A Method to Improve the Security Level of ATM Banking Systems using AES Algorithm

CERTIFICATE,,,,

The seminar Report entitled ATM using for finger Print submitted by Rakesh Paniya (11EARIT044) have been examined by us and is hereby approved for carrying out the project leading to the award of Degree Bachelor of Technology in Information Technology. By this approval the undersigned does not necessarily endorse or approve any statement made, opinion expresses or conclusion withdrawn therein, but approve the pursuance of seminar only for the mentioned purpose. Head of Department Seminar Coordinator: Er. Akhil Pandey Er. Sandeep Tomar

ACKNOWLEDGEMENT I would like to express my sincere thanks to Mr. Anurag Agrawal, Chairman, Arya Group of Colleges for providing us with an opportunity to take a minor seminar and helping me with all the resources needed for effective development of the project. I am grateful to Mr. Akhil Pandey, Head of Department (Information Technology), Arya College of Engineering & I.T, Jaipur and all the faculty members for extending their valuable suggestions and their encouragement and cooperation have been a source of great inspiration. I am also very thankful to our project coordinator Mr. Sandeep Tomar for their constant guidance right from the inception till the successful completion of seminar. I sincerely acknowledge them for extending their valuable guidance, support of literature, critical reviews of project and the report and above all the moral support they had provided us with all stages of this seminar. RAKESH PANIYA

Table of Content Sr. Number Chapters Page Number

1 2 3 4 5 Abstract Chapter 1: Introduction Chapter 2: Literature Survey Chapter 3: Existing Work in this Field Chapter 4: Proposed Work Chapter 5: Conclusion & Future Work References 1 2-3 4-10 11-19 20-29 30 31

4 4 6 ABSTRACT An embedded Crypto-Biometric authentication scheme for ATM banking systems is proposed in our paper. In this scheme, cryptography and biometric techniques are fused together for person authentication to ameliorate the security level. The fingerprint template including singular points, frequency of ridges and minutiae are stored at the central banking server when enrollment. At the time of transaction fingerprint image is acquired at the ATM terminal using high resolution fingerprint scanner. The fingerprint image is enhanced and then encrypted using 128 bit private key algorithm. The encrypted image is transmitted to the central server via secured channel. At the banking terminal the image is decrypted using the same key. Based on the decrypted image, minutiae extraction and matching are performed to verify the presented fingerprint image belongs to the claimed user. The authentication is signed if the minutiae matching are successful. The proposed scheme is fast and more secure. Computer simulations and statistical analysis are presented.

CHAPTER 1. INTRODUCTION Biometrics based authentication is a potential candidate to replace password-based authentication. Among all the biometrics, fingerprint based identification is one of the most mature and proven technique. Cryptography provides the necessary tools for accomplishing secure and authenticated transactions [3]. It not only protects the data from theft or alteration, but also can be used for user authentication. In a conventional cryptographic system, the user authentication is possession based. The weakness of such authentication systems is that it cannot assure the identity of the maker of a transaction; it can only identify the makers belongings (cards) or what he remembers (passwords, PINs etc.) Automatic biometric authentication is an emerging field to address this problem. Fingerprint authentication is the most popular method among biometric authentication. However, it is infeasible to encrypt such a large volume of image using conventional cryptography for the purpose of centralized fingerprint matching [6]. A strong interest in biometric authentication is to integrate encryption key with biometrics.The project aims at developing a novel crypto-biometric authentication scheme in ATM banking systems. It mainly reduces the accessing time, when compared with manual based banking system. ATMs are now a normal part of daily life, it explores the accessibility barriers that ATMs present to people with a variety of disabilities, particularly examining the access barriers experienced by the people who are blind, vision impaired or who have reading, learning or intellectual disabilities.

