This document proposes and evaluates a system using RSA public key encryption, fingerprint authentication, and the Apriori algorithm to prevent information leakage. The system generates encryption keys for users based on registration details including fingerprints. Users encrypt messages with the public key before sending. The administrator verifies identities using fingerprints matched with the Apriori algorithm before decrypting messages with the private key. The system was tested on a university network and achieved high security preventing unauthorized access to data.
Behavioural biometrics and cognitive security authentication comparison studyacijjournal
Behavioural
biometrics is a scien
tific study with the primary purpose of identifying the authenticity of a
user based on the way they interact with an authentication mechanism. While Association based password
authentication is a cognitive model of authentication system.
The work done shows the implementation of Keyboard Latency technique for Authentication,
implementation of Association Based Password authentication and comparison among two. There are
several forms of behavioural biometrics such as voice analysis, signat
ure verification, and keystroke
dynamics. In this study, evidence is presented indicating that keystroke dynamics is a viable method not
only for user verification, but also for identification as well. The work presented in this model borrows
ideas from th
e bioinformatics literature such as position specific scoring matrices (motifs) and multiple
sequence alignments to provide a novel approach to user verification and identification within the context
of a keystroke dynamics based user authentication system
. Similarly Cognitive approach can be defined in
many ways of which one is association based Technique for authentication
Secure system based on recombined fingerprints for sharing multimedia files i...eSAT Journals
Abstract In this paper the execution time is less when compared to previous algorithm. And also it provide security between the merchant and buyer The traitor tracing protocol is used to detect the illegal transaction. Here we used fingerprinting solution to avoid illegal redistribution of multimedia contents. Here we convert the multimedia video file into image then encrypting the image after the encrypted image will be transferred from merchant to buyer. The buyer receives the copyright protection from merchant, he decrypts the image then converts it into video. After that, the copyright protection of file is transferred to child buyer. Then tracing traitor protocol is used to checks the fingerprints for merchant to buyer and buyer to child buyer. Traitor tracing protocol is used to detect the illegal transaction of the content. The Blowfish algorithm is used to encrypt and decrypt the multimedia files. Finally we detect the performance of our work based on efficiency, accuracy and we achieve security. Keywords: Fingerprint, Multimedia files, Blowfish algorithm, Merchant, Buyer, Child Buyer, Copyright Protection
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
Behavioural biometrics and cognitive security authentication comparison studyacijjournal
Behavioural
biometrics is a scien
tific study with the primary purpose of identifying the authenticity of a
user based on the way they interact with an authentication mechanism. While Association based password
authentication is a cognitive model of authentication system.
The work done shows the implementation of Keyboard Latency technique for Authentication,
implementation of Association Based Password authentication and comparison among two. There are
several forms of behavioural biometrics such as voice analysis, signat
ure verification, and keystroke
dynamics. In this study, evidence is presented indicating that keystroke dynamics is a viable method not
only for user verification, but also for identification as well. The work presented in this model borrows
ideas from th
e bioinformatics literature such as position specific scoring matrices (motifs) and multiple
sequence alignments to provide a novel approach to user verification and identification within the context
of a keystroke dynamics based user authentication system
. Similarly Cognitive approach can be defined in
many ways of which one is association based Technique for authentication
Secure system based on recombined fingerprints for sharing multimedia files i...eSAT Journals
Abstract In this paper the execution time is less when compared to previous algorithm. And also it provide security between the merchant and buyer The traitor tracing protocol is used to detect the illegal transaction. Here we used fingerprinting solution to avoid illegal redistribution of multimedia contents. Here we convert the multimedia video file into image then encrypting the image after the encrypted image will be transferred from merchant to buyer. The buyer receives the copyright protection from merchant, he decrypts the image then converts it into video. After that, the copyright protection of file is transferred to child buyer. Then tracing traitor protocol is used to checks the fingerprints for merchant to buyer and buyer to child buyer. Traitor tracing protocol is used to detect the illegal transaction of the content. The Blowfish algorithm is used to encrypt and decrypt the multimedia files. Finally we detect the performance of our work based on efficiency, accuracy and we achieve security. Keywords: Fingerprint, Multimedia files, Blowfish algorithm, Merchant, Buyer, Child Buyer, Copyright Protection
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
In this paper the signature of a person is taken as input which is encrypted using
hierarchical visual cryptography. By using HVC the input signature will be divided into four shares.
