SlideShare a Scribd company logo

Final report

Download as DOCX, PDF
Pranjul Mishra
Pranjul Mishra

This document provides an overview of blind authentication, a secure crypto-biometric authentication protocol. It begins with an introduction discussing the primary concerns with biometric authentication systems, such as template protection, user privacy, trust issues between users and servers, and network security. It then reviews related work on addressing these concerns. The document proceeds to explain the blind authentication process, which involves feature extraction, enrollment with a trusted third party, and authentication between a user and server. Features of blind authentication include strong encryption for template protection and privacy while maintaining authentication accuracy. Advantages are template security, non-repudiation, and revocability.

Engineering
1 of 25
Page 1 A Seminar Report On BLIND AUTHENTICATION:A SECURE CRYPTO- BIOMETRIC AUTHENTICATION PROTOCOL Submitted in partial fulfillment of the Requirement for the award of the degree Of Master of Computer Applications By PRANJUL MISHRA ROLL NO: 2014024132 M.C.A. 2nd YEAR Session: 2015-16 Under the Guidance of Mr. M. Hasan Department of Computer Science and Engineering Madan Mohan Malaviya University of Technology, Gorakhpur-273010
Page 2 PREFACE I have made this report file on the topic BLIND AUTHENTICATION: A SECURE CRYPTO-BIOMETRIC AUTHENTICATION PROTOCOL I have tried my best to elucidate all the relevant detail to the topic to be included in the report. While in the beginning I have tried to give a general view about this topic. My efforts and wholehearted co-corporation of each and every one has ended on a successful note. I express my sincere gratitude to Mr. M. Hasan, who assisting me throughout the preparation of this topic. I thank him for providing me the reinforcement, confidence and most importantly the track for the topic whenever I needed it. We are thankful to Dr.Udai Shankar Head of department, Department of Computer Science & Engineering for providing us department labs and terminals for our Seminar and other teachers Department of Computer Science & Engineering for their friendly treatment and cooperation in the valuable advice and suggestion.
Page 3 SR TOPIC PAGE NO. 1 Abstract 3 2 Introduction 4 3 Introduction to biometric 6 4 Primary concern in biometric System 9 5 Related work 10 6 Blind authentication Process 15 7 Features of blind authentication 20 8 Advantages of blind authentication 23 9 Conclusion 24 10 Refrences 25
Page 4 ABSTRACT: Biometric authentication systems are primarily centered around template security , revocability and privacy . The use of cryptographic primitives to bolster the authentication process can alleviate some of these concerns as shown by biometric cryptosystems. we propose a provably secure and blind biometric authentication protocol, which addresses the concerns of user’s privacy, template protection, and trust issues. The protocol is blind in the sense that it reveals only the identity, and no additional information about the user or the biometric to the authenticating server or vice-versa. As the protocol is based on asymmetric encryption of the biometric data, it captures the advantages of biometric authentication as well as the security of public key cryptography. The authentication protocol can run over public networks and provide non-repudiable identity verification. The encryption also provides template protection, the ability to revoke enrolled templates, and alleviates the concerns on privacy in widespread use of biometrics.
Page 5 INTRODUCTION: BIOMETRIC authentication systems are gaining widespread popularity in recent years due to the advances in sensortechnologies as well as improvements in the matching algorithms that make the systems both secure and costeffective.They are ideally suited for both high security and remote authentication applications due to the non-repudiable nature and user convenience. Most biometric systems assume that the template in the system is secure due to human supervision (e.g., immigration checks and criminal database search) or physical protection (e.g., laptop locks and doorlocks). However, a variety of applications of authentication need to work over a partially secure or insecure networks such as an ATM networks or the Internet. Authentication over insecure public networks or with untrusted servers raises more concerns in privacy and security. The primary concern is related to the security of the plain biometric templates, which cannot be replaced, once they are compromised .The privacy concerns arise from the fact that the biometric samples reveal more information about its owner (medical,food habits, etc.) in addition to the identity. Widespread use of biometric authentication also raises concerns of tracking a person, as every activity that requires authentication can be uniquely assigned to an individual. To clarify our problem let us consider the following usage scenario: “Alice wants to create an accountin Bobmail, that requires biometrics based authentication. However, she neither trusts Bob to handleher biometric data securely, nor trusts the network to send her plain biometric.” The primary problem here is that, for Alice, Bob could either be incompetent to secure her biometric or even curious to try and gain access to her biometric data, while the authentication is going on. So Alice does not want to give her biometric data in plain to Bob. On the other hand, Bob does not trust the client as she could be an impostor. She could also repudiate her access to the service at a later time. For bothparties, the network is insecure. A biometric system that can work securely and reliably under such circumstances can have a multitude of applications varying from accessing remote servers to e-shopping over the Internet.
Page 6 Introduction to biometric : A biometric is a physiological or behavioral characteristic of a human being that can distinguish one personfrom another and that theoretically can be used for identification or verification of identity.
Page 7 Comparisonof BiometricSystem: Physiologicalbiometric: 1.Fingerprint Recognition: a) No two persons share the same fingerprints b) Wet, dry, or dirty skin may create problems 2. Face Recognition a) One of the most acceptable biometrics b) Not accurate and dependable 3. Hand Geometry a) Include length and width of fingers, different aspect ratios of palm and fingers, thickness and width of the palm etc. b) Existing hand geometry systems mostly use images of the hand 4.Iris Recognition a) Reliable and accurate b) Believed to be unique in every individual c) Not work for people who are missing both eyes or who have serious eye illnesses that affect the iris.
Page 8 BEHAVIORAL BIOMETRICS: 1. Signature a) High degree of acceptance b) Signatures lack permanence c) Static signature verification systems & Dynamic signature verification systems 2. Voice a) Depend on numerous characteristics of a human voice to identify the speaker b) Does not require expensive input devices c) Issues- may skillfully imitate others' voices, record and replay attacks
Page 9 Primary concerns in biometric authentication System: a) Template protection: As a biometric do not change over time, one cannot revoke an enrolled plain biometric. Hence, critical information could be revealed if the server’s biometric template database is compromised. b) User’s privacy: i) The activities of a person could be tracked, as the biometric is unique to a person ii) Certain biometrics may reveal personal information about a user (e.g., medical or food habits), in addition to identity. c)Trust between user and server: In widespread use, all authenticatingservers may not be competent or trustworthy to securely handle a user’s plain biometric, while a remote user cannot be reliably identified without biometric information. d) Network security: As the authentication is done over an insecure network, anyone snooping the network could gain access to the biometric information being transmitted.
Page 10 Relatedwork: The previous work in the area of encryption based security of biometric templates tend to model the problem as that of building a classification system that separates the genuine and impostor samples in the encrypted domain . However a strong encryption mechanism destroys any pattern in the data, which adversely affects the accuracy of verification. Hence, any such matching mechanism necessarily makes a compromise between template security (strong encryption) and accuracy (retaining patterns in the data). The primary difference in our approachis that we are able to design the classifier in the plain feature space, which allows us t maintain the performance of the biometric itself, while carrying out the authentication on data with strong encryption, which provides high security/privacy . Over the years a number of attempts have been made to address the problem of template protection and privacy concerns and despite all efforts, as A.K. Jain et al. puts it, a templateprotection scheme with provable security and acceptable recognition performance hasthus far remained elusive. In this section, we will look at the existing work in light of this security-accuracy dilemma, and understand how this can be overcome by communication between the authenticating server and the client.
