K.V.Hari Kishan Yadav   B.Abdul JameelIII B.tech IT           III B.tech ITIrah_09@yahoo.co.in     visit_jameel@yahoo.co.in
ABSTRACT            Now-a-days we are facing majority of crimes related to securityissues and these arise due to the leaka...
 INTRODUCTION WHY MOVE TO BIOMETRICS? THE BIOMETRIC MODEL BIOMETRIC TECHNIQUES KEYSTROKE BIOMETRICS (FOOL PROOF)    ...
INTRODUCTION                          As per the saying     financial transactions and personal“NECESSITY IS THE MOTHER OF...
hue and cry for the development of anew type of system which fetches                  THE BIOMETRIC MODELmore foolproof se...
BIOMETRIC MODEL                                                     Matching                                              ...
BIOMETRIC TECHNIQUES                              Hand and Finger geometry   Fingerprint Verification                     ...
KEYSTROKE BIOMETRICS
“The keystroke biometrics                  During this time, one obtains themakes use of the inter-stroke gap             ...
Standard deviation=              {[ (X (i)-mean)] 2/n}             Once the database entry has                The [FAR] is...
ALGORITHMInput    : User name, User_id, Password.Output: Registration of a new user (or) Acceptance of a user if registere...
A graph is plotted between             amount of predefined ranges. FARkeystrokes and keystroke timing. The               ...
legal or not following his rhythmic                  not legal, his typing pattern for thebehavior of typing the access co...
(FINGER PRINT + FACIAL SCANNING + SPEECH)                 ENROLLMENT MODULE  IMAGE                                        ...
server is sure about the user in the     APPLICATIONS                                                computer.BIOMETRIC BA...
very inconvenient for users. This is              producing a much larger thanparticularly true if the user being         ...
Biometrics has become an integral part of       traditional security systems inlife. We see the effects of retinal scannin...
Biometrics has become an integral part of       traditional security systems inlife. We see the effects of retinal scannin...
Biometrics has become an integral part of       traditional security systems inlife. We see the effects of retinal scannin...
Biometrics has become an integral part of       traditional security systems inlife. We see the effects of retinal scannin...
Upcoming SlideShare
Loading in …5
×

13 biometrics - fool proof security

1,170 views

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,170
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
58
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

13 biometrics - fool proof security

  1. 1. K.V.Hari Kishan Yadav B.Abdul JameelIII B.tech IT III B.tech ITIrah_09@yahoo.co.in visit_jameel@yahoo.co.in
  2. 2. ABSTRACT Now-a-days we are facing majority of crimes related to securityissues and these arise due to the leakage of passwords or illegalauthentication. At one end, there is a continuous and tremendousimprovement in the lifestyle of Humans while at the other end; thetechnological crimes are increasing rapidly. As there is a problem, theremust be a solution. The need for a compromising technology which can beadopted is highly imperative. Technologies capable of identifying each personuniquely need to be developed. The only powerful solution for the problem ofillegal authentication is Biometrics. Nature has made human beings with different characteristics whichmay vary from one person to another. This property is made use of byBiometric technology to distinctly identify each person. Biometrics is ameans of using the physiological or behavioral characteristics of a person asa kind of permanent password. This paper provides an overall idea of Biometrics , the typicalBiometric Model, an overview of the Biometric techniques and focuses mainlyon Keystroke Biometrics which is easy to implement and can provide foolproof security based on the effectiveness of the algorithm. “It is better to light up a candle rather than to curse thedarkness” CONTENTS
  3. 3.  INTRODUCTION WHY MOVE TO BIOMETRICS? THE BIOMETRIC MODEL BIOMETRIC TECHNIQUES KEYSTROKE BIOMETRICS (FOOL PROOF)  IMPLEMENTATION DETAILS  PERFORMANCE MEASURES  ALGORITHM  ANALYSIS: INTER-KEY STROKE TIMING MULTIMODAL BIOMETRICS APPLICATIONS CONSTRAINTS & SOLUTIONS CONCLUSION
  4. 4. INTRODUCTION As per the saying financial transactions and personal“NECESSITY IS THE MOTHER OF data privacy. Most systems make useINVENTION”, the need for a new type of a personal identification code in orderof identification and authentication to authenticate the user. In thesetechnique has led to the development of systems, the possibility of malicious userBiometrics. gaining access to the code cannot be ruled out. However, combining the “ Biometrics is an personal identification code withautomated method of biometrics provides for robust userrecognizing a person based on aphysiological or behavioral authentication system. Biometrics is ofcharacteristic. “ two kinds: One deals with the physical Biometric technologies are traits of the user (Retinal scanning,becoming the foundation of an extensive Fingerprint scanning, DNA testing etc.,)array of highly secure identification and and the other deals with the behaviouralpersonal verification solutions. As the traits of the user (Voice recognition,level of security breaches and Keystroke dynamics, etc.,).transaction fraud increases, the need for Utilized alone or integrated withhighly secure identification and personal other technologies such as smart cards,verification technologies is becoming encryption keys and digitalapparent. signatures, biometrics is set to pervade nearly all aspects of the economy and Biometric-based solutions our daily lives.are able to provide for confidential The recent incidents of cyber crimes and credit card thefts due to leakage of passwords create a WHY MOVE TO BIOMETRICS?