From that any three are taken to generate key share. Another fragmentation should handover to the
authenticated server. The authenticated server should maintain the generated key and fourth
fragmentation. Only the authorized user can be accessed. If the receiver identifies the fourth
fragmentation and decrypt they got message by using HVC. It is insecure process because anybody
can hack the decrypted message easily. For the secure process the authenticated server generate a
password while transferring a message. The authenticated person can only able to got that message.
The authenticated server checks whether the person should be authorized user or not, while starting
their conversation. It provides more security and challenged for the hackers.
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...ijcisjournal
Securing data storage using biometrics is the current trend. Different physiological as well as behavioral biometrics like face, fingerprint, iris, Gait, voice etc.. is used in providing security to the data. The proposed work explains about the biometric encryption technology which will securely generate a digital key using two biometric modalities. Iris is encrypted using Fingerprint ID of 32-bit as the key in this work.
For encryption Blowfish algorithm is used and the encrypted template is stored in the database and one is given to the user. During the authentication time user input the template and the fingerprint. This template is then decrypted and verified with the original template taken from the database to check whether the user is genuine or an imposter. Hamming distance is used to measure the matching of the templates. CASIA Iris
database is used for experimentation and fingerprint images read through the R303 - fingerprint reader.
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
Cost effective authentic and anonymous data sharing with forward security
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
SECURITY ANALYSIS ON PASSWORD AUTHENTICATION SYSTEM OF WEB PORTALcscpconf
Portal site is not only providing search engine and e-mail service but also various services including blog, news, shopping, and others. The fact that average number of daily login for Korean portal site Naver is reaching 300 million suggests that many people are using portal sites. One of the most famous social network service, Facebook subscribers to reach 1.2 billion 30 million people at the time of the February 2014. With the increase in number of users
followed by the diversity in types of services provided by portal sites and SNS, the attack is also increasing. Therefore, the objective of this study lies in analysing whole procedure of password authentication system of portal sites, SNS and analysing the security threat that may occur accordingly. Also, the security requirement corresponding to analysed security threat was extracted and the analysis on implementation of security requirements by portal sites and SNS
was conducted.
Privacy - Preserving Reputation with Content Protecting Location Based Queriesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Architectural Layers of Internet of Things: Analysis of Security Threats and ...Scientific Review SR
A pervasive network architecture that interconnect heterogeneous objects, devices, technologies and services called
Internet of Things has prompted a drastic change in demand of smart devices which in turn has increased the rate of
data exchange. These smart devices are built with numerous sensors which collect information from other interacting
devices, process it and send it to remote locations for storage or further processing. Although this mechanism of data
processing and sharing has contributed immensely to the information world, it has recently posed high security risk
on privacy and data confidentiality. This paper therefore analyses different security threats to data at different
architectural layers of Internet of Things, possible countermeasures and other in-depth security measures for Internet
of Things. The paper identifies device authentication on IoT network to be of paramount impo rtance in securing IoT
systems. This paper also suggests some essential technologies of security such as encryption for securing IoT
devices and the data shared over IoT network
The Proposed Development of Prototype with Secret Messages Model in Whatsapp ...IJECEIAES
Development of prototype at data security through secret messages is needed for disguising the messages sent in smartphone chatting application, WhatsApp (WA) Chat. We propose a model to disguise a plaintext message which is first encrypted by cryptosystem to change the plaintext message to ciphertext. Plaintext or plainimage entering the smartphone system is changed into encrypted text; receiver then can read the message by using similar key with the sender. The weakness of this proposal is the message random system is not planted directly in the chatting application; therefore message removing process from cryptosystem to WA application is still needed. The strength of using this model is the messages sent will not be easily re-encrypted by hacker and can be used at client computing section.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
In this paper the signature of a person is taken as input which is encrypted using
hierarchical visual cryptography. By using HVC the input signature will be divided into four shares.
From that any three are taken to generate key share. Another fragmentation should handover to the
authenticated server. The authenticated server should maintain the generated key and fourth
fragmentation. Only the authorized user can be accessed. If the receiver identifies the fourth
fragmentation and decrypt they got message by using HVC. It is insecure process because anybody
can hack the decrypted message easily. For the secure process the authenticated server generate a
password while transferring a message. The authenticated person can only able to got that message.
The authenticated server checks whether the person should be authorized user or not, while starting
their conversation. It provides more security and challenged for the hackers.
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...ijcisjournal
Securing data storage using biometrics is the current trend. Different physiological as well as behavioral biometrics like face, fingerprint, iris, Gait, voice etc.. is used in providing security to the data. The proposed work explains about the biometric encryption technology which will securely generate a digital key using two biometric modalities. Iris is encrypted using Fingerprint ID of 32-bit as the key in this work.
