Cell Phones and Biometrics- Where Are They Now (2)

Running Head: CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW?

Cell Phones and Biometrics: Where Are They Now?

Courtney Dayter

Chestnut Hill College

Philadelphia PA

A Thesis Presented To

Chestnut Hill College

In Partial Fulfillment

Of the Requirements for

Honors in Digital Forensics

April 20, 2015

CELL PHONES AND BIOMETRICS: WHERE ARE THEY NOW? 2

DIRECTOR ______________________________________________Pamela King

READER _______________________________________________Sister Lisa Olivieri, SSJ, PhD


Abstract

This paper explores biometrics and cell phones from their history to their

implementation. It provides a definition for biometrics and discusses different types of

biometrics that can be used on cell phones. It works to explain the need for biometrics on cell

phones. Research is done to find user contact with biometrics and their use of security. It found

that a majority of users have had exposure to biometrics. The paper also inquires about the issues

researchers and users are facing with the implementation of biometrics. In doing so, the research

compares facial recognition technology to fingerprint technology on the Samsung Galaxy S4 and

the Apple iPhone 5s to find the effectiveness. The research finds that the biometrics implemented

on the iPhone 5s had better efficiency rates and was less susceptible to false positives than the

Galaxy. However, the research varies when it comes to voice recognition as the Galaxy’s

technology succeeded against the iPhone. These results are found through the use of a study and

a survey at Chestnut Hill College.


Introduction

Biometrics has been examined and accepted as a possible solution for device security.

Biometrics is the use of technology to verify and identify individuals based on their biological

features or characteristics (Hopkins, 1999). There are many different types of biometrics that

could be implemented on cell phones including gait recognition, fingerprint authentication, facial

and iris recognition. The research suggests that these forms of biometrics could be successfully

implemented on cell phones if researchers could fix the current flaws and build on current

knowledge and technologies. However, researchers, law enforcement and users alike need to find

a common ground on standards for privacy with regards to biometrics. The biometric

information needs to have the same level of protection as the information it is safeguarding. If

the solution to these issues can be found research shows that biometrics could soon become

widely used on cell phones.

Biometrics

Definition of Biometrics

Hopkins (1999) defined biometrics as “the application of computational methods to

biological features, especially with regard to the study of unique biological characteristics”.

Hopkins continued to define both identification and verification with relation to the use of

biometrics. Hopkins described verification as asking the question “Am I who I say I am?’ and

identification as the broader question of “Who am I?” Hopkins explained how modern biometric

technology is already used for verification and identification of individuals and could potentially

be used elsewhere. By breaking down the steps of identifying and verifying users on cell phones

it provides insight into the implementation and use of biometrics.


Pocovnicu (2009) also worked to address what biometrics is and how engineers can

incorporate biometrics into cell phones in his article “Biometric Security for Cell Phones.”

Pocovnicu described biometrics as the science and technology used to uniquely identify

individuals based on their physical, chemical or behavioral traits. He discussed the pros and cons

of each different type of biometric that can be used in cell phones. Pocovnicu explained how one

of the benefits of biometric systems is that they offer a convenient way to secure private

information. One of the drawbacks that Pocovnicu discussed was the cost of biometrics systems.

Kwapisz, Weiss and Moore (2010) defined biometrics as a form of security that uses a

person’s traits to identify them. Kwapisz, Weiss and Moore discussed Android-based cell phones

to show how their accelerometer data could be used to identify or authenticate cell phone users.

Accelerometer data is information about a person’s movements that comes from the

accelerometer technology within the cell phone.

Types of biometrics

Researchers have done studies on the different types of biometrics that can be used to

secure cell phones. Kwapisz, Weiss and Moore (2010) discussed work that allows for

identification and authentication to occur unobtrusively. This type of verification provides data

security by behavioral biometric identification that recognizes users’ daily activities. This

method doesn’t require the user to take any extra actions besides carry their cell phones. One

particular non-intrusive way discussed by Gafurov (2007) is gait biometric user identification.

However, Gafurov (2007) did note that gait should not be considered as a replacement for

traditional authentication but rather complementary.


Many commonly known biometrics can be used in cell phones. Shuo Wang and Jing Liu

(2011) worked differently from the other researchers by discussing the physiological and

behavioral traits including fingerprint, iris and voice. Shou Wang and Jing Liu (2011) attempted

to show that these traits can be accessed on a mobile phone just as they are in other places. For

example, “Fingerprint biometric has been adopted widely for access control in places requiring

high levels of security” and could be utilized on a phone (Wang & Liu, 2011). Jian Lai and Pong

Yuen (2006) in their article “Face and Eye Detection from head and shoulder image on mobile

devices” also worked to address facial and eye detection on mobile devices. They examined the

functionality of cell phones to implement biometrics for security. Lai and Yuen (2006) look to

see how the processor speed, storage and images could be used for face and eye detection.

Implementing Biometrics on Cell Phones

A biometric system is intended to follow steps of operation. Gafurov (2007) the author of

“A survey of biometric gait recognition” outlined the steps of operation as “1) capture biometric

sample of the person, 2) extract set of relevant features from captured sample, 3) and compare

the extracted feature set against the template set in the database”. He argues that these steps are

used for verification which seeks to find “Am I who I claim I am?” Hopkins (2010) agrees with

this in his article “An Intro to Biometrics and Large Scale Civilian Identification” when he stated

that biometrics is used for verification more than identification. However, Gafurov argued that

the intended steps stated above for biometric systems are not perfect and have errors. The two

types of errors with biometric systems are false accept rate (FAR) and false reject rate (FRR).

