Project Chou
Transcript of Project Chou
-
8/3/2019 Project Chou
1/67
1
SECURE MODIFICATION TO A FILE PROTECTION SYSTEM THAT USES A
FINGERPRINT IDENTIFICATION TECHNIQUE
___________________
A Project
Presentedto the Faculty of
California State University, Chico
___________________
In partial Fulfillment
of the Requirements for the Degree
Master of Science
in
Computer Science
___________________
by
Shi-Hsun Chou 2003
Fall 2003
-
8/3/2019 Project Chou
2/67
2
ACKNOWLEDGMENTS
I would like to express my gratitude to the entire faculty and staff of the
Department of Computer Science, College of Engineering, Computer Science, and
Technology at California State University, Chico.
I am most grateful to my two professors, Dr. Benjoe A. Juliano and Dr. Tyson
R. Henry, for their valuable advice, understanding, and suggestions. I also want to thank
Dr. Juliano for giving me many useful ideas and thoughtful comments which enhanced
my ideas for this project.
Moreover, I want to express my appreciation to Leahsin Technologies, Inc.,
for letting me use their product, Fingerprint Reader, in this project.
Thank you to all my friends for their moral support, kindness, and friendship.
Also, I would like to give special thanks to my family, especially my mother, for their
endless encouragement and love. And, to my wonderful girlfriend, Kimmy, thanks for
always being there for me with boundless patience, love, and tenderness.
-
8/3/2019 Project Chou
3/67
3
ABSTRACT
SECURE MODIFICATION TO A FILE PROTECTION SYSTEM THAT USES A
FINGERPRINT IDENTIFICATION TECHNIQUE
by
Shi-Hsun Chou 2003
Master of Science in Computer Science
Summer 2003
This projects objective will be to modify an existing fingerprint identification
and encryption system so it provides the highest security possible for individual or group
access to sensitive documents or files in a more user friendly way. The project s target
audience is top management, executive members, and/or scientists of a company. The
main purpose is to help a company maintain the highest security for a document or file in
a convenient and safe way. By just using a fingerprint together with a login ID and
system password, a user can access the chosen document or file.
-
8/3/2019 Project Chou
4/67
4
CHAPTER I
INTRODUCTION
Motivation
The rapid and continuous development of technology in the last few years has
led to an increase in computer usage. According to information from the U.S. Census
Bureau, half of the households in the U.S. use computers today [1]. This figure has
increased steadily as more and more people use computers for everyday tasks.
However, the convenience and speed of the Internet creates more security
problems. People are afraid that someone could steal their data or hack into their systems.
Data security has become an important issue. Experts are continuously developing
different methods to stop these illegal activities.
Purpose of this Project
This project focuses on data security. Nowadays, the most common way to
secure data is to use a firewall. A firewall is software that prevents unauthorized users
from accessing a computer and its files [2]. Companies large and small and individuals
set up firewalls to protect their data. However, a firewall may not be enough to stop
determined computer hackers and criminals. Experts are trying to find a solution for this
problem. Biometric technology is providing the best solution so far.
-
8/3/2019 Project Chou
5/67
5
Biometrics is the science and technology of measuring and statistically analyzing
biological data. In information technology, biometrics usually refers to technologies
for measuring and analyzing human body characteristics such as fingerprints, eyeretinas and irises, voice patterns, facial patterns, and hand measurements, especially
for authentication purposes. [3]
It has been widely used for personal identification since it is based on human
physiological properties, which are difficult to copy. There are several advantages in
using biometrics for authentication purposes:
1. Universality. Everyone has biometrics features.
2. Uniqueness. No two persons have the same characteristics.
3. Permanence. The characteristics of biometrics features should be invariant.
4. Collectability. The characteristics of biometrics features should be measured
quantitatively.
5. Performance. The characteristics of biometrics features should be quick to
distinguish.
6. Acceptability. The characteristics of biometrics features should be easily
identifiable.
Based on the above properties, many biometric-based systems have been
developed using human body characteristics. One of the easiest to use is the fingerprint.
After deciding to use a fingerprint as the personal identifier, selecting a cryptanalysis
system to encrypt data is also very important.
Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to
secret code systems) with a view to finding weaknesses in them that will permitretrieval of the plaintext from the ciphertext, without necessarily knowing the key
or the algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem.
[4]
-
8/3/2019 Project Chou
6/67
6
Encryption is the process of transforming information from an unsecured form (clear
or plaintext) into coded information (ciphertext), which cannot be easily read by
outside parties [5]. Two parts of an encryption system involves
. . . a means of changing information into code (the algorithm), and a secret starting
point for the algorithm (the key). . . . The key determines how the algorithm - the
encryption process - will be applied to a particular message, and matching keys
must be used to encrypt and decrypt messages . . . Two basic types of encryption inuse today are known as private key encryption and public key encryption. In private
key encryption, the same key is used for both encryption and decryption . . . Public
key encryption solves the problem of maintaining key security by having separate
keys for encryption and decryption. [6]
The file encryption system developed in this project will encrypt files using a
private key. The system will automatically create a code file containing the combination
of converted data from the original file and a private key with an ID number. For
fingerprint matching technically speaking, the biometric devices create electronic digital
templates that are stored (a user s stored enrollment) and then compared to live, when
there is a need to verify the identity of an individual [7].
