Mar 26, 2017 - strength as they are often prone to lost, theft, forget and clone. ..... Access Control in Smart Homes by Android-Based Liveness Detection.
2016 International Conference on Computational Science and Computational Intelligence
Towards Generic Institutional Biometric Authentication System Ohaeri Ifeoma and Esiefarienrhe Bukohwo
Isong Bassey
Computer Science Department North-West University Mafikeng, South Africa
Computer Science Department North-West University Mafikeng, South Africa magazines and several countermeasures have be lunched, but yet still, cyber-attacks are on the increase. Consequently, a better approach to protect our information and assets is indispensable. To this end, using authentication factor based on “what you are”[2] could be a better option.
Abstract—Today, several institutions of higher learning are using access cards as access control measure to gain access to their institutions and facilities. Though, these cards are simple and convenient in terms of usage, they offer the lowest security strength as they are often prone to lost, theft, forget and clone. If compromised, valuable information and asset can be stolen or destroyed. However, every institutional security goal is to protect the students, staff, information and assets. Thus, to strengthen the security level, institutions should provide security measure that is difficult if not impossible to compromise. This paper therefore, proposes an approach to reinforce the security in universities using biometric authentication. We designed and implemented a system prototype called Institutional Biometric Authentication System (IBAS) to provide security to students, staff and assets. Additionally, IBAS is generic and can be used to manage attendance, prevent impersonation and other valuable benefits. Keywords—Authentication, Institutions, Security.
I.
Biometrics,
Authentication based on “what you are” is simply known as biometric authentication and is considered to have the strongest security strength. Biometrics offers a natural identity management tool that is characterized by greater security strength, robustness, speed, effectiveness and convenience than the traditional methods of personal recognition [2]. This is because in biometrics, the identification or identity verification of a person is based on the physiological and behavioral characteristics of the person [3][4]. Biometric security is advantageous as every individual has unique traits that cannot be forged, stolen or lost [2]. That is, it is directly connected to a person because they make use of an individual’s unique feature for identification and authentication. As an access control measure, biometrics assures that each person has only one identity in the system and that only one person can access each identity [2][5]. In addition, biometrics have unique characteristics that are measurable such as universality, uniqueness, permanence, collectability even though they all may be fit and convenient for a specific environment [2][6][7]. Common features for individual biometrics used for recognition includes finger and palm friction ridges, iris, face, voice, handwriting, hand shape, DNA and hand vein patterns [2].
Fingerprint,
INTRODUCTION
Security in general term can be considered as the provision of information integrity, confidentiality and available [1]. Security has become a great concern to individual, organizations and the government as they tend to find a better way to protect their information and valuable assets. Unfortunately, in our e-society today, ensuring absolute security is difficult, if not impossible. This is due to the increasing interconnectivity brought by the Internet which impacts has been both positive and negative. On the negative impact, chains of cyber-attacks on individuals, organizations and governments is now the order of the day. Moreover, as the world advances in technologies, so is the advancement of sophisticated attacks designed to compromise the security in place. In particular, majority of the attacks are carried via compromising existing identification and authentication measures. For instance, some of the commonest authentication factors in use are by “something you know” e.g. passwords, PINs, tokens and so on in addition to “something you have” such as cards, and so on [1][2]. Though, these authentication factors are simple and easy to use, they offer the lowest security strengths [2]. The factors are prone to theft, identity theft, loss, be forgotten, forgery or cloning and so on. Once compromised, the valid owner’s valuable information or assets can be compromised leading to loss of lives, cash, information, reputations, intellectual properties (IP), etc. Today, several cyber-attacks have been reported in the literature, media,
978-1-5090-5510-4/16 $31.00 © 2016 IEEE DOI 10.1109/CSCI.2016.247
Biometric data are efficient access control measures and they are a key element in digital forensic analysis today. Biometric authentication verifies both the identity and the authority of a party and prevents unauthorized access to information or assets. Its operation is twofold: enrolment and authentication or verification [2][7].
