Biometric Applications for Information Security

Biometric Applications for Information SecurityChapter 11 .0 IntroductionIn young measure, the recitation of computer towards admission priceing education has increase and this has make our lives simplified in diametrical ways, w here(predicate)by easing people around the globe to communicate and piece learning. Due to this growing computer engineering science, the indispensability for an improved net utilisation receipts which involves public feelering these devices is to be put in bit. Generally, this advancement in acquaintance towards the substance ab victimization up of modernised technology has lead to the investigating and unveiling of spick-and-span terrors to computer form security measures which affects the at puzzles g everywherening bodys.From my search carried start it has been sight that just about organisations ar in search of better performer of improving their learning security agreement, and to a fault a live effective means towards s afeguards a shitst snake oil and im almostoneation .As we all know that data protection is a worthful resource which must be kept strictly, controlled and managed properly in an organisation. In the nutshell, the term security basically referred to as the protection and guidance of a frame from unauthorised inlet, be it intentional or accidentally, disregarding of the inspection and repair provided by the database management form of rules. This unravel ordain globally involve the theatrical role of keystroke kinetics as a means of establishing a singular identity, which entrust be apply as an additional measure towards enhancing breeding/data security in an organisation (e.g. Banks, Institutions, legislative departments, finance ho roles, production firms etc.. This fantastic identity give help present a safeguard towards authenticating the rec all oer to computers by recognizing an individual implant on his stored features i.e. mouse movement, keyboard cov ering, type beat etc.The protection of an nurture database system at all level in an organisational system, has over the years become an essential concern, this is as a exit of evident character of threats and unauthorised advances made by venomous individuals. Many organisations, over the years g unmatch playing field ahead towards the development and acceptation of a stronger web- found services of computer controls, because from my search I gathered that entropy and transaction worth fortunes argon been dealt with on a daily hindquarters and the organisation has to ensure its protection by all means. Because any fracture of security exit lead to fatal destruction of the system. During my report it was noniced that in close to organisational cover, the opening to info database system where usually confine through the use of a login ID/pass intelligence protection scheme. This has been in place for years and if by any means this scheme is breached, and then th e organisations teaching is generally exposed towards any possible double- typed misuse. During my question work I gathered that, computer hardw argon based security managed systems has a positivist impact towards the reduction of unauthorised access by imposter. According to David Zhang and anil Jain 2006, in therebook Advance biometric it stated that adoption rate is lighten study dependent and the results indicate that the false credenza ratio (FAR) is still on the order of 5%, beyond the delicious risk level of many organizations, considering the costs in terms of hardw atomic number 18 and reproduction time. In the nutshell it will be give tongue to that security and database plays an crucial role in all areas where computers are utilise, including business, electronic commerce, engineering, medicine, law, library intelligence and many lot of more fields.I would like to give a brief definition of what database is all about and its surrounding offsprings on which w e will deal with as we proceed on the project work. Generally, database buns be said to be a cart where info are stored, updated and resumed, it is a very important part of everyday life, and has to be secured from utterances. The term Biometric said to be gotten from the combination of the Greek speech communication Bios, which means life, and Metrikos which is said to be measuring. This technology is said to be the ability to identify an individual based on their anomalous quality, which evict any be physiologically (passive) or behavioural (active) characteristic mode of acknowledgement.Over the years it has been notice that iodine of the most secured and effective means of authenticating and identifying an individual involves the balk of their personal unequaled characteristic. This is sometimes usually d iodine in conjunction with a surrender or token (know as multi- instrument assay-mark) as well by substance ab users name and password. bingle of the proper way s of managing biometric secured information database complicates its registration, storage, and verification which is known as Biometric individuality Management. However, from look for Information security is known to be one of the fastest growing areas in the IT world, and its efficiency is to be assured by minimising exposure to external and internal attacker. Enhancing information security using keystroke dynamics (Behavioural biostatistics) as an additional measure in organisations as my research topic was brought to light. This research report is basically aimed at reviewing information database security system and the use of keystroke biometric towards security enhancement, where by reviewing the effective implementation, design and management of information system in organisation, and protecting it from intruder. Also it will clearly shine up on the pros and cons of handed-down means compared to biostatistics means of action. I will strictly focalisation on keyst roke biostatistics, which is a human behavioural biometric whereby admit for any form of physiological attribute, is not requisite. This study (Information security and biometric application) will be place into the following stages (Nanavati. S, (2002), Von Solms S.H (2000))Identification and trademark An individual been identify and authenticatedAuthorisation Being authorised to use certain resourcesConfidentiality Ensuring hidden information i.e. data or software, stays confidential and accessible but