MoLaBSS: Server-Specific Add-On Biometric Security Layer Model to Enhance the Usage of Biometrics
Round 1
Reviewer 1 Report
The authors designed, developed, and tested a low-cost mobile app “Bio-Guard,” to provide an extra layer of biometric security for the access of a web-based application via mobile devices. The idea is easy to read/follow and publishable after amending these comments:
- The biometric authentication requires to explain better and, if possible, supported with related algorithms and added the complexity of it.
- Since the work practical testing, it is of interest to have a better metric and setup explanation, which helps future audiences to reproduce the work.
- I was expected to see better experiments, explanations and relation o your generated model. It is mandatory to have a new connection to the raised models and your tests.
- I guess the background is limited and I expect to see some related cutting edge solutions like ‘LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT’ and ‘Securing heterogeneous wireless sensor networks: Breaking and fixing a three-factor authentication protocol’ in the background to reflect the salient approval of your method abasing the literature.
- The reference prevention is not an academic way, try to fix them.
- Since you are analyzing on a mobile app, it is expected to have a link of the app provided or give a better explanation of the input/output of this black box system and more explain the features of this app. I suggest seeing the paper like a tool that can give more ideas on appliances if the work. It helps to technical amylase and validates your solutions in a real-world and academic manner.
Author Response
Kindly, see the .pdf attachment, but if the attachment does not open, then please use response from this section.
Point 1: The biometric authentication requires to explain better and, if possible, supported with related algorithms and added the complexity of it.
Response 1: Reorganized section 3 to explain the functioning of the app and its authentication process. Now it clearly shows the authentication flow steps in figures 2 and 3 for before, during, and after installation cum registration of the Bio-Guard app. The changes are highlighted in yellow. Thank you for your comment. It looks much more logical.
Point 2: Since the work practical testing, it is of interest to have a better metric and setup explanation, which helps future audiences to reproduce the work.
Response 2: Provided better-organized metric, set up, and explanation in technology section 3. Section 4.1 and 4.2 are improved now for the reproducibility of the work. The changes are highlighted in yellow.
Point 3: I was expected to see better experiments, explanations, and relation of your generated model. It is mandatory to have a new connection to the raised models and your tests.
Response 3: We have tried to improve many sections i.e. section 3, 4, 5, and 6 or subsections thereof, as per the comments of both the reviewers. The changes are highlighted in yellow. Can you kindly be a little more specific about explaining the details of your expectation on the new connection and raised models?
Point 4: I guess the background is limited and I expect to see some related cutting edge solutions like ‘LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT’ and ‘Securing heterogeneous wireless sensor networks: Breaking and fixing a three-factor authentication protocol’ in the background to reflect the salient approval of your method abasing the literature.
Response 4:
- Kindly see references 13 and 23 for the above.
- In addition to these two references 9 more new references have been added, as per the comments of reviewer 2, in section 1, 2, for justification of many facts.
- 10 references have been removed to shorten and reorganize the introduction section 1, as per the comments of reviewer 2.
- The changes are highlighted in yellow.
Point 5: The reference prevention is not an academic way, try to fix them.
Response 5:
- To our understanding, we think you are asking to fix the reference style, which was not correct, i.e., [31], [32]. Such formatting has been corrected now.
- In addition to reference formatting the reference number 16, 25, 49, 54 have been updated only with DOI, and the direct link to pdf is removed. The changes are highlighted in yellow. If our understanding not correct, then can you kindly be a little more specific, please?
Point 6: Since you are analyzing on a mobile app, it is expected to have a link of the app provided or give a better explanation of the input/output of this black box system and more explain the features of this app. I suggest seeing the paper like a tool that can give more ideas on appliances if the work. It helps to technical amylase and validates your solutions in a real-world and academic manner.
Response 6:
- The main features and functions of the app, data processing, with input/ output, are explained in a better way in section 3 now.
- Experiment 1 to 10 of section 4.4 has details of input and out as well as the main features of the app which were tested. The details about the link are available as per Git-Hub related reference [51].
- The changes are highlighted in yellow.
- Can you kindly explain in more details what do you suggest for paper-like tool, please? Any direct working web-link for this or such a simple tool would be appreciated.
Author Response File: Author Response.pdf
Reviewer 2 Report
The authors conducted a study on the definition of a security-server layer for authentication based on biometric parameters.