For encryption Blowfish algorithm is used and the encrypted template is stored in the database and one is given to the user. During the authentication time user input the template and the fingerprint. This template is then decrypted and verified with the original template taken from the database to check whether the user is genuine or an imposter. Hamming distance is used to measure the matching of the templates. CASIA Iris
database is used for experimentation and fingerprint images read through the R303 - fingerprint reader.
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
Cost effective authentic and anonymous data sharing with forward security
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
SECURITY ANALYSIS ON PASSWORD AUTHENTICATION SYSTEM OF WEB PORTALcscpconf
Portal site is not only providing search engine and e-mail service but also various services including blog, news, shopping, and others. The fact that average number of daily login for Korean portal site Naver is reaching 300 million suggests that many people are using portal sites. One of the most famous social network service, Facebook subscribers to reach 1.2 billion 30 million people at the time of the February 2014. With the increase in number of users
followed by the diversity in types of services provided by portal sites and SNS, the attack is also increasing. Therefore, the objective of this study lies in analysing whole procedure of password authentication system of portal sites, SNS and analysing the security threat that may occur accordingly. Also, the security requirement corresponding to analysed security threat was extracted and the analysis on implementation of security requirements by portal sites and SNS
was conducted.
Privacy - Preserving Reputation with Content Protecting Location Based Queriesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Architectural Layers of Internet of Things: Analysis of Security Threats and ...Scientific Review SR
A pervasive network architecture that interconnect heterogeneous objects, devices, technologies and services called
Internet of Things has prompted a drastic change in demand of smart devices which in turn has increased the rate of
data exchange. These smart devices are built with numerous sensors which collect information from other interacting
devices, process it and send it to remote locations for storage or further processing. Although this mechanism of data
processing and sharing has contributed immensely to the information world, it has recently posed high security risk
on privacy and data confidentiality. This paper therefore analyses different security threats to data at different
architectural layers of Internet of Things, possible countermeasures and other in-depth security measures for Internet
of Things. The paper identifies device authentication on IoT network to be of paramount impo rtance in securing IoT
systems. This paper also suggests some essential technologies of security such as encryption for securing IoT
devices and the data shared over IoT network
The Proposed Development of Prototype with Secret Messages Model in Whatsapp ...IJECEIAES
Development of prototype at data security through secret messages is needed for disguising the messages sent in smartphone chatting application, WhatsApp (WA) Chat. We propose a model to disguise a plaintext message which is first encrypted by cryptosystem to change the plaintext message to ciphertext. Plaintext or plainimage entering the smartphone system is changed into encrypted text; receiver then can read the message by using similar key with the sender. The weakness of this proposal is the message random system is not planted directly in the chatting application; therefore message removing process from cryptosystem to WA application is still needed. The strength of using this model is the messages sent will not be easily re-encrypted by hacker and can be used at client computing section.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
1. Original Post by Catherine JohnsonCryptographic MethodsCSantosConleyha
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
1. Original Post by Catherine JohnsonCryptographic MethodsCAbbyWhyte974
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...ijait
Advancements in technology have created the possibility of greater assurance of proper travel document ownership, but some concerns regarding security and effectiveness remain unaddressed. Electronic passports have known a wide and fast deployment all around the world since the International Civil
Aviation Organization the world has adopted standards whereby passports can store biometric identifiers. The use of biometrics for identification has the potential to make the lives easier, and the world people live in a safer place. The purpose of biometric passports is to prevent the illegal entry of traveler into a specific
country and limit the use of counterfeit documents by more accurate identification of an individual. This paper analyses the face, fingerprint, palmprint and iris biometric e-passport design. This papers focus on privacy and personal security of bearers of e-passports, the actual security benefit countries obtained by
the introduction of e-passports using face, fingerprint, palmprint and iris recognition systems. Researcher analyzed its main cryptographic features; the face fingerprint, palmprint and iris biometrics currently used with e-passports and considered the surrounding procedures. Researcher focused on vulnerabilities since anyone willing to bypass the system would choose the same approach. On the contrary, solely relying on them may pose a risk that did not exist with previous passports and border controls. The paper also provides a security analysis of the e-passport using face fingerprint, palmprint and iris biometric that are intended to provide improved security in protecting biometric information of the e-passport bearer.
I want you to Read intensively papers and give me a summary for ever.pdfamitkhanna2070
I want you to Read intensively papers and give me a summary for every paper and the linghth for
each paper is 2 pages or more. In the summary, you need to provide some of your own ideas.
