SlideShare a Scribd company logo

Vulnerabilities of fingerprint authentication and security techniques

I
IJCSIS Research Publications

The security of biometric fingerprint is a big challenge now-a-days, as it has world-wide acceptance. Compromised fingerprint templates may raise terrible threats to its owner. Because of the vulnerabilities of fingerprint authentication system, security issues about fingerprint have been a matter of great concern. This study summarizes the vulnerabilities of fingerprint authentication system and highlights the type of securities available against those challenges. It includes much classified knowledge about security of fingerprint template. This work is an endeavor to provide a compact knowledge to the research community about the security issues regarding fingerprint authentication system.

Technology
1 of 6
Download to read offline
Vulnerabilities of Fingerprint Authentication Systems and Their Securities Tanjarul Islam Mishu MS Research Student, Dept. of Computer Science & Engineering Jatiya Kabi Kazi Nazrul Islam University Mymensingh, Bangladesh Email: tanjarul26@gmail.com Dr. Md. Mijanur Rahman Associate Professor, Dept. of Computer Science & Engineering Jatiya Kabi Kazi Nazrul Islam University Mymensingh, Bangladesh Email: mijanjkkniu@gmail.com Abstract—The security of biometric fingerprint is a big challenge now-a-days, as it has world-wide acceptance. Compromised fingerprint templates may raise terrible threats to its owner. Because of the vulnerabilities of fingerprint authentication system, security issues about fingerprint have been a matter of great concern. This study summarizes the vulnerabilities of fingerprint authentication system and highlights the type of securities available against those challenges. It includes much classified knowledge about security of fingerprint template. This work is an endeavor to provide a compact knowledge to the research community about the security issues regarding fingerprint authentication system. Keywords: Attacks; Vulnerabilities; Cryptosystems; Fingerprint Templates; Template Security. I. INTRODUCTION Fingerprint authentication system is very popular all over the world because of its uniqueness, usability, reliability etc. It has wide application areas such as border control, airports, business, healthcare, logical access systems, criminal detection, security management, smart phones etc. So, the security of this area is a matter of great concern. Because, the system is vulnerable to several attacks. Ratha[1] presented a model for possible attacks on a biometric system. The model introduced varieties of vulnerable points of the system. This work will focus on the points mentioned in the model. The motive of the present study is to detect different kinds of attacks on each point of this sophisticated model and also to identify the existing security techniques to protect against such kind of the attacks. Although several studies have been done over the attacks and the security approaches, most of them focused on attacks and solutions separately. Very few of them are on both but they are not sufficient. They didn’t expose some existing rare solutions. This study will depict the whole scenario of attacks on entire system and securities against the attacks existing now. This paper is organized as follows. There are eight subsections in Section 2. Each subsection firstly introduces the attacks followed by the solutions against the attacks. As template database attacks contain rich data, Section 2.6 is divided into two parts. Finally, the conclusion is drawn in Section 3. II. TYPES OF ATTACKS ON FINGERPRINT SYSTEM Ratha et al. [1] and Anil et al. [2] showed eight points of attack in a biometric system (see Figure-1). Each point and its attacks and regarding solutions has been explained in the following subsections. A. Fake Biometric A fake or artificial fingerprint, called spoof, is given to the scanner to get access to the system. The scanner remains unable to distinguish between fake and genuine traits. So, the intruder easily gets access to the system. [2] Putte and Keuning [3] created dummy fingerprint with and without the co-operation of the owner and tested on several sensors. They showed a result that almost every sensor accepted the dummy fingerprint as real at first attempt. Matsumoto et al. [4] experimented gummy (fake) fingers on 11 types of different fingerprint system. In their experiment, about 68- 100% gummy fingers were accepted by the system in their verification procedure. They also showed following ways how an attacker may deceive the system at scanner. Sensor Feature Extraction Matcher Application Devices Stored Templates 1 2 3 4 8 5 7 6 Override Feature Extractor Override Matcher Database-Matcher Channel Accept or Reject Fake Biometric Replay Synthesized Feature Set Override Final Decision Template Database Attack Figure 1. Points of attack in a biometric System International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 99 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
. (i) Fingerprints Known to System The actual registered finger is presented at the scanner by evil way such as external force by the criminals, using the fingerprints when user sleeping etc. (ii) Fingerprints Unknown to System If the imposter can know about the category of actual fingerprint (whorls, arches, loops etc), he may use the similar fingerprints unknown to system. Though it is almost impossible, it may harm the systems which are developed on the basis of insufficient features of fingerprint. It may effects on False Acceptance Rate (FAR) of the system. So, the authentication should be based on sufficient features. (iii) Severed Known Fingerprints It is similar to the known fingerprint mentioned earlier. But, it is a horrible attack done by a criminal to severe the fingerprint from the real user’s hand. To be protected, we should detect is the finger alive or not. (iv) Genetic Clone of Known Fingerprints Identical twins do not have same fingerprints. Because, the patterns of fingerprint are determined by the genetic mechanism and the nerve growth. So, they are not same but still very close. So, a genetic clone may be tried to deceive the system. To be protected from this kind of threats, we should keep tracking a genetic engineering on possibility of creating clones. (v) Artificial Clone of Known Fingerprints The attacker can make a 3D printed fingerprint or can make a mold of the known finger by which an artificial finger can be produced. (vi) Printed Image of Known Fingerprints This is very similar to the previous one. By the help of spraying some materials on the surface of the scanner to feel like actual finger, imposter can use printed image of fingerprint. Liveliness detection can be solution to fake biometric traits. There are two separate methods, such as, passive (non-stimulating) and active (stimulating) automated liveliness detection methods [5]. Generally, passive detection techniques make use of biometric probes recorded through a biometric sensor such as pulse measurement, temperature measurement, active sweat pores detection, skin resistance detection, electrical conductivity etc.[16] Active detection techniques normally require additional interactions that should requested using challenge response procedures. The different challenge response approaches can be used such as request of different fingers in random order. B. Replay Attack After acquisition of raw biometric data, it sends the raw data (e.g. fingerprint raw image) to the feature extraction module. The imposter steals the biometric trait raw data by seizing the channel and stores the trait. The imposter can reply the previously stored biometric trait to the feature extraction module to bypass the sensor. Fingerprint images are sent over channel usually compressed using WSQ. Because of the open compression standard, transmitting a WSQ compressed image over the Internet is not particularly secure. If the image can be seized, it can be decompressed easily which can cause Replay Old Data [1]. Data hiding techniques such as steganography can be applied when the raw image is sent to feature extractor. C. Override Feature Extractor The hackers, by Trojan Horse, take control over the feature extractor to produces feature sets as they wishes [1]. When installing or updating programs in a device it should be verified and should be aware of using third party programs. D. Synthesized Feature Set If the imposter can intercept the channel between the feature extraction module and matcher, he can replace the original set with a different synthesized feature set (assuming the representation is known to imposter) [1]. Insecure communication channel may face the ‘Hill Climbing Attack’ [2]. Hill Climbing Attack Uludag & Anil have developed an attacked for minutiae base fingerprint authentication system [6]. The location (c, r) and orientation Ɵ of minutiae points has been used by the attack. The system will works as the attackers knows the format of templates but not the information of templates. It uses the match score returned by the matcher and tries to generate minutiae set that results in successfully high matching score to be positive in identification. Figure-2 describes the Hill Climbing attack. refers to the database template corresponding to user i , i =1, 2,3,....N , where N is the total number of user. is Synthetic Template Generator Attack Module Fingerprint Matcher Application Devices To Other Modules T S( , T ) Attacking System Target System Figure 2. Block Diagram of Hill Climbing Attack International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 100 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