Figure 1. Biometric system
During the enrolment, biometric data is collected from persons or individuals and stored in the database together
1323 1327
with their identity. On the other hand, the authentication or verification, compares the captured biometric data collected from a person against the ones stored in the database for authentication purposes. The process is shown in Figure 1. As shown in Figure 1, storing the biometric information in a standardized manner in the database makes it possible to locate statistical data and also have more information regarding the peculiarity of the biometric feature. However, every biometric system must consider the intrusiveness of data collection and other factors which include; throughput rate, requirements for data storage, enrolment time accuracy, and acceptability to users, speed, uniqueness, ability to resist counterfeiting, and reliability must be justified in order to be effective [6][7].
identification measures. Its adoption has been on the increase over the past few years. Such interest has been substantial with various large-scale initiatives from governments and other sectors that seek to incorporate biometric technologies for the purposes of identification and verification. In this paper, we design and implement biometric system which is generic, card-less and paperless called IBAS. We adopts and presents fingerprint authentication system for universities in SA where each valid student and employee uses his/her fingerprint to prove their identity. The importance is that, the security of students, staff and assets are critical to the institutions since access cards can easily get lost, be stolen, be forged, and so on, thereby rendering the owner vulnerable. IBAS will ensuring that only valid students, staff and authorized individuals are allowed access to the university.
Among the several biometric, finger print and face recognition have attracted widespread application due to their conveniences and other factors. Given the security strength, adopting and implementing this system at borders, banks, pay points, entry to facilities, and others, definitely makes identification more reliable due to the extra information about every individual at every location which is readily available. Currently, majority of institution of higher learning are using access cards for identification and authentication. Going by the security strength of access cards which is “something you have”, this type of authentication factor is weak and vulnerable. Moreover, till date, there has been several reported cases of card compromise leading to several crimes in the universities which has been linked to outsiders or non-students. To get rid of such situations in the campuses, a stronger and efficient security measure is needed for institutions to better protect their students, employees and assets. Therefore, this paper proposes a biometric authentication system for institutional access to the premises and facilities. Moreover, the study implemented a prototype called institutional biometric authentication system (IBAS) that will be used to enhance security in the institution as well as used to manage attendance. We believed that, if IBAS is adopted and properly implemented by every institution, they could culminate in a more reliable identification measure which in turn aids forensic processes and associated legal actions.
In addition, the system can also be used to manage students’ attendance since the traditional method is paper-based, inefficient, stressful, and unreliable [8]. For instance, with the traditional system, students or employees can cheat by asking their friends to write their names in attendance register. With IBAS, lecturers are able to monitor the students’ activities effectively. Also, due to unlimited seats in classrooms, this system can be used to ensure that only students offering a particular module are allowed access to the classroom during lecture periods. Furthermore, during examinations, the system can be advantageous in eliminating impersonation of students and time wasting in queuing for identification by security personnel. In general, this system is geared towards the elimination of the limitations posed by the use of access cards as authentication measures and provide an effective, reliable and efficient security system as well as providing a costeffective means of performing digital forensic analysis in the event of criminal and fraudulent cases which are unavoidable among institutions of higher learning. B. System Structure and Operations The structure of the system is based on the structure and operation of biometric systems. By using IBAS, the operation involves both enrolment and authentication or verification [2][7]. Firstly, the process of enrolment corresponds to the student/staff registration, where staff and students’ information is captured into the database for identification purposes and so on. Secondly, the verification or authentication process corresponds to the actual identification of staff/students against information (i.e. biometric data) stored in the institutional database. Thus, since the biometric security process is identical to the activities of registration and access control in the institution, it is an added advantage to enhance and promote attendance for staff and students while putting security and other activities under check.
The structure of the paper is as follows: Section II discusses the proposed system, Section III presents the system prototype and Section IV is the paper conclusion. II.
