IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158 … 4.pdfIJESR/April 2012/...
Transcript of IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158 … 4.pdfIJESR/April 2012/...
*Corresponding Author www.ijesr.org 158
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
International Journal of Engineering & Science Research
SECURITY EVALUATION OF FINGERPRINT BASED AUTHENTICATION
SYSTEMS
D.Venkatesh*1, S. Balaji2, A. S .N Chakravarthy2 1Research Scholar, Dept. of Electronics & Computer Engineering, K.L. University, A.P, India.
2Professor, Dept. of Electronics & Computer Engineering, K.L. University, A.P, India.
ABSTRACT
“Fingerprint authentication” is widely used in various authetication applications. It is because
that fingerprints can achieve the best balance among authentication performance, cost, size of
device and ease of use. With identity fraud in our society reaching unprecedented proportions
and with an increasing emphasis on the emerging automatic personal identification applications,
biometrics-based verification, especially fingerprint-based identification.
There are two major shortcomings of the traditional approaches to fingerprint
representation.Considerable fraction of population, the representations based on explicit
detection of complete ridge structures in the fingerprint are difficult to extract automatically.The
widely used minutiae based representation does not utilize a significant component of the rich
discriminatory information available in the fingerprints.
In this project we are providing authentication using fingerprints of the persons. Here there is
two cases test and train. In train case we register the finger print of persons to whom we wish to
give authorization .So after register the persons into the data base of the fingerprints .These are
changed into templates of predefined .After making Templates the database will be compared
with the testing.
In this project we also analyzed the security evaluation of fingerprint based authentication
systems. The traditional image authentication systems are not able to meet performance
requirements of many modern applications. Image based authentication system that use
physiological or behavioral traits (e.g., fingerprints) are good alternatives to traditional methods.
In this paper we addressed the issues and developed algorithms to eliminate associated problems.
Firstly we analyzed the attacks of fingerprint matchers and developed algorithms for
circumventing them. Here our approach is passing the security associated with the fingerprint
based authentication systems. Secondly we developed algorithms for increasing the security for
different fingerprint based attacks. It consists of two different attacks: Direct attack and indirect
attack. In direct attack it is starting from a latent fingerprint and standard ISO minutiae template.
In indirect attack it is measured in different countermeasures of the different attacks based on the
quality measures it will use hill climbing method to develop an algorithm. Finally we analyzed
the pitfalls in our system and developed algorithms to automatically improve the system
accuracy and privacy.
Keywords: AFIS, Authentication, Biometrics, Fingerprint, Identification, and Minutiae based
Security, Verification.
IJESR/April 2012/ Volume-2/Issue
Copyright © 2012 Published by IJESR
1. INTRODUCTION
1.1 BIOMETRICS
“Biometrics” is come from the Greek words “Bio” (Life) and “Metric” (to measure). Biometrics is the technologies used for measuring and analysing a person’s unique characteristics. Biometrics is becoming an interesting topic now in regards to computer andthe first known example of biometrics in practise was a form of fingerprinting being used in china in the 14th century. Today we have technology to refine the accuracy of biometric identification, and therefore the possibility of makingWith regard to technology, biometrics is the term given to the use of biological traits or
behavioural characteristics to identify an individual. These traits may be fingerprints, hand
geometry, facial geometry, and retina recogniti
software and the interconnecting infrastructure, enabling identification by matching a live sample
to a stored pattern in a database. The main use of biometric security is to replace the current
password system. Maintaining password security can be a major task for even a small
organization. Passwords have to be changed every few months and people forgot their passwords
or lock themselves out of the system by incorrectly entering their password repeatedly. V
often people write their password down and keep it near their computer (on a post it notes
attached to the underside of the keyboard is a frequently seen favourite). This is of course
completely undermines any effort at network security. The employees
problems. The passwords had to be changed every 90 days and no dictionary words were
allowed, only 8-digit alphanumeric strings.
Types of Biometrics
There are two types of biometrics:
1. Behavioral 2. Physical
Behavioral biometrics are generally used for verification while physical biometrics can be used
for either Identification or Verification.
Identification: It involves trying to find a match for a person’s biometric data in a database
containing records of people and chara
processing power, especially if the database is very large. This is called as ‘One to many process.
Verification: It involves comparing a user’s biometric data to the previously recorded data for
that person to ensure that this is the same person. This method requires less processing power
and time, is used for access control (to building or data). This is called as ‘One to One’ process.
