26-11-2010, 11:01 AM
[attachment=7297]
ABSTRACT
Biometrics refers to the automatic identification of a person based on his/her physiological or behavioural characteristics. Physical characteristics such as fingerprints, retinas and irises, palm prints, facial structure, and voice recognition are just some of the many methods of biometric encryption. Depending on the context, a biometric system can be either a verification (authentication) system or an identification system. Biometrics is a rapidly evolving technology which has been widely used in forensics such as criminal identification and prison security. Recent advancements in biometric sensors and matching algorithms have led to the deployment of biometric authentication in a large number of civilian applications. With the increased use of computers as vehicles of information technology, it is necessary to restrict access to sensitive/personal data. Real-time biometric systems can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, computer networks and electronic banking.
In this paper an attempt has been made to present to the reader an understanding of this rapidly evolving technology. It includes a brief overview followed by details of components and processes involved, leading Biometric Technologies, the encryption process, benefits, their applications, comparison and future scope.
INTRODUCTION
Reliable user authentication is becoming an increasingly important task in the Web-enabled world. The consequences of an insecure authentication system in a corporate or enterprise environment can be catastrophic, and may include loss of confidential information, denial of service, and compromised data integrity. The value of reliable user authentication is not limited to just computer enhanced security.
The prevailing techniques of user authentication, which involve the use of either passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires the user ID or network access. Many other applications in everyday life also require user authentication, such as banking, e- commerce, and physical access control to computer resources, and could benefit from and the password, the intruder has total access to the user’s resources. In addition, there is no way to positively page link the usage of the system or service to the actual user, that is, there is no protection against repudiation by the user ID owner. For example, when a user ID and password is shared with a colleague there is no way for the system to know who the actual user is. A similar situation arises when a transaction involving a credit card number is conducted on the Web. Even though the data are sent over the Web using secure encryption methods, current systems are not capable of assuring that the rightful owner of the credit card initiated the transaction. In the modern distributed systems environment, the traditional authentication policy based on a simple combination of user ID and password has become inadequate. Fortunately, automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method. Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris, and speech recognition. User authentication methods can be broadly classified into three categories as shown in Table 1.1. Because a biometric property is an intrinsic property of an individual, it is difficult to surreptitiously duplicate and nearly impossible to share. Additionally, a biometric property of an individual can be lost only in case of serious accident
Biometric readings, which range from several hundred bytes to over a megabyte, have the advantage that their information content is usually higher than that of a password or a pass phrase. Simply extending the length of passwords to get equivalent bit strength presents significant usability problems. It is nearly impossible to remember a 2K phrase, and it would take an annoyingly long time to type such a phrase (especially without errors). Fortunately, automated biometrics can provide the security advantages of long passwords while retaining the speed and characteristic simplicity of short passwords.
Even though automated biometrics can help alleviate the problems associated with the existing methods of user authentication, hackers will still find there are weak points in the system, vulnerable to attack. Password systems are prone to brute force dictionary attacks. Biometric systems, on the other hand, require substantially more effort for mounting such an attack. Yet there are several new types of attacks possible in the biometrics domain. This may not apply if biometrics is used as a supervised authentication tool. But in remote, unattended applications, such as Web-based e-commerce applications, hackers may have the opportunity and enough time to make several attempts, or even physically violate the integrity of a remote client, before detection.
A problem with biometric authentication systems arises when the data associated with a biometric feature has been compromised. For authentication systems based on physical tokens such as keys and badges, a compromised token can be easily canceled and the user can be assigned a new token. Similarly, user IDs and passwords can be changed as often as required. Yet, the user only has a limited number of biometric features (one face, ten fingers, two eyes). If the biometric data are compromised, the user may quickly run out of biometric features to be used for authentication.
Only the biometric authentication is based on an intrinsic part of a human being. So unlike a password or PIN or Smart Card, it can't be forgotten, misplaced, lost or stolen. We are having our identification with ourselves and therefore there is no need to carry any card or remember passwords for our identification. A biometric template is unique for an individual for whom it is created. Biometrics ensures that the person trying to access your network and applications is actually a sanctioned user, and not in a possession of a stolen smartcard or someone who found, hacked or cracked password.
