Data and computing resource security has become an integral element in the fabric of information systems. Cryptography has formed a foundation for conventional security theoretical frameworks and applications. However, cryptography is based on either knowledge (i.e., what you know) or possession (i.e., what you have). This is a built-in weakness in traditional authentication approaches, as the true identity of an individual cannot be verified.
Biometric security is emerging as a promising solution to the above problems. Biometrics-based authentication schemes use biological traits such as fingerprints, face, iris, hand-geometry, and palm-prints, etc., which are unique for any individual. Biometric security technology has made great progress in both theory and applications. Biometric systems are commonly being used in many applications in our daily life including biometric passports, forensic analysis and other civilian applications. With the rapid development of mobile networks and mobile computing technology, more and more mobile devices such as mobile phones have evolved from simple voice communication devices to powerful digital handsets with multiple functions such as digital cameras, video recorders, radios, MP3 players, web browsers, gaming terminals, GPS navigators, and mobile TVs. Recently, more and more data-centric services are being provided over mobile networks. In the future, mobile devices will store far more information than earlier handsets, e.g., related to personal data and financial information. Mobile users could use services such as trading stocks, processing micro-payment and managing bank accounts and using online data storage services. The portability of mobile devices and the convenience of mobile services have made mobile computing increasingly attractive. However it also brings with it the risk of information leakage and illegitimate use. When mobile devices are lost or stolen, not only the devices themselves but also the stored information may fall into the wrong hands. Therefore, biometric security in the mobile computing environments has to deal with the additional challenges of constrained onboard computing resources and the high risk of template compromise.
The objective of this special issue, as its title suggests, is to present a collection of high quality research papers that report the latest developments in addressing the challenges of biometric security technology especially in the mobile computing environment.
The first paper is entitled ‘A Fingerprint based Bio-Cryptographic Security Protocol Designed for Client/Server Authentication in Mobile Computing Environment.’ This paper proposes a bio-cryptographic protocol that can combine the advantages of the public key infrastructure (PKI) and biometric security. The idea is to transfer the locally matched fuzzy vault index to the central server for biometric authentication using the PKI, which offloads the computation demand to the central server. Biometric cancelable keys are generated while minutiae details are never exposed externally. Establishment of symmetric session keys does not need a conventional key exchange process, which further reduces the vulnerability risk. A J2ME implementation has been provided on the mobile device emulator to validate the feasibility in the mobile computing environment 1.
The second paper is entitled ‘Fusion of Visual and Infrared Face Verification Systems.’ This paper presents a two-stage procedure to combine multiple face traits for identity authentication. At the first stage, a high dimensional random projection is applied to the raw visual and infrared face images to extract useful information relevant to each identity. This is followed by a dimension reduction using eigen feature regularization and extraction. At the second stage, the scores from two verification systems based on each face modality are fused by an error minimization algorithm. This error minimization algorithm directly optimizes the verification accuracy by adjusting the parameters of a polynomial classifier 2.
The third paper is entitled ‘A Chaos Based Encryption Technique to Protect ECG Packets for Time Critical Telecardiology Applications.’ Electrocardiography (ECG) signal is popularly used for diagnosing cardiovascular diseases (CVD). It can also be used for biometric identification. As ECG signals contain sensitive private health information along with details for person identification, they need to be encrypted before transmission through public media. This paper proposes the usage of multi-scroll chaos to encrypt ECG packets. ECG packets are being encrypted by the mobile phones using the chaos key. The proposed scheme attempts to satisfy multiple demands of limited onboard computing resource, fast and secure encryption 3.
The fourth paper's title is ‘Medical Biometrics in Mobile Health Monitoring.’ This work investigates the feasibility of ECG based identity management in mobile health monitoring applications. A body area network that operates in conjunction with ECG biometric recognition is explored for mobile monitoring of patients, rescuers, pilots, soldiers, or field agents in general. Among the major challenges of this technology is the stability of the signals over the monitoring duration. Time dependency is responsible for ECG destabilization, which becomes a significant issue for reliable monitoring. This paper proposes a framework that addresses this inadequacy, by updating a gallery template when feature matching is compromised. In addition, strategies for tackling privacy issues in medical data management are proposed. A protocol level solution is discussed, to deal with the ethical issues of this technology. An automatic way of aggregating and managing personal information is presented, designated to operate on the basis of anonymity 4.
