Security And Privacy Of Biometric Recognition

Question: Research into the different types of biometric systems which are currently available for access control systems. Briefly describe the techniques and technologies used for each type and discuss the advantages and disadvantages for the three types below. Give an example application when each type could be used. Answer: The biometric sensors or the gain access to control systems usually are classified into two kinds these are physiological Biometrics and the Behavioral Biometric.The physiological biometrics might include the following; face recognition, palm and gait recognition as well as the Iris recognition (Myers, 2017, pp. 43). On the other hand the behavioral biometric include the signature, voice recognition. Physiological biometrics Palm and gait recognition When it comes to the palm recognition there is a three dimensional image of the hand which is collected and compared to the stored sample. This device performs a great amount of the identification within a short time. These technologies are installed in the situations where there is a large number of individuals such as the airports (Prabhakar, Pankanti Jain, 2003, pp. 33-42). On the other hand this technology is expressed not only by the way an individual looks or sounds, but also the manner in which a person walks. The technology is applied to moving perambulatory subjects. This technology is useful especially in the surveillance (Ross Jain, 2004, pp. 134-145). Advantages They could be utilized in a range of the environment. They can perform a great amount of identification within a short period of time (Ross Jain, 2004, pp. 145). Disadvantage The performance of the technology could deteriorate over time. They have the added difficulty of having to sample and identify the movement especially for the gait recognition. Face recognition This kind of biometric computer application that is capable of identifying as well as verifying a individual from the digital image through comparing as well as analyzing the patterns. These kind of biometric systems are used in the security systems (Prabhakar, Pankanti Jain, 2003, pp. 33-42). The application works with the face prints and the systems are capable of recognizing 80 nodal points on the human face. Advantages The technology is capable of searching against the static image such as the driver license or even the passports. It is the only biometric which is capable of operating without the cooperation of the user. Matching of the accuracy is reduced as a result of the acquisition environment. Disadvantages Matching of the accuracy is reduced as a result of the reduced changes especially in the physiological aspects. Most of the devices are unable to enroll some percent of the users as well as performance could be deteriorated over time. Iris recognition In this kind of bio-metric the method used in identifying individual depends on the single patterns in the region of the ring shaped encircled the pupil of eye (Prabhakar, Pankanti Jain, 2003, pp. 33-42). Furthermore, it includes a blue, gray or brown color with the hard patterns which are recognizable when one looks closely. Advantages There are high levels of accuracy with this biometric This biometric technology can maintain stability of the features over some time. Disadvantage The disadvantage of iris biometric is that it has a propensity for the false rejection. The acquisition of the images entails some moderate attention as well as training. Behavioral Biometric Voice recognition This is a technology that is utilized to produce speech patterns via combining both behavioral along with physiological aspects which are captured through processing the speech technology. The significant properties that are utilized to authenticate the speech is the nasal tone (Ross Jain, 2004, 140). This biometric could be separated into the various categories based on the type of authentication domain such as fixed text method, text independent method or even the conversational techniques. Signature recognition This type of biometric method is used in analyzing as well as measuring the physical activity of signing the pressure utilized, the order of the stroke and the speed. A number of the biometric are utilized to review the visual images of the signatures. This biometric might be operated into alternative ways for example the static and the dynamic. Advantages and disadvantages of the biometrics Advantages Increased security: Biometric technology could offer a higher degree when it comes to the security as compared to the other traditional authentication methods. Increased convenience: the use of the biometric authentication allows higher levels of the rights and the privileges with a much success to the authentication (Myers, 2017, pp. 49). They allow an increase convenience since they can protect the data without any need for the human intervention. Increased accountability: the deployment of the biometric application to secure access to the computers as well as other facilities eliminate any occurrences such as the buddy punching, thus offer a higher level of certainty on who to access the system. Disadvantages There is tendency of privacy abuse due to the non-cooperative enrollment as well as identification capabilities. (b) Privacy-enhancing technologies (PETs) used on the Internet Communications anonymizers: These technologies usually hide the real online identity such as the IP address and the email address and then replace them with the non-traceable identity. These technologies could be applied to the email, web browsing, as well as the instant messaging. Enhanced privacy ID: It is a digital signature algorithm supporting anonymity. It provides a typical grouping public verification crucial related to lots of the unique private signature keys. The application was made to permit prove a device to the external party what type of the device it is without necessary revealing the exact identity. Access to personal data: This service providers provides the infrastructure that allows the users to inspect, correct or perhaps remove all the data that is stored at the service provider. Different types of threats and vulnerabilities which can be used to attack the WSN Denial of service attack (DoS) These occurs when the attacker continuously bombards the Access point which is targeted or even a network with the bogus requests, failure information, as well as the commands (Alam De, 2014, pp. 67). DoS attack is an event which