13 biometrics - fool proof security

K.V.Hari Kishan Yadav B.Abdul Jameel
III B.tech IT III B.tech IT
Irah_09@yahoo.co.in visit_jameel@yahoo.co.in

ABSTRACT
Now-a-days we are facing majority of crimes related to security
issues and these arise due to the leakage of passwords or illegal
authentication. At one end, there is a continuous and tremendous
improvement in the lifestyle of Humans while at the other end; the
technological crimes are increasing rapidly. As there is a problem, there
must be a solution. The need for a compromising technology which can be
adopted is highly imperative. Technologies capable of identifying each person
uniquely need to be developed. The only powerful solution for the problem of
illegal authentication is Biometrics.
Nature has made human beings with different characteristics which
may vary from one person to another. This property is made use of by
Biometric technology to distinctly identify each person. Biometrics is a
means of using the physiological or behavioral characteristics of a person as
a kind of permanent password.
This paper provides an overall idea of Biometrics , the typical
Biometric Model, an overview of the Biometric techniques and focuses mainly
on Keystroke Biometrics which is easy to implement and can provide fool
proof security based on the effectiveness of the algorithm.
“It is better to light up a candle rather than to curse the
darkness”

CONTENTS

 INTRODUCTION
 WHY MOVE TO BIOMETRICS?

 THE BIOMETRIC MODEL

 BIOMETRIC TECHNIQUES

 KEYSTROKE BIOMETRICS (FOOL PROOF)

 IMPLEMENTATION DETAILS

 PERFORMANCE MEASURES

 ALGORITHM

 ANALYSIS: INTER-KEY STROKE TIMING

 MULTIMODAL BIOMETRICS

 APPLICATIONS

 CONSTRAINTS & SOLUTIONS

 CONCLUSION

INTRODUCTION

As per the saying financial transactions and personal
“NECESSITY IS THE MOTHER OF data privacy. Most systems make use
INVENTION”, the need for a new type of a personal identification code in order
of identification and authentication to authenticate the user. In these
technique has led to the development of systems, the possibility of malicious user
Biometrics. gaining access to the code cannot be
ruled out. However, combining the
“ Biometrics is an personal identification code with
automated method of
biometrics provides for robust user
recognizing a person based on a
physiological or behavioral authentication system. Biometrics is of
characteristic. “ two kinds: One deals with the physical

Biometric technologies are traits of the user (Retinal scanning,

becoming the foundation of an extensive Fingerprint scanning, DNA testing etc.,)

array of highly secure identification and and the other deals with the behavioural

personal verification solutions. As the traits of the user (Voice recognition,

level of security breaches and Keystroke dynamics, etc.,).

transaction fraud increases, the need for Utilized alone or integrated with

highly secure identification and personal other technologies such as smart cards,
verification technologies is becoming encryption keys and digital
apparent. signatures, biometrics is set to pervade
nearly all aspects of the economy and
Biometric-based solutions
our daily lives.
are able to provide for confidential
The recent incidents of
cyber crimes and credit card thefts
due to leakage of passwords create a
WHY MOVE TO BIOMETRICS?

hue and cry for the development of a
new type of system which fetches THE BIOMETRIC MODEL
more foolproof security than the The biometric authentication system
password based systems. Biometrics consists of the following parts
is preferred over traditional methods • User interface or the
involving passwords and PIN biometric reader
numbers for various reasons: • Communication
Subsystem
• The Controlling software
 The person to be identified
• Data storage
is required to be physically
Biometric system works by taking a
present at the point-of-
number of samples of physiological or
identification. behavioural characteristics to produce a
 Biometric trait cannot be reliable template of the user information.
easily stolen or lost. The user is verified against a template in

 Identifies the person, not the memory, which he claims to be
the machine. himself and the user is authenticated if
the biometric pattern of the user matches
By replacing Passwords, with the template. The biometric sample
PINs, biometric techniques can of the person is not stored in the host
potentially prevent unauthorized computer or the controller. So there is no
access to or fraudulent use of ATMs, possibility of the others getting it.
cellular phones, smart cards, desktop Moreover, the biometric template of a

PCs, workstations, and computer person is stored in the form of a dynamic

networks. Thus biometric systems of binary template with suitable encryption

Signature Verification Passwords Biometrics
identification are enjoying a renewed to provide utmost security.
interest.