The purpose of this project will be to modify an existing fingerprint
identification and encryption system so it provides the highest security possible for
individual or group access to a company s sensitive documents or files in a more user
friendly way.
Scope of the Project
This project covers the following areas:
l This project uses a dialog-based MFC AppWizard [exe] of Visual C++ 6.0
Enterprise Version as the structure of the program.
-
8/3/2019 Project Chou
7/67
7
l Fingerprint identification is used through the fingerprint reader to scan
fingerprint data.
l A private key system of cryptology is used in this project.
Although not used in this project, a public key system of cryptology will be
compared with the private key system of cryptology.
The Structure of the Project
Figure 1 shows the data flow chart of the Fingerprint Identification and
Encryption System (FIES) implementation in seven steps:
Step 1. Run the FIES.
Step 2. Create a user data in the Person Management.
Step 3. Enroll a user s fingerprint data.
Step 4. Verify the fingerprint data that is created.
Step 5. Encrypt an original file.
Step 6. Decrypt a file that is encrypted.
Step 7. Exit the FIES.
The Structure of File Encryption
Figure 2 shows how FIES automatically creates an encrypted file and a code
file after encrypting the original file.
The Structure of File Decryption
Figure 3 shows how FIES decrypts encrypted file using a code file.
-
8/3/2019 Project Chou
8/67
8
Figure 1. The data flow chart of the FIES implementation.
Figure 2. The structure of file encryption.
Person Management
Fingerprint Data Enrollment
Person Verification File Encryption
File Decryption
Run FIES
Exit FIES
Original file
Encrypting file
Convertedcontext file
System time
Private key
Code file
ID No.
-
8/3/2019 Project Chou
9/67
9
Figure 3. The structure of file decryption.
Hardware/Software Used in This Project
Hardware
l Fingerprint reader/verifier/scanner
l Laptop Computer (P4 2.0G, RAM 256M, Hard disk-20G)
Encrypting file
Decrypting file
Converted
context file ID No.
Private key
System time
Code fileCode
Comparing
two codes
Decrypting file
failure
Decrypting file
successfully
Fingerprint
Library
Live
fingerprint
Fingerprint
matching
-
8/3/2019 Project Chou
10/67
10
Software
l Windows 2000 Professional
l Visual C++ 6.0 Enterprise Version
Other Products
1. Eagle Tec Finger Print Scanner PC Card, which has the following important
features:
l Full Windows OS support including 98, ME, NT4.0, 2000, and XP.
l PCMCIA (16-bit) interface.l Easy to use master password for all types of Windows application and on-
line passwords.
l Locking files or folders from unauthorized access.
l Locking application from unauthorized access.
l Compatible with Windows screen-saver password feature.l Easy to import and export existing passwords.l Store unlimited number of passwords and related information in a secure
database.
l Compatible with Microsoft Password support for Internet Explorer.
l Compatible with GUI that is easy to install, customize, and use.l International Language Support. [8]
2. Targus DEFCON Authenticator with USB Hub, which has these important
features:
l Fingerprint Biometric Authentication.
l SecureSuite Software offers password management and document/folderencryption.
l Integrated two port USB hub Notebook Computer Security/Expansion.l Light, small and great for travel. [9]
-
8/3/2019 Project Chou
11/67
11
CHAPTER II
PERSONAL IDENTIFICATION
Introduction
With the rapid development of science and technology, personal identification
plays a very important role today since it is used to verify user personal information
before allowing entry into a secure and confidential system. Why is personal
identification so important today? Because computers and the Internet have developed so
quickly, security has become very difficult. Without effective personal identification
safeguards, anyone can easily gain access to important data or break into important
systems. Traditionally, in order to verify personal identification, the user needed only a
User ID and Password to access secured files. However, a User ID and Password only is
not secure enough since they can be easily stolen. A new authorization/identification
technique, biometrics, has been developed that can determine more accurately if a
person is authorized to access a computer system and/or its files.
The Classification of Personal Identification
Some biometric characteristics that are used or are under investigation as
distinctive personal identification include:
l Fingerprints
l Hand geometry
l Hand Vein
l Iris
-
8/3/2019 Project Chou
12/67
12
l Retina
l Signature
l Voice Print
l Facial Thermogram
l DNA
Among these biometric characteristics, using the fingerprint as a form of
authentication is the most popular and convenient because of universality, uniqueness,
collectability, and acceptability.
The Method of Personal Identification
This project will use the fingerprint as the tool of personal identification.
There are two types of fingerprint identification: manual and automatic. Manual
fingerprint identification needs an expert to compare a print with a fingerprint database.
However, this action is time consuming and laborious. The other method uses automatic
fingerprint identification. Using a special software application and a fingerprint reader,
the fingerprint can be easily identified and compared by using an enrolled fingerprint
database. Figure 4 shows a domain class diagram of the fingerprint verification system. It
clearly shows the relationships and compares fingerprints between the user and the
fingerprint database via the fingerprint verification system.
-
8/3/2019 Project Chou
13/67
13
Figure 4. Domain class diagram of fingerprint verification system.
