systems (TBS) must be understood. While the current literature is cognizant of those differences, there is no effective work that summarizes the factors where TBS and WBS differ, namely, their modality characteristics, performance, security and privacy. To bridge the gap, this paper accordingly reviews and compares the key characteristics of modalities, contrasts the metrics used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks and defenses for TBS and WBS. It further discusses how these factors affect the design considerations for WBS, the open challenges and future directions of research in these areas. In doing so, the paper provides a big-picture overview of the important avenues of challenges and potential solutions that researchers entering the field should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the fundamental differences between TBS and WBS before understanding the core challenges associated with WBS and its design.

READ FULL TEXT VIEW PDF

Authors

page 1

page 2

page 3

page 4

05/21/2022

Evaluation of User Perception on Biometric Fingerprint System

Biometric systems involve security assurance to make our system highly s...
11/17/2021

Quality Measures in Biometric Systems

Biometric technology has been increasingly deployed in the past decade, ...
05/14/2021

Biometrics: Trust, but Verify

Over the past two decades, biometric recognition has exploded into a ple...
12/14/2020

When Physical Unclonable Function Meets Biometrics

As the Covid-19 pandemic grips the world, healthcare systems are being r...
08/19/2020

Survey on Cryptocurrency Networking: Context, State-of-the-Art, Challenges

Cryptocurrencies such as Bitcoin are realized using distributed systems ...
05/20/2011

Human Identity Verification based on Heart Sounds: Recent Advances and Future Directions

Identity verification is an increasingly important process in our daily ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1. Introduction

Biometrics is a field of science which deals with the exploitation of unique, identifiable and quantitatively measurable characteristics of humans in order to authenticate and/or identify them (Roberts, 2006)

. Over the years, pattern recognition and machine learning algorithms have found immense significance in user authentication. A hardware-software-based technology that applies such algorithms to human biometrics for authentication and, more recently, identification, fall under the class called

biometric systems. Although biometric devices are used more commonly, biometric systems has been used in this paper to emphasize that the scope of study is beyond the physical device itself, and considers communications and other applications that use the data from the individual devices. Traditionally deployed as standalone systems, the biometric systems require separate, mutually exclusive ”enrollment” and ”authentication” phases (Angle et al., 2008). Figure 1 illustrates the system model of traditional biometric systems (TBS). During enrollment, the user registers their traits or ”modalities” as a template, created by selecting and extracting specific features from the sample recorded by sensor(s), such that it is enough to uniquely identify that user (Soutar et al., 1998). Their identity and corresponding template are then stored in the database.

At this point, security of template becomes critical, as they cannot be revoked once the database is compromised. Owing to plenty of additive noise common during measurement, hashing the template is counter-productive (Sutcu et al., 2007a). There are many template protection methods like secure sketch schemes whose strength is measured by the average min-entropy of the original template given the secure sketch (Sutcu et al., 2007b), fuzzy commitment scheme based on binary error-correcting codes (Juels and Wattenberg, 1998), and the use of mutual information to measure dishonesty among users (Boyen et al., 2005). The Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST) recommends standards for biometric data exchange, system accuracy and interoperability (Wing, 2014).

Figure 1. Block diagram for the system model of a typical TBS.

Another class of systems are emerging, referred to in this paper as wearable biometric systems (WBS), which are miniaturized, mobile, flexible, comfortable, less invasive, and aesthetically pleasing. It is worth noting that WBS also come under another broader group, the wearable devices, which also include token and smartcards. However, this paper focuses only on WBS. TBS and WBS ensure user security in different ways.

  • TBS consider each modality of the user as a separate entity while WBS consider the entire user (along with all of their individual modalities) as one (Myerson, 2012)

  • TBS can be optionally connected to the Internet, while WBS are inherently online, exploiting the principles of Internet of Everything (IoE) (Research, 2014)

  • The authentication and identification processes for TBS are static and user-initiated while for WBS are dynamic and autonomous

  • While traditional modalities such as fingerprints, gait, motor, iris, and retina can be integrated into wearables using less-invasive sensors embedded in eyewear, waist-belts, etc., modalities considered invasive in TBS such as ECG, EEG, and Electromyogram (EMG) could be less invasive in WBS domain

  • Threats, attacks and defense landscapes for TBS is very different from those for WBS, considering they have different operating dynamics, characteristics and context

  • While TBS are widely used in research institutes, hospitals, libraries, airports and universities, WBS currently find their use more in healthcare and personal fitness than in security (Leonard et al., 2009)

Figure 2. Flowchart showing the outline of this paper.

It is clear that the future of biometric systems research is geared towards WBS, especially factors like modality characteristics, performance, security and privacy, and how they impact system design and operation. However, prior to looking deeper into this area, it is important to better understand the differences between TBS and WBS highlighted above. To this end, the paper makes the following three key contributions: 1) Summarize and compare TBS and WBS in terms of the factors identified above and discuss how they contribute to the differences listed earlier; 2)

Contribute to the literature by reviewing and summarizing observations of how the modality characteristics, evaluation metrics and security impact the future design solutions for WBS; and

3) Present important open challenges and future research directions in biometric systems that researchers should pay attention to. Hence, this survey is one of the first efforts in summarizing the research conducted beyond the widely explored TBS, and serves as a strong starting point for researchers entering/in interrelated fields.

The rest of the paper is organized as follows based on the outline illustrated by Figure 2. Section 2 introduces WBS, their system model, and Wireless Body Area Networks (WBANs). It also summarizes various products in the market that leverage the technology. A comprehensive summary of the different key characteristics of various WBS modalities is tabulated and discussed in Section 3. Section 4 reviews various metrics to evaluate the performance of TBS and WBS. Metrics for WBS are summarized in contrast with those of TBS. The threats, attacks and defenses for TBS and WBS are reviewed in Section 5. Attacks are summarized based on whether they target the modality, technology or both to provide a cohesive organization of the literature. Defenses available against the surveyed attacks are also presented. A brief discussion on how the modality characteristics, performance evaluation metrics, security and privacy affect future design solutions for WBS is discussed in Section 6. While Section 7 presents the open research challenges and future directions for research in the area of WBS, Section 8 concludes the survey by summarizing the key findings.

2. Wearable Biometric Systems (WBS)

Today, wearable applications quantify and personalize every action and movement undertaken by users in order to monitor their health and upgrade their lifestyles. However, in the context of security, the complexity faced by attackers increases multi-fold when such wearable applications are networked to form a WBAN, with many independent, body-friendly and reliably accurate sensors measuring and sharing data to yield a composite template. In tomorrow’s fast-paced world where multiple devices are capable of interacting with each other, such dynamic and self-reliant security technologies will be required. Companies like Nymi, Google, Motorola, Apple, and Fitbit are releasing wearable devices like heart-rate monitors, physical fitness trackers, smartwatches, mobile operating systems, assisted living, elder-care, ambient-assisted living, remote automotive and home appliance control, and even navigation control (156; P. Bonato (2005)). This implies there is a strong future in WBS security for user authentication and identification.

WBS also double up as ”virtual keys” that people use to protect their sensitive assets. Their sensors are tasked with data acquisition, information communication, and decision making with little to no user intervention (Latre et al., 2010). Additionally, the nodes of WBS can be implanted, surface-mounted, or even invisible (Espina, 2014). While surface-mounted WBS are in the form of Smartwatch (Ledger and McCaffrey, Endeavor Partners LLC Technical White Paper Report), Fitbit (Mackinlay, 2013), MOTOACTV (142) and Jawbone UP, implanted or embedded WBS have also started making appearances in global markets. Invisible WBS, however, are still nascent in terms of their commercial availability, although two of the leading biometric garment companies, OMSignal and Hexoskin, have launched shirts and garments designed with specially fabricated textiles made of sensors that collect and visualize body statistics in real-time (Montes, 2015). WBAN is discussed in Section 2.1. Section 2.2 describes the system model for WBS, while Section 2.3 details the products available in the market that use WBS.

2.1. Wireless Body Area Network (WBAN)

A central notion to WBS is WBAN. Wearable sensors, implanted or surface-mounted or invisible, constitute WBAN with a typical range of to meters around the body. WBAN is derived from ”Wireless Personal Area Network (WPAN)”, a term coined by Zimmerman in 2001 when he studied the effect of electronics brought near human body (Zimmerman, 1995). With improvements in Microelectromechanical System (MEMS), data analytics and wireless communications, sensors have seen successive improvements with respect to reliability and robustness (Leonov et al., 2005). The data collected in real-time by these sensors is communicated to a sink, which could be smartphones, Personal Digital Assistants (PDAs) or Personal Computers (PCs). The collected data is fused, processed, and analyzed to offer personalization, authentication and/or identification (Darwish and Hassanien, 2011).

Wearable sensors are pervasive in nature. As identified in (Cornelius et al., 2012), a pervasive wearable is a colony of biometric sensors, more formally called ”passive biometrics” that is unobtrusively measurable (non-invasive) and has maximal independence. They are auto-configured and do not need human intervention during enrollment. However, due to this reason, data collected by them is usually more than that collected by active biometrics like TBS. In addition, passive biometric sensors should be able to discover their peers within the same body, distinguish between those that belong to other bodies in their range, maintain secure communication, and identify the individual to whom they belong. They must also have small size and lean form-factor, and be energy-efficient and independent of positioning with respect to their target organ (Filipe et al., 2015).

Figure 3. Block diagram of a typical WBAN with wearable sensor and sink nodes.

A typical WBAN, shown in Figure 3, is an interconnection of multiple independent wearable sensors, each of which measure specific signals from a modality included but not limited to be one of the following: brainwaves associated with stimuli, iris structure (Anderson, 2017), retinal patterns (Spinella, 2003), vocal resonance while speaking prerecorded phrases (Mitra et al., 2002; Spinella, 2004), skull conduction in response to audio waves propagating within the head (Schneegass et al., 2016), signals from the heart (Akhter et al., 2016; Riera et al., 2011)

, vein pattern on the underside of the skin, gait while walking or striding

(Darwish, 2016; Gafurov et al., 2007), signals generated by muscles in motion [(Tarata, 2003), Mechanomyograph (MMG) signals generated by muscles upon activation (Al-Mulla and Speulveda, 2014), fingerprint patterns (Chuang, 2014a), readings of pressure applied by fingertips when holding objects like pens, car keys, steering wheel, computer mouse, door handle, etc., patterns from signature and body odor (Lorwongtragool et al., 2014), and Photoplethysmograph (PPG) denoting the absorption of light through a body part in accordance with heartrate pulses (Lee and Kim, 2015; Chakraborty and Pal, 2016).

In WBAN, each sensor is termed a ”node”. The network itself can be scaled by connecting more nodes on/in the body. These nodes use wireless protocols to communicate among themselves and are coordinated by an on/in-body master ”sink”, forming a star topology, or communicate among themselves and independently connect to an off-body sink, forming a star-mesh hybrid topology (J. Elias and A. Mehaoua (2012); M. Lont (2014); K. M. S. Thotahewa (2014); 87). The protocols for communication between WBAN nodes and sink require low power communication protocols since sensors run on batteries. The IEEE 802.15.6 is considered as the primary standard that defines the Medium Access Control (MAC) architecture for in- and on-body wireless communications (84). According to the standard, every node and sink has a Physical (PHY) layer (constituting a narrowband, ultra-wideband and human body communication PHY layers) and a MAC sublayer (Li and Zhuang, 2012). The MAC Service Data Units (MSDUs) are transferred from the MAC client layer to the MAC sublayer through the MAC Service Access Point (SAP). The MAC frames are then transferred to the PHY layer through the PHY SAP. The reverse happens at the receiving end, which would be a sink in a star topology, or a node/sink in a star-mesh hybrid topology. Network and Application layers provide configuration, routing and management, and functional requirements, respectively (85; 86).

Standard protocols for WBAN MAC communication such as ZigBee-MAC, Baseline-MAC (BMAC), SPARE-MAC, T-MAC and D-MAC have been widely used to implement WBANs, which account for traffic resolution, collision contingencies, energy-saving, auto-configuration, throughput, and delay (Khatarkar and Kamble, 2013). MAC layers employ Time Division Multiple Access (TDMA) and its hybrid variants such as -MAC, and A-MAC (Parker et al., 2010; Rhee et al., 2008). Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) technologies are also used for energy-efficient communication through sleep scheduling, high channel utilization and low latency (Singh and Sharma, 2013)

. A Low-Energy Adaptive Clustering Hierarchy (LEACH) routing protocol was presented to uniformly distribute energy load among WBAN nodes. This method is a significant attempt towards reducing energy dissipation through randomization, and also supports scalability, adaptiveness, and robustness

(Heinzelman et al., 2000). WBAN communication should be cognizant of electromagnetic wave diffraction due to the continuous absorption and reflection as waves pass through tissues and cells which predominantly contain water. If the sink is located off-body, normal human body movements and posture when stationary would determine the quality of information transmitted. This in-turn determines channel conditions and factors like latency and throughput, which indirectly affect energy consumption (Filipe et al., 2015).

2.2. System Model of WBS

Figure 4. System model of a typical Wearable Biometric System.

The system model of WBS is shown in Figure 4 is a cyclical ”continuous/online” process, where wearables authenticate or identify users not on-demand but continuously. WBS comprise the WBAN represented in Figure 3, the sink, and storage, which may or may not belong to the sink. WBAN is bounded by constraints related to memory for storage and computation, network bandwidth for communication, and energy consumption, among other key factors like interoperability, form factor and bio-friendliness (Blasco et al., 2016)

. Some WBANs are also capable of doing minimal signal processing. Sink can be functionally decomposed into a signal preprocessing unit, feature extraction and selection unit, feature matching unit, and optionally a data storage and management unit. In some cases like Fitbit or Google Glass, the sensor and sink nodes are integrated into one device, while the storage and maintenance is pushed to cloud. Signal preprocessing involves operations such as smoothing, interpolation, and normalization. Feature extraction and selection employ standard methods like Principal or Independent Component Analysis (PCA/ICA), Linear Discriminant Analysis (LDA), logistic regression for minimal hardware complexity, and Short Time Fourier Transform (STFT) for minimal memory and computation complexity

(Page et al., 2015; Smital et al., 2016; Bianchi et al., 2006)

. Feature matching uses one-class models for authentication and multi-class models for identification based on kNN, Support Vector Machines (SVMs), Bayesian Networks and Naïve Bayes, and Artificial Neural Networks (ANNs) for supervised learning; and Hidden Markov Models (HMMs) and Gaussian Mixture Models (GMMs) for unsupervised learning. Sink-level storage lowers vulnerability to external threats, but limits computational capabilities and increases form factor.

