Factors Influencing the Adoption of Biometric Authentication in Mobile Government Security Thamer Omar Alhussain Bachelor of Computing, Master of ICT School of Information and Communication Technology Science, Environment, Engineering and Technology Group Griffith University Submitted in fulfilment of the requirements of the degree of Doctor of Philosophy June 2011
Abstract ABSTRACT This dissertation presents a new substantive theory that identifies and describes the factors that influence the adoption of biometrics in the security of m-government applications. The developed theory is specific to a particular context and area of the application of biometric authentication into mobile devices for government services in the Kingdom of Saudi Arabia (KSA). Given the continuing growth of mobile phone and Internet services, this dissertation is significant since it adds to current knowledge on how biometric authentication can play an integral role in providing secure m- government services. More specifically, this dissertation provides rich insight into understanding the adoption factors based on the concerns and perceptions of users, service providers, and network operators regarding the application of biometric authentication to mobile devices for government services. This dissertation is theoretically significant, because while the weakness of the current authentication method in mobile devices introduces additional demands to ensure that advanced authentication methods are used, no known research exists on the adoption of biometric authentication in mobile devices for government services, especially in Saudi Arabia. This dissertation addresses the gap in the literature by presenting an empirical study based on an analysis of the concerns and perceptions of mobile communication users, service providers, and mobile network operators regarding the application of biometric authentication to mobile devices for m-government services in Saudi Arabia. The research presented in this dissertation is based on the interpretivist paradigm of research which assumes that people generate their own subjective and intersubjective meanings about the world as they socially interact with the world around them. This interpretivist paradigm of research is carried out by the use of grounded theory methodology. Data collection processes include a questionnaire and semi-structured interviews. In particular, eleven face-to-face semi-structured interviews were conducted with the managers of online services and the IT security managers of mobile e-government service providers. Four semi-structured interviews were also conducted with managers and IT security providers in mobile communication network services. In addition, a survey questionnaire was distributed to mobile communication Page i
Abstract users in order to collect larger amounts of data on the users concerns and perceptions in a shorter time scale than would have been possible with interviewing mobile phone users. A total of 311 questionnaires with a response rate of 74% was included in this study and subjected to statistical analysis and procedures. As concepts and categories were developed based on the questionnaire results, the results were also involved in the application of grounded theory. The main findings presented in this dissertation consist of the development of a substantive theory for the adoption of biometric authentication for m-government applications in Saudi Arabia. These findings indicate that acceptance factors include relative advantage, compatibility, ease of use, trialability, observability, trust, and privacy, as well as contributory factors involving availability, awareness, legislation, economical aspects, and social and cultural aspects, which are the most important factors that will enable the KSA in achieving the adoption of biometric authentication in m-government security. The dissertation also identifies several needs, perceptions, and concerns of mobile phone users, service providers, network operators as well as system factors including requirements and procedural issues regarding the application of biometrics in m-government security. Furthermore, the analysis in this dissertation reveals a number of technical and non-technical challenges that would influence the adoption of biometrics in m-government. The identified technical challenges include infrastructure, growing a biometrics database, making mobile devices with biometric attachments available around the country, integrating biometrics along with a Public Key Infrastructure (PKI) in the smartcards of the mobile device, theft and penetrating possibility of biometric capture, and dealing with authentication errors in the system. The non-technical challenges include financial