to authorised individualsIntegrity Making sure only authorised individuals can change the heart of data or softwareNon-denial Ensuring that an individual cannot renounce the authorisation of a transaction (e.g. in Banks), like ever-changing the limit of data.The deployment of Biometrics and the above stages will collect a solid dis invest of the technology and why it is been deployed, its mode of function, performance and accuracy will be looked into and analysed. A lso the choice of which biometric application to use depends passing on the think application of the system, here are some of the biometric applications in existence today finger print face recognition, hand geometry and iris recognition etc. both(prenominal) of these biometric features are applied in areas like, time and attendance systems, voters registration, immigration and border control, access control, computer security, and financial firms. This project research work will involve a practical part of the application and to reach out the aims successfully, the following objective will be put into consideration.ObjectivesPresenting expound of biometric applications for information security purposes.Comprehensive review on information security threat, breaches, sentiency solutions and discussing case studies on its effect on organisational system.Building / implementing a keystroke access database application.Critically analyse and evaluate the impact of the design keystr oke en qualified database(Pros and Cons)To break up on findings and recommendation for future developments of information security system.1.1 Why the acquire and GoalsThe scope of this study is to present, review and analyse problems which are been faced in organisations information security, where by been able to create and suggest a means of securing stark naked information from external sources and mostly internal sources. In youthful times from information gathered it has been found that most security breaches /threat in organisations brace been linked to internal sources. present I will recommend a keystroke biometric application in organisations which are known to surrender a friendly environment between member of staff and the blue-blooded of sharing personal details, are on the high side. Generally I am not saying there are no securities measures in organisations to curb these intrusions, but as originally mentioned most of these leakages are carried out by internal sources. But most organisations turn over use of traditional login process (user names and password, chip and pin). Alternatives to password-based trademark, keystroke biometric can either be utilise as an additional measure or replace the traditional system, this can help identify intruded and access are denied. A special focalise will be on keystroke dynamics, in which counterbalancely, the goal is to verbalize requirements which these substitute(a) authentication schemes need to satisfy. After reviewing the alternative rules from a security and usability request of view, the result should be to answer the question whether the presented schemes is capable of being alternatives to password-based authentication mechanisms or not.1.2 Related Studies.In the past and at present a lot of studies and researches is been carried out, in regards to users identification, verification and authentication, with their respective ways of securing information system. Keystroke dynamics w as first introduced in the early 1980s as a method for identifying the individuality of a given sequence of characters entered through a traditional computer keyboard (R. Gaines, W. Lisowski, S. ). Keystroke dynamics originated from studies of the typing patterns exhibited by users when entering text into a computer using a standard keyboard. Researches in this field cerebrate on the keystroke pattern in terms of keystroke duration and keystroke latencies. Evidence from advance studies indicated that typing patterns were sufficiently alone(p) and easily distinguishable from one another, ofttimes like a persons written signature (R. Gaines, W. Lisowski, S., R. Joyce and G. Gupta ).Here are some studies which have been carried out towards information security such as that conducted by Arwa Al-Hussain (2008), Biometric-based authentication Security, Saleh Bleha, Charles Slivinsky, and Bassam Hussein Computer-access security systems using keystroke dynamics, R. Joyce and G. Gupta User license based on keystroke latencies. And also Revett, K. and Khan, A, 2005, carried out a research on Enhancing login security using keystroke hardening and keyboard griddling. But In my research work I will look into all aspect of biometric applications in regards to keystroke dynamic application and it suitability towards detecting intruders trying to gain access into a database information system.1.3 Problem StatementIn this research which is to endeavor the implementation of keystroke biometric and mouse application as a security measures towards h previous(a) oning the gaining of access to sensitive data from unauthorised individual in organisation, also to prevent password sharing and identity theft from within and outside the organisation. To be able to achieve this, I will be looking into the dissimilar types of biostatistics and the added advantage presented by keystroke biometrics in relation to cost and easy of application. Finally I will not neglect the diffic ulties that may be encountered towards the successful achievement and completion of this research, also all indispensable steps will be taken to have a conclusive project work.1.4 Outline of Dissertation Topics and OrganisationThe other part of this penning work is organised and subdivided in the following pattern. Chapter 2 will focus more on the in-depth of Biometrics application, the benefits of biometrics compared to traditional authentication methods, advantages and disadvantages of the different identification mechanism ,it challenges and effect on todays participation and finally the different types of biometrics. Chapter 3 will concentrate on the information security issues, hearty engineering and security solutions presented by biometrics enhanced system. In Chapter 4 an in-depth analysis of the keystroke biometrics will be look into and its application towards information security. Chapter 5 will concentrate primarily on implementation of keystroke biometrics, a demon stration of