International Journal of Computer Applications (0975 8887) Volume 3 No.

6, June 2010

A Method to Improve the Security Level of ATM Banking Systems Using AES Algorithm
N.Selvaraju
Lecturer Department of Computer Applications Sri Ramakrishna Institute of Technology Coimbatore-641010

G.Sekar
Lecturer Department of ECE Sri Ramakrishna Institute of Technology Coimbatore-641010

ABSTRACT
An embedded Crypto-Biometric authentication scheme for ATM banking systems is proposed in our paper. In this scheme, cryptography and biometric techniques are fused together for person authentication to ameliorate the security level. The fingerprint template including singular points, frequency of ridges and minutiae are stored at the central banking server when enrollment. At the time of transaction fingerprint image is acquired at the ATM terminal using high resolution fingerprint scanner. The fingerprint image is enhanced and then encrypted using 128 bit private key algorithm. The encrypted image is transmitted to the central server via secured channel. At the banking terminal the image is decrypted using the same key. Based on the decrypted image, minutiae extraction and matching are performed to verify the presented fingerprint image belongs to the claimed user. The authentication is signed if the minutiae matching are successful. The proposed scheme is fast and more secure. Computer simulations and statistical analysis are presented.

interest in biometric authentication is to integrate encryption key with biometrics. The project aims at developing a novel crypto-biometric authentication scheme in ATM banking systems. It mainly reduces the accessing time, when compared with manual based banking system. ATMs are now a normal part of daily life, it explores the accessibility barriers that ATMs present to people with a variety of disabilities, particularly examining the access barriers experienced by the people who are blind, vision impaired or who have reading, learning or intellectual disabilities. Together with the development of biometric authentication, integrated biometrics and cryptosystems has also been addressed. Biometric authentication in our paper is image based. For remote biometric authentication, the images need to be encrypted before transmitted. Chaotic map used in image encryption has been studied [12]. The permutation of pixels, the substitution of gray level values, and the diffusion of the discretized map can encrypt an image effectively. In this paper, an embedded crypto-biometric authentication protocol is proposed. The fingerprint image acquired from the user is encrypted in the ATM terminal for authentication. The encrypted image is then transmitted over the secured channel to the central banking terminal. In the banking terminal fingerprint image is decrypted. The decrypted image is compared with the fingerprint templates. The authentication is valid if the minutiae matching are successful. The organization of the paper is given as follows: Section 2 deals with description of the new embedded crypto-biometric authentication protocol. Section 3 provides the concepts of Encryption and Decryption algorithms. Generation of encryption key [4] is studied in Section 4. Simulation and evaluation of the encryption scheme is conducted in Section5. Conclusions are presented in Section 6.

Keywords:

Biometrics, Fingerprint, Verification, Cryptography, Encryption, Decryption and Symmetric key algorithms.

1. INTRODUCTION
Biometrics based authentication is a potential candidate to replace password-based authentication. Among all the biometrics, fingerprint based identification is one of the most mature and proven technique. Cryptography provides the necessary tools for accomplishing secure and authenticated transactions [3]. It not only protects the data from theft or alteration, but also can be used for user authentication. In a conventional cryptographic system, the user authentication is possession based. The weakness of such authentication systems is that it cannot assure the identity of the maker of a transaction; it can only identify the makers belongings (cards) or what he remembers (passwords, PINs etc.) Automatic biometric authentication is an emerging field to address this problem. Fingerprint authentication is the most popular method among biometric authentication. However, it is infeasible to encrypt such a large volume of image using conventional cryptography for the purpose of centralized fingerprint matching [6]. A strong

International Journal of Computer Applications (0975 8887) Volume 3 No.6, June 2010

2. EMBEDDED CRYPTO-BIOMETRIC AUTHENTICATION PROTOCOL

Generally, there are two basic fingerprint authentication schemes, namely the local and the centralized matching [11]. In the central matching scheme, fingerprint image captured at the terminal is sent to the central server via the network and then it is matched against the minutiae template stored in the central server. There are three stages in the protocol namely registration, login and authentication. In the registration phase, the fingerprints of ATM users are enrolled and the derived fingerprint templates are stored in the central server. The login phase is performed at an ATM terminal equipped with a fingerprint sensor. The proposed block schematic of embedded crypto biometric authentication system is shown in Fig (1).