Together with the development of biometric authentication, integrated biometrics and cryptosystems has also been addressed. Biometric authentication in our paper is image based. For remote biometric authentication, the images need to be encrypted before transmitted. Chaotic map used in image encryption has been studied. The permutation of pixels, the substitution of gray level values, and the diffusion of the discretized map can encrypt an image effectively. In this paper, an embedded crypto-biometric authentication protocol is proposed. The fingerprint image acquired from the user is encrypted in the ATM terminal for authentication. The encrypted image is then transmitted over the secured channel to the central banking terminal. In the banking terminal fingerprint image is decrypted. The decrypted image is compared with the fingerprint templates. The authentication is valid if the minutiae matching are successful. The organization of the paper is given as follows: Section 2 deals with description of the new embedded crypto-biometric authentication protocol. Section 3 provides the concepts of Encryption and Decryption algorithms. Generation of encryption key is studied in Section 4. Simulation and evaluation of the encryption scheme is conducted in Section5. Conclusions are presented in Section 6. Here in this project we are going provide the at most security since it is taking the FINGER PRINTS as the authentication for our account. So whenever we want to access our account first we have to press the finger on the finger print scanner. Scanner is interfaced to the micro controller with the serial interfacing. The micro controller reads the data from the scanner. The micro controller allows those users, who are authorized to operate the account. If any unauthorized user tries to operate the account the micro controller switches on the security alarm. The total information about the account holders is stored in the EEPROM. Keypad is used to enter the password to operate the account or Locker. In present days, computer becomes a main part of human beings for storing information. This information is up to some extent is a secured one. For example the details of employees and students etc... The authority person may only change the details. For this protection we are going to provide a PASSWORD for the PCs. This is secure up to some extent only because there may be a chance of revealing the password or sometimes the authorized person may forgot the password. So we have to provide security for PCs with a unique and simple to remember identification. One of such identification is the FINGER PRINT. Fingerprint Scanner is a device for computer Security featuring superior performance, accuracy, durability based on unique NITGEN Fingerprint Biometric Technology. Fingerprint Scanner can be plugged into a computer separately with your mouse. Fingerprint Scanner is very safe and convenient device for security. 2. EMBEDDED CRYPTO-BIOMETRIC AUTHENTICATION PROTOCOL Generally, there are two basic fingerprint authentication schemes, namely the local and the centralized matching [11]. In the central matching scheme, fingerprint image captured at the terminal is sent to the central server via the network and then it is matched against the minutiae template stored in the central server. There are three stages in the protocol namely registration, login and authentication. In the registration phase, the fingerprints of ATM users are enrolled and the derived fingerprint templates are stored in the central server. The login phase is performed at an ATM terminal equipped with a fingerprint sensor. The embedded ATM client authentication system is based on fingerprint recognition which is designed after analyzed existed ATM system. The LPC2148 chip is used as the core of these embedded system which is associated with the technologies of fingerprint recognition and current high speed network communication. The primary functions are shown as follows: Fingerprint recognition: The masters' fingerprint information was used as the standards of identification. It must certify the feature of the human fingerprint before using ATM system. Remote authentication: System can compare current client's fingerprint information with remote fingerprint data server. Message alarming: different 4-digit code as a message to the mobile of the authorized customer without any noise, in order to access the Terminal. Two discriminate analysis methods: Besides the fingerprint recognition, the mode of password recognition can be also used for the system.

The proposed block schematic of embedded crypto biometric authentication system is shown in Fig.