Page 11 The previous work in area of encryption based security of biometric templates tends to model the problem as that of building a classification system that separates the genuine and impostor samples in the encrypted domain. However, a strong encryption mechanism destroys any pattern in the data , which adversely affects the accuracy of verification . Hence any such matching mechanism necessarily makes a compromise between templates security and accuracy. The primary difference in our approachis that we are able to design a classifier in the plane feature space, which allows us to maintain the performance of the biometric itself ,while carrying out the authentication on data with strong encryption ,which provides high security /privacy. Over a years a number of attempts have been made to address the problem of templates protection and privacy concerns and despite all efforts ,puts it ,”a template protection scheme with provable security and acceptable recognition performance has thus far remind elusive “. In the section, we will look at the existing work in light of this security -accuracy and understand how this can be overcome by communication between authenticating server and the client.
Page 12 Salting: The first class of feature transformation approaches knownas Salting offers security using a transformation functionseeded by a user specific key. The strength of the approachlies in the strength of the key. A classifier is then designed in the encrypted feature space. Although the standard cryptographic encryption such as AES or RSA offers secure transformation functions, they cannot be used in this case. The inherent property of dissimilarity between two instances of the biometric trait from the same person, leads to large differences in their encrypted versions. This leads to a restriction on the possible functions that can be used and in salting, resulting in a compromise made between security and the performance. Some of the popular salting based approaches are biohashing and salting for face template protection . Moreover, salting based solutions are usually specific to a biometric trait, and in general do not offer well defined security. Kong et al. do a detailed analysis of the current biohashing based biometric approaches . They conclude that the zero EER reported by many papers is obtained in carefully set experimental conditions and unrealistic under assumptions from a practical view point. The second category of approaches identified as Noninvertible transform applies a trait specific non-invertible function on the biometric template so as to secure it. The parameters of the transformation function are defined by a key which must be available at the time of authentication to transform the query feature set. Some of the popular approaches that fall into this category are RobustHashing and Cancelable Templates Cancelable templates allows one to replace a leaked template, while reducing the amount of information revealed through the leak, thus addressing some of the privacy concerns. However, suchmethods are often biometric specific and do not make any guarantees on preservation of privacy , especially when the server is not trusted. Methods to detect tampering of the enrolled templates help in improving the security of the overall system. Boult et al. extended the above approachto stronger encryption, and proposedan encrypted minutia representation and matching scheme of fingerprints. The position information of a minutia is divided into a stable integer part and a variable increment. A Biotoken consists of the encrypted integer part and the increment information in plain. A specific matching algorithm was proposed to match the biotokens for verification. The approachprovides provable template security as a strong encryption is used. Moreover, the matching is efficient, and is shown to even improve the matching accuracy. However, the primary fact that encryption is applied to part of the data, which itself is quantized, may mean some amount of compromise between security and accuracy. An extension to the above work based on re-encoding methodology for revocable biotokens is proposedby
Page 13 the authors . In this method, the computed biotoken is re-encoded using a series of unique new transformation functions to generate a Bipartite Biotoken. For every authentication, the server computes a new bipartite biotoken, which is to be matched by the client against the biotoken generated by him. The method significantly enhances the template security as compared to the original protocol. Moreover, as bipartite biotoken is different for each authentication request, replay attacks are not possible. However, in the current form, the base biotoken is available (in plain) with the server, and if the biotoken database is compromised, a hacker can gain access to all the users’accounts until the biotokens are replaced. The method aims at securing the actual biometric template, which cannot be recovered from a secure biotoken. The third and fourth classes are both variations of Biometric cryptosystems. They try to integrate the advantages of both biometrics and cryptography to enhance the overall security and privacy of an authentication system. Such systems are primarily aimed at using the biometric as a protection for a secret key (Key Binding approach or use the biometric data to directly generate a secret key (Key Generation approach). The authentication is done using the key,which is unlocked/generated by the biometric. Such systems can operate in two modes in the case of remote authentication. In the first case, the key is unlocked/generated at the client end,which is sent to the server for authentication, which will ensure security of the template, and provide user privacy. However, this would become a key based authentication scheme and would lose the primary advantage of biometric authentication, which is its non- repudiable nature. In the second case, the plain biometric needs to be transmitted from the user to the server, both during enrollment and during authentication. This inherently leaks more information about the user than just the identity, and the users need to trust the server to maintain their privacy. Moreover, authenticating over an insecure network makes the plain biometric vulnerable to spoofing attacks . Biometric cryptosystem: Biometric cryptosystems based approaches such as FuzzyVault and Fuzzy extractor in their true form lack diversity and revocability. According to Dr. Jain a performance degradation usually takes place as the matching is done using error correction schemes. This precludes the use of sophisticated matchers developed specifically for matching the original biometric template. Biometric cryptosystems,
Page 14 along with salting based approaches introduce diversity and revocability in them. Moreover, Walter demonstrated a method for recovering the plain biometric from two or more independent secrets secured using the same biometric. Demerits of Existing process: *.) less privacy: *.) less security *.) difficult to perform verification
Page 15 Blind Authenticationprocess: blind biometric authentication protocol, which addresses the concerns of user’s privacy, template protection, and trust issues. The protocolis blind in the sense that it reveals only the identity, and no additional information about the user or the biometric to the authenticating server . Blind authentication is able to achieve both strong encryption based encryption based security as well as accuracy of a powerful classifiers such as supportvector machines and neural networks. Blind Authentication addresses all the concerns-- 1) The ability to use strong encryption addresses template Protection issues as well as privacy concerns. 2) Non- repudiable authentication can be carried out even Between non-trusting client and server using a trusted Third party solution. 3) It provides provable protection against replay and client side attacks even if the keys of the user are compromised. 4) As the enrolled templates are encrypted using a key, one can replace any compromised template, providing revocability, while allaying concerns of being tracked.
Page 16 1.) FeatureExtraction In the first module is for feature extraction. From the biometric trait the essential feature is extracted. For this feature extraction we are using HILDITCH THINNING algorithm. 2.)Enrollment: In the previous section, we assumed that server has copies of the clients public key, E, as well as the classifier parameters that are encrypted using that key, E(ωi). These were sent to the server during the enrollment phase by a trusted enrollment server. Assuming a third party as the enrollment server gives us a flexible model, where the enrollment could also be done by the client or the server if the trust allows. During the enrollment, the client sends samples of her biometric to the enrollment server, who trains a classifier for the user. The trained parameters are encrypted and sent to the authentication server, and a notification is sent back to the client. Figures gives an overview of the enrollment process. The biometric samples sent by the client to the enrollment server could be digitally signed by the client and encrypted using the servers public key to protect it. ”’Enroplmentbased on a trusted third party’’’ The use of a third party for enrollment also allows for longterm learning by the enrollment server over a large numberof enrollments, thus improving the quality of the trainedclassifier. Algorithm 2 gives a step-by-step description of the enrollment process. Notethat the only information that is passed from the enrollment server to
Page 17 the authentication server is the users identity, her public key, the encrypted versions of the parameters, and a threshold value. Algorithm Enrolment: 1: Client collects multiple sample of her biometric, B1..k 2: Feature vectors, xi, are computed from each sample 3: Client sends xi, along with her identity and public key, E, to the enrollment server 4: Enrollment server uses xi and the information from other users to compute an authenticating classifier (ω, τ) for the user 5: The classifier parameters are encrypted using the users public key: E(ωi) 6: E(ωi)s, along with the user’s identity, the encryption key (E), and the threshold (τ), are sent to the authentication server for registration 7: The client is then notified about success