Research Interests: Privacy-Aware Computing,Wireless and Mobile Security,Fog
Computing,Mobile Health and Safety, Cognitive Radio Networking,Algorithm Design and
Analysis.
You should select papers from the following conferences:
IEEE INFOCOM, IEEE Symposium on security and privacy, ACM CCS, USENIX Security.
Solution
PRIVACY AWARE COMPUTING
Introduction
With the increasing public concerns of security and personal data privacy worldwide, security
and privacy become an important research area. This research area is very broad and covers
many application domains.
The security and privacy aware computing research group actually focuses on
(1) privacy-preserved computing,
(2) Video surveillance, and
(3) secure biometric system.
Now let us briefly discuss the above three groups.
Privacy-preserved Computing
Concerns on the data privacy have been increasing worldwide. For example, Apple was
reportedly fined by South Korea’s telecommunications regulator for allegedly collecting and
storing private location data of iPhone users. The privacy concerns raised by both end-users and
government authorities have been hindering the deployment of many valuable IT services, such
as data mining and analysis, data outsourcing, and mobile location-aware computing.
soo, in response to the growing necessity of protecting data privacy, our research group has been
focusing on developing innovative solutions towards information services --- to support these
services while preserving users’ personal privacy.
Video Surveillance
With the growing installation of surveillance video cameras in both private and public areas, the
closed-circuit TV (CCTV) has been evolved from a single camera system to a multiple camera
system; and has recently been extended to a large-scale network of cameras.
One of the objectives of a camera network is to monitor and understand security issues in the
area under surveillance. While the camera network hardware is generally well-designed and
roundly installed, the development of intelligent video analysis software lags far behind. As
such, our group has been focusing on developing video surveillance algorithms such as face
tracking, person re-identification, human action recognition.
Our goal is to develop an intelligent video surveillance system.
Secure Biometric System
With the growing use of biometrics, there is a rising concern about the security and privacy of
the biometric data. Recent studies show that simple attacks on a biometric system, such as hill
climbing, are able to recover the raw biometric data from stolen biometric template. Moreover,
the attacker may be able to make use of the stolen face template to access the system or cross-
match across databases. Our group has been working on face template protection, multimodality
template protection, and .
Information security is concerned with the
assurance of confidentially, integrity and availability of
information in all forms. This is the ancient Greek word:
bios = “life” and metron = “measure.” In the present day
world, online shopping using WAP enabled mobile phone
has widely come into use. Credit cards serve as the currency
during e-business and e-Shopping. As the Hacking or
Spoofing or the Misuse of the credit card is continuously
increasing even you are using a secure network. Also, some
Spam software is sent to your system or device through the
internet that helps spammers to get the
desires relevant information about your credit card and
financial data. To solve these problems or get out of these
insecurities the Bio-metric System that provides the secure
E-transaction by improving the prevention of data spoofing.
So in this paper, we have proposed a multi-biometric model
(integrating voice, fingerprint and facial scanning) that can
be embedded in a mobile phone, this making e-transactions
more secure.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Connector Corner: Automate dynamic content and events by pushing a button
Information Leakage Prevention Using Public Key Encryption System and Fingerprint Augmented with Apriori Algorithm
1. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 90
Information Leakage Prevention Using Public Key Encryption
System and Fingerprint Augmented with Apriori Algorithm
Mudasiru Hammed tundemuhammedy2k@yahoo.com
Department of Computer Science
The Federal Polytechnic, Ilaro
Ogun State, Nigeria
Jumoke Soyemi jumoke.soyemi@federalpolyilaro.edu.ng
Department of Computer Science
The Federal Polytechnic, Ilaro
Ogun State, Nigeria
Abstract
The increase in the use of the internet around the world provided easier way of communication
and information sharing that has led to the huge challenge of data leakage on the network. In an
academic environment such as higher institutions of learning, the need to ensure that access to
data and sensitive information are given to authorized users become imperative. However, this is
not always the case as security bridges are often experienced. This study proposed a RSA public
key encryption system and biometric fingerprint augmented with Apriori algorithm to prevent
information leakages. The fingerprint verifies the identity of the owner of incoming message and
the Apriori algorithm is used as the detection system instead of biometric that requires additional
hardware for detecting fingerprint. This study developed a system based on the proposed
algorithm. The developed system was tested on Federal Polytechnic, Ilaro local area network
achieving a high level of security that prevents interception of valuable data by intruders or
eavesdroppers. The system developed RSA public key encryption and fingerprint augmented with
Apriori algorithm thus provided the required security mechanism that prevents information
leakage in a public environment.