issues, registration and enrolment processes, lack of IT experts in the KSA, and lack of current relevant research. In this dissertation, a substantive theory is developed to explain the factors influencing the adoption of biometrics in m-government in Saudi Arabia. Therefore, the conclusions do not claim to be widely generalizable as the research is limited to a particular context and specific geographical area. However, future research in other geographical areas with different cultural backgrounds is recommended, as a number of substantive theories can help to create more general formal theory. This dissertation contributes to current knowledge by identifying and describing the factors that influence the adoption of biometric authentication in m-government Page ii
Abstract applications in the Saudi Arabian context. It improves understanding about the concerns and perceptions of mobile phone users, service providers, and network operators regarding the application of biometric authentication to mobile devices for government services. It further discovers the reasons why mobile communication users prefer the use of biometric authentication in their mobile devices to conduct government services. Moreover, it identifies the needs and requirements for service providers to adopt the use of biometrics for m-government services. In addition, this dissertation provides decision-makers with practical information regarding an appropriate authentication approach for the security of m-government services, as well as information on how biometric technology can be adopted for m-government applications. The practical contribution includes the design of an authentication system, based on the requirements of service providers and network providers, as appropriate for applying biometric technology in m-government security. Keywords M-government, biometric, authentication, adoption, qualitative study, grounded theory, Saudi Arabia. Page iii
Statement of Originality STATEMENT OF ORIGINALITY This work has not previously been submitted for a degree or diploma in any university. To the best of my knowledge and belief, the dissertation contains no material previously published or written by another person except where due reference is made in the thesis itself. Page iv
Acknowledgments ACKNOWLEDGEMENTS After sincerely thanking Allah for all blessings and for giving me the ability to fulfil this research, I would like to thank all the people who provided me with their assistance, support and guidance. First of all, I truly appreciate and wish to acknowledge my father and my mother for their enormous efforts and sacrifices to help, encourage, and support me. I would also like to express my deep gratitude to my wife and my son Omar. I am grateful to my wife for her kind encouragement and for marvellously providing the convenient atmosphere for me to complete my research. In addition, I would like to express my sincere gratitude and appreciation to my principal supervisor, Dr. Steve Drew, for his kind and valuable advice. His great help and positive support guided me immensely to accomplish my research. I would like to genuinely thank my Associate Supervisor, Associate Professor Liisa von Hellens, for her guidance, encouragement, and support along the way. I would also like to thank the Griffith School of Information and Communication Technology, in particular staff members and my PhD colleagues who provided me with useful knowledge throughout my academic journey. Finally, I would like to express my grateful thanks to my brothers and sisters and all my friends who supported me throughout this research, motivated me through their kind advice and encouraged me to pursue this degree. Page v
Publications PUBLICATIONS Based on this PhD dissertation, a number of peer-reviewed papers were produced as the follows. Journal Publications Alhussain, T and Drew, S 2010, Employees' Perceptions of Biometric Technology Adoption in E-Government: An Exploratory Study in the Kingdom of Saudi Arabia, International Journal of E-Adoption (IJEA), IGI Global, vol. 2, no. 1, pp. 59-71. Book Chapters Alhussain, T and Drew, S 2012, Developing a Theoretical Framework for the Adoption of Biometrics in M-Government Applications Using Grounded Theory, Information System, Kalloniatis, C (ed), InTech. ISBN 979-953-307-585-2. Accepted Conference Papers Alhussain, T, Drew, S and von Hellens, L 2010, Qualitative Study on Implementing Biometric Technology in M-Government Security: a Grounded Theory Approach, 5th International Conference on Qualitative Research in IT & IT in Qualitative Research (QualIT2010), November 29-30, 2010 Brisbane, Australia. ISBN: 978-1-921760-07-5. Alhussain, T and Drew, S 2010, Towards Secure M-Government Applications: A