These errors wrongfully accept or reject users. Gafurov argues FAR and FRR are just two of the

issues researchers face in trying to implement gait.


Many other researchers have studied biometric systems and their implementation

problems. Pocovnicu (2009) outlines a biometrics system as a sensor unit, processing unit,

database unit and a matching unit. He continued to discuss the issues with making the different

units work on a cell phone. In particular he examined facial recognition and fingerprint

recognition. Pocovincu found many issues with the technologies available for implementation of

facial recognition which will be discussed. Pocovincu is not alone; other researchers have

explored the implementation issues of facial recognition as well as issues with gait recognition,

iris detection, voice recognition and fingerprint authentication which will be explored in the

following sections.

Gait Recognition

Gafurov (2007) presents the approaches to implementing gait by presenting the different

categories of gait used to verify and identify a person by using their walking style. There are

three different gait categories which include machine vision, floor sensor and wearable sensor

gait recognition. He argued that only wearable sensor gait recognition would be used in cell

phones. His work done using MR sensor placed on different parts of the body including waist,

ankle, and hand showed recognition rates of up to 86.3 percent. He presented the idea that if the

sensor was placed in a book bag the gait recognition would be altered and fairly inaccurate.

However, Gafurov wasn’t able to test his methodology on cell phones as they lacked the

technologies needed to implement gait.

Gonzalo Bailador Del Pozo (2012) did test gait recognition on cell phones. He found the

accelerator in new generation phones is capable of capturing gait and worked on an experiment

that tested the accuracy of gait recognition at varying speeds. Similarly, Derawi (2012) also


researched the implementation of gait and its effectiveness. He focused on the different activities

a person performs and the ability of different accelerators to capture and recognize them

accurately. Derawi also addressed the need for accurate databases that are able to authenticate

the information captured by the accelerators.

Both Del Pozo and Gafurov’s work showed there is a possibility of using gait but stated

more work needs to be done. Gafurov (2007) argued that there are still too many factors that can

negatively affect the accuracy of gait recognition systems. He believes that gait should be used as

a complementary biometric as studies have shown it is not robust against impersonation attacks.

Del Pozo (2012) agreed by stating that for now gait could be used for non-critical security and is

suitable for smartphones. However, he argued that gait identification is at the stage where it

performs only one comparison and could be improved. For Derawi the improvements should be

made in data acquisition and the sensitivity of the accelerator.

Voice Recognition

One of the oldest forms of biometrics is voice recognition. Voice recognition technology

is defined as the technology that enables a machine or computer program to receive and interpret

dictation or to understand and carry out spoken commands (Singh 2011). According to Zumalt

(2005), voice recognition technologies can be traced back to James Baker in the late 1970s. His

first software, Dragon Dictate, was developed and released in the early 1990s. Since the turn of

the century, Zumbalt listed multiple companies that have been working on voice recognition

technologies (VRT) including Microsoft and IBM. According to Clark (2014), many forms of

VRT exist in today’s market, including most notably Siri and Xbox. However, he argued that

recent breakthroughs could lead to more competent machines and better systems. Similarly,


Singh (2011) wrote about the current limitations of VRT. Singh discussed the impact of accents

on word recognition accuracy as well as effective implementation and timely troubleshooting

challenges.

Voice Recognition has already been implemented and used on many cell phones within

their applications. The authors of, “Inner Voice”, (2013) focused on how IBM discussed that the

acoustics of a user's voice can be analyzed while many other technologies including Siri, an

Apple application specializing in VRT, focus on word recognition. Similarly, Palenchar (2006)

discussed how these preinstalled technologies could be used to focus on security. He stated that

VRT could create a safer environment and even be used in applications such as mobile banking.

However, VRT still have room for improvement. According to Clark (2014), this technologies

are being innovated daily and improving at rapid speeds.

Fingerprint Authentication

Fingerprints fulfill the “something you are” requirement of multi-factor security (Miller

2013) and could become increasingly used in cell phones. A person’s fingerprint is unique and

can be used as a form of identification (Derawi 2012). Fingerprint recognition systems have

already been implemented into cell phones (Pocovnicu 2009). Pocovnicu mentioned the use of

AuthenTec fingerprint recognition biometric systems in the Lenovo P960 phone as an example

of the implementation of biometrics in cell phones. Similarly, Bhutani (2013) discussed in his

article “No to Fingerprint Security System” the establishment of the Touch ID fingerprint

scanner used in the iPhone 5s. He examined how Touch ID worked by using capacitive sensors

to verify a match between two human fingerprints. The capacitive sensors generate an image of

the depressions and elevations that make each fingerprint unique by sensing electrical currents.

However, he argued that the problems do exist with Touch ID even though it is already used by


users. According to Bhutani, these problems are the ability to hack the system and its failure to

correctly identify the user.

Research has also been done to examine fingerprint identification using cameras.