THE PROPOSED SYSTEM
This section presents the proposed system intended to provide security and the management of attendance in institutions of higher learning. It starts with a system overview and then progresses to framework design and operations. A. System Overview Biometrics, fingerprint authentication in particular is considered reliable when compared to other authentication factors because it authenticates a person’s identity using unique physical characteristics instead of other
1328 1324
The process depicted by the framework shown in Figure 3, involves two phases: the enrolment phase where students and staff members’ biometric data and other information is captured into the central database of the university and the identification/authentication phase stage where the stored information is used to identify and authenticate the each student and staff. In this paper, we focus on security at the gate and the lecture venues. 1) Authentication Operation at the gate: The process utilized by IBAS to identify and authenticate students and staff member at gate before being allowed to enter the university or campus is also represented in Figure 3. As represented, in order to identify students and staff and to grant access at the gate, thus, they will have to present their fingerprint for scanning using the scanner installed at the gate. On scanning, the biometric device will capture their fingerprint image which is then searched for from the database. If a match is found, the staff/student is granted access, otherwise, access is denied.
Figure 2. IBAS system use case diagram
2) Authentication operation at lecture venue: The authentication operation at the lecture venue is also shown in Figure 3. The operation is purely to ensure that only valid students who registered for a module are allowed in the class as well as the module lecturer whose time slot has been allocated. The process of authentication is the same as authentication at the gate with the exception that the students/lecturers are checked against modules and time slot. In this case, access is granted if a student registers for the module and the module correctly allocated to the venue for that period. For this process to be effective, the general timetable and venue allocation for each has to be maintained by the system.
The possible users of the system are the students, staff, lecturers, school and system administrators with each actor having important role to play. Possible interactions depicting each user, interactions and role is presented as the system use case diagram in Figure 2. The authentication operation process is shown in Figure 3. IBAS operates by having biometric devices at the gates, the door of each lecture venue and other strategic places of importance which depends on the security goal of the institutions.
III.
IBAS PROTOTYPE
This section presents the prototype that implements the idea embedded in IBAS to manage access to institutions, manage attendance for both staff and students and other important benefits attached to it. IBAS is a web-based application developed using Java and PHP programming and MySQL for the database. We used Java to develop the fingerprint scanner while the rest of the application in PHP and run on the web. The interfaces snapshot is presented and discussed as follows. A. Authentication Interface The interfaces shown in Figure 4 and 5 presents the biometric scanners installed at the gate and lecture venue respectively. Each interface has a scanning portion which appears on the left then a display part that gives feed back to the user. The operation is already discussed in Section II. As shown in Figure 4, access is granted to the university premises if a staff/student is valid. On the other hand, student/lecturer are allowed access to classrooms if module/time slot is valid.
Figure 3. IBAS authentication operation
1329 1325
Figure 4. Scanner at the gate
Figure 7. Account creation page
D. School Administrator Interface The school administrator has several functions to perform in IBAS. These functions are shown in Figure 8. Based on the functions, Figure 9 shows the students registration page which is a form for collecting information to be stored in the database. Accordingly, Figure 10 shows a proof of registration page which serve as feedback that follows suite which indicates what modules registered for. Figure 5. Scanner at the lecture venue
B. System Access To access the system and carry out different important tasks as shown in Figure 2, the valid users have to first authenticate themselves using “what you know”, password as authentication factor. In this case, all respective users must first login into the system before they are able to perform tasks authorized by the system administrator. Figure 6 shows the login page in IBAS.
Figure 8. School admin page
Figure 9. Student rgistration form
Figure 6. Login page
C. System Administrator Upon login into the system as a system administrator, such user will be redirect to a page where he or she can perform the task of staff account creation as well as viewing. Figure 7 shows the account creation page which is a form that has to be filled and submitted to the database. Figure 10. Proof of registration
1330 1326
IBAS. The system records the student`s details and the time entry was made. After each class, the lecturer can log in, view and print the attendance register. See Figure 14.
