Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. Introduction
decryption key are same or one can be copied from the other otherwise refuses access. However the performance of a
then it is said to be symmetric cryptography. pattern detection system in general is dependent relative on
several factors such as the quality of input and enrols data
There is a drawback in symmetric cryptography. That is the along with the basic characteristics of the underlying
sender must send the same key to the receiver through algorithm. This is typically reflected in a graded overall
another secured channel. The attacker can capture it and he match “score” between the submitted biometric and a stored
could find the original secret key. This type of cryptography reference. In a biometrics-based system, they can purposely
system can be easily broken if the key used to encryption or set a threshold on the score to directly control the false
decryption is known. acceptance and false rejection rates. Inverting this, given a
good matching score the system can guarantee that the
To overcome the drawback present in the symmetric probability of signals coming from a genuine person is
cryptography we moved towards Public Key Cryptography significantly high. Such a calibrated confidence measure can
system that was found in 1976 by Whitfield Diffie and be used to tackle non-repudiation support – something that
Martin Hellman of Stanford University [22]. It uses a set of passwords cannot provide [8].
associated keys one for encryption and another one for
decryption. One key, which is known as the private key, is 3. RSA Algorithm
kept top secret by the user and another one key is public key
that is distributed to all other users. The Rivest, Shamir, Adelman (RSA) scheme is a block
cipher asymmetric cryptosystem, in which the Plaintext and
2. Security of Biometrics ciphertext are integers between 0 and n-1 for some n. A
typical size for n is 1024 bits or 309 decimal digits. In RSA
Regular biometrics can help to reduce the problems related system all the users must generate their private key
with the existing methods of user verification. The hackers KR={d,n} and kept it in secret and store their public key
will find the weak points in the existing system and attack KU={e,n} in Key Distribution Centre(KDC). The sender
the existing system accordingly. Unlike key systems, which receives the receiver’s public key from the KDC and
are able to find the message using brute-force attack, encrypts the message using the receiver’s public key. The
biometric based systems are difficult to crack. The biometric receiver uses his private key to decrypt the coded message.
systems need considerably more attempts to breakthrough. The private key is known only to the receiver himself.
Although standard encryption techniques are helpful in
many ways to avoid breach of security, there are some new 3.1 Finger Prints
types of attacks are possible. If biometric system is used as a The finger printing biometrics is an automatic digital
supervised verification tool, there may not be problems, but version of the old ink-and-paper method used for more than
in a distant unattended application, such as web oriented, e- a century for recognition, mainly by law enforcement
commerce applications, hackers may have sufficient time to agencies. Some samples of fingerprint images are shown in
make frequent attempts before being noticed or may even be the Figure.2. The Biometric device involves users placing
able to actually break the remote client [8]. their finger on a platen for the print to be read. The minutiae
are then extracted by the vendor’s algorithm, which also
2.1 Comparison to Password makes a fingerprint pattern analysis. Fingerprint template
Real benefits of biometric systems are that they are much sizes are typically 50 to 1,000 bytes.
longer in size than a password or phrase key. They vary
from hundred bytes to over a megabyte. Usually the message The Fingerprint biometrics currently has three main
content of such signals is relatively high. It is almost not application areas: Large-scale Automated Finger Imaging
possible to keep in mind a 2K password and it would take an Systems (AFIS) generally used for law enforcement
tediously long time to type in such a password anyhow purposes, fraud prevention in entitlement programs, and
(particularly with no errors). Fortunately, automated physical and computer access.
biometrics can offer the security advantages of long
passwords while still retaining the speed and simplicity of
short passwords. Still, in general smaller amount of them are
typically covered, such as dissimilarity is that there is no
“fake password” input detector equivalent to the fake
biometric.(although perhaps if the password was in some
standard dictionary it could be deemed “fake”). Additionally,
in a password or token based verification system no effort is
made to prevent replay attacks (since there is no difference
of the “signal” from one presentation to another). However,
in an automated biometric-based verification system, one can Figure 2. Sample Fingerprints
go to the extent of checking liveliness of the input signal.
3.2 Characteristics of Biometrics
Another significant difference concerns the matching Table.1 compares the seven mainstream biometrics in terms
subsystems. A password based method always provides a of a lot of properties, ranging from how robust and distinct
crispy result. If the password matches, it grants access and
92 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 4, April 2010
[10] they are to what they can be used for (i.e., identification changes or damages and distinctive because they are
or verification or verification alone). This table is an effort to randomly formed. At last dynamic signature verification and
lend a hand to reader in categorizing biometrics along keystroke dynamics are not robust or distinctive.
important dimensions. Because this industry is still
functioning to establish comprehensive standards and the 4. Problem Statement
technology is varying rapidly, however, it is difficult to make
assessments with which everyone would agree. The table Even though the RSA algorithm uses the finger printing
shows an assessment based on consideration with biometrics system to generate the public key and private key
technologists, vendors, and program managers. The table is generation there are some problems in that approach.
not proposed to be an aid to those in the market for
biometrics; rather it is a guide for the unskilled. They are:
1. Brute-force attack: The maximum size of the public key
and private key obtained by RSA algorithm is 155
Table.1 Comparison of Mainstream Biometrics digits. It can be captured by a brute force attacker using
thousands of machines and it requires three month of
Identify computation. {Ref: Journal of Telecommunications and
Biometric versus Robust Distincti Intrusive Information Technology. Volume 4/2002. Pages 08-
Verify ve
09}.