The paper is not well-written and from my point of view, the structure is chaotic and very hard to read in many parts of it. The introduction is very large and very scattered. the authors must focus the reader on presenting the problem in one-two paragraphs after that explain the problems of current solutions, and finally, explain the proposal in brief.
There are part of the text that must be carefully justified, for instance,
"A large percentage of users use obvious user-id and password. A hacker can install the banking app on any device, steal user-id, password, enter the DOB or pet’s name, and perform fraudulent transactions without the user knowing about it for a long time."
Other examples can be found in the paper. The justification for the proposition of a BioGuard app (Rational section) is based on statements that must be justified. Section 3, in general, is very hard to understand, the authentication method is very poorly explained, and no details are given only parameters used are explained. Sub-sections 3.2,3.3,3.4,3.5,3.6 for me are unnecessary because some details are irrelevant. Figure 3 likes more of a prototype than a real app. Figures 1 and 2 are the same with different explanations.
Evaluation is the best section but also chaotic in my point of view. The evaluation section must be synthesised and focused on the benefits of the solution and improve the Discussion section. Maybe a discussion about the threat of validation can help to improve this part.
In my opinion, the paper must be improved (overall carefully structured and written) and for this reason, I propose to reject the paper in the current form.
Minor issues:
- There's an absolute disregard for the style and format in the document. For instance, there are changes in text spacing, letter size, and so on.
- Figures 1 and 2 must be improved.
- Avoid commands between references: [31],[32]
Author Response
Kindly, see the .pdf attachment, but if the attachment does not open, then please use response from this section.
Point 1: The paper is not well-written, and from my point of view, the structure is chaotic and very hard to read in many parts of it. The introduction is very large and very scattered. The authors must focus the reader on presenting the problem in one-two paragraphs after that, explain the problems of current solutions, and finally, explain the proposal in brief.
Response 1: Introduction section has been shortened and organized as per your valuable comment. Section 1 now has only 3 main paragraphs plus the last paragraph explaining the organization of the manuscript. We thank you a lot for your suggestions for improving the quality of the manuscript. The changes are highlighted in yellow.
Point 2: There are part of the text that must be carefully justified; for instance, "A large percentage of users use obvious user-id and password. A hacker can install the banking app on any device, steal user-id, password, enter the DOB or pet's name, and perform fraudulent transactions without the user knowing about it for a long time." Other examples can be found in the paper. The justification for the proposition of a Bio-Guard app (Rational section) is based on statements that must be justified.
Response 2:
- Kindly see reference numbers 3, 4, 5,7, 10, 11, 13, 23, and 38 for the above.
- 10 references have been removed to shorten and organize the introduction section 1 and section3.
- Eleven new references have been added for justification or improving the quality of the manuscript as per the comments from both the reviewers.
- The changes are highlighted in yellow.
Point 3: Section 3, in general, is very hard to understand, the authentication method is very poorly explained, and no details are given only parameters used are explained. Sub-sections 3.2,3.3,3.4,3.5,3.6 for me are unnecessary because some details are irrelevant. Figure 3 likes more of a prototype than a real app. Figures 1 and 2 are the same with different explanations.
Response 3:We removed three sub-sections, i.e., 3.3, 3.5, and 3.6, as per your comment. By mistake, we had inserted figure 2 at two places, and that caused confusion in the understanding authentication process. We are sorry for that. Figures 2 and 3 are improved with more spacing and uniform size font.We reorganized section 3 to explain the functioning of the app and its authentication process. Now it clearly shows the authentication flow steps in figures 2 and 3 for before, during, and after installation cum registration of the Bio-Guard app.
- As per your comment, figures 1, 2, and 3 have been improved. Figure 3 of the previous manuscript is now Figure1 in section 3.1, and it has been retained as per Reviewers # 1's comment to show a visual picture of input and output.
- Subsection 3.2 and 3.3 have been retained and subsection 3.4 is now merged in subsection 3.3 to show the data flow with and without Bio-Guard app.
- The changes are highlighted in yellow.
Point 4: The Evaluation is the best section but also chaotic in my point of view. The evaluation section must be synthesised and focused on the benefits of the solution and improve the Discussion section. Maybe a discussion about the threat of validation can help to improve this part.
