112 research outputs found

    Enhancing Security of Automated Teller Machines Using Biometric Authentication: A Case of a Sub-Saharan University

    Get PDF
    A wide variety of systems need reliable personal recognition systems to either authorize or determine the identity of an individual demanding their services. The goal of such systems is to warrant that the rendered services are accessed only by a genuine user and no one else.In the absence of robust personal recognition schemes, these systems are vulnerable to the deceits of an impostor. The ATM has suffered a lot over the years against PIN theft and other associated ATM frauds. In this research is proposed a fingerprint and PIN based authentication arrangement to enhance the security and safety of the ATM and its users. The proposed system demonstrates a three-tier design structure. The first tier is the verification module, which concentrates on the enrollment phase, enhancement phase, feature extraction and matching of the fingerprints. The second tier is the database end which acts as a storehouse for storing the fingerprints of all ATM users preregistered as templates. The last tier presents a system platform to relate banking transactions such as balance enquiries, mini statement and withdrawal. The system is developed to run on Microsoft windows Xp or higher and all systems with .NET framework employing C# programming language, Microsoft Visio studio 2010 and SQL server 2008. The simulated results showed 96% accuracy, the simulation overlooked the absence of a cash tray. The findings of this research will be meaningful to Banks and other financial institutions. Keywords:Ā  SQL Server, ATM, Fraud, .NET framework, financial institutions DOI: 10.7176/IKM/9-7-02 Publication date: August 31st 201

    Implementation of AES using biometric

    Get PDF
    Mobile Adhoc network is the most advanced emerging technology in the field of wireless communication. MANETs mainly have the capacity of self-forming, self-healing, enabling peer to peer communication between the nodes, without relying on any centralized network architecture. MANETs are made applicable mainly to military applications, rescue operations and home networking. Practically, MANET could be attacked by several ways using multiple methods. Research on MANET emphasizes on data security issues, as the Adhoc network does not befit security mechanism associated with static networks. This paper focuses mainly on data security techniques incorporated in MANET. Also this paper proposes an implementation of Advanced Encryption Standard using biometric key for MANETs. AES implementation includes, the design of most robust Substitution-Box implementation which defines a nonlinear behavior and mitigates malicious attacks, with an extended security definition. The key for AES is generated using most reliable, robust and precise biometric processing. In this paper, the input message is encrypted by AES powered by secured nonlinear S-box using finger print biometric feature and is decrypted using the reverse process

    The role of technology in improving the Customer Experience in the banking sector: a systematic mapping study

    Get PDF
    Information Technology (IT) has revolutionized the way we manage our money. The adoption of innovative technologies in banking scenarios allows to access old and new financial services but in a faster and more secure, comfortable, rewarding and engaging way. The number, the performances and the seamless integration of these innovations is a driver for banks to retain their customers and avoid costly change of hearts. The literature is rich in works reporting on the use of technology with direct or indirect impact on the experience of banking customers. Some mapping studies about the adoption of technologies in the field exist, but they are specific to particular technologies (e.g., only Artificial Intelligence), or vice versa too generic (e.g., reviewing the adoption of technologies to support any kind of banking process). So a specific research effort on the crossed domain of technology and Customer Experience (CX) is missing. This paper aims to overcome the following gaps: the lack of a comprehensive map of the research made in the field in the past decade; a discussion on the current research trends of top publications and journals is missing; the next research challenges are yet to be identified. To face these limitations, we designed and submitted 7 different queries to pull papers out of 4 popular scientific databases. From an initial set of 6,756 results, we identified a set of 89 primary studies that we thoroughly analyzed. A selection of the top 20% works allowed us to seek the most performant technologies as well as other promising ones that have not been experimented yet in the field. Main results prove that the combined study of technology and CX in the banking sector is not approached systematically and thus the development of a new specific research line is needed

