Impostor

To evaluate the performance of the system under impostor the number of access to any protected services was investigated, representing the FAR in this case. This would give an indication as to whether given the present impostor data the user

163

would have any opportunities to access a protected service without being authorised to do so. The results as presented in Table 5-11 showed virtually no access to protected services demonstrating high security of the system given the present datasets. The non-rounded zero’s in the results of high usage show that in some occasions an impostor has gain access to a service. Analysis showed that this occurs in the event that in the beginning of activity during the hour were integrity is 0 if an FAR occurs as first access the impostor would gain access if accessing a service immediately after that authentication succeeds. However the services that they would be gaining access were only the services represented by 0 integrity meaning low or no security and in the case of the worst EERs for high usage there were also the occasions of accessing a service with required trust of 1 which also represent very low security requirements.

AL 2

IL 5 AL 5

IL 12 AL 10

IL 25 AL 20 IL 50 High Usage (57 services per hour) Number of protected services accessed Using Best EER approaches 0.0039

(0.0068%) Using Worst EER approaches 0.0261

(0.0456%)

Using Best EER approaches 0

(0.0000%) Using Worst EER approaches 0.0104

(0.0401%)

Using Best EER approaches 0

(0.0000%)

Using Worst EER approaches 0

(0.0000%) Table 5-11: Protected service access by an impostor in absolute numbers and possibility of

access with integrity updates

164

5.3 Discussion

Given the NICA results it can be suggested that the security as well as the transparency the system is notably increased based on the number of samples used.

Furthermore, the time windows appear to notably affect the operation of the framework with more frequent authentication offering a more balanced approach between security and usability. The introduction of integrity updates due to an intrusive request also improves upon performance taking advantage of a high confidence technique. The original degradation function triggering at 20-50min is somewhat unrealistic as it will have a minimal effect upon the security of the system.

Degrading Integrity by 0.5 every 30 mins or 50 mins would take, if the integrity was 5 to reduce to 0, 4.5 hours and 7.5 hours respectively, offering little to the protection of the device. As such, further investigation could seek to determine how these time windows could be alternatively balanced to improve upon security and usability as well as reconsider the degradation function and its effect on the framework.

Compared to the user evaluation the framework gave fair performance – as there was a beneficial situation where the biometric algorithms have no effect in performance. The data attempts to represent a system close to a real scenario showing that integrity increases as long as samples are available. Managing to maintain a good integrity whilst keeping security.

165

6 Modelling of enhanced fusion models

Following the practical evaluation and simulation of NICA and the results obtained an objective was set to explore the improvement of certain operations. Further to the increase of the integrity upon accessing a protected service which showed a notable improvement to the transparency of the framework one of the core operations of NICA was revisited – how biometric samples are used.

Given the fact that NICA operates only on one sample it overlooks the fact that the device could be capturing more than one sample within certain periods. That could be a waste of authentication opportunities that can provide a greater level of confidence for the user’s identity. Given that fusion approaches utilise more than one sample have shown to provide a better operation it was envisaged that an investigation into the use of fusion techniques would enable the production of a more robust approach and the improvement of the NICA framework.

As the capturing mechanism constantly is capturing samples of different biometrics both of the following approaches could be implemented:

• Multi-Instance approach - Use of multiple inputs of the same biometric: A number of biometric samples of a single biometric captured over a specific timeframe could be utilised. This will enable the biometric algorithm to make a more informed decision by having multiple traits to base its decision. At the same time the existence of bad samples could be mitigated or at least decrease the possibility of FAR and FRR due to that cause.

166

• Multi-modal approach: Use of a single input of multiple biometrics: In this case samples of different biometric techniques are utilised. This could enable a more fine balance and tuning tied to the individual user and its preference and furthermore balancing the performance of the individual biometric techniques.

Given that certain techniques may not operate well due to the user or mobile conditions this provides a fused mechanism with the capacity to mitigate some of the downsides of those occasions. This approach could furthermore provide another variance to the security of an individual service, creating a more multifaceted way to attribute security levels.

It is envisaged that any of the above approaches would provide a more dynamic system in comparison to the current one. The original approach although it offered the flexibility of the use of a number of biometric approaches its final decision was very much static based on a single outcome. As became apparent in the evaluation this was far from ideal for certain users and the way that they utilised the mobile device, which on top of the bad performance of the biometric algorithms would sometimes make the authentication decision questionable. For example during the user trial, the use of the Vaio device for some users would produce very bad image samples as the way that the users were holding the device while typing would not capture the entire face resulting to failure of the biometric algorithms. In this case the use of more than one sample or the use of more than one technique during that authentication process could produce a more valid result. That however needs to be balanced so the decision is largely based on the stronger or more appropriate

167

biometric. Therefore consideration needs to be also given to the way that the technique and the weight on the decision will be attributed.

At the same time the system could tune the biometric inputs to fit the individual requirements of the user in case for example certain techniques and features are not very characteristic for a specific user. In such a case the reliance could shift placing more weight to techniques that work better for the specific user. The aforementioned approaches (multi-modal & multi-instance) are by default available for direct application from the NICA framework as depending on the samples available a multi-modal or a multi-instance approach has the dynamic of being applied. As the framework looks to acquire the most recent samples with the higher confidence samples of the same biometric or samples from multiple biometrics could be selected.

A reconsideration of the framework and adaptation of the original NICA framework process and authentication mechanisms that would enable fusion of biometric decisions has taken place as well as an evaluation against the performance of the original NICA. The following sections describe these adapted models and the nature of the simulations and results.