Biometric Based Secured Authentication in Mobile Web Services

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)

695

Biometric Based Secured Authentication in Mobile Web

Services

Ms. K. M. Brindha Shree

1

, Mrs. M. Rajalakshmi

2

1_{Lecturer, Department of CSE, P. A. College of Engineering and Technology, Pollachi, Tamil Nadu} 2

Assistant Professor, Department of CSE, P. A. College of Engineering and Technology, Pollachi, Tamil Nadu

Abstract— Web service is a responsible for the machines to communicate with each other in World Wide Web. Most of the Web services in real world application developed were to work on PC Platforms, not in mobile. Web services developed on Mobile platforms have to overcome the challenges in this platform. Mobile based web services provide interoperability. In today’s development of technology, Hand held devices are ruling the world, so there is a need of mobile based services. The security in terms of mobile phones is the issue due to misplacement of the device or in terms of theft. Web services used in the mobile devices should be more secured to avoid the loss of data and unauthorized access of the web services. In the mobile devices accessing web services using a username and password combination leads to unauthorized access. To avoid this issue, Instead of this traditional combination, username along with one of the Biometric is used. In the Proposed system, fingerprint is used as a Biometric. Fingerprint authentication system provides more secured Web Service Application as fingerprint implies users own identity.

Keywords— Biometric, Finger Print,

Interoperability, Mobile, Web services, World Wide Web.

I. INTRODUCTION

Biometric based secured authentication in mobile web services is proposed. Biometrics is one of the authentication techniques that rely on measurable physiological and unique characteristics that can be automatically verified. A biometric system may operate either in verification mode or identification mode depending upon the application context. The need for highly secure identification and personal verification technologies is becoming apparent due to the level of security breaks and transaction fraud increases.

Biometric-based solutions are providing the confidential transactions and personal data privacy. Based on the characteristics, biometrics can be divided into two categories. First one physiological, it depends on the direct measurements of a part of the human body.

The second one is behavioural, it depends on the measurements and data derived from an action performed by the user and measuring some characteristics of the human body indirectly. Two groups of biometric-recognition tasks are: identification and verification or authentication. If the database is very large then identification requires a large amount of processing, and is time consuming. It is mainly used to determine the identity of a suspect from crime- scene information. If the user sample is only matched with a claimed identity-stored template and is often used to access places or information when the verification requires less computer load.

A web service is defined as a software system designed to support interoperability which means machine-to- machine interaction over a network. It interfaces between an application programming. Across the internet it can be published, located and invoked. It is subjected to unauthorized intrusion when the web service is connected to the internet. Security is needed in order to ensure the availability, confidentiality and integrity of the web services. For the strong authentication access controls such as biometrics should be employed. It is the most robust method to verify and identify an individual, when the person is enrolled. Finger print recognition system is a best method that has always gives the promise of highly accurate identity verification. Proposal describes how finger print biometric authentication helps to access web services.

II. EXISTING SYSTEM

(2)

International Journal of Emerging Technology and Advanced Engineering

696

Novel mobile-phone application architecture is proposed. The use of an embedded web browser, biometric is captured and sends to the web server. By the use of a mobile phone the biometric is captured during web session. The captured biometric can be stored in the server or used with local or remote.

Whenever a mobile phone is used, it is used to perform a biometric recognition during a web session. Instead of password the biometric-user authentication can be used. Applet Java, JavaScript, Microsoft Silver light and ActiveX control has been found to analyse the technologies used for embedded programs in a web page in order to capture and send the biometrics.

Three Biometric features are developed, namely online signature, speech and face

A. Online Signature system

For accessing to a remote site the online-signature system is designed to replace the password by the user’s signature.

i). Client side: To enable multi device authentication from both PC-like and Mobile-like web browsers. System has been developed. For that a touch screen in the mobile is required. By this signature is captured. The signature data is captured from the PC-like browser, a Java Applet. Signature data is first captured locally, and then it sends the captured data to the server, that has been developed. The Java applet allows the use of a graphic tablet, to provide greater versatility. In the mobile device, a mobile application with .NET programming environment has been developed for signature acquisition.

ii). Server side: An Apache server and Tomcat application server is used in the server side. The server modules are used to capture and pre-processing has been developed in the hypertext-processor (PHP) programming language. By using Java the verification engine was developed.