In verification, biometric templates are used to verify a pe
Figure1: Basic block diagram of biometric system
2/Issue-4/Article No-4/158-175 ISSN 2277
Published by IJESR. All rights reserved
“Biometrics” is come from the Greek words “Bio” (Life) and “Metric” (to measure). Biometrics is the technologies used for measuring and analysing a person’s unique characteristics. Biometrics is becoming an interesting topic now in regards to computer and security. Possibly the first known example of biometrics in practise was a form of fingerprinting being used in
century. Today we have technology to refine the accuracy of biometric identification, and therefore the possibility of making it a viable field. [1] With regard to technology, biometrics is the term given to the use of biological traits or
behavioural characteristics to identify an individual. These traits may be fingerprints, hand
geometry, facial geometry, and retina recognition system, including all the hardware, associated
software and the interconnecting infrastructure, enabling identification by matching a live sample
to a stored pattern in a database. The main use of biometric security is to replace the current
stem. Maintaining password security can be a major task for even a small
organization. Passwords have to be changed every few months and people forgot their passwords
or lock themselves out of the system by incorrectly entering their password repeatedly. V
often people write their password down and keep it near their computer (on a post it notes
attached to the underside of the keyboard is a frequently seen favourite). This is of course
completely undermines any effort at network security. The employees had the usual password
problems. The passwords had to be changed every 90 days and no dictionary words were
digit alphanumeric strings.
There are two types of biometrics:
trics are generally used for verification while physical biometrics can be used
for either Identification or Verification.
t involves trying to find a match for a person’s biometric data in a database
containing records of people and characteristic. This method requires time and a large amount of
processing power, especially if the database is very large. This is called as ‘One to many process.
t involves comparing a user’s biometric data to the previously recorded data for
that person to ensure that this is the same person. This method requires less processing power
and time, is used for access control (to building or data). This is called as ‘One to One’ process.
In verification, biometric templates are used to verify a person's identity.
Figure1: Basic block diagram of biometric system
ISSN 2277-2685
159
“Biometrics” is come from the Greek words “Bio” (Life) and “Metric” (to measure). Biometrics is the technologies used for measuring and analysing a person’s unique characteristics.
security. Possibly the first known example of biometrics in practise was a form of fingerprinting being used in
century. Today we have technology to refine the accuracy of biometric
With regard to technology, biometrics is the term given to the use of biological traits or
behavioural characteristics to identify an individual. These traits may be fingerprints, hand
on system, including all the hardware, associated
software and the interconnecting infrastructure, enabling identification by matching a live sample
to a stored pattern in a database. The main use of biometric security is to replace the current
stem. Maintaining password security can be a major task for even a small
organization. Passwords have to be changed every few months and people forgot their passwords
or lock themselves out of the system by incorrectly entering their password repeatedly. Very
often people write their password down and keep it near their computer (on a post it notes
attached to the underside of the keyboard is a frequently seen favourite). This is of course
had the usual password
problems. The passwords had to be changed every 90 days and no dictionary words were
trics are generally used for verification while physical biometrics can be used
t involves trying to find a match for a person’s biometric data in a database
cteristic. This method requires time and a large amount of
processing power, especially if the database is very large. This is called as ‘One to many process.
t involves comparing a user’s biometric data to the previously recorded data for
that person to ensure that this is the same person. This method requires less processing power
and time, is used for access control (to building or data). This is called as ‘One to One’ process.
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 160
Biometric recognition refers to the use of distinctive physiological (fingerprint, hand geometry,
iris, face, retina etc.,) and behavioural (voice, signature etc.,) called biometric identifiers or
simply biometrics. Depending on the application context, a biometric system may operate either
verification or identification mode. The design of appropriate authentication system is becoming
more and more important. A system that has ability to authenticate the persons: accurately,
rapidly, reliably, without invading privacy rights, cost efficiently, in user friendly manner, and
without drastic changes to the existing infrastructures are desired.
The main physical biometric technologies include:
Fingerprint - analysing Fingerprint patterns
Facial Recognition - measuring facial characteristics.
Hand Geometry – measuring the shape of the hand
Iris Scan – analysing features of colored ring of the eye.
Retina Scan – analysing blood vessels in the eye
Vascular Patterns – analysing vein patterns
DNA – analysing genetic makeup.
The main behavioural biometric technologies include
Voice recognition – analysing a speaker’s vocal behaviour
Keystroke – measuring the time spacing of typed words
Gait recognition – manner of walking
Signature – analysing the way you sign.
2. FINGERPRINT
Fingerprint biometrics is an automated digital version of the old ink and paper method used for
more than a century for identification. The biometric device requires each user to place a finger
on a plate for the print to be read. Fingerprint biometrics currently has three main application
areas large scale Automated Finger Imaging Systems (AFIS). A major advantage of finger
imaging is the long time use of fingerprints and its wide acceptance by the public and law
enforcement communities as a reliable means of human recognition [2].