  5. 5. hue and cry for the development of anew type of system which fetches THE BIOMETRIC MODELmore foolproof security than the The biometric authentication systempassword based systems. Biometrics consists of the following partsis preferred over traditional methods • User interface or theinvolving passwords and PIN biometric readernumbers for various reasons: • Communication Subsystem • The Controlling software  The person to be identified • Data storage is required to be physically Biometric system works by taking a present at the point-of- number of samples of physiological or identification. behavioural characteristics to produce a  Biometric trait cannot be reliable template of the user information. easily stolen or lost. The user is verified against a template in  Identifies the person, not the memory, which he claims to be the machine. himself and the user is authenticated if the biometric pattern of the user matches By replacing Passwords, with the template. The biometric samplePINs, biometric techniques can of the person is not stored in the hostpotentially prevent unauthorized computer or the controller. So there is noaccess to or fraudulent use of ATMs, possibility of the others getting it.cellular phones, smart cards, desktop Moreover, the biometric template of aPCs, workstations, and computer person is stored in the form of a dynamicnetworks. Thus biometric systems of binary template with suitable encryption Signature Verification Passwords Biometricsidentification are enjoying a renewed to provide utmost security.interest.
  6. 6. BIOMETRIC MODEL Matching Score 95% Data Collection Decision Making Template Biometric Capture Extraction Verification Signal Processin Enrollment g Storage Example: FINGERPRINT VERIFICATION BIOMETRIC IMAGE 1010 CAPTURE PROCESS 0110 1101 IMAGE LIVE UPDATE TEMPLATE 1010 BIOMETRIC EXTRACT 0110 MATCHING 98% 1101 MATCHING SCORESTORAGE DEVICE STORED TEMPLATE
  7. 7. BIOMETRIC TECHNIQUES Hand and Finger geometry Fingerprint Verification This method uses the data such as This is one of the oldest forms of length, shape, distance between thebiometric techniques which involves fingers, overall dimensions of the handmapping of the pattern of the fingerprint and also the relative angle between theof the individual and then comparing the fingers. Modern systems use thisridges, furrows, within the template. The technique in association with thefingerprint given to the device is first Fingerprint scanning technique.searched at the coarse level in the Voice Biometrydatabase and then finer comparisons aremade to get the result. It is proved that the frequency, stress and accent of speech differ from Iris Recognition person to person. Voice biometry uses In Iris and Retinal scanning, the this concept to solve the problem ofiris and the retina are scanned by a low illegal user.intensity light source and the image iscompared with the stored patterns in the Signature Verificationdatabase template. They are the fastest This technology uses the dynamicand the secure form of biometry. analysis of a signature to authenticate a person. This technology is based on Facial Scanning measuring speed, pressure and angle Facial scanning involves scanning used by the person when a signatureof the entire face and checking of critical is produced.points and areas in the face with thetemplate. This method is not completely Keystroke dynamicreliable and so it is used in association In this technique, the system analyseswith another biometric technique. the rhythm of typing the password.
