Biometric Applications for Information Security

Biometric Applications for Information SecurityChapter 11 .0 foundation garmentIn late(a) times, the use of com perpetrateer towards aditing information has increased and this has do our lives simplified in distinct ways, whereby easing people around the globe to communicate and sh be information. Due to this maturement calculator technology, the lease for an reformd profits service which involves public accessing these devices is to be put in place. Generally, this advancement in bopledge towards the use of modernised technology has lead to the investigating and unveiling of untested threats to computer trunk certificate measures which affects the todays shapings.From my seek carried out it has been noticed that roughly organisations argon in search of better nub of improving their information security system, and also a cost telling style towards safeguards a elaborationst fraud and impersonation .As we all know that info protection is a valuable resource which mustiness be kept strictly, controlled and managed properly in an organisation. In the nutshell, the term security basically referred to as the protection and guidance of a system from unauthorised access, be it intentional or accidentally, irrespective of the service provided by the database management system. This work pull up stakes broadly speaking involve the use of keystroke dynamics as a means of establishing a erratic identity, which pass on be employ as an redundant measure towards enhancing information/data security in an organisation (e.g. Banks, Institutions, legislative departments, finance houses, production firms etc). This unique identity will help relegate a safeguard towards authenticating the access to computers by recognizing an exclusiveistic based on his stored features i.e. mouse movement, keyboard application, typing rhythm etc.The protection of an information database system at all level in an organisational system, has over the years become an e ssential concern, this is as a end of different type of threats and unauthorised advances made by malicious single(a)s. Many organisations, over the years g ace ahead towards the development and adoption of a stronger web-based services of computer controls, because from my research I ga in that respectd that information and dealings worth fortunes argon been dealt with on a daily basis and the organisation has to chink its protection by all means. Because any breach of security will lead to fatal destruction of the system. During my report it was noticed that in almost organisational application, the access to information database system where usually restricted through the use of a login ID/ rallying cry protection scheme. This has been in place for years and if by any means this scheme is breached, and then the organisations information is generally exposed towards any possible fraudulent misuse. During my research work I gathered that, hardwargon based security managed syst ems has a positive impact towards the reduction of unauthorised access by imposter. According to David Zhang and Anil Jain 2006, in therebook Advance biometric it give tongue to that acceptance rate is still necessitate dependent and the results indicate that the false acceptance ratio (FAR) is still on the order of 5%, beyond the unimpeachable risk level of many organizations, considering the costs in ground of hardware and training time. In the nutshell it will be said that security and database plays an important power in all areas where computers are used, including business, electronic commerce, engineering, medicine, law, library science and many lot of more fields.I would handle to give a brief explanation of what database is all about and its surrounding topics on which we will deal with as we proceed on the project work. Generally, database nooky be said to be a cart where information are stored, updated and retrieved, it is a very important part of everyday life, a nd has to be secured from utterances. The term Biometric said to be gotten from the combination of the Greek talking to Bios, which means life, and Metrikos which is said to be measuring. This technology is said to be the ability to identify an individual based on their unique characteristic, which understructure either be physiologicly (passive) or behavioural (active) characteristic mode of denomination.Over the years it has been notice that one of the most secured and effective means of authenticating and identifying an individual involves the verification of their personalised unique characteristic. This is somewhattimes usually done in conjunction with a PIN or token (known as multi-factor credential) also by users name and password. superstar of the proper ways of managing biometric secured information database includes its registration, storage, and verification which is known as Biometric Identity Management. However, from research Information security is known to be one of the blistering growing areas in the IT world, and its efficiency is to be assured by minimising exposure to external and internal attacker. Enhancing information security using keystroke dynamics (Behavioural biometrics) as an additional measure in organisations as my research topic was brought to light. This research report is basically aimed at reviewing information database security system and the use of keystroke biometric towards security enhancement, where by reviewing the effective implementation, picture and management of information system in organisation, and protecting it from intruder. Also it will clearly highlight on the pros and cons of traditionalistic means compared to biometrics means of application. I will strictly focus on keystroke biometrics, which is a human behavioural biometric whereby need for any form of physiological attribute, is not needed. This study (Information security and biometric application) will be place into the following stages ( Nanavati. S, (2002), Von Solms S.H (2000))Identification and credential An individual been identified and authenticatedAuthorisation Being authorised to use certain(p) resourcesConfidentiality Ensuring confidential information i.e. data or software, stays confidential and accessible only to authorised individualsIntegrity Making sure only authorised individuals can change the