Fig. Schematic of embedded crypto biometric authentication system. In the authentication phase, the fingerprint image is then encrypted and transmitted to central server via secured channel. At the banking terminal the image is decrypted using 128 bit private key algorithm [9]. The encrypted image is transmitted to the central server via secured channel. At the banking terminal the image is decrypted using the same key. Based on the decrypted image, minutiae extraction and matching are conducted to verify the presented fingerprint image belongs to the claimed user. The authentication is signed if the minutiae matching are successful. Cryptography provides the necessary tools for accomplishing secure and authenticated transactions [3]. It not only protects the data from theft or alteration, but also can be used for user authentication. In a conventional cryptographic system, the user authentication is possession based. The weakness of such authentication systems is that it cannot assure the identity of the maker of a transaction; it can only identify the makers belongings (cards) or what he remembers (passwords, PINs etc.) Automatic biometric authentication is an emerging field to address this problem. Fingerprint authentication is the most popular method among biometric authentication. However, it is infeasible to encrypt such a large volume of image using conventional cryptography for the purpose of centralized fingerprint matching [6]. A strong interest in biometric authentication is to integrate encryption key with biometrics. The project aims at developing a novel crypto-biometric authentication scheme in ATM banking systems. It mainly reduces the accessing time, when compared with manual based banking system. ATMs are now a normal part of daily life, it explores the accessibility barriers that ATMs present to people with a variety of disabilities, particularly examining the access barriers experienced by the people who are blind, vision impaired or who have reading, learning or intellectual disabilities. Together with the development of biometric authentication, integrated biometrics and cryptosystems has also been addressed. Biometric authentication in our paper is image based. For remote biometric authentication, the images need to be encrypted before transmitted. Chaotic map used in image encryption has been studied [12]. The permutation of pixels, the substitution of gray level values, and the diffusion of the discretized map can encrypt an image effectively. In this paper, an embedded crypto-biometric authentication protocol is proposed. The fingerprint image acquired from the user is encrypted in the ATM terminal for authentication. The encrypted image is then transmitted over the secured channel to the central banking terminal. In the banking terminal fingerprint image is decrypted. The decrypted image is compared with the fingerprint templates. The authentication is valid if the minutiae matching are successful. The organization of the paper is given as follows: Section 2 deals with description of the new embedded crypto-biometric authentication protocol. Section 3 provides the concepts of Encryption and Decryption algorithms. Generation of encryption key [4] is studied in Section 4. Simulation and evaluation of the encryption scheme is conducted in Section5. Conclusions are presented in Section 6. Here in this project we are going provide the at most security since it is taking the FINGER PRINTS as the authentication for our account. So whenever we want to access our account first we have to press the finger on the finger print scanner. Scanner is interfaced to the micro controller with the serial interfacing. The micro controller reads the data from the scanner. The micro controller allows those users, who are authorized to operate the account. If any unauthorized user tries to operate the account the micro controller switches on the security alarm. The total information about the account holders is stored in the EEPROM. Keypad is used to enter the password to operate the account or Locker. In present days, computer becomes a main part of human beings for storing information. This information is up to some extent is a secured one. For example the details of employees and students etc... The authority person may only change the details. For this protection we are going to provide a PASSWORD for the PCs. This is secure up to some extent only because there may be a chance of revealing the password or sometimes the authorized person may forgot the password. So we have to provide security for PCs with a unique and simple to remember identification. One of such identification is the FINGER PRINT. Fingerprint Scanner is a device for computer Security featuring superior performance, accuracy, durability based on unique NITGEN Fingerprint Biometric Technology. Fingerprint Scanner can be plugged into a computer separately with your mouse. Fingerprint Scanner is very safe and convenient device for security. 3.ENCRYPTION AND DECRYPTION ALGORITHMS Encryption is the process of converting plain image into cipher image. Plain image in our paper is the unsecured form of fingerprint image. By using the appropriate keys, plain image is encrypted into cipher image before transmitting through the secured channel. Decryption is the reverse process of encryption. Fingerprint image is recovered (plain image) by using the same key. DES, Triple DES and AES algorithms are the commonly used symmetric key algorithms. Shared key, less time consumption, easy operation and secret key are the merits of symmetric key algorithms. The design of entire system consisted of two part which are hardware and software. The hardware are designed by the rules of embedded system, and the steps of software consisted of three parts. The more details are shown as follows. A. Hardware Design The LPC2148 chip is used as the core of entire hardware. Furthermore, the modules of LCD, keyboard, alarm, fingerprint recognition are connected with the main chip (LPC2148).The EEPROM are also embodied in the system. There are some modules consisted of the system as follows LCD module: The 16X2 is used in this module as a LCD Display, it supported 5x7 matrix keyboard module: It can be used for inputting passwords. Fingerprint recognition module: Nitgen Company's be used as a fingerprint recognition. It has a 100dpi resolution, anti-press, anti-static, anticorrosion. Figure I. The block diagram of hardware Software design The design was component of three parts included the design of main program flow chart, the initializing ones, and the algorithm of fingerprint recognition flow chart. This system of software is implemented by the steps as follows: first of all, the Linux kernel and the File system are loaded into the main chip. The next, the system is initialized to implement specific task, such as checking ATM system, GSM communication and so on, and then each module reset for ready to run commands. Before using ATM terminal, the mobile number and fingerprint of the customer is required. what he remembers (passwords, PINs etc.) Automatic biometric authentication is an emerging field to address this problem. Fingerprint authentication is the most popular method among biometric authentication. However, it is infeasible to encrypt such a large volume of image using conventional cryptography for the purpose of centralized fingerprint matching [6]. A strong interest in biometric authentication is to integrate encryption key with biometrics. The project aims at developing a novel crypto-biometric authentication scheme in ATM banking systems. First the system is required the owner's fingerprint. If all the recognition is right, the system would send password to the Account holder and he will enter the same password in touch screen for accessing the ATM Terminal. If Authentication Failure then it send the alert message to the Account holder and Bank. In the process of inputting fingerprint, the AT77CI04B which is a linear sensor that captures fingerprint images by sweeping the finger over the sensing area, will used for acquiring the image of fingerprint. This product embed true hardware based 8-way navigation and click functions. The fingerprint information will be temporarily stored in SRAM and upload to the remote finger data server to compare through bank network. The result of process will be controlled by main chip(LPC 2148). 3.1 AES Algorithm [13-14] The advanced encryption standard (AES) is a replacement to DES as the federal standard. AES has already received widespread use because of its standard definition, high security and freedom patent entanglements. In cryptography, the Advanced Encryption Standard (AES) is also known as Rijndael algorithm [13]. Unlike its predecessor DES, Rijndael is an iterated block cipher which supports variable block length and key length. Both lengths can be independently specified as 128, 192 or 256 bits. It has a variable number of iterations: 10, 12 and 14 for key lengths of 128, 192 or 256 bits respectively. In this paper, a 128 bit block [14] and key length are assumed, although the design could be adopted without difficulty to other block and key lengths. AES is fast in both software and hardware, relatively easy to implement, and requires little memory. The advanced encryption standard (AES) is a replacement to DES as the federal standard. AES has already received widespread use because of its standard definition, high security and freedom patent entanglements. In cryptography, the Advanced Encryption Standard (AES) is also known as Rijndael algorithm [13]. Unlike its predecessor DES, Rijndael is an iterated block cipher which supports variable block length and key length. Both lengths can be independently specified as 128, 192 or 256 bits. It has a variable number of iterations: 10, 12 and 14 for key lengths of 128, 192 or 256 bits respectively. In this paper, a 128 bit block [14] and key length are assumed, although the design could be adopted without difficulty to other block and key lengths. AES is fast in both software and hardware, relatively easy to implement, and requires little memory.