According to Derawi (2012), that camera images could be used to compare two separate

fingerprints to determine if they match. However, he found issues with the cell phone cameras

ability to capture images of fingerprints. He stated that the biggest problem is the different lens

types and the low megapixel resolution of cell phone cameras. He worked to find solutions for

the use of cell phone images to identify fingerprints by creating and experimenting with new

algorithms. These algorithms would work with the distortion of images. However, Derawi stated

that the creation of these algorithms is a time consuming task that still needs to be further

researched.

Facial and Iris Recognition

Facial and iris recognition are both done through the use of images. Shuo Wang and Jing

Liu (2011) argued that the image acquisition and processing capabilities of mobile phones could

be used for iris detection. However, they faced challenges with implementing iris biometrics due

to the image quality. Similarly, Byung Jun Kang (2010) found that performance can be degraded

by cell phone cameras due to changing brightness and contrast values. Byung Jun argues that

quality assessment is one of the most essential parts in using iris detection. Lai and Yuen (2006)

worked to address this problem by evaluating 2158 head and shoulder images to find that the

accuracy of iris detection is 97 percent. Similarly, Wang and Liu found an algorithm that could

be used on cell phones to detect both the iris and the pupil despite image quality. They identified


an algorithm as a mathematical formula that computes and compares the features in an image to

the database.

Much like iris detection, researchers have found that quality of images taken with a cell

phone camera is not adequate for facial detection. Lai and Yuen (2006) said that color

information and the facial boundaries from the pictures can affect the accuracy of facial

recognition. According to Lai and Yuen, images of good quality can result in a 98 percent

accuracy rate. Wang and Liu (2011) agreed in finding that facial recognition has a high accuracy

rating. Despite the accuracy, Wang and Liu (2011) have found that facial recognition is a

biometric technique with an average user preference. The problem Wang and Liu found to be the

most inconvenient is that facial recognition does have higher error rates than iris or finger

biometrics. These errors need to be eliminated to implement facial and iris recognition on cell

phones and gain user acceptance. This is true for all forms of biometrics.

Cell Phones and Privacy

The cell phone industry has grown in recent years. According to Hall (2013), “91 percent

of American adults own a cellphone, and within that group, 60 percent own smartphones”.

Similarly, the United Nations did a study that reported more people in the world have cell phones

than toilets. According to the U.N. report, six of the world’s seven billion people have mobile

phones and only 4.5 billion have a toilet necessary for sanitation (Worstall, 2013). With the mass

number of cell phone users the need to secure them is ever present. The solution to securing them

could be biometrics.


Need for Cell Phone Biometrics

In these ever changing times the use of cell phones has increased and the need for

securing them is ever present. In his article “Adaptive and Flexible Smartphone Power

Modeling”, Nacci (2013) discussed the establishment of a market for smartphones and how the

popularity of cell phones has increased the amount of security threats. Nacci stated that mobile

devices are “used to store user-centric sensitive information (e.g., contacts, credentials) or,

worse, to perform financial transactions” and that they are an appealing target for modern day

criminals. Leavitt (2013) furthers Nacci’s argument when he stated the need for security of

mobile devices for the benefit of companies. Leavitt stated that personal devices can result in

security breaches and risks because they access company data and networks without being

controlled or monitored. He addressed the need for data security with the increasing number of

device vulnerabilities. Leavitt stated “almost 90 percent of mobile applications tested had one of

more security flaws”.

The article “Biometrics on Mobile Phones” by Shuo Wang and Jing Liu (2011) also

discussed the sophisticated capabilities of cell phones which make them worth high security

levels. Wang and Liu discussed the point that although cell phones are equipped with PIN, most

users prefer to apply biometrics. They stated that 36 percent of people do not even use a

password on their phone but they would consider biometrics. Biometrics would add strong

security to mobile phones that will facilitate trustworthy electronic methods for commerce,

financial transactions and medical services. Similarly, Miller (2013) describes that the world is

rapidly changing and people are carrying out personal business in new ways. According to

Miller, the Internet has allowed for electronic commerce and social networking and the

widespread use of cell phones is at fault.


The increasing capabilities of cell phones and access to the Internet have created a need

for trusted communications. Miller (2013) discusses the use of multifactor authentication to build

trusted communications. He uses the “five-factor” approach for the strong authentication. Miller

(2013) states the “five-factor approach” which requires having “something you know,”

“something you have,” “something you are” with regards to physical features, “something you

are” that is location based and “something you trust,” will ensure protection of individuals and

financial institutions.

Cell Phone Capabilities

Cellular devices and mobile technologies can be traced back to the first phone call in

1946. This began the age of the development of cell phones. Cell phones originated as devices

used for the sole purpose of making phone calls (AT&T Labs, 2014). This changed on December

3, 1992 when the first text message was sent from Neil Papworth’s computer to Richard Jarvis

on his Orbitel 901 mobile phone (Arthur, 2012). According to Arthur, Nokia’s mobile phone was

the first to send a text message from a phone in 1993. This soon emerged as a new form of

communication. The popularity of text messages, technically referred to as SMS or short

message service, led to providers instituting a standard size at 128 bytes long (Arthur 2012). This

didn’t stop users from sending text messages as in 2011 it was found that over 145 billion text

messages were sent around the world. However, the use of text messages has begun to decline

due to the smartphone (Garratt & Poulter 2014).

