Improved Network Security through Retinal Biometric Based ...

ISSN:2229-6093

Mohamed Basheer K P et al , Int.J.Computer Technology & Applications,Vol 4 (6),1015-1019

Improved Network Security through Retinal Biometric Based Authentication Mohamed Basheer.K.P, Research Scholar, Jamal Mohammed College, Thiruchirappalli, Tamilnadu,India,[email protected] Dr.T. Abdul Razak, Associate Professor & Research Supervisor, Jamal Mohammed College, Thiruchirappalli, Tamilnadu, India

Abstract--- Security and Authentication are challenging problems due to the sprawling growth of Internet in today‟s environment. Therefore, the security of the network users has become an essential factor. There are various techniques available in the literature which make use of passwords, smart cards etc., to provide network related security. But these usual authentication systems have lot of limitations regarding security and privacy. Biometrics are unique lifelong features for each person and are difficult to duplicate. In this paper, the configuration of the retinal vessels which is unique is used for the authentication purpose for network security. 1.

INTRODUCTION

Environment security and privacy are the important issues in network. Truthful verification of persons is a growing demanding service in many fields, not only in police or military environments but also in civilian applications, such as access control or financial transactions. Traditional verification systems require knowledge (a password, a pin) or possession (a card, a key). But these systems require cooperation of individual and may cause identification problem, due to their common inability to differentiate between a true authorized customer and a customer who fraudulently acquired the privilege of the authorized user. Biometric based recognition techniques may provide a solution to these problems.[1,2,3] A biometric system uses physiological or behavioral characteristic to establish the individuality of a specific person in a pattern recognition system. Verification is usually used in the form of confirmation (checking the validity of a claimed identity) or identification (determination of an identity from a database of known people, that is, determining who a person is without knowledge of his/her name). [4] The retinal based biometric system uses the retina blood vessel pattern for verification. This is a unique characteristic of each individual and it is almost impossible to copy that pattern in a false individual. Also, the pattern does not change throughout the person‟s life, except due to some serious medical problem that appears in the eye. Some lesions (points or small regions) can appear but they are easily avoided in the vessels extraction method. Thus, retinal vessel tree pattern has proved to be a valid biometric feature for personal verification as it is unique, time invariant and very hard to copy, as showed by Marino et al.. [5, 6], who introduced a novel verification system based on this feature. In that work, the whole arterial-venous tree structure was used as the feature pattern for individuals.[7] IJCTA | Nov-Dec 2013 Available [email protected]

Retinal recognition has its own unique strengths which make it significant in the recognition system. The major strengths of the retinal biometrics are:  The blood vessel patterns of the retina do not change (unless the person is affected by an eye disease such as glaucoma, cataracts, etc.).  The actual retina template size is only 96 bytes which is very small. Consecutively, verification and identification processing times are very less when compared with larger files.  The unique structure of the blood vessel pattern of the retina facilitates 400 data points to be generated.  Since retina is present inside the eye, it is not exposed to the external treats unlike other biometrics such as fingerprints, hand geometry, etc. The matching and non-matching results are obtained based on the template information which are similar but not exactly the same. A match result is measured by the threshold value. If the match score is below the threshold value then the biometric data is rejected or if the match score is above the threshold value, then the biometric data is accepted. The threshold can be varied so that the biometric system can be more or less rigorous, depending on the requirements of any given biometric application [8]. Fingerprints are the most widely used biometric features in the biometric authentication system. But, fingerprints and iris biometric features can be misused in some cases. So this type of security measures cannot be implied in military and such most secure fields.[9,10] This paper, mainly focuses on approaches for network security for personal authentication. The implementation stage of the proposed approach comprises of four steps namely transformation, encoding, decoding and iris authentication protocol. In key exchange system and multimodal biometrics, it uses an efficient retinal biometric technique for providing network security where the biometric feature used for authentication is the retinal vessel tree. 2. RELATED WORK A biometric authentication system obtains biometric data from a user and compares it against the template data stored in a database to recognize a person or identity. Most of the systems store several templates for single user to account for variations in a person's biometric data. Anil Jain et al., [11] proposed two approaches to automatically select prototype 1015