  8. 8. KEYSTROKE BIOMETRICS
  9. 9. “The keystroke biometrics During this time, one obtains themakes use of the inter-stroke gap inter-stroke timings of all the keys ofthat exists between consecutive the identification code. The intercharacters of the user stroke interval between the keys is measured in milliseconds. Theidentification code.” systems’ delay routine can be used to When a user types his serve the purpose. The delay routineauthentication code, there exists a measures in milliseconds and theparticular rhythm or fashion in typing amount of delay incurred betweenthe code. If there does not exist any successive strokes can be used as aabrupt change in this rhythmic counter to record this time interval.manner, this uniqueness can be used The mean and standardas an additional security constraint. It deviation of the code are calculated.has been proved experimentally that This is done in order to provide somethe manner of typing the same code leverage to the user typing the code.varies from user to user. Thus this The reference level that we chose iscan be used as a suitable biometric. the mean of the training period andFurther, if the user knows before the rounded standard deviation ishand about the existence of this used as the leverage allotted per user.mechanism, he can intentionally These values are fed into the databaseintroduce the rhythm to suite his of the user. These details can also beneeds. incorporated onto the system’sIMPLEMENTATION DETAILS password files in order to save the As the user logs onto the additional overhead incurred. Thesystem for the first time, a database mean and the standard deviationentry is created for the user. He is can be determined by using thethen put through a training period, relationship given below.which consists of 15-20 iterations. Mean= (1/n) x (i)
  10. 10. Standard deviation= {[ (X (i)-mean)] 2/n} Once the database entry has The [FAR] is the percentage ofbeen allotted for the user, this can be unauthorized users accepted by theused in all further references to the user. system.The next time the user tries to login, one The [FRR] is the percentage ofwould obtain the entered inter-stroke authorized users not accepted by thetiming along with the password. A system.combination of all these metrics is usedas a security check of the user. The An increase in one of thesealgorithm given below gives the details metrics decreases the other and viceof obtaining the authorization for a versa. The level of error must beparticular user. The algorithm assumes controlled in the authentication systemthat the database already exists in the by the use of a suitable threshold suchsystem and one has a system delay that only the required users are selectedroutine available and the others who are not authorized are rejected by the system. In this paper, standard deviation of the user’s training PERFORMANCE period entry is used as a threshold. The MEASURES correct establishment of the threshold is While considering any important since too strong a thresholdsystem for authenticity, one needs to would lead to a lot of difficulty in entryconsider the false acceptance rate even for the legal user, while a lax(FAR) and the false rejection rate threshold would allow non-authorized(FRR). entry. Thus a balance would have to be established taking both the factors into consideration.
  11. 11. ALGORITHMInput : User name, User_id, Password.Output: Registration of a new user (or) Acceptance of a user if registered (or) Rejection of an unregistered user.Main(){If (User==New) { read (User); // Getting User name, User_id, Password read (Inter-stroke gap); // Time interval between consecutive characters Add user (database); // Add the User to the database User count =1; }else if (User==Training) { read (User); read (Inter-stroke gap); if (Check (User, Password)) { if (User count15) { update ( User count); // User count = User count +1 add (Inter-stroke gap); } else if (User count ==15) { update (User count); add (Inter-stroke gap); Calculate Mean (M), Standard deviation (S.D); } } } else if (User==Existing) { read (User); read (deviation); if (Check (User, Password, deviation)) Login; else exit(0); }}Analysis of inter-keystroke timing of user code
  12. 12. A graph is plotted between amount of predefined ranges. FARkeystrokes and keystroke timing. The and FRR can be reduced to a treat‘X’ axis indicates the number of extent so that only the legal user getsinter-keystrokes and negative ‘Y’ access to the system. The +Raxis indicates the inter-keystrokes boundary and –R boundary give thetiming in milliseconds. desired range so that only the legalUser accepted: user gets access. In the graph, the line (L3) Graph I shows the inter- indicates the current pattern of typingkeystroke timing analysis when the the access code on the keyboard; theuser is accepted. Here it can be easily line (L2) indicates the keystrokeseen that when the user is authentic pattern according to reference levelor when he types in his normal and the line (L1) and (L2) indicatesrhythm, the user automatically comes the positive and the negative ranges.into the predefined ranges. The The ranges can be decided by thecurrent inter-keystroke timing lies standard deviation method, which isaround the database inter-keystroke used here for analysis or any othertiming, thereby providing adequate adaptive method. db=Database Graph I: Inter keystroke timing analysis when the +R=+VE Boundary user is accepted -R=-VE Boundary c=Current -R -R -R -R -R c c -R -R db db -R (L1) c c db db db db c c c db (L2) c c c (L3) db +R db +R +R +R +R +RUser not accepted: Graph II indicates inter- +R +R +R (L4) keystroke timing when the user is not ACCESS GRANTED
