SOLUTION: Protect an Email & Account to Authenticate by OTP & Fingerprints Literature Review

Get Custom Essay on SOLUTION: Protect an Email & Account to Authenticate by OTP & Fingerprints Literature Review

Let Our Team of Pofessional Writers Take Care of Your Paper.

HI again. Your work is ready. Please have a look and let me know whether there is any additional input needed from my side. Good bye for now


The Effectiveness of OTPs and Fingerprint Scanners in Protecting Emails and Accounts
Student Name
Institution Affiliation


The extensive use or utilization of digital tools have streamlined and eased various
aspects of human society. However, the effectiveness, functionality and reliability of all
forms of technology are being threatened by a multitude of security threats (Fruhlinger, 2020;
Letić (2019). Malicious entities will always attempt to compromise the security or stability of
computing and the general information technology architecture. Some of the most notable
security threats include phishing, denial of service attack, a man in the middle attack, and
social engineering among others (Sood, Sarje, and Singh, 2011). Although stakeholders have
adopted measures to prevent such security threats, it is always difficult to have a maximum or
tamper-proof security. Part of the reason stems from the fact that hackers are always a step
ahead of security developments. Such threats are quite dynamic and agile that it becomes
difficult to prevent or stop them. Emails and online accounts are key targets for hackers.
Phishing, password-guessing and brute force attacks are common techniques hackers utilize
to gain access to password-protected emails and online accounts.
Available data supports this claim. Fruhlinger (2020) reveals that 94% of all malware
is delivered via email. Additionally, phishing attacks are the most common form of attack as
they represent 80% of all reported cyber-attack cases. Letić (2019) indicates that phishing
attacks were responsible for 91% of all cyber-attacks against large corporations. In 2019
alone, there were 3.2 million cases of identity theft (Insurance Information Institute, 2020).
These numbers confirm that the security of emails and online accounts is constantly under
threat. Therefore, to guarantee the security of the emails and accounts, researchers developed
various mechanisms such as the one-time password (OTPs) and fingerprint scanners which
act as a second layer of security (Eldefrawy, Khan, Alghathbar, Kim, & Elkamchouchi, 2011;
Ting and Mafera, 2014).


However, such security measures are not sufficient because of the dynamism of the
security landscape. People protect their email accounts using OTPs or fingerprint scanners,
but still, their security is compromised (Sood, Sarje, and Singh, 2011). The purpose of this
literature review is to evaluate the effectiveness of OTPs and fingerprint scanners in
protecting emails and accounts. In this respect, this chapter will describe, evaluate and
critically discuss the contributions of various authors on how OTPs and fingerprint scanners
can protect their emails and accounts. The contributions have been organized into themes and
subthemes to present the arguments.
Research Questions
❖ What is the effectiveness of OTPs and finger-printer scanners in protecting user
accounts against cybercrimes?
❖ What is the effectiveness of OTPs in protecting emails and accounts?
❖ What is the effectiveness of fingerprint scanners in protecting emails and accounts?
❖ What OTPs and fingerprint scanners measures can users adopt to protect their emails
and accounts?
Theoretical Framework
OTPs are a form of two-factor authentication (2FA) that is generated as either a string
or number. OTPs can be delivered through a code or voice after which the users have to key
it in an email or online account to confirm identity. These passwords can be linked to a
mobile phone such that certain login scenarios demand that one to key in the code. Failure to
enter the code means that the user cannot gain access. A graphical representation of the way
the OTPs works is represented below.



Illustration 1: The Operation of the OTPs Framework (Eldefrawy, Khan, Alghathbar,
Kim, Elkamchouchi, 2011)
Describing the diagram above, the system first prompts the user to enter the password
and username (first factor of authentication). Subsequently, the system prompts the user to
enter the OTP which was previously delivered through a mobile phone or any other method.
The user now has to enter the OTPs in an input field within a specified period of time
(Eldefrawy, Khan, Alghathbar, Kim, and Elkamchouchi, 2011). If the OTPs restrictions are
satisfied, then the user gains access.
Ting and Mafera (2014) claim that OTPs can be generated by dedicated devices such
as Go-Token or by a software program. Even though OTPs are reliable to a given extent, they
are nevertheless associated with certain vulnerabilities. Sun, Sun, Wang, and Jing (2015) add
that OTPs complement the traditional ID and password system by adding an extra layer of
security. There are two common types of OTPs, namely; time-based OTP and HMAC-based
OTPs (event-based). Furthermore, OTPs can also be understood from a hardware or software
perspective. The hardware-based OTP uses a built-in clock and a factory-encoded secret key.
On the other hand, software-based OTPs have similarly become popular particularly with the
increased use of smartphones. Here, an application is installed into the user device and can
prompt for code input to access to system applications.
The Bank of America Merrill Lynch is one of the entities that utilize a software-based
OTP solution. (Finextra Research, 2019). Users need to install an App on Apple Watch which