A fingerprint is made of a number of ridges and valleys on the surface of the finger. Ridges are
the upper skin layer segments of the finger and valleys are the lower segments. The ridges form
so called minutia points: ridge endings (very a ridge end) and ridge bifurcations (where a ridge
splits in two). Many types of minutiae exist, including dots (very small ridges), islands (ridges
slightly longer than dots, occupying a middle space between two temporarily divergent ridges).
The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as
the minutiae points. There are five basic fingerprint patterns: Arch, tented arch, left loop, right
loop and whorl. Loops make up 60% of all fingerprints, whorls account for 30%, and arches for
10%. Fingerprints are usually considered to be unique, with no two fingers having the exact
same dermal ridge characteristics.
2.1 Types of Fingerprint
Latent Prints
IJESR/April 2012/ Volume-2/Issue
Copyright © 2012 Published by IJESR
Although the word latent means hidden or invisible, in modern usage for forensic science the
term latent prints means any chance of accidental impression left by friction ridge skin on a
surface, regardless of whether it
chemical, and physical processing techniques permit visualization of invisible latent print residue
whether they are form natural secretions of the ecrine glands present on friction ridge skin
Patent Prints
These are friction ridge impressions of unknown origins which are obvious to the human eye are
caused by a transfer of foreign material on the finger, onto a surface. Because they are already
visible they need no enhancement, and general
same manner as latent prints, an attempt to preserve the actual print is always made with
numerous techniques; for latent presentation in court. Finger deposits can include materials such
as ink, dirt, or blood on to a surface.
Plastic Prints
A plastic print is a friction ridge impression from a finger or palm (toe/foot) deposited in a
material that retains the shape of the ridge detail. Commonly encountered examples are melted
candle wax, putty removed from t
car parts.
2.2 Classifying Fingerprints
Before computerization replaced manual filing systems in large fingerprint operations, manual
fingerprints classification system were used to categorize fin
formations (such as the presence or absence of circular patterns in various fingers), thus
permitting filing and retrieval of paper records in large collections based on friction ridge
patterns name, birth date, and other b
popular ten print classification systems is henry classification system, and roscher system. The
henry system was developed in India and implemented in most English speaking countries.
Figure2: Fingerprint categories: (a) arch, (b) tented arch, (c) left loop, (d) right loop, (e)
3. OPERATION
Optical, silicon and ultra sound are the main technologies used to capture the fingerprint images
with sufficient detail.
Process of fingerprint analysis
2/Issue-4/Article No-4/158-175 ISSN 2277
Published by IJESR. All rights reserved
Although the word latent means hidden or invisible, in modern usage for forensic science the
term latent prints means any chance of accidental impression left by friction ridge skin on a
surface, regardless of whether it is visible or invisible at the time of deposition. Electronic,
chemical, and physical processing techniques permit visualization of invisible latent print residue
whether they are form natural secretions of the ecrine glands present on friction ridge skin
These are friction ridge impressions of unknown origins which are obvious to the human eye are
caused by a transfer of foreign material on the finger, onto a surface. Because they are already
visible they need no enhancement, and generally photographed instead of being lifted in the
same manner as latent prints, an attempt to preserve the actual print is always made with
numerous techniques; for latent presentation in court. Finger deposits can include materials such
d on to a surface.
A plastic print is a friction ridge impression from a finger or palm (toe/foot) deposited in a
material that retains the shape of the ridge detail. Commonly encountered examples are melted
candle wax, putty removed from the perimeter of windows panes and thick grease deposits on
Before computerization replaced manual filing systems in large fingerprint operations, manual
fingerprints classification system were used to categorize fingerprints based on general ridge
formations (such as the presence or absence of circular patterns in various fingers), thus
permitting filing and retrieval of paper records in large collections based on friction ridge
patterns name, birth date, and other biometric data that persons may misrepresent. The most
popular ten print classification systems is henry classification system, and roscher system. The
henry system was developed in India and implemented in most English speaking countries.
Figure2: Fingerprint categories: (a) arch, (b) tented arch, (c) left loop, (d) right loop, (e)
whorl, and (f) twin loop.
Optical, silicon and ultra sound are the main technologies used to capture the fingerprint images
ISSN 2277-2685
161
Although the word latent means hidden or invisible, in modern usage for forensic science the
term latent prints means any chance of accidental impression left by friction ridge skin on a
is visible or invisible at the time of deposition. Electronic,
chemical, and physical processing techniques permit visualization of invisible latent print residue
whether they are form natural secretions of the ecrine glands present on friction ridge skin [3].