-
8/3/2019 Project Chou
14/67
14
CHAPTER III
FINGERPRINT VERIFICATION
Introduction
In 1684 an Englishman, Dr. Nehemiah Grew, wrote a paper about fingerprint
features on a human finger. It was later, in 1897, when Sir Edward Henry developed a
classification system for fingerprints based on his discovery that every person has over 13
characteristics on each fingerprint [10] and that these characteristics can help verify
personal identification. From birth to until death, a person s fingerprints remain the same
and never change. Since a fingerprint cannot disappear or be lost and other people cannot
easily copy it, fingerprinting is a unique and secure method of personal identification in
today s world. People can use their fingerprints as a secure key lock anytime and
anywhere. For example, police use fingerprints to access each person s criminal record
files. And a fingerprint identification system can be used to access long distance files,
control a computer system, and electronic bank via the Internet.
The Classifications of Fingerprint
Fingerprint classification can provide an important indexing mechanism in a
fingerprint database. An accurate and consistent classification can greatly reduce
fingerprint- matching time in large databases. The patterns and geometry of fingerprints
are different for each individual and they are unchanged with age. The classifications of
fingerprints are based on certain characteristics called arches, loops, and whorls. A
fingerprint is made up of some characteristics on the surface of the finger. The uniqueness
of a fingerprint can be determined by the pattern of ridges and furrows as well as the
-
8/3/2019 Project Chou
15/67
15
minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge
bifurcation or a ridge ending. Fingerprint verification can be divided into two
characteristic models: fingerprint shape characteristic and fingerprint detail characteristic.
Fingerprint Shape Characteristic
Some fingerprints have a spiral shape. The center of the spiral shape is known
as the Core Point of the fingerprint (Figure 5).
In other fingerprints, the furrows of the fingerprint are horizontal on the left-
bottom side or right-bottom side and the furrows on the top run in two opposite directions.
This is called a Delta Point (Figure 6).
Figure 5. The Core Point.
Figure 6. The Delta Point.There are many variations of these basic fingerprint characteristics. However,
fingerprints can be further classified using certain detail characteristics arches, loops,
and whorls.
-
8/3/2019 Project Chou
16/67
16
The Arch
The arch looks like a hill. There are two types of arch shapes in this case: the
Simple Arch and the Tended Arch.
Figure 7 shows the Simple Arch. The middle part is going up just a little bit
with a smooth bend. This type of arch has no triangular shape or central point.
Figure 7. The Simple Arch.
Figure 8 shows a Tended Arch. The central part of the fingerprint goes up
sharply and clearly, like a peak. This type of fingerprint has a triangular shape and no
central point.
Figure 8. The Tended Arch.
The Loop
-
8/3/2019 Project Chou
17/67
17
It looks like a dustpan and either bends to the left-hand side or right-hand side.
This type of fingerprint has a central point and a triangular shape. It can be classified as
either a left loop or right loop.
The Left Loop (Figure 9) is the mouth of the dustpan on the left-hand side.
Plus, the loop is always a triangular shape on the right-hand side.
Figure 9. The Left Loop.
The Right Loop is opposite of the Left Loop. The mouth is on the right-hand
side with a triangular shape on the left-hand side as shown in Figure 10.
Figure 10. The Right Loop.
The Whorl
The lines in this fingerprint spiral like the lines in a seashell and it has a round
or oval shape. It has a central point and a triangular shape on both the left and right-hand
side as shown in Figure 11.
-
8/3/2019 Project Chou
18/67
18
Figure 11. The Whorl.
Among whorl fingerprints, there are two variations worth mentioning: the
Double Loop Whorl and the Accidental Whorl. The Double Loop Whorl looks like two
upside-down loops on the same fingerprint (Figure 12). The Accidental Whorl is made up
of one or many loops and whorls. These form a special fingerprint shape. Usually this
type of fingerprint includes two or more triangular points.
Figure 12. The Double Loop Whorl.
Fingerprint Detail Characteristics
The characteristics of the fingerprints can be divided into three types:
directions, core point and delta point, and detail characteristics.
Directions
The fingerprint is formed by different lines. The direction of these lines can be
formed into different shapes and characteristics as shown in Figure 13.
-
8/3/2019 Project Chou
19/67
19
Figure 13. The Directions of a fingerprint.
Core Point and Delta Point
The successful fingerprint identification is based on accurate core points and
delta points as Table 1 shows.
Detail Characteristics
Detail characteristics have eight categories as Table 2 shows. Ending point
and bifurcation point are called basic characteristic. The other characteristics are called
complex characteristics.
Table 1.
The Core Point and Delta Point of Fingerprint
Classification of Fingerprints Core Point Delta Point Type of Delta Point
Arch0 0
Right Loop 1 1 Left
Left Loop 1 1 Right
Whorl 1 2 Left and Right
Tended Arch 0 1
-
8/3/2019 Project Chou
20/67
20
Table 2.
The Characteristics of Fingerprints
Characteristics Images
Dot
Ending
Bifurcation
Island
Spur
Crosser
Bridge
Short ridge
Minutiae Extraction
When the user places his/her fingerprint on the reader, the verifier catches the
image and shows the minutiae points of the user s fingerprint as shown in Figure 14.
The fingerprint verifier tries to match the minutiae points and coordinate (x, y)
with the fingerprint data already existing in the database.
When there are over 12 matching minutiae points between the fingerprint
database and live fingerprint data, they can be identified as being from the same finger.
The data flow chart of fingerprint data matching is shown in Figure 15.
-
8/3/2019 Project Chou
21/67
21
Figure 14. The minutiae points of a fingerprint.
Scientific studies have shown that two different fingerprints cannot have over 12
matching minutiae points [11].