In order to discuss smartphones it is important to realize their dependence on World Wide

Web (web) services. It wasn’t until the 1990s that web services became an option on a phone

(AT&T Labs, 2014). In the 1990s the 2G or “second generation” emerged with the development


of GSM and CDMA standards (Shakkottai, 2010). These standards led to the creation of

smartphones due to their use of digital transmissions and in 1998 media content became

available on mobile phones (AT&T Labs, 2014). In the late 1990s, the demand for data was

growing which led to 3G networks being launched in 2001 as the “next generation technology”

(Shakkottai, 2010.) According to Shakkottai, 3G systems enabled a transformation in the

industry. Frenzel (2006) refers to this transformation as the age of next-generation cell phones.

Next-generation cell phones are commonly known as smartphones. In the article “Who

are Smartphone Users?”, it stated that over 80 percent of American adults own a cell phone with

over 40 percent having access to the internet and web applications. According to Frenzel (2006),

a cell phone is an entertainment device as much as it is a phone. He stated that the next-

generation cell phones featured audio, games, video, television and email access. Similarly, the

article “Who are Smartphone Users?” discussed how phones offer a wide range of features

including access to the internet, music, and tools through applications. However, he argued that

the most important feature is the ability to access the internet.

Due to the growing smartphone use 3G networks became overwhelmed and the industry

created a 4th generation network (4G). The Long Term Evolution (LTE) standard was the first 4G

network to be released in 2009 with the intent to serve the high amount of users (Shakkottai,

2010). According to Frenzel (2006), the release was a year earlier than targeted. While many

users are only concerned about user features it is important to consider the hardware a cell phone

contains.

There are many different smartphones made by various companies in the market. The

phone that changed the smart phone world was the iPhone in 2007. Since then, phones and


processors have become smaller and faster while memory has grown (Siew Wei and Yau Yuen,

2014). According to Siew Wei and Yau Yuen (2014), the technical capabilities of cell phones

include acceleration sensors, light sensors, microphone, cameras and Global Positioning System

(GPS). All of the hardware makes smartphones capable of performing the necessary tasks and

storing information. This information includes videos, text messages, images, files, e-mails,

records, web history, call logs, locations, voicemail and contacts (AT&T Labs, 2014).

Password “Protection”

It can be argued that biometrics is a more secure form of a password. However, research

hasn’t been done on the ability of law enforcement to search a cell phone with biometrics.

Research has been done on the ability of police officers to search cell phones with passwords.

According to Gershowitz (2011), the search incident to arrest exception gave police broad

authority. He stated that the police’s authority allows them to search a cell phone even if it is

password protected. Essentially, police have been allowed to break passwords without the

owner’s consent and demand the password to be turned over by an arrestee without violating the

Fifth Amendment and Miranda Protections (Gershowitz, 2011).

In a separate article, Gershowitz (2011) argued that password protection hasn’t been

addressed in court. He stated that the courts and police alike have treated a cell phone as a

container. Police are permitted to try all of the keys on an arrestee’s keychain to find the one who

unlocks the glove compartment. Gershowitz believes courts will rule along the same lines as

their previous rulings. However, he argues the issue that remains is how long a police officer can

spend trying to crack to password or obtain the password.


Cell Phone Theft

Law enforcement may not be the only people able to access a cell phone. Cell Phone theft

has become more common and places the cell phone as risk to being intruded. In the article

“Cellphone Theft”, Brown (2013) stated that smartphone and cellphone thefts made up 30

percent-40 percent of all robberies in major cities of the United States in 2011. Brown states that

stolen and lost phones cost American consumers $30 billion per year. Similarly, the Federal

Communications Commission reported that one out of three robberies in 2012 involved cell

phone theft ("Cell phones and," 2014).

The article “Cell Phones and Wireless Communications” reports cell phone theft as a

serious issue. Their concerns are mobile phones allow thieves to access email, contacts,

applications which may include banking ones or even confidential texts ("Cell phones and,"

2014). According to Brown (2013), these concerns have been answered by cell phone

manufacturers who have created kill switches to destroy cell phones. However, Glisson (2011)

argues that this is not enough and that even devices that evidence has been removed from still

contains personal information. Glisson proves his point by using mobile forensic toolkits to

examine re-sold cellphones. In all of the devices examined he found user information as well as

11,135 artifacts from a mere 49 devices. Glisson highlights the need to ensure personal data is

secure on cell phones in everyday life and cases of theft alike. Overall, it is believed that cell

phones contain data that may be accessed by people other than the owner. Glisson, Brown and

the author of “Cell Phones and Wireless Communications” believe that a solution needs to be

found to protect users.


Privacy and Biometrics

Privacy is a major concern when it comes to biometrics. Biometrics requires the use of

personal identification methods to authenticate. However, users desire their biometric

information to be protected just as much as their data (Alterman, 2003). Alterman stated that the

ethical concern of implementing biometrics is concerned with the storing and sharing of

biometric identification information. He warned that technical errors could cause the release of

biometric information that would then allow access to the personal data associated with the ID.

Similarly, Mordini and Ottolini (2007) argued that the ethical issue lies within the security and

storage of biometric identity features in modern databases and on cell phones. She stated that

there is no way to guarantee complete protection of information due to technology failures.