Response 4:
- Improved evaluation section 5 by removing some unrelated socio-economic points and focused on the benefit of the solution.
- We tried to improve discussion section 6 by adding validation challenges or opportunities in the context of new sensors, 5G network, and beyond.
- The changes are highlighted in yellow.
Point 5: Minor issues: there's an absolute disregard for the style and format in the document. For instance, there are changes in text spacing, letter size, and so on. Figures 1 and 2 must be improved. Avoid commands between references: [31],[32]
Response 5:
- We adjusted spacing in the main article and reference section. We formatted, font style, font size, italics, parenthesis, quotation marks, etc. to be more consistent.
- Figures 1 and 2 of the previous version of the manuscript are now figures 2 and 3. They are improved with more spacing and uniform font. Figure 3 now displays 5 steps of data flow before the installation of the Bio-Guard app. We are sorry again for the mess in the previous version of the manuscript.
- Corrected formatting issue of commas between references i.e. [28, 29], [31,32] etc.
- The changes are highlighted in yellow.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
The updated file includes best responses to my raised comments. I thinks it can be published with this shape.
Author Response
If the the pdf attachment does not open, please the authors' response to comments below.
Point 1: English language and style are fine/minor spell check required. The updated file includes the best responses to my raised comments. I think it can be published in this shape.
Response 1: The mobile app figure is improved. New task and flow diagrams are included to explain the authentication better, as per suggested improvements from reviewer #2. Spell check is performed again after making suggested changes. The changes are highlighted in yellow. Thank you for your comments. It looks much more logical and a lot better.
Author Response File: Author Response.pdf
Reviewer 2 Report
the authors improved a lot the paper but several are the amendments that must be followed (overall in presenting the proposal) to improve the paper. A PDF is attached, it has many glove comments on those parts to improve those sections.
Comments for author File: Comments.pdf
Author Response
If the pdf attachment does not open then please the authors' response to the reviewer's comments below.
Point 1: Server-Specific Add-on Biometric Security Layer Model (SSABSLM),"- Seriously try to create a shorten acronym .... it is hard even as an acronym.
Response 1: We brainstormed and decided upon an easy to pronounce and remember the acronym, i.e., "MoLaBSS," on the line of MOLAB (Mobile Lab). We hope reviewers and readers like it. Any suggestion is welcome though.
Point 2: Why this sentence space is different from the other, this happened through all paper.
Response 2: Spacing is adjusted throughout the manuscript.
Point 3: Once again, the change on sentence spacing, it will be for the template?
Response 3: Spacing is adjusted throughout the manuscript.
Point 4: 2.1 rationale -this section must be moved into the proposal section to describe WHY you have chosen Bio-Guard as part of SSABLSM.
Response 4: Moved 2.1 rationale sub-section to below the proposal of the introduction section 1.
Point 5: Delete sub-sub section 2.2.1. Heading but keep the content below 2.1 while moving to the proposal section.
Response 5: Deleted sub-sub section 2.2.1. heading but kept the content of 2.1.1 below sub-section 2.1 while moving to proposal section 2.1. and merged in the introduction, section 1 below the solution proposal.
Point 6: Some of the statements are still unjustified.
Response 6: For justifying statements, we added 6 more new references 3,4,10,12, 16, and 46 – five in the introduction section 1 and one in the technology section 3. We realigned the reference numbers from the introduction to the conclusion sections.
Point 7: This one-paragraph sub-section 2.2 is necessary, isn't it? Maybe it can be integrated into the 2.1 section, or it will be moved to other parts.
Response 7: Merged old sub-section 2.2 in 4.2 (Testing Environment).
Point 8: Comment about section 3.1. It is fine to describe a mobile APP, but the author must go beyond the app, what the characteristics of the app that makes different this app and how it is integrated into the solution. It would be interesting to see how this app is part of the whole solution. Moreover, the authors must remark the parts of the Figure and refer to this part in the text to contextualize the reader, because the reader can lose in the many items and labels in the app interface. What are the text boxes, that the authors are describing in the Figure, what the authors expect that the reader understands with the Figure and describe in the text above? An overview of the solution must be presented before the app.
Response 8: Subsection 3.1, 3.2, and 3.2 are explained better with more descriptions, 4 new task-diagrams. Please provide your response. We have put remarks for the parts of the Figure and reference to the parts in the text to contextualize the reader. It has improved readability and made section 3 more interesting. We think the app now appears as well integrated into the whole solution. We thank you a lot for your valuable comments.