The required number of matching minutiae points can be set according to the
security level and identifying speed demanded.
l If a higher security level is required, the user can set a higher number (> = 12)
and the false acceptance rate is less than 1/10,000.
l If a faster identifying speed is needed, the user set a lower number (8) and the
false acceptance rate is less than 1/1,000.
Red: End points
Green: Cross points
: Core points
\:
-
8/3/2019 Project Chou
22/67
22
Figure 15. The data flow chart of fingerprint data matching.
Fingerprint enrollment and database file created
Automatically fingerprint minutiae extraction
Fingerprint image and data saving
Fingerprint database
Fingerprint identification matching
Live fingerprint
input
Fingerprint data
transition
Fingerprint
matching failure
No
Yes
Fingerprint matching completed
-
8/3/2019 Project Chou
23/67
23
CHAPTER IV
CRYPTOLOGY
Introduction
Cryptology is the science of enciphering and deciphering codes or secret
communications. Cryptology can be divided into two areas:
1. Cryptography creating and using secure codes. Cryptology can be used for:
a. Data Secrecy or Data Privacy: Avoid illegal reading of data content.
b. Data Authenticity: Assure the legality of a data resource.
c. Data Integrity: Make sure of data modification.
d. Data Non-repudiation: Cannot repudiate data transition.
2. Cryptanalysis deciphering or breaking codes.
Types of Attack
1. Ciphertext-only attack.Just given some coded messages, aim to decode them and/or find the key:
l Statistical analysis of the ciphertext can restrict key or plaintext.
l Exhaustive key search -- feasible up to 50--60 bit keys.2. Known-plaintext attack.
Given some plaintext and its coded version, aim to find the key. This was the attackon Enigma.
3. Chosen-plaintext attack.
You can choose messages and see what they come out as, aim to find the key.Variations depending on how many messages you can use and whether you can
choose one after seeing the result of the last (adaptive chosen plaintext attack). [12]
Public Key Cryptosystem
The information of Public-Key Cryptosystem includes:
l The latest revolution in cryptology.
-
8/3/2019 Project Chou
24/67
24
l Idea due to Diffie and Hellman, 1970.l There is a key that allows you to encrypt a message, but does not help you to
decrypt other messages.l There is a separate key that can be used to decrypt the messages.
l Each user publicizes their encryption key (or public key) but guards theirdecryption key (or secret key).
l To send someone a message you encrypt it with their public key.
l To intercept and read it requires their secret key.
All public-key cryptosystems depend on the use of a trapdoor function in the
encryption step. This is a function (more precisely a program implementing afunction) fsuch that, given fand x, f(x) is easy to compute, but given fand f(x), x is
not easy to compute. [12]
Rivest-Shamir-Adleman (RSA) Algorithm
Ronald L. Rivest, Adi Shamir, and Leonard Adleman developed the RSA
system in 1977 [13].
This system uses as its trapdoor function that is fi,n(x) = ximod n where i,n,
and x are large integers, typically 100--300 digits.If you know i,n, and x, it is relatively easy to compute fi,n(x), but (for the
right choice of i and n and as far as we know), not the reverse. The numbers i and n
form the public key. The secret key is n and another large number j such that xi j
= x
mod n. The three numbers (n, i, j) are called a key pair. [12]
RSA Key Pairs
We are left to determine:
l How to choose a key pair (n, i, j) such that xi j = x mod n (correctness)
l How to choose a key pair so that knowing the public key does not allowdecryption (security)
This depends on a few pieces of elementary number theory and one fact aboutthe current state of computational number theory:
l It is much easier to test whether or not a number is prime that to find the
prime factors of a non-prime number of the same sizeCreating a key pair depends on being able to find two large prime numbers on
demand, whereas breaking one (finding j given n and i) seems to depend onfactoring their product. [12]
Creating Key Pairs
A key pair is created by finding two primes P and Q of suitable size (and withcertain nice properties). We multiply them together to get N = P * Q.
Now I is chosen (often I = 3, it doesn't matter). To find J we need:
-
8/3/2019 Project Chou
25/67
25
The extended Euclidean algorithm:
This algorithm computes the highest common factor (greatest common divisor) H
of two integers X and Y and finds two integers S and T, such thatS * X+T * Y=H
Details later.We apply this with X = I and Y = (P-1)*(Q-1). If the GCD H is not 1 we try
another I. When H = 1, we have S and T such that
S * I + T * (P-1) * (Q-1) = 1
We take J = S.
RSA Example:Take P = 7 and Q = 11 then N = 77.
Take I = 13, the public key is (13,77)
Using the Extended Euclidean Algorithm, with X = 13 and Y = (7-1) * (11-1) = 60
to find that S * 13 + T * 60 = 1, J = S = 37 and T = -8.
Hence (37,77) is the secret key.Now we can encrypt 2:
313
mod 77 = 1594323 mod 77 = 38
Decrypting we calculate (working mod 77)
381 mod 77 = 38
382
mod 77 = 1444 mod 77 = 58
384
mod 77 = 582
mod 77 = 3364 mod 77 = 5338
8mod 77 = 53
2mod 77 = 2809 mod 77 = 37
3816 mod 77 = 372 mod 77 = 1369 mod 77 = 60
3832
mod 77 = 602 mod 77 = 3600 mod 77 = 58
We can find38
37mod 77 = (38
32* 38
4* 38
1) mod 77 = (58*53*38) mod 77 = 116812 mod 77 =
3 [12]
The structure of public-key cryptosystem as shown in Figure 16.