ISSN:2229-6093


fingerprint templates for a finger from a given set of fingerprint impressions. The first and foremost approach called “DEND” carris out clustering to select a template group that best denotes the intra-class variations, while the second method called “MDIST” chooses templates that have maximum similarity with the rest of the impressions and, thus, denote typical measurements of bio-metric data. Matching results on a database of 50 various fingers with 100 impressions per finger showed that a systematic template selection process resulted in better performance than a random template selection approach. Ronald in [12] described an intelligent approach for password in network security using biometrics. Passwords are the most important means of authenticating network users. But, password authentication provides only limited security. User passwords are routinely forgotten, stolen, shared, or intercepted by hackers. In order to design better security systems, network administrators are replacing network passwords with smartcards, biometric authentication, or a combination of the three. Smart cards are credit card-size devices that generate different random numbers about every minute, in sync with counterparts on each entry point in the network. Smart cards work well as long as the card isn't stolen. A healthier choice to ensure network security is the use of biometrics. This paper addresses the different biometric approaches available to determine a person‟s identity. Also it describes the criteria for selecting a biometric security solution. In conclusion, efforts to establish the biometric industry standards (including standard application program interfaces (APIs)) are also discussed.

location and frequency) for fixed bases. ICA is applied to create optimal basis vectors for the problem of extracting efficient feature vectors which represent iris signals. The basis vectors learned by ICA are localized in both frequency and space like Gabor wavelets. As feature vector the coefficients of the ICA expansion are used. Then, each of the iris feature vector is encoded into an iris code. Experimental results show that the proposed method has a similar Equal Error Rate (EER) to a conventional method based on Gabor wavelets and two advantages: first, the size of an iris code and the processing time of the feature extraction are considerably reduced; and second, it is possible to evaluate the linear transform for feature extraction from the iris signals themselves. 3. METHODOLOGY Authentication systems contribute a major role in many applications. This paper provides a novel biometric authentication system for network security, where the biometric features used for authentication are fingerprint, iris and retina. The following methodology is followed for this process. Fig 1 shows steps involved in extracting feature point for both fingerprint, iris and retina. Steps Pre Processing

Smith et.al [13] studied how to use biometric data to securely derive cryptographic keys for use in a general context, and thus, in particular, for the purposes of authentication. Roughly speaking they introduce two primitives: a secure sketch which allows recovery of a shared secret from any value “close” to this secret, and a fuzzy extractor which extracts a uniformly distributed random string from this shared secret in an error-tolerant manner. The primitives are designed so as to be “secure” even when an adversary learns the value of this public string. A.B. J. Teoh et.al, in [14] proposed a biometrics formulation which is based on the concealment of random kernel and the iris images to synthesize minimum average correlation energy (MACE) filter for iris authentication. Particularly, the training images are multiplied with the userspecific random kernel in frequency domain before biometric filter is created. The main aim of the proposed technique is to provide private biometrics realization in iris authentication in which biometric template can be reissued once it was compromised. Meanwhile, the proposed method is able to decrease the computational load, due to the filter size reduction. K Bae et.al, [15] proposed a new feature extraction algorithm based on Independent Component Analysis (ICA) for iris recognition. A traditional method based on Gabor wavelets should select the parameters (e.g., orientation, spatial IJCTA | Nov-Dec 2013 Available [email protected]

Input Image

Normalization

Preprocessing

Orientation Estimation

Extraction

Frequency Estimation

Mapping Function

Filtering

Minutiae Feature

Thinning Fig 1: Steps involved in Extracting Feature Point for Both Fingerprint, Iris and Retina.

3.1

Retinal biometric based authentication and key exchange system:

This is a new approach for network security using the biometric feature called the retinal vessel tree. The configuration of the retinal vessels is unique for each individual and that it does not vary forever, so it can be used for the authentication purpose. The diverse phases included in 1016

ISSN:2229-6093


this proposed approach are user registration, extraction of retinal features, retina normalization and building secret key. 3.2

Extraction of feature point from retina and generation of secret key: Morphological operations of thinning and joining are done for retina image as preprocessing. Then the bifurcation feature points are obtained from the vascular patterns. The (x, y) coordinates of the bifurcation feature points of the retina are used for the creation of the secret key. The permutation and translation operations are applied on the retinal vascular tree containing the highlighted bifurcation feature points. Thus, new feature points are obtained from the original feature points. The user password is restricted with a constraint to the size of 8 characters. Hence the length of the password is 64 bits. These 64 bits are divided into 4 blocks of each 16 bits in length. The feature point of the highlighted retinal vascular tree is partitioned into 4 quadrants. Each quadrant is allocated with one password block. Permutation is used in such a way that there is no change in the relative position of the feature point. Each 16 bit password block is divided into two components of 7 bits and of 9 bits in length. And denote the amount of translation in the horizontal and vertical directions respectively. The new feature points are obtained by the following transformation.

where and represent the horizontal distance between points before and after transformation respectively. Similarly and denote the vertical distance before and after transformation respectively. This transformation is applied for retina template. Fig 2: Transformed Retinal Features shows the retina template obtained after the application of the password such as „security‟, „template‟ and „quadrant‟

(a) Password 'security

(b) Password 'template'