encrypted into cipher image before transmitting through the secured channel. Decryption is the reverse process of encryption. Fingerprint image is recovered (plain image) by using the same key. DES, Triple DES and AES algorithms are the commonly used symmetric key algorithms. Shared key, less time consumption, easy operation and secret key are the merits of symmetric key algorithms. 3.1 AES Algorithm [13-14] The advanced encryption standard (AES) is a replacement to DES as the federal standard. AES has already received widespread use because of its standard definition, high security and freedom patent entanglements. In cryptography, the Advanced Encryption Standard (AES) is also known as Rijndael algorithm [13]. Unlike its predecessor DES, Rijndael is an iterated block cipher which supports variable block length and key length. Both lengths can be independently specified as 128, 192 or 256 bits. It has a variable number of iterations: 10, 12 and 14 for key lengths of 128, 192 or 256 bits respectively. In this paper, a 128 bit block [14] and key length are assumed, although the design could be adopted without difficulty to other block and key lengths. AES is fast in both software and hardware, relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being deployed on a large scale.

ENCRYPTION KEY

IMAGE PRE-PROCESSING

IMAGE ENCRYPTION

Central Server Fingerprint templates

Singularity Frequency Minutiae
YES

Plain text (128 bits)

IMAGE DECRYPTION
DECRYPTION KEY

MINUTIAE EXTRACTION

MATCHING

ACCESS GRANTED

Rounkey (0) Subbytes Shiftrows Mix columns

NO

ACCESS DENIED

For i=1 to Nr-1

Fig. 1 Schematic of embedded crypto biometric authentication system. In the authentication phase, the fingerprint image is then encrypted and transmitted to central server via secured channel. At the banking terminal the image is decrypted using 128 bit private key algorithm [9]. The encrypted image is transmitted to the central server via secured channel. At the banking terminal the image is decrypted using the same key. Based on the decrypted image, minutiae extraction and matching are conducted to verify the presented fingerprint image belongs to the claimed user. The authentication is signed if the minutiae matching are successful.

Rounkey (i) Subbytes Final round Shiftrows

Rounkey (Nr) Ciphertext (128 bits)

(a)

3.ENCRYPTION ALGORITHMS

AND

DECRYPTION

Encryption is the process of converting plain image into cipher image. Plain image in our paper is the unsecured form of fingerprint image. By using the appropriate keys, plain image is 6

International Journal of Computer Applications (0975 8887) Volume 3 No.6, June 2010
Ciphertext (128 bits)

Rounkey (Nr) Inv Subbytes Inv Shiftrows InvMix columns

For i=1 to Nr-1

Rounkey (i) Inv Subbytes Final round Inv Shiftrows

performed. The key consists of the remainders and a supplementary digit that makes the sum of key equals to N. For example, in a 256256 gray level fingerprint image, there are five points picked up, their coordinates and pixels values are: (32,21,240); (58,115,175); (135,174,189); (216,172,194); (218,221,236). After conducting mod (40) and mod (10) operations for the coordinates and the gray level values, respectively. The result is: (32,21,0); (18,35,5); (15,14,9); (16,12,4);(18,21,6). The sum of above five groups numbers is Sm=226. At last, a supplementary digit N Sm =256-226=30 is the last digit of the key, where N and S m denote the size of the image and the sum of the co-ordinates and pixel vales respectively. The encryption key is: {32, 21, 0, 18, 35, 5, 15, 14, 9, 16, 12, 4, 18, 21, 6, 30} 4.2 From the stable global features of fingerprint image Some global features such as core and delta are highly stable points in a fingerprint, which have the potential to be served as cryptography key. Some byproduct information in the processing of fingerprint image can be used as the encryption key. For example, the Gabor filter bank parameters[7] are: concentric bands is 7, the number of sectors considered in each band is 16, each band is 20 pixels wide; there are 12 ridge between core and delta, the charges of the core and delta point are 4.8138e-001 and 9.3928e-001, and the period at a domain is 16. Then the key could be: {7, 16, 20, 12, 4, 8, 13, 8, 9, 39, 28, 27, 1, 16, 50, and 42}. 4.3 Pseudo random number generator based on chaotic map [12] one can use the pseudo-random number generator introduced in [5] to produce the key. Chaotic maps provide excellent security and have many desired cryptographic qualities. They are simple to implement which results in high encryption rates. In chaos based encryption, the method for developing a cipher consists of four steps. Designing the basic map Generalized map Discretized version Extension to three dimensions