    Securing Cloud Storage by Transparent Biometric Cryptography

    Get PDF
    With the capability of storing huge volumes of data over the Internet, cloud storage has become a popular and desirable service for individuals and enterprises. The security issues, nevertheless, have been the intense debate within the cloud community. Significant attacks can be taken place, the most common being guessing the (poor) passwords. Given weaknesses with verification credentials, malicious attacks have happened across a variety of well-known storage services (i.e. Dropbox and Google Drive) ā€“ resulting in loss the privacy and confidentiality of files. Whilst today's use of third-party cryptographic applications can independently encrypt data, it arguably places a significant burden upon the user in terms of manually ciphering/deciphering each file and administering numerous keys in addition to the login password. The field of biometric cryptography applies biometric modalities within cryptography to produce robust bio-crypto keys without having to remember them. There are, nonetheless, still specific flaws associated with the security of the established bio-crypto key and its usability. Users currently should present their biometric modalities intrusively each time a file needs to be encrypted/decrypted ā€“ thus leading to cumbersomeness and inconvenience while throughout usage. Transparent biometrics seeks to eliminate the explicit interaction for verification and thereby remove the user inconvenience. However, the application of transparent biometric within bio-cryptography can increase the variability of the biometric sample leading to further challenges on reproducing the bio-crypto key. An innovative bio-cryptographic approach is developed to non-intrusively encrypt/decrypt data by a bio-crypto key established from transparent biometrics on the fly without storing it somewhere using a backpropagation neural network. This approach seeks to handle the shortcomings of the password login, and concurrently removes the usability issues of the third-party cryptographic applications ā€“ thus enabling a more secure and usable user-oriented level of encryption to reinforce the security controls within cloud-based storage. The challenge represents the ability of the innovative bio-cryptographic approach to generate a reproducible bio-crypto key by selective transparent biometric modalities including fingerprint, face and keystrokes which are inherently noisier than their traditional counterparts. Accordingly, sets of experiments using functional and practical datasets reflecting a transparent and unconstrained sample collection are conducted to determine the reliability of creating a non-intrusive and repeatable bio-crypto key of a 256-bit length. With numerous samples being acquired in a non-intrusive fashion, the system would be spontaneously able to capture 6 samples within minute window of time. There is a possibility then to trade-off the false rejection against the false acceptance to tackle the high error, as long as the correct key can be generated via at least one successful sample. As such, the experiments demonstrate that a correct key can be generated to the genuine user once a minute and the average FAR was 0.9%, 0.06%, and 0.06% for fingerprint, face, and keystrokes respectively. For further reinforcing the effectiveness of the key generation approach, other sets of experiments are also implemented to determine what impact the multibiometric approach would have upon the performance at the feature phase versus the matching phase. Holistically, the multibiometric key generation approach demonstrates the superiority in generating the bio-crypto key of a 256-bit in comparison with the single biometric approach. In particular, the feature-level fusion outperforms the matching-level fusion at producing the valid correct key with limited illegitimacy attempts in compromising it ā€“ 0.02% FAR rate overall. Accordingly, the thesis proposes an innovative bio-cryptosystem architecture by which cloud-independent encryption is provided to protect the users' personal data in a more reliable and usable fashion using non-intrusive multimodal biometrics.Higher Committee of Education Development in Iraq (HCED

    Recent Application in Biometrics

    Get PDF
    In the recent years, a number of recognition and authentication systems based on biometric measurements have been proposed. Algorithms and sensors have been developed to acquire and process many different biometric traits. Moreover, the biometric technology is being used in novel ways, with potential commercial and practical implications to our daily activities. The key objective of the book is to provide a collection of comprehensive references on some recent theoretical development as well as novel applications in biometrics. The topics covered in this book reflect well both aspects of development. They include biometric sample quality, privacy preserving and cancellable biometrics, contactless biometrics, novel and unconventional biometrics, and the technical challenges in implementing the technology in portable devices. The book consists of 15 chapters. It is divided into four sections, namely, biometric applications on mobile platforms, cancelable biometrics, biometric encryption, and other applications. The book was reviewed by editors Dr. Jucheng Yang and Dr. Norman Poh. We deeply appreciate the efforts of our guest editors: Dr. Girija Chetty, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park and Dr. Sook Yoon, as well as a number of anonymous reviewers

    The potential use of smart cards in vehicle management with particular reference to the situation in Western Australia

    Get PDF
    Vehicle management may be considered to consist of traffic management, usage control, maintenance, and security. Various regulatory authorities undertake the first aspect, fleet managers will be concerned with all aspects, and owner-drivers will be interested mainly in maintenance and security. Car theft poses a universal security problem. Personalisation, including navigational assistance, might be achieved as a by-product of an improved management system. Authorities and fleet managers may find smartcards to be key components of an improved system, but owners may feel that the need for improved security does not justify its cost. This thesis seeks to determine whether smartcards may be used to personalise vehicles in order to improve vehicle management within a forseeable time and suggest when it might happen. In the process four broad questions are addressed. ā€¢ First, what improvements in technology are needed to make any improved scheme using smartcards practicable, and what can be expected in the near future? ā€¢ Second, what problems and difficulties may impede the development of improved management? ā€¢ Third, what non-vehicle applications might create an environment in which a viable scheme could emerge? ā€¢ Finally, is there a perceived need for improved vehicle management? The method involved a literature search, the issue of questionnaires to owner drivers and fleet managers, discussions with fleet managers, the preparation of data-flow and state diagrams, and the construction of a simulation of a possible security approach. The study concludes that although vehicle personalisation is possible- and desirable it is unlikely to occur within the next decade because the environment needed to make it practicable will not emerge until a number of commercial and standardisation problems that obstruct all smartcard applications have been solved