B. Voice-Based System

After authentication by speech, this application allows services/local data of the mobile device to be accessed, although the biometric recognition is performed remotely.

i). Client side: A system has been developed that provides multiservice authentication from both a PC and mobile device. In a PC browser, a Java Applet is used to capture/recognize the voice and sends voice to the server.

For speech attainment in the mobile device, an application in the .NET framework which operates almost the same as the signature system has been developed, but it has three dissimilarity as follows

1) The URLs required to manage the application from the remote-resource access are within the application code, which means it provides highest security but less versatility.

2) POST method is used to send the signature.

3) In order to manage the local access the up loader- component functionalities have been modified. The remote result of verification is accessed through messages introduced in the PHP page code responsible for the verification of the voice. While processing and testing the speech sample the up loader components also manages an errors.

ii). Server side: An Apache web server has been used. By using PHP programming language other server modules have been developed, for the capture engine. The pre- processing and verification engine uses C and UNIX Shell.

C. Face-Based System

After authentication by Face, this application allows services/local data of the mobile device to be accessed, although the biometric recognition is performed remotely. The characteristics are same to those shown in the speech based system, but an only difference is capturing the face image instead of speech to perform the authentication. Face based application was developed and has been performed, especially for Windows Mobile and Android devices. No one has approached the biometric recognition in a mobile Environment through the web.

It has been proved that the standard solutions to approach the problem in PC platforms, using Applets Java and ActiveX controls do not work under mobile platforms. Hence a new alternative is needed. To develop a biometric web application, embedding a web browser in a mobile- phone application, using a modular architecture Instead of embedding an application in the mobile phone.

III. P

ROPOSED

S

YSTEM

(3)

International Journal of Emerging Technology and Advanced Engineering

697

To enhance mobile identification and remote authentication and to enable multi model biometric interoperability by Combining biometrics and web services. The capabilities and reach of biometrics is improved by using Web services as a means for interoperability.

A. Web Services for Biometric Devices

WS-Biometric Devices, or WS-BD, is a control protocol for biometric devices. It is a new command for biometric devices. It uses the XML language for the web; it does not require proprietary knowledge of sensor.

i). Fingerprint: Fingerprint- based identification is the oldest method among all the biometric techniques, which has been successfully used in many applications. Thus everyone is known to have unique, invariable fingerprints. A Large volume of fingerprints are collected and stored everyday in a wide range of applications including access control, forensics and driver license registration. Hence an automatic recognition of people based on fingerprints requires that the input fingerprint be matched with a large number of fingerprints in a database.

ii). Fingerprint Based Devices: The fingerprint reader or scanner is certainly the most appreciable achievement of biometrics technology, which is growing as a breakthrough in security victuals. This device is based upon storing and comparing the key.

iii). Fingerprint Classification: It is desirable to classify these fingerprints in an accurate and consistent manner to reduce the search time and time complexity, so that the input fingerprint is required to be matched only with the subset of the fingerprints in the database. Hence it leads to the need of fingerprint classification. The Fingerprint classification technique is used to assign a fingerprint into one of the several pre-specified types such as arch loop whorl. First the given input finger print is matched at an indecent level to one of the pre-specified types and then, it is compared to the subset of the database containing that type of fingerprints at finer level.

iv). Fingerprint Matching: A fingerprint is made of series of crests and grooves on the surface of the finger. By the pattern of crests and grooves as well as the minutiae points, the uniqueness of a fingerprint can be determined. The minutiae points are local ridge characteristics such as delta, crossover, island, ridges bifurcation or a ridge ending.

B. Architecture

According to proposal, the modules are as follows

i). Data Capturing and Pre-processing: The fingerprint is captured from the fingerprint reader. The non- overlapping and unwanted regions are removed by pre- processing.

ii). Feature Extraction Pattern: The algorithm used in

Feature Extraction Pattern is Filter Bank Based Fingerprint Matching.

iii). Decision Making: The template stored in the database is compared with the extracted features.

