AMBER project will host ten Marie Skłodowska-Curie Early Stage Researcher (ESR) projects across five EU universities. Receiving direct support from seven industrial partners to mentor the project development and check its alignment with market necessities. The aim of the Network is to collate Europe-wide complementary academic and industrial expertise, train and equip the next generation of researchers to define, investigate and implement solutions to ensure secure, ubiquitous and efficient authentication whilst protecting privacy of citizens.
Over recent years the ubiquity of mobile platforms such as smartphones
and tablets devices has rapidly increased. These devices provide a range
of untethered interaction unimaginable a decade previously. With this
ability to interact with services and individuals comes the need to
accurately authenticate the identity of the person requesting the
transaction many of which carry financial/legally-binding instruction.
Biometric solutions have also seen increased prominence over the past decade with large-scale implementations in areas such as passport and national ID systems. The adoption of specific biometric sensors by mobile vendors indicates a long-term strategy as a means of authentication. This adoption is at critical point – users need to be confident of biometrics in terms of usability, privacy and performance; compromise in any one of these categories will lead to mistrust and a reluctance to adopt over and above conventional forms of authentication. The design, implementation and assessment of biometrics on mobile devices therefore requires a range of solutions to aid initial and continued adoption. The EU needs to have experts trained specifically in the field to ensure that it participates, competes and succeeds in the global market.
AMBER comprises four core elements to provide the training to recruited Early Stage Researchers (ESRs):
- a host Beneficiary institution will provide resources and expertise directly associated with each of the projects
- a secondment to a ‘link’ academic institution (another of the Academic Beneficiaries) working in a complementary sub-discipline providing additional expertise and resources
- an industrial secondment within a company (Partner Organisation such as ElevenPaths) that will enable a understanding of the current and future market demands on solutions, access to industrial and customer resources and possible integration of solutions into market-leading technology implementation
- a series of coordinated training events linking the various projects within AMBER and providing a range of transferable skills to ensure effective future research and development within the field.
ElevenPaths will support the University Carlos III of Madrid (UC3M) in the ESR9, Vulnerability assessment in the use of biometrics in unsupervised environments:
Using biometrics on mobile devices means that the authentication will be carried out without any kind of supervision. As there is no supervision, the user (or anyone having obtained access to the device) is able to perform any kind of attack to the authentication process without restriction. Therefore, mechanisms to detect those attacks and avoid the misuse of the device shall be implemented. Although this target is common to many other kind of authentication systems, new challenges appears when considering the use of mobile devices. The first one is the variety of manufacturers, models and operating systems of the devices owned by citizens. This challenge means that the solutions obtained shall be as multiplatform as possible. Another challenge is that mobile devices have not been manufactured considering biometric authentication, not even authentication itself, but for providing other kind of services to the users (e.g. calls, data connection, web-browsing, etc.). This means that the researcher should a-priori not consider any kind of help from device manufacturers, even though some manufacturers may be initially against any kind of suggestion to integrate new sensors due to a potential increase of its cost. On the other hand, mobile devices have many other sensors that could be exploited by the authentication process in order to mitigate vulnerabilities. So another challenge is to analyse how these can be used for the benefit of the citizen at low cost.
This three year project will start by studying biometrics, mobile technologies and security. Following this, security analysis and risk assessment will be performed by the ESR, targeting different use cases. With the results obtained, in particular all the vulnerabilities detected, R&D will be conducted to develop a quantifiable framework and tools to identify and mitigate for vulnerabilities, keeping universality at a viable level (i.e. not reducing significantly the user population by the introduction of mechanisms). The mechanisms developed will be integrated in some of the most common applications to check performance, robustness and user acceptance, promoting the use of the device and framework by the industry.