Keywords: Information, RSA Public Encryption Algorithms, Biometric Fingerprint, Apriori
Algorithm.
1. INTRODUCTION
The increase in the use of the internet all over the world made internet-based services very
popular thus making the sharing of information and communication much easier. This drastic rise
in the use of network-based systems has rendered cyber security systems outdated because
there is a rise in the activities of hackers and attackers using sophisticated methods such as
phishing and spoofing. Therefore, the need to ascertain that authorized users and clients are the
only one with access to both secure and sensitive information. The availability of tools such as
the web tool, make credentials stealing and system cracking easier to achieve [1]. Data leakage
is a frequent occurrence when dealing with confidential information detailing customer data, bank
details, source code, design specifications and examination question paper. When such
information leaks, the party concerned becomes insecure. Sharing data required an efficient
asymmetric key encryption algorithm for preventing unauthorized user to gain access to vital
information [2]. A number of research works in this area of study have been done to provide
security in communication and sharing of data over network. These includes studies [3,4,5].
Tracing out data leakage among system users could prove very difficult for system administrator
thus creating ethical issues in the working environment. Therefore, preventing information
leakage is immensely advantageous than information leak detection.
2. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 91
This study proposed RSA public key encryption scheme that is more suitable for providing a
security mechanism for tampering activities in exchanging information over the network and also
incorporated fingerprint techniques augmented wih Apriori algorithm. This algorithm verifies the
identity of an incoming message and the identity of the user sending the message which could be
a panacea for spoofing attack. Apriori algorithm is a detection system that is embedded into
administrator’s server to verify the user generated fingerprints against fingerprints and details
information obtained from the user during the registration.
2. LITERATURE REVIEW
There are various approaches for preventing sensitive data from unauthorized parties either to
disclose or to modify communication between two parties. Among these approaches are
cryptography, steganography, biometric, digital watermarking, digital signature and others.
Cryptography and biometric however, are good at addressing threats, such as; information
disclosure, tampering and spoofing. They form the foundation for all other aspects of information
security.
2.1 Cryptography
Cryptographic schemes are grouped into symmetric (private key) cryptography and asymmetric
cryptography [6]. In private encryption scheme, encryption must be equal to decryption key
( e d ). However, malicious third party could work their way into intercepting the messages and
gain access to sensitive information. Some could disclose or modify the information. Also
eavesdropper are likely to be able to figure out the "secret key” except the secret key is securely
exchanged [7]. It is obvious that RSA public key encryption technique is widely used because
according to [8], there is a pair of keys, one which is known as the public key for the encryption of
the plaintext that is meant to be sent and the other key known as private key. This private key is
sent to the receiver for the purpose of message decryption.
2.2 Biometric
The biometric authentication works by scanning the user’s characteristics such as finger print and
eye retina and store information in the database in form of strings. Authentication of a user is
achieved by matching the scanned data with that of the database with access granted based on
the detection of commonalities [9]. However, Biometric authentication is good when limited
applications are involved. Apart from the fact that the system slows down with large number of
users, it also requires further hardware to detect the fingerprints and eye retinas. Fingerprints,
however, can be spoofed simply by using common materials such as gelatin, silicone, and wood
glue [10].
2.3 Apriori Algorithm
Apriori algorithm is the association analysis used to discover what is commonly called association
rules. The algorithm looks at the possibilities of having items that are associated together in the
transactional databases, with the support threshold and then identifies the recurrent item sets.
The confidence threshold on the other hand uses restrictive probability that an item appear
together in a transaction when another item appears, to locate association rules. This algorithm
can be a potential strategy for detecting fake fingerprint without any additional hardware.
2.4 Related Work
Many research work proposed RSA public key encryption system for different purposes such as
e-voting system, agent technology, electronic commerce and other sensitive data that needed to
be prevented from unauthorized parties. Hybrid RSA Encryption Algorithm for Cloud Security was
proposed by [4]. The study discovered that data decryption with hybrid RSA encryption algorithm
is difficult to achieve when data transfer in the cloud system is applied. However, this hybrid
encryption cannot ensure data transmission through secured protocol and it cannot also verify
who the user is.
3. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 92
Study [2] proposed information leakage detection system using fingerprint data. This method
generated fingerprint and token ID that are available in the database. The idea is to eliminate
types of phrases from the fingerprinting process. Types of phrases are identified by looking at
available public documents of the organization that is to be protected from information leakage
and different phrases are identified with the help of databases. This process is only used for text
file and if the text file contains some unicode characters in such cases, this process cannot give
correct result.