[image:3.612.330.565.316.497.2]

iv). Accessing Web Services: If the pattern is matched, then the user access to the web services is allowed.

FIGURE 1 FLOW DIAGRAM OF THE SYSTEM

IV. IMPLEMENTATION

A. Data Capturing and Pre-processing

(4)

International Journal of Emerging Technology and Advanced Engineering

698

In two stages, the algorithm is implemented. In the first step, the process of obtaining the vertical oriented fingerprint image is carried out. The core point detection of a fingerprint is followed. For any type of fingerprints, the core point detection is efficiently identified. The developed algorithm is tested using a line based feature extraction algorithm with a large internal database and samples of fingerprint verification competition (FVC). Only for the poor quality images, broken ridges are identified which results in a difference in minutiae points. With the proposed algorithm, the tested images were oriented vertically and its genuine is verified by comparing the sundries details of the oriented and un- oriented image of the same subject.

Thus the fingerprint is captured from the fingerprint reader. The non-overlapping and unwanted regions are removed by pre-processing as shown in the following fig 2.

FIGURE 2 7SAMPLE INPUTS

B. Feature Extraction Pattern

The algorithm used in Feature Extraction Pattern is Filter Bank Based Fingerprint Matching. The steps involved in Feature Extraction is as follows

1. Have to determine a reference point and region of interest for the fingerprint image.

a. Manually choose the reference point.

b. The appropriate orientation field is computed and identification masks are used.

c. Poincare Index method.

2. The region of interest around the reference point is tessellated.

a. The region of eight different directions using a bank of Gabor filters is filtered.

3. The average absolute deviation from the mean (AAD) of gray values in individual sectors is computed in filtered images to define the feature vector or the finger code.

4. Try to find directional field i+w/2 j+w/2

Oy(i,j)=

∑ ∑ (G

x

(u,v)-G

y

(u,v))

u=i-w/2 v=j-w/2

θ(i,j)=1/2tan- 1_(O

x(i,j)/Oy(i,j))

Where Gx(u,v) Gy(u,v) are the gradients at each

pixel.θ(i,j) is the direction of the block (i,j).

5. Detect the singular point

a. Smooth the directional field of input fingerprint image and estimate it.

b. To compute the Poincare index in each block (8*8). The Poincare index is computed as follows:

Poincare(i,j)= 1/2Π∑

(k)= {

δ(k)=θ(X(k’),Y(k’))-θ(X(k),Y(k)),k’=(k+1) mod N

Where θ(i,j) is the directional field of fingerprint. X(k),Y(k) are the coordinates of the blocks which are in the closed curve with N blocks. The Poincare Index is said to be core block if it results in ½. The core point is the centre of this block. If more than two core points are detected, go to step 1.

C. Decision Making

The template stored in the database is compared with the extracted features. If both the features (fingerprint) are same then it will allow accessing the web services. If the features are not same then it will not allow accessing the web services.

D. Accessing Web Services

As stated in the abstract, username and one of the biometrics of the user is used to login to the mobile web service. Thus, some operations are performed and its outputs are obtained from web services based on the inputs.

(5)

International Journal of Emerging Technology and Advanced Engineering

699

V. ADVANTAGES

Fingerprint identification has many advantages by means of identification in various fields. The identification is accomplished by comparing the fingerprints of a new user with the already stored template in the database. If both the fingerprints are matched, then it is considered as a positive match. Many identification systems which use fingerprints go for a statistically notable match, rather than matching the whole fingerprint, it look for key makers which can be used for comparison.

The main advantage of fingerprint identification is that it is very well accepted in the government and also in the private sectors by giving better security. It has a long history in judicial science, complete with many studies which back up the use of fingerprints for identification. This honourable history gives it weight and faith which are not available to newer identification systems. Fingerprint identification is widely understand as highly accurate and very trustworthy, since the statistical chance of two people on Earth having identical fingerprints is very low. It is very easy to identify the mistaken fingerprints based on its accuracy factor.

VI. PRACTICAL APPLICATION

The main application is to use biometric for accessing web services. For example it is used in e-commerce or e- banking etc.