Figure 16. The structure of public-key cryptosystem.
PlaintextEncryption Decryption
Ciphertext Plaintext
Asymmetric key pair generator
Private keyPublic key
-
8/3/2019 Project Chou
26/67
26
Private Key Cryptosystem
Data Encryption Standard (DES)
. . . is the name of the Federal Information Processing Standard (FIPS) 46-3,which describes the data encryption algorithm (DEA). The DEA is also defined in
the ANSI standard X9.32. [Originally developed by IBM and known as Lucifer],
the National Security Agency (NSA) and the National Bureau of Standards (NBS,
now the National Institute of Standards and Technology, NIST) played a substantial
role in the final stages of development. The DEA, often called DES, has beenextensively studied since its publication and is the best known and widely used
symmetric algorithm in the world.
The DEA has a 64-bit block size and uses a 56-bit key during executio n (8
parity bits are stripped off from the full 64-bit key). The DEA is a symmetric
cryptosystem, specifically a 16-round Feistel cipher and was originally designed forimplementation in hardware. When used for communication, both sender and
receiver must know the same secret key, which can be used to encrypt and decrypt
the message, or to generate and verify a message authentication code (MAC). The
DEA can also be used for single-user encryption, such as to store files on a hard
disk in encrypted form. In a multi-user environment, secure key distribution may be
difficult; public-key cryptography provides an ideal solution to this problem. [14]
l Secret-key cryptosystem.
l Originally from IBM Thomas J Watson labs.
l Adopted for low-level security by US Govt.l Published and standardized in the 80s.l Fast to encrypt and decrypt in software or hardware.
l Fast hardware commercially available (U.S. export restrictions apply).l Still strong but starting to look a little shaky.
l Block cipher with 64 bit blocks.
l 56 bit keys extended to 64 by eight parity bits.l Encryption and decryption each a sequence of basic steps. [12]
DESBasic Structure
Think of DES as a pair of functions from a 64-bit key k (actually made from a 56-bit key, to allow the NSA to do brute force search if they want to) and a 64-bit plain
text p to a 64-bit ciphertext cc = EDES(k, x) = I-1 (PT16(k)(S((S(PT1(k)(I(x)))
x = DDES(k, x) = I-1 (PT1(k)(S((S(PT1(k)(I(x)))Where:
I is a fixed permutation of the 64 bits.
S swaps the two 32-bit half-words.PT (x)= x + T (x / 2
32) where T is a function from 32-bit numbers to 32-bit numbers.
[12]
-
8/3/2019 Project Chou
27/67
27
DESCorrectness
Clearly S(S(x)) = x.Also PT (PT(x)) = x, since PT does not change the high half-word and adds a function
of the high half word to the low one. Adding something twice in binary has noeffect.
Thus EDES(k, EDES(k,x)) = x, also EDES(k, DDES(k,x)) = x
The heart of the encryption is in the definition of Ti(k) for i = 116. [12]
The structure of private-key cryptosystem as shown in Figure 17.
Figure 17. The structure of private-key cryptosystem.
PlaintextEncryption Decryption
Ciphertext Plaintext
Symmetric key generator
Secret keySecret key
-
8/3/2019 Project Chou
28/67
28
CHAPTER V
THE FINGERPRINT IDENTIFICATION
AND ENCRYPTION SYSTEM
Summaries of Modification
This section focuses on the difference between the original and modified
Fingerprint Identification and Encryption System (FIES). Tables 3, 4, and 5 summarize
the different modification modes.
Table 3.
Summary of Original and Modified Systems
ID# Features Original System Modified System
F01 User Interface X O
F02 Person Management X O
F03 Fingerprint Data Enrollment X X
F04 Fingerprint Data Verification X X
F05 File Encryption X O
F06 File Decryption X O
F07 Matching Points and Password Change X X
F08 About and Exit X X
X - Feature available, no modificationO - Feature was modification
-
8/3/2019 Project Chou
29/67
29
Table 4.
Description of Features in the Original System
Features Description Reference
User Interface The original system uses two main user interfaces: the IDManagement and Encryption/Decryption Managementinterface. ID Management menu includes the Person, Enroll1:N Verify, 1:1 Verify, Setup, About, and Exit functions.
When the user wants to login ID Management, he/she must
input a correct password. ID Management is used to accessusers data such as ID, Name, and Level in the Person
function. Users can add, modify, delete, and load users data.After adding or modifying a user, fingerprint data must be
enrolled by using a fingerprint reader in the Enroll function.When a user enrolls fingerprint data, he/she can choose any
finger to be scanned. The system will create a user fingerprintdata file that uses the user ID for the files name. The user can
verify the fingerprint data by comparing 1:N Verify or 1:1Verify (1:N means to search all users database, 1:1 means one
user that input ID to search this IDs database). The Setupfunction allows users to set the number of matching points (8,10, 12, 14, 16, and 18) and to change a password (8 digits).The About function includes the information of the company.
The Exit function just logs a user off the system.Encryption/Decryption Management is used to encrypt/decrypt
files depending on loaded user data. User data cannot bechanged while Encryption/Decryption Management interface
is in use. Its menu includes Person, Encryption, Decryption,Minutia Threshold, About, and Exit functions. The Personfunction can only load user data form created through the ID
Management interface. The Encryption function is used toencrypt a file. The Decryption function is used to decrypt a
file. The Minutia Threshold function is used to set up thenumber of matching points. The About and Exit functions are
the same as with the ID Management interface.