. the total number of minutiae in . T is the synthetic template generated by the attacking system for user i . S( , T ) is the matching score between and T . refers to the decision threshold used by the matcher. Note that the attacking system does not know this value. At the beginning of the attack, it generates several synthetic templates. Then begins attack with these templates and accumulate the matching scores returned by the matcher. It chooses the template having highest matching score. Then tries modification (perturbing, adding, replacing or deleting of minutiae) to get larger match score and chooses the larger one as the best template T . This modification continues until the matcher accept the current best score where ( ) > . To be safe from hill climbing attack, we can add some extra features in the matcher of authentication system. These may include- i) tracking the number of failures within specific time. ii) limiting the number of tries within specific time. E. Override Matcher The hackers replace the matcher by a Trojan horse program that generates very high or low matching scores as the hackers want, regardless of original scores [1]. The Matcher is also a program like feature extractor. Attacks to this point can be solved in the similar way as feature extractor described in section 2.3. F. Template Database Attack (i) Type of Attacks The template databases can lead to three kinds of threats [3] as describe below. a. Template Replaced by The Imposter’s Template The imposter can replace the original template with new one to gain the unauthorized access to the system whenever he wants like an authorized user. b. Masquerade/Physical Spoof Created from Templates Minutiae information is unique to each individual. The view of non-reconstruction was dominant in the biometrics communities, until some recent researches. Over last few years, some works were done that showed that a fingerprint image can be reconstructed from a minutiae template. The fingerprint image reconstructed from the minutiae template, known as a “masquerade” image since it is not an exact copy of the original image, will likely fool the system when it is submitted [7]. In 2007, Cappelli at al [8] did some amazing experiments. The authors analyzed the ISO/IEC 19794-2 minutiae standard template. They took different ways of test. In one experiment, they used basic minutiae information only (i.e. positions x, positions y, and directions). In another test, they also used optional information: minutiae types, Core and Delta data, and proprietary data (the ridge orientation field in this case. In their experiments, nine different systems were tested and the average percentage of successful attacks was 81% at a high security level and 90% at a medium security level. Image Reconstruction with points of attack in fingerprint is shown in figure-3. Masquerade can be very threatening fact to the owner. Because, hackers may track the owner where he/she is using the fingerprint. They may hack bank accounts and other secured accesses. They may use the masquerade to databases at other organizations to get unauthorized access, though they use different templates and algorithms, called Cross-Matching. c. Stolen Templates Imposter can steal the template and replay that on matcher. The stolen template can be used as synthesized feature set. (ii) Template Protection Techniques All the template protection techniques can be categorized in two major categories, such as, (a) feature transformation and (b) biometric cryptosystem. Figure-4 shows a graphical representation of biometric template protection techniques. Other types of template protection techniques are water marking [14], steganography [15], system on card/match on card [2] etc. a. Feature Transformation For the protection, the features generated from the input image are transformed to a new form. It is not kept in real Masquerade : Image Reconstruction from Template Stealing Templates Image used by imposter Cross-Matching Sensor Feature Extraction Matcher Application Devices Stored Templates 1 2 3 4 8 5 7 6 Override Feature Extractor Override Matcher Database-Matcher Accept or Reject Fake Biometric Replay Synthesized Feature Set Override Final Decision Template DB Attack Figure 3. Image Reconstruction (Masquerade) from stored templates International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 101 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
. form rather stored in transformed form. The generated transformed form can be invertible or non-invertible. 1. Invertible Transformation (Bio Hashing) In invertible feature transformation, the template is transformed with some parameter of user. At the site of authentication, the template is inverted again with the secret parameters. The scheme can’t provide high security without the secret transformation. Because if the secret key(transformation parameters) is compromised with imposters, they can revert the template. So, the key should be secured enough.[17] 2. Non-invertible Transformation (Cancellable Biometrics) Cancellable biometrics scheme is an intentional and systematic repeatable distortion of biometric template data with the purpose of protecting it under transformational- based biometric template security. In the verification site, the query image is transformed in same the manner, then compared. In the concept of cancellable transformation, a transformed template can be cancelled and re-issued by changing transformation parameters if problem issued [9]. b. Biometric Cryptosystems Cryptosystem technique on biometric data is called biometric cryptosystem where a key (or keys) is used to encrypt the biometric data. The key can be generated from biometric data itself or from an external data. At the matcher, the key is used to decrypt the biometric data. Observing the literature, we divide Biometric Cryptosystems into two major parts: Key Generation or Key Binding. 1. Key Generation At the time of enrolment, a unique key is chosen from the features extracted from the fingerprint. This key is not stored in the database [10]. A Secure Sketch reliably reproduces the biometric secret without leaking any information. It works in two phases: Generation & Reconstruction. It takes biometric data as input and creates a sketch of that data. Later, at reconstruction, the generated sketch and the data sufficiently similar (query image) to original the input data are given. Then, it reproduces the original input data. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them [11]. Fuzzy Extractor reliably extracts almost uniform randomness R from its input. It is error-tolerant because if we change deliver different template from same finger, R will not change. The resultant R is almost similar to the original R. This R is used as a key in cryptographic application [9]. 2. Key Binding In key binding, cryptographic key is tightly bound with the biometric template so that it cannot be released without a successful biometric authentication and without accessing template directly [12]. The key Binding can be categorized as Fuzzy Vault and Fuzzy Commitment. Fuzzy Vault is first introduced by Juels and Sudan [13] as a cryptographic construct. There are used two set of points : fuzzy unsorted points and chaff points. The unsorted Live-ness Detection Data Transmission Security Techniques Secure Installation & Updating of Programs Template Protection Techniques Attack Resistance Techniques Point 1 Point 2,4,7,8 Point 3,5 Point 6 Feature Transformation Invertible Bio- hashing Non- invertible Cancellable Biometrics Key Generation Secure Sketches & Fuzzy Key Binding Fuzzy Vault & Fuzzy Commitment Others Watermarking Steganography Match on Card (For small applications) Figure 4. Attacks and Solutions on Fingerprint Authentication System. Biometric Cryptosystems International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 102 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
