Joumal of Applied Sciences § (17): 2939-2948, 2008 ISSN 1812-5654 © 2008 Asian Network for Seientifie Information A Secured Fingerprint Authentication System ‘MA. Rajibul Islam, Md, Shohel Sayeed and Andrews Samraj ‘Multimedia University, Faculty of Information Science and Technology, Jalan Ayer Keroh Lama, 75450 Melaka, Malaysia Abstract: This study is a protection analysis of foremost privacy enhanced technologies for biometrics including watermark embedding technique and fixed digit encryption. A biometric authentication system is vulnerable to a mixture of attacks, These attacks are anticipated to either evade the security afforded by the system ce to discournge the usual funetioning of the system. Here, we briefly review some of the known attacks that can be encountered by a biometric system and some corresponding protection techniques, We explicitly Focus on threats designed to extmict information about the original biometric data of an individual from the stored data as well as the entire authentication system. We offer a biometric authentication scheme which uses tnvo separate biometric features combined by watermark embedding with fixed digit encryption to obtain a non- ‘unique identifier of the individual, in order to adress security and privacy concems, Moreover, we provide experimental results presenting the performance of the authentication system, In the client-server environment the transformed features and templates travel through insecure communication line like the internet or intranet. (Our proposed technique causes security against eavesdropping and replay attacks on the internet or intranet, because the transmitted feature information and the templates are different every time, Key words: Termplate protection, watermark embedding, fixed digit encryption, fingerprint, palmprint, minutiae INTRODUCTION Biometric systems propose numerous benefits over traditional euthentication methods, Biometrie information cannot be obtained by diteet secret observation It is lunfeasible to share and complicated to replicate. It increases user expediency by improving the need to memorize long and random passwords. It guards against repudiation by the user. Biometrics supplies the same level of security to all users unlike passwords and is highly challenging to brute force attacks, Tdentification and authentication refers to two special tasks: finding the identity of a person given the biometric versus verifying the identity given the biometric data and the claimed identity. In this study, we propose a biometric authentication scheme to address the security and privacy concerns shown in Fig. 1, In meticulous, two biometric features (eg. fingerprint and palmprint) are combined to obtain a ‘nonsunique identifier of the individual and stored as such, Fig. 1: Privacy and security issues conceming a biometric: authentication system Corresponding Author: (Ma. Rajibal Islam, Multimedia University, Faculty of Information Ssience and Technolgy, Jalan Ayer Keroh lama, 75450 Melaka, Malaysia Tel: +60162489860 2939J.Applied Se, 8 (17): 2939-2948, 2008 “Toble: Soneatacks ad thei tp erate “Type aats Ral Area of ak Spoaing Fooling be wahaaicaion Bete ‘stent apna ike Fingers fee image te Reply mack Ijectingafeceredimage nthe Thechune! beeen fateminput evoiing the cesar sence and matcher Sutton Tfanataekecttansan aces © Storage datbaee nok ‘hentorage, eer ocala rere, can overt he seine wets ‘ep wi shrew ‘Tempering lnatderto achieves bi Storage detahse, Veiewienseere anne sts mate fanbe modi Masquewe Anatackercancreteadigtal Daring verification ak seit age oma fingering the cael feng ihe gaa an cos to bacveen seme thetenplaes ered onarente ander Server ic oat wil generate ‘th fsubratedoe ytem ‘Tijunhuse Scvealpatsetiesjsem eg. Mather niacks mache canbe replaced by + “Troon hore ogra hat ares up high ween sere Overidng The cut ete te isalweys During devon Yeoto —abimy TesNo ie. matte” making repose made esgese Iran atcha were ae {blew interject alse Veseespee 2a reper pont ofthe ‘inunaction between the ‘lanes und he appicaon hull pose a estate et omy ofthe applets Privacy sue Tne aecrcy of ery ——Daring dison ‘cenercal bee este, taking aller loth ttemscEFRR and FAR maching igh FRR cases icone for legate usr and pots ‘hess aster Tower ina central database, While the combined biometric ID is not a unique identifier, reducing concems of security and privacy, we show that it ean still be wed in authenticating fa person's identity, As a particular example, we exhibit a biometric authentication system that uses two separate biometrics of the same individual to form @ combined biometric ID. Nevertheless, it is now recognized that biometric systems are vulnerable to attacks. One of