content of data or softwareNon-denial Ensuring that an individual cannot deny the authorisation of a transaction (e.g. in Banks), equivalent changing the content of data.The deployment of biometry and the above stages will require a solid understanding of the technology and why it is been deployed, its mode of function, performance and accuracy will be looked into and analysed. Also the extract of which biometric application to use depends highly on the intended application of the system, here are some of the biometric applications in existence today finger print casing recognition, excrete geometry a nd iris recognition etc. Some of these biometric features are applied in areas like, time and attendance systems, voters registration, immigration and border control, access control, computer security, and monetary firms. This project research work will involve a practical part of the application and to achieve the aims successfully, the following objective will be put into consideration.ObjectivesPresenting detail of biometric applications for information security purposes.Comprehensive review on information security threat, breaches, awareness solutions and discussing case studies on its effect on organisational system.Building / implementing a keystroke access database application.Critically analyse and evaluate the impact of the design keystroke enable database(Pros and Cons)To conclude on findings and recommendation for future developments of information security system.1.1 Why the nurture and GoalsThe scope of this study is to present, review and analyse problems which are been faced in organisations information security, where by been able to create and suggest a means of securing polished information from external sources and mostly internal sources. In recent times from information gathered it has been found that most security breaches /threat in organisations commit been linked to internal sources. present I will recommend a keystroke biometric application in organisations which are known to turn in a friendly purlieu between member of staff and the easy of sharing personal details, are on the high side. Generally I am not saying there are no securities measures in organisations to curb these intrusions, but as earlier mentioned most of these leakages are carried out by internal sources. But most organisations confuse use of traditional login process (user names and password, chip and pin). Alternatives to password-based authentication, keystroke biometric can either be used as an additional measure or replace the traditional method, this ca n help identify intruded and access are denied. A special focus will be on keystroke dynamics, in which firstly, the goal is to verbalize requirements which these utility(a) authentication schemes need to satisfy. After reviewing the alternative methods from a security and usability point of view, the result should be to answer the question whether the presented schemes is capable of being alternatives to password-based authentication mechanisms or not.1.2 Related Studies.In the past and at present a lot of studies and researches is been carried out, in regards to users identification, verification and authentication, with their respective ways of securing information system. Keystroke dynamics was first introduced in the early 1980s as a method for identifying the individuality of a given sequence of characters entered through a traditional computer keyboard (R. Gaines, W. Lisowski, S. ). Keystroke dynamics originated from studies of the typing patterns exhibited by users when ent ering text into a computer using a standard keyboard. Researches in this field focused on the keystroke pattern in terms of keystroke duration and keystroke latencies. Evidence from preliminary studies indicated that typing patterns were sufficiently unique and easily distinguishable from one an other(a), much like a persons written signature (R. Gaines, W. Lisowski, S., R. Joyce and G. Gupta ).Here are some studies which have been carried out towards information security such as that conducted by Arwa Al-Hussain (2008), Biometric-based Authentication Security, Saleh Bleha, Charles Slivinsky, and Bassam Hussein Computer-access security systems using keystroke dynamics, R. Joyce and G. Gupta exploiter authorization based on keystroke latencies. And also Revett, K. and Khan, A, 2005, carried out a research on Enhancing login security using keystroke hardening and keyboard griddling. But In my research work I will look into all aspect of biometric applications in regards to keystroke dynamic application and it suitability towards detecting intruders trying to gain access into a database information system.1.3 Problem StatementIn this research which is to attempt the implementation of keystroke biometric and mouse application as a security measures towards preventing the gaining of access to polished data from unauthorised individual in organisation, also to prevent password sharing and identity theft from within and outside the organisation. To be able to achieve this, I will be looking into the different types of biometrics and the added advantage presented by keystroke biometrics in relation to cost and easy of application. Finally I will not neglect the difficulties that may be encountered towards the successful achievement and completion of this research, also all necessary steps will be taken to have a conclusive project work.1.4 Outline of Dissertation Topics and OrganisationThe other part of this paper work is organised and subdivided in the following pa ttern. Chapter 2 will focus more on the in-depth of biometrics application, the benefits of biometrics compared to traditional authentication methods, advantages and disadvantages of the different identification mechanism ,it challenges and effect on todays society and finally the different types of biometrics. Chapter 3 will concentrate on the information security issues, social engineering and security solutions presented by biometrics enhanced system. In Chapter 4 an in-depth abbreviation of the keystroke biometrics will be look into and its application towards information security. Chapter 5 will concentrate mainly on implementation of keystroke biometrics, a demonstration of its design application and functions, towards security enhancement and also user