In study [11], data encryption and decryption with RSA algorithm in a network environment was
proposed. The algorithm allowed message senders to generate public keys to encrypt messages
and the receivers’ generated private keys using secured databases. An incorrect private key was
able to decrypt the encrypted message but to a form that is different from the original message.
An eavesdropper that breaks into the message will return a meaningless message despite the
fact that the system cannot verify who the user is.
Study [12], developed an electronic voting system that used fingerprint technique. This technique
took account of fake human thumb impression and separated out the authentic minutiae regions.
The regions were subsequently extracted and used not only as user access control identity to the
system but also to vote in the electoral process. The system developed was able to nullify
multiple vote casting and provided election results collation process that is more accurate and
secured authentication mechanism for voters. However, the cost of providing the special
hardware device to implement biometrics enrolment and authentication was not considered. The
possibility of providing the sensor with fake physical biometric could prove a security threat to the
system.
Study [13] presented an online voting system using steganography and biometrics. The voters
used their fingerprint which has been pre-enrolled to access the voting machine. The usage of
anatomical traits rather than behavioral attributes further created more secured and acceptable
voters registration system, because the fingerprint is unique, distinct, universal, and not easily
damaged for every individual. Additional hardware is required to detect fingerprints. Fingerprints,
in particular, can be easily spoofed from common materials.
In our study, the combination of RSA public encryption system and biometric fingerprint
augmented with Apriori algorithm to prevent information leakages is proposed. This system
ensures secured data transmission and also verifies who the user is and provides better way of
securing data and information.
3. MATERIALS AND METHODS
This study focused on three processes which include: RSA key generation process, Encryption
process, Validation and Decryption process.
3.1 RSA Key Generation Process
The use of encryption key requires every individual user to register with details information such
as Name, Sex. Occupation, Level, Department, Marital status, E-mail, Phone number and their
Fingerprint. The server stores the information and generate encryption key for the user in order to
maintain user’s account in the database. Figure 1 shows the encryption key generation process
and Algorithm 1 shows RSA key generation described in [15] for the administrator to generate
both public key and private key. The encryption key is made known to all users while the
decryption key is kept secret to only administrator to decrypt any message sent by the users.
Algorithm 1: RSA Key Generation [14]
Administrator creates two different large and appropriately random primes, Ap and Aq which are
kept secret.
4. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 93
Administrator calculates A A Am p q . The number known as the modulo is made public
Administrator selects randomly some Ae , with 1 ( 1)( 1)A A Ae p q , making gcd( ,( 1)( 1)) 1A A Ae p q .
This number Ae is known as the encryption key which is made available to the user.
Administrator calculates the inverse, 1
A Ad e
modulo Am , of Ae . This number is kept secret. The
pair ( , )A Ad m is Administrator’s private key and Ad is called the decryption key. The private key
will be used to decrypt any message received by the administrator. Administrator publishes the
pair ( , )A Ae m as his public key
FIGURE 1: Encryption Key Generation Process.
3.2 RSA Encryption Process
For a user to send any sensitive information or document on the network, it has to be encrypted
with the generated public key and fingerprint which verifies the identity of individual users. Once
the information is encrypted, even the user can no longer decrypt the encrypted copy because
there would not be private key to decrypt it. Algorithm 2 depicts the encryption algorithm.
Algorithm 2: Encryption Algorithm
Step 1: Obtained Administrator’s public key ( , )A Ae m
Step 2: Take plaintext to be a positive integer M, where 0 AM m
Step 3: Calculate the cipher text mode
AC M m
Step 4: Send the cipher text C to Administrator
The user use the algorithm 2 to convert plain text QBASICQUESTIONFORND to cipher text
12%ř@!344!!@#27$*@24579#$$%&*#%
3.3 Validation Process
When an administrator receives the encrypted message like this;
12%ř@!344!!@#27$*@24579#$$%&*#%, the identity of the sender has to be verified with
the aid of Apriori algorithm by matching the sender fingerprint with the fingerprint already stored
during the registration. The fingerprint extractor uses minutiae points and wrinkles features, any
Start
Input information
details such as
name, sex,
occupation and
fingerprint etc.
Store the details information
and generate the encryption
key
Stop
5. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 94
extracted feature information is a template. This template is always comparing with newly
presented extracted feature information using apriori algorithm. If commonality is not achieved,
the system will automatically give error, but if commonality is achieved, the system will display
user’s information. Apriori also compares the template to all enrolled users to ensure that there is
no similar template. If any similar template is found then the system will automatically give error
and such user will never be activated. The algorithm 3 is Apriori algorithm described in [16].