(a) (b) Fig. AES algorithm (a) Encryption Structure (b) Decryption Structure AES [14] consists of following steps Key Generation

Initial Round Rounds (i) Sub Bytes a non-linear substitution step where each byte is replaced with another according to a lookup table. (ii) Shift Rows a transposition step where each row of the state is shifted cyclically a certain number of steps. (iii) Mix Columns a mixing operation which operates on the columns of the state, combining the four bytes in each column. (iv) AddRoundKey each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule. Final Round (no Mix Columns)

The design of entire system consisted of two part which are hardware and software. The hardware are designed by the rules of embedded system, and the steps of software consisted of three parts. The more details are shown as follows. A. Hardware Design The LPC2148 chip is used as the core of entire hardware. Furthermore, the modules of LCD, keyboard, alarm, fingerprint recognition are connected with the main chip (LPC2148).The EEPROM are also embodied in the system. There are some modules consisted of the system as follows LCD module: The 16X2 is used in this module as a LCD Display, it supported 5x7 matrix keyboard module: It can be used for inputting passwords. Fingerprint recognition module: Nitgen Company's be used as a fingerprint recognition. It has a 100dpi resolution, anti-press, anti-static, anticorrosion. Software design The design was component of three parts included the design of main program flow chart, the initializing ones, and the algorithm of fingerprint recognition flow chart. This system of software is implemented by the steps as follows: first of all, the Linux kernel and the File system are loaded into the main chip. The next, the system is initialized to implement specific task, such as checking ATM system, GSM communication and so on, and then each module reset for ready to run commands. Before using ATM terminal, the mobile number and fingerprint of the customer is required. what he remembers (passwords, PINs etc.) Automatic biometric authentication is an emerging field to address this problem. Fingerprint authentication is the most popular method among biometric authentication. However, it is infeasible to encrypt such a large volume of image using conventional cryptography for the purpose of centralized fingerprint matching [6]. A strong interest in biometric authentication is to integrate encryption key with biometrics. The project aims at developing a novel crypto-biometric authentication scheme in ATM banking systems. First the system is required the owner's fingerprint. If all the recognition is right, the system would send password to the Account holder and he will enter the same password in touch screen for accessing the ATM Terminal. If Authentication Failure then it send the alert message to the Account holder and Bank. The design of fingerprint recognition Fingerprints are one of many forms of biometrics, used to identify individuals and verify their identity. This article touches on two major classes of algorithms and four sensor designs (optical, ultrasonic, passive capacitance, and active capacitance) The analysis of fingerprints for matching purposes generally requires the comparison of several features of the print pattern. These include patterns, which are aggregate characteristics of ridges, and minutia points, which are unique features found within the patterns It is also necessary to know the structure and properties of human skin in order to successfully employ some of the imaging technologies The three basic patterns of fingerprint ridges are the arch, loop, and whorl: arch: The ridges enter from one side of the finger, rise in the center forming an arc, and then exit the other side of the finger. loop: The ridges enter from one side of a finger, form a curve, and then exit on that same side. whorl: Ridges form circularly around a central point on the finger. The first step was the acquisition of fingerprint image by above device mentioned in the algorithm, and the results could be sent to the following process. secondly, preprocessing the images acquired. After obtain the fingerprint image, it must be preprocessing. Generally, pre-processing of one's is filtering, histogram computing, image enhancement and image binarization. Lastly, the characteristic value was extracted, and the results of the above measures would be compared with the information of owner's fingerprint in the database so as to verify whether the character is matched, and then the system returned the results matched or not. Fingerprint recognition identifies people by using the impressions made bythe minute ridge formations or patterns found on the fingertips. Finger printingtakes an image of a person's fingertips and records its characteristics - whorls,arches, and loops are recorded along with patterns of ridges, furrows, and minutiae.Information is processed as an image and further encoded as a computer algorithm.Fingerprint based biometrics has primarily been used to secure entry devices forbuilding door locks and computer network access. A small number of banks usefingerprint readers for authorization at ATMs. Grocery stores are experimentingwith a fingerprint scan checkout that automatically recognizes and bills a registereduser's credit card or debit account. More recent applications of finger recognitioninclude use of fingerprints for voter registration The design was component of three parts included the design of main program flow chart, the initializing ones, and the algorithm of fingerprint recognition flow chart. This system of software is implemented by the steps as follows: first of all, the Linux kernel and the File system are loaded into the main chip. The next, the system is initialized to implement specific task, such as checking ATM system, GSM communication and so on, and then each module reset for ready to run commands. Before using ATM terminal, the mobile number and fingerprint of the customer is required. First the system is required the owner's fingerprint. If all the recognition is right, the system would send password to the Account holder and he will enter the same password in touch screen for accessing the ATM Terminal. If Authentication Failure then it send the alert message to the Account holder and Bank. Global System for Mobile Communication (GSM) is a set of ETSI standards specifying the infrastructure for a digital cellular service. The standard is used in approx. 