ICT-2011.1.2 Cloud Computing, Internet of Services & Advanced Software Engineering, FP7-ICT-2011-8 Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal Cloudlets Deliverable Security related services evaluation phase 1 Workpackage: Authors: Status: WP5 Service and Application Development Aranzazu Narganes (CGI), Susana Ortega Guilló(CGI) Draft Date: 19/09/2014 Version: 0.5 Classification: Public Disclaimer: The OPENi project is co-funded by the European Commission under the 7 th Framework Programme. This document reflects only authors views. EC is not liable for any use that may be done of the information contained therein.
OPENi Project Profile Contract No.: Acronym: Title: URL: FP7-ICT-317883 OPENi Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal Cloudlets www.openi-ict.eu Start Date: 01/10/2012 Duration: 30 months Partners Waterford Institute of Technology Coordinator Ireland National Technical University of Athens (NTUA), Decision Support Systems Laboratory, DSSLab Greece Fraunhofer-Gesellschaft Zur Foerderung Der Angewandten Forschung E.V Germany INFORMATICA GESFOR SA Spain AMBIESENSE LTD UK VELTI SA Greece BETAPOND LIMITED Ireland 2
Document History Version Date Author (Partner) Remarks 0.1 01/07/2014 Aranzazu Narganes (CGI) First version 0.2 12/08/2014 Susana Ortega (CGI) Minor updates 0.3 08/09/2014 Susana Ortega(CGI) Updates 0.5 18/09/2014 Susana Ortega (CGI) Minor updates 0.6 29/09/2014 Susana Ortega (CGI) Fixing advices from reviewers 3
Executive Summary This deliverable describes the outcome of T5.1 Security related services evaluation software, phase 1 of the OPENi project. This task is responsible of developing the Service Enablers that provide enhanced features to OPENi developers. These features will be available for WP6 applications. For this first phase, the selected security related service is the Biometric Recognition Service Enabler (SE). For this Service Enabler, it is provided its features, design and a demonstration for the first phase implementation. This Service Enabler (SE) first prototype will be evolved in the next phase in order to enhance their functionalities or implement the missing ones. 4
Table of Contents 1 Introduction... 6 2 Biometrics SE Overview, Motivation and Goals... 7 2.1 Overview... 7 2.2 Motivation, Goals and innovations... 7 2.3 Methodology... 7 3 Biometrics SE Design and Architecture... 8 3.1 Component overview... 8 3.2 Workflow... 8 3.3 API Specification... 10 4 Biometrics SE prototype Implementation... 11 4.1 Outline key components in the Implementation phase... 11 4.2 How it will interface with OPENi... 11 5 Biometrics SE Demonstration and Source code... 13 6 Biometrics SE Conclusions and Outlook... 16 5
1 Introduction Biometric authentication has to ways to confirm the user s identity and profile in an organization: using one or more physical traits or using a behavioural feature. This kind of processes have greatly increased in popularity with the advent of faster computer processors and increased quality in the data collection devices. Physical traits are body features as fingerprint, iris, or ratios between facial features, while behavioural features as speech and tone cadence or rhythm. In the field of security services, the only identified SE so far is the Biometric Comparison SE. This SE will take advantage in mobile devices improvements about sensors and gadgets to be used in any physical property of the device owner. At this point, the OPENi Biometric comparison SE has focused on face recognition. 6
2 Biometrics SE Overview, Motivation and Goals 2.1 Overview The Biometric Comparison Service Enabler (SE) is included in the Task 5.1 as part of the Security related Services in combination with the Security Framework. This SE aims at give OPENi developers the opportunity of including one more security level in their applications. 2.2 Motivation, Goals and innovations For many years, the identification process in an application has been providing a written login and password to access the system. This has been also the traditional method for mobile applications to identify users. Biometric recognition has risen as the most secure identification process. A Gartner report 1 from last year predicts that 30% of all companies will use biometric recognition on mobile devices by 2016. Mobile devices are evolving in such a high speed that in a near future almost very mobile device will be able to accept some kind of biometric recognition. Fingerprint, facial and voice recognition, are the most extended biometrics to identify a user. Among biometric recognition methods we have focused on face recognition. Nowadays, nearly all mobile devices have a good quality camera. We use this camera for taking a picture of the user and comparing it with other ones stored into the device. 2.3 Methodology The focus in this first phase for the Service Enablers has been placed in: a) the design of Biometric Comparison SE (in terms of features, information flow and APIs); b) the design and implementation of the Biometric Comparison SE GUI (android application); In the second phase it is intended to integrate the Biometric Comparison SE in the OPENi platform and Security component. 1 https://www.gartner.com/doc/2595417 7