Algorithm 3
Assuming the user’s generated fingerprint is taken as X and the fingerprint obtained during the
registration is Y. It means X and Y are conjunctions of attribute value-pairs, and s (for support) is
the probability that X and Y appear together in a database and c (for confidence) is the
conditional probability that X appears in a database when Y is present. The association rule X→Y
is interpreted as data set that satisfies the conditions in X and also likely to satisfy the conditions
in Y. This can be written as follows:
( )s X Y for support rule to make decision when finding relationship between two
fingerprints
( )c X Y for confidence rule to measure the reliability of decision made
FIGURE 2: Architecture for Fingerprint Detection System.
Rule Engine: uses
IF/THEN to find
relationship between
two fingerprints
Inference Engine:
Decision point based
on support strategy
Measure’s
Engine: It
measures the
reliability of
decision based
on confidence
strategy
Fingerprint
Repository
6. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 95
The step 5 of algorithm 3 performs the following operations;
(i) Fingerprint Generation: this operation generates user’s fingerprint and matches it with the
already stored fingerprint.
(ii) Fingerprint pruning: This operation eliminates any fingerprint using the support-based pruning
strategy
The flow flowchart in figure 3 depicts validation process to verify the identity of the incoming
message before it is decrypted.
FIGURE 3: Flowchart of Validation Process.
3.4 RSA Decryption Process
After the identity of the message owner has been verified, the administrator will proceed to extract
plain text Y from cipher text C, that is, 12%ř@!344!!@#27$*@24579#$$%&*#% which will
be converted back to QBASICQUESTIONFORND. Administrator follows steps in algorithm 4 to
know the content of cipher text C.
Algorithm 4
Step 1: Obtained the cipher text C from user
Step 2: Administrator uses his private key ( , )A Ad m to compute modd
AM C m
The two processes (encryption and decryption) allow both sender (administrator) and the
receivers (lecturers) to communicate in a secured manner and the figure 4 depicts system
architecture.
Yes
No
Start
Is commonality
realized between
the fingerprints?
Display the user’s
details & decrypt the
message
Stop
7. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 96
FIGURE 4: System Architecture.
4. RESULT AND DISCUSSION
Prevention of information leakage using public key encryption system and fingerprint augmented
with Apriori algorithm was implemented on Federal polytechnic Ilaro, Ogun state local area
network. PHP was used to design security application program and Jquery and MySQL were also
used to allow communication between user and administrator. All users registered with their detail
information such as name, sex, department, phone number, email address and fingerprint as it is
shown in figure 5.
FIGURE 5: Biometric Fingerprint for Identification.
Server
Client1 Client2 Client3 Client4 Client5
User: registration &
protection of
messages with
encryption key &
fingerprint
Encryption key
Administrator: validation &
Decryption process
Encryption &
Decryption
Keys
8. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 97
FIGURE 5.1: Registration Module.
The encryption key ( Ae ) is given to only successfully registered users as is shown in figure 6
while pair of that key ( Be ) will be kept with the administrator.
FIGURE 6: Generation of Public Key.
Subsequently, the users used the pair of encryption key ( Ae ) to protect sensitive information such
as examination question papers, student results and other sensitive data before it is sent to the
administrator in the server through the network. The encryption process ensures that sensitive
data are delivered privately and makes it so hard for intruders to bypass as it is shown in figure 7.
9. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 98
FIGURE 7: Encryption Process.
The fingerprint used in the study allows the administrator in the server to verify all the received
messages sent to the server to know whether it comes from the right user (registered user). The
Apriori algorithm was implemented to verify the sender’s fingerprint, if the sender is one of the
registered users in the system, it will automatically display the user’s information. After the identity
of the sender has been confirmed, the administrator will use its private key ( Ad ) to decrypt all the
received messages as it shown in figure 8 and 9. But any sent message that its source cannot be
verified (does not come from the registered user) will not be decrypted. The fingerprint
augmented with Apriori algorithm ensured that identity of any message must be verified.
FIGURE 8: Cipher-text Message Received from Administrator.
FIGURE 9: Decryption Messages.
10. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 99
The validity of RSA public encryption system and biometric fingerprint augmented with Apriori
algorithm for preventing information leakages was tested using institutional local area network.
One of the threats tried during testing include but not limited to messages sent by unregistered
users and the messages were neither decrypted nor lost but were all privately delivered. The
developed system achieved high degree of security making it difficult for intruders or
eavesdroppers to intercept valuable data such as examination question and the students’ results.