2. Increased key storage requirement: RSA key storage
Fingerprint Either Medium High Touching (private keys and public key) requires significant
amounts of memory. So, we have to store the public
Hand Verify Medium Low Touching key and private key in any equipment or in brain.{Ref:
Journal of Telecommunications and Information
Technology. Volume 4/2002. Pages 41-56}.
Facial Either Medium Medium 12+ 3. No Dynamic key generation: There is no dynamic key
inches generation in RSA algorithm. Therefore the user must
keep secretly his private key. There is a chance to lose
Voice Verify Medium Low Remote or stolen, forgotten the private key of the RSA
algorithm, hence he may lose the data.
Iris Scan Either High High 12+
inches 5. Proposed Scheme
Retinal Either High High 1–2 The architecture of the proposed scheme is shown in
inches Figure.3. The client generates the public key and sends to
the KDC. On document send process it retrieve the
Keystroke Verify Low Low Touching receiver’s public key from KDC and encode the data with
Dynamics aid of generated public key. Then it sends the encoded data
to the receiver. While viewing the document it dynamically
generates the private key which is used to decode the
When comparing ways of using biometrics, half can be used
encoded data.
for both the identification and verification, and the
remaining can only be used for authentication. In specific,
The proposed digital signature algorithm is a version of the
hand geometry has only been used for confirmation
RSA algorithm that overcomes the problems in the RSA
applications, such as physical access control and time and
system. A brute force attacker can able to hack the private
attendance verification. Adding to this, voice detection
key by using every possible combination of the key (i.e.
because of the need for staffing and matching using a pass-
Numeric key). In our system, we use alpha numeric
phrase, is used for verification only.
(combination of alphabets and numeric) keys, hence the
attacker can not able to obtained the key values easily.
There is considerable changeability in terms of robustness
and individuality. Fingerprinting is sort of robust, and, even
The second problem in the existing RSA algorithm is key
though it is distinctive, a small proportion of the population
storage requirement. In our proposed system we generate the
has unusable prints, always because of age, genetics, injury,
private key dynamically. Hence there is no need for key
career, spotlight to chemicals, or other occupational hazards.
storage requirement. The third problem in the existing
Hand/finger geometry is moderate on the distinctiveness
system is no dynamic key generation. Normally, by using
scale, but it is not very robust, while facial recognition is
RSA algorithm they have to generate their public key and
either highly robust or distinctive.
private key. Then they have to send the public key to the key
distribution centre and keep their private keys secretly with
In voice recognition, assuming the voice and not the
themselves.
pronunciation is being measured; this biometric is
moderately robust and distinctive. Iris scans are both highly
In our proposed algorithm we generate the public key using
robust because they are not highly vulnerable to routine
the finger print and send that public key to the key
(IJCNS) International Journal of Computer and Network Security, 93
Vol. 2, No. 4, April 2010
distribution centre. While encrypting the data the sender get application is divided into four modules. They are the Key
the public key of the receiver from the key distribution centre generation module, the sender module, the receiver module
and encrypt the data with that public key. and the document view module. The key generation module
generates the key from the finger print data. The sender
To decrypt the ciphertext the receiver requires his private module is used to encode and send the document. The
key. At that time of decryption only the receiver will be able receiver module receives the decoded documents that are
to know his private key. This process is called ‘Dynamic sent by the other clients. The document view module
private key generation’. maintains received documents after the decoding process the
Key Update user can view the document.
Client
Pub Key 6.3 Key Generation Module
Generation
The key generation process is shown in Figure.4. This
module is to generate the public key by using the finger print
Document data. The input data is given as an image to the system. This
Send Key KDC
Retrieval value is to create the key base value that is used to generate
the public key value.
Encode Send
Capture the finger print data
Document
View Decode
Private Key
Generation
Dot matrix Conversion
Display
The system is tested before the implementation process. The designed with GUI support. The application is designed to
system is tested with different testing methods. They are unit run under any platform. The finger print values are
test, integration test, system test, validation test and stress retrieved from image files. The image file data are extracted
test. The system is tested with different network and and converted into pixel matrix. Using the classes such as
platform environments. The system uses the image scanner Image, MediaTracker and PixelGrabber in Java the system
to capture finger print image data. The system is tested in does these processing. The Image class is used to convert an
the Intranet environment. In this system each and every image into an object. The Media Tracker and the Pixel
modules is tested separately for the unit test. For example Grabber classes are used to support the data extraction and
the RSA algorithms processes key generation, encode and pixel conversion process. These classes are available in the
decode operations are tested with the corresponding java.awt package.
modules.
