This document provides an overview of blind authentication, a secure crypto-biometric authentication protocol. It begins with an introduction discussing the primary concerns with biometric authentication systems, such as template protection, user privacy, trust issues between users and servers, and network security. It then reviews related work on addressing these concerns. The document proceeds to explain the blind authentication process, which involves feature extraction, enrollment with a trusted third party, and authentication between a user and server. Features of blind authentication include strong encryption for template protection and privacy while maintaining authentication accuracy. Advantages are template security, non-repudiation, and revocability.
Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc. Mostly textual passwords follow an encryption algorithm as mentioned aboveBiometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning). Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc. Years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc. Mostly textual passwords follow an encryption algorithm as mentioned aboveBiometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning). Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc. Years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
A biometric technology is use full for authentication process in nowadays.In this presentation i have explained the use of 3d finger authentication, face recognisation,tokens authentication and knowledge authentication.
3-D PASSWORD is a way of more secured authentication in which password is created in 3d environment.
3d password is a combination of recognition, recall, token, and biometrics based systems.
3D password is a multifactor authentication scheme in which we require a 3D virtual environment for authentication.
Users have choice to select the type of authentication technique.This freedom of selection is necessary because users are different and they have different requirements.
The 3D password presents a virtual environment containing various virtual objects. The user walks through the environment and interacts with the objects .
3D Password have authentication than other system.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
A biometric technology is use full for authentication process in nowadays.In this presentation i have explained the use of 3d finger authentication, face recognisation,tokens authentication and knowledge authentication.
3-D PASSWORD is a way of more secured authentication in which password is created in 3d environment.
3d password is a combination of recognition, recall, token, and biometrics based systems.
3D password is a multifactor authentication scheme in which we require a 3D virtual environment for authentication.
Users have choice to select the type of authentication technique.This freedom of selection is necessary because users are different and they have different requirements.
The 3D password presents a virtual environment containing various virtual objects. The user walks through the environment and interacts with the objects .
3D Password have authentication than other system.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...Henry Chukwuemeka Paul
This paper aims at evaluating, compare the RFID and Biometric technology and report result based on the performances in terms of various parameters that is analyzed. Currently, most schools and institutions do have difficulties to monitor their students’ security and attendance system using either RFID Card or biometrics alone, where the procedures are inefficient in monitoring the students’ security and managing their attendance. The application of RFID Card system as a school monitoring system to improve class attendance procedure, automatically monitor the interest group movements and increases their security. Using RFID makes it easier and faster to detect students’ attendance in a lecture class. In this system, the fingerprint recognition is also adopted to enhance the procedure of identifying authentication of student more securely and reliable for facilities management, gateway access and facilities control, it will also help the school management to provide visibility of assets and effective user tracking.
Biometric Technology and Human Factor EngineeringM2SYS Technology
Biometrics as a global industry is evolving rapidly. With each passing day, more news sprouts up about countries adopting biometric identification technology to secure borders, establish free and fair elections, or tighten airport security. Countries like India have embarked on massive identity campaigns to develop documentation that helps facilitate more equitable social benefit distribution and eliminate government waste and corruption. Governments all over the planet are increasingly evaluating and choosing to adopt biometric identification technology to boost security, eliminate fraud, and establish societal parity by ensuring that entitlements reach those for whom they were intended.
However, using biometrics for identification and authentication reaches far beyond tightening security and eliminating fraud and waste. As biometric deployments spill over into the commercial sector, companies are starting to leverage the technology’s power to encourage employee accountability, lower liabilities, increase efficiencies, and strengthen compliance. Biometric used in business vs. government deployments has fundamentally transformed the dimension of using the technology for security only to using it for convenience in addition to security and other concerns.
In order to achieve success in the new commercial landscape, biometric technology vendors who were once solely accustomed to government specs dictating the parameters and scope of a biometric identification project where end users (most often citizens) had no choice on what biometric modalities to use had to become experts at “human factor engineering” – that is, biometric tech vendors had to more closely study the intersection of people, technology, policy, and work across multiple domains using an interdisciplinary approach that drew from cognitive psychology, organizational psychology, human performance, industrial engineering, and economic theory to design and implement biometric systems that are acceptable and successful in a commercial environment.
