Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

  • Be the first to comment

  • Be the first to like this


  1. 1. Sivasankar Bandaru, Swapna. S / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.1141-1144 Three Factor Authentication Schemes for the Automation of Inter-Networked banking and Teller Machine operations using Universal Subscriber Identification Modules Sivasankar Bandaru*, Swapna. S** *( M .Tech (WT), Aurora’s Technological and Research Institute, JNTUH Hyderabad, Andhra Pradesh, pin code-500035, India) ** (Assistant professor, IT Department, Aurora’s Technological and Research Institute, JNTUH Hyderabad, Andhra Pradesh, pin code-500035, India)ABSTRACT Automated teller machines (ATMs) are encryption algorithm was a simulation of the M-209well known devices typically used by individuals cipher machine used by the carry out a variety of personal and business It has long been known that all a cracker need do tofinancial transactions and/or banking functions. acquire access to a Unix machine is to follow twoATMs have become very popular with the simple steps, namely:general public for their availability and general 1) Acquire a copy of that site’s /etc/passwd file,user friendliness. ATMs are now found in many either through an unprotected uucp link, well knownlocations having a regular or high volume of holes in sendmail, or via ftp or tftpconsumer traffic. Various services and resources 2) Apply the standard (or a sped-up) version of theneed protection from unauthorized use. Remote password encryption algorithm to a collection ofauthentication is the most commonly used words, typically /usr/dict/words plus somemethod to determine the identity of a remote permutations on account and user names andclient. This paper investigates a systematic compare the encrypted results to those found in theapproach for authenticating clients by three purloined /etc/passwd file.[3]factors, namely password, smart card, and A SIM card contains a unique serial number it readsbiometrics. Biometrics is the identification of the international mobile subscriber identity (IMSI),humans by their characteristics or traits. A security authentication and ciphering information,physiological biometric would identify by ones temporary information related to the local network, avoice, Face, hand print or behaviour. Since list of the services that the user has to access thebiometric identifiers are unique to individuals, two passwords: a personal identification numberthey are more reliable in verifying identity than (PIN) for ordinary use and a personal unblockingtoken and knowledge-based methods. code (PUK) for PIN unlocking.Keywords— User authentication, Smart card, Face Cryptographers have traditionally analysedRecognition and security the security of ciphers by modelling cryptographic algorithms as ideal mathematical objects. A modern cipher is conventionally modelled as a black box thatI. INTRODUCTION accepts plaintext inputs and provides cipher text In a traditional password authentication outputs. Inside this box, the algorithm maps thescheme, a system server has to be able to inputs to the outputs using a predefined function thatauthenticate a remote logon based on identity and depends on the value of a secret key. The black boxpassword. [2] Password authentication protocols is described mathematically and formal analysis ishave two entities that share a password for the basis used to examine the systems security. In a modernof authentication. Password authentication can be cipher, an algorithms security rests solely on thecategorized into two types: weak-password concealment of the secret key.[4] Smart cards servesauthentication schemes and strong-password ATM cards and mobile phone SIMs, authorizationauthentication schemes. strong-password cards to provide high-security identification andauthentication protocols have the advantages over access-control cards, Smart cards can be used asthe weak-password authentication schemes in that electronic wallets. The smart card chip can betheir computational overhead are lighter, designs are "loaded" with funds to pay parking meters andsimpler, and the implementation are easier in the vending machines. These Cryptographic protocolscomputational environments. protect the exchange of money between the smart The security of accounts and passwords has card and the accepting machines.always been a concern for the developers and users .of Unix. When Unix was younger, the password 1141 | P a g e
