Multibiometric Cryptosystems Based on Feature-Level Fusion

parchedmoosupElectronics - Devices

Nov 29, 2013 (3 years and 8 months ago)

115 views


1


Multibiometric Cryptosystems Based on

Feature
-
Level Fusion


INTRODUCTION



A biometric system is essentially a pattern recognition system that
operates by acquiring biometric data from an individual, extracting a feature
set from the acquired data, and
comparing this feature set against the
template set in the database. Depending on the application context, a
biometric system may operate either in verification mode or identification
mode.

multibiometric systems require

storage of multiple biometric templ
ates
(e.g., fingerprint, iris, and

face) for each user, which results in increased risk to
user privacy

and system security.



In the verification mode, the system validates a person’s identity by
comparing the captured
biometric

data with her own biometri
c template(s)
stored in the system database. In such a system, an individual who desires to
be recognized claims an identity, usually via a personal identification number
(PIN), a user name, or RFID NO,

Identity verification is typically used for
positive

recognition
, where the aim is to prevent

multiple people f
rom using the same
identity.


2




In the identification mode, the system recognizes an individual by
searching the templates of all the users in the database for a match. Therefore,
the system conducts

a one
-
to
-
many comparison to establish an individual’s
identity (or fails if the subject is not enrolled in the system database)

without
the subject having to claim an identity
.


After matching the image, server will range a percentage value. If that
perce
ntage value is above 100 means it will allow transaction directly

and below 100 means server will generate token number and send to the
client.


1.1

Objective


The main objective of my project is to provide secure banking for the
client, by taking fingerprints as authorized identity at ATM banks.


1.2

Scope


Biometric authentication systems are gaining wise
-
spread popularity
in recent years due to the advances in m
atching algorithm that make the
system both secure and cost
-
effective. They are ideally suited for both high
security and remote authentication application due to user convenience. Most
biometric system assume that the template in the system is secure due

to

3


human supervision(e.g. criminal database search) or physical protection(e.g.
mobile locks and door locks).However, a variety of applications of
authentication need to work over partially secure or insecure networks such as
ATM networks or the internet.



Authentication over insecure public networks or with un
-
trusted
servers raises more concerns in privacy and security. The primary concern is
related to the security of the plain biometric templates, which cannot be
replaced, once they compromised. Wides
pread use of biometric authentication
also raises concerns of tracking a person, as every activity that requires
authentication can be uniquely assigned to an individual.

3.1. SYSTEM ANALYSIS

3.1.1. Problem Definition


The problem is to design biometric fe
atures for authentication. The
finger print verification is to be performed by using Fuzzy concept and the
secret token number is generated by SHA
-
256(secure hash algorithm)

3.1.2. Existing System


Remote authentication is the most commonly used method to
determine the identity of a remote client. In general, there are three
authentication factors:



4


1. Something the client knows: password.

2. Something the client has: smart card.

3. Something the cl
ient is: biometric characteristics

(e.g., fingerprint, voiceprint, and iris scan).


Most early authentication mechanisms are solely based on password.
While such protocols are relatively easy to implement, passwords have many
vulnerabilities.
detailed

analysis

of the trade
-
off between matching accuracy
and security in the

proposed multibiometric cryptosystems based on two
different

databases (one real and one virtual multimodal database), each

containing the three most popular biometric modalities, nam
ely,

fingerprint,
iris, and face.
By exploiting these vulnerabilities, simple dictionary attacks can
crack passwords in a short time Due to these concerns, hardware
authentication tokens are introduced to strengthen the security in user
authentication, and
smart
-
card
-
based password authentication has become
one of the most common authentication mechanisms. While it provides
stronger security guarantees than password authentication, it could also fail if
both authentication factors are compromised.


Another a
uthentication mechanism is biometric authentication,
where users are identified by their measurable human characteristics, such as
fingerprint, voiceprint, and iris scan. Biometric characteristics are believed to
be a reliable authentication factor since t
hey provide a potential source of high
-

5


entropy information and cannot be easily lost or forgotten. Some biometric
characteristics (e.g., fingerprint) can be easily obtained without the awareness
of the owner. This motivates the three
-
factor authentication,

which
incorporates the advantages of the authentication based on password, smart
card, and biometrics.


3.1.3. Proposed System


In Our Proposed System of Implementation, We consider Three
Factor Authentication using the following,



RFID



PIN Number



Biomet
rics (Finger Print).


Every User is provided with RFID Card for the initial Authentication
Scheme, then the user will be giving the PIN number is provided during the
Registration Period itself.


Then the user is permitted to give his / her Finger Print to
the main
server. If the Finger Print is exactly matched, the user is allowed for the
transactions. If the Finger Print is doubtful and not exactly matched with the
registered Finger Print image then Server sends One Time Password as SMS
Alert to the User’s

Mobile Number. This One Time Password which is generated

6


as SMS is given by the User to the main server for authentication. In the normal
three factor Authentication Scheme, we use following Authentication
Procedures



User PIN number along with Keypad ID



R
FID Tag



Finger Print Image


In the case of Fuzzy Concept, where the Finger Print is not matched
but matched to the maximum extent, and the server has suspicion, then the
following procedure is followed,



User PIN number along with Keypad ID



RFID reader



Finger Print Image



One Time Password (OTP) Generation to the user’s Mobile Number



OTP given by the user to the server.


All those are used together for authentication. For Finger print Fuzzy
Logic is applied for Exact Mapping and Proper Authentication.







7