According to Alterman (2003), technology failures aren’t the only concern. He argues

that sharing identification information with databases allow for hacking of personal information.

He states that people could easily get their hands on identification information through databases

used to authenticate biometrics. Bhutani (2013) addressed this issue in relation to TouchID. His

concern was that fingerprint information was shared across the cloud. De Capitani Di Vimercati

(2012) argues that this issue illustrates problems with data protection techniques that need to be

addressed to ensure data privacy.

Van der Ploeg (2005) argued differently stating the problem occurs before the collection

of physical features. He stated that rapid use of technologies is where the ethical issue lies. Van

der Ploeg believes that society should avoid “informatization” of the body. He argues that by not

disposing this valuable information people are able to protect themselves and secure their

privacy. Alterman (2003) agreed stating that voluntarily disposing information causes the ethical


issues to occur. He argued that while the ideal is to avoid exposing personal biometric

information to ensure anonymity it is unavoidable due to modern day technology.

Whether users choose to dispose their biometric information or they do not the research

shows that privacy is to be valued and society agrees. The belief is that personal identity is

valuable and individuals should protect it. According to Kizza, the general opinion on privacy is

that society has an ethical duty to protect their information as well as to protect the information

of others. However, Alterman stated there will always be people who act in an unethical manner

and that advances in technologies encourage their behavior. Regardless Barkhuus (2003) argues

that society is in control of their destiny and need to be aware of the impacts of their actions.

Testing and Comparing Biometric Methods

Facial recognition and fingerprint authentication are two different forms of biometrics

that have been implemented on cell phones. While they can be found on many devices their

capabilities are still being questioned. The research in this experiment will serve to answer: If

facial recognition technology and fingerprint technology were compared which one would prove

to be more efficient and have better success rates?

Test Methodology

In an effort to test facial recognition and fingerprint authentication, a study was set up

using two main stream smartphones, the Apple iPhone 5s and the Samsung Galaxy S4. The

Apple iPhone 5s was a black 16 gigabyte device running the iOS 8.1 operating system. The

Samsung Galaxy S4 was also a 16 gigabyte using the Android 4.4.2 operating system which is

also known as “KitKat.” Using these devices, the researcher and another student collaborated to


test the biometric applications they each offered. In doing so, the same plan was set in place to

use on each device even though the technologies differed.

The test plan consisted of a variety of tests in attempt to find the efficiency and false

positive rates in unlocking the device and accessing the information. For fingerprint

authentication, the first student would attempt to unlock the device 25 times using their right

thumb making this the control. The student then followed with 25 attempts using their right

pointer finger to see whether the device was able to detect different fingerprints and then 25

attempts with their left thumb trying to detect false positives. The final test was performed by the

second student who attempted 25 times with their thumb also trying to find false positives.

The procedure for facial recognition technologies was very similar to the one for

fingerprint authentication. Two students preformed tests attempting to unlock each phone. One

student attempted to unlock the phone using a blank face for 25 attempts and documenting the

results. She then made various faces for 25 times trying to determine if this would alter the

results. The next test has the other student attempt 25 times with their face in hopes of finding

false positives. The final test tried to unlock the phone using a picture of the first student for 25

times trying to see if the phone could detect the false positives.

Results and Discussion

The Samsung Galaxy S4 and the iPhone 5s both have different capabilities. For starters,

the Samsung Galaxy comes with facial recognition preinstalled as a security feature that

Samsung lists as “low security” and no fingerprint technologies. The opposite is true of the

iPhone 5s that comes preinstalled with touchID, a scanning device and application that is

considered the highest form of security on Apple devices, and no facial recognition technologies.


However, in the perspective “App Stores” for each device, applications can be downloaded to

take advantage of both biometric technologies. On the iPhone 5s, the application “FastAccess

Face Recognition” received the best reviews for a facial recognition application in the “Apple

Store” therefore it was downloaded for use in the study. On the Galaxy S4, the application

“Fingerprint Screen Lock ICS” had received good reviews in “Google Play” therefore it was

downloaded to complete the applications needed to compare efficiency and false positive rates.

Using the selected applications for the study, the following chart shows the success of the

test plan for face recognition.

Control Picture Faces Different User0%

20%

40%

60%

80%

100%

120%

Face Recognition: Success Rates

GalaxyiPhone

Figure 1

Based on the Figure 1, it can be determined that facial recognition technologies have high

efficiency rates on both the iPhone and Galaxy. Both devices had a 100 percent efficiency rate

with a standard picture and an overall efficiency rate of 97 percent with the programmed user.

The false positive rate stood at 2 percent with only 2 attempts working out of the 100 made.

These statistics prove that the facial recognition technologies implemented on these phones are

successfully working to secure the data on cell phones.


The results from the fingerprint tests were very different as indicated in the graph below

(Figure 2). On the iPhone 5s, the fingerprint technologies were very efficient with a 96 percent

success rate using the right thumb and a 100 percent success rate using the pointer finger. The

technology was so successful that it even produced a 0 percent false positive rate. However, the

Samsung Galaxy was very inefficient with less than a 44 percent success rate and an 8 percent

failure rate. The technologies on the Galaxy S4 were not up to the same level of the iPhone. The

Galaxy attempted to use the screen to correctly identify the fingerprint of the user and not a

scanner like the iPhone led to its failures. Therefore fingerprint biometric technologies have not

been implemented on a widespread level that can be readily accepted as a successful way to

secure the information on cell phones.