Point 9: Figure 1, is it really how the app looks like? It looks like a prototype itself...
Response 9: Replaced old figure1 with the current figure 1(a)-screen of the app only, without background mobile phone screen. Taking pictures with the app loaded on the mobile phone and cleaning the background image was not looking very nice.
Point 10: subsection 3.2, I got the architecture!!!! ... but surprise, again, there is not an architecture ….
Response 10: Subsection 3.2, is better explained now, giving details about the main server, biometrics authentication server, firewall, client-side device, etc. We have also contextualized the data flow about figure 2, 1(a), 3(a), and 3(b). We hope readers would find it easy enough. We welcome any specific suggestions, though.
Point 11: Figure2, Sorry, but I'll be very slow, but I don't understand the diagram and the workflow behind it. It is very chaotic, and I don't understand where to start and how to follow the next step. Begin at 1a or 1b, and then 2a, 2b, 3a?? It will be interesting to show first the elements that the approach will involve and then explain the workflow using a task diagram.
Response 11: Old figure 2 is replaced with the task diagram, current figure 4. We added 3 more task diagrams 1(b), 3(a), and 3(b) to contextualize the data flow. We believe now it is much easier to begin from 1st and finish at the nth step.
Point 12: Subsection 3.3 Just rename as Authentication Process of Bio-Guard App.
Response 12: Renamed subsection 3.3 as "Authentication Process of the Bio-Guard App."
Point 13: Perhaps a sequence diagram can help to understand the Authentication process because I still misunderstand the process ... what are the parts involved and which parts send information between each other. Fig 3. must be changed to a sequence diagram for a better understanding.
Response 13: We replaced old Figure 3 with sequence/task diagram current Figure 4. We added 3 more task diagrams 1(b), 3(a), and 3(b) to contextualize the data flow. We believe it would be easier to understand the process now.
Author Response File: Author Response.pdf
Round 3
Reviewer 2 Report
Thanks to the authors for the effort on improving the paper in a very short time.
In this revision, I focus on figures 1, 2, 3 and 4. Although the text guides the reader on the sequence of execution, in my opinion, the pictures are still chaotic and they are not task-based at all. The activity diagrams help to understand the workflow in the perspective of the tasks (https://en.wikipedia.org/wiki/Activity_diagram) by identifying the start and end event clearly focusing on the tasks, not in the elements of the architecture such as current pictures. This is why I claimed, in the previous review, about the overview of the architecture (identifying elements) and them I claimed for workflows. I think this can help top the paper to better understanding. I recommend two changes:
- Introduce the architecture (just describe the elements) of the approach at the beginning of section 3.1
- Re-draw the figures 1,2,3 and 4 in the perspective of activity/task as a workflow using a task digram.
Author Response
Please see the response below if the PDF response does not open.
Response to Reviewer 2, round 3 comments.
Point 1: Introduce the architecture (just describe the elements) of the approach at the beginning of section 3.1.
Response 1: We made old subsection 3.2 as a new subsection 3.1. The new subsection 3.1 provides an overview of the architecture, technical design, and high-level data flow, including integration points for other figures. We hope reviewers and readers like it. Any suggestion is welcome, though.
Point 2: Re-draw the figures 1, 2, 3, and 4 in the perspective of activity/task as a workflow using a task diagram.
Response 2:
- Figure 2 of the previous version/round 2 is now Figure 1 in subsection 3.1 and is simplified to give a high-level overview and to provide integration points to other figures.
- Four figures of previous version/round 2, i.e., 1(b), 3(a), 3(b), and 4 are removed.
- Six new figures based on activity / task diagram are added in this version/round 3 i.e. 2(a), 2(b), 3(a), 3(b), 4(a) and 4(b). Figures 2(a) and 2(b) are part of 1 .jpg file because they are small-sized flow. These figure numbers are updated in other sections of the manuscript when referenced.
- Texts to describe these new figures and their integration points with other new figures are updated. All changes are highlighted in yellow.
Thank you so much for getting the quality of the manuscript improved. It looks a lot more logical and readable.
Bhanu & Nirvisha
Author Response File: Author Response.pdf