A. Encoding The transformed features are encoded in the server. An extra layer of security to the biometric database is provided by the password. The ridge and bifurcation points from retina are integrated together. A secret message is created as a 128 bit stream. This secret message is transformed with the password. The 16 bit Cyclic Redundancy Check (CRC) is added to the transformed key S to obtain 144 bit Secret Code (SC). The polynomial for CRC generation is The minutiae points whose Euclidian distance is less than D are eliminated in the combined set. x and y coordinates (each 8 bits) are concatenated to get 16 bit lock/unlock unit „u‟. The „u‟ values are sorted and first N of them are selected. The SC is partitioned into 9 non overlapping segments of 16 bits each. Each segment is altered to its decimal equivalent to account for the polynomial coefficients (C8, C7 …C0). All operations take place in GF (216). The projection of „u‟ on polynomial „p‟ is found. Now the Genuine points set G is (ui, P(ui)). Random chaff points are produced; they are 10 times greater in number than that of genuine points. Both genuine and chaff point sets are combined for encoding. B. Decoding The encrypted data and the bifurcation feature points are decrypted in the authentication phase by the user password. Password based transformation is applied to the query feature points, and the data server is unlocked. This set is compared with the dataserver to separate the genuine point set for polynomial reconstruction. To decode the polynomial, all combinations are tried from this set. Lagrangian interpolation method is used for polynomial reconstruction . For a particular combination of feature points, the polynomial gets decoded. In order to decode the polynomial of degree 8, a minimum of at least 9 points are needed. If the combination set contains less then 9 points, polynomial cannot be reconstructed. Now the coefficients and CRC are appended to arrive at SC*. Then SC* is divided by the CRC primitive polynomial. If the remainder is zero, the query image doesn‟t match the template image and the secret data cannot be extracted. If the remainder is not zero, then the query image matches with the template image and the correct secret data can be extracted. In this case SC* is divided into two parts the 128 bit secret data and the 16 bit CRC code. C. Retinal authentication protocol The retinal features obtained by the above retinal feature extraction approach is utilized in the authentication protocol. Thus, the features of retinal biometrics are used in this approach for network security. 4.

(c) Password 'quadrant' Fig 2: Transformed Retinal Features

IJCTA | Nov-Dec 2013 Available [email protected]

EXPERIMENTAL RESULTS

In order to evaluate the proposed method retina samples are taken from DRIVE datasets. From the database, 40 test biometric images are taken up for the evaluation of this experiment. The FRR ratio is obtained in terms of 10 samples 1017

ISSN:2229-6093


from 1 to 40. The polynomial projections are obtained from the vertical and horizontal distances of the retinal bifurcation features. The retinal template is altered for three different user passwords to check for revocability. The sample retinal bifurcation points from four quadrants after transformation using three different user passwords „security‟, „template‟ and „quadrant‟ respectively are shown in Table 1. Table 1: Retina bifurcation feature points after transformation

Quadrant and password

Feature points before transformation

Transformation code from password

Horizontal Distance (Xu)

Vertical Distance (Yv)

Feature point after transformation

relationship drawn between an original and a reference sample, as with other biometric approaches. The performance measures obtained revealed that the proposed method could effectively provide network security. Therefore, it can be directly applied to fortify the existing standard single-server biometric based security applications. False Acceptance Rate (FAR): It is the probability that the system incorrectly matches the input pattern to a nonmatching template in the database. It measures the percentage of invalid inputs which are incorrectly accepted. Table 2: False acceptance rate (FAR) comparison

Biometric feature images 1-10

Existing iris key authentication 0.39

Proposed Iris key authentication 0.30

11-20

0.47

0.34

57

21-30

0.52

0.37

„template‟

58

31-40

0.59

0.40

„quadrant‟

56

Tu

I „security‟ 122

12

II „security‟

49 159

29

„template‟

54

„quadrant‟

48

III „security‟

57 110

149

„template‟

54

„quadrant‟

57

Considering an 8 character user password „security‟, its American Standard Code for Information Interchange (ASCII) value is given by (115, 101, 99, 117, 114, 105, 116, 121) or 64 bits. These 64 bits are partitioned into four blocks of 16 bits each and these are further partitioned into 7 bits and 9 bits for transformation in horizontal and vertical directions respectively. The transformation of feature point is based on other two user passwords namely „template‟ and „quadrant‟ whose ASCII codes are (116, 101, 109, 112, 108, 97, 116 101) and (113, 117, 97, 100, 114, 97, 110, 116) respectively. Different transformed templates are acquired for the same original template when password is changed. This characteristic of the password system provides revocability. Different passwords can be used for different applications to eliminate cross matching. In modern biometrics, bifurcation points of retinal image can be captured, analyzed, and compared electronically, with IJCTA | Nov-Dec 2013 Available [email protected]