2.3. Products In the Market Using WBS

It was estimated that the market for WBS in sports and healthcare would reach at least

million devices by the end of 2017 (163). WBS use both physical as well as behavioral modalities, defined later in Section 3, where the former are more static and the latter more dynamic. The behavioral modality-based systems employ hand-eye coordinations, user interactions, pressure, tremors, and other finer movements in addition to the modality itself to capture the data needed for authentication. This sophistication can be more easily achieved by WBS than TBS given their mobility and proximity to the human body. Behavioral modalities have also been used in continuous authentication, sometimes with randomized selection of features from a pool to base the analysis on. For example, EEG-based sensors, which measure stimulus-specific brainwaves to authenticate users, have been of recent interest to the research community, and their application to WBS has attracted decent attention. Below are a few other examples of emerging and recently available products in the market that leverage WBS and mostly behavioral modalities:

  1. EEG: It is difficult with today’s technological advancement to consider EEG as one of the unobtrusively measurable biometrics, since it needs the user to be stationary and calm, and to wear a head-cap comprising electrodes. However, products developed by Muse and Kokoon can be viewed as a productive step towards realizing EEG-based WBS in the future

    • Muse has developed an application which measures EEG from the user’s temples to which its sensors are attached (144)

    • Kokoon provides a set of EEG headphones which measure user’s mental state or mood using brainwaves emitted, and accordingly play music (Prindle, 2015)

  2. ECG: It measures signals emitted by one’s heart that are unique to the individual and is more applicable for WBS (Silva et al., 2015). Unlike EEG, ECG can be unobtrusively measured using just an electrode attached to the skin

    • Bionym is a company that has developed the Nymi wristband to use heartbeat profiles for uniquely identifying users and improving their lifestyle by personalizing their living environment (156)

  3. Electromyogram (EMG): It being leveraged by sports clothing companies, Athos and Myontech, to design sportswear more conducive for superior athletic performance (Kunju et al., 2009)

    • MyoWare has developed a hardware that facilitates the control of video games, robotic movements, and actions of prosthetics based on movement profiles exhibited by the user’s motor neurons

      (Berglin, 2011)

  4. Vocal resonance: It refers to the voice of a user measured as the vocal sound waves propagate through their body as against traditional voice recognition systems that use the waves captured over air (Cornelius et al., 2014a). Placing contact microphones on the neck of the user, the system can unobtrusively measure and model their vocal resonance

  5. TIAX LLC has designed and developed wearable sensors and algorithms which can derive vital signs and bio-signatures

    • To facilitate seamless coordination and communication with minimal user intervention, the company has adopted sensor-fusion methods that combine different streams of physiological data such as EEG and ECG, fingerprints, and EMG response

    • The application of learning algorithms for discovering and exploiting unprecedented patterns is also being conducted (Hill, 2015)

  6. In December 2016, Valencell and STMicroelectronics launched a Scalable Development Kit (SDK) for biometric wearable and Internet of Things (IoT) sensor platform

    • It uses SensorTile of the STMicroelectronics, an IoT sensor module with one STM32L4 microcontroller, a Bluetooth Low Energy chipset, a host of MEMS sensors including accelerometer, magnetometer, pressure and temperature sensors that are both highly accurate as well as energy-efficient, and a digital MEMS microscope (Lee, 2015)

    • It is combined with Valencell’s Benchmark biometric sensor system platform, and together enable the development and support of advanced wearable applications, including biometric authentication and identification

    • Valencell has also introduced technologies to measure heart-rate using forearm, and earbud-based sensors for evaluating energy expenditure, net calories burned and maximum oxygen consumption, and magnetic sensors for measuring cadence (Eschbach et al., Valencell White Paper; Eschbach, Valencell White Paper; Leboeuf et al., 2014)

  7. Skull Conduction: An integrated bone conduction speaker was designed and proposed at the CHI Conference on Human Factors in Computing Systems in May, 2016, where the authors introduced an embedded wearable, SkullConduct, integrated with wearable computers like Google Glass (Schneegass et al., 2016)

    • A 1-Nearest Neighbor (1NN) classifier was used in conjunction with Mel Frequency Cepstral Coefficient (MFCC) features to analyze and interpret unique frequency response registered by the skull in response to the propagation of soundwaves within its bone structure

    • It was touted to be stable, universal, collectible, non-invasive and robust. It was proposed both as a verification as well as an identification system

  8. Signature: The work focused on using it as a form of identification, where an unknown signature was used as an input to verify if a claimed identity was forged (Nassi et al., 2016)

  9. Touch: This work leveraged touch-based behavioral modality and combined it with smart eyewear to conduct continuous user authentication

    • To reduce the invasiveness in authentication, the authors in this work proposed an eyewear that captures user interactions such as single tap, forward, downward and backward swipes, and backward two-finger swipes to perform continuous, online authentication of the user (Peng et al., 2017)

    • This has been touted to achieve a detection rate of and a false alarm rate of

      under an equal probability of occurrence of all six perceived user events

All of the above applications more often than not consider the use of individual biometrics as wearables, in which case certain significant challenges fail to come to the forefront. However, when a colony of sensors are networked together to constitute a WBAN, security concerns become more pronounced, as will be explored in Section 5.2.

Key Takeaway Points: The following are the key takeaway points from this section:

  1. WBAN is a central component of WBS and has a typical range of to meters around the user’s body and comprises multiple sensors that can be implanted, embedded or invisible, each dedicated to unobtrusively and independently measure specific modalities. Such wearables are called passive biometric systems

  2. The nodes of WBAN use wireless protocols to communicate among themselves and are coordinated by an on, in or off-body sink

  3. WBAN communication protocols must account for traffic resolution, collision contingencies, energy-saving, auto-configuration, throughput and delay

  4. WBS system model comprises WBAN, and units for signal preprocessing, feature extraction and selection, feature matching, and cloud-powered data storage and management

  5. There exist multiple WBS products in the market that utilize different modalities, either in isolation or combination, such as EEG, EMG, vocal resonance, fingerprints, skull conduction, signature, PPG, heart-rate, and touch

  6. Some of the forerunner companies that have released WBS products include Google, Fitbit, Nymi, Myontech, Valencell, Apple, Motorola, Muse, Kokoon, TIAX LLC, and MyoWare

3. Key Characteristics of WBS Modalities

Modalities can be categorized in various ways depending on the criteria. For instance, based on their type, they can be classified as physiological (iris, hand, retina, fingerprint, DNA, earlobe, Electrocardiogram (ECG) and odor among others), cognitive (Electroencephalogram [EEG]) and behavioral (signature, keystroke, voice and gait among others) (Babich, 2012; Ali et al., 2016). All of these modalities comprise certain characteristics like universal- should be possessed by every person, unique- should distinguish any two individuals, permanent- should not be drastically affected by age or fatigue, collectible- should easily be acquired by non-invasive means, acceptable- should be approved by the public for widespread use, and circumventive- should not allow adversaries to easily bypass it (Boodoo-Jahangeer and Baichoo, 2014; Cornelius et al., 2014b). The modality characteristics for TBS was summarized in an earlier work (Sundararajan et al., 2014).

Ideally, the modalities used by WBS, in addition to the above six characteristics for TBS, must have the following characteristics: 1) Security: overall confidence that users can invest in the modality against the loss of confidentiality, integrity or availability, 2) Reliability: extent to which the modality can be trustworthy, 3) Mobility: extent to which the modality’s use does not get impacted by constant or intermittent motion with respect to sink, 4) Variability: extent to which the above characteristics change with respect to time, 5) Interference: extent to which the above characteristics get adversely affected by the presence of physical or electromagnetic impediments, and 6) Invasive: extent to which measurement of the modality creates user discomfort.

The constraints of WBANs like communication latency, throughput and amount of energy consumed, in addition to security and resiliency, can be regarded as factors to determine the characteristics. Table 1 summarizes the different WBS modality characteristics, where each fares differently in satisfying the identified factors. The extent to which each modality contributes to enhance favorable factors (like throughput, goodput, security, resiliency) and reduce unfavorable factors (like energy consumed, latency, size) is used to qualitatively rank their suitability to a particular characteristic: stands for High suitability, for Medium and for Low. As explained earlier in Section 1, the modalities, irrespective of being applied to TBS or WBS, must be unique, universal, permanent, collectible, acceptable and circumventive in nature.

The Table shows how the modalities shown in Figure 2 fare with the key characteristics identified for WBS. It can be inferred that while some modalities fare poorer for certain characteristics when implemented in TBS, they fare better on WBS. For example, iris or retinal pattern might be cumbersome to measure when implemented in TBS since the users are required to place their eye in line and close to the camera. However, the same when implemented in WBS is very easy to measure, considering users can use smart eye-wear like Google Glass to efficiently measure iris structures and even retinal patterns in a less invasive manner.

Key Takeaway Points: The following are the key takeaway points from this section:

  1. Biometric modalities must have six fundamental characteristics. They should be universal, permanent, collectible, unique, acceptable, and circumventive

  2. The modalities used by WBS have additional characteristics: security, reliability, mobility, variability, interference and invasiveness

  3. The constraints of WBANs like communication latency, throughput/goodput, and amount of energy consumed, can be regarded as primary factors that determine the system’s operational dynamics

  4. While some modalities fare poorer for certain characteristics when implemented in TBS, they fare better on WBS as they could be easier to measure

  5. Modalities that have a ”Low” suitability for a particular characteristic in TBS domain might possess a ”High” suitability for the same characteristic in WBS domain, considering the two systems have different operational dynamics

  6. It can, hence, be understood that the operational dynamics identified in point number (3) significantly shape the extent to which the modalities contribute favorably to their different characteristics, thereby showcasing a strong dependency between the two

  7. Between physiological and behavioral modalities, further explained in Section 3, the latter have more dynamism, and hence are better suited for continuous authentication applications that would also not increase the invasiveness or jeopardize the privacy of users

Vein Odor Sign ature Finger print Retina Iris Face Gait Pres sure EMG/ MMG Voice ECG EEG PPG Skull
Unique H M M H H H M M M H M H H H H
Universal H M L M H H H M M H M H H H H
Permanent H M M H H H M M M H M H H H H
Collectible H M M H H H M M M H M H H H H
Acceptable H M M H H H M M M H M H H H H
Circumventive H M M H H H M M M H M H H H H
Secure H M M H H H M M M H M H H H H
Reliable H M M H H H M M M H M H H H H
Mobile H M M H H H M M M H M H H H H
Variable H M M H H H M M M H M H H H H
Interferential H M M H H H M M M H M H H H H
Invasive H M M H H H M M M H M H H H H
Table 1. Summary of Key Characteristics of Different Modalities for Wearable Biometric Systems

4. Performance Evaluation Metrics for TBS and WBS

Although modalities typically satisfy most characteristics described in Section 2.3, they focus on the modality itself but not on the products that use the modality. Performance is more applicable for products that use biometrics rather than the biometric itself. The characteristics summarized in Table 1 also affect the performance of such technologies. With the integration of high-end data fusion, analytics, processing, and personalization in order to securely authenticate and/or identify users, performance can be considered an important part of evaluating biometric systems.

4.1. Performance Evaluation Metrics for TBS

Evaluating the performance of TBS has been a widely studied topic in literature (M. El-Abed and C. Charrier (2012); 204; R. Giot, M. El-Abed, and C. Rosenberger (2013); D. O. Gorodnichy (2009)). A comprehensive summary of different performance evaluation metrics and charts used for TBS was described and summarized in (Poh et al., 2015). The work documents that in accordance with the ISO/IEC standard 19795 Parts 1 and 2 for biometric system performance evaluation, multiple metrics are used for verification, such as:

  • False Match Rate (): probability of the technology wrongly authenticating an individual claiming to belong to his correct identity

  • False Non-Match Rate (): probability of the system wrongly rejecting an individual claiming to belong to his correct identity

  • or Crossover Error Rate (): probability that or False Accept Rate () = False Reject Rate (), where FAR and FRR are system-level errors

  • True Acceptance Rate () which is ; and Weighted Error Rate (): the weighted sum of and (Wayman, 1999)

Several curves have also been proposed in order to measure system performance more comprehensively, such as:

  • Receiver Operating Characteristic (ROC) which plots , or on Y-axis and or in X-axis

  • Detection Error Trade-off () curve which uses nonlinearly scaled axes to show the regions of error rates of interest

  • Expected Performance Curve () which uses a performance criterion like to measure performance in terms of or vice-versa

The first two curves are a posteriori as the evaluation is dependent on previous knowledge, and the last is a priori since it is independent of prior knowledge. A more comprehensive study was incorporated in (Fernandez-Saavedra et al., 2013), where TBS performance evaluation was restructured considering the international Common Criteria (CC) for Information Technology (IT) Security Evaluation and its Common Evaluation Methodology (CEM) guidelines, viewing TBS as IT systems.

This paper classifies TBS into Verification and Identification systems, the latter focused on determining the identity of an individual who may belong to the database (closed-set) or not (open-set). Closed-set system performance evaluation is done using a Cumulative Match Characteristic (CMC) curve proposed in (DeCann and Ross, 2013), mostly used for systems which generate an ordered list of matches between the test subject and existing samples in the database, sorted from most likely to the least. Each of these matches are labeled as a rank. The first match, which is most likely, is called -, followed by the second most likely match labeled as -, and so on. CMC plots probability value on the Y-axis against rank on the X-axis. The probability value for a given rank , known as ”identification rate for rank ”, depicts the percentage of time when the system correctly identifies the test individual within the first ranks. Ideally, the system is expected to identify an individual in the first attempt (first rank). Hence, - CMC is ideal. However, in real-world conditions, systems tend to have identification rates closer to as the ranks increase. As a measure of performance, the system whose identification rate hits for the least rank value is deemed to be better. This metric is more widely used for face and iris recognition systems. Open-set identification is done using two approaches: exhaustive comparison where the system compares the test sample with all existing samples in the database, and retrieval-based systems where it employs two subsystems for filtering the samples to allow only those with a ”score” above the predefined threshold to be considered for the matching process, and the actual matching with test sample. This class of methods consider two more metrics: Detection and Identification Rate (), and False Alarm Rate.

4.2. Performance Evaluation Metrics for WBS

The performance of WBS under real-world conditions is more complex to measure owing to multiple external factors which vary with the type of modality, such as ambient noise, distractions, poor connectivity between the sensors and sink, lighting conditions, stress, and anxiety. Hence, most research efforts attempt to quantify their performance under laboratory or experimental conditions, making it idealistic.

Nevertheless, performance evaluation of WBS is very nascent. Metrics identified for TBS such as accuracy, FAR, FRR, ERR, and DIR are also applicable for WBS. However, the term ”accuracy” has gained a deeper significance among others in wearable context, where it includes not just accuracy in the measurement of the signals, but also the confidence-level, immunity against external and bodily disturbances, quality of operation among sensors, communication latency and throughput, quality of assurance of results, efficient WBAN management to avoid congestion and collision, and energy consumption rate (209; 79). In a preliminary survey conducted at the Biometrics Institute Asia Pacific Conference in May, 2016, fifty-four professionals were asked to provide their inputs on the potential applications for WBS, some crucial concerns they saw as hindrances to widespread adoption of the technology, and some potential formats in which they could be made available in the future (205). This paper utilizes the results from the study to propose more metrics with respect to the components identified in the WBS system model earlier.

In literature, much emphasis has been laid on form factor and size as contributing factors towards achieving optimal or near-optimal performance, considering that the performance of WBS decrease with decreasing form factor. While reduced form-factor could sometimes imply greater comfort for the users, it limits local computation capability, necessitating the use of signal processing, feature extraction and matching to be located external to WBAN. This in-turn exposes the WBS to threats that TBS did not have to deal with. Before reviewing the evaluation metrics, the factors on which wearable performance depend are described below in brief.