As another function of the school administrator, Figure 11 shows module registration for students which is also a form used to enter module information. The fields are the module code, module name, degree, Lecturer and level. However, the lecture field and degree fields have select menus with information provided by the database to restrict the user to make valid options.
Figure 14. Attendance register
Figure 11. Module registration form
Furthermore, the school admin is also responsible for creating the time table for each module and venue allocation. Figure 12 shows the time slot creation form which has name of the venue, the module, the date and the duration. The user is restricted to predetermined set of inputs by using select menus to avoid input errors. After the data has been entered it can be viewed, if requested the list is displayed in a table as shown in Figure 13.
All the interfaces shown in this paper are provided by IBAS to effectively manage the biometric authentication and other benefits attached to it like attendance management in institutions of higher learning. Based on the operation and effectiveness of IBAS, if adopted, implemented and properly deployed in real-time and real-world operation by any university to strengthen access control to physical locations such as: campus, laboratories, buildings, lecture venues gates and even logical information, and so on, it can effectively manage attendance, protect assets and other valuable benefits. Obviously, this will make the traditional methods of taking manual attendance registers and using cards at the entrances obsolete because they are inefficient in terms of adequate security and proper identification in cases of serious crimes and robbery. In addition, it can bring about cost saving since only few security personnel will be needed in the institution. IV.
CONCLUSION
In this paper, we have presented and discussed the design and prototype implementation of an institutional biometrics system called IBAS that enhances security in institutions and attendance management for staff and students as well other benefits. The paper demonstrates how the system capture students and staff physiological data and use it to identify them. Moreover, the porotype shows how different users can use the system to perform several tasks such as registration, module, time and venue allocation, and attendance. The ultimate benefits include efficiency, impersonation elimination, cost-effective forensic analysis, effective security and so on. In conclusion, we believe that if this system is adopted by various institutions instead of access cards, it could go a long way to strengthen their security, prevent conflicts and manage attendance effectively. The essence is that, biometrics are reliable security mechanism which has been tested and proven.
Figure 12. Time slot page
Figure 13. Student list
E. Lecturer Interface As previously stated when each student gains entry to any venue, an attendance list is automatically created in the
1331 1327
ACKNOWLEDGMENT This work was supported by FRC in the NWU-Mafikeng. We express our sincere gratitude and thanks to them as well as our colleagues in the Computer Science Department. REFERENCES [1] [2] [3]
[4]
[5] [6]
[7]
[8]
Andress, J. The Basics of Information Security, Publisher Syngress, pp. 1-30. 2011. Wayman, J.L. “Biometrics in Identity Management Systems”. IEEE Computer Society, pp. 1540-7993, vol.08, 2008. Wayman, J.L. (Ed.), National Biometric Test Center - Collected Works Version 1.3, http://www.ecc.unh.edu/biometric/biomet/public_docs/nbtccw_TEST .pdf,2000, requested April 2014 S. Prabhakar, S. Pankanti, and A. K. Jain, “Biometric Recognition: Security and Privacy Concerns,” IEEE Security & Privacy, vol. 1, no. 2, 2003, pp. 33–42. Watson, A. “Biometrics: Easy to Steal, Hard to Regain Identity,” Nature, vol. 449, 2007, p. 535. Siraj A.S, Joseph, R.R.: Characteristic trade-offs in designing largescale biometric-based identity management systems. Journal of Network and Computer Applications 33 (2010) 342–351 Moi, S.H., Rahim, N.B.A., Saad, P., Sim, P.L., Zakaria, Z. & Ibrahim, S. "Iris Biometric Cryptography for Identity Document". International Conference of Soft Computing and Pattern Recognition (SOCPAR'09) IEEE, , pp. 736, 2009 Akinduyite, C., Adetunmbi, A., Olabode, O. & Ibidunmoye, E., "Fingerprint-Based Attendance Management System", Journal of Computer Sciences and Applications, vol. 1, no. 5, pp. 100-105, 2013.
1332 1328