Control Pointer Finger Opposite Thumb Different User0%

20%

40%

60%

80%

100%

120%

Fingerprint Authentication: Success Rates

SamsungiPhone

Figure 2

Voice Recognition Technologies

In an effort to expand the study, a similar test was set up using the same two

smartphones, the Apple iPhone 5s and the Samsung Galaxy S4. The Apple iPhone 5s is a black

16 gigabyte device now running Apple’s iOS 8.3 operating system and the Samsung Galaxy S4


remained unchanged. Using these devices, the same two students collaborated to test the voice

recognition technologies they each offered. In doing so, the same plan was set in place to use on

each device even though their technologies differed.

The test plan consisted of a variety of tests in attempt to find the efficiency and false

positive rates in unlocking the device on the Galaxy and correctly identifying information on the

iPhone. For the Galaxy, the first student attempted to unlock the device 25 times using the word

“lighting.” The student then followed with 25 attempts using the word “lightning” to see whether

the device was able to detect different words and then 25 attempts with their voice muffled by

talking with their nose plugged. The final test was performed by the second student who

attempted 25 times with their voice trying to find false positives.

Results and Discussion

The Samsung Galaxy S4 and the iPhone 5s both have different capabilities. For starters,

the Samsung Galaxy comes with voice recognition preinstalled as a security feature that

Samsung lists as “low security.” The opposite is true of the iPhone 5s that doesn’t come with a

voice recognition technology for security, but does come loaded with Siri a voice recognition

technology designed towards the ease of using apple phones and technologies. With this in mind

the test faltered in the false positive section on the iPhone 5s end. Using the selected

applications for the study, the following chart shows the success of the test plan for voice

recognition.

Figure 3

Based on Figure 3, it can be determined that voice recognition technologies have high

efficiency rates on both the iPhone and Galaxy. The iPhone had a 100 percent efficiency rate


with the

control word

and only

missed one

attempt of the

voice

change. The

Galaxy had similar efficiency with a 94 percent total success rate in the same two fields.

Similarly, the Galaxy fell just below the iPhone 5s missing 2 more attempts of slight word

change to “lightning”. However, the Galaxy stood out far better than the iPhone as it only

accepted one false positive while the iPhone accepted 92 percent. This fall back for the iPhone is

greatly due to the fact that the iPhone’s voice recognition technology wasn’t made for security

purposes. These statistics prove that the voice recognition technologies implemented on the

Galaxy are successfully working to secure the data on cell phones. It also proves that Apple

needs to improve its technologies in order to use them for security.

The Technologies Compared

Overall, the technologies faired decently in the study. The Apple iPhone had better

success rates when it came to correctly identifying the proper person using fingerprint, facial and

voice recognition. The iPhone maintained a 98 percent success rate in every category. However,

the Galaxy didn’t fare as well with only a 78 percent success rate because of low fingerprint

rates. In total, the biometrics combined for an 88 percent success rate. While this number might

come higher than expected it is still not enough when it comes using biometrics for security. The

"Lighting" "Lightning" Voice Change Different User0%

20%

40%

60%

80%

100%

120%

Voice Recognition: Success Rates

GalaxyiPhone


chart below, Figure 4, shows the success rates for each biometric on the devices and the room for

improvement in security.

Fingerprint Facial Voice0%

100%

Success Rates

SamsungiPhone

Figure 4

Acceptance of Biometrics

While there are many forms of biometrics that have been implemented on cell phones,

user’s knowledge of these technologies has been questioned. In many cases, researchers have

even studied the use of any security on cells phones. In order to study these questions, a survey

was conducted at Chestnut Hill College on the availability of biometrics and the use of security

including biometrics.

Survey and Procedures

The intent of the survey was to find consumers’ opinions on biometrics and security. In

creating the survey the selection of the questions was essential to get the desired answers. After


three revisions of the survey and approval from the Institutional Review Board (IRB) the survey

was distributed around Chestnut Hill College campus to 50 random undergraduate students. The

survey included 7 questions. The first questions aimed at determining the types of phones users

own, the importance of data on their phones, if they used security, and what kind of security they

used. The rest of the questions targeted the use of biometrics. These questions included whether

users have used biometrics in any way, whether their phones had biometric capabilities, and their

acceptance of biometrics as an adequate form of security for cell phones.

Table 1 shows the types of cell phones that were listed by the survey respondents. Based

on the table, it can be determined that at least 50 percent of the users had biometric capabilities

on their phones as both the iPhone 5s, 6 or 6Plus and the Samsung Galaxy S4, S5 and Note 3 are

built with biometric technologies. This table also supports the findings listed in figure 3 as the

responses from 25 people stated they had biometrics capabilities on their cell phones.