Page 18 3.)Authentication: To perform authentication ,the client locks the biometric test sample using her public key and sends the locked ID to the server .the server computes the products of the locked ID with the locked classifier parameters and randomizes products are sent back to the client . During the second round,the client unlocks the randomized sum is sent to the server . The server derandomizes the sum to obtain the final result ,which is compared with a threshold for authentication.
Page 19 Algorithm Authentication 1: Client computes feature vector, x1..n, from test data 2: Each feature xi is encrypted (E(xi)) and sent to server 3: Server computes kn+k random numbers, rji and λj , such that, ∀i, k Xj=1 λj rji = 1 4: Server computes E(ωi xi rji) = E(ωi) E(xi) E(rji) 5: The kn products thus generated are sent to the client 6: The client decrypts the products to obtain: ωi xi rji 7: Client returns Sj = n Xi=1 ωi xi rji to the server 8: Server computes S = k Xj=1 λj Sj 9: if S > τ then 10: return Accepted to the client 11: else 12: return Rejected to the client 13: end if
Page 20 Features of Blind Authentication: Security of the system refers to the ability of the system to With stand attacks from outside to gain illegal access or deny access to legitimate users. Since we are dealing with insecure networks, we are primarily concerned with the former. Security is hence a function of the specific biometric used as well as the overall design of the system. In terms of information revealed, security is related to the amount of information that is revealed to an attacker that would enable him to gain illegal access. Privacy on the other hand is related to the amount of user information that is revealed to the server. Ideally, one would like to reveal only the identity and no additional information. Most of the current systems provide very little privacy, and hence demands trust between the user and the server. An ideal biometric system would ensure privacy and hence need not demand any trust, thus making it applicable in a large set of applications. We now take a closer look at the security and privacy aspects of the proposed system. 1.System Security: Biometric systems are known to be more secure as compared to passwords or tokens, as they are difficult to reproduce. As the authentication process in the proposedsystem is directly based on biometrics we gain all the advantages of a generic biometric system. The security is further enhanced by the fact that an attacker needs to get access to both the user’s biometric as well as her private key to be able to poseas an enrolled user. 1.1) Server Security: We analyze the security at the server end using two possibleattacks on the server: Case 1:Hacker gainsaccess to the template database. In this case, all the templates (or classifier parameters) in the server are encrypted using the public key of the respective clients. Hence gaining access to each template is as hard as cracking the public key encryption algorithm. Moreover, if by any chance a template is suspected to be broken, one could create another one from a new public-private key pair. As the encryption’s are different, the templates would also be different. Brute-force cracking is practically impossible if one uses a probabilistic encryption scheme, even for limited-range data.
Page 21 Case 2:Hacker is in the databaseserver during the authentication. In such a situation, the hacker can try to extract information from his entire “view” of the protocol. 1.2) Client Security: At the client side, we will consider the following attack scenarios: Case 1:Hacker gainsaccess to the user’s biometric or private key. Our protocolcaptures the advantages of both the biometric authentication as well as the security of the PKC. If the attacker gets hold of the user’s biometric from external sources, he would also need the private key of the user to be able to use it. If only the private key of a user is revealed, the security for the effected individual falls back to that of using the plain biometric. Note that in practice, the private key is secured by storing it in a smart card, or in the computer using a fuzzy vault. In short, an impostor need to gain access to boththe private key and the biometric to poseas a user. Even in this case, only a single user will be affected, and replacing the lost key would prevent any further damages. In practice, periodic replacement of the private key is advisable as in any PKC-based system. Case 2:Passive attack at the user’s computer. In this case, the hacker is present in the user’s computer during the login process. As the private key can be secured in a hardware which performs the encryption, the hacker will not have direct access to the private key. In other words, he will only learn the intermediate values of the computations. The hackers view will consist of kn quadratic congruences: yirji, i ∈ [1, n], j ∈ [1, k] He further knows that there exists kλ is that satisfy n congruences: Pj λjrji%N = 1. Thus he has kn + n quadratic congruences in kn + n + k variables. Results in an effort equivalent to a brute force attack. However if the hacker can stay in the user’s computer over multiple authentications, then at some point of time, he will have sufficient number of congruences to solve for y Note that y is does not reveal any useful information about the classifier. Moreover, any partial information gained is of no use as an authentication cannot be performed without access to the private key.
Page 22 1.3) Network Security: An insecure network is snooping attacks. Let us consider the following attack scenarios: Attacker gainsaccess to the network. An attacke who may have control over the insecure network can watch the traffic on the network, as well as modify it. The confidentiality of the data flow over the network can be ensured using the standard cryptographic methods like symmetric ciphers and digital signatures. Furthermore, all the traffic on the network are encrypted either using the clients public key or using the random numbers generated by the server. Hence, even if successfully snooped upon, the attacker will not be able to decipher any information. A replay attack is also not possible as the data communicated during the second round of communication is dependent on the random numbers generated by the server. 2. Privacy: Privacy, as noted before deals with the amount of user information that is revealed to the server, during the process ofenrollment and authentication. We noted that there are two aspects of privacy to be dealt with: 2.1) Concern of revealing personal information: As the template or test biometric sample is never revealed to the server, the user need not worry that the use of biometrics might divulge any personal information other than her identity. 2.2) Concern of being tracked: One can use different keys for different applications (servers) and hence avoid being tracked across uses. In fact, even the choice biometric or real identity of the user itself is known only to the enrolling server. The authenticating server knows only the user ID communicated by the enrollment server and the biometric is obtained in the form of an encrypted feature vector. As the user and server need not trust each other, the framework is applicable to a variety of remote and on-site identity verification tasks. Moreover, we note that there is no delegation of trust by the server to a program or hardware at the user’s end, thus making it applicable to a variety of usage scenarios.
Page 23 ADVANTAGES OF BLIND AUTHENTICATION Fast and Provably Secure authentication without trading off accuracy. Supports generic classifiers such as Neural Network and SVMs. Useful with wide variety of fixed-length biometrictraits. Ideal for applications such as biometric ATMs, login from public terminals.
Page 24 CONCLUSION : The primary advantage of the proposed approachis that are able to achieve classification of a strongly encrypted feature vector using generic classifiers such as Neural Networks and SVMs. In fact, the authentication server need not know the specific biometric trait that is used by a particular user, which can even vary across users. Once a trusted enrollment server encrypts the classifier parameters for a specific biometric of a person, the authentication server is verifying the identity of a user with respectto that encryption. The real identity of the person is hence not revealed to the server, making the protocol, completely blind. This allows one to revoke enrolled templates by changing the encryption key, as well as use multiple keys across different servers to avoid being tracked, thus leading to better privacy. The proposedblind authentication is extremely secure under a variety of attacks and can be used with a wide variety of biometric traits. Protocols are designed to keep the interaction between the user and the server to a minimum with no resort to computationally expensive protocols. As the verification can be done in real-time with the help of available hardware, the approachis practical in many applications. The use of smart cards to hold encryption keys enables applications such as biometric ATMs and access of services from public terminals. Possible extensions to this work includes secure enrollment protocols and encryption methods to reduce computations. Efficient methods to do dynamic warping based matching of variable length feature vectors can further enhance the utility of the approach.
Page 25 Refrences: www.wikipedia.org www.studymafiya.org