  1. Physiology: Modalities are sensitive at different levels to different factors such as skin complexion, body shape and size. For example, the level of fat under the skin could affect the measurement of EMG signals, but it might not affect the measurement of a signal like EEG. Similarly, skin complexion could change the level of absorbed light (used by PPG)

  2. Number and placement of sensors directly correlates with the quality of signal measurement. Improper placement or implantation of sensors leads to weak or erroneous measurement, affecting quality and accuracy, and hence performance

  3. Changes induced by mobility: Quality of operation must not vary beyond an acceptable range when users are subject to movement, including rigorous physical exercise, true especially for ECG, PPG and EEG that are prone to interference with external noise

  4. Environmental elements: External noise due to ambient elements could significantly corrupt the measured signals. A technique called Active Signal Characterization (ASC), proposed by Valencell, measures biological, motion, and environmental signals as they come through optical and accelerometer sensors (Leboeuf, 2016). The required signal is then filtered to remove noise related to motion and other external signals. The separated noise could be used as supplementary data to deliver crucial insights into the user environment and motion-related features. A preliminary study has also been conducted on PPG (3)

  5. Crossovers: Periodic movements made by a body could be mistaken by the system to represent a biometric modality. For example, the step-rate measured during activities like jogging or running could be mistaken for heart-rate and lead to miscalculations or wrongful verification/identification, both which bring down performance

  6. Performance of the matching classifiers:

    Whether one-class or multi-class, feature matching algorithms have their pros and cons with respect to performance. No matter how good a signal measurement, a less accurate classifier with poorly fit model could yield substandard results. The classifier model’s performance for skewed training data (classification bias), precision, recall, and F1-score are some additional performance metrics that could be used to indirectly measure WBS performance

    (Martin-Diaz et al., 2016)

  7. Handling heterogeneity: There are multiple types of wearable sensors that comprise WBAN, but measurement, signal preprocessing, feature extraction, selection and matching techniques for each of them vary significantly. Hence, the features that extractor and selector models look for also vary. However, in a comprehensive wearable environment, the extractor/selector and matcher are all embedded within a single device. Hence, the models used for performing such tasks must be adaptive to more than one type of signal, and the changing tolerance levels to different signals affects performance

Based on these factors, many performance evaluation metrics have been proposed recently in literature, including some patents (Romesburg, 2015; LeBoeuf et al., 2014; Arxan, 2014; Awais et al., 2016). They have all been investigated for healthcare and personal fitness, specifically for PPG. It is noteworthy that, like characteristics, metrics for TBS performance evaluation are also applicable for WBS. Following are the metrics unique to WBS.

  • Accuracy: Affected by factors 1-7; its calculation could be subjective due to the involvement of many subject-variant factors. Companies such as Valencell have attempted to deliver Precision Wearable Biometrics that account for these factors. Much emphasis has been laid on wearables for healthcare and fitness applications, but not user security

  • Flexibility: Affected by factors 1, 2, 7; considering the dynamic and highly sensitive nature of WBS, much performance analysis has been typically done through validation testing by classes of users representing different physiologies such as skin tone, complexion and texture, body shape and size, and much more (Kos and Kramberger, 2017). It has become a common practice employed by most wearable companies prior to releasing products. In other words, the WBS should be flexible enough to be used by majority of the human population

  • Interoperability: Affected by factors 3, 4, 7; WBS must actively communicate either with other wearables within the same WBAN or to the sink(s). They must not only measure data with good quality, but also transmit them to the sink without losses or corruption. WBAN communication strategies discussed earlier in Section 2.1 provide an insight into the interoperability of WBS

  • Security: Affected by factors 2, 4, 5; besides lossless and reliable communication, security is also key to performance. Encryption might not be suitable to secure signals from wearable sensors as it demands additional computation power. Efficient resource-aware key management and signal data scrambling methods are two alternatives, where descrambling could be performed by the sink during signal preprocessing

  • Resource allocation: Affected by 2, 4, 5; prolonged battery life is one of the highly anticipated deliverables for WBS. Hence, the extent to which WBAN nodes manage their computation and communication powers to maximize functioning while minimizing consumption could be a metric for evaluating performance

  • Versatility: Affected by factors 1-3, 7; it is the extent to which a WBS can be effectively molded into different consumer-friendly forms that encourage longer battery life and reduced form factor. People are fashion-conscious, and hence, WBS must not only be non-invasive and comfortable, but also be elegantly designed with appealing aesthetics in such a way that performance is not hindered

  • Power Consumption: Affected by factors 2, 4-7; in order to optimize power consumption, the amount of energy expended by sensors for every bit of information could determine their performance (Heinzelman et al., 2000). Furthermore, as shown by (Casamassima et al., 2013) for Bluetooth-WBAN, synchronization strategies could help improve accuracy and limit unnecessary power consumption, thereby improving overall performance. Wake-up Radios (WURs) were proposed to listen to wireless channels in a power-efficient way through preamble sampling and continuous channel listening (Marinkovic et al., 2012)

  • Network Efficiency: Affected by factors 2, 4, 5; optimal use of communication bandwidth is a key concern for nodes within WBAN, between WBAN nodes and sink or, in some cases, between sink and cloud. Since most wearables today use wireless communication like WiFi, Bluetooth and cellular networks, they operate in the same frequency bands as other devices like mobile phones, laptops, and smart home appliances. While temporary solutions such as freeing up more bandwidth, spectrum sharing, and dynamic allocation and deallocation of bandwidth depending on the usage have been implemented, underlying bottlenecks of network congestion, noise, and subsequently performance degradation persist. Visible spectrum was proposed to establish wireless information transfer via Light Emitting Diodes (LEDs) (Bhalerao et al., 2013). Multi-tiered network architecture was also proposed, bolstering the emerging fifth generation (5G) mobile-communication systems where there exists one device, known as ”seed”, that connects to the internet and relays common information to the nodes subscribed to it (Hossain et al., 2014). Dynamic use of bandwidth can be feasible through the use of Cognitive Radios, which hop into underutilized bandwidths, lowering latency and maximizing performance (Haykin, 2005)

  • Spectral Efficiency: Affected by factors 2, 4, 5; measured in bits/s/Hz, it refers to the extent to which a physical or MAC layer protocol can effectively use the limited frequency spectrum bandwidth available (Hz) to maximize its information rate (bits/s). For WBS, this is very important given their limited resources and bandwidth. Spectral efficiency has a probable mathematical formulation as shown below, where and are the number of receivers (sink) and transmitters (sensors) respectively; is the goodput (transmission of useful information bits between transmitter and receiver per unit time); is distance between transmitter and receiver ; is mean societal value received by transmitter from receiver in return for every bit transmitted, where the societal value includes economic, social and environmental benefits; and and are area and bandwidth, respectively, in which transmitter and receiver operate (Stanciu et al., 2012):

    (1)

Key Takeaway Points: The following are the key takeaway points from this section:

  1. TBS performance has been conventionally measured using metrics like FAR, FRR, FMR, FNMR, EER/CER, TAR, ROC, DET, EPC

  2. Although the metrics used to evaluate TBS can be extended to evaluate WBS, the latter have more metrics owing to their differing operational dynamics

  3. Some of the key metrics that can be used to evaluate the performance of WBS include system accuracy, operation flexibility, device and application-level interoperability, systemic security, functional versatility, resource-efficiency, energy-efficiency, network efficiency, and spectral efficiency

  4. WBS performance measured by each of the above metrics is in-turn impacted by one or more of various factors such as physiology, placement and orientation of sensors, external environment, crossovers, system component performance, and heterogeneity in sensing and computation

5. Threats, Attacks and Defenses for TBS and WBS

Before moving ahead, a primer on the terms related to biometric security is briefly presented. A Threat is anything that has the potential to inflict serious harm to the technology of concern. A vulnerability is a weakness that when successfully exploited manifests the threat into an attack (Abdullayeva et al., 2009). An attack vector is a means by which a malicious entity can compromise a system by exploiting its vulnerabilities for a malicious outcome (Schatten et al., 2009). An attack

is the execution of an attack vector by an adversary who successfully exploits a series of vulnerabilities in the concerned domain. A coordinated attack comprises multiple attacks, sequential or parallel, represented using attack vectors that may exploit the same vulnerabilities. An attack is applicable to both TBS as well as WBS in two ways: system attacks that tamper the hardware or firmware, or pattern recognition attacks where the feature extraction and feature matching modules are harmed. While system attacks are applicable to any domain, pattern recognition attacks target feature selection and extraction. It can be said that TBS and WBS are both prone to system attacks, but it is harder to conduct pattern recognition attacks on WBS. However, it is not impossible to do so, as will be discussed in Section

4.

The threats, attacks, and defense landscapes can be categorized for the purposes of this survey into different classes. The first, called Technology Attack (), considers attacks that exploit vulnerabilities of the system’s technology, while the second, called Modality Attack (), considers attacks that exploit vulnerabilities of biometric modalities used by the technology. When an adversary exploits vulnerabilities of both technology as well as modalities, a Hybrid Attack () could be realized. These attacks can be applied to both TBS as well as WBS.There are also different Agents which enforce a threat into an attack: impostor that deliberately or accidentally pretends to be the authorized entity, attacker that intends to access or compromise the technology with malicious intent, snooper that intends to access or compromise the technology with no malice, and erroneous that compromises the technology accidentally. Sometimes, these agents could also be non-human (Abdullayeva et al., 2009). Penetration testing is conducted to discover hidden vulnerabilities and establish attack vectors that can then be mitigated (Biggio et al., 2015).

5.1. Threats, Attacks and Defenses for TBS

Figure 5 shows the system model of TBS with different points of attacks, as identified by the different works in literature (Delehante, 2011; Parvez et al., 2014; Nabil et al., 2013; Adlerr, 2008). In this figure, only the authentication phase of the system is shown, since enrollment is subsumed in the authentication except for the template creation stage, the security-related significance of which was already described in Section 1. Considering how various components interact with each other, a successful attack on one component could pave way for subsequent compromise of other components. It is to be understood that the categorization of attacks described earlier in this section is made with a certain degree of independence between them. For example, a successful Modality attack does not guarantee a successful compromise of the entire system, since the technology might still remain unaffected. Similarly, a Technology attack might be conducted without directly compromising any of the modalities. Those attacks which require to disrupt both technology as well as modality are categorized as Hybrid to avoid any confusion. While a successful Modality attack affects confidentiality but not necessarily integrity and availability, a successful Technology attack impacts integrity and availability but not necessarily confidentiality. A Hybrid attack compromises all three cornerstones of security.

Figure 5. Block diagram of attack model for TBS.

Table 3 summarizes the attacks, corresponding threats and defenses against them. Analysis of system-specific attacks and defenses have been extensively studied in literature (Speicher, 2006; El-Abed et al., 2012).

Class Attacks Threats, Vulnerabilities Defenses
M (Jain, 2003; Erdogmus and Marcel, 2014; Chakraborty and Das, 2014; ISO-IEC, 2016; Galbally et al., 2007; Gomez-Barrero et al., 2012; Galbally et al., 2014; Rahman et al., 2015; Goicoechea-Telleria et al., 2016; Ramachandra and Busch, 2017; Sousedik and Busch, 2013; ISO-IEC, 2017; Busch, 2017; Zamboni, 2013) Presentation attack, Collusion, Coercion Easily reproducible, Poor manual supervision, Poor fault tolerance, Gullible to close relatives, Residuals

Supervised enrollment, PAD, Access controls

Sys (127; P. Paillier (PEM: Privacy-Enhanced Mail); M. Esmalifalak, Z. H. Ge Shi, and L. Song (2013); A. G. Reddy, A. K. Das, V. Odelu, and K. Yoo (2016); Z. Trabelsi, M. A. Hemairy, and M. M. Masud (2014); M. Kaur, Dr. S. Sofat, and D. Saraswat (2010); A. K. Jain, A. Ross, and U. Uludag (2005); M. Dorn, P. Wackersreuther, and C. Bohm (2012); G. Mehta, M. K. Dutta, and P. S. Kim (2016); E. T. Khalaf and N. Sulaiman (2015); A. Abhyankar, S. Kulkarni, R. Talware, and S. Schuckers (2010); P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G. Schrijen, A. M. Bazen, and R. N. J. Veldhuis (2005); Y. Chang, W. Zhang, and T. Chen (2004); U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain (2010); A. K. Jain, K. Nandakumar, and A. Nagar (2008)) Physical tamper, Replay, Man-in-the-Middle, Bad data injection, Template substitute, Template compromise, Denial of Service Lack of policy enforcements, Sensor memory/ circuit limits, Flaw in sensor software, Poor key management, Weak/no encryption, Vulnerable communication, No perfect forward secrecy, Lack of interoperability between other systems, Susceptibility to Trojan horse, Trade-off between template security and system performance, Storage channel interception, Key discovery Firewalls, Physical security, Fall-back systems for fault tolerance, Use of Session keys and timestamps, Digital signatures, Random/ cued challenges, Multi-factor authentication, Biometric cryptosystems, Template encryption, Template fusion, One-time biometrics
PR (Lafikh et al., 2015; Juels and Sudan, 2002; Zhou et al., 2009; Adler et al., 2009; Lim and Yuen, 2016; Rathgeb and Uhl, 2011; Nagar et al., 2010; Teoh and Kim, 2015; Yang and Verbauwhede, 2010; Makinde et al., 2014; Surmacz et al., 2013; Ballard et al., 2008; Ohaeri et al., 2005; Shanthini and Swamynathan, 2012; Akhtar et al., 2012; Cui et al., 2008) Characterize feature extractor, Feature replay, Feature correlation, Trojan horse to alter match scores Known template storage format, Information of data type created by feature extractor, Correlation among features, Matcher and decision-maker program error, Poor exception handling, Missing match upper bounds Use biometric feature entropy, Revocable biometrics, Feature randomization from multiple input sets, Effective debugging with exhaustive use-case testing, Match-score quantization
H (Alaswad et al., 2014; Maiorana et al., 2015; Galbally et al., 2010; Goldschmidt, 2016; Martin-Diaz et al., 2016; Nelder and Mead, 1965; He et al., 2010; Hanmandlu et al., 2011; Yang et al., 2012) Buffer Overflow, Enrolling crafted samples to matcher, Hill climbing Fraud during enrollment Feature fusion from multiple modalities
Table 2. Summary of class-wise TBS threats, attacks and defense mechanisms

5.1.1. Threats, Attacks and Defenses.

This class refers to attacks that exploit the vulnerabilities of the users or their modalities to successfully penetrate into the system. Spoofing or identity (ID) theft is the oldest form of attack (also called a Direct or Presentation Attack) where modalities such as fingerprints, iris, signature and others can be recreated or spoofed using gummy fingers, high resolution color printouts, 3D robotic eyes, and much more (Jain, 2003; Erdogmus and Marcel, 2014; Chakraborty and Das, 2014; ISO-IEC, 2016). In general, to protect against Class 1 attacks, proper enforcement of enterprise-level security such as access controls must be enabled. Additionally, security policies must be strictly enforced to avoid creating loopholes. Physical hardware of TBS must be capable of working without significant loss of performance in the event of an attack or outage (Zamboni, 2013). Targeted direct attacks have lately been minimized by the use of sophisticated sensors equipped with Presentation Attack Detection - PAD (also called live-ness or vitality detection, or anti-spoofing) techniques (Galbally et al., 2007; Gomez-Barrero et al., 2012; Galbally et al., 2014; Rahman et al., 2015; Goicoechea-Telleria et al., 2016; Ramachandra and Busch, 2017; Sousedik and Busch, 2013; ISO-IEC, 2017; Busch, 2017).