the most solemn attacks is against the stored templates. A stolen biometric template cannot be easily revoked and it may be used in collier applications that utilize the same biometric feature, ‘Table | shows a summary of some attacks and their role and area of attacks in the authentication system, Security vulnerabilities of a general biometric system: ‘Biometric authentication aystems may beceme vulnerable to potential attacks. Some of those security vulnerabilities are presented in Table 1 ‘The privacy and seourity issues of a biometric authentication system sketched in this study are shown, inFig.1 ‘Outline of biometric template security approaches: We have summarized some Biometric Template Security approaches in Table 2 which have proposed by aumerous sesearchers. A bit briefing of their atitude, merits and drawbacks are sketched as well, ‘Table 2: Review o several pct end tegen ‘Tenplateseeuiy aprcucbes Metolius Beatie Canaria Exerption Templates pied wna well ‘ihn alga a Tenplie posed ding (Sour eta. 1999) nom cryptographic teens accury ae uae sey ashes ser ‘Nonvrthernform ‘One Hnction applied tothe Since tenairation osu in ‘mai eres ‘hesee etre space cher Usui eae oinerese ‘eed be redesigned (he FRR Fardesingting Usespecifc extemal dares Ineressthe ensopyofbiomerie Ifthe wer specie rand (eat eta, 2006) isadedto ebm features ers ruling slew FAR” information's eogromise there Seno gam inenbepy Key sean ‘Ake drive ctl fom ost cficiew andscalable —_Taleaneetoisouser variations |Suneral, 2007) marie es approach Se tne, resulting a igh FR Secure seh ‘Aseudis devel fom Hetenplte, More toerat io irauser Tanplae i exposed ding (Sute eval, 2007) Sketch is cee becauetenpltecin ——_vritins bere da ean__sueeslmihecation Non- terecensncted nly ifa machin Vianarie quay epreseed Hardened fizy vat (Napiakamaeal,2007)—Allaidapread weed biome esars sehen ong password) lefre asec ste a) costed ‘Anupgtled agecach where wo bmetie Terese sysesied wl ener with ied gt which dived om the oracle Proposed vatemarting wih fae dik xr (WDE) “horn rae of emetic daa reduce soy ‘ewe orsecirng etal ta sah eyo heys Hcdeninceases the eatepy thereby mpeoina the vu secur: also ennees Ue privacy ric eps ae never ‘expose anutere in he bienetic ‘yen Ths nprevesthesecty eth biome tenplteanduser ivy in te we chet sever ‘ole! of bonateatheration Necusersteny: we needs to provide bot the password and the biome ding wien Uerneeis to prose two mee daring ech and vey aeration seeson Hens, Sometimes vey buena Net wer end 2040J. Applied Sci., 8 (17): 2939-2948, 2008 Weta [Pape austin + Wis casifonion Fig. 2 Proposed watermarking with fixed digit encryption (WFDE) Proposed approach towards enhanced authentication security: The approach based on user biometric synthesis Using Watermark embedded and fixed dgit encryption as exposed in Fig. 2, to enhance the authentication security of the system, Biometric templates are bound with the Fixed Digits and recomputed directly from it on verification, As a result we get much stronger Biometric template security. Advantages to use fixed digit are as follows: + Fixed digits are longer and more complex identifiers, + Nonoed for user memorization + Less susceptible to security attacks Besides, some of the security vulnerabilities of a jon system listed in Fig. 1 are + No substitution attack: Without any knowledge of the Fixed Digit and other transitory data, an attacker ‘cannot create his own template that had been used to ate the genuine template + No tampering: While the extracted features are not stored, the attacker has no method to adapt ther. + Nomasquerade attack: The attacker cannot construct 4 digital artifact to submit to the system, since the system does not store the biometric template Watermark with Fixed Digit Eneryption provides effective protection for remote authentication system. + No Trojan horse attacks: Watermark embedded process, Eneryption of Deeryption algorithm does not use any score, either final or intermediate, 10 make a judement, it just rotioves (or does not retrieve) a Key (as we called fixed ligt in our approach). Therefor, the attacker has no means to foo! the system by outputting a high seox + No overriding YewNo response: Tho Encryption algorithm’ output isa 128-bit (or longer fixed digi 8 opposed 10 the binary YewNo response, The attacker cannot obtain the fixed digit from a private template PROPOSED WATERMARKING WITH FIXED DIGIT ENCRYPTION (WFDE) Present proposed scheme consists of four main stops as shown in Fig. 2. First of al, performed preprocessing. and DWT (Discrete Wavelet Transform) of the fingerprint image to make it prepared for the watermark: embedding process, Second step is palmprint classification, so that 2041