Recommended

Blind authentication
Blind authenticationBlind authentication
Blind authentication
Pranjul Mishra
 
BIOMETRIC SECURITY SYSTEM
BIOMETRIC SECURITY SYSTEMBIOMETRIC SECURITY SYSTEM
BIOMETRIC SECURITY SYSTEM
Jignesh Prajapati
 
3D Password Presentation
3D Password Presentation3D Password Presentation
3D Password Presentation
Sambit Mishra
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryption
RK Nayak
 
Biometric Security Systems ppt
Biometric Security Systems pptBiometric Security Systems ppt
Biometric Security Systems ppt
OECLIB Odisha Electronics Control Library
 
3d password - Report
3d password - Report 3d password - Report
3d password - Report Sunanda Bansal
 
Biometrics
BiometricsBiometrics
Biometrics
umertariq12345
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8
RUpaliLohar
 

Recommended

Blind authentication
Blind authenticationBlind authentication
Blind authentication
Pranjul Mishra
 
BIOMETRIC SECURITY SYSTEM
BIOMETRIC SECURITY SYSTEMBIOMETRIC SECURITY SYSTEM
BIOMETRIC SECURITY SYSTEM
Jignesh Prajapati
 
3D Password Presentation
3D Password Presentation3D Password Presentation
3D Password Presentation
Sambit Mishra
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryption
RK Nayak
 
Biometric Security Systems ppt
Biometric Security Systems pptBiometric Security Systems ppt
Biometric Security Systems ppt
OECLIB Odisha Electronics Control Library
 
3d password - Report
3d password - Report 3d password - Report
3d password - Report Sunanda Bansal
 
Biometrics
BiometricsBiometrics
Biometrics
umertariq12345
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8
RUpaliLohar
 
Introduction to biometric systems security
Introduction to biometric systems securityIntroduction to biometric systems security
Introduction to biometric systems security
Self
 
Final Report Biometrics
Final Report BiometricsFinal Report Biometrics
Final Report Biometricsanoop80686
 
Biometric
BiometricBiometric
Biometric
pradeepa n
 
Kerberos
KerberosKerberos
Kerberos
Sparkbit
 
Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.
Pavan Kumar MT
 
SEMINAR REPORT ON 3D PASSWORD
SEMINAR REPORT ON 3D PASSWORDSEMINAR REPORT ON 3D PASSWORD
SEMINAR REPORT ON 3D PASSWORD
Karishma Khan
 
3d authentication
3d authentication3d authentication
3d authentication
sudheerpothu
 
Biometricsppt
BiometricspptBiometricsppt
BiometricspptDrKRBadhiti
 
Bio-metrics Authentication Technique
Bio-metrics Authentication TechniqueBio-metrics Authentication Technique
Bio-metrics Authentication TechniqueRekha Yadav
 
3D Password
3D Password3D Password
3D Password
Ankit Nagar
 
ATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSMATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSM
Alpesh Kurhade
 
3D PASSWORD SEMINAR
3D PASSWORD SEMINAR3D PASSWORD SEMINAR
3D PASSWORD SEMINAR
Karishma Khan
 
3D Password
3D Password3D Password
3D PasswordShubham Rungta
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
 
Biometrics
BiometricsBiometrics
Biometricsshweta-sharma99
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication
Mahesh Gadhwal
 
Cloud Vulnerabilities and Its Threats
Cloud Vulnerabilities and Its ThreatsCloud Vulnerabilities and Its Threats
Cloud Vulnerabilities and Its Threats
Ari Apridana
 
The 3-D Secure Protocol
The 3-D Secure ProtocolThe 3-D Secure Protocol
The 3-D Secure Protocol
Vlad Petre
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
Nishmitha B
 
Biometric technology
Biometric technologyBiometric technology
Biometric technologyDharmik
 

More Related Content

What's hot

Introduction to biometric systems security
Introduction to biometric systems securityIntroduction to biometric systems security
Introduction to biometric systems security
Self
 
Final Report Biometrics
Final Report BiometricsFinal Report Biometrics
Final Report Biometricsanoop80686
 
Biometric
BiometricBiometric
Biometric
pradeepa n
 
Kerberos
KerberosKerberos
Kerberos
Sparkbit
 
Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.
Pavan Kumar MT
 
SEMINAR REPORT ON 3D PASSWORD
SEMINAR REPORT ON 3D PASSWORDSEMINAR REPORT ON 3D PASSWORD
SEMINAR REPORT ON 3D PASSWORD
Karishma Khan
 
3d authentication
3d authentication3d authentication
3d authentication
sudheerpothu
 
Bio-metrics Authentication Technique
Bio-metrics Authentication TechniqueBio-metrics Authentication Technique
Bio-metrics Authentication TechniqueRekha Yadav
 
3D Password
3D Password3D Password
3D Password
Ankit Nagar
 
ATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSMATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSM
Alpesh Kurhade
 
3D PASSWORD SEMINAR
3D PASSWORD SEMINAR3D PASSWORD SEMINAR
3D PASSWORD SEMINAR
Karishma Khan
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication
Mahesh Gadhwal
 
Cloud Vulnerabilities and Its Threats
Cloud Vulnerabilities and Its ThreatsCloud Vulnerabilities and Its Threats
Cloud Vulnerabilities and Its Threats
Ari Apridana
 
The 3-D Secure Protocol
The 3-D Secure ProtocolThe 3-D Secure Protocol
The 3-D Secure Protocol
Vlad Petre
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
 

What's hot (20)

Introduction to biometric systems security
Introduction to biometric systems securityIntroduction to biometric systems security
Introduction to biometric systems security
 
Final Report Biometrics
Final Report BiometricsFinal Report Biometrics
Final Report Biometrics
 
Biometric
BiometricBiometric
Biometric
 
Kerberos
KerberosKerberos
Kerberos
 
Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.
 