acceptability survey on the application mode will be analysed. Finally in chapter 6 I will conclude on findings and recommendation for future developments of information security system.Chapter 22.0 IntroductionFrom my resear ch it has been gathered that access to most organisations computer systems which content various information are done by using authentication and identification means. The commonly used security go on towards identification and authentication is by login process, which involves the users ID and password. This has been in use for years towards the verification of a person trying to gain access to a computer information system. This mode of security onrush has over the years been a big problem to most organisations security management system, as a result where workers could routinely share passwords with one another, sometimes forgetting their passwords or stored them in places which they could be easily seen by other people. This has lead to the level of security breaches, threats and fraudulent transaction increasing to a disturbing state, due to this the need for highly secure identification and personal verification technologies is being searched for. From researches carried out it has been found that biometric authentication can solve some of these problems, whereby help in reducing this growing security threat to a minimal level. Another importance of biometrics is its ability to improve the usability of a system since the person in use does not need to remember his or her passwords when trying to gain access to the information system. Biometrics as we know is not a new discovery to the world at large this has been in existence, during the BC and AD, just that of present more attention is been shown towards biometrics and its applications.2.1 Why Biometrics ApplicationsIn the application of biometrics towards security setting is Ten times the security for that of traditional means and also cost effective in the long run. Due to issues relating to Identity theft, terrorism and increase in the general level of crime which have also combined to heighten the need for a just technology security approach.( Security Seminar K. Tracy 1998) Biometrics application over the years has been the recommended solution choice for many organisational systems towards information security, both in camera owned and government companies are in use of biometric application towards maintaining secured environmental system for information sharing and distribution.Lets imagine the ability to unlock the door, obtain money from a machine, authenticate a credit card, retrieve information from a system or even start a car with just a glance at a camera or a touch, that is what bio application is all about and has helped to improve users security application by there uniqueness.2.2 Introduction to BiometricsWhat Is Biometrics The word biometrics is known to be gotten from a combination two words from Greek origin meaning (bios =life, metrikos (metrics) =measure).The terms Biometricshave been in existence since the 20th century and was used to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the b iologic sciences (Nanavati. S. 2002). In the nutshell biometrics can be said to be an automated method in science and technology which is used in recognising, measuring and statistically analyzing biological data of an individual. These bio measurements are done based on ones physiological or behavioural characteristics, which can be used to verify the identity of the individual. Some of the examples of biological characteristic include DNA, blood group genes, whereby physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, and behavioural characteristics include signature, voice, gait and typing patterns (keystroke). One of the superior important advantages of biometrics lies in the fact that physical or behavioural traits cannot be transferred to other individuals, or can they be forgotten. (Wikimedia Foundation, Inc, (2006),)2.3 How does biometrics work?Biometrics can be classified in two main types, which are as follows phys iological biometrics, this involves the use of physical trait, such as a fingerprint, iris, hand or face for recognition of an individual. Here the physical traits are collected, then analyzed, measured and stored for use. In the case of fingerprint, it is automated through a numeric encryption of its ridges, splits, dots, valleys, furrows and minutiae points. This encryption is called an algorithm, creating a binary encoded template. The iris is also digitally stored using an algorithm in the homogeneous way. (Wikimedia Foundation, Inc, (2006))The other type of biometric solution is behavioural biometric. This mainly involves the use of a persons behavioural trait or pattern, such as a voice, signature or key stroke. These traits are stored in the same way to that of the physiological traits except that they are updated regularly to be able to cope with the ever changing patterns in the trait. The both type of biometrics are relevant to different situations and circumstances. Natu rally it has been gathered that physiological biometrics has proved to be more reliable than that of behavioural biometric, in the sense that physical traits generally stay the same all time irrespective of the age, while that of behavioural trait changes due to one or two situation which can be caused by advancement in age, learnt habit or accidental causes.2.3.1 Mode of biometric operationsIdentificationIn biometrics operations, when the device/networked server hold a database of registered users and when these traits are presented, it is then authorizes the searching of the database so as to establish a match with the presented trait. In theory the device is asking Do I know you? This method of identification is called one too many (1 N) according to www.posid.co.uk.AuthenticationThe theory here is that the device is requesting Are you who you claim to be? By presenting a user id number or a Smartcard (containing the biometric algorithm) you then prove who you claim to be. In ord er to prove that this id number or Smartcard belongs to the user, one is requested to present his /her biometric trait directly to the device. You are authorized if they match and denied if they do not match. This method is called one to one (11) www.posid.co.uk.AuthorizationIn