survey study in the Kingdom of Saudi Arabia, International Conference on Intelligent Network and Computing (ICINC 2010), November 26-28, 2010, Kuala Lumpur, Malaysia. ISBN: 978-1-4244-8270-2. Alhussain, T, Drew S and Alfarraj, O 2010, Biometric Authentication for Mobile Government Security, An application of grounded theory, 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems (ICIS 2010), October 29-31, 2010, Xiamen, China, pp.114-118. ISBN: 978-1-4244-6582-8. Alhussain, T and Drew, S 2009, Towards User Acceptance of Biometric Technology in E-Government: A Survey Study in the Kingdom of Saudi Arabia, Software Services for e-business and e-society, IFIP Advances in Information and Communication Technology, Vol. 305, Springer, pp. 26-38. Page vi
Table of Contents TABLE OF CONTENTS ABSTRACT... i STATEMENT OF ORIGINALITY... iv ACKNOWLEDGEMENTS...v PUBLICATIONS... vi TABLE OF CONTENTS... vii LIST OF FIGURES... xii LIST OF TABLES... xiii CHAPTER ONE: INTRODUCTION...1 1.1 Introduction...1 1.2 Research Aims and Questions...2 1.3 Research Approach and Method...3 1.4 Research Contributions...5 1.5 Justification for and Significance of the Research...6 1.6 Outline of the Dissertation...9 CHAPTER TWO: LITERATURE REVIEW...12 2.1 Introduction...12 2.2 Electronic and Mobile Government...13 2.2.1 M-Government Applications...14 2.2.2 M-Government Benefits...15 2.2.3 M-Government Requirements...16 2.2.4 M-Government Challenges...18 2.3 Information Security and M-Government...19 2.3.1 Information Assurance...19 2.3.2 Authentication Strategies...22 2.3.3 Security for Mobile Devices...22 2.3.4 Security for Network Operators...23 2.3.5 Security for Service Providers...24 2.3.6 Security for Users...24 2.3.7 The Current Authentication System in M-Government...25 2.3.8 Biometrics as a Security Solution...26 Page vii
Table of Contents 2.4 Overview of Biometric Technology...28 2.4.1 Biometric Systems Performance Measures...29 2.4.2 Properties of Biometrics...30 2.4.3 Application Areas of Biometrics...31 2.4.4 Types of Biometric Technology...32 2.4.5 Disadvantages of Biometric Technology...35 2.4.6 Privacy Concerns about the Use of Biometric Technology...36 2.5 Information and Communication Technology in the Kingdom of Saudi Arabia...36 2.5.1 Information on National Planning in the KSA...37 2.5.2 E-Government in the Kingdom of Saudi Arabia...40 2.5.3 Government Electronic Transactions System (Yesser)...42 2.5.4 M-Government Applications in the KSA...45 2.6 Locating this Dissertation...47 2.6.1 Users...48 2.6.2 Service Providers...49 2.6.3 Network Operators...50 2.7 Conclusion...50 CHAPTER THREE: ADOPTION OF TECHNOLOGY...53 3.1 Introduction...53 3.2 Current Biometric Applications...53 3.2.1 Biometrics in E-Government...53 3.2.2 The Use of Biometrics in the KSA...55 3.3 Factors Influencing Adoption of Technology...56 3.3.1 Technology Acceptance Model...56 3.3.2 Unified Theory of Acceptance and Use of Technology...57 3.3.3 Diffusion of Innovation...58 3.3.4 Adoption Factors among Empirical Studies...60 3.3.5 Biometric Adoption among Empirical Studies...61 3.4 Related Issues to the Adoption of Biometrics in M-Government...61 3.4.1 Comparing Biometrics for Mobile Devices...62 3.4.2 Biometrics in Mobile Devices...62 3.4.3 Biometrics and M-Government...63 Page viii
Table of Contents 3.4.4 Public Key Infrastructure (PKI)...63 3.4.5 Social and Cultural Aspects...64 3.5 Summary of the most Relevant Literature...65 3.6 Conclusion...68 CHAPTER FOUR: RESEARCH METHODOLOGY...70 4.1 Introduction...70 4.2 Research Questions and Outcomes...70 4.3 Research Paradigm...73 4.4 Research Assumptions...73 4.5 Social Informatics...74 4.6 Data Collection Techniques...75 4.6.1 Interviews of Service Providers and Network Operators...76 4.6.2 Questionnaire for Mobile Communication Users...78 4.7 Method of Sampling...79 4.8 Pilot Study...80 4.9 Data Analysis Techniques...81 4.10 Grounded Theory...81 4.10.1 Substantive and Formal Theory...83 4.10.2 Justification for Using Grounded Theory...84 4.10.3 Application of the Grounded Theory...85 4.10.4 Critique of Grounded Theory...88 4.11 Rigor, Validity, and Reliability...88 4.12 Ethical Consideration...90 4.13 Conclusion...90 CHAPTER FIVE: SURVEY FINDINGS...92 5.1 Introduction...92 5.2 Survey Data of Mobile Phone Users...92 5.2.1 Demographics of the Survey Participants...93 5.2.2 ICT Experience...94 5.2.3 Mobile Device and Government Services...98 5.2.4 Mobile Device Security...100 5.2.5 Biometrics and Mobile Government Services...103 Page ix