5.1.2. Threats, Attacks and Defenses.

This class of attacks target the system components by exploiting vulnerabilities at different points identified in the system model (Figure 1) except the feature extractor and matcher: communication channels, modality residuals, and the template storage unit. Two forms of eavesdropping attacks exist. Passive eavesdropping intercepts the vulnerable communication channel between sensor and feature extractor modules but does not alter or steal it; active eavesdropping like Man-in-the-Middle (MITM) and storage channel interception usurp, swap, or corrupt legitimate data to disrupt rightful operation of the system (127). While only a few employ encryption when sending the captured biometric signals, they do not enforce forward secrecy (a method to ensure the non-compromise of previously secure events even if the current event is compromised) (Paillier, PEM: Privacy-Enhanced Mail). Attacks and defenses related to biometric templates discussed in Section 1 are applicable here. Since TBS are database-oriented, they need to query the stored template in order to make the comparison, which an attacker could modify. If the encryption is not strong, the attacker can replace the query with malware to corrupt the database (Esmalifalak et al., 2013). Template swapping is a special case of substitution. It deals with replacing a legitimate template with that of any user, even external to the system (Kaur et al., 2010; Jain et al., 2005). Alternatively, template could be compromised by exploiting weaknesses in the database architecture or schema, enabling the attacker to insert, update or delete templates of legitimate users. DoS can be executed by feeding TBS with an overwhelming number of feature samples through Bad Data Injection (BDI), MITM, or replay (Trabelsi et al., 2014).

Specific defense mechanisms such as tagging input signals with timestamps and using session keys to ensure forward secrecy have been developed (Reddy et al., 2016). Template encryption, where secure sketch schemes, homomorphic encryption, and chaotic theory, could be used, considering standard hashing and encryption methods which are applicable for other types of data fail for biometric templates (Dorn et al., 2012; Mehta et al., 2016). A modified Hill Cipher algorithm for encryption and a combinatorial Discrete Cosine and Discrete Wavelet Transforms for concealment were proposed that led to an overall improvement in template storage (Khalaf and Sulaiman, 2015). Templates could be alternatively stored separately on smart cards, backed by biometric cryptosystems. However, this imposes an additional restriction of users having to carry cards all the time and increases the overall system complexity. One-time biometrics deter storage channel interception by using statistical learning to create biometric representations, and then applies chaotic mixing to generate an encrypted template, constituting a self-generated, dynamic helper data (Abhyankar et al., 2010). Encrypted template is then decrypted into constituent biometric representations using well-trained Hidden Markov Models (HMMs) and iterative Blind Source Separation before being fed into fuzzy matcher. A multi-factor authentication can also provide defense against MITM attacks by combining modality samples with PINs or passwords (Jain et al., 2008). However, such additional authentication mechanisms could prove counterproductive to the reason biometrics were introduced. Biometric cryptosystems, which generate a helper data using a secret key and biometric features, may also be used to prevent MITM attacks (Uludag et al., 2010). Here, only the helper data, which by itself is useless to an attacker, is stored by the system, while the secret key is reconstructed during authentication using extracted features and helper data (Tuyls et al., 2005; Chang et al., 2004).

5.1.3. Threats, Attacks and Defenses.

Attacks on feature extractor and matcher can be regarded mostly as in nature. Since randomness in modality features is hard to achieve for cryptosystems, fuzzy-based extractors using shielding functions, fuzzy commitment, and fuzzy vault schemes were proposed and applied to the key binding process (Lafikh et al., 2015; Juels and Sudan, 2002). However, attacks using feature correlation are shown to significantly reduce performance (Zhou et al., 2009). If the attacker has prior knowledge about the feature extractor, optimization methods to estimate the unknowns can be devised using the knowns, exploiting statistical dependencies. Further, knowledge of feature extracting algorithms such as PCA and LDA which use the entire biometric sample to construct feature vectors, and Gabor filters and HMMs which select specific features of modalities prior to forming the feature vector, can be used to exploit the correlation between features of modalities that the extractors also use (Adler et al., 2009). False Data Injection (FDI) could corrupt extracted features by the addition of random noise or intelligent data. Such attacks could either be aimed at feeding a large number of erroneous feature vectors to the matcher that would increase its FRR beyond acceptable limits, or at manipulating the vector to circumvent or bypass the matcher.

Probable defense mechanisms include measuring feature entropy to gauge the level of uniqueness of the modality and also the strength of cryptosystems for guaranteeing privacy (Lim and Yuen, 2016). Cancelable or Revocable biometrics, also referred to as template transformation, distort input features by a specific function by applying Gaussian noise models, and use multiple distorted features for different levels of authentication (Rathgeb and Uhl, 2011; Nagar et al., 2010). They store not the original features but only the distorted ones. However, they have a potential of increasing the system’s FRR considering the inherent feature variability among modalities. Feature extractors take this into account using error correction codes, adjustable filters, correlation, or quantization (Teoh and Kim, 2015; Yang and Verbauwhede, 2010; Makinde et al., 2014; Surmacz et al., 2013)

. Alternatively, randomization of biometrics could be used, where multiple samples of a biometric signal is taken (the number of samples varies), and a cumulative average of the samples is used to minimize the intra-class variance

(Ballard et al., 2008). Multimodal feature fusion is also proposed, which differs from revocable biometrics by applying transformations and distortions to a single modality feature set to produce multiple feature vectors. Feature fusion has been successfully applied to feature extractors and tested for its robustness against various attacks including spoofing and replay of extracted features, and potentially feature correlation attacks (Ohaeri et al., 2005; Shanthini and Swamynathan, 2012; Akhtar et al., 2012; Cui et al., 2008). However, practical significance of multi-factor authentication, revocable biometrics and biometric cryptosystems is limited.

5.1.4. Threats, Attacks and Defenses.

Attacks that are a hybrid of and : buffer overflow and residuals. Buffer overflow involves a system interacting with an external environment seeking inputs, in this case, the sensor(s) (Alaswad et al., 2014). Flaws in sensor memory allocation protocols could be exploited by such an attack to overwrite codes important for system’s rightful operation. System authentication could be bypassed in some cases. Further, residuals (latent fingerprints, signature imprints, or pressure points on specific keys in keystroke recognition systems) can be exploited to conduct replay attacks (Goldschmidt, 2016). A Hill Climbing (HC) attack is a hybrid of , and attacks, made more powerful by Nelder-Mead simplex optimization (Nelder and Mead, 1965). It creates an application that sends random templates to the system, disturbed iteratively (Martin-Diaz et al., 2016; Galbally et al., 2010). The system works by reading output match score and proceeding with perturbed template only after score surpasses the acceptance threshold. Successful applications of HCA to TBS exist in literature (Maiorana et al., 2015; Galbally et al., 2010).

Since HCA targets matching scores of feature matching algorithms, defense mechanisms aim to immunize the matcher. Score-level fusion techniques namely, SVMs, likelihood ratio-based fusion, and sum rule-based method preceded by normalization, were analyzed for their performance and accuracy for multimodal biometric systems comprising fingerprints, face and finger vein (He et al., 2010). Another contemporary method proposed the use of triangular norms to make score-level fusion faster and computationally efficient, again for multimodal systems (Hanmandlu et al., 2011). HCA was applied for online signature TBS by modifying initialization, restart and centroid computation steps of traditional Nelder-Mead algorithm. It also proposed a Llyod-Max non-uniform score quantizer to determine quantization levels such that the Mean Square Error (MSE) between original and quantized versions is minimized. Additionally, decision-level template fusion was shown to degrade performance least when compared to fusion at sample, instance, or algorithmic levels (Yang et al., 2012). Since matching and decision-making modules of the system contain program codes that have access to crucial parameters besides the match score, like FRR, FAR, FNMR, and EER, ineffective program blocks could be compromised through the use of Trojan horse.

Figure 6. Block diagram of attack model for WBS.

5.2. Threats, Attacks and Defenses for WBS

WBS are associated with a new dimension of threats and vulnerabilities. Figure 6 shows their generic attack model. In WBS domain, Class attacks exploit vulnerabilities of modalities and users, while attacks are surveyed under two classes: - and -. Attacks on WBAN sensors, intra-body communication, and the communication channel between WBAN and sink come under - while those that target the sink’s signal preprocessing unit, communication between sink and cloud, and cloud storage infrastructure itself. Class attacks target the sink’s feature extraction and selection, and feature matching. Table 3 summarizes threats and vulnerabilities, attacks and corresponding defenses for WBS, organized class-wise.

Class Attacks Threats, Vulnerabilities Defenses
M (Cai and Chen, 2012; Beltramelli, 2015) Motion-based keystroke inference, Collusion, Coercion Poor manual supervision, Poor fault tolerance, Gullible to close relatives, Residuals Supervised enrollment, PAD, Access controls
Sys-WBAN (Wang et al., 2016; Karlof and Wagner, 2003; Bysani and Turuk, 2011; Wang et al., 2016; Newsome et al., 2004; Ali and Khan, 2013; Bui and Hatzinakos, 2008; Mana et al., 2011; Zhu et al., 2011; Xu et al., 2011; Seyedi et al., 2015; Nie et al., 2015) Direct attacks, MITM, (D)DoS, Counterfeit sensors, Selective forwarding, Jamming, Brute-force search, Sybil/Wormhole Sensors transmit only useful information, Difficult policy-making, Expensive to encrypt, Feature entropy, WBAN broadcasting, Noisy network, Half-duplex intra-WBAN communication Multi-point fuzzy commitment, Cluster-based security, MBStar WBAN topology, Trust-based key management, Elliptic Curve, Cryptography Additional hardware filters, Defensive jamming, Hyper-quiet networks, Tamper-proof sensors, BCC
Sys-Sink (K. Austen (2015); A. I. T. in the Internet of Things (2014); Y. S. Lee, E. Alasaarela, and H. J. Lee (2014); Y. S. Lee, H. J. Lee, and E. Alasaarela (2013); M. H. Ibrahim, S. Kumari, A. K. Das, M. Wazid, and V. Odelu (2016); 200; B. R. Wilkins (2014); N. V. Someren (2015); J. Wei (2014); Y. Duan and J. Canny (2005); K. W. Ching and M. M. Singh (2016); M. Naveed, X. Zhou, S. Demetriou, X. Wang, and C. A. Gunter (2014); M. Rahman, B. Carbunar, and U. Topkara (2016); A. Kharpal (2015); A. Nahapetian (2016); W. Zeller and E. W. Felten (2008); A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic (2015); P. Kocher, J. Jaffe, and B. Jun (1999); T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami (2004); M. Rahman, B. Carbunar, and U. Topkara (2014); S. S. Manivannan and E. Sathiyamoorthy (2016); H. Lin, X. Zhu, Y. Fang, C. Zhang, and Z. Cao (2011); R. Manjusha and R. Ramachandran (2015); H. Lee, W. Kim, and J. Yoo (2015)) Sniffing, Data misuse by third party, Threats due to third party, Providing false trust credentials, SQL injection, CSRF, Traffic redirection, Malware, Privacy exposure, Session hijack, BDI, JTAG (-R), External device mis-bonding, Side-channel attack Weak/no WBAN-to-sink authentication, Varied off-body sink network dynamics, Third party encryption, More data logged than revealed, Application of similar security levels for different kinds of data, Sink broadcasts to cloud, TLS could be bypassed, Location-related information storage, Obtrusive authentication, Untrusted applications installed, Vulnerabilities of sink, Weak device-application bonding policies Cluster-based security, Proximity detection, Mutual authentication, Random challenge/ response, Network segmentation, Administration of backups, Dedicated onsite cloud, Careful policy inspection, Data protection, Context-based data security, Trust revocation, HTTPS with SSL, Network segmentation, Data compartmentalization, Symmetric encryption, Timestamps to obfuscate patterns, OS-level device-application bonding
PR (John et al., 2016; Wagner and Hall, 1998; Chuang, 2014b) Cryptanalytic attacks Noise/ redundancy in signals, Collection of geolocation and time-synchronized information, Time-variance of signals Matching-level fusion, Multi-factor authentication, Feature-level fusion, Attribute-based encryption, Case-based reasoning, Spectral analysis of signals
Table 3. Summary of class-wise WBS threats, attacks and defense mechanisms

5.2.1. Threats, Attacks and Defenses.

At the modality-level, WBS exhibit slight variations in attack surface than TBS. While direct attacks are possible in WBS too, they are not conducted using shoulder-surfing or spoofing of templates, since WBS employ passive authentication. Hence, such attacks are conducted at the system level (Class -). Collusion and coercion, however, are still prevalent techniques that employ social engineering skills to deceive a legitimate WBS into authenticating or identifying an attacker. A motion-based keystroke inference attack on smartphones was demonstrated by (Cai and Chen, 2012)

, where its feasibility was shown despite the influence of noise, device dimensions and screen orientation. Using Long Short-Term Memory (LSTM) deep neural networks, motion sensors of wearable wristbands like smartwatches could be used to infer keys typed by the owner on other devices like PC or cellphone keypad for spying

(Beltramelli, 2015).

5.2.2. - Threats, Attacks and Defenses.

This class of attacks target WBAN and the communication between WBAN and sink. Owing to stringent energy and resource limits, WBAN sensors transmit only useful information, and go through sleep and wakeup cycles to conserve energy, relaying messages through half-duplex wireless broadcasts. By virtue of this, direct attacks by eavesdropping are prevalent. Thorough network reconnaissance could make an external wireless node privy to signals being exchanged between sensors, and sometimes even between sensors and sink. Decoded signals could reveal sensitive information that could then be stolen by the adversary, or even modified to make sensors act anomalously, causing life-threatening behaviors. Sometimes, counterfeited sensors could be deployed into WBAN which are prone to jamming attack where a malicious node reduces availability by causing collision to each packet of interest (Wang et al., 2016), Sybil attack where a sensor node exhibits dynamic personality by falsely claiming the identities of other surrounding nodes within the same WBAN through impersonation (Newsome et al., 2004), or wormhole attack where a sensor node could trick other nodes in the network into thinking it is only a few hops away from them when in reality it could be otherwise, thereby not only confusing the routing algorithms, but also causing more energy and resource consumption (Karlof and Wagner, 2003). Counterfeited or compromised sensors could also be manipulated to conduct selective forwarding attacks, where the node intercepts only specific packets of data but not all, thus prompting re-transfer or restart of packets that in-turn drains energy (Bysani and Turuk, 2011). Most WBS use Bluetooth, WiFi, and ZigBee for communicating with their sinks (Austen, 2015). For higher performance and comfort, most commercial WBS transfer sensitive geolocation in clear text, which could be easily intercepted through brute-force attacks. Most WBAN-sink communications only employ sink-to-WBAN authentication to minimize the overhead on WBAN. However, this makes the entire communication link vulnerable to MITM and salami thefts, the latter of which steals small chunks of sensitive data unrecognizable individually but compromises over time. No work in literature has studied the effect of salami attack on WBS, but an assessment of salami attacks and ID thefts on IoT, a superset of WBS, was conducted by (in the Internet of Things, 2014).