the nutshell this is known to be the locomote stage of a biometric system function, after identification the system search for a match and then confirms it authentication where by requesting unique feature and if matched with the stored details, you are then authorized. (Wikimedia Foundation, Inc, (2006))2.4 Importance Of Biometrics Over Traditional Authentication Methods-In present times most organisation, force use of Login passwords, PINs, and token towards verification and authentication for gaining access to there information database system. This are mainly designed to help protect and secure the organisations computer information network and its applications. However in most cases these technologies have been discovered to having some problems associated with them, mostly when faced with modern technology applications, like online transactions, which could involve the accessing of sensitive information such as medical reports, fiscal or income support information. In order to reduce these increasing problems, biometrics features are been introduced in some of these computer information applications areas. As earlier stated, Biometrics is known to be an automated methods of recognizing and identifying an individual based on their physical or behavioural characteristics.(Samir Nanavati, Michael Thieme, Raj Nanavati 2002) Every individual different biometric characteristic which are unique and peculiar to them, no two person have or share the same biometric features. Some of the commonly known used biometric applications in todays society are facial, fingerprint, iris, hand scan, voice and dynamic signature. Biometric data application as a means and methods of identification is we ll preferred by organisation due to its several(prenominal) advantages over the known traditional method, which have been highlighted earlier in this chapter. Some of the major reason for the preference of bio data for information security system is that the individual to be identified is required to be present physically during the identification process, and this identification process does not require the need for password remembrance in any form. With the present increasing integration of computer, as well as internet usage in our day to day activities towards information accessing, this has called for a growing need to use a more protective method on information system assessing. This could be done by either replacing the PINs (traditional method) whole with biometrics or combining the both towards effective security measures whereby prevents unauthorized access to computer information system. As stated in previous chapter, one of the biggest issues with the use of PINs or pas swords as a security measure is that it could be forgotten, likewise tokens such as passports and drivers licenses may be forged, stolen, or lost which is unlikely in biometric traits. Basically biometric applications can be used for real-time recognition, and the most popularly used is face, voice, signature, iris and fingerprint. (S.Nanavati, M. Thieme, R. Nanavati 2002) In view to biometric application compared to the traditional application, a biometric system is basically known to be a pattern of recognition of an individual by determining the authenticity of a specific physiological or behavioural characteristic possessed by the person. Several important issues are put into place during designing a functional biometric system. Basically all biometric systems inhabit of three (3) basic elements, which are as followsEnrolment It is known to be the process which involves the collecting of biometric samples from an individual, and this is captured and stores in a secured templat e in a exchange database or a smart card issued to the user.Templates This is a storage cart where all the data or information representing the individual/enrolees biometric features is stored. The template is usually been retrieved when identification is to be carried out on an individual.Biometrics system can operate using either verification (authentication) or identification mode.Matching It is a process which involves the comparison and analysing of individual biometric details which has been stored in the database system templates. Mainly the enrolment is the first stage during authentication, in which a template is then generated and will be used towards matching of the users authentication.2.4 Types of Biometric TechnologiesBiometric can be classified into two main classes which are Physiological and Behavioural biometrics, this involves two main modes of applications, which can be said to be contact and contactless biometric applications. The main function of biometric te chnology system is to assist in the controlling of access to a network system, and also helping to authenticate an individual by establishing there identity by comparing it with already stored details, which are unique to the individual. The most significant factor which enable the implementation of a biometric towards authentication is it uniqueness, i.e no two person can have same bio data and can not be lost or guessed. Looking at the recent increase in the breach of information system, biometric authentication system is a more reliable, efficient and effective to reduce this increasing threat compared to the traditional password based authentication process.2.4.1 Physiological Biometrics-In this type of biometric application, the individual is required to have biometric features stored in the bio data storage device (scanner).This device is where the users details are collected and stored for feature use. Due to reason that a person or individual stores their bio-data and need t o make direct contact when needed to gain access to an information system, has made many people have to consider this to be a technology which invades on ones personal privacy .Below are some examples.Fingerprint EvaluationThis is the most commonly used biometrics and the most advanced of all the biometric technologies and it is highly accurate. The challenges lies in varying quality of fingerprints across individuals and in dealing with wear in the defining irregularities in the ridges and valleys of ones finger (Nanavati. S, (2002),). New technologies have recently employed the use of pattern matching and ultrasonic scan rather than