These are friction ridge impressions of unknown origins which are obvious to the human eye are
caused by a transfer of foreign material on the finger, onto a surface. Because they are already
ly photographed instead of being lifted in the
same manner as latent prints, an attempt to preserve the actual print is always made with
numerous techniques; for latent presentation in court. Finger deposits can include materials such
A plastic print is a friction ridge impression from a finger or palm (toe/foot) deposited in a
material that retains the shape of the ridge detail. Commonly encountered examples are melted
he perimeter of windows panes and thick grease deposits on
Before computerization replaced manual filing systems in large fingerprint operations, manual
gerprints based on general ridge
formations (such as the presence or absence of circular patterns in various fingers), thus
permitting filing and retrieval of paper records in large collections based on friction ridge
iometric data that persons may misrepresent. The most
popular ten print classification systems is henry classification system, and roscher system. The
henry system was developed in India and implemented in most English speaking countries.
Figure2: Fingerprint categories: (a) arch, (b) tented arch, (c) left loop, (d) right loop, (e)
Optical, silicon and ultra sound are the main technologies used to capture the fingerprint images
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 162
Scanning of a fingerprint image: the quality of the scanned image is the decisive factor for
automatic identification purposes. It is desirable to use a high definition fingerprint scanner
which is able to tolerate different skin types, damages, dryness, as well as humidity of the finger
surface.
Image quality improvement: by using image quality improvement, an optical improvement of the
structures (ridges) on the scanned image can be achieved.
Image processing: it means the preparatory phase for feature extraction and classification
purposes.
Feature classification: fact is that all fingerprints show certain global similarities, which allow
for rough classification into three principal finger classes. However classification is a rather
difficult process both for algorithm based decisions as well as for man-made decisions since
some fingerprints cannot be clearly allocated to concrete finger class.
Feature extraction: in this phase the location of the minutiae (ridge bifurcations and ridge
endings) in the fingerprint is detected and extracted. In practise, scanned images show differing
qualities.
Verification phase: in this two feature vectors are being compared. The algorithm performance
strongly depends on the quality of the extracted minutiae and comparision process.
3.1 Fingerprint scanning
Depending on whether the scanning process is carried out on or off line, the fingerprint image
can be either be a color image, e.g. on paper or an image of a life finger obtained through a
sensor. In case of a color print rolling the finger on a surface generates the images of the ridges,
e.g. on paper after that the finger is moistened with ink. In case of life image of a finger is a
comprehensive term for images that are obtained directly by placing the finger on a suitable
sensor. There are a vast number of various methods, which can be used for the scanning ridges.
They include: optical sensor, electrical field sensor, polymer TFT sensor, thermal sensors,
capacitive sensors, contactless3d-sensors, ultrasound sensors.
A biometric sensor is the hardware component of a biometric system, which initially supplies biometric measurements. Depending on the biometric method in use, there are different kinds of sensors. Optical sensors use light for obtaining fingerprint images [5]. Electrical field sensor measure local variations of the electrical field, which is generate the finger surface relief upon the emission of a small electrical signal. Polymer tft sensors measure the light, which is emitted upon contact when the finger is laid on the polymer substrate. Thermal sensors register the thermal finger images. In capacitive sensors, the sensor and the finger surfaces together from a capacitor.
3.2 Algorithm
There are two main algorithms to recognize fingerprints: Minutia matching compares specific details within the fingerprint ridges. At registration (enrollment), the minutia points are located, together with their relative positions to each other and their directions. At the matching stage, the fingerprints image is processed to extract its minutia points, which are compared with the registration complete [4].
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 163
Pattern matching compares the overall characteristics of the fingerprints, not only individual
points. Fingerprint characteristics can include sub-areas of certain interest including ridge
thickness, curvatures, or density. During enrollment small sections of the fingerprint and their
relative distances are extracted from the fingerprint.
4. AUTHENTICATION
It involves confirming your identity and the biometric systems have to match your data with only
one, single record [6].The accuracy of any biometric system is measured in terms of FAR and
FRR.
Far (False Acceptance Rates)
Where an imposer is accepted as a match. It is a probability of falsely accepting a metric as a
match.
FRR (False Rejection Rates)
Where a legal match is denied. Where the system sails to recognize an authentic Biosignature.
As FRR increases, the FAR goes down and vice versa.
Almost all biometric systems can be adjusted to varying levels of strictness to create a variation
in FAR and FRR. For a system to be successful, both have to be within acceptable low limits
[10].
There are three ways to authenticate
• Something you know, like a password, pass phrase, pins, secret handshakes
• Something you have, like a token: storage and dynamic tokens
• something you are, measurable a trait
Figure 3: Basic Authentication Process.
Steps for fingerprint Authentication:
Step 1: User Registration
In any secure system, to enroll as a legitimate user in a service, a user must beforehand register
with the service provider by establishing his/her identity with the provider. For this, the user
provides his/her fingerprint through a finger scanner. The finger print image thus obtained
undergoes a series of enhancement steps. This is followed by a Finger print hardening protocol
with servers to obtain a hardened finger print FP which is stored into the server’s database.