3 Biometrics SE Design and Architecture 3.1 Component overview The objective of BIOMETRIC SE Prototype is to allow users to log on to their applications across a picture of theirs. This is called face recognition. This process can be split three steps: Face detection: identify a face into a photo Feature extraction: identify key features as distance between eyes Face recognition: identify if the given image matches with the set of stored ones. 3.2 Workflow At this time, the Biometric SE prototype is an Android library which a developer can add to his application. There are two main steps in the flow: training and recognition. First step when using Biometric SE is running the training operation. In the training operation, user s face photos are stored into the mobile device and they will be the identification key for the user. At least ten images are needed to be stored in order to guarantee the recognition. The subsequent recognition process compares one photo, taken in the current moment, with the stored ones for the current user. For the time being, training images are stored into the user s device. In the next phase these images will be stored into the user s cloudlet. The objective of the first implementation phase is providing to the developer a basic API with the features to include in the OPENi application. Training The library identifies the person who will be able to log on to the application. Figure 1: Diagram for Training feature 8
The prerequisite for training is having ten stored images of the person when logging. The images names must have the following format: name + i + jpg, where i is an integer between 1 and 10. The developer must call the public method train in which the training operation is performed. The steps in this method are: Storing 10 images Detecting faces in every one of those images Generating a gray image from each of the stored ones. A correspondence between every of the original images and their gray one is established. Generating a storage space in which to store this correspondence Recognition The library recognizes the person in the picture as a valid user of the application. Figure 2: Diagram from recognition feature The developer must call the public method recognize. The steps followed to perform this action are listed below: Charging the image from the user who intends to be identified. Detecting the face in the provided image. Processing the image with opencv methods. With opencv FaceRecognizer, this image will be compared with the stored training images. A Boolean will be returned depending on the result of recognition process. 9
3.3 API Specification For this first phase, the defined Android API is the following /** @cloudletid: cloudlet which user is going to be identified **/ public void train(string cloudletid) /** @cloudletid: cloudlet which user is going to be identified @myimage: Image file which is going to be used to identify the cloudlet owner. **/ public boolean recognize(string cloudletid, File myimage) 10
4 Biometrics SE prototype Implementation 4.1 Outline key components in the Implementation phase The Prototype BIOMETRIC SE is a library based on open source technology. It has been developed using JavaCV 2 with OpenCV 3 for Android. We have selected the OpenCV due to it has become the main tool for software computer vision, is open source and it provides an Android SDK. Wide information and examples are available. One main point to have in mind is that OpenCV needs a huge amount of RAM to process images. The minimum requirements for developing with OpenCV in Android are the following: Sun JDK 6 (Sun JDK 7 is also possible) Android SDK Tools, revision 20 or newer. SDK Platform Android 3.0 (API 11): Android 2.2 (API 8 is the minimal platform supported by OpenCV Java) 4.2 How it will interface with OPENi The Biometric SE will be in full contact with the Authentication and Authorization component. This will be the component which will really give access to the OPENi platform. On the other hand, the future Service Enabler will have to access to the cloudlet in order to access to the user s personal data e.g. to the user s profile photo, to compare it with the given one. So that, we can say the Biometric SE will interact with components from WP4: Profile API (supposed the images for training are accessible via this API) Authentication & Authorization (next phase) User s cloudlet And of course, any application developed in WP6 or by any OPENi developer will be able to add this feature to its development. 2 https://github.com/bytedeco/javacv 3 http://opencv.org/ 11
Figure 3: Biometric SE specification 12
5 Biometrics SE Demonstration and Source code To demonstrate the operation of BIOMETRIC SE, we have implemented a test application that only includes a button that connects to the library of facial recognition (Figure 4). Figure 4: Login to the app Once we are in the face recognition application, we can use either the front camera or the back one, by clicking the camera application button (Figure 5). 13
Figure 5: Screen with camera button Training The "Entrenar" (Training) button is pressed, the face is focused, the person's name is entered, the "Rec" button and finally press the "Parar Entreno" (Stop Training) button (Figure 6) is pressed. Figure 6: Training process Recognition Face is focused, press the button "Buscar" (Search) on the application for testing, if the application of facial recognition focused person recognizes the initial application will be displayed with an OK message (Figure 7). In case you do not recognize the person in focus the initial application will be displayed with a message of KO (Figure 8). 14
Figure 7: Ok result Figure 8: Failed to recognize one face 15
6 Biometrics SE Conclusions and Outlook With the Biometric Comparison SE, OPENi is able to offer a higher level of security to developers. Each of them will decide if include this feature to his application. Next step for this component will be implementing the interaction with de Authentication and Authorization component and the cloudlet integration. After that, we will try to add any other biometric comparison as identifying the user by a sequence of video, with gestures directed (randomly) by the application. In such use case, the pattern would be a video of the user. The user is told by the mobile phone when the user must smile and when not. That way, the hacking of the system by showing a static picture of the user is not possible. 16