Rounkey (0) Plain text (128 bits)

(b) Fig. 2 AES algorithm (a) Encryption Structure (b) Decryption Structure

AES [14] consists of following steps Key Generation Initial Round Rounds (i) Sub Bytes a non-linear substitution step where each byte is replaced with another according to a lookup table. (ii) Shift Rows a transposition step where each row of the state is shifted cyclically a certain number of steps. (iii) Mix Columns a mixing operation which operates on the columns of the state, combining the four bytes in each column. (iv) AddRoundKey each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule. Final Round (no Mix Columns)

Starting with M N image with L gray levels (for example, with the image consisting of a black square) after performing k iterations, we obtain M N pseudo random integers in the range [0, L-1]. Majority of traditional random number generators generate the next number in the sequence by following certain deterministic rule, i.e., there is a deterministic relationship between xi and xi 1 . The random number generator based on three-dimensional maps is nontraditional because it does not have this property. If more than M N random numbers are needed, we can perform another k iteration of the chaotic map and get another set of M N random numbers. To encrypt a fingerprint image, three to six iterations can hide the image perfectly where each iteration is suggested to use different key. The quality of stream ciphering based on mixing the plaintext with a sequence of pseudo random numbers depends on the following factors: The period of the pseudo random sequence [5]. 7

4. KEY GENERATION
Encryption keys are vital to the security of the cipher, which can be derived in the following three methods: 4.1 Randomly chosen values of pixels and their co-ordinates in raw image Randomly choose 5-10 points in the raw fingerprint image. The vertical and horizontal position of pixels, as well as the gray level values of each point is served as key. MOD operations are

International Journal of Computer Applications (0975 8887) Volume 3 No.6, June 2010
Randomness properties of the generator. It should be computationally hard to determine the key and the seed based on the knowledge of a finite segment of pseudo-random numbers. The structure of permutations of the pixels suggests that the period of the sequence is very high. This statement needs to be quantified by an asymptotic estimate for the period. This topic is currently under investigation. The third requirement is equivalent to breaking the cipher using cipher text only type of attack. As described before, the complexity of a direct key search increases exponentially as 20.9 N 1 . The randomness properties of the proposed random number generator were tested on a 256 256s image with 256 gray levels with the following tests for randomness: Uniformity of distribution test Coupon collectors test Permutation test Poker test Serial pairs test All five tests were satisfied by the sequence of pseudo random numbers obtained from an encrypted image of a black square after nine iterations. The numbers were read in a row-by-row manner. Computer experiments done with other scanning patterns suggest that the properties of the pseudo random sequence do not depend on the scanning pattern.

(c)

(d)

Fig. 3 Fingerprint and the encrypted image. (a) Original image; (b) One round of iteration; (c) Two rounds of iterations; (d) Three rounds of iterations. 5.2 Statistical and Cryptographic Strength Analysis Statistical analysis. The histogram of original fingerprint image is shown in Fig.4 (a). After 2D chaotic mapping, the pixels in fingerprint image can be permuted, but as the encrypted fingerprint image has the same gray level distribution and same histogram as in Fig.4 (a). As introduced in Section 4, 3D chaotic map [11] can change the gray level of the image greatly. After one round and three rounds of 3D substitution, the histograms are shown in Fig.4(b) and (c) respectively, which is uniform, and has much better statistic character, so the fingerprint image can be well hidden.

5.SIMULATION,

STATISTICAL STRENGTH ANALYSIS

AND

In this section, the proposed encryption scheme is tested. Simulation results and its evaluation are presented. 5.1 Simulations The gray level fingerprint image is shown Fig.3(a). The first 3D permutation is performed with the key {32, 21, 0, 18, 35, 5, 15, 14, 9, 16, 12, 4, 18, 21, 6, 30}. After first round of 3D permutation, the encrypted fingerprint image is shown in Fig.3(b). The second round permutation is performed with the key {7, 16, 20, 12, 4, 8, 13, 8, 9, 39, 28, 27, 1, 16, 50, 42}. After that, the image is shown in Fig.3(c). The third round permutation is finished with a key {1, 23, 8, 19, 32, 3, 25, 12, 75, 31, 4, 10, 14, 5, 25, 13}. After this, the image is shown in Fig.3(d), which is random looking. (a) (b)

(c) Fig. 4 Histograms of fingerprint image and the encrypted image. (a) Original fingerprint image; (b) One round of 3D iteration; (c) Three rounds of 3D iterations. Strength analysis. The cipher technique is secure with respect to a known plaintext type of attack. With the diffusion methodology, the encryption technique is safe to cipher text type of attack. As the scheme proposed in this paper use different keys in different rounds of iterations, and the length is not constrained, it can be chosen according to the developers need.