85 countries in the world including such locations as Europe, Japan and Australia. GSM security issues such as theft of service, privacy, and legal interception continue to raise significant interest in the GSM community. The purpose of this portal is to raise awareness of these issues with GSM security. The mobile communications has become one of the driving forces of the digital revolution. Every day, millions of people are making phone calls by pressing a few buttons. Little is known about how one person's voice reaches the other person's phone that is thousands of miles away. Even less is known about the security measures and protection behind the system. The complexity of the cell phone is increasing as people begin sending text messages and digital pictures to their friends and family. The cell phone is slowly turning into a handheld computer. All the features and advancements in cell phone technology require a backbone to support it. The system has to provide security and the capability for growth to accommodate future enhancements. General System for Mobile Communications, GSM, is one of the many solutions out there. GSM has been dubbed the "Wireless Revolution" and it doesn't take much to realize why GSM provides a secure and confidential method of communication. 4. KEY GENERATION Encryption keys are vital to the security of the cipher, which can be derived in the following three methods: 4.1 Randomly chosen values of pixels and their co-ordinates in raw image Randomly choose 5-10 points in the raw fingerprint image. The vertical and horizontal position of pixels, as well as the gray level values of each point is served as key. MOD operations are performed. The key consists of the remainders and a supplementary digit that makes the sum of key equals to N. For example, in a 256256 gray level fingerprint image, there are five points picked up, their coordinates and pixels values are: (32,21,240); (58,115,175); (135,174,189); (216,172,194); (218,221,236). After conducting mod (40) and mod (10) operations for the coordinates and the gray level values, respectively. The result is: (32,21,0); (18,35,5); (15,14,9); (16,12,4);(18,21,6). The sum of above five groups numbers is Sm=226. At last, a supplementary digit N Sm =256-226=30 is the last digit of the key, where N and Sm denote the size of the image and the sum of the co-ordinates and pixel vales respectively. The encryption key is: {32, 21, 0, 18, 35, 5, 15, 14, 9, 16, 12, 4, 18, 21, 6, 30} Fingerprints: The patterns of friction ridges and valleys on an individual's fingertips are unique to that individual. For decades, law enforcement has been classifying and determining identity by matching key points of ridge endings and bifurcations. Fingerprints are unique for each finger of a person including identical twins. One of the most commercially available biometric technologies, fingerprint recognition devices for desktop and laptop access are now widely available from many different vendors at a low cost. With these devices, users no longer need to type passwords instead, only a touch provides instant access. The identification of a person by their facial image can be done in a number of different ways such as by capturing an image of the face in the visible spectrum using an inexpensive camera or by using the infrared patterns of facial heat emission. Facial recognition in visible light typically model key features from the central portion of a facial image. Using a wide assortment of cameras, the visible light systems extract features from the captured image(s) that do not change over time while avoiding superficial features such as facial expressions or hair. Speaker recognition uses the acoustic features of speech that have been found to differ between individuals. These acoustic patterns reflect both anatomy and learned behavioral patterns . This incorporation of learned patterns into the voice templates has earned speaker recognition its classification as a "behavioral biometric." Speaker recognition systems employ three styles of spoken input: text-dependent, text-prompted and text independent. Most speaker verification applications use text-dependent input, which involves selection and enrollment of one or more voice passwords. Text-prompted input is used whenever there is concern of imposters. The various technologies used to process and store voiceprints include hidden Markov models, pattern matching algorithms, neural networks, matrix representation and decision trees. This technology uses the dynamic analysis of a signature to authenticate a person. The technology is based on measuring speed, pressure and angle used by the person when a signature is produced. One focus for this technology has been e-business applications and other applications where signature is an accepted method of personal authentication. 4.2 From the stable global features of fingerprint image Some global features such as core and delta are highly stable points in a fingerprint, which have the potential to be served as cryptography key. Some byproduct information in the processing of fingerprint image can be used as the encryption key. For example, the Gabor filter bank parameters[7] are: concentric bands is 7, the number of sectors considered in each band is 16, each band is 20 pixels wide; there are 12 ridge between core and delta, the charges of the core and delta point are 4.8138e-001 and 9.3928e001, and the period at a domain is 16. Then the key could be: {7, 16, 20, 12, 4, 8, 13, 8, 9, 39, 28, 27, 1, 16, 50, and 42}. 4.3 Pseudo random number generator based on chaotic map [12] one can use the pseudo-random number generator introduced in [5] to produce the key. Chaotic maps provide excellent security and have many desired cryptographic qualities. They are simple to implement which results in high encryption rates. In chaos based encryption, the method for developing a cipher consists of four steps. Designing the basic map Generalized map Discretized version Extension to three dimensions Starting with M N image with L gray levels (for example, with the image consisting of a black square) after performing k iterations, we obtain M N pseudo random integers in the range [0, L-1]. Majority of traditional random number generators generate the next number in the sequence by following certain deterministic rule, i.e., there is a deterministic relationship between xi and xi 1. The random number generator based on three-dimensional maps is nontraditional because it does not have this property. If more than M N random numbers are needed, we can perform another k iteration of the chaotic map and get another set of M N random numbers. To encrypt a fingerprint image, three to six iterations can hide the image perfectly where each iteration is suggested to use different key. The quality of stream ciphering based on mixing the plaintext with a sequence of pseudo random numbers depends on the following factors: The period of the pseudo random sequence [5].