The fifth paper is entitled ‘A Topological Interpretation of Fingerprint Reference Point.’ A critical issue in the development of an automated fingerprint identification system is to accurately and reliably detect the reference points. Most existing techniques are based on the singular points of the fingerprint which are sensitive to fingerprint artifacts and are not well defined for arch-type fingerprints. In this paper, the authors present a topological interpretation of fingerprint reference point, where the reference points are posed as topological features of fingerprint structure and can be detected seamlessly from either arch-type or non-arch type fingerprints 5.
The sixth paper's title is ‘Identification with Encrypted Biometric Data.’ In the mobile computing environment, biometric authentication/identification has been used for access control to the sensitive data stored in the mobile device. However, the biometric template stored in the mobile device also needs to be protected. Encryption of the biometric template can provide a strong protection. However, biometric authentication over the encrypted domain is very challenging. This is because conventional cryptography requires exactness while biometrics always presents uncertainty. This paper introduces a method for biometric identification over an encrypted domain. The proposed scheme combines Bloom Filters with Storage and Locality-Sensitive Hashing. It applies this error-tolerant scheme, in a Hamming space, to achieve biometric identification in an efficient way. This is the first non-trivial identification scheme dealing with fuzziness and encrypted data 6.
The seventh paper is entitled ‘Protection of Minutiae-based Templates using Biocryptographic constructs in the Set Difference Metric.’ In the mobile computing environment, the biometric template stored in the mobile device runs a high risk of being attacked due to the higher probability of mobile device being stolen or lost. As biometrics are unique and relatively unchanging during their life time, a compromised biometric means the loss of that particular biometric. In fingerprint applications, an individual has maximum ten fingers. This limited resource of biometric fingerprints will make the compromised fingerprints a serious issue. This paper investigates design issues involved in building authentication systems using minutiae-based fingerprint templates, where the template is protected during comparison as well as storage. Two popular bio-cryptographic schemes based on the set difference metric, the Fuzzy Vault and Pinsketch, are analyzed with regards to theoretical bounds on the template sizes and decision thresholds. The authors define six different minutiae-based templates and for each, determine the quantization parameters that yield the best matching performance at a threshold where the probability of false match is zero. It then determines which, if any of the representations satisfy the theoretical bounds proposed for each bio-cryptographic construct. The authors implement a PinSketch-based authentication system that uses a combination of a commonality and a set-difference measure to securely compare two fingerprint templates, with negligible deterioration in accuracy. Results indicate that to securely correct the degree of intra sample error observed in minutiae-based templates, efficient commonality-based error tolerant cryptographic constructs will be more suited than set-difference based constructs 7.
The eighth paper's title is ‘Palmprint Authentication Using Fusion of Wavelet and Contourlet Features.’ Low resolution palmprint images consist of discriminative multi-sized and multi-directional principal lines and wrinkles. Intuitively, discrete wavelet transform (DWT) is a good choice to extract such patterns due to its space-frequency localization, multi-resolution analysis (MRA) capability, and computational efficiency. However, most of the DWT based palmprint recognition systems fail to report low equal error rate (EER) due to inherent limitations of DWT and shift-rotational variations in the intraclass palmprint images. This paper proposes the techniques for shift and rotation invariant feature extraction using DWT extension. Further, limited directionality due to DWT is overcome by augmenting with features of contourlet transform. Contourlet transform can extract curve singularities effectively with multi-directional decomposition capability; wavelets are good in extracting point singularities. The different views of contourlet transform and DWT on palmprints motivate us to extract contourlet and wavelet features, and examine them for their individual and combined verification performances. The combined mode is found to perform well over their individual performances 8.
The ninth paper's title is ‘A Review On Fingerprint Orientation Estimation’. Fingerprint orientation plays a critical role on fingerprint feature retrieval and processing including fingerprint enhancement, fingerprint classification, and fingerprint recognition. This paper critically reviews the primary advances on fingerprint orientation estimation. Advantages and limitations of existing methods have been addressed. Issues on future development have been discussed 9.
The collection of the above papers in this special issue on Biometric Security for Mobile Computing presents the latest developments on the topic of using biometric security in the mobile computing environment. It offers contributions that are of value to both theory and applications.
Finally, we would like to express our gratitude to the Editor-in-Chief, Prof. Hsiao-Hwa Chen for his advice, patience, and encouragement throughout this process. The papers submitted to this special issue have undergone rigorous peer review process with each paper having received three reviews on average. Most of accepted papers have been through two or three rounds of review. We would like to thank all anonymous reviewers for their hard work and constructive comments, which has made a collection of quality papers in this issue possible. We would also like to thank all authors who have submitted their papers for consideration for this special issue.