. data set is taken from biometric data. Meenakshi[11] explained the fuzzy vault with biometric system. In fuzzy vault framework, the secret key S is locked by G, where G is an unordered set from the biometric sample. A polynomial P is constructed by encoding the secret S. This polynomial is evaluated by all the elements of the unordered set G. A vault V is constructed by the union of unordered set G and chaff point set C which is not in G. The vault, V = G U C. The union of the chaff point set hides the genuine point set from the attacker. Hiding the genuine point set secures the secret data S and user biometric template T. The vault is unlocked with the query template T’. T’ is represented by another unordered set U’. The user has to separate sufficient number of points from the vault V by comparing U’ with V. By using error correction method, the polynomial P can be successfully reconstructed if U’ overlaps with U and secret S gets decoded. If there is not substantial overlapping between U and U’ secret key S is not decoded. This construct is called fuzzy because the vault will get decoded even for very close values of U and U’ and the secret key S can be retrieved. Therefore fuzzy vault construct becomes more appropriate for biometric data which possesses inherent fuzziness. A Fuzzy Commitment scheme is one where a uniformly random key of length 1 bits (Binary vector) is generated and used to exclusively index an nbit codeword of suitable error correcting code where the sketch extracted from the biometric template is stored in a database [9]. G. Database-Matcher Channel Attack On this type of attack, the stored templates coming from database is being modified before reaching to matcher. So, the matcher gets modified templates. Maintaining secure data transmission can solve the problem. Different error detection techniques such as parity check, checksum, cyclic redundancy checks can be used to identify the transmitted template is modified or not.[18] H. Override Final Decision Final result coming from the matcher is modified by the imposters. It changes the original decision (accept/reject) by changing the match scores. Sending the result through a trusted channel and using a secure delivery can be used to get the correct result. III. CONCLUSION This study conveys a prominent analysis on the vulnerabilities of Fingerprint Authentication System of each point of the model and shows the effective security system existing now. This work brings vulnerabilities and securities, compacted together, of fingerprint authentication system. Different types of attack such as fake biometric, replay data, synthesized feature set and template database have been explained about how they occur. The paper also contains the prevention techniques against the corresponding attacks. As the template database is very sensitive part of the system, its protection techniques are have been analyzed with high significance. This paper even shows very small attempts taken such as match on card for the security of fingerprint template. In the analysis, it has been learnt that attack on template is very severe. If the templates are compromised, the security of their owner will be violated. So, template security requires more attention of research authority. Though several types of work have been done on the template security, they are not able to satisfy all the requirements such as recoverability, security, privacy, high matching accuracy etc. So, our next work is to generate an efficient template security scheme. REFERENCES [1] Ratha, Nalini K., Jonathan H. Connell, and Ruud M. Bolle. “An analysis of minutiae matching strength.” International Conference on Audio-and Video-Based Biometric Person Authentication. Springer Berlin Heidelberg, 2001. [2] Jain, Anil K., Karthik Nandakumar, and Abhishek Nagar. “Biometric template security.” EURASIP Journal on Advances in Signal Processing 2008 (2008): 113. [3] T. Putte and J. Keuning, “Biometrical fingerprint recognition: don’t get your fingers burned”, Proc. IFIP TC8/WG8.8, Fourth Working Conf. Smart Card Research and Adv. App., pp. 289-303, 2000. [4] Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino. “Impact of artificial ‘gummy’ fingers on fingerprint systems.” Proc. SPIE 4677, Optical Security and Counterfeit Deterrence Techniques IV, April 2002. [5] Rogmann, Nils, and Maximilian Krieg. “Liveness Detection in Biometrics.” Biometrics Special Interest Group (BIOSIG), International Conference of the. IEEE, 2015. [6] Uludag, Umut, and Anil K. Jain. “Attacks on biometric systems: a case study in fingerprints.” Proceedings of SPIE. Vol. 5306. 2004. [7] “Fingerprint Biometrics: Address Privacy Before Deployment.” https://www.ipc.on.ca/wp-content/uploads/2008/11/fingerprint- biosys-priv.pdf, 2008. [8] Cappelli, Raffaele, Dario Maio, Alessandra Lumini, and Davide Maltoni. “Fingerprint image reconstruction from standard templates.” IEEE transactions on pattern analysis and machine intelligence 29, No.9. 2007. [9] Mwema, Joseph, S. Kimani, and M. Kimwele. “A Simple Review of Biometric Template Protection Schemes Used in Preventing Adversary Attacks on Biometric Fingerprint Templates.” International Journal of Computer Trends and Technology 20.1 (2015): 12-18. [10] Khandelwal, Sarika, P. C. Gupta, and Khushboo Mantri. “Survey of Threats to the Biometric Authentication Systems and Solutions.” International Journal of Computer Applications 61.17. 2013. [11] Meenakshi VS, “Secure And Revocable Biometric Template Using Fuzzy Vault For Fingerprint, Iris And Retina.” A Thesis Submitted To Avinashilingam Deemed University For Women Coimbatore – 641043, 2010. [12] Huixian, Li, et al. “Key binding based on biometric shielding functions.” Information Assurance and Security. IAS'09. Fifth International Conference on. Vol.1. IEEE, 2009. [13] Juels, Ari, and Madhu Sudan. “A fuzzy vault scheme.” Designs, Codes and Cryptography 38.2 (2006): 237-257. [14] Patel, Monika, and Priti Srinivas Sajja. “The Significant Impact of Biometric Watermark for Providing Image Security using DWT based Alpha Blending Watermarking Technique.” [15] Rubal Jain and Chander Kant. “Attacks on Biometric Systems: An Overview.” International Journal of Advances in Scientific Research 2015; 1(07): 283-288. International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 103 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
. [16] M. Villa and A. Verma. "Fingerprint Recognition," in Biometrics in a Data Driven World: Trends, Technologies, and Challenges, M. Gofman and S. Mitra Eds., CRC Press, USA, pp. 265-281, 2017. [17] Ramu, T., and T. Arivoli. "Biometric Template Security: An Overview." Proceedings of International Conference on Electronics. Vol. 65. 2012. [18] Siwach, Ajay, Sunil Malhotra, and Ravi Shankar. "Analysis of Different Error Detection Schemes over OFDM Signal." International Journal of Engineering Trends and Technology- Volume4 Issue4- 2013 AUTHORS PROFILE Tanjarul Islam Mishu received his B.Sc. (Engg.) in Computer Science and Engineering from Jatiya Kabi Kazi Nazrul Islam University, Mymensingh, Bangladesh in 2016. Currently, he is student in M.Sc. of the institute. His research interest is focused on Biometrics Systems, Pattern Recognition, Image Processing, and Data Mining. Dr. Md. Mijanur Rahman is a faculty member of the Dept. of Computer Science and Engineering, Jatiya Kabi Kazi Nazrul Islam University, Trishal, Mymensingh, Bangladesh, since April 2008 (very beginning of the university). Now, Dr. Rahman is working as an Associate Professor of the CSE department. He also served as Lecturer and Assistant Professor in the same department. He served before as an Instructor (Tech) Computer in Govt. Polytechnic Institute from December 2005 to April 2008. Dr. Rahman obtained his B. Sc. (Hons) and M. Sc. degree both with first class first in CSE from Islamic University, Kushtia, Bangladesh. He also obtained his PhD degree in Computer Science and Engineering from Jahangirnagar University, Savar, Dhaka, Bangladesh in August 2014. His teaching and research interest lies in the areas such as Digital Signal Processing, Digital Speech Processing, Biometric Technology, Pattern Recognition, etc. Many of his research papers have been published in both national and international journals. International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 104 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Recommended

COMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASES
COMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASESCOMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASES
COMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASESijcsit
 
Compromising Systems: Implementing Hacking Phases
Compromising Systems: Implementing Hacking Phases Compromising Systems: Implementing Hacking Phases
Compromising Systems: Implementing Hacking Phases AIRCC Publishing Corporation
 
Adversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A SurveyAdversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A SurveyCSCJournals
 
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 
DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1IJITE
 
Msc dare journal 1
Msc dare journal 1Msc dare journal 1
Msc dare journal 1OluwadareOlatunji1
 
IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...
IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...
IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...IRJET Journal
 

Recommended

COMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASES
COMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASESCOMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASES
COMPROMISING SYSTEMS: IMPLEMENTING HACKING PHASESijcsit
 
Compromising Systems: Implementing Hacking Phases
Compromising Systems: Implementing Hacking Phases Compromising Systems: Implementing Hacking Phases
Compromising Systems: Implementing Hacking Phases AIRCC Publishing Corporation
 
Adversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A SurveyAdversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A SurveyCSCJournals
 
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 
DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1IJITE
 
Msc dare journal 1
Msc dare journal 1Msc dare journal 1
Msc dare journal 1OluwadareOlatunji1
 
IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...
IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...
IRJET- FASSBTR : Fingerprint Authentication System Security using Barcode...IRJET Journal
 
Managing Intrusion Detection Alerts Using Support Vector Machines
Managing Intrusion Detection Alerts Using Support Vector MachinesManaging Intrusion Detection Alerts Using Support Vector Machines
Managing Intrusion Detection Alerts Using Support Vector MachinesCSCJournals
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
 
Artificial immune system against viral attack
Artificial immune system against viral attackArtificial immune system against viral attack
Artificial immune system against viral attackUltraUploader
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
An Investigation into the Effectiveness of Machine Learning Techniques for In...
An Investigation into the Effectiveness of Machine Learning Techniques for In...An Investigation into the Effectiveness of Machine Learning Techniques for In...
An Investigation into the Effectiveness of Machine Learning Techniques for In...Oyeniyi Samuel
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoeSAT Journals
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
A Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemA Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
 
Self-learning systems for cyber security
Self-learning systems for cyber securitySelf-learning systems for cyber security
Self-learning systems for cyber securityKim Hammar
 
Biometrics Security using Steganography
Biometrics Security using SteganographyBiometrics Security using Steganography
Biometrics Security using SteganographyCSCJournals
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Kent State University
 
Artificial immune system
Artificial immune systemArtificial immune system
Artificial immune systemTejaswini Jitta
 
Machine Learning Algorithms Applied to System Security: A Systematic Review
Machine Learning Algorithms Applied to System Security: A Systematic ReviewMachine Learning Algorithms Applied to System Security: A Systematic Review
Machine Learning Algorithms Applied to System Security: A Systematic ReviewAssociate Professor in VSB Coimbatore
 
Machine learning in network security using knime analytics
Machine learning in network security using knime analyticsMachine learning in network security using knime analytics
Machine learning in network security using knime analyticsIJNSA Journal
 
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSMACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
 
7 multi biometric fake detection system using image quality based liveness de...
7 multi biometric fake detection system using image quality based liveness de...7 multi biometric fake detection system using image quality based liveness de...
7 multi biometric fake detection system using image quality based liveness de...INFOGAIN PUBLICATION
 
An SVM based Statistical Image Quality Assessment for Fake Biometric Detection
An SVM based Statistical Image Quality Assessment for Fake Biometric DetectionAn SVM based Statistical Image Quality Assessment for Fake Biometric Detection
An SVM based Statistical Image Quality Assessment for Fake Biometric DetectionIJTET Journal
 
A Survey of Security of Multimodal Biometric Systems
A Survey of Security of Multimodal Biometric SystemsA Survey of Security of Multimodal Biometric Systems
A Survey of Security of Multimodal Biometric SystemsIJERA Editor
 

More Related Content

What's hot

Managing Intrusion Detection Alerts Using Support Vector Machines
Managing Intrusion Detection Alerts Using Support Vector MachinesManaging Intrusion Detection Alerts Using Support Vector Machines
Managing Intrusion Detection Alerts Using Support Vector MachinesCSCJournals
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
 
Artificial immune system against viral attack
Artificial immune system against viral attackArtificial immune system against viral attack
Artificial immune system against viral attackUltraUploader
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
An Investigation into the Effectiveness of Machine Learning Techniques for In...
An Investigation into the Effectiveness of Machine Learning Techniques for In...An Investigation into the Effectiveness of Machine Learning Techniques for In...
An Investigation into the Effectiveness of Machine Learning Techniques for In...Oyeniyi Samuel
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoeSAT Journals
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
A Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemA Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
 
Self-learning systems for cyber security
Self-learning systems for cyber securitySelf-learning systems for cyber security
Self-learning systems for cyber securityKim Hammar
 
Biometrics Security using Steganography
Biometrics Security using SteganographyBiometrics Security using Steganography
Biometrics Security using SteganographyCSCJournals
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Kent State University
 
Artificial immune system
Artificial immune systemArtificial immune system
Artificial immune systemTejaswini Jitta
 
Machine Learning Algorithms Applied to System Security: A Systematic Review
Machine Learning Algorithms Applied to System Security: A Systematic ReviewMachine Learning Algorithms Applied to System Security: A Systematic Review
Machine Learning Algorithms Applied to System Security: A Systematic ReviewAssociate Professor in VSB Coimbatore
 