SEMINAR REPORT ON 3D PASSWORD
SEMINAR REPORT ON 3D PASSWORDSEMINAR REPORT ON 3D PASSWORD
SEMINAR REPORT ON 3D PASSWORD
 
3d authentication
3d authentication3d authentication
3d authentication
 
Biometricsppt
BiometricspptBiometricsppt
Biometricsppt
 
Bio-metrics Authentication Technique
Bio-metrics Authentication TechniqueBio-metrics Authentication Technique
Bio-metrics Authentication Technique
 
3D Password
3D Password3D Password
3D Password
 
ATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSMATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSM
 
3D PASSWORD SEMINAR
3D PASSWORD SEMINAR3D PASSWORD SEMINAR
3D PASSWORD SEMINAR
 
3D Password
3D Password3D Password
3D Password
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Biometrics
BiometricsBiometrics
Biometrics
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication
 
Cloud Vulnerabilities and Its Threats
Cloud Vulnerabilities and Its ThreatsCloud Vulnerabilities and Its Threats
Cloud Vulnerabilities and Its Threats
 
The 3-D Secure Protocol
The 3-D Secure ProtocolThe 3-D Secure Protocol
The 3-D Secure Protocol
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 

Viewers also liked

A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
Nishmitha B
 
Biometric technology
Biometric technologyBiometric technology
Biometric technologyDharmik
 
Technical seminar report on
Technical seminar report onTechnical seminar report on
Technical seminar report onBalveer Rathore
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - ReportNavin Kumar
 
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...
Henry Chukwuemeka Paul
 
Rover technology
Rover technologyRover technology
Rover technology
Sumit Srivastava
 
Biometric Technology and Human Factor Engineering
Biometric Technology and Human Factor EngineeringBiometric Technology and Human Factor Engineering
Biometric Technology and Human Factor Engineering
M2SYS Technology
 
Maneesh p
Maneesh pManeesh p
Maneesh p
Madurai Kamaraj University
 
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
Eswar Publications
 
biometric technology
biometric technologybiometric technology
biometric technology
Anmol Bagga
 
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
hiij
 
BIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPTBIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPT
sravya raju
 
Sample seminar report
Sample seminar reportSample seminar report
Sample seminar reportFarman Khan
 
Seminar on atm
Seminar on atmSeminar on atm
Seminar on atm
khurda
 
Ceramic Bearing ppt
Ceramic Bearing pptCeramic Bearing ppt
Ceramic Bearing ppt
Seminar Links
 

Viewers also liked (15)

A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
 
Biometric technology
Biometric technologyBiometric technology
Biometric technology
 
Technical seminar report on
Technical seminar report onTechnical seminar report on
Technical seminar report on
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - Report
 
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...
BIOMETRIC AND RFID TECHNOLOGY FUSSION: A SECURITY AND MONITORING MEASURES TO ...
 
Rover technology
Rover technologyRover technology
Rover technology
 
Biometric Technology and Human Factor Engineering
Biometric Technology and Human Factor EngineeringBiometric Technology and Human Factor Engineering
Biometric Technology and Human Factor Engineering
 
Maneesh p
Maneesh pManeesh p
Maneesh p
 
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
 
biometric technology
biometric technologybiometric technology
biometric technology
 
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
 
BIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPTBIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPT
 
Sample seminar report
Sample seminar reportSample seminar report
Sample seminar report
 
Seminar on atm
Seminar on atmSeminar on atm
Seminar on atm
 
Ceramic Bearing ppt
Ceramic Bearing pptCeramic Bearing ppt
Ceramic Bearing ppt
 

Similar to Final report

Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02Hai Nguyen
 
Biometrics security
Biometrics securityBiometrics security
Biometrics security
Vuda Sreenivasarao
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper Example
Kayla Perry
 
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...
Editor IJCATR
 
Efficient and secure authentication on remote server using stegno video objec...
Efficient and secure authentication on remote server using stegno video objec...Efficient and secure authentication on remote server using stegno video objec...
Efficient and secure authentication on remote server using stegno video objec...
pradip patel
 
IRJET- Fingerprint based Folder Lock
IRJET- Fingerprint based Folder LockIRJET- Fingerprint based Folder Lock
IRJET- Fingerprint based Folder Lock
IRJET Journal
 
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdfRole Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
Bahaa Abdulhadi
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IRJET Journal
 
Multi-factor Implicit Biometric Authentication: Analysis and Approach
Multi-factor Implicit Biometric Authentication: Analysis and ApproachMulti-factor Implicit Biometric Authentication: Analysis and Approach
Multi-factor Implicit Biometric Authentication: Analysis and Approach
Jigisha Aryya
 
What Is Biometric Authentication? A Complete Overview | Enterprise Wired
What Is Biometric Authentication? A Complete Overview | Enterprise WiredWhat Is Biometric Authentication? A Complete Overview | Enterprise Wired
What Is Biometric Authentication? A Complete Overview | Enterprise Wired
Enterprise Wired
 
IRJET- Electronic Health Records
IRJET- Electronic Health RecordsIRJET- Electronic Health Records
IRJET- Electronic Health Records
IRJET Journal
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to Biometrics
YogeshIJTSRD
 
Rothke Tomhave The Biometric Devils In The Details
Rothke Tomhave The Biometric Devils In The DetailsRothke Tomhave The Biometric Devils In The Details
Rothke Tomhave The Biometric Devils In The Details
Ben Rothke
 
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
ijtsrd
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdfAnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
tonkung6
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 

Similar to Final report (20)

Biometrics
BiometricsBiometrics
Biometrics
 
Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02
 
Biometrics security
Biometrics securityBiometrics security
Biometrics security
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
 
term 2
term 2term 2
term 2
 
Brafton White Paper Example
Brafton White Paper ExampleBrafton White Paper Example
Brafton White Paper Example
 
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...
A Study of Approaches and Measures aimed at Securing Biometric Fingerprint Te...
 
Efficient and secure authentication on remote server using stegno video objec...
Efficient and secure authentication on remote server using stegno video objec...Efficient and secure authentication on remote server using stegno video objec...
Efficient and secure authentication on remote server using stegno video objec...
 
IRJET- Fingerprint based Folder Lock
IRJET- Fingerprint based Folder LockIRJET- Fingerprint based Folder Lock
IRJET- Fingerprint based Folder Lock
 
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdfRole Of Biometric Security- Bahaa Abdul Hadi.pdf
Role Of Biometric Security- Bahaa Abdul Hadi.pdf
 
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...
 
Multi-factor Implicit Biometric Authentication: Analysis and Approach
Multi-factor Implicit Biometric Authentication: Analysis and ApproachMulti-factor Implicit Biometric Authentication: Analysis and Approach
Multi-factor Implicit Biometric Authentication: Analysis and Approach
 
What Is Biometric Authentication? A Complete Overview | Enterprise Wired
What Is Biometric Authentication? A Complete Overview | Enterprise WiredWhat Is Biometric Authentication? A Complete Overview | Enterprise Wired
What Is Biometric Authentication? A Complete Overview | Enterprise Wired
 
IRJET- Electronic Health Records
IRJET- Electronic Health RecordsIRJET- Electronic Health Records
IRJET- Electronic Health Records
 
Iciea08
Iciea08Iciea08
Iciea08
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to Biometrics
 
Rothke Tomhave The Biometric Devils In The Details
Rothke Tomhave The Biometric Devils In The DetailsRothke Tomhave The Biometric Devils In The Details
Rothke Tomhave The Biometric Devils In The Details
 
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdfAnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 

Recently uploaded

block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
manasideore6
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
BrazilAccount1
 