It can also be used to access local data or applications in the mobile phones, using remote biometric recognition. Many types of biometric methods can be implemented on mobile phones.

Thus it offers a wide range of possible applications such as mobile bank transaction service security, personal privacy protection and telemedicine examining. The sensor data collected by mobile phones are used for biometric identification and authentication is an emerging boundary and has been increasingly explored in the recent decade.

VII. CONCLUSION

The problem of accessing web service by using biometric authentication in mobile web services has been successfully approached. It has been focused on the problem of capturing the biometric with the biometric reader; after the finger print matching process the authentication gives the result as ―pass‖. Then the permission to access the web service for a particular application is provided.First it has been shown that there are several related works, projects and commercial applications about the biometric recognition.

In the proposed system the user finger print is used as the authentication. Biometric is stronger than passwords and balances between security and performance. Also biometric is stable and distinctive. That means there is no chance to forget the password because it can’t be lost or forgotten and it is easy to remember. Biometrics are unique in the sense, each user has a different or separate fingerprint pattern.

Second it has been proved that the standard solutions are used to authenticate the user’s finger print by a finger print reader. Then it is easy to access the web service in PC platforms. Whereas using the Applets Java, JavaScript, ActiveX controls, do not work under mobile platforms. Hence it needs a new alternative.

Thus the Modular architecture is needed to develop the web application in the web page. So Android 2.2 is used to develop a web service for the user. In this first the collected pattern from the user which is stored on the database. Finger print reader captures the user finger print it is given to the finger pass plug –in. Then the current template is matched with the already stored template if both are matched, then it gives the result as authentication ―PASS‖ otherwise it gives the result as ―FAIL‖. If the result is true then it is permitted to access the web service. The main characteristics of the proposal system are:

1) It is free of charge to the user.

2) There is no difficult to access a web service, even it is easier.

3) The server modification and mobiles multi platform application development costs are very low.

REFERENCES

[1 ] CarlosVivaracho-Pascual and Juan Pascual-Gaspar, ―On the use of mobile phones and Biometrics for accessing Restricted Web Services‖ IEEE Transactions on Systems and cybernetics, Vol 42- No.2, Mar 2012.

[2 ] Abhishek Nagar , Karthik Nandakumar and Anil K.Jain ―Multibiometric Cryptosystems Based on Feature-Level Fusion‖ IEEE Transactions on Information forensics and Security, Vol .7,No.1, Feb 2012.

[3 ] Bava Elizabeth Mathew ―Securing Web Services by Iris Recognition System‖, International Journal of Computer Applications, volume 13-No, 7, Jan 2011.

[4 ] Ruchir Choudhry ―Biometrics for Global Web Authentication: an Open Source Java/J2EE-Based Approach‖ International Journal Of computer Theory and Engineering, Vol 3, No.2, Apr 2011.

[5 ] Mandeep Kaur, Akshay Girdhar and Manvjeet Kaur

―Multimodal Biometric System Using speech and Signature‖ International Journal of Computer Applications .Vol 5 - No. 12, Aug 2010.

(6)

International Journal of Emerging Technology and Advanced Engineering

700

[7 ] M.Martinez-Diaz, J.Fierrez, J.Ortega-Garcia, ―Towards mobile authentication using dynamic signature verification: Useful features and performance Evaluation,‖ in Proc.19th Int.Conf.Pattern Recogn., Dec.2008, pp.1-5.

[8 ] Yi Wang, Jiankun Hu, Kai Xi and Vijayakumar Bhagavatula ―Investigating Correlation – Based Fingerprint Authentications Schemes for Mobile Devices Using the J2ME technology‖ International Journal on computer Science and Technology. Vol 6- No.7, Dec 2007.

[9 ] K.Nandakumar, A.K.Jain, and S . Pankanti, Fingerprint-based fuzzy vault: Implementation and performance,‖IEEE Trans. Inf. Forensics Security, vol.2, no 4, pp.744-757, Dec.2007.

[10 ] Y.Wang, J.Hu, and F.Han. Enhanced gradient based algorithm for the estimation of fingerprint orientation fields. Applied Mathematics and Computation, online Aug 2006.