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 164
Step 2: Fingerprint Enhancement
A fingerprint is made of a series of ridges and furrows on the surface of the finger. The
uniqueness of a fingerprint can be determined by the pattern of ridges and furrows. Minutiae
points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending. A
ridge termination is defined as the point where a ridge ends abruptly. A ridge bifurcation is
defined as the point where a ridge forks or diverges into branch ridges.The quality of the ridge
structures in a fingerprint image is an important characteristic, as the ridges carry the information
of characteristic features required for minutiae extraction.
Figure.4: Basic block diagram of fingerprint enhancement
5. CANCELABLE BIOMETRICS
One advantage of knowledge- and possession-based authenticators over biometrics is that they can be re-issued. If a token or a password is lost or stolen, it can be cancelled and replaced by a newer version, an option not readily available for biometrics. Cancellable biometrics perform an intentional and repeatable distortion of the original biometric signal by applying a chosen noninvertible transform, which is applied in the same way during the enrollment and authentication process. Every biometric application may use a different transform to render cross-matching of biometrics impossible. If one variant of transformed biometric is compromised, this representation can be “cancelled” and replaced by a biometric generated with a new transform. The original biometric remains secret and cannot be reconstructed from compromised representations [8].
Figure.5: Authentication Process Based on Cancellable Biometrics
6. ATTACKS AGAINST BIOMETRIC SYSTEMS
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 165
Biometrics-based personal authentication systems that use physiological (e.g., finger print, face,
iris) or behavioural (e.g., speech, handwriting) traits are being increasingly utilized in many
applications to enhance the security of physical and logical access systems [3]. Even though
biometric systems over several advantages over traditional token (e.g., key) or knowledge (e.g.,
password) based authentication schemes (e.g., increased user convenience and robustness against
imposter users), they are still vulnerable to attacks. Fig 6 shows the locations of these attacks in a
generic biometric system. A Type1 attack involves presenting a fake biometric (e.g., finger made
from silicon, face mask, lens including fake iris texture) to the sensor. The second type of attack
is called a replay attack, because an intercepted biometric (with or without the cooperation of
14the genuine user) data is submitted to the feature extractor, bypassing the sensor. In the third
type of attack, the feature extractor module is replaced with a Trojan horse program that
functions according to its designer's specifications (henceforth, these users that try to break into
systems protected by biometric authentication will be collectively called \Trudy"). In the fourth
type of attack, genuine feature values are replaced with values (synthetic or real) selected by the
attacker. In the fifth type of attack, the matcher is replaced with a Trojan horse program. The
attacks on the template database (e.g., addition, modification, or removal of templates) constitute
the sixth type of attack. In the seventh type of attack, the templates are tampered with (stolen,
replaced, or altered) in the transmission medium between the template database and matcher.
Lastly, the matcher result (accept or reject) can be overridden by the attacker.
• Attack on the biometric sensor with mockups or dummies. A reproduction of a biometric trait
is presented as input to the system.
• Replay attack. A recorded signal (containing a previously intercepted signal) is replayed to
the system, bypassing the biometric sensor.
• Attack on the feature extractor. The feature extractor is forced, e.g., by Trojan horse, to
oppress single features of a biometric trait, or to produce altered values than those read by the
biometric sensor.
Figure.6: Attack points in biometric systems
Tampered feature representation. Features extracted from the sensor input are replaced by a
(fraudulent) feature set. The stages of feature extraction and matching are often inseparable, and
the attack is complex. However, if the extracted feature set is sent to a remote matcher, e.g., over
the Internet, the threat is real.
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 166
• Attack on the matcher. The matcher is forced, e.g., by Trojan horse, to produce high or low
matching score, in order to allow or deny access to an individual.
• Attack on stored biometric templates. Templates stored in a biometric database (local,
remote, distributed) are added, modified or deleted.
• Tampered template representation.
• Attack on the decision end point. If the final matching decision is manipulated by the
attacker, the authentication system is disabled. By overriding the final matching decision, the
biometric system is rendered useless and the biometrics.
7. SECURITY
With the proliferation of large-scale computer networks (e.g., Internet), the increasing number of
applications making use of such networks (e.g., e-commerce, e-learning),and the growing
concern for identity theft problems, the design of appropriate personal authentication systems is
becoming more and more important. Systems that have the ability to authenticate persons (i)
accurately, (ii) rapidly, (iii) reliably, (iv)without invading privacy rights, (v) cost effectively, (vi)
in a user-friendly manner, and (vii) without drastic changes to the existing infrastructures are
desired. Note that some of these requirements conflict with the others. The traditional personal
authentication systems that make use of either a (secret) piece of knowledge (e.g., password)
and/or a physical token (e.g., ID card) that are assumed to be utilized only by the legitimate users
of the system are not able to meet all of these requirements [7] .