Machine learning in network security using knime analytics
Machine learning in network security using knime analyticsMachine learning in network security using knime analytics
Machine learning in network security using knime analyticsIJNSA Journal
 
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSMACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
 

What's hot (19)

Managing Intrusion Detection Alerts Using Support Vector Machines
Managing Intrusion Detection Alerts Using Support Vector MachinesManaging Intrusion Detection Alerts Using Support Vector Machines
Managing Intrusion Detection Alerts Using Support Vector Machines
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision Tree
 
Artificial immune system against viral attack
Artificial immune system against viral attackArtificial immune system against viral attack
Artificial immune system against viral attack
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
An Investigation into the Effectiveness of Machine Learning Techniques for In...
An Investigation into the Effectiveness of Machine Learning Techniques for In...An Investigation into the Effectiveness of Machine Learning Techniques for In...
An Investigation into the Effectiveness of Machine Learning Techniques for In...
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction Technique
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algo
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
 
A Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection SystemA Survey On Genetic Algorithm For Intrusion Detection System
A Survey On Genetic Algorithm For Intrusion Detection System
 
Self-learning systems for cyber security
Self-learning systems for cyber securitySelf-learning systems for cyber security
Self-learning systems for cyber security
 
Biometrics Security using Steganography
Biometrics Security using SteganographyBiometrics Security using Steganography
Biometrics Security using Steganography
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...
 
Artificial immune system
Artificial immune systemArtificial immune system
Artificial immune system
 
Machine Learning Algorithms Applied to System Security: A Systematic Review
Machine Learning Algorithms Applied to System Security: A Systematic ReviewMachine Learning Algorithms Applied to System Security: A Systematic Review
Machine Learning Algorithms Applied to System Security: A Systematic Review
 
Machine learning in network security using knime analytics
Machine learning in network security using knime analyticsMachine learning in network security using knime analytics
Machine learning in network security using knime analytics
 
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSMACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
 

Similar to Vulnerabilities of fingerprint authentication and security techniques

7 multi biometric fake detection system using image quality based liveness de...
7 multi biometric fake detection system using image quality based liveness de...7 multi biometric fake detection system using image quality based liveness de...
7 multi biometric fake detection system using image quality based liveness de...INFOGAIN PUBLICATION
 
An SVM based Statistical Image Quality Assessment for Fake Biometric Detection
An SVM based Statistical Image Quality Assessment for Fake Biometric DetectionAn SVM based Statistical Image Quality Assessment for Fake Biometric Detection
An SVM based Statistical Image Quality Assessment for Fake Biometric DetectionIJTET Journal
 
A Survey of Security of Multimodal Biometric Systems
A Survey of Security of Multimodal Biometric SystemsA Survey of Security of Multimodal Biometric Systems
A Survey of Security of Multimodal Biometric SystemsIJERA Editor
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET Journal
 
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)IJARIIE JOURNAL
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical HackingJennifer Wood
 
Improving the accuracy of fingerprinting system using multibiometric approach
Improving the accuracy of fingerprinting system using multibiometric approachImproving the accuracy of fingerprinting system using multibiometric approach
Improving the accuracy of fingerprinting system using multibiometric approachIJERA Editor
 
IRJET-Gaussian Filter based Biometric System Security Enhancement
IRJET-Gaussian Filter based Biometric System Security EnhancementIRJET-Gaussian Filter based Biometric System Security Enhancement
IRJET-Gaussian Filter based Biometric System Security EnhancementIRJET Journal
 
Self Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized ActivitySelf Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized ActivityIRJET Journal
 
Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios ijcsa
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
 
Detecting network attacks model based on a convolutional neural network
Detecting network attacks model based on a convolutional neural network Detecting network attacks model based on a convolutional neural network
Detecting network attacks model based on a convolutional neural network IJECEIAES
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONacijjournal
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONacijjournal
 
Developing an Artificial Immune Model for Cash Fraud Detection
Developing an Artificial Immune Model for Cash Fraud Detection Developing an Artificial Immune Model for Cash Fraud Detection
Developing an Artificial Immune Model for Cash Fraud Detection khawla Osama
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
 

Similar to Vulnerabilities of fingerprint authentication and security techniques (20)

7 multi biometric fake detection system using image quality based liveness de...
7 multi biometric fake detection system using image quality based liveness de...7 multi biometric fake detection system using image quality based liveness de...
7 multi biometric fake detection system using image quality based liveness de...
 
An SVM based Statistical Image Quality Assessment for Fake Biometric Detection
An SVM based Statistical Image Quality Assessment for Fake Biometric DetectionAn SVM based Statistical Image Quality Assessment for Fake Biometric Detection
An SVM based Statistical Image Quality Assessment for Fake Biometric Detection
 
A Survey of Security of Multimodal Biometric Systems
A Survey of Security of Multimodal Biometric SystemsA Survey of Security of Multimodal Biometric Systems
A Survey of Security of Multimodal Biometric Systems
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system new
 
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
 
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726
 
Improving the accuracy of fingerprinting system using multibiometric approach
Improving the accuracy of fingerprinting system using multibiometric approachImproving the accuracy of fingerprinting system using multibiometric approach
Improving the accuracy of fingerprinting system using multibiometric approach
 
IRJET-Gaussian Filter based Biometric System Security Enhancement
IRJET-Gaussian Filter based Biometric System Security EnhancementIRJET-Gaussian Filter based Biometric System Security Enhancement
IRJET-Gaussian Filter based Biometric System Security Enhancement
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEM
 
Self Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized ActivitySelf Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized Activity
 
Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligence
 
Detecting network attacks model based on a convolutional neural network
Detecting network attacks model based on a convolutional neural network Detecting network attacks model based on a convolutional neural network
Detecting network attacks model based on a convolutional neural network
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system new
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
 
Developing an Artificial Immune Model for Cash Fraud Detection
Developing an Artificial Immune Model for Cash Fraud Detection Developing an Artificial Immune Model for Cash Fraud Detection
Developing an Artificial Immune Model for Cash Fraud Detection
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Vulnerabilities of fingerprint authentication and security techniques