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...Eswar Publications
The steady growth in electronic transactions has promoted the Automated Teller Machine (ATM) thereby making it the main transaction channel for carrying out financial transactions. However, this has also increased the amount of fraudulent activities carried out on Automated Teller Machines (ATMs) thereby calling for efficient security mechanisms and increasing the demand for fast and accurate user identification and
authentication in ATMs. This research analyses, designs and proposes a biometric authentication prototype for integrating fingerprint security with ATMs as an added layer of security. A fingerprint biometric technique was fused with personal identification numbers (PIN's) for authentication to ameliorate the security level. The prototype was simulated using a fingerprint scanner and Java Platform Enterprise Edition was used to develop an ATM application which was used to synchronize with a fingerprint scanner thereby providing a biometric authentication scheme for carrying out transactions on an ATM.
Technology that identifies you based on your physical or behavioral traits- for added security to confirm that you are who you claim to be.(this ppt is very dear to me as i have given a talk on this topic twice. this also fetched me and migmar first prize at deen dayal upadhyay college- converging vectors - an inter college presentation competition organized by arya bhata science forum)
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...hiij
While Financial Identity Theft (FIT) has been an ongoing threat to the safety of American society with its
horror and inconvenience, Medical Identity Theft (MIT) is now an additional risk on the horizon and there
are many perils associated with this burgeoning phenomenon. This paper will examine the physician
perceptions and look at the menacing burden that MIT places on its victims. It will also discuss ways in
which the provider can better address issues by using biometric technology to combat this escalating
problem. Also, MIT can be more damaging than FIT because it can create mayhem for the victim and his
or her medical information when erroneous details have been created in the medical record due to a thief’s
scheming and deceitful usage of healthcare information. The literature suggests that biometric technology
can revolutionize the healthcare industry with scientific tools that can scan your eye, hand or thumbprint
and a person can be easily identified. This technology would add another layer of security to give greater
protection to healthcare users as well as providers. Biometric technology is an exciting untapped resource
that can make an incredible difference in the field of healthcare and PHI. This project will shed some light
on this technology and may help the healthcare community understand the viability of biometrics and how
it can possibly deter MIT.
Biometric ATM are used for wide range of applications like for Banking, Coupons & Self service ATM. Biometrics ATM offer ATM type interface along with at-least one Biometrics capture device like Fingerprint Scanner, Iris camera, Palm/Finger Vein scanner , Face recognition camera. They are often called Multi-Biometrics ATM, Wall mount Biometrics ATM, Biometrics Devices / Machine.
Most of the ATM in the past have been using ID cards to identify users but with the wide acceptance of Biometrics , a new generation of Biometrics ATM are being deployed for wide range of applications worldwide.
Ceramic bearings are typically constructed with a ferrous inner and outer ring or race with ceramic balls in the place of steel. Ceramic bearings offer many advantages over all steel bearings, such as higher speed and acceleration capability, increased stiffness, lower friction and more. Ceramic balls are also nonconductive. Ceramic bearings are available in all standard industry configurations such as, angular bearings, thrust bearing, pillow block bearing, needle bearings, and roller bearings.
An emerging approach to the problem of identity theft is represented by
the adoption of biometric authentication systems. Such systems however present
several challenges, related to privacy, reliability and security of the biometric data.
Inter-operability is also required among the devices used for authentication. Moreover,
very often biometric authentication in itself is not sufficient as a conclusive
proof of identity and has to be complemented with multiple other proofs of identity
such as passwords, SSN, or other user identifiers. Multi-factor authentication mechanisms
are thus required to enforce strong authentication based on the biometric
and identifiers of other nature.
In this paper we propose a two-phase authentication mechanism for federated
identity management systems. The first phase consists of a two-factor biometric
authentication based on zero knowledge proofs. We employ techniques from the
vector-space model to generate cryptographic biometric keys. These keys are kept
secret, thus preserving the confidentiality of the biometric data, and at the same
time exploit the advantages of biometric authentication. The second phase combines
several authentication factors in conjunction with the biometric to provide a
strong authentication. A key advantage of our approach is that any unanticipated
combination of factors can be used. Such authentication system leverages the information
of the user that are available from the federated identity management
system.