8. TEMPLATE PROTECTION
The template is a defining element of a biometric technology and systems, and is critical to
understanding how the biometrics operates. A template is a small file that derived from the
distinctive features of a user’s biometric data, used to perform biometric matches. Biometric
systems store and compare biometric templates, not biometric data.
There are a number of important facts about biometric templates:
• Most templates occupy less than 1 kilobyte and some technology’s templates are as small as 9
bytes; template sizes also differ from vendor to vendor.
• Templates are proprietary to each vendor and each technology. There is no common biometric
template format.
• Biometric data such as finger prints and facial images cannot be reconstructed from biometric
templates. Templates are not merely compressions of biometric data, but extractions of
distinctive features. These features are not alone adequate to reconstruct the full biometric image
or data.
• One of the most interesting facts about biometric technologies is that unique templates are
generated every time a user presents a biometric data. Two immediately successive placements
of a finger on a biometric device generate entirely different templates. These templates, when
processed by a vendor’s algorithm are recognizable as being from the same person, but not
identical.
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 167
• Depending on when they are generated, templates can be referred to as enrolment templates or
match templates. Enrolment templates are created upon the user’s initial interaction with a
biometric system and are stored for usage in future biometric comparisons.
9. APPLICATIONS
Fingerprint sensors are best for devices such as cell phones, usb flash drives, notebook computer,
and other applications where price, size, cost, and low power are key requirements.
Fingerprint biometric systems are used for law enforcement, background searches to screen job
applicants, health care and welfare. Accurate identification of a person could deter crime and
fraud, streamline business processes, and save critical resources. Here are a few mind boggling
numbers: about one billion dollars in welfare benefits in the United States are annually claimed
by “double dipping” welfare recipients with fraudulent multiple identities. MasterCard estimates
the credit card fraud at $450 million per annum which includes charges made on lost and stolen
credit cards: unobtrusive positive personal identification of the legitimate ownership of a credit
card at the point of sale would greatly reduce the credit card fraud; about 1 billion dollars worth
of cellular telephone calls are made by the cellular bandwidth thieves – many of which are made
from stolen PINS and/or cellular telephones. Again, an identification of the legitimate ownership
of the cellular telephones would prevent cellular telephone thieves from stealing the bandwidth.
A reliable method of authenticating legitimate owner of an ATM card would greatly reduce
ATM related fraud worth approximately $3 billion annually. A positive method of identifying
the rightful check payee would also reduce billions of dollars that are misappropriated through
fraudulent encashment of checks each year. A method of positive authentication of each system
login would eliminate illegal break-ins into traditionally secure (even federal government)
computers. The United States Immigration and Naturalization service stipulates that it could each
day detect/deter about 3,000 illegal immigrants crossing the Mexican border without delaying
legitimate persons entering the United States if it had a quick way of establishing positive
personal identification.
High speed computer networks offer interesting opportunities for electronic commerce and
electronic purse applications. Accurate authentication of identities over networks is expected to
become one of the important application of biometric-based authentication. Miniaturization and
mass-scale production of relatively inexpensive biometric sensors (e.g., solid state fingerprint
sensors) will facilitate the use of biometric-based authentication in asset protection.
10. ADVANTAGES OR DISADVANTAGES
Advantage: widely accepted by public law enforcement communities as reliable identification.
Disadvantage: requires close physical contact with scanning device, residue on finger may cause
recognition problems; has criminal overtones etc.
11. FUTURE OF BIOMETRICS
As future is near biometric will be a key instrument in our society. With the use of biometrics
increasing from day to day and the need to stop fraud, it seems that the future shows hope. Well
there be a central database to contain the digital templates from everyone eyes, finger or voices.
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 168
The future of this technology is just starting to bloom. Many issues are arising from this
technology and “PRIVACY” is the main concern. Even if we are told that the government will
not use the data or release the data to anyone, how can that be proven? It is your right as an
individual and person to protect your privacy about yourself and the direction of this technology
seems to spell “D-I-S-A-S-T-E-R” FOR everyone “PRIVACY”.
12. IMPLEMENTATION WORK
Source Code clear;
clc;
close all;
% 1--> add database
% 0--> recognition
%ok=0;
chos=0;
Possibility=5;
while chos~=possibility,
chos=menu('Fingerprint Authentication System','Select image and add to database','Select image for fingerprint
authentication','Delete database',...
