1

Multibiometric Cryptosystems Based onFeature-Level Fusion

INTRODUCTION

A biometric system is essentially a pattern recognition system that

operates by acquiring biometric data from an individual, extracting a feature

set from the acquired data, and comparing this feature set against the

template set in the database. Depending on the application context, a

biometric system may operate either in verification mode or identification

mode. multibiometric systems require storage of multiple biometric templates

(e.g., fingerprint, iris, and face) for each user, which results in increased risk to

user privacy and system security.

In the verification mode, the system validates a person’s identity by

comparing the captured biometric data with her own biometric template(s)

stored in the system database. In such a system, an individual who desires to

be recognized claims an identity, usually via a personal identification number

(PIN), a user name, or RFID NO, Identity verification is typically used for positive

recognition, where the aim is to prevent multiple people from using the same

identity.

2

In the identification mode, the system recognizes an individual by

searching the templates of all the users in the database for a match. Therefore,

the system conducts a one-to-many comparison to establish an individual’s

identity (or fails if the subject is not enrolled in the system database) without

the subject having to claim an identity.

After matching the image, server will range a percentage value. If that

percentage value is above 100 means it will allow transaction directly

and below 100 means server will generate token number and send to the

client.

1.1Objective

The main objective of my project is to provide secure banking for the

client, by taking fingerprints as authorized identity at ATM banks.

1.2Scope

Biometric authentication systems are gaining wise-spread popularity

in recent years due to the advances in matching algorithm that make the

system both secure and cost-effective. They are ideally suited for both high

security and remote authentication application due to user convenience. Most

biometric system assume that the template in the system is secure due to

3

human supervision(e.g. criminal database search) or physical protection(e.g.

mobile locks and door locks).However, a variety of applications of

authentication need to work over partially secure or insecure networks such as

ATM networks or the internet.

Authentication over insecure public networks or with un-trusted

servers raises more concerns in privacy and security. The primary concern is

related to the security of the plain biometric templates, which cannot be

replaced, once they compromised. Widespread use of biometric authentication

also raises concerns of tracking a person, as every activity that requires

authentication can be uniquely assigned to an individual.

3.1. SYSTEM ANALYSIS

3.1.1. Problem Definition

The problem is to design biometric features for authentication. The

finger print verification is to be performed by using Fuzzy concept and the

secret token number is generated by SHA-256(secure hash algorithm)

3.1.2. Existing System

Remote authentication is the most commonly used method to

determine the identity of a remote client. In general, there are three

authentication factors:

4

1. Something the client knows: password.

2. Something the client has: smart card.

3. Something the client is: biometric characteristics

(e.g., fingerprint, voiceprint, and iris scan).

Most early authentication mechanisms are solely based on password.

While such protocols are relatively easy to implement, passwords have many

vulnerabilities. detailed analysis of the trade-off between matching accuracy

and security in the proposed multibiometric cryptosystems based on two

different databases (one real and one virtual multimodal database), each

containing the three most popular biometric modalities, namely, fingerprint,

iris, and face.By exploiting these vulnerabilities, simple dictionary attacks can

crack passwords in a short time Due to these concerns, hardware

authentication tokens are introduced to strengthen the security in user

authentication, and smart-card-based password authentication has become

one of the most common authentication mechanisms. While it provides

stronger security guarantees than password authentication, it could also fail if

both authentication factors are compromised.

Another authentication mechanism is biometric authentication,

where users are identified by their measurable human characteristics, such as

fingerprint, voiceprint, and iris scan. Biometric characteristics are believed to

be a reliable authentication factor since they provide a potential source of high-

5

entropy information and cannot be easily lost or forgotten. Some biometric

characteristics (e.g., fingerprint) can be easily obtained without the awareness

of the owner. This motivates the three-factor authentication, which

incorporates the advantages of the authentication based on password, smart

card, and biometrics.

3.1.3. Proposed System

In Our Proposed System of Implementation, We consider Three

Factor Authentication using the following,

RFID

PIN Number

Biometrics (Finger Print).

Every User is provided with RFID Card for the initial Authentication

Scheme, then the user will be giving the PIN number is provided during the

Registration Period itself.

Then the user is permitted to give his / her Finger Print to the main

server. If the Finger Print is exactly matched, the user is allowed for the

transactions. If the Finger Print is doubtful and not exactly matched with the

registered Finger Print image then Server sends One Time Password as SMS

Alert to the User’s Mobile Number. This One Time Password which is generated

6

as SMS is given by the User to the main server for authentication. In the normal

three factor Authentication Scheme, we use following Authentication

Procedures

User PIN number along with Keypad ID

RFID Tag

Finger Print Image

In the case of Fuzzy Concept, where the Finger Print is not matched

but matched to the maximum extent, and the server has suspicion, then the

following procedure is followed,

User PIN number along with Keypad ID

RFID reader

Finger Print Image

One Time Password (OTP) Generation to the user’s Mobile Number

OTP given by the user to the server.

All those are used together for authentication. For Finger print Fuzzy

Logic is applied for Exact Mapping and Proper Authentication.

7