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...Editor IJCATR
The need for fool proof authentication procedures away from traditional authentication mechanisms like passwords, security PINS has led to the advent of biometric authentication in information systems. Biometric data extracted from physiological features of a person including but not limited to fingerprints, palm prints, face or retina for purpose of verification & identification is saved as biometric templates. The inception of biometrics in access control systems has not been without its own hitches & like other systems it has its fair share of challenges. Biometric fingerprints being the most mature of all biometric spheres are the most widely adopted biometric authentication systems. Biometric systems effectiveness lies on how secure they are at preventing inadvertent disclosure of biometric templates in an information system‟s archive. This however has not been the case as biometric templates have been fraudulently accessed to gain unauthorized access in identification and verification systems. In order to achieve strong and secure biometric systems, biometric systems developers need to build biometric systems that properly secure biometric templates. Several biometric template protection schemes and approaches have been proposed and used to safeguard stored biometric templates. Despite there being various biometric template protection schemes and approaches in existence, none of them has provided the most authentic, reliable, efficient and deterrent means to totally secure biometric fingerprint templates. This research sought to establish status of the current biometric template protection techniques and methods by conducting a survey and analyzing data gathered from a sample of seventy-eight (78) respondents. We will report these results and give our conclusion based on findings of the survey in this paper.
Efficient and secure authentication on remote server using stegno video objec...pradip patel
Due to the present increase in world population, people in this world tend to occupy available locations present in any zone which also include zones falling in the high seismic zone categories. The buildings constructed in such zones must be analysed and designed to withstand these earthquakes, along with the cost economy. Bracing systems is very efficient and unyielding lateral load resisting system. Bracing systems serves as one of the component in buildings for increasing stiffness and strength to guard buildings from incidence caused by natural forces like earthquake. Braced frames widen their resistance to lateral forces by the bracing action of inclined members. The braces stimulate forces in the associated beams and columns so that all works like a truss which results in smaller sizes of beam and column sections that turns out to be economical. In this study, G+14 storey building model has been analysed considering “Inverted V” and “V” type RCC bracing system and steel bracing system under seismic loadings using STADD PRO for analysis. Results are concluded by comparison of storey displacement, storey drift and base shear for fixed base building
Role Of Biometric Security- Bahaa Abdul Hadi.pdfBahaa Abdulhadi
Bahaa Abdul Hadi is an Identity Management expert and regularly shares his experiences with his audience through his blogs.
Biometric systems can be used to protect our data as well as our wallets. Its ease of inclusion and the difficulty of forging the credentials employed by biometric technology makes it one of the most sensible security options currently available. As consumer use of the IoT rises, biometric technology is being used more frequently.
What Is Biometric Authentication? A Complete Overview | Enterprise WiredEnterprise Wired
This article explores the intricacies of biometric authentication, its diverse applications, the underlying technologies, and the potential it holds in revolutionizing the landscape of digital security.
With the growth of technology their grows threat to our data which is just secured by passwords so to make it more secure biometrics came into existence. As biometric systems are adopted and accepted for security purpose for various information and security systems. Hence it is immune to attacks. This paper deals with the security of biometric details of individuals. In this paper we will be discussing about biometrics and its types and the threats and security issues which is not talked about usually. The different technologies evolved and had contributed to biometrics in long run and their effects. Sushmita Raulo | Saurabh Gawade "Security Issues Related to Biometrics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-5 , August 2021, URL: https://www.ijtsrd.com/papers/ijtsrd44951.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/44951/security-issues-related-to-biometrics/sushmita-raulo
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...ijtsrd
Existing blockchain based identity systems are analyzed under the context of the university identity management requirements. The private or consortium blockchain is more suitable for identity system which will be used for university. The transparency of public blockchains raises some concerns for privacy and confidentiality. The most important issue is that the volume of the data generated can be very large exceeding the practical storage capabilities of the current blockchain usages. The existing identity systems are not well fixed with the university identity management system really needs, especially they remain needing the relevant issue of effective consent revocation. The append only storage of blockchain can be a barrier for implementing the revocability of consent. Some private blockchain based system has the potential vendor lock in effects. Thus, hybrid identity system is suggested for university identity management. Kyaw Soe Moe | Mya Mya Thwe "Investigation of Blockchain Based Identity System for Privacy Preserving University Identity Management System" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28095.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/28095/investigation-of-blockchain-based-identity-system-for-privacy-preserving-university-identity-management-system/kyaw-soe-moe
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
1. Page 1
A Seminar Report
On
BLIND AUTHENTICATION:A SECURE CRYPTO-
BIOMETRIC AUTHENTICATION PROTOCOL
Submitted in partial fulfillment of the
Requirement for the award of the degree
Of
Master of Computer Applications
By
PRANJUL MISHRA
ROLL NO: 2014024132
M.C.A. 2nd
YEAR
Session: 2015-16
Under the Guidance of
Mr. M. Hasan
Department of Computer Science and Engineering
Madan Mohan Malaviya University of Technology, Gorakhpur-273010
2. Page 2
PREFACE
I have made this report file on the topic BLIND AUTHENTICATION: A SECURE
CRYPTO-BIOMETRIC AUTHENTICATION PROTOCOL
I have tried my best to elucidate all the relevant detail to the topic to be included in the report.