BIOMETRIC SECURITY
Presented by:Mr. MANGESH SHARAD WAKADEABSTRACT
Biometrics refers to the automatic identification of a person based on his/her physiological or behavioural characteristics. Physical characteristics such as fingerprints, retinas and irises, palm prints, facial structure, and voice recognition are just some of the many methods of biometric encryption. Depending on the context, a biometric system can be either a verification (authentication) system or an identification system. Biometrics is a rapidly evolving technology which has been widely used in forensics such as criminal identification and prison security. Recent advancements in biometric sensors and matching algorithms have led to the deployment of biometric authentication in a large number of civilian applications. With the increased use of computers as vehicles of information technology, it is necessary to restrict access to sensitive/personal data. Real-time biometric systems can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, computer networks and electronic banking.
In this paper an attempt has been made to present to the reader an understanding of this rapidly evolving technology. It includes a brief overview followed by details of components and processes involved, leading Biometric Technologies, the encryption process, benefits, their applications, comparison and future scope.
INTRODUCTION
Reliable user authentication is becoming an increasingly important task in the Web-enabled world. The consequences of an insecure authentication system in a corporate or enterprise environment can be catastrophic, and may include loss of confidential information, denial of service, and compromised data integrity. The value of reliable user authentication is not limited to just computer enhanced security.
The prevailing techniques of user authentication, which involve the use of either passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires the user ID or network access. Many other applications in everyday life also require user authentication, such as banking, e- commerce, and physical access control to computer resources, and could benefit from and the password, the intruder has total access to the user’s resources. In addition, there is no way to positively page link the usage of the system or service to the actual user, that is, there is no protection against repudiation by the user ID owner. For example, when a user ID and password is shared with a colleague there is no way for the system to know who the actual user is. A similar situation arises when a transaction involving a credit card number is conducted on the Web. Even though the data are sent over the Web using secure encryption methods, current systems are not capable of assuring that the rightful owner of the credit card initiated the transaction. In the modern distributed systems environment, the traditional authentication policy based on a simple combination of user ID and password has become inadequate. Fortunately, automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method. Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris, and speech recognition. User authentication methods can be broadly classified into three categories as shown in Table 1.1. Because a biometric property is an intrinsic property of an individual, it is difficult to surreptitiously duplicate and nearly impossible to share. Additionally, a biometric property of an individual can be lost only in case of serious accident
Biometric readings, which range from several hundred bytes to over a megabyte, have the advantage that their information content is usually higher than that of a password or a pass phrase. Simply extending the length of passwords to get equivalent bit strength presents significant usability problems. It is nearly impossible to remember a 2K phrase, and it would take an annoyingly long time to type such a phrase (especially without errors). Fortunately, automated biometrics can provide the security advantages of long passwords while retaining the speed and characteristic simplicity of short passwords.
Even though automated biometrics can help alleviate the problems associated with the existing methods of user authentication, hackers will still find there are weak points in the system, vulnerable to attack. Password systems are prone to brute force dictionary attacks. Biometric systems, on the other hand, require substantially more effort for mounting such an attack. Yet there are several new types of attacks possible in the biometrics domain. This may not apply if biometrics is used as a supervised authentication tool. But in remote, unattended applications, such as Web-based e-commerce applications, hackers may have the opportunity and enough time to make several attempts, or even physically violate the integrity of a remote client, before detection.
A problem with biometric authentication systems arises when the data associated with a biometric feature has been compromised. For authentication systems based on physical tokens such as keys and badges, a compromised token can be easily canceled and the user can be assigned a new token. Similarly, user IDs and passwords can be changed as often as required. Yet, the user only has a limited number of biometric features (one face, ten fingers, two eyes). If the biometric data are compromised, the user may quickly run out of biometric features to be used for authentication.
Only the biometric authentication is based on an intrinsic part of a human being. So unlike a password or PIN or Smart Card, it can't be forgotten, misplaced, lost or stolen. We are having our identification with ourselves and therefore there is no need to carry any card or remember passwords for our identification. A biometric template is unique for an individual for whom it is created. Biometrics ensures that the person trying to access your network and applications is actually a sanctioned user, and not in a possession of a stolen smartcard or someone who found, hacked or cracked password.