diminishes or even eliminate the capacity of the network in performing the expected function through the failures of the hardware, bugs in the software, exhaustion of the resources, as well as the malicious transmitting of the higher energy signals . The communication techniques could be jammed entirely in case such attacks might be successful (Lupu, Rudas, Demiralp Mastorakis, 2009, pp.54). Other denial of the services attacks is much possible such as inhibiting communication through the violation of the MAC protocol (Lupu, Rudas, Demiralp Mastorakis, 2009, pp. 59). These might result in authentic end users to manage to get to the network and might cause the network in crashing (Ghildiyal, Mishra, Gupta Garg, 2014, pp. 1163). This attack generally rely on the abuse of the protocols for instance the Extensible Authentication protocol. How to mitigate the threat The technique which is used to prevent this attack includes the payment for the network resources, push back as well as a strong authentication along with the identification of the traffic. Moreover, there are some other techniques which are used in securing the reprogramming process such as the authentication flows (Lupu, Rudas, Demiralp Mastorakis, 2009, pp. 65). The choice for the DoS is to rekey the request packet. Therefore, it comes from the node only when two consecutive keys have been invalidated or lifetime of the key has expired. Sybil Attack: Wireless sensor network is vulnerable to the Sybil attack. In this case the node could be more than one node which is utilizing various identities of the legal nodes. A given single node could present multi identities to the other nodes which are in the network (Lupu, Rudas, Demiralp Mastorakis, 2009). Sybil attack it tries to degrade the integrity of the data, security as well as the utilization of the resource which the distributed algorithm attempts to achieve. Figure 1: The diagram show the Sybil attack How to mitigate the vulnerability This vulnerability could be mitigated through authentication as well as encryption mechanisms which prevent the outsiders from launching the attack to the wireless sensor networks (Ngo, Makihara, Nagahara, Mukaigawa Yagi, 2014, pp. 228-237). Moreover, the use of the public key cryptography could be used to avoid the insider attack. This method could be very costly especially to the resource constructed sensor networks. Identities need to be verified through use of the public key cryptography (Fragkiadakis, Angelakis Tragos, 2014, pp. 78). Other ways to prevent the vulnerability would be through use of the radio resource testing, verification of the key sets especially to the random pre-distribution of the key and the registration and position verification particularly in the sensor networks. Software attacks When it comes to the software program dependent attacks on the WSNs, the attacker might try making adjustment to the software code in the memory or perhaps exploiting the known vulnerabilities when it comes to the code of the software (Galbally, Marcel Fierrez, 2014, pp. 710-724). Example of a well known attack is the buffer overflow attack. In this attack the method attempts to store the data beyond the boundaries of the set length of the buffer, therefore results to overwriting extra data on the adjoining locations of the memory. How to mitigate the vulnerability/threat There are various countermeasures which could be employed to secure the WSN software and prevent it against software attacks they are follows: Authentication and validation of the software through remote software based attestation especially to the sensor networks. Defining accurate trust of the boundaries to the various components and users. Utilizing of the restricted environment for example the Java Virtual Machine (Rao, Rai Narain, 2017, pp. 4-8). Attestation of the hardware: It is the trusted computing group platform as well as the next generation acquire computing base that provides this kind of attestation. A more equivalent model might be utilized in the sensor networks (Kumar, Jain Barwal, 2014, pp. 859-868). Dynamic runtime encryption and decryption for the software program. This really is much like encrypting or even decrypting the data except that the code is running on the device which is being decrypted (Wu, Ota, Dong Li, 2016, pp. 416-424). This could prevent any kind of malicious user from exploiting this particular software. References Alam, S., De, D. (2014). Analysis of security threats in wireless sensor network. arXiv preprint arXiv:1406.0298. Fragkiadakis, A., Angelakis, V., Tragos, E. Z. (2014). Securing cognitive wireless sensor networks: a survey. International Journal of Distributed Sensor Networks, 2014. Galbally, J., Marcel, S., Fierrez, J. (2014). Image quality assessment for fake biometric detection: Application to iris, fingerprint, and face recognition. IEEE transactions on image processing, 23(2), 710-724. Ghildiyal, S., Mishra, A. K., Gupta, A., Garg, N. (2014). Analysis of Denial of Service (DOS) Attacks in wireless sensor networks. IJRET: International Journal of Research in Engineering and Technology, 3, 2319-1163. Kumar, V., Jain, A., Barwal, P. N. (2014). Wireless sensor networks: security issues,challenges and solutions. International Journal of Information and Computation Technology (IJICT), 4(8), 859-868. Lupu, T. G., Rudas, I., Demiralp, M., Mastorakis, N. (2009, September). Main types of attacksin wireless sensor networks. In WSEAS International Conference. Proceedings. Recent Advances in Computer Engineering (No. 9). WSEAS. Myers, S. A. (2017). U.S. Patent No. 9697409B2. Washington, DC: U.S. Patent and Trademark Office. Ngo, T. T., Makihara, Y., Nagahara, H., Mukaigawa, Y., Yagi, Y. (2014). The largest inertial sensor-based gait database and performance evaluation of gait-based personal authentication. Pattern Recognition, 47(1), 228-237. Prabhakar, S., Pankanti, S., Jain, A. K. (2003). Biometric Recognition: Security and privacy concerns. IEEE security privacy, 99(2), 33-42. Rao, J D. P., Rai, M. S., Narain, B. (2017). A study of Network Attacks and Features of Secure Protocols. Research Journal of Engineering and Technology, 8(1), 04-08. Ross, A., Jain, A. (2004, May). Biometric sensor interoperability: A case study in fingerprints. In ECCV Workshop BioAW (pp. 134-145). Wu, J., Ota, K., Dong, M., Li, C. (2016). A hierarchical security framework for defending against sophisticated attacks on wireless sensor networks in smart cities. IEEE Access, 4, 416-424.