its design application and functions, towards security enhancement and also user acceptability survey on the application mode will be analysed. Finally in chapter 6 I will conclude on findings and recommendation for future developments of information security system.Chapter 22.0 IntroductionFrom my research it has been gathered that access to most organisations computer systems which content various information are done by using authentication and identification means. The commonly utilize security approach towards identification and authentication is by login process, which involves the users ID and password. This has been in use for years towards the verification of a person trying to gain access to a computer information system. This mode of security approach has over the years been a macroscopical problem to most organisations security management system, as a result where workers could routinely serving passwords with one another, sometimes forgetting their passwo rds or stored them in places which they could be easily seen by other people. This has lead to the level of security breaches, threats and fraudulent transaction change magnitude to a disturbing state, due to this the need for highly secure identification and personal verification technologies is being searched for. From researches carried out it has been found that biometric authentication can solve some of these problems, whereby help in cut back this growing security threat to a minimal level. Another impressiveness of biometrics is its ability to improve the usability of a system since the person in use does not need to remember his or her passwords when trying to gain access to the information system. Biometrics as we know is not a new discovery to the world at large this has been in existence, during the BC and AD, just that of present more attention is been shown towards biometrics and its applications.2.1 Why Biometrics ApplicationsIn the application of biometrics towards security setting is Ten times the security for that of traditional means and also cost effective in the abundant run. Due to issues relating to Identity theft, terrorism and increase in the general level of crime which have also combined to heighten the need for a just technology security approach.( Security Seminar K. Tracy 1998) Biometrics application over the years has been the recommended solution choice for many organisational systems towards information security, twain privately owned and government companies are in use of biometric application towards brinytaining secured environmental system for information sharing and distribution.Lets imagine the ability to unlock the door, obtain money from a machine, authenticate a credit card, retrieve information from a system or even start a car with just a glance at a television camera or a touch, that is what bio application is all about and has helped to improve users security application by there uniqueness.2.2 Introduction to BiometricsWhat Is Biometrics The word biometrics is known to be gotten from a combination 2 words from Greek origin meaning (bios =life, metrikos (metrics) =measure).The terms Biometricshave been in existence since the twentieth century and was used to refer to the field of development of statistical and numerical methods applicable to data analysis problems in the biologic sciences (Nanavati. S. 2002). In the nutshell biometrics can be said to be an automatise method in science and technology which is used in recognising, measuring and statistically analyzing biological data of an individual. These bio measurements are done based on ones physiological or behavioural characteristics, which can be used to verify the identity of the individual. Some of the examples of biological characteristic include DNA, blood group genes, whereby animal(prenominal) characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, and behavioural characterist ics include signature, voice, gait and typing patterns (keystroke). One of the greatest important advantages of biometrics lies in the fact that physical or behavioural traits cannot be transferred to other individuals, or can they be forgotten. (Wikimedia Foundation, Inc, (2006),)2.3 How does biometrics work?Biometrics can be classified in two main types, which are as follows physiological biometrics, this involves the use of physical trait, such as a fingerprint, iris, hand or face for recognition of an individual. Here the physical traits are collected, then analyzed, measured and stored for use. In the case of fingerprint, it is automated through a numeric encryption of its ridges, splits, dots, valleys, furrows and minutiae points. This encryption is called an algorithm, creating a binary encoded template. The iris is also digitally stored using an algorithm in the similar way. (Wikimedia Foundation, Inc, (2006))The other type of biometric solution is behavioural biometric. T his mainly involves the use of a persons behavioural trait or pattern, such as a voice, signature or key stroke. These traits are stored in the same way to that of the physiological traits except that they are updated regularly to be able to cope with the ever changing patterns in the trait. The both type of biometrics are relevant to different situations and circumstances. Naturally it has been gathered that physiological biometrics has proved to be more reliable than that of behavioural biometric, in the whiz that physical traits generally stay the same all time irrespective of the age, while that of behavioural trait changes due to one or two situation which can be caused by advancement in age, learnt apparel or accidental causes.2.3.1 Mode of biometric operationsIdentificationIn biometrics operations, when the device/networked server hold a database of registered users and when these traits are presented, it is then authorizes the meddlesome of the database so as to establish a match with the presented trait. In possible action the device is asking Do I know you? This method of identification is called one too many (1 N) according to www.posid.co.uk.AuthenticationThe theory here is that the device is requesting Are you who you claim to be? By presenting a user id number or a Smartcard (containing the biometric algorithm) you then prove who you claim to be. In order to prove that this id number or Smartcard belongs to the user, one is requested to present his /her biometric