    Malware-Resistant Protocols for Real-World Systems

    Get PDF
    Cryptographic protocols are widely used to protect real-world systems from attacks. Paying for goods in a shop, withdrawing money or browsing the Web; all these activities are backed by cryptographic protocols. However, in recent years a potent threat became apparent. Malware is increasingly used in attacks to bypass existing security mechanisms. Many cryptographic protocols that are used in real-world systems today have been found to be susceptible to malware attacks. One reason for this is that most of these protocols were designed with respect to the Dolev-Yao attack model that assumes an attacker to control the network between computer systems but not the systems themselves. Furthermore, most real-world protocols do not provide a formal proof of security and thus lack a precise definition of the security goals the designers tried to achieve. This work tackles the design of cryptographic protocols that are resilient to malware attacks, applicable to real-world systems, and provably secure. In this regard, we investigate three real-world use cases: electronic payment, web authentication, and data aggregation. We analyze the security of existing protocols and confirm results from prior work that most protocols are not resilient to malware. Furthermore, we provide guidelines for the design of malware-resistant protocols and propose such protocols. In addition, we formalize security notions for malware-resistance and use a formal proof of security to verify the security guarantees of our protocols. In this work we show that designing malware-resistant protocols for real-world systems is possible. We present a new security notion for electronic payment and web authentication, called one-out-of-two security, that does not require a single device to be trusted and ensures that a protocol stays secure as long as one of two devices is not compromised. Furthermore, we propose L-Pay, a cryptographic protocol for paying at the point of sale (POS) or withdrawing money at an automated teller machine (ATM) satisfying one-out-of-two security, FIDO2 With Two Displays (FIDO2D) a cryptographic protocol to secure transactions in the Web with one-out-of-two security and Secure Aggregation Grouped by Multiple Attributes (SAGMA), a cryptographic protocol for secure data aggregation in encrypted databases. In this work, we take important steps towards the use of malware-resistant protocols in real-world systems. Our guidelines and protocols can serve as templates to design new cryptographic protocols and improve security in further use cases

    Social, Private, and Trusted Wearable Technology under Cloud-Aided Intermittent Wireless Connectivity

    Get PDF
    There has been an unprecedented increase in the use of smart devices globally, together with novel forms of communication, computing, and control technologies that have paved the way for a new category of devices, known as high-end wearables. While massive deployments of these objects may improve the lives of people, unauthorized access to the said private equipment and its connectivity is potentially dangerous. Hence, communication enablers together with highly-secure human authentication mechanisms have to be designed.In addition, it is important to understand how human beings, as the primary users, interact with wearable devices on a day-to-day basis; usage should be comfortable, seamless, user-friendly, and mindful of urban dynamics. Usually the connectivity between wearables and the cloud is executed through the userā€™s more power independent gateway: this will usually be a smartphone, which may have potentially unreliable infrastructure connectivity. In response to these unique challenges, this thesis advocates for the adoption of direct, secure, proximity-based communication enablers enhanced with multi-factor authentication (hereafter refereed to MFA) that can integrate/interact with wearable technology. Their intelligent combination together with the connection establishment automation relying on the device/user social relations would allow to reliably grant or deny access in cases of both stable and intermittent connectivity to the trusted authority running in the cloud.The introduction will list the main communication paradigms, applications, conventional network architectures, and any relevant wearable-speciļ¬c challenges. Next, the work examines the improved architecture and security enablers for clusterization between wearable gateways with a proximity-based communication as a baseline. Relying on this architecture, the author then elaborates on the social ties potentially overlaying the direct connectivity management in cases of both reliable and unreliable connection to the trusted cloud. The author discusses that social-aware cooperation and trust relations between users and/or the devices themselves are beneļ¬cial for the architecture under proposal. Next, the author introduces a protocol suite that enables temporary delegation of personal device use dependent on diļ¬€erent connectivity conditions to the cloud.After these discussions, the wearable technology is analyzed as a biometric and behavior data provider for enabling MFA. The conventional approaches of the authentication factor combination strategies are compared with the ā€˜intelligentā€™ method proposed further. The assessment ļ¬nds signiļ¬cant advantages to the developed solution over existing ones.On the practical side, the performance evaluation of existing cryptographic primitives, as part of the experimental work, shows the possibility of developing the experimental methods further on modern wearable devices.In summary, the set of enablers developed here for wearable technology connectivity is aimed at enriching peopleā€™s everyday lives in a secure and usable way, in cases when communication to the cloud is not consistently available
    • ā€¦
    corecore