A multi-point Fuzzy commitment scheme for key management using ECG was proposed, and its performance evaluated by augmenting Gray coding into its binary encoder and error correcting codes to fine-tune accuracy (Bui and Hatzinakos, 2008). A unique data scrambling approach using interpolation and random sampling was also applied instead of conventional symmetric cryptographic techniques. However, the practicality of this strategy in the presence of fading and distortions was only briefly addressed. Another energy-efficient key management and refresh scheme using multiple clusters was proposed, which used both predetermined as well randomly generated ECG keys for creating hybrid security (Ali and Khan, 2013). This technique is applicable better to WBANs than data scrambling. A more reliable and secure protocol for the inherent star topology of WBANs was proposed, termed as MBStar (Zhu et al., 2011), addressing the problem of long hyper-period communications required by TDMA in the MAC layer under varying schedule profiles by keeping a global hyper-period schedule on the gateway/sink side and assign node-specific local schedules with conflict resolution. It demonstrated co-existence functionalities with other standard protocols like Bluetooth, ZigBee and WiFi. A trust key management scheme for WBAN implemented using ECG utilizes ECG to generate symmetric session keys and manage them for end-to-end communication, also between sensors and sink (Mana et al., 2011). Some approaches advocate the separation of signal measurement and authentication in sensors, where a separate middle-entity called Guardian was proposed for the Implantable Medical Devices (IMDs) scenario to protect against jamming, direct attacks, selective forwarding, and brute-force search through techniques like defensive jamming (jamming sensors when communication link is jammed by an attacker) (Xu et al., 2011). Some defense methods consider non-Radio Frequency (RF) wireless data communication using Body Channel Communications (BCCs), where the human body is converted into a channel/medium to send messages, consuming power less than at rates greater than (Seyedi et al., 2015; Nie et al., 2015). Hyper-quiet network principles and network segmentation employ layered architecture for isolating network traffic based on the type of data to be transmitted, thereby lowering network congestion. Although encryption is the most sought solution in networks, it is an expensive feature for WBAN-sink communications, especially with WBAN. Traditional Public Key Infrastructure (PKI) use RSA, but other methods such as Elliptic Curve Cryptography (ECC) in conjunction with symmetric encryption have been proposed (Lee et al., 2014). In some cases, proximity detection can be used where the distance between WBAN and sink can ascertain whether the signal is fraudulent. However, simple proximity checking might not work in cases where wearables are designed to perform remote services. Hence, context-aware proximity checking is needed. Mutual authentication could also be used where wearable sensors and sink establish handshake to ensure secure communication channels using Physical Unclonable Function (PUF) that employs challenge-response methods to parry replay attacks (Lee et al., 2013), and an energy-aware mutual authentication by the use of hash and XOR operations over a star two-tiered topology (Ibrahim et al., 2016).

5.2.3. - Threats, Attacks, and Defenses.

This class targets the sink’s signal processing and computation units, cloud, and communication link between sink and cloud. While some WBS feature local storage and processing capabilities, still many others like Google Glass and Fitbit opt for cloud-based data storage and processing. Although loss of privacy and network impersonation attacks could be conducted when sink communicates with cloud, traffic redirection and Cross-Site Request Forgery (CSRF) attacks are also emergent (Zeller and Felten, 2008). A greater number of organizations adopt Bring Your Own Device (BYOD) policies, where multiple sinks can access similar services offered by the cloud (Kharpal, 2015). Multiple applications within a sink can also establish communication with the cloud, creating an environment vulnerable to sniffing or theft of legitimate information. WBS could use Software as a Service (SaaS) cloud platforms, which provide sleek front-end and monitoring features, pushing significant jobs like management, communication, computation, and storage to trusted third parties, thereby raising privacy concerns (200). Deceptive and ambiguous privacy policies trap users, allowing parties to sell information they collect to third party-managed databases which might not have strong information security protocols in place. Session hijacking attacks (cookie and session thefts, brute-force) that steal sensitive data flowing into the sink have also been studied (Ching and Singh, 2016). Some WBS applications in the sinks grant permissions to other apps for exchange or access to their information, which could pose a threat for BDI. Weak bonding policies between the sink and its apps could pose a significant threat, causing external device mis-bonding attack (DMB) (Naveed et al., 2014). Additionally, JTAG-Read (R) and boundary scan based attacks have been shown to access the memory of sinks, and allow adversaries to read the contents in its memory (Rahman et al., 2016). Side-channel attacks such as differential power attack that monitor the power consumption profile of the sink to steal secret keys have also been successfully conducted (Nahapetian, 2016; Maiti et al., 2015; Kocher et al., 1999; Martin et al., 2004).

Providing trust-based management for the transfer and storage of user-sensitive data is a viable addition to secure communication channels (Lin et al., 2011; Manjusha and Ramachandran, 2015), as it limits data sharing to between WBAN sensors which have a valid trust in each other. With trust revocation, the system maintains a time-variant dynamic trust model, generating flags when one of the sensors has failed to establish trust with any other sensor in the same network. When one sensor is compromised, the trust model altered as a consequence would flag an alert and island that sensor to avoid further compromise (Lee et al., 2015). Compartmentalization of wearable data has proven to be a good countermeasure against thefts and frauds (Someren, 2015). Designing wearable applications to store vital information in segregated, encrypted, application-specific chunks restricts data replication. Data protection makes sure critical applications run un-preempted, data is securely backed up and recoverable, and allows administrators to map data and information flow between WBANs, sinks and cloud without jeopardizing integrity and privacy (Wei, 2014; Duan and Canny, 2005). In defense to hijacking, BDI and JTAG-R, data communication and storage protocol using two pseudo-random numbers generated through symmetric and secret keys was proposed (Rahman et al., 2014), its implementation focused more on WBS where single-node WBAN and sink nodes are integrated into the same device. To counter DMB attacks, an OS-level protection method called Dabinder was proposed to enforce secure bonding policies whenever an app tried to establish Bluetooth connection or pair with the sink (Naveed et al., 2014).

5.2.4. Threats, Attacks and Defenses.

Most WBS today have feature extractor and matcher modules located in the same device: a separate sink, or wearable itself. Considering, WBS operate in noisy environments where other devices also communicate, signals are prone to noise and interference, which demand more processing from feature extractors and matchers (John et al., 2016). This is in contrast with TBS that operate in controlled environments. More computation resources increase attack surface, paving way for cryptanalytic attacks that target pseudorandom number generators used by encryption methods in WBS (Wagner and Hall, 1998). Acoustic key search, electromagnetic attacks, ciphertext, birthday, preimage, and key generation also come under this category.

Defending these attacks ranges from resetting sinks and erasing any trace of stored data, to more advanced methods that look at match-level fusion of signals to increase complexity of an attack to demotivate the adversary. Alternatively, extractor and matcher modules could be designed to function in frequency-domain. Since signals measured by wearables are time-variant, they could be directly correlated with owner’s activities. Transforming signals into frequency-domain and using spectral analyses to operate on the features could make inference less explicit. The viability of one-step two-factor authentication scheme was discussed for wearable biosensors in the contexts of keystroke, EEG, hand geometry, and hand gesture (Chuang, 2014b). Case-based reasoning could be used between extractor-matcher modules and other associated modules of the sinks.

Key Takeaway Points: The following are the key takeaway points from this section:

  1. The literature on threats, attacks and defenses for TBS and WBS can be modality () or Technology () attacks, where attacks can be System (), Pattern Recognition () or Hybrid () attacks for TBS, and could be - and - for WBS

  2. All the attacks discussed impact confidentiality, integrity and/or availability of the modality and/or template, and hence the privacy of users

  3. Physical attacks are harder to conduct on WBS than on TBS since the former employ passive authentication and are more complexly networked together

  4. Systemic security measures such as adversarial machine learning and game theory could be used to defensively learn adversary strategies and psychology before proactively resolving the attacks

  5. Most of the attacks that target TBS and WBS tend to indirectly affect their performance, especially factors like energy, network, and spectral efficiencies, and throughput/goodput, which establishes a strong coupling between security concerns and performance

  6. Modality characteristics determine the impact of attacks while performance metrics determine that of attacks. Security of TBS, on the other hand, depends on modality, sample measured, template, and feature matching/decision-making

6. Factors Contributing to WBS Design Solutions

Despite numerous WBS products already in the market and many more emerging, the design considerations for WBS is still an evolving subject of research. Many principles impacting WBS design have been identified:(Fynn, 2014; Rathore, 2015; Magpi, 2016; Chen et al., 2016)

  • Human interaction with WBS could be in four ways: audio, visual, tactile and haptic (Motti and Caine, 2014). These interaction modes, which form a fundamental aspect of WBS design solutions, are influenced by different parameters like cognitive ease, cognitive overload, intuitiveness, comprehension and perception

  • With the WBS required to be always online and support passive authentication and/or identification, the sensors generate ample amount of data over a given period of time. The WBS design must account for not just data acquisition, but appropriate data management- from sanitation, processing and storage to destruction. Some of the evaluation metric factors discussed earlier like accuracy, energy and network efficiencies, will play key roles in shaping WBS design with respect to its data handling requirements (Rathore, 2015)

  • Aesthetics have always been at the core of WBS, with designs catering to elegant, fashion-conscious models that are powerful as well as easily wearable (Chen et al., 2016). It is a significant consideration, since a good design for WBS is a proper balance between the technology’s intelligence and its appearance and user-friendliness

  • The different WBS modality characteristics surveyed in Section 3 impact WBS design. This is so, because every modality has its own properties (such as uniqueness, universality, permanence, acceptability and robustness against circumvention), requirements for measurement (such as collectibility, susceptibility to interference from external signals and ambient noise, and invasiveness) and constraints for processing and maintenance (such as security, reliability, mobility and variability). The heterogeneity between different modalities requires WBS design to be tweaked accordingly. For example, a WBS designed to work on EEG might not be a good design for EMG or PPG

  • As detailed in Section 4.2, different factors that impact WBS performance also contribute to their design considerations. Physiology, number and placement of sensors, environmental elements, and sensory heterogeneity affect the criteria for WBS designs

  • Performance of WBS can be impacted by attacks, which affect security design aspects:

    1. Attacks that delay or corrupt the data packets within WBAN or WBAN-Sink communication could affect throughput and goodput, an unchecked manipulation of which could result in faulted WBS that could even be life-threatening

    2. The class attacks have a strong coupling with the modality characteristics like reliability, security and circumvention. They impact confidentiality and integrity of sensitive data. Considering revoking biometrics is impossible (unless revocable technology is fused with the system), a successful compromise can impact the system performance and operations adversely

    3. DoS and other attacks that target the availability of data could drain the battery of WBS or trigger excessive usage of critical resources like network bandwidth, causing WBS to undergo preemptive shutdown that, in certain use-cases, could not only be disruptive to system operation but also be fatal to the owner

    4. It is known that WBS are sensitive to external noises, considering their energy and spectral efficiencies depend on them. However, jamming attacks distort the legitimate signals by adding noise to impact WBS performance

  • Many recent works have proposed novel WBS materials: stretchable silicon-based elastomers like polydimethylsiloxane or Ecoflex for substrates and metal-based conductors for electrodes (An et al., 2017). They exhibit properties like biocompatibility, stretchability, conductivity, malleability, ability to withstand strain and stress, and have a low failure rate

7. Open Research Challenges and Future Directions

WBS have proven their mettle in healthcare and fitness, but their security concerns in these domains as well as when considered solely for authentication and identification purposes have significant rooms for improvement (Darwish and Hassanien, 2011; Hänsel et al., 2015; Lymberis, 2003; Williams et al., 2016; Al-Janabi et al., 2017). Specifically, key open research areas in WBS are:

  • Evolving security scape: The increased adoption of IoE principles into WBS will continue to push boundaries in terms of signal processing, connectivity, data processing and management, measurement accuracy, convenience and aesthetics, but the constantly evolving nature of attacks will pose a significant and persistent threat to their tech-scape. Recently, the use of blockchain technology to store and analyze WBS data was explored to offer a personalized healthcare for customers (Lee, 2017). The approach used distributed ledger technology and machine learning to store and access data of users in a secure manner. More work is foreseen in areas that combine data analytics, cyber-physical security, and biometrics

  • Changes to business models: With cloud and edge-based decentralized data analytics becoming the norm for WBS, business models and intellectual property must be redefined to adapt and support the relevant advancements in this newly redefined environment. WBS are viewed as one of the first technologies that pave way for a customer-driven market where choices of end-consumers drive the industries

  • WBS Big Data: With increasing adoption of WBS by consumers, the number of sensors collectively generating data will increase. Considering a single user can have a WBAN of multiple sensors that are always online and ubiquitously churn new data periodically, significant advances to manage, process and analyze the wealth of raw information in a decentralized manner must be developed. The data thus generated will find multiple uses ranging from consumer analytics to business intelligence and personalization of services

  • Newer methods to leverage the power of emerging modalities such as voice, signature, iris and human interactions have recently been explored. Hand-worn devices such as smartwatches and fitness wear have been used to verify signatures and prevent frauds in the financial sector. A study used voice recognition to perform two-factor authentication on WBS (Burt, 2017). This technology generates speech embedded with a random code that a browser then plays. The signals are then captured by the WBS to perform authentication. Google recently patented an iris scanning contact lens that uses the light reflected by the iris to perform authentication (89). These technologies increase the likelihood that the traditionally used modalities will now be exploited to solve the emerging challenges of security and also not jeopardize user privacy and invasiveness

  • Revision to policies: With changes in business models, policymaking follows. With consumers demanding greater transparency, end-to-end analytics, peer-to-peer information exchange, localized privacy-aware processing, and much more, restructuring of policies and legislation will be inevitable

  • Social behavior and acceptance: WBS are still viewed as invasive technologies by a majority of consumers in the market. Hence, besides revisions to policies, social analytics and acceptance testing through controlled experiments, surveys, interviews, awareness and outreach must be conducted by the companies manufacturing WBS, thereby creating a pipeline to gather consumer information from WBS data for offering personalized services

7.1. WBS Datasets and Access

To further the future research in WBS, data acquisition from different biometric modalities is important. However, setting up devices, recruiting the right mix of participants, and gathering measurements is not an easy task. This is where online data repositories come into importance. These repositories include, but are not limited to, the UCI’s Machine Learning Repository, Kaggle, knowledge discovery in datasets, KDNuggets, Wiley online repository, and even research repositories such as the one hosted by the Biometrics Security Lab for the PPG datasets (Dheeru and Karra Taniskidou, 2017; Hatzinakos and Yadav, 2017; Izmailova et al., 2018).

Although medical professionals have been collecting biometric data over years through clinical trials, experiments, patient examinations and observations, the WBS have increased the rate of data acquisition and the types of data being collected. This opens emerging challenges such as data mining, minimizing signal-to-noise ratio, determining the length and persistence of data collection and storage, respectively, for effective analysis and diagnosis of associated health risks in case of fitness applications and being adaptive to potential consumer preference changes in case of applications of leisure (Report, 2015). The lack of proper standardization to ensure data consistency, trust, and integrity in interpretation and analysis is a challenge to gain insights from WBS datasets.

