Challenges and Opportunities of Biometric User Authentication in the Age of IoT: A Survey

While the Internet of Things (IoT) devices, such as smartwatches, provide a range of services from managing financial transactions to monitoring smart homes, these devices often lead to gateways for malicious access to a user's cyber-physical space. Biometric-based authentications are becoming popular to secure IoT devices and provide other services. However, when to use what type of biometrics remains challenging due to various factors, including sensing and computing requirements, user interaction requirements, stability over time, and application scenarios, among others. Unlike soft biometrics, e.g., gait, traditional biometrics, e.g., iris, are more stable over time but require active user input and robust sensing and computing, which limits their continuous adaptability to secure a user's cyber-physical space. Additionally, the integration of new sensors to IoT devices brings opportunistic data types that can individually or in combination with other common biometrics to identify a user. There is a dearth of knowledge about the limitations and applications of new opportunistic biometrics and their combinations with existing biometrics obtained from single or multiple IoT-connected devices. Therefore, this article thoroughly discusses different biometrics that can be implemented on IoT devices to understand the potential of biometric authentications better.