evaluation of the irregularities which has increased the accuracy of fingerprint examine and reduced the risk of misidentification. By scan the geometry of an individualshand, including height, width, shape and proportion, security systems can accurately bang and identify individuals. This method is primarily used for physical access control and is c onsidered the most useful in terms of durability and application. In fact, hand scanning is used effectively where other biometrics technologies cannot work due to frequency, volume, or environmental disruptions. Here is a finger print sample from Wikipedia.Retina Scanningis considered among the most accurate of the biometric technologies through its evaluation of the shape and make-up of inner surface of the back of the eye. This method, while highly accurate, is also fairly costly and often perceive as difficult to use. Other complications include interference from foreign objects such as eye glasses or contact lenses. Further, scanning of a sensitive area such as ones eye decreases receptivity and willingness to use. Even so, the accuracy of retina scanning and the minimized risk of imitation make it useful in extremely high security areas where accountability is of utmost importance (Nanavati. S, (2002),) .Hand/Finger GeometryHand or finger geometry is an automated measurement of many dimensions of the hand and fingers. uncomplete of these methods takes actual prints of the palm or fingers. Only the spatial geometry is examined as the user puts his hand on the sensors surface and uses guiding poles between the fingers to properly place the hand and initiates the reading. Hand geometry templates are typically 9 bytes, and finger geometry templates are 20 to 25 bytes. Finger geometry usually measures two or three fingers. Hand geometry is a well- true technology that has been thoroughly field-tested and is easily accepted by users. (Nanavati. S, (2002),) See example below of a typical hand geometry.Iris scanningThis is similar to retina scanning in method and level of accuracy. However, its application is considered less intrusive and is thus becoming more common. Recently, it has been introduced into the airline and banking industries and while system integration remains a challenging part of implementation, improvements are continually being made (5).Fa cial ScanningThese applications are most often used in conjunction with other verification methods such as identification cards systems or with existing security cameras and monitors. This method utilizes high resolution images of distinct facial features such as eye sockets, shape of the nose, and/or the position of certain features relative to each other (1). Problems arise with this application if the subject is not properly positioned for the camera or if environmental changes such as lighting changes prevent an accurate read. (Nanavati. S, (2002)).2.4.2 Behavioural BiometricsBehavioural biometrics is said to be the ability for a system to be able to recognizing, identifying and authenticating a users based on there behavioural characteristic, which are unique to them. Basically this type of biometric can be learnt or developed over a period of time, and may follow a particular pattern of usage by the individual. Example of some behavioural traits used in biometrics is as follow s handwriting, speech, keystroke, walking pattern, e.t.c. In the nutshell, this type of biometric identification over a certain period can be changed due to some factors like age, weather etc. As a result of the changes in this type of biometric application, for the system to still maintain a secured system training or registering repetitions is to be carried out from time to time. Some of the behavioural biometrics are stated here below and will be explained further as we proceed in this research work.( Nanavati. S, (2002))Signature VerificationThis verification means has been existing for a long time, they are mostly used in the banking sectors to identify individual who make use of there services. They are used mostly to give authorisations to documents like cheques, contracts and sensitive documents. Despite its long time existence, automating the recognition process remains a challenge because peoples signatures are not always identical and can change drastically over time. The se changes could be as a result of some factors like old age, mental or physical state e.t.cVoice RecognitionIs a behavioural biometrics which is mainly based on an individuals speech pattern. Here a persons voice is compared or recognized based on its previously recorded stored voice output. Voice verification is a sensitive biometric type of approach because of its acceptability by a lot of user and also high rated error could be significant since it is not really invasive like the physiological biometrics, an example of its use is in telephone transactions. (Nanavati. S, (2002))Keystroke BiometricsThis type of behavioural biometrics is an automated method of examining and monitoring the typing patterns of an individual on a keyboard. The technology examines and determines the dynamics characteristic rhythms, speed, and pressure, also calculating the total time used in typing a particular word, the time the individual or user takes to hitting certain keys. This technique could be combined with the traditional password system to improve security when accessing sensitive information on computer systems using keyboards or mouse .Basically this method of verification is quite new and still in it development stage, but not to say it has not been in use. Also the keystroke biometrics is of high flexibility because it can accommodate the changing of password over a time when users observes behavioural changes. The keystroke biometrics as it has advantages so does it have its disadvantages as well. In the nutshell these said biometrics applications (Keystroke biometrics) will be talked about more as we proceed in the research work.2.5.0 Advantages and Disadvantages of the polar Identification Mechanisms.The pros and cons associated with specific devices are highlighted belowFingerprint ReadersPros Not much storage space is required for the biometric templateCons Has traditionally been associated with criminal activities and thus users could be reluctant to adopt th is form of biometric a