allows them to generate an OTP in order to access its Cash-Pro App. However, softwarebased OTPs are relatively less secure because the operating system can be compromised.
Additionally, rootkits can steal the OTP and thirdly, denial of service attacks can prevent the
generation of OTPs in real-time (Sun, Sun, Wang, and Jing, 2015).
In terms of advantages, OTPs are useful as they provide an extra layer that can
prevent an unauthorized access to an email or account. Furthermore, OTPs can prevent
spammers and bots as they can show whether a user is a human or robot. However, despite
the benefits conferred by OTPs, they nevertheless experience issues. OTPs are similarly
exposed to many other security issues. More specifically, wireless interceptions have the
capability to intercept the OTPs as they can by-pass the installed security layers. As shown in
illustration 1 above, the OTPs can be sent to mobile phones which are powered by small 3G
base stations (“femtocells”) (Mulliner, Borgaonkar, Stewin, & Seifert, 2013). However,
attackers can install a modified firmware on the femtocell, effectively allowing third parties
to eavesdrop on the communication between the base stations and mobile phones. As such,
hackers can intercept all forms of communication such as SMS, voice calls and MMS. In the
past, GSM technology was the preferred model of delivering SMS to users, but this system
has security issues (Karia, Patankar, and Tawde, 2014). That is, it had weak encryption
algorithms and the lack of mutual authentication. Therefore, wireless interceptions are
possible due to protocol weaknesses at the femtocell and weak encryption algorithms as well
as lack of mutual authentication.
Mobile Trojans are a rising threat to OTPs. These are malwares that can intercept
SMS containing OTPs. These malwares are created to steal the SMS particularly those
involving financial transactions (Mulliner, Borgaonkar, Stewin, and Seifert, 2013). For
instance, the ZITMO Trojan that could install on the Symbian OS. And receive an SMS from
a mobile network and immediately forward it to a predefined mobile number (Mulliner,


Borgaonkar, Stewin, and Seifert, 2013). Once the hacker received the OTP, he or she could
easily login into the target network. However, McDonald (2017) warns that the manner in
which Trojans hijack mobile phone is not well known. This is a weakness that should be
researched in depth.
Fingerprint Scanners for Account Security
Fingerprint scanners have also been adopted to enhance user security on online
systems. These scanners use biometric template data to authenticate user identity (Yang and
Wang, 2019). This data is stored in a database and should be protected from unauthorized
access. This is because once the data is compromised; then hackers can create new identities.
An illustration of a fingerprint identification process is shown below.

Illustration 2: The Finger Print Identification Process (Das, and Debbarma, 2011)
The illustration 2 above shows that in the identification process, the user is required to
enroll the fingerprint. The fingerprint sample take is transmitted to the database for
authentication. If the stored sample and the new sample match, then access is granted. Any
mismatch will lead to access denial. Fingerprint scanners or biometrics systems have been
described by some as secure compared to pins. Fernandez-Saavedra, Liu-Jimenez, RosGomez, and Sanchez-Reillo (2016) claim that fingerprint sensors differ in terms of
characteristics are as shown below.



Illustration 3: Types of Finger Print Sensors (Fernandez-Saavedra, Liu-Jimenez, RosGomez, and Sanchez-Reillo, 2016)
As shown in illustration 3 above, the sensors differ in numerous ways. For instance,
sensor D1 is active thermal, while sensor D2 is active capacitive and sensor D3 is active
capacitive. The sensors can also capture different image sizes. Therefore, based on the project
in use, one can select sensors and database that suit the objectives being pursued (FernandezSaavedra, Liu-Jimenez, Ros-Gomez, and Sanchez-Reillo, 2016).
Das and Debbarma (2011) claim that fingerprint scanners are secure because of the
digital fingerprint. This technology has made ATMs more secure because even if a customer
loses the card, it would be difficult for another party to use due to the absence of the digital
fingerprint. The authors similarly argue that fingerprint authentication is the most popular
form of biometric authentication system due to several factors. One, it is easy to use,
accurate, cost-effective and secure. Turnbull et al. (2020) claim that fingerprint scanners can
be effective but if user biometric data is accessible to the public, then the reliability declines.
However, Boodaei (2019) claims that fingerprint authentication systems have some
weaknesses. Boodaei (2019) argues that this form of biometric authentication is not secure
because it still relies on old security measures such as passwords. The author observes that it
is still possible to breach the usual password-entering process and overcome the restrictions
placed by fingerprint authentication (Boodaei, 2019). Kleut (2020) holds similar views that
fingerprint authentication can be compromised if the biometric data is made public. To make


