Fingerprint Based Multi-Server Authentication System

D. Bennet, Research Scholar,

Dept., .of Computer Science and Engineering Manonmaniam Sundranar Universiy, Tirunelveli, TamilNadu. India. profdbennet@gmail.com
AbstractFingerprint is the most widely used biometric authentication system for server based architecture. To prevent the intruders attacks in a network server both offline and online finger system is the method to improve security and accuracy. In the existing password based systems were designed over a single server, where each user shares a password or some password verification data with a single authentication server. Once an authentication server is compromised, the attackers perform an offline dictionary attacks against the user passwords. The principle is distributing the password database as well as the authentication function to multiple servers, so that an attacker is force to compromise several servers to be successful in offline dictionary attacks. In this system front-end service server interact directly with user and control server behind; it can be robust for the exiting server with biometric features without any additional computation. Here we used fingerprint based authentication system and use some image processing steps to extract finger features for measurements and a new scheme for the identification of a user joining a closed network based on cryptography. The implementation of this new scheme uses elliptical curve based key generation. KeywordsCryptography Service server, Control server, MD5,

Dr. S. Arumugaperumal, Associate Professor,

Head, Department of Computer Science South. Travancore Hindu College, Nagercoil, TamilNadu. India. arumugam.visvenk@gmail.com

II. TWO SERVER ARCHITECTURE The existing architecture provides a password based system mainly indented to completely protect user authentication. In this system each users shares a password or password verification data with single server. These systems are essentially intended to defeat offline dictionary attacks by outside attackers and assume that the server is completely trusted in protecting the user password database. Once an authentication server is compromised, the attackers perform an offline dictionary attacks against the user passwords.

Fig.1 Multi server system

I.

INTRODUCTION

Biometric matching systems use some unique features, such as retina, face, fingerprint, hand and etc., to identify the personality. Fingerprint matching system is the one that many researchers around the world have been paying attention to. Principally, fingerprint matching methods are categorized in three classes i.e. correlation-based matching, minutiae-based matching and ridge feature-based matching. In this paper we introduce to avoid attacks in a network base system based on cryptography. Different approaches in authentication system but the biometric system especially fingerprint system is a major role for the different basic processing system like ROM filtering, normalization, binaraization, thinning, find the core point, minute extraction, MD5 digest and elliptic curve cryptography is the methods to implement in this paper. Another basic approach for this paper is we consider fingerprint for two server architectures mainly to protect user authentication and new proposed system architecture gave a better performance. We conclude that elliptic key exchange scheme is the highly secured compare to other systems.
___________________________________ 978-1-4244 -8679-3/11/$26.00 2011 IEEE

The proposed two server architecture comprises two servers at the server side, one of which is a users server exposing it to users known as Service Server (SS) and the other of which is a back-end server staying behind the scene, known as Control Server (CS), where the users contact only the Service Server. But the two servers work together to authenticate users. In this architecture, a user ends up establishing a session key only with the service server, and the role of back-end control server is to assist the service server in order to authenticate the users. The overall system security is also improved in this model as service server is alone exposed to users and is prone to dictionary attacks.

Fig.2, The Proposed server Architecture

The major observation of this model is that we can conclude the multiple levels of security upon the two servers with respect to unauthorized entities. Particularly the

115

proposed system is suitable for online secured web applications due to its efficiency. III. BIOMETRIC AUTHENTICATION In this method the biometric measurement is extracted from the users finger print image and is send along with the username to authenticate. The fingerprint image of the user is depicted as follows,

Fig.3 Finger print images

The fingerprint image is processed through image processing techniques such as Rom filter, Normalisation, Binarization, Thinning, Minutiae extraction and core detection. Once the core is detected the digest is calculated from it.The biometric measurement extracted is derived from the ridge ending and bifurcations which are shown as follows,

pixel and the remaining rank ordered pixel values inside a neighborhood window centered on the current pixel b. Binarization The binarization operation takes a grayscale fingerprint image as an input and returns a binary fingerprint image is output. The image is reduced in intensity levels from the original 256 (8-bit pixels) to 2 (1-bit pixels). The difficulty in performing binirization is that all the fingerprint images do not have the same intensity threshold cannot be chosen. Therefore, a common image processing tool is used to determine threshold. c. Normalization Before process the input fingerprint image, we normalize the image to constant mean and variance. Normalization is done to remove the effects of sensor noise and finger pressure difference denotes the Gray value at pixel and is the estimated mean and variance of the input fingerprint Image.