Recently uploaded (20)

block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
 

Final report

  • 1. Page 1 A Seminar Report On BLIND AUTHENTICATION:A SECURE CRYPTO- BIOMETRIC AUTHENTICATION PROTOCOL Submitted in partial fulfillment of the Requirement for the award of the degree Of Master of Computer Applications By PRANJUL MISHRA ROLL NO: 2014024132 M.C.A. 2nd YEAR Session: 2015-16 Under the Guidance of Mr. M. Hasan Department of Computer Science and Engineering Madan Mohan Malaviya University of Technology, Gorakhpur-273010
  • 2. Page 2 PREFACE I have made this report file on the topic BLIND AUTHENTICATION: A SECURE CRYPTO-BIOMETRIC AUTHENTICATION PROTOCOL I have tried my best to elucidate all the relevant detail to the topic to be included in the report. While in the beginning I have tried to give a general view about this topic. My efforts and wholehearted co-corporation of each and every one has ended on a successful note. I express my sincere gratitude to Mr. M. Hasan, who assisting me throughout the preparation of this topic. I thank him for providing me the reinforcement, confidence and most importantly the track for the topic whenever I needed it. We are thankful to Dr.Udai Shankar Head of department, Department of Computer Science & Engineering for providing us department labs and terminals for our Seminar and other teachers Department of Computer Science & Engineering for their friendly treatment and cooperation in the valuable advice and suggestion.
  • 3. Page 3 SR TOPIC PAGE NO. 1 Abstract 3 2 Introduction 4 3 Introduction to biometric 6 4 Primary concern in biometric System 9 5 Related work 10 6 Blind authentication Process 15 7 Features of blind authentication 20 8 Advantages of blind authentication 23 9 Conclusion 24 10 Refrences 25
  • 4. Page 4 ABSTRACT: Biometric authentication systems are primarily centered around template security , revocability and privacy . The use of cryptographic primitives to bolster the authentication process can alleviate some of these concerns as shown by biometric cryptosystems. we propose a provably secure and blind biometric authentication protocol, which addresses the concerns of user’s privacy, template protection, and trust issues. The protocol is blind in the sense that it reveals only the identity, and no additional information about the user or the biometric to the authenticating server or vice-versa. As the protocol is based on asymmetric encryption of the biometric data, it captures the advantages of biometric authentication as well as the security of public key cryptography. The authentication protocol can run over public networks and provide non-repudiable identity verification. The encryption also provides template protection, the ability to revoke enrolled templates, and alleviates the concerns on privacy in widespread use of biometrics.
  • 5. Page 5 INTRODUCTION: BIOMETRIC authentication systems are gaining widespread popularity in recent years due to the advances in sensortechnologies as well as improvements in the matching algorithms that make the systems both secure and costeffective.They are ideally suited for both high security and remote authentication applications due to the non-repudiable nature and user convenience. Most biometric systems assume that the template in the system is secure due to human supervision (e.g., immigration checks and criminal database search) or physical protection (e.g., laptop locks and doorlocks). However, a variety of applications of authentication need to work over a partially secure or insecure networks such as an ATM networks or the Internet. Authentication over insecure public networks or with untrusted servers raises more concerns in privacy and security. The primary concern is related to the security of the plain biometric templates, which cannot be replaced, once they are compromised .The privacy concerns arise from the fact that the biometric samples reveal more information about its owner (medical,food habits, etc.) in addition to the identity. Widespread use of biometric authentication also raises concerns of tracking a person, as every activity that requires authentication can be uniquely assigned to an individual. To clarify our problem let us consider the following usage scenario: “Alice wants to create an accountin Bobmail, that requires biometrics based authentication. However, she neither trusts Bob to handleher biometric data securely, nor trusts the network to send her plain biometric.” The primary problem here is that, for Alice, Bob could either be incompetent to secure her biometric or even curious to try and gain access to her biometric data, while the authentication is going on. So Alice does not want to give her biometric data in plain to Bob. On the other hand, Bob does not trust the client as she could be an impostor. She could also repudiate her access to the service at a later time. For bothparties, the network is insecure. A biometric system that can work securely and reliably under such circumstances can have a multitude of applications varying from accessing remote servers to e-shopping over the Internet.
  • 6. Page 6 Introduction to biometric : A biometric is a physiological or behavioral characteristic of a human being that can distinguish one personfrom another and that theoretically can be used for identification or verification of identity.
  • 7. Page 7 Comparisonof BiometricSystem: Physiologicalbiometric: 1.Fingerprint Recognition: a) No two persons share the same fingerprints b) Wet, dry, or dirty skin may create problems 2. Face Recognition a) One of the most acceptable biometrics b) Not accurate and dependable 3. Hand Geometry a) Include length and width of fingers, different aspect ratios of palm and fingers, thickness and width of the palm etc. b) Existing hand geometry systems mostly use images of the hand 4.Iris Recognition a) Reliable and accurate b) Believed to be unique in every individual c) Not work for people who are missing both eyes or who have serious eye illnesses that affect the iris.
  • 8. Page 8 BEHAVIORAL BIOMETRICS: 1. Signature a) High degree of acceptance b) Signatures lack permanence c) Static signature verification systems & Dynamic signature verification systems 2. Voice a) Depend on numerous characteristics of a human voice to identify the speaker b) Does not require expensive input devices c) Issues- may skillfully imitate others' voices, record and replay attacks
  • 9. Page 9 Primary concerns in biometric authentication System: a) Template protection: As a biometric do not change over time, one cannot revoke an enrolled plain biometric. Hence, critical information could be revealed if the server’s biometric template database is compromised. b) User’s privacy: i) The activities of a person could be tracked, as the biometric is unique to a person ii) Certain biometrics may reveal personal information about a user (e.g., medical or food habits), in addition to identity. c)Trust between user and server: In widespread use, all authenticatingservers may not be competent or trustworthy to securely handle a user’s plain biometric, while a remote user cannot be reliably identified without biometric information. d) Network security: As the authentication is done over an insecure network, anyone snooping the network could gain access to the biometric information being transmitted.
  • 10. Page 10 Relatedwork: The previous work in the area of encryption based security of biometric templates tend to model the problem as that of building a classification system that separates the genuine and impostor samples in the encrypted domain . However a strong encryption mechanism destroys any pattern in the data, which adversely affects the accuracy of verification. Hence, any such matching mechanism necessarily makes a compromise between template security (strong encryption) and accuracy (retaining patterns in the data). The primary difference in our approachis that we are able to design the classifier in the plain feature space, which allows us t maintain the performance of the biometric itself, while carrying out the authentication on data with strong encryption, which provides high security/privacy . Over the years a number of attempts have been made to address the problem of template protection and privacy concerns and despite all efforts, as A.K. Jain et al. puts it, a templateprotection scheme with provable security and acceptable recognition performance hasthus far remained elusive. In this section, we will look at the existing work in light of this security-accuracy dilemma, and understand how this can be overcome by communication between the authenticating server and the client.
  • 11. Page 11 The previous work in area of encryption based security of biometric templates tends to model the problem as that of building a classification system that separates the genuine and impostor samples in the encrypted domain. However, a strong encryption mechanism destroys any pattern in the data , which adversely affects the accuracy of verification . Hence any such matching mechanism necessarily makes a compromise between templates security and accuracy. The primary difference in our approachis that we are able to design a classifier in the plane feature space, which allows us to maintain the performance of the biometric itself ,while carrying out the authentication on data with strong encryption ,which provides high security /privacy. Over a years a number of attempts have been made to address the problem of templates protection and privacy concerns and despite all efforts ,puts it ,”a template protection scheme with provable security and acceptable recognition performance has thus far remind elusive “. In the section, we will look at the existing work in light of this security -accuracy and understand how this can be overcome by communication between authenticating server and the client.