Public key encryption system and fingerprint augmented with Apriori algorithm improves security
mechanism for preventing information leakage in an open network. Apriori algorithm was used as
a fingerprint detection technique instead of biometric fingerprint techniques that requires
additional hardware to detect fingerprint.
5. CONCLUSION
Public encryption key and Fingerprint augmented with Apriori algorithm used here, guarantees
enough security mechanism for preventing information leakages and unauthorized users. The
students and any unauthorized staff cannot gain access to sensitive information such as
examination question papers and student examination results before formal release of the results.
These two techniques gained a high level of security mechanism for securing information with
high degree of accuracy and reliability. The algorithms employed in the work enhanced the
performance and security aspect of the system. Several studies have used public key encryption
system to secure information and data, but to verify the identity of the message before it is
decrypted has always been a great challenge. This study used biometric fingerprint to verify the
identity of the message before it is decrypted, with the augmented Apriori algorithm overcoming
the biometric fingerprint short comings by removing additional hardware for information analysis
which gets quite slow with increase in population.
FUTURE WORK
The system developed in this study was tested with the Institution’s local area network which is a
closed network. There is need to increase the scalability of the system by developing a system
that works with open network.
6. REFERENCES
[1] H. Dinne, K. Mandava. Two Way Mobile Authentication System. MA Blekinge Institute of
Technology: Karlskrona, Sweden. 2010.
[2] R. Sinha, C. Choudhary. “Information leak detection system using fingerprint of data”,
International Journal on Recent and Innovation Trends in Computing and Communication,
vol. 2, no. 12, pp. 3911-, 2014.
[3] A. Patel, R. Kansara and P. Virpari. “A Novel Architecture for Intrusion Detection in Mobile
Ad hoc Network”. International Journal of Advanced Computer Science and Applications, pp.
68-71.
[4] S. Nandita. “Designing of Hybrid RSA Encryption Algorithm for Cloud Security”. International
Journal of Innovative Research in Computer and Communication Engineering, vol. 3, no. 5,
pp. 4146-4152, 2015.
[5] L. Paul, M.N. Anilkumar. “Authentication for Online Voting Using Steganography and
Biometrics”. International Journal of Advanced Research in Computer Engineering &
Technology, vol. 5, no. 10, pp. 26–32, 2012.
[6] A. Singh, R. Gilhotra. “Data security using private key encryption system based on
arithmetic coding”. International Journal of Network Security & Its Applications (IJNSA), vol.
3, no. 3, pp. 58-67, 2011.
11. Mudasiru Hammed & Jumoke Soyemi
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (3) : 2019 100
[7] S.T. Vuong and P. Fu A security architecture and design for mobile intelligent agent
systems. ACM SIGAPP Applied Computing Review, vol. 9, no. 3, pp. 21-30, 2001.
[8] H.K. Al-Anie, M.A. Alia and A.A. Hnaif. “eVoting Protocol Based on Public-Key
Cryptography”. International Journal of Network Security & Its Applications (IJNSA), vol.
3, no. 4, pp. 87-98, 2011.
[9] H.B. Kekre and V.A. Bharadi. “Using Component Model for Interfacing Biometric Sensors to
Capture Multidimensional Feature”. International Journal of Intelligent Information
Technology Application, vol. 2, no. 6, pp. 279-285, 2009.
[10] A. Wiehe, T. Søndrol, O.K. Olsen and F. Skarderud. Attacking fingerprint sensors. Gjøvik
University College, 2004.
[11] N.Y. Goshwe. “Data encryption and decryption using RSA algorithm in a network
environment”. International Journal of Computer Science and Network Security (IJCSNS),
vol.13, no. 7, pp. 9-20, 2013.
[12] S. Kumar and M. Singh. “Design a secure electronic voting system using fingerprint
technique”. International Journal of Computer Science Issues (IJCSI), vol. 10, no. 4, pp.192-
202, 2013.
[13] N. Malwade, C. Patil, S. Chavan and S.Y. Raut. “Secure Online Voting System Proposed by
Biometrics and Steganography”. International Journal of Emerging Technology and
Advanced Engineering, 2013.
[14] Jean H G. Notes on RSA. University of Pennsylvania Scholarly Commons. 2010, pp. 329-
347.
[15] E.H. Han, G. Karypis and V. Kumar. Min-apriori: An algorithm for finding association rules in
data with continuous attributes. Department of Computer Science and Engineering,
University of Minnesota, Tech. Rep. 1997.