While in the beginning I have tried to give a general view about this topic.
My efforts and wholehearted co-corporation of each and every one has ended on
a successful note. I express my sincere gratitude to Mr. M. Hasan, who assisting me
throughout the preparation of this topic. I thank him for providing me the reinforcement,
confidence and most importantly the track for the topic whenever I needed it.
We are thankful to Dr.Udai Shankar Head of department, Department of Computer
Science & Engineering for providing us department labs and terminals for our Seminar and other
teachers Department of Computer Science & Engineering for their friendly treatment and
cooperation in the valuable advice and suggestion.
3. Page 3
SR TOPIC PAGE
NO.
1 Abstract 3
2 Introduction 4
3 Introduction to biometric 6
4 Primary concern in biometric
System
9
5 Related work 10
6 Blind authentication Process 15
7 Features of blind authentication 20
8 Advantages of blind
authentication
23
9 Conclusion 24
10 Refrences 25
4. Page 4
ABSTRACT:
Biometric authentication systems are primarily centered around
template security , revocability and privacy . The use of
cryptographic primitives to bolster the authentication process
can alleviate some of these concerns as shown by biometric
cryptosystems.
we propose a provably secure and blind biometric authentication
protocol, which addresses the concerns of user’s privacy,
template
protection, and trust issues. The protocol is blind in the sense
that it reveals only the identity, and no additional information
about the user or the biometric to the authenticating server or
vice-versa. As the protocol is based on asymmetric encryption
of the biometric data, it captures the advantages of biometric
authentication as well as the security of public key
cryptography.
The authentication protocol can run over public networks and
provide non-repudiable identity verification. The encryption also
provides template protection, the ability to revoke enrolled
templates, and alleviates the concerns on privacy in widespread
use of biometrics.
5. Page 5
INTRODUCTION:
BIOMETRIC authentication systems are gaining widespread popularity in recent
years due to the advances in sensortechnologies as well as improvements in the
matching algorithms that make the systems both secure and costeffective.They are
ideally suited for both high security and remote authentication applications due to
the non-repudiable nature and user convenience. Most biometric systems assume
that the template in the system is secure due to human supervision (e.g.,
immigration checks and criminal database search) or physical protection (e.g.,
laptop locks and doorlocks). However, a variety of applications of authentication
need to work over a partially secure or insecure networks such as an ATM
networks or the Internet. Authentication over insecure public networks or with
untrusted servers raises more concerns in privacy and security. The primary
concern is related to the security of the plain biometric templates, which cannot be
replaced, once they are compromised .The privacy concerns arise from the fact that
the biometric samples reveal more information about its owner (medical,food
habits, etc.) in addition to the identity. Widespread use of biometric authentication
also raises concerns of tracking a person, as every activity that requires
authentication can be uniquely assigned to an individual.
To clarify our problem let us consider the following usage
scenario:
“Alice wants to create an accountin Bobmail, that requires biometrics based
authentication. However, she neither trusts Bob to handleher biometric data
securely, nor trusts the network to send her plain biometric.”
The primary problem here is that, for Alice, Bob could either be incompetent to
secure her biometric or even curious to try and gain access to her biometric data,
while the authentication is going on. So Alice does not want to give her biometric
data in plain to Bob. On the other hand, Bob does not trust the client as she could
be an impostor. She could also repudiate her access to the service at a later time.
For bothparties, the network is insecure. A biometric system that can work
securely and reliably under such circumstances can have a multitude of
applications varying from accessing remote servers to e-shopping over the Internet.
6. Page 6
Introduction to biometric :
A biometric is a physiological or behavioral characteristic of a human being that
can distinguish one personfrom another and that theoretically can be used for
identification or verification of identity.
7. Page 7
Comparisonof BiometricSystem:
Physiologicalbiometric:
1.Fingerprint Recognition:
a) No two persons share the same fingerprints
b) Wet, dry, or dirty skin may create problems
2. Face Recognition
a) One of the most acceptable biometrics
b) Not accurate and dependable
3. Hand Geometry
a) Include length and width of fingers, different aspect
ratios of palm and fingers, thickness and width of the palm etc.
b) Existing hand geometry systems mostly use images of the hand
4.Iris Recognition
a) Reliable and accurate
b) Believed to be unique in every individual
c) Not work for people who are missing both eyes or who have serious
eye illnesses that affect the iris.