trait directly to the device. You are authorized if they match and denied if they do not match. This method is called one to one (11) www.posid.co.uk.AuthorizationIn the nutshell this is known to be the last stage of a biometric system function, after identification the system search for a match and then confirms it authentication where by requesting unique feature and if matched with the stored details, you are then authorized. (Wikimedia Foundation, Inc, (2006))2.4 Importance Of Bi ometrics Over traditionalistic Authentication Methods-In present times most organisation, make use of Login passwords, PINs, and token towards verification and authentication for gaining access to there information database system. This are mainly designed to help protect and secure the organisations computer information network and its applications. However in most cases these technologies have been discovered to having some problems associated with them, mostly when faced with modern technology applications, like online minutes, which could involve the accessing of sensitive information such as medical reports, financial or income bear information. In order to reduce these increasing problems, biometrics features are been introduced in some of these computer information applications areas. As earlier stated, Biometrics is known to be an automated methods of recognizing and identifying an individual based on their physical or behavioural characteristics.(Samir Nanavati, Michael Thieme, Raj Nanavati 2002) Every individual different biometric characteristic which are unique and peculiar to them, no two person have or share the same biometric features. Some of the commonly known used biometric applications in todays society are facial, fingerprint, iris, hand scan, voice and dynamic signature. Biometric data application as a means and methods of identification is well preferred by organisation due to its several advantages over the known traditional method, which have been highlighted earlier in this chapter. Some of the major reason for the preference of bio data for information security system is that the individual to be identified is call for to be present physically during the identification process, and this identification process does not require the need for password remembrance in any form. With the present increasing integration of computer, as well as internet usage in our day to day activities towards information accessing, this has called for a growing need to use a more protective method on information system assessing. This could be done by either replacing the PINs (traditional method) totally with biometrics or combining the both towards effective security measures whereby prevents unauthorized access to computer information system. As stated in previous chapter, one of the biggest issues with the use of PINs or passwords as a security measure is that it could be forgotten, likewise tokens such as passports and drivers licenses may be forged, stolen, or confused which is unlikely in biometric traits. Basically biometric applications can be used for real-time recognition, and the most popularly used is face, voice, signature, iris and fingerprint. (S.Nanavati, M. Thieme, R. Nanavati 2002) In view to biometric application compared to the traditional application, a biometric system is basically known to be a pattern of recognition of an individual by determining the authenticity of a specific physiological or behavioura l characteristic possessed by the person. Several important issues are put into place during designing a functional biometric system. Basically all biometric systems consist of three (3) basic elements, which are as followsEnrolment It is known to be the process which involves the collecting of biometric samples from an individual, and this is captured and stores in a secured template in a central database or a smart card issued to the user.Templates This is a storage cart where all the data or information representing the individual/enrolees biometric features is stored. The template is usually been retrieved when identification is to be carried out on an individual.Biometrics system can operate using either verification (authentication) or identification mode.Matching It is a process which involves the study and analysing of individual biometric details which has been stored in the database system templates. Mainly the enrolment is the first stage during authentication, in which a template is then generated and will be used towards matching of the users authentication.2.4 Types of Biometric TechnologiesBiometric can be classified into two main classes which are Physiological and Behavioural biometrics, this involves two main modes of applications, which can be said to be contact and contactless biometric applications. The main function of biometric technology system is to assist in the controlling of access to a network system, and also helping to authenticate an individual by establishing there identity by comparing it with already stored details, which are unique to the individual. The most significant factor which enable the implementation of a biometric towards authentication is it uniqueness, i.e no two person can have same bio data and can not be lost or guessed. Looking at the recent increase in the breach of information system, biometric authentication system is a more reliable, good and effective to reduce this increasing threat compared to the tr aditional password based authentication process.2.4.1 Physiological Biometrics-In this type of biometric application, the individual is required to have biometric features stored in the bio data storage device (scanner).This device is where the users details are collected and stored for feature use. Due to reason that a person or individual stores their bio-data and need to make direct contact when needed to gain access to an information system, has made many people have to consider this to be a technology which invades on ones personal seclusion .Below are some examples.digitprint EvaluationThis is the most commonly used biometrics and the most advanced of all the biometric technologies and it is highly accurate. The challenges lies in change quality of fingerprints across individuals and in dealing with wear in the define irregularities in the ridges and valleys of ones finger (Nanavati. S, (2002),). New technologies have recently employed the