  • 1. Vulnerabilities of Fingerprint Authentication Systems and Their Securities Tanjarul Islam Mishu MS Research Student, Dept. of Computer Science & Engineering Jatiya Kabi Kazi Nazrul Islam University Mymensingh, Bangladesh Email: tanjarul26@gmail.com Dr. Md. Mijanur Rahman Associate Professor, Dept. of Computer Science & Engineering Jatiya Kabi Kazi Nazrul Islam University Mymensingh, Bangladesh Email: mijanjkkniu@gmail.com Abstract—The security of biometric fingerprint is a big challenge now-a-days, as it has world-wide acceptance. Compromised fingerprint templates may raise terrible threats to its owner. Because of the vulnerabilities of fingerprint authentication system, security issues about fingerprint have been a matter of great concern. This study summarizes the vulnerabilities of fingerprint authentication system and highlights the type of securities available against those challenges. It includes much classified knowledge about security of fingerprint template. This work is an endeavor to provide a compact knowledge to the research community about the security issues regarding fingerprint authentication system. Keywords: Attacks; Vulnerabilities; Cryptosystems; Fingerprint Templates; Template Security. I. INTRODUCTION Fingerprint authentication system is very popular all over the world because of its uniqueness, usability, reliability etc. It has wide application areas such as border control, airports, business, healthcare, logical access systems, criminal detection, security management, smart phones etc. So, the security of this area is a matter of great concern. Because, the system is vulnerable to several attacks. Ratha[1] presented a model for possible attacks on a biometric system. The model introduced varieties of vulnerable points of the system. This work will focus on the points mentioned in the model. The motive of the present study is to detect different kinds of attacks on each point of this sophisticated model and also to identify the existing security techniques to protect against such kind of the attacks. Although several studies have been done over the attacks and the security approaches, most of them focused on attacks and solutions separately. Very few of them are on both but they are not sufficient. They didn’t expose some existing rare solutions. This study will depict the whole scenario of attacks on entire system and securities against the attacks existing now. This paper is organized as follows. There are eight subsections in Section 2. Each subsection firstly introduces the attacks followed by the solutions against the attacks. As template database attacks contain rich data, Section 2.6 is divided into two parts. Finally, the conclusion is drawn in Section 3. II. TYPES OF ATTACKS ON FINGERPRINT SYSTEM Ratha et al. [1] and Anil et al. [2] showed eight points of attack in a biometric system (see Figure-1). Each point and its attacks and regarding solutions has been explained in the following subsections. A. Fake Biometric A fake or artificial fingerprint, called spoof, is given to the scanner to get access to the system. The scanner remains unable to distinguish between fake and genuine traits. So, the intruder easily gets access to the system. [2] Putte and Keuning [3] created dummy fingerprint with and without the co-operation of the owner and tested on several sensors. They showed a result that almost every sensor accepted the dummy fingerprint as real at first attempt. Matsumoto et al. [4] experimented gummy (fake) fingers on 11 types of different fingerprint system. In their experiment, about 68- 100% gummy fingers were accepted by the system in their verification procedure. They also showed following ways how an attacker may deceive the system at scanner. Sensor Feature Extraction Matcher Application Devices Stored Templates 1 2 3 4 8 5 7 6 Override Feature Extractor Override Matcher Database-Matcher Channel Accept or Reject Fake Biometric Replay Synthesized Feature Set Override Final Decision Template Database Attack Figure 1. Points of attack in a biometric System International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 99 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 2. . (i) Fingerprints Known to System The actual registered finger is presented at the scanner by evil way such as external force by the criminals, using the fingerprints when user sleeping etc. (ii) Fingerprints Unknown to System If the imposter can know about the category of actual fingerprint (whorls, arches, loops etc), he may use the similar fingerprints unknown to system. Though it is almost impossible, it may harm the systems which are developed on the basis of insufficient features of fingerprint. It may effects on False Acceptance Rate (FAR) of the system. So, the authentication should be based on sufficient features. (iii) Severed Known Fingerprints It is similar to the known fingerprint mentioned earlier. But, it is a horrible attack done by a criminal to severe the fingerprint from the real user’s hand. To be protected, we should detect is the finger alive or not. (iv) Genetic Clone of Known Fingerprints Identical twins do not have same fingerprints. Because, the patterns of fingerprint are determined by the genetic mechanism and the nerve growth. So, they are not same but still very close. So, a genetic clone may be tried to deceive the system. To be protected from this kind of threats, we should keep tracking a genetic engineering on possibility of creating clones. (v) Artificial Clone of Known Fingerprints The attacker can make a 3D printed fingerprint or can make a mold of the known finger by which an artificial finger can be produced. (vi) Printed Image of Known Fingerprints This is very similar to the previous one. By the help of spraying some materials on the surface of the scanner to feel like actual finger, imposter can use printed image of fingerprint. Liveliness detection can be solution to fake biometric traits. There are two separate methods, such as, passive (non-stimulating) and active (stimulating) automated liveliness detection methods [5]. Generally, passive detection techniques make use of biometric probes recorded through a biometric sensor such as pulse measurement, temperature measurement, active sweat pores detection, skin resistance detection, electrical conductivity etc.[16] Active detection techniques normally require additional interactions that should requested using challenge response procedures. The different challenge response approaches can be used such as request of different fingers in random order. B. Replay Attack After acquisition of raw biometric data, it sends the raw data (e.g. fingerprint raw image) to the feature extraction module. The imposter steals the biometric trait raw data by seizing the channel and stores the trait. The imposter can reply the previously stored biometric trait to the feature extraction module to bypass the sensor. Fingerprint images are sent over channel usually compressed using WSQ. Because of the open compression standard, transmitting a WSQ compressed image over the Internet is not particularly secure. If the image can be seized, it can be decompressed easily which can cause Replay Old Data [1]. Data hiding techniques such as steganography can be applied when the raw image is sent to feature extractor. C. Override Feature Extractor The hackers, by Trojan Horse, take control over the feature extractor to produces feature sets as they wishes [1]. When installing or updating programs in a device it should be verified and should be aware of using third party programs. D. Synthesized Feature Set If the imposter can intercept the channel between the feature extraction module and matcher, he can replace the original set with a different synthesized feature set (assuming the representation is known to imposter) [1]. Insecure communication channel may face the ‘Hill Climbing Attack’ [2]. Hill Climbing Attack Uludag & Anil have developed an attacked for minutiae base fingerprint authentication system [6]. The location (c, r) and orientation Ɵ of minutiae points has been used by the attack. The system will works as the attackers knows the format of templates but not the information of templates. It uses the match score returned by the matcher and tries to generate minutiae set that results in successfully high matching score to be positive in identification. Figure-2 describes the Hill Climbing