Peer-to-peer biometric verification using nfc-enabled smartphones

Abstract

The current approach for person identification consists of handing over a paper ID document which consists only of a picture of the person’s face, usually at a much younger age. Human intuition provides the means to make a comparison between the person in the picture and the person handing over the document. With the rise in personal electronic devices such as smartphones and tablets, alternative solutions such as mobile biometrics have become feasible especially since these security mechanisms are also being studied as solutions to securing the mobile devices themselves from unauthorised login. Instead of presenting a paper ID document, a person may present a contactless smartcard or even an NFC-enabled smartphone on which biometric data is securely stored. The data may be read from the card or the phone using another phone with NFC capability. The sensors of the receiving smartphone can then be used to take biometric measurements of the person to verify the biometric template that the person presented. In this way, the sensors and processor of a phone perform the recognition instead of a human, and extra layers of security can be added over paper ID documents by allowing traits such as voice, teeth, or hand geometry to be identifiable, instead of only the person’s face. Additionally, the biometric data can easily be updated on an electronic device as a person ages, whereas the same photo on ID documents are currently used for many years to avoid the time consuming reprinting and issuing processes. A study was performed to determine the feasibility of a novel identification solution using NFC and biometrics on a smartphone. The solution allows the user to use a smartphone or an RFID tag as a replacement for a paper ID document without adding overhead to the identification process. NFC is a close-proximity communication technology and is utilised as the enabling technology for this solution by allowing users to touch phones together or to touch an RFID tag with a phone to read the required biometric data. NFC does not require any connection setup or device pairing, which means the “handing over” of an ID document is not substituted with a laborious electronic process, but rather by the simple touch of a phone. For the biometric system, the main focus was on speaker recognition using the built-in microphone of a smartphone, although a basic face recognition system was also developed using the built-in camera. The Google Nexus S was used as the platform for the smartphone implementation. The Nexus S runs the Android operating system which was used to develop biometric algorithms in both Java and native C/C++. Various open-source libraries were ported to Android mainly to provide pattern recognition algorithms. For the first experiment a Java-based speaker recognition system was developed. The system was trained with a database of 27 speakers under various environmental conditions. In terms of performance, the smartphone could perform biometric enrolment and classifier training in about 400 milliseconds when distance-based classification algorithms were used. This excludes the time of the recording, which depends on the length of the sentence that is spoken. Verification of the biometric template can be performed in about 3 seconds. The processing time was compared with a standard PC and it was found that the phone was about 30 times slower, which is to be expected, but the processing time of most algorithms was still found to be very reasonable for the implementation of a user-friendly system. The identification accuracy of the system reached 82.76% for the top performing algorithm. Similarly, in the second experiment, it was found that the phone could perform training and verification in about 150 milliseconds for a face recognition application in C++. This was found to be about 21 times slower than a PC. In both experiments, no reduction in identification accuracy was observed when comparing the phone to the PC. A database with 40 subjects was used to train the system and identification accuracy reached 89.17%. A third experiment was conducted to study a complete end-to-end proof-of-concept implementation of a smartphone-based peer-to-peer biometric system. A second speaker recognition application was developed and different variables were studied under varying conditions in the biometric system. These included the effect of audio sample rate, textindependence, and feature vector size on system accuracy, processing time and NFC transmission time. The system was trained with only a single user and 4 intruders attempted to verify themselves as the legitimate user. Upon changing the audio sample rate from 8 kHz to 44.1 kHz, no noticeable improvement could be observed in accuracy since the human voice does not generally extend to frequencies above 4 kHz. Feature vector size and text independence generally had a significant effect on the accuracy of the system. Text independence in this context refers to the user of the system being verified when speaking a sentence that was not used for enrolment. NFC transmission time was shown to vary from approximately 700 to 4000 milliseconds for different feature vector sizes stored on various RFID tags as well as peer-to-peer transmission between phones. A comparison was also made between two different programming languages, Java and C++, which are available for Android development. It was found that the processing time could be decreased by a factor of 9 when developing a native C++ application instead of Java, which requires applications to run on the Dalvik virtual machine in Android. Both the Java and C++ libraries of Android are quite limited (to suit the ARM architecture) and many modifications are required to port open-source desktop software to Android, even though Android is Linux-based. It was found, however, that the porting of C++ software to Android generally requires many more code modifications than Java which was expected since Java is generally considered very portable. In South Africa, as in many other countries, paper ID documents are systematically being replaced by contactless smartcards with a stored biometric template on the card. NFC phones could theoretically read the biometric template from these cards and compare with a measured trait provided that the phone supports the applicable sensor. In the future, ID information could be stored in a secure element embedded in a smartphone or based in the cloud. The results of the experiments in this dissertation show that smartphones and tablets have become powerful enough to allow for user-friendly implementations of the identification solution proposed. The accuracy of voice and face biometrics are generally lower when compared to established technologies such as fingerprint biometrics. Fingerprint scanners are currently entering the mobile space and when combined with other modalities such as voice and face, very secure verification will be possible. The combination of biometric modalities, allows a higher level of certainty when identifying people. Multimodal biometrics does however increase the processing requirements, which is why performance analyses are important for mobile devices.