User’s Cell PhonesCell Phone Types Number of UsersiPhone 5s, 6 or 6 Plus 19Older iPhone 15Samsung Galaxy S4, S5, Note

6

Older Galaxy 3Other 7

Table 1

Earlier research suggested that there is an evident need for the security of cell phones due

to the desires of user privacy and to protect the type of data stored on cell phones. According to

the results of the survey, 86 percent of users agreed with this statement by stating that they use

security on their cell phones. The figure below (Figure 5) demonstrates the various forms of

security users have enabled on their phone for security. While the survey contained many

security options, only four of them were selected by users. Fingerprint recognition was the only


form of biometric security. However, the passcode came in as the highest used at 57 percent with

fingerprint recognition coming in second at 25 percent. The use of security also represents

32

6

14

4

Forms of Users' Security

Passcode

Password

Fingerprint

Finger Swipe

Figure 5

the importance of data on the user’s devices. Table 2 states the responses recorded from the users

on how important the data is on their phones. The table uses the Likert scale with 1 being the

least important and 5 being the most important. Based on the table, 64 percent of users believe

their data is important to very important with only 8 percent stating their information to be

unimportant.


Table 2

Earlier research had stated that passwords didn’t provide the desired level of security

because they made cellphones susceptible to cell phone searches and theft of their important

data. With this in mind the survey questioned users’ likelihood of considering biometrics as an

adequate way to secure their phone using a Likert scale. Based on the survey, 74 percent of users

accepted biometrics, 18 percent of users was unsure and 8 percent did not. The acceptance rate

stood out as it was higher than the number of people that had interacted with biometrics which

stood at 68 percent. Regardless, the user’s acceptance rates of biometrics according to survey

didn’t match up to the number of users that claimed the use of biometrics. The following figure

(Figure 6) shows the use of biometric technologies by users. Only 50 percent of users had

knowledge of biometric technologies on their cell phones and of that 52 percent used it. These

stats show the gap between biometric technologies and their implementation in regards to user’s

acceptability.

Importance of Data on User’s PhonesImportance Number of Responsesnot important 0somewhat important 4neither 14important 17very important 15


Further

Research

This research was conducted at Chestnut Hill College to the best ability of the

researchers. However, the research left room for further research to be conducted on the subject.

In regards to the hands on study of biometrics, it could be done on a larger level. The study could

have included other cell phones in the comparison such as LG, Motorola or Microsoft devices.

With more technologies and devices the study could also include a larger number of tests with

more attempts to see the long lasting effectiveness of biometrics on cell phones. By including

these different forms of research, it would allow for further investigation into the efficiency of

biometrics in correctly securing cell phones and their information.

The information in this paper could go even further and expand the survey. The survey

was conducted around the Chestnut Hill College campus with a total of 50 surveys as the end

result. Using the same survey, there are many options. The survey could be employed in different

environments to see if the answers that college students gave vary from business people or even

parents. The survey could also be employed on an even larger scale and placed on the Internet

and throughout many different places allowing for a higher number of result of people from all

9

1612

13

Use of Biometric Technologies by Users

I don't know

I don’t have it

I don't use it

I use biometrics

Figure 6


over the world. By employing the survey in different places it would allow for advanced research

and the creation of claims on a larger more accepted scale.

Conclusion

Biometrics is being implemented on cell phones and many similar devices. The standard

for biometrics is 100 percent security of information that it protects. In the case of cell phones,

the data suggests that there is still work to be done to reach the desired level of security and

efficiency rates. However, users are starting to accept and use biometrics as an adequate way to

secure their cell phones. Further research can lead to the solution of device security. Until then,

biometrics will work with other securities to secure cell phones and their data.


References

Alterman, A. (2003). ``A piece of yourself'': Ethical issues in biometric identification. Ethics and

information technology, 5(3), 139-150.

Arthur, C. (2012, December 3). Text messages turns 20 – but are their best years behind them?.

Retrieved from http://www.theguardian.com/technology/2012/dec/02/text-messaging-

turns-20

AT&T Labs. (2014). Technology timeline. Retrieved from

http://www.corp.att.com/attlabs/reputation/timeline

Barkhuus, L., & Dey, A. K. (2003). Location-Based Services for Mobile Telephony: a Study of

Users' Privacy Concerns. In INTERACT (Vol. 3, pp. 702-712).

Bhutani, T. (2013). No to fingerprint security system. International Journal of Computer Science

and Management Research, 2(10), 3583-3587.

Brown, R. (2013). Cellphone THEFT. Rural Telecom, 32(2), 19-21.

http://www.corp.att.com/attlabs/reputation/timeline

http://www.theguardian.com/technology/2012/dec/02/text-messaging-turns-20

http://www.theguardian.com/technology/2012/dec/02/text-messaging-turns-20


Byung Jun, K., & Park, K. (2010). A new multi-unit iris authentication based on quality

assessment and score level fusion for mobile phones. Machine Vision & Applications,

21(4), 541-553.

Cell phones and wireless communication. (2014, March 04). Retrieved from

http://www.usa.gov/topics/science/communications/phones/cell-phones.shtml

Clark, J. (2014). Speech Recognition Better Than a Human's Exists. You Just Can't Use It

Yet.Global Tech.

De Capitani Di Vimercati, S., Foresti, S., Livraga, G., & Samarti, P. (2012). Data Privacy:

Definitions and Techniques. International Journal Of Uncertainty, Fuzziness &

Knowledge-Based Systems, 20(6), 793-817. doi:10.1142/S0218488512400247

Del Pozo, G., Sanches-Ávila, C., De-Santos-Sierra, A., & Guerra-Casanova, J. (2012).Speed-

Independent gait identification for mobile devices. International Journal Of Pattern

Recognition & Artificial Intelligence, 26(8), 1-13. doi:10.1142/S0218001412600130

Derawi, M. (2012). Smartphones and biometrics. (Doctoral dissertation).