F01
PersonManagement
There are three attributes of the Person Management feature.There are the ID, Name, and Level. The Level attribute is not
used. Name and Level can be blank. The system saves data toa special file (user.inf).
F02
Fingerprint Data
Enrollment
After creating user data, the user has to enroll fingerprint data
and save them to a file (Ex. User ID.aid)
F03
-
8/3/2019 Project Chou
30/67
30
Fingerprint Data
Verification
After a user enters his/her data, the user can use this system to
check prior availability of this data via 1:N Verify or 1:1
Verify.
F04
File Encryption The user can encrypt any type of file. (After file encryption, itssize is almost the same with original file size), and you cannot
change anything to decrypt file without using FIES. After fileencryption, the FIES will create an encrypted file. The key for
encryption combines the system time and a key that is87654321.
F05
File Decryption Users will need data from the Person Management feature inorder to decrypt a file. This means that everyone with data inPerson Management feature can decrypt encrypted files.
F06
Matching Pointsand Password
Changed
User can set initial matching points (8, 10, 12, 14, 16, and 18)and change their password (8 digits).
F07
About and Exit The About function includes information on the company. TheExit function just logs off user from the system.
F08
Table 5.
Description of Features in the Modified System
Features Description Reference
User Interface The modified system uses only one main user
interface called the Fingerprint Identification andEncryption System (FIES). The system menu
includes the Person, Enroll1:N Verify, 1:1 Verify,
Encrypt, Decrypt, Setup, About, and Exitfunctions. When a user runs the FIES, the system
requests a correct password to login. The systemcan be used to access users data such as ID, Name,
and Group in the Person function. Users can add,modify, delete, and load users data. The Encryptfunction can encrypt files individually or group.
When the user chooses individual, he/she will berequested to load user data to encrypt a file;
however, when the user chooses group, he/sheneeds to input a groups name to encrypt a file. The
Decrypt function decrypts files after scanning and
F01
-
8/3/2019 Project Chou
31/67
31
verifying a user s fingerprint.
Person Management All three attributes of Person Management - ID,
Name, and Group - cannot be blank. When user
data is loaded, the interface will display the user s
name.
F02
File Encryption Encryption can either be for individual or for group.
For individual, the user needs to select one person
from Person Management list. For group, the user
needs to input a groups name that exists in the
Person Management list. After successful file
encryption, the FIES will create two filesan
encrypted file and a code file. The key for
encryption combines the system time and a key thatis 87654321. The system also automatically
creates a code file. The code file is created by using
the original file, user ID, and a private key that is
87654321.
F05
File Decryption For a user to decrypt file, a fingerprint must bescanned and provided along with an encrypted file
and a code file. Each user must have their code file.
F06
-
8/3/2019 Project Chou
32/67
32
User Interface
After clicking the FIES icon, every time the user wants to log into FIES, the
user has to input the correct password (Figure 18).
Figure 18. Password input dialog box.
After inputting the correct password, the user can enter FIES. The interface is
shown in Figure 19.
-
8/3/2019 Project Chou
33/67
33
Figure 19. FIES interface screen shot.
Person Management
As the first step before using this system, the user must add user data into
Person Management (Figure 20).
-
8/3/2019 Project Chou
34/67
34
Figure 20. Person Manager interface screen.
There are three attributes of Person Management: ID, Name, and Group. All
attributes must be filled in. None can remain blank. Then the ADD button is pressed.
The system will save the data to a special file (user.inf). When a user loads user data, the
interface will display all IDs, Names, and Groups. After adding a user, the user can
modify or delete the user data at anytime. Moreover, the user should enroll his/her
fingerprint quickly in order to create a user data file (ex. User ID.aid). One thing is very
important: after modifying user data, the user has to enroll fingerprint data again (Figure
21).
-
8/3/2019 Project Chou
35/67
35
Figure 21. Enroll procedure screen.
After adding or modifying a user, the user can load his/her data and enroll
fingerprint data after pressing the Enroll button (Figure 22).
-
8/3/2019 Project Chou
36/67
36
Figure 22. FIES interface screen shot showing user name.
-
8/3/2019 Project Chou
37/67
37
Fingerprint Enrollment
When the user presses the Enroll button, the Finger Position dialog will be
displayed. The user should choose a finger to enroll fingerprint data (Figure 23).
Finger 23. Finger position dialog box.
-
8/3/2019 Project Chou
38/67
38
After choosing a finger, the system will wait for the user to put his/her finger
on the fingerprint reader (Figure 24).
Figure 24. Fingerprint reader screen.
-
8/3/2019 Project Chou
39/67
39
When the fingerprint reader scans and reads the fingerprint data, the system
interface will automatically display the fingerprint data in the center of the FIES interface.
It is important to note that the extract minutia value of more than 30 is better because
more matching points are easy to compare (Figure 25).
Figure 25. Fingerprint data display screen.
-
8/3/2019 Project Chou
40/67
40
The user should scan their fingerprint data more than once in order to verify
personal data. It is best to scan one finger more than three times (Figure 26).
Figure 26. Fingerprint data registration dialog screen.
After scanning all fingerprint data, the system will display a fingerprint
enrollment completed message (Figure 27).