  • 12. Page 12 Salting: The first class of feature transformation approaches knownas Salting offers security using a transformation functionseeded by a user specific key. The strength of the approachlies in the strength of the key. A classifier is then designed in the encrypted feature space. Although the standard cryptographic encryption such as AES or RSA offers secure transformation functions, they cannot be used in this case. The inherent property of dissimilarity between two instances of the biometric trait from the same person, leads to large differences in their encrypted versions. This leads to a restriction on the possible functions that can be used and in salting, resulting in a compromise made between security and the performance. Some of the popular salting based approaches are biohashing and salting for face template protection . Moreover, salting based solutions are usually specific to a biometric trait, and in general do not offer well defined security. Kong et al. do a detailed analysis of the current biohashing based biometric approaches . They conclude that the zero EER reported by many papers is obtained in carefully set experimental conditions and unrealistic under assumptions from a practical view point. The second category of approaches identified as Noninvertible transform applies a trait specific non-invertible function on the biometric template so as to secure it. The parameters of the transformation function are defined by a key which must be available at the time of authentication to transform the query feature set. Some of the popular approaches that fall into this category are RobustHashing and Cancelable Templates Cancelable templates allows one to replace a leaked template, while reducing the amount of information revealed through the leak, thus addressing some of the privacy concerns. However, suchmethods are often biometric specific and do not make any guarantees on preservation of privacy , especially when the server is not trusted. Methods to detect tampering of the enrolled templates help in improving the security of the overall system. Boult et al. extended the above approachto stronger encryption, and proposedan encrypted minutia representation and matching scheme of fingerprints. The position information of a minutia is divided into a stable integer part and a variable increment. A Biotoken consists of the encrypted integer part and the increment information in plain. A specific matching algorithm was proposed to match the biotokens for verification. The approachprovides provable template security as a strong encryption is used. Moreover, the matching is efficient, and is shown to even improve the matching accuracy. However, the primary fact that encryption is applied to part of the data, which itself is quantized, may mean some amount of compromise between security and accuracy. An extension to the above work based on re-encoding methodology for revocable biotokens is proposedby
  • 13. Page 13 the authors . In this method, the computed biotoken is re-encoded using a series of unique new transformation functions to generate a Bipartite Biotoken. For every authentication, the server computes a new bipartite biotoken, which is to be matched by the client against the biotoken generated by him. The method significantly enhances the template security as compared to the original protocol. Moreover, as bipartite biotoken is different for each authentication request, replay attacks are not possible. However, in the current form, the base biotoken is available (in plain) with the server, and if the biotoken database is compromised, a hacker can gain access to all the users’accounts until the biotokens are replaced. The method aims at securing the actual biometric template, which cannot be recovered from a secure biotoken. The third and fourth classes are both variations of Biometric cryptosystems. They try to integrate the advantages of both biometrics and cryptography to enhance the overall security and privacy of an authentication system. Such systems are primarily aimed at using the biometric as a protection for a secret key (Key Binding approach or use the biometric data to directly generate a secret key (Key Generation approach). The authentication is done using the key,which is unlocked/generated by the biometric. Such systems can operate in two modes in the case of remote authentication. In the first case, the key is unlocked/generated at the client end,which is sent to the server for authentication, which will ensure security of the template, and provide user privacy. However, this would become a key based authentication scheme and would lose the primary advantage of biometric authentication, which is its non- repudiable nature. In the second case, the plain biometric needs to be transmitted from the user to the server, both during enrollment and during authentication. This inherently leaks more information about the user than just the identity, and the users need to trust the server to maintain their privacy. Moreover, authenticating over an insecure network makes the plain biometric vulnerable to spoofing attacks . Biometric cryptosystem: Biometric cryptosystems based approaches such as FuzzyVault and Fuzzy extractor in their true form lack diversity and revocability. According to Dr. Jain a performance degradation usually takes place as the matching is done using error correction schemes. This precludes the use of sophisticated matchers developed specifically for matching the original biometric template. Biometric cryptosystems,
  • 14. Page 14 along with salting based approaches introduce diversity and revocability in them. Moreover, Walter demonstrated a method for recovering the plain biometric from two or more independent secrets secured using the same biometric. Demerits of Existing process: *.) less privacy: *.) less security *.) difficult to perform verification
  • 15. Page 15 Blind Authenticationprocess: blind biometric authentication protocol, which addresses the concerns of user’s privacy, template protection, and trust issues. The protocolis blind in the sense that it reveals only the identity, and no additional information about the user or the biometric to the authenticating server . Blind authentication is able to achieve both strong encryption based encryption based security as well as accuracy of a powerful classifiers such as supportvector machines and neural networks. Blind Authentication addresses all the concerns-- 1) The ability to use strong encryption addresses template Protection issues as well as privacy concerns. 2) Non- repudiable authentication can be carried out even Between non-trusting client and server using a trusted Third party solution. 3) It provides provable protection against replay and client side attacks even if the keys of the user are compromised. 4) As the enrolled templates are encrypted using a key, one can replace any compromised template, providing revocability, while allaying concerns of being tracked.
  • 16. Page 16 1.) FeatureExtraction In the first module is for feature extraction. From the biometric trait the essential feature is extracted. For this feature extraction we are using HILDITCH THINNING algorithm. 2.)Enrollment: In the previous section, we assumed that server has copies of the clients public key, E, as well as the classifier parameters that are encrypted using that key, E(ωi). These were sent to the server during the enrollment phase by a trusted enrollment server. Assuming a third party as the enrollment server gives us a flexible model, where the enrollment could also be done by the client or the server if the trust allows. During the enrollment, the client sends samples of her biometric to the enrollment server, who trains a classifier for the user. The trained parameters are encrypted and sent to the authentication server, and a notification is sent back to the client. Figures gives an overview of the enrollment process. The biometric samples sent by the client to the enrollment server could be digitally signed by the client and encrypted using the servers public key to protect it. ”’Enroplmentbased on a trusted third party’’’ The use of a third party for enrollment also allows for longterm learning by the enrollment server over a large numberof enrollments, thus improving the quality of the trainedclassifier. Algorithm 2 gives a step-by-step description of the enrollment process. Notethat the only information that is passed from the enrollment server to
  • 17. Page 17 the authentication server is the users identity, her public key, the encrypted versions of the parameters, and a threshold value. Algorithm Enrolment: 1: Client collects multiple sample of her biometric, B1..k 2: Feature vectors, xi, are computed from each sample 3: Client sends xi, along with her identity and public key, E, to the enrollment server 4: Enrollment server uses xi and the information from other users to compute an authenticating classifier (ω, τ) for the user 5: The classifier parameters are encrypted using the users public key: E(ωi) 6: E(ωi)s, along with the user’s identity, the encryption key (E), and the threshold (τ), are sent to the authentication server for registration 7: The client is then notified about success