One of the key research gaps identified in (Newark, 2016) is obtaining intelligence for diagnosis from raw WBS data without the involvement of human agents to manually parse and contextualize. Legal, ethical, administrative and technical concerns have been identified as barriers to widespread use of third party data collected by the above sources. The report also identifies the NIST Biometric & Forensic Research Database Catalog that serves as a central repository for publicly available biometric and forensic datasets (155). Collaborative efforts by the U.S. Military Academy and the Defense Advanced Research Projects Agency (DARPA) have also enabled the process of biometric data measurement and collection, followed by dissemination. Wearable data acquisition and/or access is still an emerging research problem with significant administrative, ethical, legal, and technical implications that must be sorted out.

8. Conclusion

One of the important underpinning inferences visible from the emerging research in the area of WBS is that their operational dynamics are different from those of TBS which have been available in the market for a long time. Although the research community is aware of the key differences between the two systems, the factors that contribute to these differences are not well researched, summarized or discussed. To bridge this gap among the recent works of literature, this paper conducts a comprehensive survey on three distinct but interdependent aspects of biometric systems: the characteristics of modalities they use, the metrics used to evaluate their system performance, and their security and privacy. Initially, to help appreciate the differences between TBS and WBS, the paper reviews and contrasts the above three aspects for both types of biometric systems with equal emphasis. However, given the future research is geared more towards the security and privacy concerns of WBS, the paper highlights how the design solutions to enhance security and privacy are impacted by WBS modality characteristics and performance factors. Thereby, the survey is aimed at not only summarizing, but also using the surveyed results to contribute to the literature a clear understanding of the differences between TBS and WBS, advancements in WBS technology and research, and the factors that impact their security and privacy design. It is inferred that most modalities considered invasive in TBS could be powerful in the wearable environment. WBS require additional metrics to measure their performance owing to their ubiquitous nature, and the landscape of security is often different from that of TBS. In the end, open research challenges and future directions for research in biometric systems was briefly discussed.

References

  • F. Abdullayeva, Y. Imamverdiyev, V. Musayev, and J. Wayman (2009) Analysis of security vulnerabilities in biometric systems. Danish Biometrics Technical Report Danish Biometrics. Note: Archived Cited by: §5, §5.
  • A. Abhyankar, S. Kulkarni, R. Talware, and S. Schuckers (2010) One time biometric transform to secure biometric templates. In 2nd International Conference on Computer and Automation Engineering, External Links: Document Cited by: §5.1.2, Table 2.
  • [3] (2016) Accuracy in biometric wearables. A Valencell Report Valencell, Inc.. Cited by: item 4.
  • A. Adler, R. Youmaran, and S. Loyka (2009) Towards a measure of biometric feature information. Pattern Analysis and Applications 12 (3). External Links: Document Cited by: §5.1.3, Table 2.
  • A. Adlerr (2008) Biometric system security. In Handbook of Biometrics, pp. 381–402. Cited by: §5.1.
  • Z. Akhtar, G. Fumera, G. L. Marcialis, and F. Roli (2012) Evaluation of multimodal biometric score fusion rules under spoof attacks. In IAPR International Conference on Biometrics, External Links: Document Cited by: §5.1.3, Table 2.
  • N. Akhter, S. Tharewal, V. Kale, A. Bhalerao, and K. V. Kale (2016) Heart-based biometrics and possible use of heart rate variability in biometric recognition systems. edition, , Vol. , Springer, . Note: External Links: Document Cited by: §2.1.
  • S. Al-Janabi, I. Al-Shourbaji, M. Shojafar, and S. Shamshirband (2017) Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications. Egyptian Informatics Journal. External Links: Document Cited by: §7.
  • M. R. Al-Mulla and F. Speulveda (2014) Novel pseudo-wavelet function for mmg signal extraction during dynamic fatiguing contractions. MDPI Sensors 14. External Links: Document Cited by: §2.1.
  • A. O. Alaswad, A. H. Montaser, and F. E. Mohamad (2014) An overview of face liveness detection. International Journal of Information & Computation Technology 4 (10). Cited by: §5.1.4, Table 2.
  • A. Ali and F. A. Khan (2013) Energy-efficient cluster-based security mechanism for intra-wban and inter-wban communications for healthcare applications. EURASIP Journal on Wireless Communications and Networking. Cited by: §5.2.2, Table 3.
  • M. L. Ali, J. V. Monaco, C. C. Tappert, and M. Qiu (2016) Keystroke biometric systems for user authentication. Journal of Signal Processing Systems 86. External Links: Document, Link Cited by: §3.
  • B. W. An, J. H. Shin, S. Kim, J. Kim, S. Ji, J. Park, Y. Lee, J. Jang, Y. Park, S. J. Eunjin Cho, and J. Park (2017) Smart sensor systems for wearable electronic devices. MDPI Polymers. External Links: Document Cited by: 7th item.
  • Anderson (2017) Cited by: §2.1.
  • S. Angle, R. Bhagtani, and H. Chheda (2008) Biometrics: a further echelon of security. Cited by: §1.
  • Arxan (2014) Precision wearable biometrics provider, valencell, selects arxan to protect intellectual property. Case Study Valencell. Cited by: §4.2.
  • K. Austen (2015) The trouble with wearables. In Nature, Cited by: §5.2.2, Table 3.
  • M. Awais, L. Palmerini, A. K. Bourke, E. A. F. Ihlen, J. L. Helbostad, and L. Chiari (2016) Performance evaluation of state of the art systems for physical activity classification of older subjects using inertial sensors in a real life scenario: a benchmark study. MDPI Sensors. External Links: Document Cited by: §4.2.
  • A. Babich (2012) Biometric authentication. types of biometric identifiers.. Master’s Thesis, Business and Information Technology. Cited by: §3.
  • L. Ballard, S. Kamara, M. K. Reiter, and F. Monrose (2008) Towards practical biometric key generation with randomized biometric templates. CCS. External Links: Document Cited by: §5.1.3, Table 2.
  • T. Beltramelli (2015)

    Deep-spying: spying using smartwatch and deep learning

    .
    Master’s Thesis. Cited by: §5.2.1, Table 3.
  • L. Berglin (2011) Smart textiles and wearable technology – a study of smart textiles in fashion and clothing. The Swedish School of Textiles Technical Report The Swedish School of Textiles. Cited by: 1st item.
  • M. V. Bhalerao, S. S. Sonavane, and V. Kumar (2013) A survey of wireless communication using visible light. International Journal of Advances in Engineering & Technology 5 (2). Cited by: 8th item.
  • A. M. Bianchi, O. P. Villantieri, M. O. Mendez, and S. Cerutti (2006) Signal processing and feature extraction for sleep evaluation in wearable devices. In Proceedings of the 28th IEEE EMBS Annual International Conference, External Links: Document Cited by: §2.2.
  • B. Biggio, G. Fumera, P. Russu, L. Didaci, and F. Roli (2015) Adversarial biometric recognition : a review on biometric system security from the adversarial machine-learning perspective. IEEE Signal Processing Magazine 32. External Links: Document Cited by: §5.
  • J. Blasco, T. M. Chen, J. Tapiador, and P. Peris-Lopez (2016) A survey of wearable biometric recognition systems. ACM Computing Surveys 49 (3). External Links: Document Cited by: §2.2.
  • P. Bonato (2005) Advances in wearable technology and applications in physical medicine and rehabilitation. Journal of Neuro-Engineering and Rehabilitation 2 (3). External Links: Document Cited by: §2.
  • N. Boodoo-Jahangeer and S. Baichoo (2014) Choice of biometrics. In IST-Africa 2014 Conference Proceedings, External Links: Document Cited by: §3.
  • X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith (2005) Secure remote authentication using biometric data. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 147–163. External Links: Document Cited by: §1.
  • F. M. Bui and D. Hatzinakos (2008) Biometric methods for secure communications in body sensor networks: resource-efficient key management and signal-level data scrambling. EURASIP Journal on Advances in Signal Processing. External Links: Document Cited by: §5.2.2, Table 3.
  • C. Burt (2017) Researchers authenticate handwritten signatures with wearables. Biometric Update Online Article Biometric Update. External Links: Link Cited by: 4th item.
  • C. Busch (2017) The iso/iec standards for testing of presentation attack detection. Technical report TTT Working Group Biometrics. Cited by: §5.1.1, Table 2.
  • L. K. Bysani and A. K. Turuk (2011) A survey on selective forwarding attack in wireless sensor networks. In International Conference on Devices and Communications, External Links: Document Cited by: §5.2.2, Table 3.
  • L. Cai and H. Chen (2012) On the practicality of motion based keystroke inference attack. In International Conference on Trust and Trustworthy Computing, External Links: Document Cited by: §5.2.1, Table 3.
  • F. Casamassima, E. Farella, and L. Benini (2013) Synchronization methods for bluetooth based wbans. In IEEE International Conference on Body Sensor Networks, External Links: Document Cited by: 7th item.
  • S. Chakraborty and S. Pal (2016) Photoplethysmogram signal based biometric recognition using linear discriminant classifier. In 2nd International Conference on Control, Instrumentation, Energy & Communication (CIEC), External Links: Document Cited by: §2.1.
  • S. Chakraborty and D. Das (2014) An overview of face liveness detection. International Journal on Information Theory (IJIT) 3 (2). Cited by: §5.1.1, Table 2.
  • Y. Chang, W. Zhang, and T. Chen (2004) Biometrics-based cryptographic key generation. In IEEE International Conference on Multimedia and Expo, Cited by: §5.1.2, Table 2.
  • H. Chen, Chien-Hsu, ChenZheng-Yu, and H. Yin (2016) Ergonomic consideration for wearable device design in frozen shoulder rehabilitation. Advances in Intelligent Systems and Computing. External Links: Document Cited by: 3rd item, §6.
  • K. W. Ching and M. M. Singh (2016) Wearable technology devices security and privacy vulnerability analysis. International Journal of Network Security & Its Applications. External Links: Document Cited by: §5.2.3, Table 3.
  • J. Chuang (2014a) One-step two-factor authentication with wearable bio-sensors. In Symposium on Usable Privacy and Security (SOUPS), Cited by: §2.1.
  • J. Chuang (2014b) One-step two-factor authentication with wearable bio-sensors. In CMU Report, Cited by: §5.2.4, Table 3.
  • C. Cornelius, Z. Marois, J. Sorber, R. Peterson, S. Mare, and D. Kotz (2012) Passive biometrics for pervasive wearable devices (poster paper). In Workshop on Mobile Computing Systems and Applications (HotMobile), pp. 1. Cited by: §2.1.
  • C. Cornelius, Z. Marois, J. Sorber, R. Peterson, S. Mare, and D. Kotz (2014a) Vocal resonance as a passive biometric. Computer Science Technical Report Series Technical Report 1, Dartmouth College. Cited by: item 4.
  • C. Cornelius, R. Peterson, J. Skinner, R. Halter, and D. Kotz (2014b) A wearable system that knows who wears it. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications and Services, pp. 55–67. External Links: Document Cited by: §3.
  • J. Cui, J. Li, and X. Lu (2008) Study on multi-biometric feature fusion and recognition model. In International Conference on Apperceiving Computing and Intelligence Analysis, External Links: Document Cited by: §5.1.3, Table 2.
  • A. Darwish and A. E. Hassanien (2011) Wearable and implantable wireless sensor network solutions for healthcare monitoring. MDPI Sensors 11. External Links: Document Cited by: §2.1, §7.
  • S. M. Darwish (2016) Design of adaptive biometric gait recognition algorithm with free walking directions. IET Biometrics journal. External Links: Document Cited by: §2.1.
  • B. DeCann and A. Ross (2013) Relating roc and cmc curves via the biometric menagerie. In IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems, External Links: Document Cited by: §4.1.
  • A. Delehante (2011) Security issues in biometric identification. In University of Minnesota Computer Science Spring Seminar, Cited by: §5.1.
  • D. Dheeru and E. Karra Taniskidou (2017) UCI machine learning repository. University of California, Irvine, School of Information and Computer Sciences. External Links: Link Cited by: §7.1.
  • M. Dorn, P. Wackersreuther, and C. Bohm (2012) Efficient comparison of encrypted biometric templates. Cited by: §5.1.2, Table 2.
  • Y. Duan and J. Canny (2005) Protecting user data in ubiquitous computing: towards trustworthy environments. Privacy Enhancing Technologies 3424. External Links: Document Cited by: §5.2.3, Table 3.
  • M. El-Abed, R. Giot, B. Hemery, J. Schwartzmann, and C. Rosenberger (2012) Towards the security evaluation of biometric authentication systems. International Journal of Engineering and Technology 4. Cited by: §5.1.
  • M. El-Abed and C. Charrier (2012) Evaluation of biometric systems. In New Trends and Developments in Biometrics, pp. 149–169. External Links: Document Cited by: §4.1.
  • J. Elias and A. Mehaoua (2012) Energy-aware topology design for wireless body area networks. In IEEE International Conference on Communications, External Links: Document Cited by: §2.1.
  • N. Erdogmus and S. Marcel (2014)

    Spoofing face recognition with 3d masks

    .
    IEEE Transactions on Information Forensics and Security. External Links: Document Cited by: §5.1.1, Table 2.
  • C. Eschbach (Valencell White Paper) Validation and reliability of performtek earbud heart rate sensor utilizing 12 lead ecg. Valencell White Paper Valencell. Cited by: 3rd item.
  • L. C. Eschbach, S. Long, B. Stillwaggon, and J. A. Bunn (Valencell White Paper) Applicability of a forearm-based biometric sensor for measuring heartrate during exercise. Valencell White Paper Valencell. Cited by: 3rd item.
  • M. Esmalifalak, Z. H. Ge Shi, and L. Song (2013) Bad data injection attack and defense in electricity market using game theory study. IEEE Transactions on Smart Grid 4 (1). Cited by: §5.1.2, Table 2.
  • J. Espina (2014) Network topologies, communication protocols, and standards. 2nd. edition, Springer-Verlag, London. External Links: Document Cited by: §2.
  • B. Fernandez-Saavedra, R. Sanchez-Reillo, J. Liu-Jimenez, and O. Miguel-Hurtado (2013) Evaluation of biometric system performance in the context of common criteria. Journal of Information Sciences: an International Journal. External Links: Document Cited by: §4.1.
  • L. Filipe, F. Fdez-Riverola, N. Costa, and A. Pereira (2015) Wireless body area networks for healthcare applications: protocol stack review. International Journal of Distributed Sensor Networks. External Links: Document Cited by: §2.1, §2.1.
  • S. Fynn (2014) 10 considerations for making wearable devices more wearable. External Links: Link Cited by: §6.
  • D. Gafurov, E. Snekkenes, and P. Bours (2007) Gait authentication and identification using wearable accelerometer sensor. In IEEE Workshop on Automatic Identification Advanced Technologies, External Links: Document Cited by: §2.1.
  • J. Galbally, J. Fierrez, and J. Ortega-Garcia (2007) Vulnerabilities in biometric systems: attacks and recent advances in liveness detection. In Spanish Workshop on Biometrics, Spain. Cited by: §5.1.1, Table 2.
  • J. Galbally, M. Gomez-Barrero, A. Ross, J. Fierrez, and J. Ortega-Garcia (2014) Securing iris recognition systems against masquerade attacks. In Biometric and Surveillance Technology for Human and Activity Identification Proceedings of SPIE, Vol. 8172, London. External Links: Document Cited by: §5.1.1, Table 2.
  • J. Galbally, C. McCool, J. Fierrez, S. Marcel, and J. Ortega-Garcia (2010) On the vulnerability of face verification systems to hill-climbing attacks. Pattern Recognition 43 (3). External Links: Document Cited by: §5.1.4, Table 2.
  • R. Giot, M. El-Abed, and C. Rosenberger (2013) Fast computation of the performance evaluation of biometric systems: application to multibiometrics. Future Generation Computer Systems. External Links: Document Cited by: §4.1.
  • I. Goicoechea-Telleria, B. Fernandez-Saavedra, J. Liu-Jimenez, and R. Sanchez-Reillo (2016) An evaluation of presentation attack detection of fingerprint biometric systems applying iso/iec 30107-3. In International Biometric Performance Conference, Gaithesburg, MD. Cited by: §5.1.1, Table 2.
  • A. Goldschmidt (2016) Intercept-replay attack vulnerabilities and mitigation strategies. ECE Senior Capstone Project 2016 Tech Notes Tufts University. Cited by: §5.1.4, Table 2.
  • M. Gomez-Barrero, J. Galbally, P. Tome, and J. Fierrez (2012)