Table of Contents 5.3 Distinguishing Survey Responses Based on Gender...106 5.4 Exploring Relationships among Mobile Phone Users Perceptions...107 5.4.1 Correlation between the Loss of Mobile Device and the Preferred Method of M-Government Authentication...107 5.4.2 Correlation between the Risk of Disclosure of Personal Information and the Preferred Authentication Method of M-Government...108 5.4.3 Correlation between the Risk of Disclosure of Personal Information and the Willingness to Pay more Money to have Biometrics in the Mobile Device109 5.4.4 Correlation between the Experience of Using Biometric Authentication and the Preferred Authentication Method of M-Government...110 5.4.5 Correlation between the Importance of the Information Stored in a Mobile Device and the Preferred Authentication Method for a Mobile Device111 5.4.6 Correlation between the Importance of the Information Stored in a Mobile Device and the Consideration of Applying Biometrics to Protect the Information in a Mobile Device...112 5.4.7 Correlation between the Trust in Biometrics and the Reasons for not Conducting any Government Service via a Mobile Device...113 5.5 Conclusion...114 CHAPTER SIX: GROUNDED THEORY DATA ANALYSIS...116 6.1 Introduction...116 6.2 Process and Procedure of Grounded Theory...116 6.3 Open Coding...117 6.4 Axial Coding...118 6.5 Selective Coding...125 6.6 Conclusion...127 CHAPTER SEVEN: FACTORS INFLUENCING THE ADOPTION OF BIOMETRIC AUTHENTICATION IN M-GOVERNMENT...129 7.1 Introduction...129 7.2 Entities Factors...129 7.2.1 Organisational Factors...130 7.2.2 Users Factors...140 7.2.3 System Factors...147 7.3 Enabling Factors...152 7.3.1 Acceptance Factors...153 7.3.2 Contributory Factors...158 7.4 Challenges...163 Page x
Table of Contents 7.4.1 Technical Challenges...163 7.4.2 Other Related Challenges...166 7.5 Conclusion...168 CHAPTER EIGHT: THEORETICAL FRAMEWORK FOR THE ADOPTION OF BIOMETRIC AUTHENTICATION IN M-GOVERNMENT...170 8.1 Introduction...170 8.2 The Theoretical Framework...170 8.3 Integrating Biometric Systems in M-Government...176 8.3.1 Integrating Biometrics into Mobile Devices...178 8.3.2 Authentication System for Biometrics in M-Government...178 8.3.3 Issues for Consideration...179 8.4 Conclusion...182 CHAPTER NINE: CONCLUSIONS...184 9.1 Introduction...184 9.2 Fulfilment of Research Objectives...184 9.3 Considerations for the Adoption of Biometrics in M-Government...186 9.4 Contribution to Knowledge...188 9.4.1 Theoretical Contribution...188 9.4.2 Methodological Contribution...190 9.4.3 Practical Contribution...191 9.5 Evaluation of the Research...191 9.6 Limitations...194 9.7 Future Research...195 9.8 Conclusion...195 REFERENCES...197 Appendix A: List of Open Codes...212 Appendix B: Distinguishing Survey Data Based on Gender...221 Appendix C: Interview Guide for Service Providers...234 Appendix D: Interview Guide for Network Operators...236 Appendix E: Questionnaire (English version)...237 Appendix F: Questionnaire (Arabic version)...244 Appendix G: Ethical Clearance Certificate...251 Appendix H: Glossary of Terms...252 Page xi
List of Figures LIST OF FIGURES Figure 1: McCumber INFOSEC Model (1991)...19 Figure 2: Information Assurance Model...20 Figure 4: Iris recognition...32 Figure 5: Hand recognition...33 Figure 6: The Saudi e-government program (Yesser)...42 Figure 7: Saudi Mobile Service Market Growth...46 Figure 8: Saudi Internet users...46 Figure 10: Technology Acceptance Model...57 Figure 11: Unified Theory of Acceptance and Use of Technology...58 Figure 12: Mobile AFIS...63 Page xii
List of Tables LIST OF TABLES Table 1: Summary of the most relevant literature on the research topic...68 Table 2: The links between research outcomes, techniques and questions...72 Table 3: Demographics...93 Table 4: ICT Experience...96 Table 5: Mobile Device and Government Services...99 Table 6: Mobile Device Security...102 Table 7: Biometrics and Mobile Government Services...104 Table 8: Correlation between the loss of a mobile device and the preferred method of m-government authentication...107 Table 9: Correlation between the risk of disclosure of personal information and the preferred authentication method of m-government...108 Table 10: Correlation between the risk of disclosure of personal information and the willingness to pay more money to have biometrics in the mobile device...110 Table 11: Correlation between the experience of using biometric authentication and the preferred authentication method of m-government...110 Table 12: Correlation between the importance of the information stored in a mobile device and the preferred authentication method for a mobile device...111 Table 13: Correlation between the importance of the information stored in a mobile device and the opinion of applying biometrics to protect the information in a mobile device...113 Table 14: Frequency for the trust in biometrics in m-government security and the reasons for not conducting any government service via a mobile device...114 Table 15: Axial codes...124 Page xiii