'Fingerprint image: visualization','Exit');
%--------------------------------------------------------------------------
%--------------------------------------------------------------------------
%--------------------------------------------------------------------------
% Calculate FingerCode and Add to Database
if chos==1
clc;
close all;
selezionato=0;
while selezionato==0
[namefile,pathname]=uigetfile({'*.bmp;*.tif;*.tiff;*.jpg;*.jpeg;*.gif','IMAGE Files
(*.bmp,*.tif,*.tiff,*.jpg,*.jpeg,*.gif)'},'Chose GrayScale Image');
if namefile~=0
[img,map]=imread(strcat(pathname,namefile));
selezionato=1;
else
disp('Select a grayscale image');
end
if (any(namefile~=0) && (~isgray(img)))
disp('Select a grayscale image');
selezionato=0;
end
end
immagine=double(img);
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 169
if isa(img,'uint8')
graylevmax=2^8-1;
end
if isa(img,'uint16')
graylevmax=2^16-1;
end
if isa(img,'uint32')
graylevmax=2^32-1;
end
[oimg,fimg,bwimg,eimg,enhimg] = fft_enhance_cubs(immagine);
fingerprint = enhimg;
%N=h_lato;
[BinarizedPrint,XofCenter,YofCenter]=centralizing(fingerprint,0);
[CroppedPrint]=cropping_64(XofCenter,YofCenter,fingerprint);
%[NormalizedPrint,vector]=sector_norm(CroppedPrint,0);
finger_code_inv=invmoments(CroppedPrint);
% FingerCode added to database
if (exist('fp_database.dat')==2)
load('fp_database.dat','-mat');
fp_number=fp_number+1;
data{fp_number}=finger_code_inv;
save('fp_database.dat','data','fp_number','-append');
else
fp_number=1;
data{fp_number}=finger_code_inv;
save('fp_database.dat','data','fp_number');
end
message=strcat('FingerCode was succesfully added to database. Fingerprint no. ',num2str(fp_number));
msgbox(message,'FingerCode DataBase','help');
end
%--------------------------------------------------------------------------
%--------------------------------------------------------------------------
%--------------------------------------------------------------------------
% Fingerprint recognition
if chos==2
clc;
close all;
selezionato=0;
while selezionato==0
[namefile,pathname]=uigetfile({'*.bmp;*.tif;*.tiff;*.jpg;*.jpeg;*.gif','IMAGE Files
(*.bmp,*.tif,*.tiff,*.jpg,*.jpeg,*.gif)'},'Chose GrayScale Image');
if namefile~=0
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 170
[img,map]=imread(strcat(pathname,namefile));
selezionato=1;
else
disp('Select a grayscale image');
end
if (any(namefile~=0) && (~isgray(img)))
disp('Select a grayscale image');
selezionato=0;
end
end
immagine=double(img);
if isa(img,'uint8')
graylevmax=2^8-1;
end
if isa(img,'uint16')
graylevmax=2^16-1;
end
if isa(img,'uint32')
graylevmax=2^32-1;
end
[oimg,fimg,bwimg,eimg,enhimg] = fft_enhance_cubs(immagine);
fingerprint = enhimg;
%N=h_lato;
[BinarizedPrint,XofCenter,YofCenter]=centralizing(fingerprint,0);
[CroppedPrint]=cropping_64(XofCenter,YofCenter,fingerprint);
%[NormalizedPrint,vector]=sector_norm(CroppedPrint,0);
%input vector
vettore_in=invmoments(CroppedPrint);
% FingerCode of input fingerprint has just been calculated.
% Checking with DataBase
if (exist('fp_database.dat')==2)
load('fp_database.dat','-mat');
%---- alloco memoria -----------------------------------
%template vector
Vector_Lenth=7;
vettore_tem=zeros(Vector_Lenth,1);
best_matching=zeros(fp_number,1);
%valori_rotazione=zeros(n_arcs,1);
% start checking ---------------------------------------
for scanning=1:fp_number
fcode1=data{scanning};
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 171
vettore_tem=fcode1;
%NORM(X) is the largest singular value of X, max(svd(X)).
d1=norm(vettore_tem-vettore_in);
val_minimo=d1;
best_matching(scanning)=val_minimo;
end
%[Y,I] = MIN(X) returns the indices of the minimum values in vector I.
[distanza_minima,posizione_minimo]=min(best_matching);
if distanza_minima==0
msgbox('fingerprint is matched with database');
else
msgbox('finger print is not matched with database');
end
%beep;
%message=strcat('The nearest fingerprint present in DataBase which matchs input fingerprint is :
',num2str(posizione_minimo),...