BIOMETRIC MODEL
Matching
Score
95%

Data Collection
Decision
Making Template
Biometric Capture Extraction

Verification

Signal
Processin
Enrollment
g
Storage

Example: FINGERPRINT VERIFICATION

BIOMETRIC IMAGE 1010
CAPTURE PROCESS 0110
1101

IMAGE LIVE UPDATE

TEMPLATE 1010 BIOMETRIC
EXTRACT 0110 MATCHING 98%
1101

MATCHING SCORE
STORAGE DEVICE STORED
TEMPLATE

BIOMETRIC TECHNIQUES Hand and Finger geometry

Fingerprint Verification This method uses the data such as
This is one of the oldest forms of length, shape, distance between the
biometric techniques which involves fingers, overall dimensions of the hand
mapping of the pattern of the fingerprint and also the relative angle between the
of the individual and then comparing the fingers. Modern systems use this
ridges, furrows, within the template. The technique in association with the
fingerprint given to the device is first Fingerprint scanning technique.
searched at the coarse level in the
Voice Biometry
database and then finer comparisons are
made to get the result.
It is proved that the frequency,
stress and accent of speech differ from
Iris Recognition
person to person. Voice biometry uses
In Iris and Retinal scanning, the this concept to solve the problem of
iris and the retina are scanned by a low illegal user.
intensity light source and the image is
compared with the stored patterns in the Signature Verification
database template. They are the fastest This technology uses the dynamic
and the secure form of biometry. analysis of a signature to authenticate
a person. This technology is based on
Facial Scanning
measuring speed, pressure and angle
Facial scanning involves scanning used by the person when a signature
of the entire face and checking of critical is produced.
points and areas in the face with the
template. This method is not completely Keystroke dynamic
reliable and so it is used in association
In this technique, the system analyses
with another biometric technique.
the rhythm of typing the password.

“The keystroke biometrics During this time, one obtains the
makes use of the inter-stroke gap inter-stroke timings of all the keys of

that exists between consecutive the identification code. The inter

characters of the user stroke interval between the keys is
measured in milliseconds. The
identification code.”
systems’ delay routine can be used to
When a user types his
serve the purpose. The delay routine
authentication code, there exists a
measures in milliseconds and the
particular rhythm or fashion in typing
amount of delay incurred between
the code. If there does not exist any
successive strokes can be used as a
abrupt change in this rhythmic
counter to record this time interval.
manner, this uniqueness can be used
The mean and standard
as an additional security constraint. It
deviation of the code are calculated.
has been proved experimentally that
This is done in order to provide some
the manner of typing the same code
leverage to the user typing the code.
varies from user to user. Thus this
The reference level that we chose is
can be used as a suitable biometric.
the mean of the training period and
Further, if the user knows before
the rounded standard deviation is
hand about the existence of this
used as the leverage allotted per user.
mechanism, he can intentionally
These values are fed into the database
introduce the rhythm to suite his
of the user. These details can also be
needs.
incorporated onto the system’s
IMPLEMENTATION DETAILS
password files in order to save the
As the user logs onto the
additional overhead incurred. The
system for the first time, a database
mean and the standard deviation
entry is created for the user. He is
can be determined by using the
then put through a training period,
relationship given below.
which consists of 15-20 iterations.
Mean= (1/n) x (i)

Standard deviation= {[ (X (i)-mean)] 2/n}

Once the database entry has The [FAR] is the percentage of
been allotted for the user, this can be unauthorized users accepted by the
used in all further references to the user. system.
The next time the user tries to login, one
The [FRR] is the percentage of
would obtain the entered inter-stroke authorized users not accepted by the
timing along with the password. A system.
combination of all these metrics is used
as a security check of the user. The An increase in one of these
algorithm given below gives the details metrics decreases the other and vice
of obtaining the authorization for a versa. The level of error must be
particular user. The algorithm assumes controlled in the authentication system
that the database already exists in the by the use of a suitable threshold such
system and one has a system delay that only the required users are selected
routine available and the others who are not authorized
are rejected by the system. In this paper,
standard deviation of the user’s training
PERFORMANCE
period entry is used as a threshold. The
MEASURES correct establishment of the threshold is

While considering any important since too strong a threshold
system for authenticity, one needs to would lead to a lot of difficulty in entry
consider the false acceptance rate even for the legal user, while a lax
(FAR) and the false rejection rate threshold would allow non-authorized
(FRR). entry. Thus a balance would have to be
established taking both the factors into
consideration.