fingerprint authentication securer, users need to use a strong password, keep software updated
or adopt other security measures.
The Effectiveness of OTPs and Fingerprint Scanners
The Effectiveness Fingerprint Scanners
Different authors hold varied positions regarding the effectiveness of OTPs and
fingerprint scanners in protecting emails and accounts. Kleut (2020) argues that OTPs may
not be effective because fingerprint authentication can be compromised in the event that the
biometric data is made public. The author argues that biometric when data such as
fingerprints are made public, it becomes easier for malicious entities to access and
compromise systems. The biggest challenge, Kleut (2020) continues, is that biometric data
cannot be changed or modified. This is unlike passwords which can be amended as security
circumstance demand. However, Kleut (2020) claims that fingerprint scanners can be
effective if users limit the exposure of their biometric data. To make fingerprint
authentication securer, users need to use a strong password, keep software updated or adopt
other security measures (Kleut, 2020).
Furthermore, Galbally-Herrero et al. (2006) claim that the use of fingerprints is
ineffective because the fingerprint processing system can easily be bypassed by inexpensive
approaches. That is, the authors claim that the installed fingerprint scanning system can be
compromised by submitting fake fingers or by using gelatin or silicon. Matsumoto et al.
(2006) similarly question the effectiveness of fingerprint authentication. The researchers
experimented by using a cyber-attack technique known as spoofing in which they attacked
fingerprint verification systems. The experiment showed that the fingerprint verification
systems had vulnerabilities of in-between 68%-100% (Matsumoto et al., 2006). This means
that on the extreme end, any fingerprint verification system can be compromised through


In contrast, Marasco and Sansone (2010) assert that fingerprint authentication systems
can be secure but only if they are robust. The authors claim that past methods were unable to
discriminate between live and fake samples (Marasco and Sansone, 2010). Furthermore, some
of the past approaches were unable to capture quality images. In this respect, the authors
propose a “liveness” detection algorithm that can withstand any spoofing attack. The liveness
system can detect multiple features derived from texture analysis. This approach has
advantages because it is cost-effective and can work with only one image. However, the
liveness detection algorithm proposed by Marasco and Sansone (2010) may not be effective
if the arguments advanced by Boodaei (2019) and Kleut (2020) are to be considered.
Whereas Marasco and Sansone (2010) argue that fingerprint verifications systems are
secure on its own, Boodaei (2019) and Kleut (2020) counter-argue that the verification
systems have to be supported by other security mechanisms. Specifically, Boodaei (2019)
argues that biometric authentication is not secure because it still relies on old security
measures such as passwords. He asserts that it is possible to breach the usual passwordentering process and overcome the restrictions placed by the fingerprint authentication
(Boodaei, 2019).
Furthermore, Kleut (2020) observes that fingerprint verifica…

Calculate the price for this paper
Pages (550 words)
Approximate price: -

Try it now!

Calculate the price for this paper

We'll send you the first draft for approval by at
Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

Best Quality Essays has stood as the world’s leading custom essay writing services providers. Once you enter all the details in the order form under the place order button, the rest is up to us.


Essay Writing Services

At Best Quality Essays, we prioritize on all aspects that bring about a good grade such as impeccable grammar, proper structure, zero-plagiarism and conformance to guidelines. Our experienced team of writers will help you completed your essays and other assignments.


Admission and Business Papers

Be assured that you’ll definitely get accepted to the Master’s level program at any university once you enter all the details in the order form. We won’t leave you here; we will also help you secure a good position in your aspired workplace by creating an outstanding resume or portfolio once you place an order.


Editing and Proofreading

Our skilled editing and writing team will help you restructure you paper, paraphrase, correct grammar and replace plagiarized sections on your paper just on time. The service is geared toward eliminating any mistakes and rather enhancing better quality.


Technical papers

We have writers in almost all fields including the most technical fields. You don’t have to worry about the complexity of your paper. Simply enter as much details as possible in the place order section.