    On the vulnerability of iris-based systems to a software attack based on a genetic algorithm

    .
    In CIARP, London, pp. 114–121. Cited by: §5.1.1, Table 2.
  • D. O. Gorodnichy (2009) Evolution and evaluation of biometric systems. In IEEE Symposium on Computational Intelligence for Security and Defense Applications, External Links: Document Cited by: §4.1.
  • M. Hanmandlu, J. Grover, A. Gureja, and H. M. Gupta (2011) Score-level fusion of multimodal biometrics using triangular norms. Pattern Recognition Letters. Cited by: §5.1.4, Table 2.
  • K. Hänsel, N. Wilde, H. Haddadi, and A. Alomainy (2015) Challenges with current wearable technology in monitoring health data and providing positive behavioural support. In Proceedings of the 5th EAI International Conference on Wireless Mobile Communication and Healthcare, External Links: Document Cited by: §7.
  • D. Hatzinakos and U. Yadav (2017) BioSec.lab ppg dataset - benchmark dataset for ppg biometrics. Biometrics Security Lab. External Links: Link Cited by: §7.1.
  • S. Haykin (2005) Cognitive radio: brain-empowered wireless communications. IEEE Journal on Selected Areas in Communications 23 (2). External Links: Document Cited by: 8th item.
  • M. He, S. Horngg, P. Fan, R. Run, R. Chen, J. Lai, M. K. Khan, and K. O. Sentosa (2010) Performance evaluation of score level fusion in multimodal biometric systems. Pattern Recognition. Cited by: §5.1.4, Table 2.
  • [79] (2014) Health wearables: early days. PwC Report PwC. Cited by: §4.2.
  • W. R. Heinzelman, A. Chandrakasan, and H. Balakrishnan (2000) Energy-efficient communication protocol for wireless microsensor networks. In Proceedings of the Hawaii International Conference on System Sciences, External Links: Document Cited by: §2.1, 7th item.
  • C. Hill (2015) Wearables – the future of biometric technology?. Online Magazine Technical Report 8, Biometric Technology Today. Cited by: 2nd item.
  • E. Hossain, M. Rasti, H. Tabassum, and A. Abdelnasser (2014) Evolution toward 5g-multi-tier cellular wireless networks: an interference management perspective. IEEE Wireless Communications. External Links: Document Cited by: 8th item.
  • M. H. Ibrahim, S. Kumari, A. K. Das, M. Wazid, and V. Odelu (2016) Secure anonymous mutual authentication for star two-tier wireless body area networks. Computer Methods and Programs in Biomedicine. External Links: Document Cited by: §5.2.2, Table 3.
  • [84] (2012) IEEE standard for local and metropolitan area networks—part 15.6: wireless body area networks. ieee standards association std, 802.15.6. IEEE Computer Society. Cited by: §2.1.
  • [85] (2016) IEEE standard for low-rate wireless networks standard 802.15.4n: amendment 1: physical layer utilizing china medical bands. IEEE Standards Association. Cited by: §2.1.
  • [86] (2016) IEEE standard for low-rate wireless networks standard 802.15.4q: amendment 2: ultra-low power physical layer. 2 edition, IEEE Standards Association. Cited by: §2.1.
  • [87] (2015) IEEE standard for low-rate wireless networks: ieee standards association revision of ieee std. 802.15.4-2011. IEEE Computer Society. Cited by: §2.1.
  • A. I. T. in the Internet of Things (2014) IT convergence practice (inpra). In Nature, Vol. 2, pp. 15–21. Cited by: §5.2.2, Table 3.
  • [89] (2015) Iris-scanning contact lens patented by google. Technical report External Links: Link Cited by: 4th item.
  • ISO-IEC (2016) Information technology – biometric presentation attack detection part 1: framework. ISO Standard for Biometric Presentation Attack Detection ISO/IEC 30107-1:2016. Cited by: §5.1.1, Table 2.
  • ISO-IEC (2017) Information technology – biometric presentation attack detection part 3: testing and reporting. ISO Standard for Biometric PAD ISO/IEC 30107-3:2017. Cited by: §5.1.1, Table 2.
  • E. S. Izmailova, J. A. Wagner, and E. D. Perakslis (2018) Wearable devices in clinical trials: hype and hypothesis. Journal of American Society of Clinical Pharmacology and Therapeutics 104 (1). External Links: Document Cited by: §7.1.
  • A. K. Jain, K. Nandakumar, and A. Nagar (2008) Biometric template security: review article. EURASIP Journal on Advances in Signal Processing. External Links: Document Cited by: §5.1.2, Table 2.
  • A. K. Jain, A. Ross, and U. Uludag (2005) Biometric template security: challenges and solutions. In 13th European Signal Processing Conference, Cited by: §5.1.2, Table 2.
  • P. P. Jain (2003) Biometric recognition: security and privacy concerns. IEEE Computer Society. Cited by: §5.1.1, Table 2.
  • A. K. John, A. A. M., and E. Chinnasa (2016) Temperament and mood detection using case-based reasoning. International Journal of Intelligent Systems and Applications 3. External Links: Document Cited by: §5.2.4, Table 3.
  • A. Juels and M. Sudan (2002) A fuzzy vault scheme. Cited by: §5.1.3, Table 2.
  • A. Juels and M. Wattenberg (1998) A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Society, pp. 28–36. External Links: Document Cited by: §1.
  • C. Karlof and D. Wagner (2003) Secure routing in wireless sensor networks: attacks and countermeasures. In IEEE International Workshop on Sensor Network Protocols and Applications, External Links: Document Cited by: §5.2.2, Table 3.
  • M. Kaur, Dr. S. Sofat, and D. Saraswat (2010) Template and database security in biometric systems: a challenging task. International Journal of Computer Applications 4 (5). Cited by: §5.1.2, Table 2.
  • E. T. Khalaf and N. Sulaiman (2015) A new secure storing system for biometric templates based encryption and concealment. Journal of Applied Sciences. External Links: Document Cited by: §5.1.2, Table 2.
  • A. Kharpal (2015) Biggest hacking threat to business? wearables. Technical Web Report CNBC. Cited by: §5.2.3, Table 3.
  • S. Khatarkar and R. Kamble (2013) Wireless sensor network mac protocol: smac & tmac. Indian Journal of Computer Science & Engineering 4 (4). Cited by: §2.1.
  • P. Kocher, J. Jaffe, and B. Jun (1999) Differential power analysis. In Advances in Cryptology, Cited by: §5.2.3, Table 3.
  • M. Kos and I. Kramberger (2017) A wearable device and system for movement and biometric data acquisition for sports applications. IEEE Access. External Links: Document Cited by: 2nd item.
  • N. Kunju, N. Kumar, D. Pankaj, A. Dhawan, and A. Kumar (2009) EMG signal analysis for identifying walking patterns of normal healthy individuals. Indian Journal of Biomechanics: Special Issue. Cited by: item 3.
  • M. Lafikh, P. Lacharme, C. Rosenberger, M. Mikram, and S. Ghouzali (2015) Vulnerabilities of fuzzy vault schemes using biometric data with traces. In International Wireless Communications and Mobile Computing Conference, External Links: Document Cited by: §5.1.3, Table 2.
  • B. Latre, B. Braem, I. Moerman, C. Blondia, and P. Demeester (2010) A survey on wireless body area networks. Journal of Wireless Networks 17 (1). External Links: Document Cited by: §2.
  • S. Leboeuf (2016) Medical active signal characterization boosts accuracy of wearables. Sensors Online Article Valencell, Inc.. Cited by: item 4.
  • S. F. Leboeuf, M. E. Aumera, W. E. Kraus, J. L. Johnson, and B. Duscha (2014) Earbud-based sensor for the assessment of energy expenditure, hr, and vo2max. Medicine & Science in Sports & Exercise 46 (5). External Links: Document Cited by: 3rd item.
  • S. F. LeBoeuf, J. B. Tucker, M. E. Aumer, E. D. Romesburg, and J. N. Morris (2014) Apparatus and methods for monitoring physiological data during environmental interference. Patent United States Patent Application Publication Number US 8,888,701 B2. Cited by: §4.2.
  • D. Ledger and D. McCaffrey (Endeavor Partners LLC Technical White Paper Report) Inside wearables: how the science of human behavior change offers the secret to long-term engagement. Endeavor Partners LLC Technical White Paper Report Endeavor Partners LLC. Cited by: §2.
  • A. Lee and Y. Kim (2015) Photoplethysmography as a form of biometric authentication. IEEE Sensors. External Links: Document Cited by: §2.1.
  • H. Lee, W. Kim, and J. Yoo (2015) Wearable devices’ security risk analysis and its countermeasures: korean cases. International Journal of Innovative Science, Engineering & Technology 2 (7). Cited by: §5.2.3, Table 3.
  • J. Lee (2015) External Links: Link Cited by: 1st item.
  • J. Lee (2017) University of surrey testing blockchain for wearable biometric data storage and analysis. Biometric Update Online Article Biometric Update. External Links: Link Cited by: 1st item.
  • Y. S. Lee, E. Alasaarela, and H. J. Lee (2014) An efficient encryption scheme using elliptic curve cryptography (ecc) with symmetric algorithm for healthcare system. International Journal of Security and its Applications. External Links: Document Cited by: §5.2.2, Table 3.
  • Y. S. Lee, H. J. Lee, and E. Alasaarela (2013) Mutual authentication in wireless body sensor networks (wbsn) based on physical unclonable function (puf). In 9th International Wireless Communications and Mobile Computing Conference, External Links: Document Cited by: §5.2.2, Table 3.
  • D. C. Leonard, A. Pons, and S. Asfour (2009) Realization of a universal patient identifier through biometric technology. IEEE Transactions of Biomedicine 13 (4). Cited by: 6th item.
  • V. Leonov, P. Fiorini, S. Sedky, T. Torfs, and C. V. Hoof (2005) Thermoelectric mems generators as a power supply for a body area network. In 13th International Conference on Solid-State Sensors, Actuators and Microsystems, External Links: Document Cited by: §2.1.
  • M. Li and M. Zhuang (2012) An overview of physical layers on wireless body area network. In International Conference on Anti-Counterfeiting, Security and Identification, External Links: Document Cited by: §2.1.
  • M. Lim and P. C. Yuen (2016) Entropy measurement for biometric verification systems. IEEE Transactions on Cybernetics 46 (5). External Links: Document Cited by: §5.1.3, Table 2.
  • H. Lin, X. Zhu, Y. Fang, C. Zhang, and Z. Cao (2011) Efficient trust based information sharing schemes over distributed collaborative networks. In Military Communications Conference – Track 3 – Cyber Security and Network Operations, pp. 1399–1403. External Links: Document Cited by: §5.2.3, Table 3.
  • M. Lont (2014) Wake-up receiver based ultra-low-power wban. External Links: Document Cited by: §2.1.
  • P. Lorwongtragool, E. Sowade, N. Watthanawisuth, R. R. Baumann, and T. Kerdcharoen (2014) A novel wearable electronic nose for healthcare based on flexible printed chemical sensor array. MDPI Sensors 14. External Links: Document Cited by: §2.1.
  • A. Lymberis (2003) Smart wearable systems for personalised health management: current r&d and future challenges. In Proceedings of the 25th Annual International Conference of the IEEE EMBS, Cited by: §7.
  • [127] (2007) M1.4 ad hoc group on biometric in e-authentication. Study Report on Biometrics in E-Authentication International Committee for Information Technology Standards (ICITS). Cited by: §5.1.2, Table 2.
  • M. Mackinlay (2013) Phases of accuracy diagnosis: (in) visibility of system status in the fitbit. Intersect Stanford University Journals 6 (2). Cited by: §2.
  • Magpi (2016) Big data and health. Technical Magazine Magpi. Cited by: §6.
  • E. Maiorana, G. E. Hine, and P. Campisi (2015) Hill-climbing attacks on multibiometrics recognition systems. IEEE Transactions on Information Forensics and Security. External Links: Document Cited by: §5.1.4, Table 2.
  • A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic (2015) (Smart)watch your taps: side-channel keystroke inference attacks using smartwatches. In ISWC, Cited by: §5.2.3, Table 3.
  • A. S. Makinde, Y. Nkansah-Gyekye, and L. S. Laizer (2014) Enhancing the accuracy of biometric feature extraction fusion using gabor filter and mahalanobis distance algorithm. International Journal of Computer Science and Information Security 12 (7). Cited by: §5.1.3, Table 2.
  • M. Mana, M. Feham, and B. A. Bensaber (2011) Trust key management scheme for wireless body area networks. International Journal of Network Security 12 (2). Cited by: §5.2.2, Table 3.
  • S. S. Manivannan and E. Sathiyamoorthy (2016) Preventing health care web applications from session hijack attacks using session key authentication and distributed session id. ARPN Journal of Engineering and Applied Sciences. Cited by: Table 3.
  • R. Manjusha and R. Ramachandran (2015) Sharing data in cloud based on trust attribute based encryption (tabe). ARPN Journal of Engineering and Applied Sciences 10 (9). External Links: Document Cited by: §5.2.3, Table 3.
  • S. Marinkovic, E. Popovici, and E. Jovanov (2012) Improving power efficiency in wban communication using wake up methods. In International Conference on Wireless Mobile Communication and Healthcare, pp. 303–317. External Links: Document Cited by: 7th item.
  • T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami (2004) Denial-of-service attacks on battery-powered mobile computers. In Second IEEE International Conference on Pervasive Computing and Communications, Cited by: §5.2.3, Table 3.
  • I. Martin-Diaz, D. Morinigo-Sotelo, O. Duque-Perez, and R. D. J. Romero-Troncoso (2016) Advances in classifier evaluation: novel insights for an electric data-driven motor diagnosis. IEEE Access 4. External Links: Document Cited by: item 6, §5.1.4, Table 2.
  • G. Mehta, M. K. Dutta, and P. S. Kim (2016) A secure encryption method for biometric templates based on chaotic theory. Transactions on Computational Science XXVII. External Links: Document Cited by: §5.1.2, Table 2.
  • A. Mitra, S. Bisht, and V. Ranjan (2002) Voice based biometric security system. Student project report Technical Report , , . Note: Cited by: §2.1.
  • J. Montes (2015) Validation and reliability of the hexoskin and fitbit wearable bio collection devices. Master’s Thesis, UNLV. Cited by: §2.
  • [142] (2013) MOTOACTV user manual. Motorola Global Portal Archives Motorola. Cited by: §2.
  • V. G. Motti and K. Caine (2014) Human factors considerations in the design of wearable devices. In Proceedings of the Human Factors and Ergonomics Society 58th Annual Meeting, Cited by: 1st item.