Table 2 shows the resulted False Acceptance Rate (FAR) for the proposed and existing technique. From the table, it can be observed that the proposed technique results in lesser False Acceptance Rate for all the biometric features, whereas the existing techniques results with higher percentage of False Acceptance Rate. False Rejection Rate (FRR): It is the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percentage of valid inputs which are incorrectly rejected. Table 3: False rejection rate (FRR) comparison

Biometric feature images 1-10

Existing iris key authentication

Proposed iris key authentication

0.89

0.31

11-20

0.89

0.28

21-30

0.92

0.25

31-40

0.90

0.24

From the Table 3, it can be observed that the proposed technique results in lesser False Rejection Rate when compared to the existing technique. From all the results obtained, it can be said that the proposed technique results in better security than the existing technique. 5.

CONCLUSION

The human biometrics can be efficiently used to guarantee the network security. This paper proposes retina based biometric system and its performance was evaluated based on the parametric standards such as FAR and FRR. While comparing with the existing biometric techniques. It is 1018

ISSN:2229-6093


observed from the results that the proposed retinal biometric technique provide better FAR and FRR rate than the existing method. For further enhancing the network security retina can be fused with other type of biometric systems with other algorithms.

[14] S. C. Chong, A. B. J. Teoh, and D. C. L. Ngo, “Iris authentication using privatized advanced correlation filter,” in ICB, pages 382–388, 2006. [15] K. Bae, S. Noh, and J. Kim, “Iris feature extraction using independent component analysis,” in Proceedings of the 4th Conference

on

Audio-

and

Video-Based

International

Biometric

Person

Authentication (AVBPA ‟03), vol. 2688, pp. 1059– 1060,Guildford,

REFERENCES [1]

UK, June 2003.

K. Saraswathi, B. Jayaram, Dr. R. Balasubramanian Retinal Biometrics based Authentication and Key Exchange System”, International Journal of Computer Applications (0975 – 8887) Volume 19– No.1, April 2011

[2]

Meenakshi V.S and Padmavathi G, “Securing Revocable Iris and Retinal Templates using Combined User and Soft Biometric based Password Hardened Multimodal Fuzzy Vault”, International Journal of Computer Science Issues, Vol. 7, No. 5, Pp. 159-167, 2010.

[3]

Mahfuzur Rahman, and Prabir Bhattacharya, “Secure Network Communication

Using

Biometrics,”

IEEE

International

Conference on Multimedia and Expo (ICME'01), p. 52, 2001.C. [4]

Sandip Dutta, Avijit Kar, N. C. Mahanti, and B. N. Chatterji, “Network Security

Using

Biometric and

Cryptography,

Proceedings of the 10th International Conference on Advanced Concepts for Intelligent Vision Systems, pp. 38-44, 2008. [5]

C. Mariño, M. G. Penedo, M. Penas, M. J. Carreira, and F. González, “Personal authentication using digital retinal mages,” Pattern Analysis and Applications, vol. 9, no. 1, pp. 21– 3, 2006.

[6]

C. Mariño, M. G. Penedo, M. J. Carreira, and F. González, Retinal angiography based authentication,”

in Proceedings

of

he

8th

Iberoamerican Congress on Pattern Recognition (CIARP 03), vol. 2905 of Lecture Notes in Computer Science, pp. 306– 13, Havana, Cuba, November 2003. [7]

Rahul Vivek Purohit1 and S.A. Imam, “A Practical Approach for Retinal Authentication” , 2Department

of Electronics & Communication

Engineering, Jamia Millia Islamia, New Delhi. [8]

“Biometrics Security Considerations,” Systems and Network Analysis Center Information Assurance Directorate, www.nsa.gov/snac.

[9]

T. Gunasekaran, and C. Parthasarathy, “Biometrics in Network Security,” International Journal of Computer Network and Security (IJCNS), vol. 1, no. 1, pp. 36-42, 2006.

[10] P. Arul, and Dr. A. Shanmugam, “Generate A Key for AES

Using Biometric for VOIP Network Security,” Journal of Theoretical and Applied Information Technology, pp. 107-112. [11] Davide Maltoni, Dario Maio, Anil K. Jain and Salil Prabhakar, “Handbook of Fingerprint Recognition”, Springer-Verlag, New York, 2003. [12] Ronald G. Wolak, “Network Security: Biometrics - The Password Alternative,” School of Computer and Information Sciences, 1998. [13] Y Dodis, L. Reyzin, and A. Smith. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. Eurocrypt 2004.

IJCTA | Nov-Dec 2013 Available [email protected]

1019