  2. 2. Sivasankar Bandaru, Swapna. S / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.1141-1144II. FUNCTIONALITY OF SMART CARD 3-Factor-Login-Auth: This is another interactive Smart cards themselves usually are a small protocol between the client C and the server S; thispart of a much more complex system. There are enables the client to login successfully using PW,usually complex networks of card terminals SC, and BioData. An execution of this protocol isconnecting to other backend host computers that denoted byprocess the information from transactions occurringat the card terminals. Companies investing in thisinfrastructure have a vested interest in standardizingthe system components to guarantee the longevity ofthe system. Without standards, differentmanufacturers¢ components would not interoperate. The output of this protocol is “1” (if theThe smart card systems would not be generally authentication is successful) or “0” (otherwise).accepted because users would be forced to carry 3-Factor-Password-Changing: This protocol enablesaround many different, non-interoperable smart a client to change his/her password after a successfulcards. This is an untenable situation for both users authentication. The data in the smart card will beand manufacturers. [5] updated accordingly Smart cards provide computing andbusiness systems the enormous benefit of portable 3-Factor-Biometrics-Changing2: An analogue ofand secure storage of data and value. At the same password- changing is biometrics-changing, namelytime, the integration of smart cards into your system the client can change his/her biometrics used in theintroduces its own security management issues, as authentication, e.g., using a different finger or usingpeople access card data far and wide in a variety of iris instead of finger. While biometrics-changing isapplications. not supported by previous three-factor authentication In a PKI system a Digital Signature verifies protocols, we believe it provides the client withdata at its origination by producing an identity that more flexibility in the authentication. [1]can be mutually verified by all parties involved inthe transaction. A cryptographic hash algorithmproduces a Digital Signature. III. PRINCIPAL OF COMPONENT ANALYSIS (PCA) [6]:A. It ensure data privacy, by encrypting data Principal component analysis (PCA) createsB. It ensures data integrity, by recognizing if data new variables that consist of uncorrelated, linearhas been manipulated in an unauthorized way combinations of the original variables. PCA is usedC. Ensures data uniqueness by checking that data is to simplify the data structure PCA also known as"original", and not a "copy" of the "original". The Karhunen Loeve projection. PCA calculates thesender attaches a unique identifier to the "original" Eigen vectors of the covariance matrix, and projectsdata. This unique identifier is then checked by the the original data onto a lower dimensional featurereceiver of the data. space, which is defined by Eigen vectors with large Eigen values. PCA has been used in face Smart Card based Protocol provides three- representation and recognition where the Eigenfactor authentication protocol involves a client C and vectors calculated are referred to as Eigen faces. Ina server S, and consists of five phases. gel images, even more than in human faces, the3-Factor-Initialization: S generates two system dimensionality of the original data is vast comparedparameters PK and SK. PK is published in the to the size of the dataset, suggesting PCA as a usefulsystem, and SK is kept secret by S. An execution of first step in analysis. There are many approaches tothis algorithm is denoted by 3-Factor-Initialization face recognition ranging from the Principal(k)  (PK, SK), where K is system’s security Component Analysis (PCA) approach (also knownparameter. as Eigen faces). Prediction through feature matching. The idea of feature selection and point matching has3-Factor-Reg: A client C, with an initial password been used to track human motion. Eigen faces havePW and biometric characteristics BioData, registers been used to track human faces. They use a principalon the system by running this interactive protocol component analysis approach to store a set of knownwith the server S. The output of this protocol is a patterns in a compact subspace representation of thesmart card SC, which is given to C. An execution of image space, where the subspace is spanned by thethis protocol is denoted by Eigen vectors of the training image set. It is one of the more successful techniques of face recognition and easy to understand and describe using mathematics. This method involves using Eigen faces [6] 1142 | P a g e