Randomness properties of the generator. It should be computationally hard to determine the key and the seed based on the knowledge of a finite segment of pseudo-random numbers. Global System for Mobile Communication (GSM) is a set of ETSI standards specifying the infrastructure for a digital cellular service. The standard is used in approx. 85 countries in the world including such locations as Europe, Japan and Australia. GSM security issues such as theft of service, privacy, and legal interception continue to raise significant interest in the GSM community. The purpose of this portal is to raise awareness of these issues with GSM security. The mobile communications has become one of the driving forces of the digital revolution. Every day, millions of people are making phone calls by pressing a few buttons. Little is known about how one person's voice reaches the other person's phone that is thousands of miles away. Even less is known about the security measures and protection behind the system. The complexity of the cell phone is increasing as people begin sending text messages and digital pictures to their friends and family. The cell phone is slowly turning into a handheld computer. All the features and advancements in cell phone technology require a backbone to support it. The system has to provide security and the capability for growth to accommodate future enhancements. General System for Mobile Communications, GSM, is one of the many solutions out there. GSM has been dubbed the "Wireless Revolution" and it doesn't take much to realize why GSM provides a secure and confidential method of communication. The structure of permutations of the pixels suggests that the period of the sequence is very high. This statement needs to be quantified by an asymptotic estimate for the period. This topic is currently under investigation. The third requirement is equivalent to breaking the cipher using cipher text only type of attack. As described before, the complexity of a direct key search increases exponentially as 20.9 N 1. The randomness properties of the proposed random number generator were tested on a 256 256s image with 256 gray levels with the following tests for randomness: Uniformity of distribution test Coupon collectors test Permutation test Poker test Serial pairs test All five tests were satisfied by the sequence of pseudo random numbers obtained from an encrypted image of a black square after nine iterations. The numbers were read in a row-by-row manner. Computer experiments done with other scanning patterns suggest that the properties of the pseudo random sequence do not depend on the scanning pattern. Fingerprint recognition or fingerprint authentication refers tothe automated method of verifying a match between twohuman fingerprints.Fingerprints are a distinctive feature and remain invariant over thelifetime of a subject, except for cuts and bruises. A fingerprint impression isacquired, typically using an inkless scanner. The digital image of thefingerprint includes several unique features in terms of ridge bifurcationsand ridge endings, collectively referred to as minutiae.A fingerprint sensor is an electronic device used to capture a digitalimage of the fingerprint pattern. The analysis of fingerprints for matchingpurposes generally requires the comparison of several features of the printpattern. These include patterns, which are aggregate characteristics of ridges,and minutia points, which are unique features found within the patterns. Advantages _ It is an internal organ that is well protected against damage by a highly transparent and sensitive membrane. This feature makes it advantageous from finger print. _ Flat , geometrical configuration controlled by 2 complementary muscles control the diameter of the pupil makes the iris shape more predictable . _ An iris scan is similar to taking a photograph and can be performed from about 10 cm to a few meters away. _ Encoding and decision-making are tractable . _ Genetic independence no two eyes are the same. DISADVANTAGES _ The accuracy of iris scanners can be affected by changes in lightning. _ Obscured by eyelashes, lenses, reflections. _ Deforms non-elastically as pupil changes size. _ Iris scanners are significantly more expensive than some other form of biometrics. _ As with other photographic biometric technologies, iris recognition is susceptible to poor image quality, with associated failure to enroll rates _ As with other identification infrastructure (national residents databases, ID cards, etc.), civil rights activists have voiced concerns that iris-recognition technology might help governments to track individuals beyond their will.