After creating user data, the user has to enroll fingerprint data and save them
to a file (Ex. User ID.aid).
-
8/3/2019 Project Chou
41/67
41
Figure 27. Fingerprint Enrollment Completed dialog box.
Fingerprint Verification
After a user has created his/her data, the user can use the system to check user
availability. The user can verify the fingerprint data with the method of 1:N Verify or
1:1 Verify.
-
8/3/2019 Project Chou
42/67
42
1:N Verify
First, the user needs to press the 1 :N Verify button (Figure 28).
Figure 28. Screen shot showing the 1:N Verify tab.
Second, scan the finger to find and verify user data (Figure 29).
-
8/3/2019 Project Chou
43/67
43
Figure 29. User verified dialog box.
1:1 Verify
First, the user needs to press 1:1 Verify button and input ID Number (Figure
30).
-
8/3/2019 Project Chou
44/67
44
Figure 30. Input ID Number dialog box.
Second, scan the finger to find and match the user data (Figure 31).
-
8/3/2019 Project Chou
45/67
45
Figure 31. User verified dialog box.
-
8/3/2019 Project Chou
46/67
46
File Encryption
The user can encrypt any type of file (after file encryption, its size is almost
the same as the original file size) and cannot change anything in order to decrypt files
without using FIES. When encrypting files, a user can choose encryption for Individual
or Group. For Individual, the user needs select one person from the Person
Management list. For Group, the user needs to input the group name, which exists in
the Person Management list. After file encryption, FIES will create two files: the
encrypting file and the code file. The key for encryption combines the system time and a
key that is 87654321. The system also automatically creates a code file. The code file is
created by the original file, ID, and a key that is 87654321. Otherwise, if no person is
created in the Person Management or no group name is inputted, file encryption will fail.
Individual Encryption
The user needs to press Encrypt button and then click Individual (Figure
32).
-
8/3/2019 Project Chou
47/67
47
Figure 32. Encryption selection dialog box for Individual.
Select one user to encrypt a file (Figure 33).
-
8/3/2019 Project Chou
48/67
48
Figure 33. Selecting one user.
After selecting and loading user data, the system will display the initial file
name and path (Figure 34).
-
8/3/2019 Project Chou
49/67
49
Figure 34. File name and path dialog box.
Set up the file name and path for file encryption (Figure 35).
Figure 35. Encryption set up dialog box.
-
8/3/2019 Project Chou
50/67
50
The system will display a successful file encryption message (Figure 36).
Figure 36. Encryption success dialog box.
The user can find an encrypting file in the folder that is set up (Figure 37).
Figure 37. Encryption folder.
The system will automatically create a code file for decrypting file (Figure 38).
-
8/3/2019 Project Chou
51/67
51
Figure 38. Code file.
Group Encryption
The user needs to press the Encrypt button and then click Group with a
group name (Figure 39).
-
8/3/2019 Project Chou
52/67
52
Figure 39. Encryption selection for a Group dialog box.
Set up the file name and path for file encryption (Figure 40).
-
8/3/2019 Project Chou
53/67
53
Figure 40. Encryption setup dialog box.
The system will display a successful file encryption message (Figure 41).
Figure 41. Encryption success dialog box.
The user can find an encrypting file in the folder that you set up (Figure 42).
-
8/3/2019 Project Chou
54/67
54
Figure 43. Encryption folder.
The system will automatically create code files for group members to decrypt
file (Figure 43).
-
8/3/2019 Project Chou
55/67
55
Figure 43. Code files for group members.
File Decryption
If the user wants to decrypt files, he/she must scan their fingerprint and use
the encrypting file and code file that the system created. Each user has their code file.
First, the user should set up the file name and path for file decryption (Figure 44).
-
8/3/2019 Project Chou
56/67
56
Figure 44. Setting up the file name and path for decryption.
The user should also set up a code file name and path (Figure 45).
Figure 45. Setting up a code file name and path dialog box.
Next, the user should browse and set up the code file location (Figure 46).
-
8/3/2019 Project Chou
57/67
57
Figure 46. Setting up the code file location.
After set up the encrypting file and code file, the user should scan his/her
fingerprint to the decrypt file (Figure 47).
-
8/3/2019 Project Chou
58/67
58
Figure 47. Scanning the fingerprint screen shot.
The system will display a successful file decryption message (Figure 48).
Figure 48. Decryption Procedure Completed dialog box.
-
8/3/2019 Project Chou
59/67
59
The user can put the decrypt file in the folder that he/she set up (Figure 49).
Figure 49. Decryption folder with file.
-
8/3/2019 Project Chou
60/67
60
Set up
The user needs to press Set up and then Matching points to change
minimum matching points. Initial matching points are [8, 10, 12, 14, 16, and 18] (Figure
50).
Figure 50. Minimum match points screen.
-
8/3/2019 Project Chou
61/67
61
The user needs to press Set up and then Password Change to change the
password. Initial password is 99999999[8 digits] (Figure 51).
Figure 51. Password change dialog box.
-
8/3/2019 Project Chou
62/67
62
About
The information includes the system title, version, copyright, programmer,
and technical support information (Figure 52).
Figure 52. About screen shot.
-
8/3/2019 Project Chou
63/67
63
Exit
The Exit function will save data, close files, delete unnecessary files, and
log off the system.