ALGORITHM
Input : User name, User_id, Password.

Output: Registration of a new user (or) Acceptance of a user if registered
(or) Rejection of an unregistered user.

Main()
{

If (User==New)
{ read (User); // Getting User name, User_id, Password
read (Inter-stroke gap); // Time interval between consecutive characters
Add user (database); // Add the User to the database
User count =1; }

else if (User==Training)
{ read (User);
read (Inter-stroke gap);
if (Check (User, Password))
{ if (User count15)
{ update ( User count); // User count = User count +1
add (Inter-stroke gap); }
else if (User count ==15)
{ update (User count);
add (Inter-stroke gap);
Calculate Mean (M), Standard deviation (S.D); }
}
}

else if (User==Existing)
{ read (User);
read (deviation);
if (Check (User, Password, deviation))
Login;
else
exit(0); }
}

Analysis of inter-keystroke timing of user code

A graph is plotted between amount of predefined ranges. FAR
keystrokes and keystroke timing. The and FRR can be reduced to a treat
‘X’ axis indicates the number of extent so that only the legal user gets
inter-keystrokes and negative ‘Y’ access to the system. The +R
axis indicates the inter-keystrokes boundary and –R boundary give the
timing in milliseconds. desired range so that only the legal

User accepted: user gets access.
In the graph, the line (L3)
Graph I shows the inter-
indicates the current pattern of typing
keystroke timing analysis when the
the access code on the keyboard; the
user is accepted. Here it can be easily
line (L2) indicates the keystroke
seen that when the user is authentic
pattern according to reference level
or when he types in his normal
and the line (L1) and (L2) indicates
rhythm, the user automatically comes
the positive and the negative ranges.
into the predefined ranges. The
The ranges can be decided by the
current inter-keystroke timing lies
standard deviation method, which is
around the database inter-keystroke
used here for analysis or any other
timing, thereby providing adequate
adaptive method.

db=Database Graph I: Inter keystroke timing analysis when the
+R=+VE Boundary user is accepted
-R=-VE Boundary
c=Current
-R -R
-R -R -R
c c
-R -R db db -R (L1)
c c db db db
db c c c db (L2)
c c c (L3)
db +R db +R +R +R
+R +R
User not accepted: Graph II indicates inter-
+R +R +R (L4)
keystroke timing when the user is not
ACCESS GRANTED

legal or not following his rhythmic not legal, his typing pattern for the
behavior of typing the access code. It access code is not at all into the
can be easily noticed when the user is predefined ranges.

db=Database Graph II: Inter keystroke timing when the user is
+R=+VE Boundary not legal or not following his rhythmic
-R=-VE Boundary behaviour
c=Current
-R -R
-R -R -R

-R -R db c db -R (L1)
db db db
db c db
c (L2)
db db +R
c +R c +R +R
+R +R
+R +R (L4)
+R c
c c (L3)

ACCESS DENIED

A MULTIMODAL BIOMETRIC SYSTEM
A biometric system which relies advantage of the capabilities of each
only on a single biometric identifier is individual biometric and overcomes the
often not able to meet the desired limitations of individual biometric. This
performance requirements. Identification multi biometric system operates with an
based on multiple biometrics represents admissible response time.
an emerging trend. This system takes the

EXAMPLE (A Multibiometric system)

(FINGER PRINT + FACIAL SCANNING + SPEECH)

ENROLLMENT MODULE

IMAGE Face Extractor
ACQUISITION
MODULE
Databas Minutiae Extractor
e
Browse
r
Ceptral Analysis

FACIAL
SCANNING

Template
Database Eigenspace Projection
and HMM training

FINGERPRINT
Face Eigenspace
Locator Comparison

Minutiae Minutiae Decision Accept/
Extractor matching Fusion Reject

SPEECH Ceptral HMM
ACQUISITION Analyzer scoring
MODULE
VERIFICATION MODULE

server is sure about the user in the
APPLICATIONS
computer.