attack. refers to the database template corresponding to user i , i =1, 2,3,....N , where N is the total number of user. is Synthetic Template Generator Attack Module Fingerprint Matcher Application Devices To Other Modules T S( , T ) Attacking System Target System Figure 2. Block Diagram of Hill Climbing Attack International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 100 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 3. . the total number of minutiae in . T is the synthetic template generated by the attacking system for user i . S( , T ) is the matching score between and T . refers to the decision threshold used by the matcher. Note that the attacking system does not know this value. At the beginning of the attack, it generates several synthetic templates. Then begins attack with these templates and accumulate the matching scores returned by the matcher. It chooses the template having highest matching score. Then tries modification (perturbing, adding, replacing or deleting of minutiae) to get larger match score and chooses the larger one as the best template T . This modification continues until the matcher accept the current best score where ( ) > . To be safe from hill climbing attack, we can add some extra features in the matcher of authentication system. These may include- i) tracking the number of failures within specific time. ii) limiting the number of tries within specific time. E. Override Matcher The hackers replace the matcher by a Trojan horse program that generates very high or low matching scores as the hackers want, regardless of original scores [1]. The Matcher is also a program like feature extractor. Attacks to this point can be solved in the similar way as feature extractor described in section 2.3. F. Template Database Attack (i) Type of Attacks The template databases can lead to three kinds of threats [3] as describe below. a. Template Replaced by The Imposter’s Template The imposter can replace the original template with new one to gain the unauthorized access to the system whenever he wants like an authorized user. b. Masquerade/Physical Spoof Created from Templates Minutiae information is unique to each individual. The view of non-reconstruction was dominant in the biometrics communities, until some recent researches. Over last few years, some works were done that showed that a fingerprint image can be reconstructed from a minutiae template. The fingerprint image reconstructed from the minutiae template, known as a “masquerade” image since it is not an exact copy of the original image, will likely fool the system when it is submitted [7]. In 2007, Cappelli at al [8] did some amazing experiments. The authors analyzed the ISO/IEC 19794-2 minutiae standard template. They took different ways of test. In one experiment, they used basic minutiae information only (i.e. positions x, positions y, and directions). In another test, they also used optional information: minutiae types, Core and Delta data, and proprietary data (the ridge orientation field in this case. In their experiments, nine different systems were tested and the average percentage of successful attacks was 81% at a high security level and 90% at a medium security level. Image Reconstruction with points of attack in fingerprint is shown in figure-3. Masquerade can be very threatening fact to the owner. Because, hackers may track the owner where he/she is using the fingerprint. They may hack bank accounts and other secured accesses. They may use the masquerade to databases at other organizations to get unauthorized access, though they use different templates and algorithms, called Cross-Matching. c. Stolen Templates Imposter can steal the template and replay that on matcher. The stolen template can be used as synthesized feature set. (ii) Template Protection Techniques All the template protection techniques can be categorized in two major categories, such as, (a) feature transformation and (b) biometric cryptosystem. Figure-4 shows a graphical representation of biometric template protection techniques. Other types of template protection techniques are water marking [14], steganography [15], system on card/match on card [2] etc. a. Feature Transformation For the protection, the features generated from the input image are transformed to a new form. It is not kept in real Masquerade : Image Reconstruction from Template Stealing Templates Image used by imposter Cross-Matching Sensor Feature Extraction Matcher Application Devices Stored Templates 1 2 3 4 8 5 7 6 Override Feature Extractor Override Matcher Database-Matcher Accept or Reject Fake Biometric Replay Synthesized Feature Set Override Final Decision Template DB Attack Figure 3. Image Reconstruction (Masquerade) from stored templates International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 101 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 4. . form rather stored in transformed form. The generated transformed form can be invertible or non-invertible. 1. Invertible Transformation (Bio Hashing) In invertible feature transformation, the template is transformed with some parameter of user. At the site of authentication, the template is inverted again with the secret parameters. The scheme can’t provide high security without the secret transformation. Because if the secret key(transformation parameters) is compromised with imposters, they can revert the template. So, the key should be secured enough.[17] 2. Non-invertible Transformation (Cancellable Biometrics) Cancellable biometrics scheme is an intentional and systematic repeatable distortion of biometric template data with the purpose of protecting it under transformational- based biometric template security. In the verification site, the query image is transformed in same the manner, then compared. In the concept of cancellable transformation, a transformed template can be cancelled and re-issued by changing transformation parameters if problem issued [9]. b. Biometric Cryptosystems Cryptosystem technique on biometric data is called biometric cryptosystem where a key (or keys) is used to encrypt the biometric data. The key can be generated from biometric data itself or from an external data. At the matcher, the key is used to decrypt the biometric data. Observing the literature, we divide Biometric Cryptosystems into two major parts: Key Generation or Key Binding. 1. Key Generation At the time of enrolment, a unique key is chosen from the features extracted from the fingerprint. This key is not stored in the database [10]. A Secure Sketch reliably reproduces the biometric secret without leaking any information. It works in two phases: Generation & Reconstruction. It takes biometric data as input and creates a sketch of that data. Later, at reconstruction, the generated sketch and the data sufficiently similar (query image) to original the input data are given. Then, it reproduces the original input data. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them [11]. Fuzzy Extractor reliably extracts almost uniform randomness R from its input. It is error-tolerant because if we change deliver different template from same finger, R will not change. The resultant R is almost similar to the original R. This R is used as a key in cryptographic application [9]. 