  13. 13. legal or not following his rhythmic not legal, his typing pattern for thebehavior of typing the access code. It access code is not at all into thecan be easily noticed when the user is predefined ranges. db=Database Graph II: Inter keystroke timing when the user is +R=+VE Boundary not legal or not following his rhythmic -R=-VE Boundary behaviour c=Current -R -R -R -R -R -R -R db c db -R (L1) db db db db c db c (L2) db db +R c +R c +R +R +R +R +R +R (L4) +R c c c (L3) ACCESS DENIED A MULTIMODAL BIOMETRIC SYSTEM A biometric system which relies advantage of the capabilities of eachonly on a single biometric identifier is individual biometric and overcomes theoften not able to meet the desired limitations of individual biometric. Thisperformance requirements. Identification multi biometric system operates with anbased on multiple biometrics represents admissible response time.an emerging trend. This system takes the EXAMPLE (A Multibiometric system)
  14. 14. (FINGER PRINT + FACIAL SCANNING + SPEECH) ENROLLMENT MODULE IMAGE Face ExtractorACQUISITION MODULE Databas Minutiae Extractor e Browse r Ceptral Analysis FACIAL SCANNING Template Database Eigenspace Projection and HMM training FINGERPRINT Face Eigenspace Locator Comparison Minutiae Minutiae Decision Accept/ Extractor matching Fusion Reject SPEECH Ceptral HMM ACQUISITION Analyzer scoring MODULE VERIFICATION MODULE
  15. 15. server is sure about the user in the APPLICATIONS computer.BIOMETRIC BANKING BIOMETRIC SMARTCARDS Banks have been Biometric technologies areexperimenting with keystroke used with smart cards for ID systemsBiometrics for ATM machine use and to applications specifically due to theircounteract the credit card frauds. The ability to identify people withsmart card or the credit card may beincorporated with the biometric minimal ambiguity. A biometricinformation. When a user inserts his card based ID allows for the verificationfor verification, the biometric sample of of “who you claim to be”the person can be verified precisely and (information about the card holderif it is identical the person is stored in the card) based on “whoauthenticated. The advantage of this you are” (the biometric informationsystem is that the user can enjoy the stored in the smart card), instead of,facilities offered by the Bank along with or possibly in addition to, checkingutmost security. “what you know” (such as password).INTERNET SECURITY If the password is leaked out, the ANY CONSTRAINTS INcomputer or the web server will not be KEYSTROKE BIOMETRICS?able to identify whether the original user A question that arises with anyis operating the computer. PCs fitted technology is that “Does thiswith biometric sensors can sense the technology have any constraints?” Thebiometric template and transmit it to the answer to this question is that, “It purelyremote computer so that the remote depends upon its implementation mechanism”. In Keystroke biometrics, the person being authenticatedmust have registered their bio- authenticated. Registration processesidentity before it can be can be extremely complicated and
  16. 16. very inconvenient for users. This is producing a much larger thanparticularly true if the user being average error rate. Conversely, if aregistered is not familiar with what is user is intrigued and enthusiastichappening. The problem for the about using the device, he is likely tooperator is that the right person will use it as intended, be more consistentbe rejected occasionally by what and enjoy 8relatively low error rates.might be presented as a ‘foolproof’ Since this is the case, clearly wesystem. Both the FAR and the FRR should aim for well educated (independ to some extent on the terms of the system) users who havedeviation allowed from the reference good quality reference templates andlevel and on the number of are happy with the overall systemcharacters in the identification code concept and its benefits.(Password). It has been observed that Technology is not any more scienceproviding a small deviation lowers fiction. Huge of small corporations usethe FAR to almost NIL but at the biometrics a lot of years more and more.same time tends to increase the Readers cost was reduced and usage of biometrics is everyday reality.FRR. This is due to the fact that thetyping rhythm of the user depends tosome extent on the mental state of The Future Of Biometricsthe user. So, a balance would have to Today we have the technology tobe established taking both the factors realize the aims, and to refine the accuracyinto consideration. of biometric identification, and therefore the possibility of making it a viable field. SOLUTION 2025: The performance measure It is the year 2025, and biometrics has comeof Keystroke biometrics purely a long way. Uses for biometrics now rangedepends on User psychology, i.e., the from employee verification to e-commerce.user’s particular temperament; Voice biometrics and hand geometryunderstanding and current state of recognition systems are used for employeesmind can have a dramatic impact on to clock-in at work. No longer canreal system performance. If a user is employees clock-in for other employees. Biometrics are also used in e-business fornot happy about using the biometric secure payment. At dance and night clubs,device, he is likely to be consistent in biometrics act as a sort of virtual bouncer tousing it, potentially keep out unruly patrons.