Discussion and Future Work
This fingerprint system contains the fingerprint identification and file
encryption structure. However, this system does not require writing very large and
complex code. A lot of time was spent searching and buying the right fingerprint reader
and obtaining the copyright. After several discussions with the company (Leahsin
Technologies, Inc.) that makes the fingerprint reader used in this project, an agreement
was reach with the owner allowing use of their fingerprint reader source code as an
education reference. In order to complete this system, the right software to write the
source was needed. After several revisions, Visual C++ 6.0 Enterprise operating under the
Windows 2000 Professional environment was selected for this purpose.
Although the system developed for this project was satisfactory, there is room
for improvement. For example, the User Interface can be designed to be more ascetically
pleasing and 3D animation could be added. In the Person Management function, a
programmer could add more attributes to identify the user. Currently, there are only User
ID, Name, and Group. A programmer could add additional information such as the user s
address, telephone, e- mail etc. For the File Encryption and Decryption function, a
programmer could use more complex cryptanalysis to protect important files and data.
Choosing a better fingerprint reader will make fingerprint identification more accurate
and reliable.
-
8/3/2019 Project Chou
64/67
64
CHAPTER VI
SUMMARIES AND CONCLUSIONS
This project used the dialog-based MFC AppWizard [exe] of Visual C++ 6.0
Enterprise version as the basis of the program. It is a great application that is very easy to
use. Once the requirements of a program are understood, the programmer can build the
system more quickly and easily make adjustments to it as needed. In addition, complex
skills are not required to combine the program and user interface. The programmer may
only need a simple procedure and then create a class for it.
The centerpiece of the program is finger_rDlg.cpp that calls other dialog
interfaces. The fingerprint data collected from the fingerprint reader and the fingerprint
identification function libraryare both stored in the FingerTouch_ID100NT_lib.lib. At
the start of running the program, a variable is declared and the system initialized. The
user can then use the system.
The user file (user.inf) is used to import and export the users data. Moreover
the user has to enroll a fingerprint image to create an individual fingerprint data file. This
project uses a fingerprint reader (SFP-100) produced by Leahsin Technologies Inc. It uses
fingerprint characteristics to build the fingerprint database, which the user can then use to
verify personal identification.
It is important to use a file encryption system that uses two keys to encrypt
files. One key is used with system time. Another key is a secure key 87654321, which
also creates a code file synchronal and automatically. The code file is converted from the
source file to a context file plus 87654321 and User ID. When the user wants to decrypt
-
8/3/2019 Project Chou
65/67
65
a file, the user must have a code file and fingerprint scan. It is very important that the
code file is indecipherable.
It is not easy to protect data. Simple passwords cannot ensure data
confidentiality. Biometric technology offers a more natural way o f securing data and
systems without the need to constantly change and memorize passwords. This project
used fingerprint identification as its biometric technique with private-key cryptosystem to
establish a secure and flawless cryptosystem.
-
8/3/2019 Project Chou
66/67
66
REFERENCES
[1] U.S. Census Bureau. (2001, September).Home computers and Internet use in the
United States: August 2000. Retrieved July 2003, fromhttp://www.census.gov/prod/2001pubs/p23-207.pdf
[2] Whatis?com. (2003a). Firewall. Retrieved Sept. 24, 2003, from
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html
[3] Whatis?com. (2003b).Biometrics. Retrieved Sept. 24, 2003, from
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211666,00.html
[4] Whatis?com. (2001). Cryptanalysis. Retrieved Sept. 24, 2003, from
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214432,00.html
[5] SignalGuard. (2003a). What is encryption? Retrieved Sept. 24, 2003, from
http://www.signalguard.com/encryption/encryption.htm
[6] SignalGuard. (2003b). Key management. Retrieved Sept. 24, 2003, from
http://www.signalguard.com/encryption/publickey.htm
[7] NextWave Solutions. (2003).Biometric. Retrieved July 2003, from
http://www.next-wave-solutions.com/biometrics.html
[8] EagleTec Peripheral, Inc. (2003). Eagle Tec fingerprint scanner PC card. RetrievedJuly 2003, from http://www.eagletec.net/login/pop.asp?id=467
[9] International Business Machines (IBM). (2003) .Targus DEFCON authenticator
USB fingerprint reader with USB hub. Retrieved July 2003, from http://www-
132.ibm.com/webapp/wcs/stores/servlet/ ProductDisplay?catalogId=-840&langId=-1&partNumber=31P6762&storeId=1
[10] Lennard, C.J. & Patterson, R. (2003).History of fingerprinting, part 1 and part 2.
Retrieved Sept. 24, 2003, from http://www.policensw.com/info/fingerprints/
finger01.html
[11] Lin, C. (2001).Minutiae extraction from thermal fingerprint images. Unpublishedmaster s thesis, Chung Yuan Christian University, Chung-Li, Taiwan, Republic of
China.
[12] Linton, S. (1995). Cryptology. Retrieved July 2003, from http://www-theory.dcs.st-
and.ac.uk/~sal/school/CS3010/Lectures/forhtml/node4.html
-
8/3/2019 Project Chou
67/67
[13] RSA Security, Inc. (2003a).RSA-based cryptographic schemes. Retrieved July 2003,
from http://www.rsasecurity.com/rsalabs/rsa_algorithm/index.html
[14] RSA Security, Inc. (2003b). 3.2.1. What is DES? Retrieved July 2003, from
http://www.rsasecurity.com/rsalabs/faq/3-2-1.html