8. Page 8
BEHAVIORAL BIOMETRICS:
1. Signature
a) High degree of acceptance
b) Signatures lack permanence
c) Static signature verification systems & Dynamic signature
verification systems
2. Voice
a) Depend on numerous characteristics of a human voice to identify
the speaker
b) Does not require expensive input devices
c) Issues- may skillfully imitate others' voices, record and replay attacks
9. Page 9
Primary concerns in biometric authentication System:
a) Template protection:
As a biometric do not change over time, one cannot
revoke an enrolled plain biometric. Hence, critical information could
be revealed if the server’s biometric template database is compromised.
b) User’s privacy:
i) The activities of a person could be tracked, as the
biometric is unique to a person
ii) Certain biometrics may reveal personal information about a user (e.g., medical
or food habits), in addition to identity.
c)Trust between user and server:
In widespread use, all authenticatingservers may not be competent or trustworthy
to securely handle a user’s plain biometric, while a remote user cannot be reliably
identified without biometric information.
d) Network security:
As the authentication is done over an insecure
network, anyone snooping the network could gain access to the biometric
information being transmitted.
10. Page 10
Relatedwork:
The previous work in the area of encryption based security of biometric templates
tend to model the problem as that of building a classification system that separates
the genuine and impostor samples in the encrypted domain . However a strong
encryption mechanism destroys any pattern in the data, which adversely affects the
accuracy of verification. Hence, any such matching mechanism necessarily makes
a compromise between template security (strong encryption) and accuracy
(retaining patterns in the data). The primary difference in our approachis that we
are able to design the classifier in the plain feature space, which allows us t
maintain the performance of the biometric itself, while carrying out the
authentication on data with strong encryption, which provides high
security/privacy .
Over the years a number of attempts have been made to address the problem of
template protection and privacy concerns and despite all efforts, as A.K. Jain et al.
puts it, a templateprotection scheme with provable security and acceptable
recognition performance hasthus far remained elusive. In this section, we will
look at the existing work in light of this security-accuracy dilemma, and
understand how this can be overcome by communication between the
authenticating server and the client.
11. Page 11
The previous work in area of encryption based security of biometric templates
tends to model the problem as that of building a classification system that separates
the genuine and impostor samples in the encrypted domain. However, a strong
encryption mechanism destroys any pattern in the data , which adversely affects
the accuracy of verification . Hence any such matching mechanism necessarily
makes a compromise between templates security and accuracy. The primary
difference in our approachis that we are able to design a classifier in the plane
feature space, which allows us to maintain the performance of the biometric itself
,while carrying out the authentication on data with strong encryption ,which
provides high security /privacy. Over a years a number of attempts have been made
to address the problem of templates protection and privacy concerns and despite all
efforts ,puts it ,”a template protection scheme with provable security and
acceptable recognition performance has thus far remind elusive “.
In the section, we will look at the existing work in light of this security -accuracy
and understand how this can be overcome by communication between
authenticating server and the client.
12. Page 12
Salting:
The first class of feature transformation approaches knownas Salting offers
security using a transformation functionseeded by a user specific key. The strength
of the approachlies in the strength of the key. A classifier is then designed in the
encrypted feature space. Although the standard cryptographic encryption such as
AES or RSA offers secure transformation functions, they cannot be used in this
case. The inherent property of dissimilarity between two instances of the biometric
trait from the same person, leads to large differences in their encrypted versions.
This leads to a restriction on the possible functions that can be used and in salting,
resulting in a compromise made between security and the performance. Some of
the popular salting based approaches are biohashing and salting for face template
protection . Moreover, salting based solutions are usually specific to a biometric
trait, and in general do not offer well defined security. Kong et al. do a detailed
analysis of the current biohashing based biometric approaches . They conclude that
the zero EER reported by many papers is obtained in carefully set experimental
conditions and unrealistic under assumptions from a practical view point.
The second category of approaches identified as Noninvertible transform applies a
trait specific non-invertible function on the biometric template so as to secure it.
The parameters of the transformation function are defined by a key which
must be available at the time of authentication to transform the query feature set.
Some of the popular approaches that fall into this category are RobustHashing and
Cancelable Templates Cancelable templates allows one to replace a leaked
template, while reducing the amount of information revealed through the leak, thus
addressing some of the privacy concerns. However, suchmethods are often
biometric specific and do not make any guarantees on preservation of privacy ,
especially when the server is not trusted. Methods to detect tampering of the
enrolled templates help in improving the security of the overall system.