5.SIMULATION, STATISTICAL AND STRENGTH ANALYSIS In this section, the proposed encryption scheme is tested. Simulation results and its evaluation are presented. 5.1 Simulations The gray level fingerprint image is shown Fig.3(a). The first 3D permutation is performed with the key {32, 21, 0, 18, 35, 5, 15, 14, 9, 16, 12, 4, 18, 21, 6, 30}. After first round of 3D permutation, the encrypted fingerprint image is shown in Fig.3(b). The second round permutation is performed with the key {7, 16, 20, 12, 4, 8, 13, 8, 9, 39, 28, 27, 1, 16, 50, 42}. After that, the image is shown in Fig.3(c). The third round permutation is finished with a key {1, 23, 8, 19, 32, 3, 25, 12, 75, 31, 4, 10, 14, 5, 25, 13}. After this, the image is shown in Fig.3(d), which is random looking.

(a) (b)

(c) (d) Fig. 3 Fingerprint and the encrypted image. (a) Original image; (b) One round of iteration; (c) Two rounds of iterations; (d) Three rounds of iterations. 5.2 Statistical and Cryptographic Strength Analysis Statistical analysis. The histogram of original fingerprint image is shown in Fig.4 (a). After 2D chaotic mapping, the pixels in fingerprint image can be permuted, but as the encrypted fingerprint image has the same gray level distribution and same histogram as in Fig.4 (a). As introduced in Section 4, 3D chaotic map [11] can change the gray level of the image greatly. After one round and three rounds of 3D substitution, the histograms are shown in Fig.4(b) and (c) respectively, which is uniform, and has much better statistic character, so the fingerprint image can be well hidden. (a) (b) (c) Fig. 4 Histograms of fingerprint image and the encrypted image. (a) Original fingerprint image; (b) One round of 3D iteration; (c) Three rounds of 3D iterations. The cipher technique is secure with respect to a known plaintext type of attack. With the diffusion methodology, the encryption technique is safe to cipher text type of attack. As the scheme proposed in this paper use different keys in different rounds of iterations, and the length is not constrained, it can be chosen according to the developers need. Some global features such as core and delta are highly stable points in a fingerprint, which have the potential to be served as cryptography key. Some byproduct information in the processing of fingerprint image can be used as the encryption key. For example, the Gabor filter bank parameters[7] are: concentric bands is 7, the number of sectors considered in each band is 16, each band is 20 pixels wide; there are 12 ridge between core and delta, the charges of the core and delta point are 4.8138e-001 and 9.3928e001, and the period at a domain is 16. Although there are hundreds of reported techniques for fingerprint detection, many of these are only of academic interest and there are only around 20 really effective methods which are currently in use in the more advanced fingerprint laboratories around the world. Some of these techniques, such as ninhydrin, diazafluorenone and vacuum metal deposition, show great sensitivity and are used operationally. Some fingerprint reagents are specific, for example ninhydrin or diazafluorenone reacting with amino acids. Others such as ethyl cyanoacrylate polymerisation, work apparently by water-based catalysis and polymer growth. Vacuum metal deposition using gold and zinc has been shown to be non-specific, but can detect fat layers as thin as one molecule. More mundane methods, such as the application of fine powders, work by adhesion to sebaceous deposits and possibly aqueous deposits in the case of fresh fingerprints. The aqueous component of a fingerprint, whilst initially sometimes making up over 90% of the weight of the fingerprint, can evaporate quite quickly and may have mostly gone after 24 hours. Following work on the use of argon ion lasers for fingerprint detection,[24] a wide range of fluorescence techniques have been introduced, primarily for the enhancement of chemically-developed fingerprints; the inherent fluorescence of some latent fingerprints may also be detected. The most comprehensive manual of the operational methods of fingerprint enhancement is published by the UK Home Office Scientific Development Branch and is used widely around the world.[25] Research The International Fingerprint Research Group (IFRG) which meets biennially, consists of members of the leading fingerprint research groups from Europe, the US, Canada, Australia and Israel and leads the way in the development, assessment and implementation of new techniques for operational fingerprint detection. One problem for the early twenty-first century is the fact that the organic component of any deposited material is readily destroyed by heat, such as occurs when a gun is fired or a bomb is detonated, when the temperature may reach as high as 500 C. Encouragingly, however, the non-volatile inorganic component of eccrine secretion has been shown to remain intact even when exposed to temperatures as high as 600 C. A technique has been developed that enables fingerprints to be visualised on metallic and electrically conductive surfaces without the need to develop the prints first.[26] This technique involves the use of an instrument called a scanning Kelvin probe (SKP), which measures the voltage, or electrical potential, at pre-set intervals over the surface of an object on which a fingerprint may have been deposited. These measurements can then be mapped to produce an image of the fingerprint. A higher resolution image can be obtained by increasing the number of points sampled, but at the expense of the time taken for the process. A sampling frequency of 20 points per mm is high enough to visualise a fingerprint in sufficient detail for identification purposes and produces a voltage map in 23 hours. As of 2010, this technique had been shown to work effectively on a wide range of forensically important metal surfaces including iron, steel and aluminium. While initial experiments were performed on flat surfaces, the technique has been further developed to cope with irregular or curved surfaces, such as the warped cylindrical surface of fired cartridge cases. Research during 2010 at Swansea University has found that physically removing a fingerprint from a metal surface, for example by rubbing with a tissue, does not necessarily result in the loss of all fingerprint information from that surface. The reason for this is that the differences in potential that are the basis of the visualisation are caused by the interaction of inorganic salts in the fingerprint deposit and the metal surface and begin to occur as soon as the finger comes into contact with the metal, resulting in the formation of metalion complexes that cannot easily be removed.