2. Key Binding In key binding, cryptographic key is tightly bound with the biometric template so that it cannot be released without a successful biometric authentication and without accessing template directly [12]. The key Binding can be categorized as Fuzzy Vault and Fuzzy Commitment. Fuzzy Vault is first introduced by Juels and Sudan [13] as a cryptographic construct. There are used two set of points : fuzzy unsorted points and chaff points. The unsorted Live-ness Detection Data Transmission Security Techniques Secure Installation & Updating of Programs Template Protection Techniques Attack Resistance Techniques Point 1 Point 2,4,7,8 Point 3,5 Point 6 Feature Transformation Invertible Bio- hashing Non- invertible Cancellable Biometrics Key Generation Secure Sketches & Fuzzy Key Binding Fuzzy Vault & Fuzzy Commitment Others Watermarking Steganography Match on Card (For small applications) Figure 4. Attacks and Solutions on Fingerprint Authentication System. Biometric Cryptosystems International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 102 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 5. . data set is taken from biometric data. Meenakshi[11] explained the fuzzy vault with biometric system. In fuzzy vault framework, the secret key S is locked by G, where G is an unordered set from the biometric sample. A polynomial P is constructed by encoding the secret S. This polynomial is evaluated by all the elements of the unordered set G. A vault V is constructed by the union of unordered set G and chaff point set C which is not in G. The vault, V = G U C. The union of the chaff point set hides the genuine point set from the attacker. Hiding the genuine point set secures the secret data S and user biometric template T. The vault is unlocked with the query template T’. T’ is represented by another unordered set U’. The user has to separate sufficient number of points from the vault V by comparing U’ with V. By using error correction method, the polynomial P can be successfully reconstructed if U’ overlaps with U and secret S gets decoded. If there is not substantial overlapping between U and U’ secret key S is not decoded. This construct is called fuzzy because the vault will get decoded even for very close values of U and U’ and the secret key S can be retrieved. Therefore fuzzy vault construct becomes more appropriate for biometric data which possesses inherent fuzziness. A Fuzzy Commitment scheme is one where a uniformly random key of length 1 bits (Binary vector) is generated and used to exclusively index an nbit codeword of suitable error correcting code where the sketch extracted from the biometric template is stored in a database [9]. G. Database-Matcher Channel Attack On this type of attack, the stored templates coming from database is being modified before reaching to matcher. So, the matcher gets modified templates. Maintaining secure data transmission can solve the problem. Different error detection techniques such as parity check, checksum, cyclic redundancy checks can be used to identify the transmitted template is modified or not.[18] H. Override Final Decision Final result coming from the matcher is modified by the imposters. It changes the original decision (accept/reject) by changing the match scores. Sending the result through a trusted channel and using a secure delivery can be used to get the correct result. III. CONCLUSION This study conveys a prominent analysis on the vulnerabilities of Fingerprint Authentication System of each point of the model and shows the effective security system existing now. This work brings vulnerabilities and securities, compacted together, of fingerprint authentication system. Different types of attack such as fake biometric, replay data, synthesized feature set and template database have been explained about how they occur. The paper also contains the prevention techniques against the corresponding attacks. As the template database is very sensitive part of the system, its protection techniques are have been analyzed with high significance. This paper even shows very small attempts taken such as match on card for the security of fingerprint template. In the analysis, it has been learnt that attack on template is very severe. If the templates are compromised, the security of their owner will be violated. So, template security requires more attention of research authority. Though several types of work have been done on the template security, they are not able to satisfy all the requirements such as recoverability, security, privacy, high matching accuracy etc. So, our next work is to generate an efficient template security scheme. REFERENCES [1] Ratha, Nalini K., Jonathan H. Connell, and Ruud M. Bolle. “An analysis of minutiae matching strength.” International Conference on Audio-and Video-Based Biometric Person Authentication. Springer Berlin Heidelberg, 2001. [2] Jain, Anil K., Karthik Nandakumar, and Abhishek Nagar. “Biometric template security.” EURASIP Journal on Advances in Signal Processing 2008 (2008): 113. [3] T. Putte and J. Keuning, “Biometrical fingerprint recognition: don’t get your fingers burned”, Proc. IFIP TC8/WG8.8, Fourth Working Conf. Smart Card Research and Adv. App., pp. 289-303, 2000. [4] Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino. “Impact of artificial ‘gummy’ fingers on fingerprint systems.” Proc. SPIE 4677, Optical Security and Counterfeit Deterrence Techniques IV, April 2002. [5] Rogmann, Nils, and Maximilian Krieg. “Liveness Detection in Biometrics.” Biometrics Special Interest Group (BIOSIG), International Conference of the. IEEE, 2015. [6] Uludag, Umut, and Anil K. Jain. “Attacks on biometric systems: a case study in fingerprints.” Proceedings of SPIE. Vol. 5306. 2004. [7] “Fingerprint Biometrics: Address Privacy Before Deployment.” https://www.ipc.on.ca/wp-content/uploads/2008/11/fingerprint- biosys-priv.pdf, 2008. [8] Cappelli, Raffaele, Dario Maio, Alessandra Lumini, and Davide Maltoni. “Fingerprint image reconstruction from standard templates.” IEEE transactions on pattern analysis and machine intelligence 29, No.9. 2007. [9] Mwema, Joseph, S. Kimani, and M. Kimwele. “A Simple Review of Biometric Template Protection Schemes Used in Preventing Adversary Attacks on Biometric Fingerprint Templates.” International Journal of Computer Trends and Technology 20.1 (2015): 12-18. [10] Khandelwal, Sarika, P. C. Gupta, and Khushboo Mantri. “Survey of Threats to the Biometric Authentication Systems and Solutions.” International Journal of Computer Applications 61.17. 2013. [11] Meenakshi VS, “Secure And Revocable Biometric Template Using Fuzzy Vault For Fingerprint, Iris And Retina.” A Thesis Submitted To Avinashilingam Deemed University For Women Coimbatore – 641043, 2010. [12] Huixian, Li, et al. “Key binding based on biometric shielding functions.” Information Assurance and Security. IAS'09. Fifth International Conference on. Vol.1. IEEE, 2009. [13] Juels, Ari, and Madhu Sudan. “A fuzzy vault scheme.” Designs, Codes and Cryptography 38.2 (2006): 237-257. [14] Patel, Monika, and Priti Srinivas Sajja. “The Significant Impact of Biometric Watermark for Providing Image Security using DWT based Alpha Blending Watermarking Technique.” [15] Rubal Jain and Chander Kant. “Attacks on Biometric Systems: An Overview.” International Journal of Advances in Scientific Research 2015; 1(07): 283-288. International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 103 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 6. . [16] M. Villa and A. Verma. "Fingerprint Recognition," in Biometrics in a Data Driven World: Trends, Technologies, and Challenges, M. Gofman and S. Mitra Eds., CRC Press, USA, pp. 265-281, 2017. [17] Ramu, T., and T. Arivoli. "Biometric Template Security: An Overview." Proceedings of International Conference on Electronics. Vol. 65. 2012. [18] Siwach, Ajay, Sunil Malhotra, and Ravi Shankar. "Analysis of Different Error Detection Schemes over OFDM Signal." International Journal of Engineering Trends and Technology- Volume4 Issue4- 2013 AUTHORS PROFILE Tanjarul Islam Mishu received his B.Sc. (Engg.) in Computer Science and Engineering from Jatiya Kabi Kazi Nazrul Islam University, Mymensingh, Bangladesh in 2016. Currently, he is student in M.Sc. of the institute. His research interest is focused on Biometrics Systems, Pattern Recognition, Image Processing, and Data Mining. Dr. Md. Mijanur Rahman is a faculty member of the Dept. of Computer Science and Engineering, Jatiya Kabi Kazi Nazrul Islam University, Trishal, Mymensingh, Bangladesh, since April 2008 (very beginning of the university). Now, Dr. Rahman is working as an Associate Professor of the CSE department. He also served as Lecturer and Assistant Professor in the same department. He served before as an Instructor (Tech) Computer in Govt. Polytechnic Institute from December 2005 to April 2008. Dr. Rahman obtained his B. Sc. (Hons) and M. Sc. degree both with first class first in CSE from Islamic University, Kushtia, Bangladesh. He also obtained his PhD degree in Computer Science and Engineering from Jahangirnagar University, Savar, Dhaka, Bangladesh in August 2014. His teaching and research interest lies in the areas such as Digital Signal Processing, Digital Speech Processing, Biometric Technology, Pattern Recognition, etc. Many of his research papers have been published in both national and international journals. International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 104 https://sites.google.com/site/ijcsis/ ISSN 1947-5500