Boult et al. extended the above approachto stronger encryption, and proposedan
encrypted minutia representation and matching scheme of fingerprints. The
position information of a minutia is divided into a stable integer part and
a variable increment. A Biotoken consists of the encrypted integer part and the
increment information in plain. A specific matching algorithm was proposed to
match the biotokens for verification. The approachprovides provable template
security as a strong encryption is used. Moreover, the matching is efficient, and is
shown to even improve the matching accuracy. However, the primary fact that
encryption is applied to part of the data, which itself is quantized, may mean some
amount of compromise between security and accuracy. An extension to the above
work based on re-encoding methodology for revocable biotokens is proposedby
13. Page 13
the authors . In this method, the computed biotoken is re-encoded using a series of
unique new transformation functions to generate a Bipartite Biotoken. For every
authentication, the server computes a new bipartite biotoken, which is to be
matched by the client against the biotoken generated by him. The method
significantly enhances the template security as compared to the original protocol.
Moreover, as bipartite biotoken is different for each authentication request, replay
attacks are not possible. However, in the current form, the base biotoken is
available (in plain) with the server, and if the biotoken database is compromised, a
hacker can gain access to all the users’accounts until the biotokens are replaced.
The method aims at securing the actual biometric template, which cannot be
recovered from a secure biotoken.
The third and fourth classes are both variations of Biometric cryptosystems. They
try to integrate the advantages of both biometrics and cryptography to enhance
the overall security and privacy of an authentication system. Such systems are
primarily aimed at using the biometric as a protection for a secret key (Key
Binding approach or use the biometric data to directly generate a secret key (Key
Generation approach). The authentication is done using the key,which is
unlocked/generated by the biometric. Such systems can operate in two modes in
the case of remote authentication.
In the first case, the key is unlocked/generated at the client end,which is sent to the
server for authentication, which will ensure security of the template, and provide
user privacy. However, this would become a key based authentication scheme and
would lose the primary advantage of biometric authentication, which is its non-
repudiable nature. In the second case, the plain biometric needs to be transmitted
from the user to the server, both during enrollment and during authentication. This
inherently leaks more information about the user than just the identity, and the
users need to trust the server to maintain their privacy. Moreover, authenticating
over an insecure network makes the plain biometric vulnerable to spoofing attacks
.
Biometric cryptosystem:
Biometric cryptosystems based approaches such as FuzzyVault and Fuzzy
extractor in their true form lack diversity and revocability. According to Dr. Jain a
performance degradation usually takes place as the matching is done using error
correction schemes. This precludes the use of sophisticated matchers developed
specifically for matching the original biometric template. Biometric cryptosystems,
14. Page 14
along with salting based approaches introduce diversity and revocability in them.
Moreover, Walter demonstrated a method for recovering the plain biometric from
two or more independent secrets secured using the same biometric.
Demerits of Existing process:
*.) less privacy:
*.) less security
*.) difficult to perform verification
15. Page 15
Blind Authenticationprocess:
blind biometric authentication protocol, which addresses the concerns of user’s
privacy, template protection, and trust issues. The protocolis blind in the sense that
it reveals only the identity, and no additional information about the user or the
biometric to the authenticating server .
Blind authentication is able to achieve both strong encryption based encryption
based security as well as accuracy of a powerful classifiers such as supportvector
machines and neural networks.
Blind Authentication addresses all the concerns--
1) The ability to use strong encryption addresses template
Protection issues as well as privacy concerns.
2) Non- repudiable authentication can be carried out even
Between non-trusting client and server using a trusted
Third party solution.
3) It provides provable protection against replay and client side
attacks even if the keys of the user are compromised.
4) As the enrolled templates are encrypted using a key,
one can replace any compromised template, providing
revocability, while allaying concerns of being tracked.
16. Page 16
1.) FeatureExtraction
In the first module is for feature extraction. From the biometric trait the
essential feature is extracted. For this feature extraction we are using
HILDITCH THINNING algorithm.
2.)Enrollment:
In the previous section, we assumed that server has copies of the clients public key,
E, as well as the classifier parameters that are encrypted using that key, E(ωi).