  • [144] (2014) Muse technical specification sheet. InteraXon Technical Report InteraXon. Note: Retrieved from http://www.choosemuse.com Cited by: 1st item.
  • J. M. Myerson (2012) What is new? data security management. AAuerbach Publications, CRC Press, LLC. CRC Press, LLC.. Cited by: 1st item.
  • D. H. Nabil, B. Karima, K. Mouloud, and B. Ahmed (2013) Threat models on biometri systems: a comparative study. In Fourth International Conference on Computational Aspects of Social Networks, External Links: Document Cited by: §5.1.
  • A. Nagar, K. Nandakumar, and A. K. Jain (2010) Biometric template transformation: a security analysis. In Proceedings of SPIE 7541, Media Forensics and Security II, External Links: Document Cited by: §5.1.3, Table 2.
  • A. Nahapetian (2016) Side-channel attacks on mobile and wearable systems. In 13th IEEE Annual Consumer Communications & Networking Conference, Cited by: §5.2.3, Table 3.
  • B. Nassi, A. Levy, Y. Elovici, and E. Shmueli (2016) Handwritten signature verification using hand-worn devices. arXiv. External Links: Document Cited by: item 8.
  • M. Naveed, X. Zhou, S. Demetriou, X. Wang, and C. A. Gunter (2014) Inside job: understanding and mitigating the threat to external device mis-bonding on android. Internet Society. Cited by: §5.2.3, §5.2.3, Table 3.
  • J. A. Nelder and R. Mead (1965) A simplex method for function minimization. Journal of Computation. Cited by: §5.1.4, Table 2.
  • C. Newark (2016) Trends in biometric data collections. Technical report External Links: Link Cited by: §7.1.
  • J. Newsome, E. Shi, D. Song, and A. Perrig (2004) The sybil attack in sensor networks: analysis & defenses. In Third International Symposium on Information Processing in Sensor Networks, External Links: Document Cited by: §5.2.2, Table 3.
  • Z. Nie, Y. Liu, C. Duan, Z. Ruan, J. Li, and L. Wang (2015) Wearable biometric authentication based on human body communication. In 12th International Conference on Wearable and Implantable Body Sensor Networks, External Links: Document Cited by: §5.2.2, Table 3.
  • [155] (2018) NIST biometric and forensic research database catalog. External Links: Link Cited by: §7.1.
  • [156] (2001-03)(Website) External Links: Link Cited by: 1st item, §2.
  • I. U. Ohaeri, M. Esifarienrhe, and N. Gasela (2005) Multimodal biometrics as attacks measure in biometric systems. In International Conference in Wireless Networks, Cited by: §5.1.3, Table 2.
  • A. Page, S. Pramod, T. Oates, and T. Mohsenin (2015) An ultra low power feature extraction and classification system for wearable seizure detection. In 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society, External Links: Document Cited by: §2.2.
  • P. Paillier (PEM: Privacy-Enhanced Mail) Paillier encryption and signature schemes. PEM: Privacy-Enhanced Mail Cited by: §5.1.2, Table 2.
  • T. Parker, G. Halkes, M. Bezemer, and K. Langendoen (2010) The λmac framework: redefining mac protocols for wireless sensor networks. Wireless Networks 16 (7). External Links: Document Cited by: §2.1.
  • I. Parvez, M. Jamei, A. Sundararajan, and A. I. Sarwat (2014) RSS based loop-free compass routing protocol for data communication in advanced metering infrastructure (ami) of smart grid. In IEEE Symposium Series on Computational Intelligence, External Links: Document Cited by: §5.1.
  • G. Peng, G. Zhou, D. T. Nguyen, X. Qi, Q. Yang, and S. Wang (2017) Continuous authentication with touch behavioral biometrics and voice on wearable glasses. IEEE Transactions on Human-Machine Systems 47 (3), pp. 404–416. External Links: Document, ISSN 2168-2291 Cited by: 1st item.
  • [163] (2013) Performtek precision biometrics. Valencell White Paper Valencell. Cited by: §2.3.
  • N. Poh, C. H. Chan, J. Kittler, J. Fierrez, and J. Galbally (2015) External Links: Link Cited by: §4.1.
  • D. Prindle (2015) External Links: Link Cited by: 2nd item.
  • M. Rahman, B. Carbunar, and U. Topkara (2014) Concise paper: senscrypt: a secure protocol for managing low power fitness trackers. In IEEE 2nd International Conference on Network Protocols, External Links: Document Cited by: §5.2.3, Table 3.
  • M. Rahman, B. Carbunar, and U. Topkara (2016) Secure management of low power fitness trackers. IEEE Transactions on Mobile Computing 15 (2). External Links: Document Cited by: §5.2.3, Table 3.
  • M. Rahman, U. Topkara, and B. Carbunar (2015) Movee: video liveness verification for mobile devices using built-in motion sensors. IEEE Transactions on Mobile Computing. External Links: Document Cited by: §5.1.1, Table 2.
  • R. Ramachandra and C. Busch (2017) Presentation attack detection methods for face recognition systems: a comprehensive survey. ACM Computing Surveys 50 (8). External Links: Document Cited by: §5.1.1, Table 2.
  • C. Rathgeb and A. Uhl (2011) A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security. External Links: Document Cited by: §5.1.3, Table 2.
  • A. Rathore (2015) Wearable and big data: potential challenges, potential rewards. External Links: Link Cited by: 2nd item, §6.
  • A. G. Reddy, A. K. Das, V. Odelu, and K. Yoo (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. ECE Senior Capstone Project 2016 Tech Notes PLoS One. Cited by: §5.1.2, Table 2.
  • D. T. Report (2015) Harnessing safety data from wearable devices. Technical report External Links: Link Cited by: §7.1.
  • A. Research (2014) Internet of things vs. internet of everything: what’s the difference?. ABI Research Technical Report ABI Research. Cited by: 2nd item.
  • I. Rhee, A. Warrier, M. Aia, J. Min, and M. L. Sichitiu (2008) Z-mac: a hybrid mac for wireless sensor networks. IEEE/ACM Transactions on Networking 3 (7). External Links: Document Cited by: §2.1.
  • A. Riera, S. Dunne, I. Cester, and G. Ruffini (2011) STARFAST: a wireless wearable eeg/ecg biometric system based on the enobio sensor. Technical report Cited by: §2.1.
  • C. Roberts (2006) Biometric attack vectors and defenses. Danish Biometrics Technical Report Danish Biometrics. Note: Archived Cited by: §1.
  • E. D. Romesburg (2015) Reduction of physiological metric error due to internal cadence. Patent United States Patent Application Publication. Cited by: §4.2.
  • M. Schatten, M. Baca, and M. Cubrilo (2009) Towards a general definition of biometric systems. International Journal of Computer Science Issues (IJCSI) 2. External Links: Document Cited by: §5.
  • S. Schneegass, Y. Oualil, and A. Bulling (2016) SkullConduct: biometric user identification on eyewear computers using bone conduction through the skull. In CHI Conference on Human Factors in Computing Systems, pp. 1379–1384. External Links: Document Cited by: item 7, §2.1.
  • M. Seyedi, B. Kibret, S. Salibindla, and D. T. H. Lai (2015) An overview of intra-body communication transceivers for biomedical applications. In IGI Global, External Links: Document Cited by: §5.2.2, Table 3.
  • B. Shanthini and S. Swamynathan (2012) A novel multimodal biometric fusion technique for security. In International Conference on Information and Knowledge Management, Cited by: §5.1.3, Table 2.
  • H. Silva, A. Lourenco, F. Canento, A. Fred, and N. Raposo (2015) ECG biometrics: principles and applications. In Proceedings of the International Conference on the Bio-inspired Systems and Signal Processing, pp. 215–220. External Links: Document Cited by: item 2.
  • V. Singh and R. Sharma (2013) Performance analysis of mac protocols for wban on varying transmitted output power of nodes. International Journal of Computer Applications 67 (7). External Links: Document Cited by: §2.1.
  • L. Smital, C. Haider, P. Leinveber, P. Jurak, B. Gilbert, and D. Holmes (2016) Towards real-time qrs feature extraction for wearable monitors. In 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society, External Links: Document Cited by: §2.2.
  • N. V. Someren (2015) 3 tips for securing wearable technology in the work place. Review Article Wearable Tech. Cited by: §5.2.3, Table 3.
  • C. Sousedik and C. Busch (2013) Presentation attack detection methods for fingerprint recognition systems: a survey. IET Biometrics. External Links: Document Cited by: §5.1.1, Table 2.
  • C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B.V.K. V. Kumar (1998) Biometric encryption tm using image processing. In Proceedings of SPIE, Vol. 3314, San Jose, CA, pp. 422–431. External Links: Document Cited by: §1.
  • D. Speicher (2006) Vulnerability analysis of biometric systems using attack trees. Master’s Thesis. Cited by: §5.1.
  • E. Spinella (2003) Biometric scanning technologies: finger, facial and retinal scanning. SANS Institute InfoSec Reading Room Report Technical Report , SANS Institute, . Note: Cited by: §2.1.
  • E. Spinella (2004) An exploration of voice biometrics. SANS Institute InfoSec Reading Room Report Technical Report , SANS Institute, . Note: Cited by: §2.1.
  • A. E. Stanciu, L. Nemtol, and I. M. Moise (2012) Considerations regarding the spectral efficiency of orthogonal frequency division multiplexing. In 11th International Conference on Development and Application Systems, Cited by: 9th item.
  • A. Sundararajan, A. Pons, and A. Sarwat (2014) A generic framework for eeg-based biometric authentication. In 12th International Conference on Information Technology – New Generations, pp. 139–144. External Links: Document Cited by: §3.
  • K. Surmacz, K. Saeed, and P. Rapta (2013) An improved algorithm for feature extraction from a fingerprint fuzzy image. Optica Applicata XLIII (3). External Links: Document Cited by: §5.1.3, Table 2.
  • Y. Sutcu, Q. Li, and N. Memon (2007a) Protecting biometric templates with sketch: theory and practice. IEEE Transactions on Information Forensics and Security 2 (3). Cited by: §1.
  • Y. Sutcu, Q. Li, and N. Memon (2007b) Security and privacy in biometrics. I. Editor (Ed.), The name of the series one, Vol. 9, pp. 69–104. External Links: Document, Link Cited by: §1.
  • M. T. Tarata (2003) Cited by: §2.1.
  • A. B. J. Teoh and J. Kim (2015) Error correction codes for biometric cryptosystem: an overview. ECE Senior Capstone Project 2016 Tech Notes Yonsie University. Cited by: §5.1.3, Table 2.
  • K. M. S. Thotahewa (2014) MAC protocols for uwb-based wban applications. Springer. External Links: Document Cited by: §2.1.
  • [200] (2015) Threat outlook: integrity attacks, ransomware-as-a-service & connected cars. Threat Intelligence Times Technical Web Article Threat Intelligence Times. Cited by: §5.2.3, Table 3.
  • Z. Trabelsi, M. A. Hemairy, and M. M. Masud (2014) Resilience of fingerprint and iris readers against common denial of service attacks. In World Congress on Computer Applications and Information Systems, External Links: Document Cited by: §5.1.2, Table 2.
  • P. Tuyls, A. H. M. Akkermans, T. A. M. Kevenaar, G. Schrijen, A. M. Bazen, and R. N. J. Veldhuis (2005) Pratical biometric authentication with template protection. In International Conference on Audio- and Video-Based Biometric Person Authentication, Vol. 92. External Links: Document Cited by: §5.1.2, Table 2.
  • U. Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain (2010) Biometric cryptosystems: issues and challenges. In Proceedings of the IEEE, Vol. 92. Cited by: §5.1.2, Table 2.
  • [204] (2014) Understanding biometric performance evaluation. Precise Biometrics White Paper Precise Biometrics. Cited by: §4.1.
  • [205] (2015-03)(Website) Cited by: §4.2.
  • J. K. B. S. D. Wagner and C. Hall (1998) Cryptanalytic attacks on pseudorandom number generators. In 5th International Workshop on Fast Software Encryption, Cited by: §5.2.4, Table 3.
  • Y. Wang, L. Xing, and H. Wang (2016) Reliability modeling of relay-assisted wireless body area networks. In Annual Reliability and Maintainability Symposium, External Links: Document Cited by: §5.2.2, Table 3.
  • J. L. Wayman (1999) Error-rate equations for the general biometric system. In IEEE Robotics & Automation Magazine, Cited by: 4th item.
  • [209] (2015) Wearables: driving user outcomes in the digital age-the next leap. PwC Report PwC. Cited by: §4.2.
  • J. Wei (2014) How wearables intersect with the cloud and the internet of things: considerations for the developers of wearables. IEEE Consumer Electronics Magazine 3 (3). External Links: Document Cited by: §5.2.3, Table 3.
  • B. R. Wilkins (2014) Wearable technology and its associated security risk. Technical Survey Report ISACA. Cited by: Table 3.
  • M. Williams, L. Axon, J. R. C. Nurse, and S. Creese (2016) Protecting user data in ubiquitous computing: towards trustworthy environments. In IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI), Cited by: §7.
  • B. Wing (2014) Information technology: american national standard for information systems. NIST SP-500-290 Technical Report 1. Cited by: §1.
  • F. Xu, Z. Qin, C. C. Tan, B. Wang, and Q. Li (2011) IMDGuard: securing implantable medical devices with the external wearable guardian. In IEEE INFOCOM, External Links: Document Cited by: §5.2.2, Table 3.
  • B. Yang, C. Busch, K. de Groot, H. Xu, and R. N. J. Veldhuis (2012) Performance evaluation of fusing protected fingerprint minutiae templates on the decision level. MDPI Sensors. External Links: Document Cited by: §5.1.4, Table 2.
  • S. Yang and I. Verbauwhede (2010) Secure iris verification. In IEEE International Conference on Acoustics, Speech and Signal Processing, Vol. 2. External Links: Document Cited by: §5.1.3, Table 2.
  • Zamboni (2013) External Links: Link Cited by: §5.1.1, Table 2.
  • W. Zeller and E. W. Felten (2008) Cross-site request forgeries: exploitation and prevention. Technical report Princeton University. Cited by: §5.2.3, Table 3.
  • X. Zhou, S. D. Wolthusen, C. Busch, and A. Kuijper (2009) Vulnerabilities of fuzzy vault schemes using biometric data with traces. In Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, External Links: Document Cited by: §5.1.3, Table 2.
  • Z. Zhu, S. Han, P. Huang, A. K. Mok, and D. Chen (2011) MBStar: a real-time communication protocol for wireless body area networks. In Euromicro Conference on Real-Time Systems, Cited by: §5.2.2, Table 3.
  • T. G. Zimmerman (1995) Personal area networks (pan): near-field intra-body communication. Master’s Thesis, Media Arts and Sciences. Cited by: §2.1.