(a)

(b) 8

International Journal of Computer Applications (0975 8887) Volume 3 No.6, June 2010

6. CONCLUSION
An embedded Crypto-Biometric authentication scheme for ATM banking systems has been proposed. The claimed users fingerprint is required during a transaction. The fingerprint image is encrypted via 3D chaotic map as soon as it is captured, and then transmitted to the central server using symmetric key algorithm [14]. The encryption keys are extracted from the random pixel distribution in a raw image of fingerprint, some stable global features of fingerprint and/or from pseudo random number generator. Different rounds of iterations use different keys. At the banking terminal the image is decrypted using the same key. Based on the decrypted image, minutiae extraction and matching are performed to verify the presented fingerprint image belongs to the claimed user. Future work will focus on the study of stable features (as part of encryption key) of fingerprint image, which may help to set up a fingerprint matching dictionary so that to narrow down the workload of fingerprint matching in a large database.

REFERENCES
[1] F.Han, J.Hu, X.Yu, Feng, Zhou: A novel hybrid cryptobiometric authentication scheme for ATM based banking applications, Springer-Verlag Berlin Heidelberg, (2005) 675-681. [2] F.Han, J.Hu, X.Yu, Feng, Zhou: A New Way of Generating Grid-Scroll Chaos and its Application to Biometric Authentication, IEEE, (2005) 61-66. [3] U.Uludag, S.Pankanti, S.Prabhakar andA. K.Jain, Biometric cryptosystems: Issue and challenges, Proceedings of the IEEE, vol.92, no.6, 2004, pp.948960. [4] S. Hoque, M. Fairhurst, G. Howells and F. Deravi, Feasibility of generating biometric encryption keys, Electronics Letters, vol. 41, no.6, 2005, pp.29-30.

[5] Fridrich, J.: Symmetric Ciphers Based on twodimensional chaotic maps, Int. J. Bifurcation and Chaos, 8 (1998) 1259-1284 [6] Zhou, J., Gu, J.: A model-based method for the computation of fingerprints orientation field, IEEE Trans. on Image Processing, 13 (2004) 821-835 [7] Jain, A.K., Prabhakar, S., Hong, L., Pankanti, S.:Filterbank-based fingerprint matching, IEEE Trans. on Image Processing, 9 (2000) 846-859 [8] Jain, A.K., Prabhakar S., Hong, L.: A multichannel approach to fingerprint classification, IEEE Trans. on Pattern Anal. Machine Intell., 21 (1999) 348-359 [9] Chen, G., Mao, Y., Chui, C.: A symmetric encryption scheme based on 3D chaotic cat map, Chaos, Solitons & Fractals, 21 (2004) 749-761 [10] Uludag, U., Ross, A., Jain, A.K.: Biometric template selection and update: a case study in fingerprints, Pattern Recognit., 37 (2004) 1533-1542 [11] Kocarev, L. Jakimoski, G., Stojanovski T., Parlitz, U.: From chaotic maps to encryption schemes, Proc. IEEE Sym. Circuits and Syst., 514-517, Monterey, California, June (1998) [12] Ratha, N.K, Karu, K. Chen, S., Jain, A.K.: A real-time matching system for large fingerprint databases, IEEE Trans. on Pattern Anal. Machine Intell., 18 (1996) 799813 [13] J. Daemen, V. Rijmen, ``the Block Cipher Rijndael,'' Smart Card Research and Applications, LNCS 1820, J.J. Quisquater and B. Schneier, Eds., Springer-Verlag, 2000, pp. 277-284. [14] J. Daemen and V. Rijmen, ``Rijndael, the advanced encryption standard,'' Dr. Dobb's Journal, Vol.~26, No.~3, March 2001, pp.~137--139.