These were sent to the server during the enrollment phase by a trusted enrollment
server. Assuming a third party as the enrollment server gives us a flexible model,
where the enrollment could also be done by the client or the server if the trust
allows. During the enrollment, the client sends samples of her biometric to the
enrollment server, who trains a classifier for the user. The trained parameters are
encrypted and sent to the authentication server, and a notification is sent back to
the client. Figures gives an overview of the enrollment process. The biometric
samples sent by the client to the enrollment server could be digitally signed by the
client and encrypted using the servers public key to protect it.
”’Enroplmentbased on a trusted third party’’’
The use of a third party for enrollment also allows for longterm learning by the
enrollment server over a large numberof enrollments, thus improving the quality of
the trainedclassifier. Algorithm 2 gives a step-by-step description of the enrollment
process. Notethat the only information that is passed from the enrollment server to
17. Page 17
the authentication server is the users identity, her public key, the encrypted
versions of the parameters, and a threshold value.
Algorithm Enrolment:
1: Client collects multiple sample of her biometric, B1..k
2: Feature vectors, xi, are computed from each sample
3: Client sends xi, along with her identity and public key,
E, to the enrollment server
4: Enrollment server uses xi and the information from other
users to compute an authenticating classifier (ω, τ) for the
user
5: The classifier parameters are encrypted using the users
public key: E(ωi)
6: E(ωi)s, along with the user’s identity, the encryption key
(E), and the threshold (τ), are sent to the authentication
server for registration
7: The client is then notified about success
18. Page 18
3.)Authentication:
To perform authentication ,the client locks the biometric test sample using her
public key and sends the locked ID to the server .the server computes the products
of the locked ID with the locked classifier parameters and randomizes products are
sent back to the client .
During the second round,the client unlocks the randomized sum is sent to the
server . The server derandomizes the sum to obtain the final result ,which is
compared with a threshold for authentication.
19. Page 19
Algorithm Authentication
1: Client computes feature vector, x1..n, from test data
2: Each feature xi is encrypted (E(xi)) and sent to server
3: Server computes kn+k random numbers, rji and λj , such
that, ∀i,
k
Xj=1
λj rji = 1
4: Server computes E(ωi xi rji) = E(ωi) E(xi) E(rji)
5: The kn products thus generated are sent to the client
6: The client decrypts the products to obtain: ωi xi rji
7: Client returns Sj =
n
Xi=1
ωi xi rji to the server
8: Server computes S =
k
Xj=1
λj Sj
9: if S > τ then
10: return Accepted to the client
11: else
12: return Rejected to the client
13: end if
20. Page 20
Features of Blind Authentication:
Security of the system refers to the ability of the system to With stand attacks from
outside to gain illegal access or deny access to legitimate users. Since we are
dealing with insecure networks, we are primarily concerned with the former.
Security is hence a function of the specific biometric used as well as the overall
design of the system. In terms of information revealed, security is related to the
amount of information that is revealed to an attacker that would enable him to gain
illegal access.
Privacy on the other hand is related to the amount of user information that is
revealed to the server. Ideally, one would like to reveal only the identity and no
additional information. Most of the current systems provide very little privacy, and
hence demands trust between the user and the server. An ideal biometric system
would ensure privacy and hence need not demand any trust, thus making it
applicable in a large set of applications. We now take a closer look at the security
and privacy aspects of the proposed system.
1.System Security:
Biometric systems are known to be more secure as compared to passwords or
tokens, as they are difficult to reproduce. As the authentication process in the
proposedsystem is directly based on biometrics we gain all the advantages of a
generic biometric system. The security is further enhanced by the fact that an
attacker needs to get access to both the user’s biometric as well as her private key
to be able to poseas an enrolled user.
1.1) Server Security:
We analyze the security at the server end using two possibleattacks on the server:
Case 1:Hacker gainsaccess to the template database. In this case, all the
templates (or classifier parameters) in the server are encrypted using the public key
of the respective clients. Hence gaining access to each template is as hard as
cracking the public key encryption algorithm. Moreover, if by any chance a
template is suspected to be broken, one could create another one from a new
public-private key pair.
As the encryption’s are different, the templates would also be different. Brute-force
cracking is practically impossible if one uses a probabilistic encryption scheme,
even for limited-range data.
21. Page 21
Case 2:Hacker is in the databaseserver during the
authentication. In such a situation, the hacker can try to extract
information from his entire “view” of the protocol.
1.2) Client Security:
At the client side, we will consider the following attack scenarios:
Case 1:Hacker gainsaccess to the user’s biometric or
private key.