Java provides a separate package JCE for the cryptography
The Client application and the Key distribution applications process. But the JCE requires the Service Providers for the
are tested separately. The integration test is performed after implementation. In Java cryptography can be implemented
all the modules are connected with the main menu. The in two ways. They are using the JCE with service providers
entire system is tested with all the operations by using a set and the other one write the code for the cryptographic
of finger print values. The stress test is conducted to test the algorithms. In this work the second method is applied. The
load management strength of the client application and the RSA algorithm is implemented by using the java.math
key distribution centre application. Connecting multiple package support. RSA requires high bit length data type
clients with the KDC tests the key distribution centre stress. support. Java provides a class Big Integer to process values
In the client application sending a large file to the other in 128 bits. All RSA key generation, encoding and decoding
client tests the strength. The validation test is performed for operations are done by using the Big Integer class.
all input values. The finger print image availability is
checked before the key base generation process. The file process and the data transmission process are
implemented with the support of java.io and java.net
The system is developed to distribute document with security package. All the files are processed using the byte stream
using the biometrics. The system is tested and the results are classes. The data transmission tasks are done using the
very good. The implementation of the system is conducted TCP/IP support classes in the java.net package. The key
as direct change over mechanism. The new system is directly distribution centre application is designed using the UDP.
installed and activated into the action for usage. The system The client application transfers the files using the Server
can be implemented in any network environment. The Socket and Socket classes. Data gram Socket and Data gram
system supports all type of file transfer operations. The Packet classes are used in KDC process.
system has developed as two applications the key
distribution centre and the client application. The key 8. Conclusion
distribution centre application is loaded into a separate
machine. The client application can be loaded into all other The System is developed to provide security for the file
client machines. transfer process in distributed environment. Document
transmission between the systems that are in the distributed
All the client application should be configured for the key environment is a usual task. The same environment is also
distribution centre IP address for the key updating and shared by a lot of members. So the system should ensure the
request process. The system now designed to get the security of the documents that are transferred. Different
fingerprints images from the image file. So the system must cryptographic techniques are used to secure the data. In the
be connected with an image scanner. The system can also be recent days, biometrics is used to recognize the users. This
connected with the fingerprint image scanner devices. The work combines the biometrics and cryptography to provide
client application and the key distribution applications can the security for the document transmission process in the
be continuously executed to maintain the connection and distributed environment. Generally passwords and smart
message receive process. All the messages are directly cards are used for the security systems.
received by the client applications. The system requires a
lesser amount of hard disk space to store the received and The system uses the biometrics technology as the security-
decoded documents. The key distribution centre should be providing medium. This system uses the fingerprints for the
connected with all the client applications. The system can be security system. Password can be hacked by trial and error
run with one or more network environments. basis. But it is not possible to break the biometrics based
security system. The system is developed as two applications.
7.1 Software Selection They are the key distribution centre application and the
Using Java language under windows platform develops the client application. The KDC supplies the public key values
simulation tool. Java supports multiple platforms, GUI to the required clients. The client application is designed to
design and network operations. Using the Java language handle all the data transfer and security operations.
develops the system. Image processing, cryptographic
operations, network transmissions and file processing are the The system uses a designed key base generation algorithm
major are in the system. Java provides a variety of packages and RSA algorithm. The system is tested with various
and classes to support all these tasks. The user interface is samples and clients. The performance of the system is very
(IJCNS) International Journal of Computer and Network Security, 95
Vol. 2, No. 4, April 2010
good. The system is tested with different type of file formats. [16] www.research.ibm.com/ecvg/pubs/sharat-
The result shows that the system supports all types of file proc.pdfM. Wegmuller, J. P. von der Weid, P.
format. The system stores and distributes the public key Oberson, and N. Gisin, “High resolution fiber
values for all clients in the key distribution centre. The distributed measurements with coherent OFDR,” in
system does not require any key storage process for the Proc. ECOC’00, 2000, paper 11.3.4, p. 109.
secret key. In this work using the fingerprint values, the [17] R. E. Sorace, V. S. Reinhardt, and S. A. Vaughn,
system can generate both the public key and private key. “High-speed digital-to-RF converter,” U.S. Patent 5
Damages that occurred in the finger print may impact the 668 842, Sept. 16, 1997.
recovery of the documents. [18] The IEEE website. (2002) [Online]. Available:
http://www.ieee.org/
In future the system can be implemented for all type of [19] M. Shell. (2002) IEEE Transaction homepage on
authentication process such as capillary patterns in the CTAN. [Online]. Available:
retina, hand geometry, facial characteristics, signature http://www.ctan.org/tex-
dynamics, voice pattern, and timing of keystrokes. Data archive/macros/latex/contrib/supported/IEEEtran/
compression technique can be used to reduce the content [20] W.Diffie and M.Hellman.” New Directions in
size, process time and transmission time. In future the Cryptography”. IEEE Transaction on Information
system will include noise detection and filtering facility for Theory.IT-22(1978).472-492.
the input process.