  • 18. Page 18 3.)Authentication: To perform authentication ,the client locks the biometric test sample using her public key and sends the locked ID to the server .the server computes the products of the locked ID with the locked classifier parameters and randomizes products are sent back to the client . During the second round,the client unlocks the randomized sum is sent to the server . The server derandomizes the sum to obtain the final result ,which is compared with a threshold for authentication.
  • 19. Page 19 Algorithm Authentication 1: Client computes feature vector, x1..n, from test data 2: Each feature xi is encrypted (E(xi)) and sent to server 3: Server computes kn+k random numbers, rji and λj , such that, ∀i, k Xj=1 λj rji = 1 4: Server computes E(ωi xi rji) = E(ωi) E(xi) E(rji) 5: The kn products thus generated are sent to the client 6: The client decrypts the products to obtain: ωi xi rji 7: Client returns Sj = n Xi=1 ωi xi rji to the server 8: Server computes S = k Xj=1 λj Sj 9: if S > τ then 10: return Accepted to the client 11: else 12: return Rejected to the client 13: end if
  • 20. Page 20 Features of Blind Authentication: Security of the system refers to the ability of the system to With stand attacks from outside to gain illegal access or deny access to legitimate users. Since we are dealing with insecure networks, we are primarily concerned with the former. Security is hence a function of the specific biometric used as well as the overall design of the system. In terms of information revealed, security is related to the amount of information that is revealed to an attacker that would enable him to gain illegal access. Privacy on the other hand is related to the amount of user information that is revealed to the server. Ideally, one would like to reveal only the identity and no additional information. Most of the current systems provide very little privacy, and hence demands trust between the user and the server. An ideal biometric system would ensure privacy and hence need not demand any trust, thus making it applicable in a large set of applications. We now take a closer look at the security and privacy aspects of the proposed system. 1.System Security: Biometric systems are known to be more secure as compared to passwords or tokens, as they are difficult to reproduce. As the authentication process in the proposedsystem is directly based on biometrics we gain all the advantages of a generic biometric system. The security is further enhanced by the fact that an attacker needs to get access to both the user’s biometric as well as her private key to be able to poseas an enrolled user. 1.1) Server Security: We analyze the security at the server end using two possibleattacks on the server: Case 1:Hacker gainsaccess to the template database. In this case, all the templates (or classifier parameters) in the server are encrypted using the public key of the respective clients. Hence gaining access to each template is as hard as cracking the public key encryption algorithm. Moreover, if by any chance a template is suspected to be broken, one could create another one from a new public-private key pair. As the encryption’s are different, the templates would also be different. Brute-force cracking is practically impossible if one uses a probabilistic encryption scheme, even for limited-range data.
  • 21. Page 21 Case 2:Hacker is in the databaseserver during the authentication. In such a situation, the hacker can try to extract information from his entire “view” of the protocol. 1.2) Client Security: At the client side, we will consider the following attack scenarios: Case 1:Hacker gainsaccess to the user’s biometric or private key. Our protocolcaptures the advantages of both the biometric authentication as well as the security of the PKC. If the attacker gets hold of the user’s biometric from external sources, he would also need the private key of the user to be able to use it. If only the private key of a user is revealed, the security for the effected individual falls back to that of using the plain biometric. Note that in practice, the private key is secured by storing it in a smart card, or in the computer using a fuzzy vault. In short, an impostor need to gain access to boththe private key and the biometric to poseas a user. Even in this case, only a single user will be affected, and replacing the lost key would prevent any further damages. In practice, periodic replacement of the private key is advisable as in any PKC-based system. Case 2:Passive attack at the user’s computer. In this case, the hacker is present in the user’s computer during the login process. As the private key can be secured in a hardware which performs the encryption, the hacker will not have direct access to the private key. In other words, he will only learn the intermediate values of the computations. The hackers view will consist of kn quadratic congruences: yirji, i ∈ [1, n], j ∈ [1, k] He further knows that there exists kλ is that satisfy n congruences: Pj λjrji%N = 1. Thus he has kn + n quadratic congruences in kn + n + k variables. Results in an effort equivalent to a brute force attack. However if the hacker can stay in the user’s computer over multiple authentications, then at some point of time, he will have sufficient number of congruences to solve for y Note that y is does not reveal any useful information about the classifier. Moreover, any partial information gained is of no use as an authentication cannot be performed without access to the private key.
  • 22. Page 22 1.3) Network Security: An insecure network is snooping attacks. Let us consider the following attack scenarios: Attacker gainsaccess to the network. An attacke who may have control over the insecure network can watch the traffic on the network, as well as modify it. The confidentiality of the data flow over the network can be ensured using the standard cryptographic methods like symmetric ciphers and digital signatures. Furthermore, all the traffic on the network are encrypted either using the clients public key or using the random numbers generated by the server. Hence, even if successfully snooped upon, the attacker will not be able to decipher any information. A replay attack is also not possible as the data communicated during the second round of communication is dependent on the random numbers generated by the server. 2. Privacy: Privacy, as noted before deals with the amount of user information that is revealed to the server, during the process ofenrollment and authentication. We noted that there are two aspects of privacy to be dealt with: 2.1) Concern of revealing personal information: As the template or test biometric sample is never revealed to the server, the user need not worry that the use of biometrics might divulge any personal information other than her identity. 2.2) Concern of being tracked: One can use different keys for different applications (servers) and hence avoid being tracked across uses. In fact, even the choice biometric or real identity of the user itself is known only to the enrolling server. The authenticating server knows only the user ID communicated by the enrollment server and the biometric is obtained in the form of an encrypted feature vector. As the user and server need not trust each other, the framework is applicable to a variety of remote and on-site identity verification tasks. Moreover, we note that there is no delegation of trust by the server to a program or hardware at the user’s end, thus making it applicable to a variety of usage scenarios.
  • 23. Page 23 ADVANTAGES OF BLIND AUTHENTICATION Fast and Provably Secure authentication without trading off accuracy. Supports generic classifiers such as Neural Network and SVMs. Useful with wide variety of fixed-length biometrictraits. Ideal for applications such as biometric ATMs, login from public terminals.
  • 24. Page 24 CONCLUSION : The primary advantage of the proposed approachis that are able to achieve classification of a strongly encrypted feature vector using generic classifiers such as Neural Networks and SVMs. In fact, the authentication server need not know the specific biometric trait that is used by a particular user, which can even vary across users. Once a trusted enrollment server encrypts the classifier parameters for a specific biometric of a person, the authentication server is verifying the identity of a user with respectto that encryption. The real identity of the person is hence not revealed to the server, making the protocol, completely blind. This allows one to revoke enrolled templates by changing the encryption key, as well as use multiple keys across different servers to avoid being tracked, thus leading to better privacy. The proposedblind authentication is extremely secure under a variety of attacks and can be used with a wide variety of biometric traits. Protocols are designed to keep the interaction between the user and the server to a minimum with no resort to computationally expensive protocols. As the verification can be done in real-time with the help of available hardware, the approachis practical in many applications. The use of smart cards to hold encryption keys enables applications such as biometric ATMs and access of services from public terminals. Possible extensions to this work includes secure enrollment protocols and encryption methods to reduce computations. Efficient methods to do dynamic warping based matching of variable length feature vectors can further enhance the utility of the approach.