% ' with a distance of : ',num2str(distanza_minima));
%msgbox(message,'DataBase Info','help');
else
message='DataBase is empty. No check is possible.';
msgbox(message,'FingerCode DataBase Error','warn');
end
end % fine caso 2
if chos==3
clc;
close all;
if (exist('fp_database.dat')==2)
button = questdlg('Do you really want to remove the Database?');
if strcmp(button,'Yes')
delete('fp_database.dat');
msgbox('Database was succesfully removed from the current directory.','Database removed','help');
end
else
warndlg('Database is empty.',' Warning ')
end
end % fine caso 3
if chos==4
clc;
close all;
Selezionato=0;
while selezionato==0
[namefile,pathname]=uigetfile({'*.bmp;*.tif;*.tiff;*.jpg;*.jpeg;*.gif','IMAGE Files
(*.bmp,*.tif,*.tiff,*.jpg,*.jpeg,*.gif)'},'Chose GrayScale Image');
if namefile~=0
[img,map]=imread(strcat(pathname,namefile));
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 172
selezionato=1;
else
disp('Select a grayscale image');
end
if (any(namefile~=0) && (~isgray(img)))
disp('Select a grayscale image');
selezionato=0;
end
end
figure('Name','Selected image');
imshow (img);
end % fine caso 4
end % fine while
13. RESULTS
Snapshots
1. Basic output display
2. The below snapshot shows the fingerprint image is selected from data base
3. The below snapshot shows the fingerprint image is matched with the data base.
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 173
4. Visualization image will be displayed nothing but input image.
5. The below snapshot shows another fingerprint image is selected from database
6. The below snapshot shows the fingerprint image is not matched with the database.
7. The below snapshot shows the code will be exit
14. CONCLUSION
In this project we have analysed the vulnerabilities of fingerprint recognition systems to have
different direct attack and indirect attacks. In this system, we have reused ideas in the areas of
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 174
image processing technique to extract the minutiae from biometric image. Therefore it can be
directly applied to fortify existing standard single biometric based security applications.
In this project we conclude that providing the authentication using fingerprints of the persons.
Here there is two cases test and train. In train case we finally register the finger print of persons
to whom we wish to give authorization .So after register the persons into the data base of the
fingerprints .These are changed into templates of predefined .After making Templates the
database will be compared with the testing.In testing we just make verification after adding the
fingerprint of persons. It compares with that templates, which are available in database. If it is
already in database, it shows matched result else it gives not matched. Biometrics-based
authentication has many usability advantages over traditional systems such as passwords.
Specifically, users can never lose their biometrics, and the biometric signal is difficult to steal or
forge. We have shown that the intrinsic bit strength of a biometric signal can be quite good,
especially for fingerprints, when compared to conventional passwords. Within a fairly short
period of time, biometric recognition technology has found its way into many areas of everyday
life. Citizens of more than 50 countries hold machine-readable passports that store biometric
data–a facial image and in most cases a digital representation of fingerprints–on a tiny RFID
chip, to verify identity at the border. Law enforcement agencies have assembled biometric
databases with fingerprints, voice and DNA samples, which make their work more efficient and
manageable. Commercial applications use biometrics in local access control scenarios, but also
increasingly in remote telebiometric deployments, such as e-commerce and online banking, and
complement or replace traditional authentication schemes like PIN and passwords. Since
biometrics rely on highly sensitive personal information, the handling of biometric information
needs to be given special attention and protective measures need to be put in place to safeguard
privacy and avoid compromise of biometric data.
ACKNOWLEDGEMENTS
The authors would like to thank everyone, whoever remained a great source of help and
inspirations in this humble presentation. The authors would like to thank K.L. University
management for providing necessary facilities to carry out this work
REFERENCES
[1] Biometric consortium 2009, //http:www. Biometrics.org// (16january2012).
[2]//www.findbiometrics.com// (18january2012).
[3] Galbally J, Cappelli R. An evaluation of direct and indirect attacks using fake fingers
generated from ISO templates pattern recognition. 2009.
[4] Galbally J, Lumini A. Fake fingerprint generation from minutiae template. 2008.
[5] www. fingerprint.shtml/ networkusa.org (20 january2012).
[6] Design and implementation for secure embedded biometric authentication systems by
shenglin yang in 2007.
[7]www.biometricsecurity.com (26january2012).
IJESR/April 2012/ Volume-2/Issue-4/Article No-4/158-175 ISSN 2277-2685
Copyright © 2012 Published by IJESR. All rights reserved 175
[8] Enhancing security and privacy in biometric based authentication systems by N.K.Ratha in
2001.
[9]Biometrics organization Website http://www.miometrics.org//
[10] Yang YJ, Bao F, Deng RH. A New Architecture for Authentication and Key Exchange
Using Password for Federated Enterprises. Proc. 20th Int’l Federation for Information
Processing Int’l Information Security Conf. (SEC ’05), 2005.
[11] Yang YJ, Bao F, Deng RH. Deng “A Practical Password-based Two Server authentication
and Key Exchange System. IEEE Transactions on Dependable and Secure Computing 2006;
3(2).