Biometric security for mobile computing

Data and computing resource security has become an integral element in the fabric of information systems. Cryptography has formed a foundation for conventional security theoretical frameworks and applications.However, cryptography is based on either knowledge (i.e., what you know) or possession (i.e., what you have). This is a built-in weakness in traditional authentication approaches, as the true identity of an individual cannot be verified. Biometric security is emerging as a promising solution to the above problems. Biometrics-based authentication schemes use biological traits such as fingerprints, face, iris, hand-geometry, and palm-prints, etc., which are unique for any individual. Biometric security technology has made great progress in both theory and applications. Biometric systems are commonly being used in many applications in our daily life including biometric passports, forensic analysis and other civilian applications. With the rapid development ofmobile networks andmobile computing technology, more and more mobile devices such as mobile phones have evolved from simple voice communication devices to powerful digital handsets with multiple functions such as digital cameras, video recorders, radios, MP3 players, web browsers, gaming terminals, GPS navigators, and mobile TVs. Recently, more and more data-centric services are being provided over mobile networks. In the future, mobile devices will store far more information than earlier handsets, e.g., related to personal data and financial information. Mobile users could use services such as trading stocks, processing micro-payment and managing bank accounts and using online data storage services. The portability ofmobile devices and the convenience of mobile services have made mobile computing increasingly attractive. However it also brings with it the risk of information leakage and illegitimate use. When mobile devices are lost or stolen, not only the devices themselves but also the stored information may fall into the wrong hands. Therefore, biometric security in the mobile computing environments has to deal with the additional challenges of constrained onboard computing resources and the high risk of template compromise. The objective of this special issue, as its title suggests, is to present a collection of high quality research papers that report the latest developments in addressing the challenges of biometric security technology especially in the mobile computing environment. The first paper is entitled ‘A Fingerprint based Bio-Cryptographic Security Protocol Designed for Client/Server Authentication in Mobile Computing Environment.’ This paper proposes a bio-cryptographic protocol that can combine the advantages of the public key infrastructure (PKI) and biometric security. The idea is to transfer the locally matched fuzzy vault index to the central server for biometric authentication using the PKI, which offloads the computation demand to the central server. Biometric cancelable keys are generated while minutiae details are never exposed externally. Establishment of symmetric session keys does not need a conventional key exchange process, which further reduces the vulnerability risk. A J2ME implementation has been provided on the mobile device emulator to validate the feasibility in the mobile computing environment [1]. The second paper is entitled ‘Fusion of Visual and Infrared Face Verification Systems.’ This paper presents a two-stage procedure to combine multiple face traits for identity authentication.At the first stage, a high dimensional random projection is applied to the raw visual and infrared face images to extract useful information relevant to each identity. This is followed by a dimension reduction using eigen feature regularization and extraction. At the second stage, the scores from two verification systems based on each face modality are fused by an error minimization algorithm. This error minimization algorithm directly optimizes the verification accuracy by adjusting the parameters of a polynomial classifier [2]. The third paper is entitled ‘A Chaos Based Encryption Technique to Protect ECG Packets for Time Critical Telecardiology Applications.’ Electrocardiography (ECG) signal is popularly used for diagnosing cardiovascular diseases (CVD). It can also be used for biometric identification. As ECG signals contain sensitive private health information along with details for person identification, they need to be encrypted before transmission through public media. This paper proposes the usage of multi-scroll chaos to encrypt ECG packets. ECG packets are being encrypted by the mobile phones using the chaos key. The proposed scheme attempts to satisfy multiple demands of limited onboard computing resource, fast and secure encryption [3]. The fourth paper’s title is ‘Medical Biometrics in Mobile Health Monitoring.’ This work investigates the feasibility of ECG based identity management in mobile health monitoring applications. A body area network that operates in conjunction with ECG biometric recognition is explored for mobile monitoring of patients, rescuers, pilots,