Where M0 , VAR are the desired mean and variance values. d .Thinning Thinning is a morphological operation that is used to remove selected foreground pixels from binary image. Thinning reduces the widths of the ridges. A good thinning method will reduce the ridges to single-pixel width while retaining connectivity and minimizing the number of artifacts introduced due to this processing. e. Core detection A reliable approach for the detection of the singular points is required to classify the fingerprints conveniently. The Poincar index method is the most popular and practical approach to detect the singular points in fingerprints. By using this method, the core and delta points are extracted on the basis of differences in the local ridge directions between the adjacent blocks and also the minute points are extracted. Since the algorithm of the Poincar index method is quite simple. t. MD5 Digest Once the core is detected the digest is calculated from it. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.

Fig 4 Biometric measurement

In this the digest that is send along with the username to register. Once the user is registered their authentication is checked at the two servers that are proposed. The block diagram to represent the process carried out in an image is as follows,

Fig 4 Block Diagram for finger processing

a. .ROM Filtering Filtering is the process of removing the noise present in the image. The image may be introduced by dirt or body oil while the fingerprint image is captured. Lot of filtering approaches is used for noise removal. Here the ROM filter concept is used. It is an accurate filter while comparing the other filters. This filtering operation depends on the state variable. The state variable is defined as the output of the classifier that acts on the difference between the current

g. Service side processing In this the digest send by the user is being broken down into two halves. These halves are the spitted among the servers namely service and control. Now in order to authenticate the user the digest halves are being processed among the servers and the result is send back to the user. h. Control side processing

116

In the case of control side, the digest send by the service server is verified with the database. Once the verification process is carried out the result is then send back to the service server. Now these two servers communicate and authenticate the users. In order to send a file or to register the client also involve in the generation of a session key. This processing is done with the help of elliptic curve algorithm. This algorithm is used to authenticate the users in network by using the EKE method called Elliptical Curve. The main aim is to generate a key. IV. CRYPTOGRAPHY AND SECURITY Exchange and storage of information in an efficient, reliable and secure manner is of fundamental importance. There is an increasing amount of transactions using communications over network. Therefore secure communication will be essential for the exploitation of network to its full potential, such as for the transfer of sensitive data such as documents and texts. For many of these applications, systems for authentication will also be necessary. A. CRYPTANALYSIS Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (Internet). Cryptography is fundamental in order to protect information against unauthorized changes and other misuse of information. A cryptanalyst studies vulnerabilities of ciphers and other cryptographic techniques. Network Security problems can be divided into four intertwined areas such as Secrecy, Authentication, Norepudiation and Integrity control. Authentication deals with determining whom you are talking to before revealing sensitive information. Nonrepudiation deals with signatures. Finally, how can you be sure that a message you received was really the one sent and not some thing that a malicious adversary modified in transit. In a mathematical notation, denoted as, Ek(M) =C, k(C) = M

data sets. The working method can be easily understood by the following block diagram.
CLIENT

SERVER

The G,S,P values are entered by user &

Shared G, S, P.

The G, S,P values are shared from client &

The qa value is given as, Qa = Ra * P.

The qb value is given as, Qb = Rb * P.

Encryption of Qa, C1=E(Qa,s). [AES] used.

Sending C1 as msg M1.

Sending C2 as msg M2.

Encryption of Qb, C2=E(Qb,s). [AES] used.

Hash function value generation,

Hash Function value generation,

Fig.5, Encryption and decryption

B. Elliptic Curve Key Sharing This method is used to authenticate the users in network by using the EKE method Elliptical Curve. The main matter key generation is done by this elliptical method. The overall work of the method is, user A and User B share some values and generate the same keys in both sides. The key generation is based on Elliptic Curve method. Then the key is used to encrypt the user id and password. Then the encrypted user id and password is send through network to the receiver. In receiver the user B decrypt the user id and password using the key generated in his side. If the decrypted user id and password are matched with their database then the user B grants permission to access their