  3. 3. Sivasankar Bandaru, Swapna. S / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.1141-1144IV. FACE RECOGNITION [7]: The ability to recognize people by theirfacial characteristics Computers can conduct facialdatabase searches and/or perform live, one-to-one orone-to-many verifications with unprecedentedaccuracy and split-second processing. Users can begranted secure access to their computer, mobiledevices, or for online e-commerce, simply bylooking into their Web camera.The following details that can be shown Security - Military applications Personal information access -ATM Fig: 3 it shows the administration details -Home accessImproved human machine interaction Many face verification applications make itmandatory to acquire images with the same camera.However, some applications, particularly those usedin law enforcement, allow image acquisition withmany camera types. This variation has the potentialto affect algorithm performance as severely aschanging illumination. But, unlike the effects ofchanging illumination, the effects on performance ofusing multiple camera types have not beenquantified. [7]V. FIGURES Fig:4 User Registration FormFig: 1 It shows the Bank Details Fig:5 Capturing the imageFig: 2 it shows the types of Bank Fig:6 User Enter the PIN Details 1143 | P a g e
  4. 4. Sivasankar Bandaru, Swapna. S / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.1141-1144 Security,” Proc. Second USENIX Workshop Security, 1990. [4] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Examining Smart-Card Security under the Threat of Power Analysis Attacks,” IEEE Trans. Computers, vol. 51, no. 5, pp. 541-552, May 2002. [5] Jorge Ferrari, Robert Mackinon, Sasan Poh and Lakshman Yathwara.” Smart card: Case Study” International Technical support Organization, October 1998. [6] Srinivasulu Asadi, Dr.Ch.D.V.Subba Rao and V.Saikrishna “A Comparative study ofFig:7 Transaction Details Face Recognition with Principal Component Analysis and Cross-CorrelationVI. CONCLUSION: Technique” International Journal of ALL THE FUNCTIONS OF THE ATM, THE Computer Applications (0975 – 8887)AUTHORS ARE NOW CONCENTRATING ON Volume 10– No.8, November 2010.DEVELOPING THE INTENTION RECOGNITION, MOBILE [7] P. J. Phillips, A. Martin C. L. Wilson andBASED PROCESSING AND ALERT MODULE. M. Przybocki, “An Introduction to This paper presents a novel architecture that Evaluating Biometric Systems,” IEEEcan be used as a means of interaction between Computer, Vol.33, No.2, Feb. 2000, pp. 56-mobile phone, ATM machine and a Banking 63.application for the purpose of withdrawing cash. Theproposed design; the secure M-cash withdrawalallows the use of mobile phones as a tool of Authors Profile:interaction and provide flexibility through a robustidentity management architecture. The first part ofthe architecture is the process of being implementedand all the process involved has been analysed andjustified where possible.VII. ACKNOWLEDGMENT Sivasankar Bandaru is pursuing M. I would like to thanks some great mind Tech in Web Technologies from Aurora’swithout whom this research would have been Technological and Research Institute, JNTUH, A.P,adistant reality. I am totally by the side of these INDIA. His research areas include Distributedpeople. I would like to say thanks to my parents who System, and Computer to me carry out my research without anyhindrance. My deepest thanks to great person, mymentor Asst Prof. Swapna. S without whose ideas itwas impossible.REFERENCES [1] Xinyi Huang, Yang Xiang, Member, IEEE, S. Swapna received her M.Sc. Ashley Chonka, Jianying Zhou, and Robert Computer Science in 2007 from Reddy women’s H. Deng, Senior Member, IEEE “A Generic College Narayanguda and M. Tech in Web Framework for Three-Factor Technologies from Aurora’s Technological and Authentication: Preserving Security and Research Institute, JNTUH, A.P, INDIA. Her area of Privacy in Distributed Systems” IEEE expertise includes Operating system, Web Security TRANSACTIONS ON PARALLEL AND and Database and Management System (DBMS), DISTRIBUTED SYSTEMS, VOL. 22, NO. image processing. She is working as Assistant 8, AUGUST 2011. Professor in department of Information Technology [2] C.H. Lin and Y.Y. Lai, “A Flexible at Aurora’s Technological and Research Institute, Biometrics Remote User Authentication Hyderabad. Scheme,” Computer Standards Interfaces, vol. 27, no. 1, pp. 19-23, Nov. 2004. [3] D.V. Klein, “Foiling the Cracker: A Survey of, and Improvements to, Password 1144 | P a g e