  17. 17. Biometrics has become an integral part of traditional security systems inlife. We see the effects of retinal scanning,hand geometry recognition, and voice the future.biometrics in our homes, businesses,employment, and entertainment.Future is very hopeful for biometricindustry. It has main position in AccessControl and Time and Attendanceapplications. Biometric technology is notany more science fiction. Huge of smallcorporations use biometrics a lot of yearsmore and more. Readers cost was reducedand usage of biometrics is everyday reality.CONCLUSION Keystroke Biometrics offers a valuable approach to current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. Even if the unauthorized user discovers the access code, he cannot get access to the system until and unless he also knows the rhythm. Also, the typing rhythm can be self-tuned by the user to suit his needs. As the keyboard has duplicate keys, the typing rhythm also depends whether the user is a left-handed person or a right-handed person. Positively Keystroke Biometrics will replace the entire
  18. 18. Biometrics has become an integral part of traditional security systems inlife. We see the effects of retinal scanning,hand geometry recognition, and voice the future.biometrics in our homes, businesses,employment, and entertainment.Future is very hopeful for biometricindustry. It has main position in AccessControl and Time and Attendanceapplications. Biometric technology is notany more science fiction. Huge of smallcorporations use biometrics a lot of yearsmore and more. Readers cost was reducedand usage of biometrics is everyday reality.CONCLUSION Keystroke Biometrics offers a valuable approach to current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. Even if the unauthorized user discovers the access code, he cannot get access to the system until and unless he also knows the rhythm. Also, the typing rhythm can be self-tuned by the user to suit his needs. As the keyboard has duplicate keys, the typing rhythm also depends whether the user is a left-handed person or a right-handed person. Positively Keystroke Biometrics will replace the entire
  19. 19. Biometrics has become an integral part of traditional security systems inlife. We see the effects of retinal scanning,hand geometry recognition, and voice the future.biometrics in our homes, businesses,employment, and entertainment.Future is very hopeful for biometricindustry. It has main position in AccessControl and Time and Attendanceapplications. Biometric technology is notany more science fiction. Huge of smallcorporations use biometrics a lot of yearsmore and more. Readers cost was reducedand usage of biometrics is everyday reality.CONCLUSION Keystroke Biometrics offers a valuable approach to current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. Even if the unauthorized user discovers the access code, he cannot get access to the system until and unless he also knows the rhythm. Also, the typing rhythm can be self-tuned by the user to suit his needs. As the keyboard has duplicate keys, the typing rhythm also depends whether the user is a left-handed person or a right-handed person. Positively Keystroke Biometrics will replace the entire
  20. 20. Biometrics has become an integral part of traditional security systems inlife. We see the effects of retinal scanning,hand geometry recognition, and voice the future.biometrics in our homes, businesses,employment, and entertainment.Future is very hopeful for biometricindustry. It has main position in AccessControl and Time and Attendanceapplications. Biometric technology is notany more science fiction. Huge of smallcorporations use biometrics a lot of yearsmore and more. Readers cost was reducedand usage of biometrics is everyday reality.CONCLUSION Keystroke Biometrics offers a valuable approach to current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. Even if the unauthorized user discovers the access code, he cannot get access to the system until and unless he also knows the rhythm. Also, the typing rhythm can be self-tuned by the user to suit his needs. As the keyboard has duplicate keys, the typing rhythm also depends whether the user is a left-handed person or a right-handed person. Positively Keystroke Biometrics will replace the entire

×