BIOMETRIC BANKING BIOMETRIC SMARTCARDS

Banks have been
Biometric technologies are
experimenting with keystroke
used with smart cards for ID systems
Biometrics for ATM machine use and to
applications specifically due to their
counteract the credit card frauds. The
ability to identify people with
smart card or the credit card may be
incorporated with the biometric
minimal ambiguity. A biometric

information. When a user inserts his card based ID allows for the verification
for verification, the biometric sample of of “who you claim to be”
the person can be verified precisely and (information about the card holder
if it is identical the person is stored in the card) based on “who
authenticated. The advantage of this you are” (the biometric information
system is that the user can enjoy the stored in the smart card), instead of,
facilities offered by the Bank along with or possibly in addition to, checking
utmost security.
“what you know” (such as
password).
INTERNET SECURITY

If the password is leaked out, the ANY CONSTRAINTS IN
computer or the web server will not be
KEYSTROKE BIOMETRICS?
able to identify whether the original user A question that arises with any
is operating the computer. PCs fitted technology is that “Does this
with biometric sensors can sense the technology have any constraints?” The
biometric template and transmit it to the answer to this question is that, “It purely
remote computer so that the remote depends upon its implementation
mechanism”. In Keystroke biometrics,
the person being authenticated

must have registered their bio- authenticated. Registration processes
identity before it can be can be extremely complicated and

very inconvenient for users. This is producing a much larger than
particularly true if the user being average error rate. Conversely, if a
registered is not familiar with what is user is intrigued and enthusiastic
happening. The problem for the about using the device, he is likely to
operator is that the right person will use it as intended, be more consistent
be rejected occasionally by what and enjoy 8relatively low error rates.
might be presented as a ‘foolproof’ Since this is the case, clearly we
system. Both the FAR and the FRR should aim for well educated (in
depend to some extent on the terms of the system) users who have
deviation allowed from the reference good quality reference templates and
level and on the number of are happy with the overall system
characters in the identification code concept and its benefits.
(Password). It has been observed that
Technology is not any more science
providing a small deviation lowers fiction. Huge of small corporations use
the FAR to almost NIL but at the biometrics a lot of years more and more.
same time tends to increase the Readers cost was reduced and usage of
biometrics is everyday reality.
FRR. This is due to the fact that the
typing rhythm of the user depends to
some extent on the mental state of
The Future Of Biometrics
the user. So, a balance would have to Today we have the technology to
be established taking both the factors realize the aims, and to refine the accuracy
into consideration. of biometric identification, and therefore the
possibility of making it a viable field.
SOLUTION
2025:
The performance measure
It is the year 2025, and biometrics has come
of Keystroke biometrics purely a long way. Uses for biometrics now range
depends on User psychology, i.e., the from employee verification to e-commerce.
user’s particular temperament;
Voice biometrics and hand geometry
understanding and current state of recognition systems are used for employees
mind can have a dramatic impact on to clock-in at work. No longer can
real system performance. If a user is employees clock-in for other employees.
Biometrics are also used in e-business for
not happy about using the biometric secure payment. At dance and night clubs,
device, he is likely to be consistent in biometrics act as a sort of virtual bouncer to
using it, potentially keep out unruly patrons.

Biometrics has become an integral part of traditional security systems in
life. We see the effects of retinal scanning,
hand geometry recognition, and voice the future.
biometrics in our homes, businesses,
employment, and entertainment.

Future is very hopeful for biometric
industry. It has main position in Access
Control and Time and Attendance
applications. Biometric technology is not
any more science fiction. Huge of small
corporations use biometrics a lot of years
more and more. Readers cost was reduced
and usage of biometrics is everyday reality.

CONCLUSION
Keystroke Biometrics offers
a valuable approach to current
security technologies that make it far
harder for fraud to take place by
preventing ready impersonation of
the authorized user. Even if the
unauthorized user discovers the
access code, he cannot get access to
the system until and unless he also
knows the rhythm. Also, the typing
rhythm can be self-tuned by the user
to suit his needs. As the keyboard
has duplicate keys, the typing rhythm
also depends whether the user is a
left-handed person or a right-handed
person. Positively Keystroke
Biometrics will replace the entire

13 biometrics - fool proof security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 13 biometrics - fool proof security

Similar to 13 biometrics - fool proof security (20)

Recently uploaded

Recently uploaded (20)

13 biometrics - fool proof security