6. CONCLUSION An embedded Crypto-Biometric authentication scheme for ATM banking systems has been proposed. The claimed users fingerprint is required during a transaction. The fingerprint image is encrypted via 3D chaotic map as soon as it is captured, and then transmitted to the central server using symmetric key algorithm [14]. The encryption keys are extracted from the random pixel distribution in a raw image of fingerprint, some stable global features of fingerprint and/or from pseudo random number generator. Different rounds of iterations use different keys. At the banking terminal the image is decrypted using the same key. Based on the decrypted image, minutiae extraction and matching are performed to verify the presented fingerprint image belongs to the claimed user. Future work will focus on the study of stable features (as part of encryption key) of fingerprint image, which may help to set up a fingerprint matching dictionary so that to narrow down the workload of fingerprint matching in a large database. The design of ATM terminal system based on finger print recognition took advantages of the stability and reliability of fingerprint characteristics, a new biological technology based on the image enhancement algorithm of Gabor and direction filter. Additional, the system also contains the original verifying methods which was inputting owner's password. The security features were The design of ATM terminal system based on finger print recognition took advantages of the stability and reliability of finger print characteristics, a new biological technology based on the image enhancement algorithm of Gabor and direction filter. Additional, the system also contains the original verifying methods which was inputting owner's password. The security features were

REFERENCES [1] F.Han, J.Hu, X.Yu, Feng, Zhou: A novel hybrid cryptobiometric authentication scheme for ATM based banking applications, Springer-Verlag Berlin Heidelberg, (2005) 675-681. [2] F.Han, J.Hu, X.Yu, Feng, Zhou: A New Way of Generating Grid-Scroll Chaos and its Application to Biometric Authentication, IEEE, (2005) 61-66. [3] U.Uludag, S.Pankanti, S.Prabhakar andA. K.Jain, Biometric cryptosystems: Issue and challenges, Proceedings of the IEEE, vol.92, no.6, 2004, pp.948960. [4] S. Hoque, M. Fairhurst, G. Howells and F. Deravi, Feasibility of generating biometric encryption keys, Electronics Letters, vol. 41, no.6, 2005, pp.29-30. [5] Fridrich, J.: Symmetric Ciphers Based on twodimensional chaotic maps, Int. J. Bifurcation and Chaos, 8 (1998) 1259-1284 [6] Zhou, J., Gu, J.: A model-based method for the computation of fingerprints orientation field, IEEE Trans. on Image Processing, 13 (2004) 821-835 [7] Jain, A.K., Prabhakar, S., Hong, L., Pankanti, S.:Filterbank-based fingerprint matching, IEEE Trans. on Image Processing, 9 (2000) 846-859 [8] Jain, A.K., Prabhakar S., Hong, L.: A multichannel approach to fingerprint classification, IEEE Trans. on Pattern Anal. Machine Intell., 21 (1999) 348-359 [9] Chen, G., Mao, Y., Chui, C.: A symmetric encryption scheme based on 3D chaotic cat map, Chaos, Solitons & Fractals, 21 (2004) 749-761 [10] Uludag, U., Ross, A., Jain, A.K.: Biometric template selection and update: a case study in fingerprints, Pattern Recognit., 37 (2004) 1533-1542 [11] Kocarev, L. Jakimoski, G., Stojanovski T., Parlitz, U.: From chaotic maps to encryption schemes, Proc. IEEE Sym. Circuits and Syst., 514-517, Monterey, California, June (1998) [12] Ratha, N.K, Karu, K. Chen, S., Jain, A.K.: A real-time matching system for large fingerprint databases, IEEE Trans. on Pattern Anal. Machine Intell., 18 (1996) 799- 813 [13] J. Daemen, V. Rijmen, ``the Block Cipher Rijndael,'' Smart Card Research and Applications, LNCS 1820, J.J. Quisquater and B. Schneier, Eds., Springer-Verlag, 2000, pp. 277-284. [14] J. Daemen and V. Rijmen, ``Rijndael, the advanced encryption standard,'' Dr. Dobb's Journal, Vol.~26, No.~3, March 2001, pp.~137--139. 8 8 34