There are three methods of EKE are possible. Each method is unique in its own way, but the concept remains the same. Since its the same key, which has to be used for a longer period of time, there is a scope for hackers to crack the code. In this new method the EKE, there is no key generated before hand. Before every transaction a new key is generated by both users and then used. The two main functional differences which are offered by EKE, *Generating the key is a dynamic process; there is no key available before hand. *There is no sharing of the key between two people. The users on both the end derive the key simultaneously and then use it. C. Algorithm V. Let C be an elliptic curve equation. Say y2 + xy = x3 + ax2 + b (a & b are constants) VI. Let P represents a fixed point on the chosen elliptical curve P(x,y). VII. Finding y2 value. VIII. Qa and Qb calculation Qa = Ra * P ( User A ) Qb = Rb * P ( User B ) IX. Encrypting Qa using s to obtain cipher text C1=E(Qa,s) and it is sent to User B in Message m1. X. On receiving m1, User B encrypts Qb using s to obtain cipher text as C2=E(Qb,s) and it is sent to User A in Message m2. XI. Hash Function value generation K1 = H(Ra * Qb) ( User A ) K2 = H(Rb * Qa) ( User B ) and finally we get 16 digit number. d. Security Analysis The analysis for the security of this method is higher than other methods. It will robust against offline dictionary attacks by CS as a passive adversary. Next this approach strongly against dictionary attacks by SS as an active

Fig.6 The working of elliptical curve based user authentication

117

adversary. In the case of active attacks SS may behave arbitrarily such as impersonating user and modifying and replacing messages. V. EXPERIMENTS AND RESULTS In this section we will further validate our proposed architecture by its application. For processing the fingerprint image digest MD5 and also implement Elliptic Curve Key Sharing algorithm to give almost computational efficiency and better performance. The visual representation of our work example gives maximum accuracy and robust security in two-tier technology. Some of the visual representation of the out put will be presented below.

Fig V.4 Digest creation

Fig V.5 Key generation using ECC at client side Fig V.1 Socket creation

Fig V. 6 Key exchange using ECC at Service Server Fig V.2 Browsing finger image

Fig V. 7 User registration Fig V. 3 Reducing the noise

Fig V. 8 Verification at Service server

118

S. Kasaei, M.D., and Boashash, B. fingerprint Feature Extraction using Block-direction region TEN Conf., Digital Signal Processing Applications, TENCON (December 1997), pp.303-306. [9] D. Boneh, The Decision Diffie-Hellman Problem, Proc. Third Int'l Algorithmic Number Theory Symp., 1998. pp. 48-63. [10] Anil k. Janin, Pores and Ridges: High Resolution Fingerprint Using Level 3 Features, IEEE vol.29 No.1 2007. [11] Y. Chen, S.C. Dass, and A.K. Jain, Fingerprint Quality Indices for Predicting Authentication Performance, Proc. Audio- and VideoBased Biometric Person Authentication, pp. 160-170, 2005. [8]

Fig V. 9 Authenticating the user

Fig V.10 File transfer

VI. CONCLUSION The proposed system is a suitable candidate for number of practical applications like Biometric ATMs. Compared with previous solutions, this system possesses many advantages, like highly efficient in terms of both computation and communications.It is also applied to fortify existing standard single-server biometric based security applications. Also it can be used in online web application and in federated enterprise setting, where a single control server supports the multiple service servers. REFERENCES
[1] [2] [3] [4] W. Ford and B S. Kaliski Jr.,(2000) Server-Assisted Generation of a strong Secret from a Password, Proc. IEEE Ninth Intl Workshop Enabling Technologies. M.Bellare, D. Pointcheval, and P. Rogaway,(2000) Authenticated Key Exchange Secure Against Dictionary Attacks, Advances in Cryptology Eurocrypt 00, pp. 139-155. J. Brainard, A. Juels, B. Kaliski, and M. Szydlo,(2003) A New Two - Server Approach for Authentication with Short Secrets, Proc USENIX Security Sym. Y.J. Yang, F. Boa, and R.H. Deng,(2005) A New Architecture for Authentication and Key Exchange Using Password for Federate Enterprises, Proc. 20th Intl Federation for Information Processing Intl Information Security Conf. J. Yang, F. Boa, and R.H. Deng ,(2006)A Practical Password Based Two Server Authentication and Key Exchange System, IEEE Transactions on Dependable and Secure Computing, Vol 3, No. 2. Rajerwari Mukesh, Dr. A. Damodaram A Robust Finger Print based Two-Server Authentication and key exchange system, IEEE 2009. L. Hong, Y. Wan, and A. Jain, Fingerprint Image Enhancement: Algorithm and Performance Evaluation, IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 20, no.8, 1998, pp.777-789.

[5] [6] [7]

119