Frenzel, L. E. (2006). the CELL Phone now that's entertainment. (Cover story). Electronic

Design, 54(10), 42-50.

Gafurov, D. (2007, November). A survey of biometric gait recognition: Approaches, security and

challenges. In Annual Norwegian Computer Science Conference (pp. 19-21).

Garratt, L., & Poulter, S. (2014, January 13). Number of text messages being sent falls for the

first time ever. Retrieved from

http://www.usa.gov/topics/science/communications/phones/cell-phones.shtml


http://www.dailymail.co.uk/sciencetech/article-2538488/SMS-takes-seat-IM-number-

texts-sent-Britain-falls-time.html

Gershowitz, A. M., Can police search your cell phone and even break your password, during an

arrest?, 2011 Nat'l Ass'n of Crim. Def. Lawyers, Inc. 1-13 (2011, November).

Gershowitz, A. M., Password Protected? Can a Password Save Your Cell Phone from a Search

Incident to Arrest?, 2011 Iowa L. Rev. 1-39 (2011).

Glisson, W., Storer, T., Mayall, G., Moug, I., & Grispos, G. (2011). Electronic retention: what

does your mobile phone reveal about you?. International Journal Of Information Security,

10(6), 337-349.

Hall, O. M. (2013). Smarter Phones, Smarter Solutions. Human Ecology, 41(2), 12-15.

Hopkins, R. (1999). An Introduction to Biometrics and Large Scale Civilian Identification.

International Review Of Law, Computers & Technology, 13(3), 337-363.

INNER VOICE. (2013). Engineering & Technology (17509637), 8(7), 36-37.

Kizza, Joseph Migga. (2007). Ethical and social issues in the information age. Vol. 999.

Springer.

Kwapisz, J.R.; Weiss, G.M.; Moore, S.A., (2010) "Cell phone-based biometric identification,"

Biometrics: Theory Applications and Systems (BTAS), 2010 Fourth IEEE International

Conference on , vol., no., pp.1,7

http://www.dailymail.co.uk/sciencetech/article-2538488/SMS-takes-seat-IM-number-texts-sent-Britain-falls-time.html

http://www.dailymail.co.uk/sciencetech/article-2538488/SMS-takes-seat-IM-number-texts-sent-Britain-falls-time.html


Lai, J., & Yuen, P. C. (2006). Face and eye detection from head and shoulder image on mobile

devices. International Journal Of Pattern Recognition & Artificial Intelligence, 20(7),

1053-1075.

Leavitt, N. (2013). Today's Mobile Security Requires a New Approach. Computer, 46(11), 16-

19.

Miller, D. (2013). Strong authentication for mobile commerce.opusresearch report, 1-12.

Retrieved from http://opusresearch.net/wordpress/featured-research/

Mordini, E., & Ottolini, C. (2007). Body identification, biometrics and medicine: ethical and

social considerations. Annali-Istituto Superiore Di Sanita, 43(1), 51.

Nacci, A. A., Trovò, F. F., Maggi, F. F., Ferroni, M. M., Cazzola, A. A., Sciuto, D. D., &

Santambrogio, M. M. (2013). Adaptive and Flexible Smartphone Power Modeling.

Mobile Networks & Applications, 18(5), 600-609.

Palenchar, J. (2003). New Voice-Recognition Technology Added To Handsets. TWICE: This

Week In Consumer Electronics, 18(11), 34.

Pocovnicu, A. (2009). Biometric Security for Cell Phones. Informatica Economica, 13(1), 57-63.

Shakkottai, S. S., Fomenkov, M. M., Koga, R. R., Krioukov, D. D., & Claffy, K. C. (2010).

Evolution of the Internet AS-level ecosystem. European Physical Journal B -- Condensed

Matter, 74(2), 271-278.

Wang, S.and Liu, J. (2011). Biometrics on mobile phone, Recent Application in Biometrics, Dr.

Jucheng Yang (Ed.), ISBN: 978-953-307-488-7, InTech, Available from:

http://opusresearch.net/wordpress/featured-research/


http://www.intchophen.com/books/recent-application-in-biometrics/biometrics-on-

mobile-phone

Siew Wei, T., & Yau Yuen, Y. (2014). Innovative use of Smartphones. Teaching Science: The

Journal Of The Australian Science Teachers Association, 60(1), 39-42.

Singh, M., & Pal, T. R. (2011). Voice Recognition Technology Implementation in Surgical

Pathology: Advantages and Limitations. Archives Of Pathology & Laboratory Medicine,

135(11), 1476-1481

Van der Ploeg, I. (2005). Biometric identification technologies: ethical implications of the

informatization of the body. BITE Policy Paper, 1.

Worstall, T. (2013, March 23). More people have mobile phones than toilets. Retrieved from

http://www.forbes.com/sites/timworstall/2013/03/23/more-people-have-mobile-phones-

than-toilets/

Documents

Cell Phones and Biometrics- Where Are They Now (2)