use of pattern matching and ultras onic see rather than evaluation of the irregularities which has increased the accuracy of fingerprint examine and reduced the risk of misidentification. By scan the geometry of an individualshand, including height, width, shape and proportion, security systems can accurately recognize and identify individuals. This method is primarily used for physical access control and is considered the most profitable in terms of durability and application. In fact, hand scanning is used effectively where other biometrics technologies cannot work due to frequency, volume, or environmental disruptions. Here is a finger print sample from Wikipedia.Retina Scanningis considered among the most accurate of the biometric technologies through its evaluation of the shape and make-up of inner cake of the back of the eye. This method, while highly accurate, is also fairly costly and practically perceived as difficult to use. Other complications include interference from unlike objects such as eye glas ses or contact lenses. Further, scanning of a sensitive area such as ones eye decreases nakedness and willingness to use. Even so, the accuracy of retina scanning and the minimized risk of imitation make it useful in extremely high security areas where accountability is of farthest importance (Nanavati. S, (2002),) .Hand/Finger GeometryHand or finger geometry is an automated measurement of many dimensions of the hand and fingers. Neither of these methods takes actual prints of the palm or fingers. Only the spatial geometry is examined as the user puts his hand on the sensors grow and uses guiding poles between the fingers to properly place the hand and initiates the reading. Hand geometry templates are typically 9 bytes, and finger geometry templates are 20 to 25 bytes. Finger geometry usually measures two or three fingers. Hand geometry is a well-developed technology that has been thoroughly field-tested and is easily accepted by users. (Nanavati. S, (2002),) See example downsta irs of a typical hand geometry.Iris scanningThis is similar to retina scanning in method and level of accuracy. However, its application is considered less intrusive and is and so becoming more common. Recently, it has been introduced into the airline and banking industries and while system integration frame a challenging part of implementation, improvements are continually being made (5).Facial ScanningThese applications are most often used in conjunction with other verification methods such as identification card systems or with existing security cameras and monitors. This method utilizes high resolution images of distinct facial features such as eye sockets, shape of the nose, and/or the position of certain features relative to each other (1). Problems arise with this application if the subject is not properly positioned for the camera or if environmental changes such as lighting changes prevent an accurate read. (Nanavati. S, (2002)).2.4.2 Behavioural BiometricsBehavioural bi ometrics is said to be the ability for a system to be able to recognizing, identifying and authenticating a users based on there behavioural characteristic, which are unique to them. Basically this type of biometric can be learnt or developed over a period of time, and may follow a particular pattern of usage by the individual. Example of some behavioural traits used in biometrics is as follows handwriting, speech, keystroke, walking pattern, e.t.c. In the nutshell, this type of biometric identification over a certain period can be changed due to some factors like age, weather etc. As a result of the changes in this type of biometric application, for the system to still maintain a secured system training or registering repetitions is to be carried out from time to time. Some of the behavioural biometrics are stated here below and will be explained barely as we proceed in this research work.( Nanavati. S, (2002))Signature VerificationThis verification means has been existing for a l ong time, they are mostly used in the banking sectors to identify individual who make use of there services. They are used mostly to give authorisations to documents like cheques, contracts and sensitive documents. Despite its long time existence, automating the recognition process remains a challenge because peoples signatures are not always identical and can change drastically over time. These changes could be as a result of some factors like old age, mental or physical state e.t.cVoice RecognitionIs a behavioural biometrics which is mainly based on an individuals speech pattern. Here a persons voice is compared or recognized based on its previously recorded stored voice output. Voice verification is a sensitive biometric type of approach because of its acceptability by a lot of user and also high rated error could be significant since it is not really incursive like the physiological biometrics, an example of its use is in telephone transactions. (Nanavati. S, (2002))Keystroke BiometricsThis type of behavioural biometrics is an automated method of examining and observe the typing patterns of an individual on a keyboard. The technology examines and determines the dynamics characteristic rhythms, speed, and pressure, also calculating the total time used in typing a particular word, the time the individual or user takes to smasher certain keys. This technique could be combined with the traditional password system to improve security when accessing sensitive information on computer systems using keyboards or mouse .Basically this method of verification is quite new and still in it development stage, but not to say it has not been in use. Also the keystroke biometrics is of high flexibility because it can accommodate the changing of password over a time when users observes behavioural changes. The keystroke biometrics as it has advantages so does it have its disadvantages as well. In the nutshell these said biometrics applications (Keystroke biometrics) will be talked about more as we proceed in the research work.2.5.0 Advantages and Disadvantages of the Different Identification Mechanisms.The pros and cons associated with specific devices are highlighted belowFingerprint ReadersPros non much storage space is required for the biometric templateCons Has traditionally been associated with wretched activities and thus users could be reluctant to adopt this form of biometric a