Our protocolcaptures the advantages of both the biometric authentication as well
as the security of the PKC. If the attacker gets hold of the user’s biometric from
external sources, he would also need the private key of the user to be able to use it.
If only the private key of a user is revealed, the security for the effected individual
falls back to that of using the plain biometric. Note that in practice, the private key
is secured by storing it in a smart card, or in the computer using a fuzzy vault. In
short, an impostor need to gain access to boththe private key and the biometric to
poseas a user. Even in this case, only a single user will be affected, and replacing
the lost key would prevent any further damages. In practice, periodic replacement
of the private key is advisable as in any PKC-based system.
Case 2:Passive attack at the user’s computer. In this case, the hacker is present in
the user’s computer during the login process. As the private key can be secured
in a hardware which performs the encryption, the hacker will not have direct
access to the private key. In other words, he will only learn the intermediate values
of the computations.
The hackers view will consist of kn quadratic congruences:
yirji, i ∈ [1, n], j ∈ [1, k]
He further knows that there exists kλ is that satisfy n congruences:
Pj λjrji%N = 1.
Thus he has kn + n quadratic congruences in kn + n + k variables. Results in an
effort equivalent to a brute force attack. However if the hacker can stay in the
user’s computer over multiple authentications, then at some point of time, he
will have sufficient number of congruences to solve for y Note that y is does not
reveal any useful information about the classifier. Moreover, any partial
information gained is of no use as an authentication cannot be performed without
access to the private key.
22. Page 22
1.3) Network Security: An insecure network is snooping attacks. Let us
consider the following attack scenarios:
Attacker gainsaccess to the network. An attacke who may have control over the
insecure network can watch the traffic on the network, as well as modify it. The
confidentiality of the data flow over the network can be ensured using the standard
cryptographic methods like symmetric ciphers and digital signatures. Furthermore,
all the traffic on the network are encrypted either using the clients public key or
using the random numbers generated by the server. Hence, even if successfully
snooped upon, the attacker will not be able to decipher any information. A replay
attack is also not possible as the data communicated during the second round of
communication is dependent on the random numbers generated by the server.
2. Privacy:
Privacy, as noted before deals with the amount of user information that is revealed
to the server, during the process ofenrollment and authentication. We noted that
there are two aspects of privacy to be dealt with:
2.1) Concern of revealing personal information: As the template or test biometric
sample is never revealed to the server, the user need not worry that the use of
biometrics might divulge any personal information other than her identity.
2.2) Concern of being tracked: One can use different keys for different
applications (servers) and hence avoid being tracked across uses. In fact, even the
choice biometric or real identity of the user itself is known only to the enrolling
server. The authenticating server knows only the user ID communicated by the
enrollment server and the biometric is obtained in the form of an encrypted
feature vector. As the user and server need not trust each other, the framework is
applicable to a variety of remote and on-site identity verification tasks. Moreover,
we note that there is no delegation of trust by the server to a program or hardware
at the user’s end, thus making it applicable to a variety of usage scenarios.
23. Page 23
ADVANTAGES OF BLIND AUTHENTICATION
Fast and Provably Secure authentication without
trading off accuracy.
Supports generic classifiers such as Neural Network
and SVMs.
Useful with wide variety of fixed-length biometrictraits.
Ideal for applications such as biometric ATMs, login
from public terminals.
24. Page 24
CONCLUSION :
The primary advantage of the proposed approachis that are able to achieve
classification of a strongly encrypted feature vector using generic classifiers such
as Neural Networks and SVMs. In fact, the authentication server need not know
the specific biometric trait that is used by a particular user, which can even vary
across users. Once a trusted enrollment server encrypts the classifier parameters for
a specific biometric of a person, the authentication server is verifying the identity
of a user with respectto that encryption. The real identity of the person is hence
not revealed to the server, making the protocol, completely blind. This allows one
to revoke enrolled templates by changing the encryption key, as well as use
multiple keys across different servers to avoid being tracked, thus leading to better
privacy.
The proposedblind authentication is extremely secure under a variety of attacks
and can be used with a wide variety of biometric traits. Protocols are designed to
keep the interaction between the user and the server to a minimum with no resort to
computationally expensive protocols. As the
verification can be done in real-time with the help of available hardware, the
approachis practical in many applications. The use of smart cards to hold
encryption keys enables applications such as biometric ATMs and access of
services from public terminals. Possible extensions to this work includes secure
enrollment protocols and encryption methods to reduce computations. Efficient
methods to do dynamic warping based
matching of variable length feature vectors can further enhance
the utility of the approach.