Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues

TL;DR

This paper reviews and classifies authentication schemes for smart mobile devices, analyzing threat models, countermeasures, and categorizing existing schemes while highlighting open challenges and future research directions.

Contribution

It provides a comprehensive classification and comparison of authentication schemes and threat models for smart mobile devices, addressing gaps and open issues in the field.

Findings

Classification of threat models into five categories.

Categorization of authentication schemes into four types.

Identification of open challenges and future research directions.

Abstract

This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we describe and give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to these, we categorize authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channel-based authentication schemes, 3) factor-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in the form of tables. Finally, we identify open challenges and future research directions.