CCTV-Based Multi-Factor Authentication System

  • Kwon, Byoung-Wook (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Sharma, Pradip Kumar (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Park, Jong-Hyuk (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))
  • Received : 2019.04.09
  • Accepted : 2019.07.31
  • Published : 2019.08.31


Many security systems rely solely on solutions based on Artificial Intelligence, which are weak in nature. These security solutions can be easily manipulated by malicious users who can gain unlawful access. Some security systems suggest using fingerprint-based solutions, but they can be easily deceived by copying fingerprints with clay. Image-based security is undoubtedly easy to manipulate, but it is also a solution that does not require any special training on the part of the user. In this paper, we propose a multi-factor security framework that operates in a three-step process to authenticate the user. The motivation of the research lies in utilizing commonly available and inexpensive devices such as onsite CCTV cameras and smartphone camera and providing fully secure user authentication. We have used technologies such as Argon2 for hashing image features and physically unclonable identification for secure device-server communication. We also discuss the methodological workflow of the proposed multi-factor authentication framework. In addition, we present the service scenario of the proposed model. Finally, we analyze qualitatively the proposed model and compare it with state-of-the-art methods to evaluate the usability of the model in real-world applications.


Argon2;Convolutional Neural Network;Deep Reinforcement Learning;Physically Unclonable Functions


Supported by : SeoulTech(Seoul National University of Science and Technology)


  1. R. Dobson, "IoT security for connected surveillance cameras," 2016;
  2. V. Suryani, S. Sulistyo, and W. Widyawan, "Two-phase security protection for the Internet of Things object," Journal of Information Processing Systems, vol. 14, no. 6, pp. 1431-1437, 2018.
  3. H. W. Kim and Y. S. Jeong, "Secure authentication-management human-centric scheme for trusting personal resource information on mobile cloud computing with blockchain," Human-centric Computing and Information Sciences, vol. 8, article no. 11, 2018.
  4. C. C. Fung and N. Jerrat, "A neural network based intelligent intruders detection and tracking system using CCTV images," in Proceedings of TENCON: Intelligent Systems and Technologies for the New Millennium (Cat. No. 00CH37119), Kuala Lumpur, Malaysia, 2000, pp. 409-414.
  5. J. Fisher and M. H. Sanchez, "Authentication and verification of digital data utilizing blockchain technology, "U.S. Patent Application No. 15/083,238, 2016.
  6. D. Gafurov, K. Helkala, and T. Sondrol, "Biometric gait authentication using accelerometer sensor," Journal of Computers, vol. 1, no. 7, pp. 51-59, 2006.
  7. M. L. Das, "Two-factor user authentication in wireless sensor networks," IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1086-1090, 2009.
  8. J. Zhang, X. Tan, X. Wang, A. Yan, and Z. Qin, "T2FA: transparent two-factor authentication," IEEE Access, vol. 6, pp. 32677-32686, 2018.
  9. M. K. Khan and K. Alghathbar, "Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'," Sensors, vol. 10, no. 3, pp. 2450-2459, 2010.
  10. F. Aloul, S. Zahidi, and W. El-Hajj, "Two factor authentication using mobile phones," in Proceedings of 2009 IEEE/ACS International Conference on Computer Systems and Applications, Rabat, Morocco, 2009, pp. 641-644.
  11. N. Dadashi, A. W. Stedmon, and T. P. Pridmore, "Semi-automated CCTV surveillance: the effects of system confidence, system accuracy and task complexity on operator vigilance, reliance and workload," Applied Ergonomics, vol. 44, no. 5, pp. 730-738, 2013.
  12. "The Verification Code scam in Telecommunication Fraud," 2016 [Online]. Available:
  13. S. Kumari and M. K. Khan, "More secure smart card-based remote user password authentication scheme with user anonymity," Security and Communication Networks, vol. 7, no. 11, pp. 2039-2053, 2014.
  14. Z. Siddiqui, A. H. Abdullah, M. K. Khan, and A. S. Alghamdi, "Smart environment as a service: three factor cloud based user authentication for telecare medical information system," Journal of Medical Systems, vol. 38, article no. 9997, 2014.
  15. A. Siddiqui, "Authentication vs Authorization," 2018 [Online]. Available:
  16. P. Wang, W. H. Lin, K. M. Chao, and C. C. Lo, "A face-recognition approach using deep reinforcement learning approach for user authentication," in 2017 IEEE 14th International Conference on e-Business Engineering (ICEBE), Shanghai, China, 2017, pp. 183-188.
  17. A. Braeken, "PUF based authentication protocol for IoT," Symmetry, vol. 10, article no. 352, 2018.
  18. P. K. Sharma and J. H. Park, "Blockchain based hybrid network architecture for the smart city," Future Generation Computer Systems, vol. 86, pp. 650-655, 2018.
  19. J. R. Agustina and G. G. Clavell, "The impact of CCTV on fundamental rights and crime prevention strategies: the case of the Catalan Control Commission of Video surveillance Devices," Computer Law & Security Review, vol. 27, no. 2, pp. 168-174, 2011.
  20. X. Wang, H. Xue, X. Liu, and Q. Pei, "A privacy-preserving edge computation-based face verification system for user authentication," IEEE Access, vol. 7, pp. 14186-14197, 2019.
  21. W. H. Lin, P. Wang, and C. F. Tsai, "Face recognition using support vector model classifier for user authentication," Electronic Commerce Research and Applications, vol. 18, pp. 71-82, 2016.
  22. P. Samangouei, V. M. Patel, and R. Chellappa, "Facial attributes for active authentication on mobile devices," Image and Vision Computing, vol. 58, pp. 181-192, 2017.
  23. M. Sajjad, S. Khan, T. Hussain, K. Muhammad, A. K. Sangaiah, A. Castiglione, C. Esposito, and S. W. Baik, "CNN-based anti-spoofing two-tier multi-factor authentication system," Pattern Recognition Letters, 2018.
  24. C. E. Lee, L. Zheng, Y. Zhang, V. L. Thing, and Y. Y. Chu, "Towards building a remote anti-spoofing face authentication system," in Proceedings of TENCON 2018: 2018 IEEE Region 10 Conference, Jeju, Korea, 2018, pp. 0321-0326.
  25. M. Azimpourkivi, U. Topkara, and B. Carbunar, "Camera based two factor authentication through mobile and wearable devices," Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, vol. 1, no. 3, article no. 35, 2017.
  26. T. Zhu, Z. Qu, H. Xu, J. Zhang, Z. Shao, Y. Chen, S. Prabhakar, and J. Yang, "RiskCog: unobtrusive real-time user authentication on mobile devices in the wild," IEEE Transactions on Mobile Computing, 2019.
  27. R. Zhang, Y. Xiao, S. Sun, and H. Ma, "Efficient multi-factor authenticated key exchange scheme for mobile communications," IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 4, pp. 625-634, 2017.
  28. A. Ometov, V. Petrov, S. Bezzateev, S. Andreev, Y. Koucheryavy, and M. Gerla, "Challenges of multi-factor authentication for securing advanced IoT applications," IEEE Network, vol. 33, no. 2, pp. 82-88, 2019.