Development of multi factor Authentication using multimodal Biometrics and quick response codes With improved security And accuracy

Abstract

Authentication is the process of ensuring and confirming user’s identity and is usually implemented through a username and password combination when logging into an IT system or application. The various factors for authentication are knowledge, possession, and inherence. In fact, the basis of authentication lies in the principle that without a proper form of identification, a system will not be able to correlate an authentication factor with a specific entity. Many security incidents are happening all over the world. The use of single factor knowledge based authentication system such as username and password is inadequate for protecting against authentication attacks. In this research, authentication based on possession and biometrics have been investigated and five schemes using smart card, QR code, encrypted QR code, sclera vein, and multimodal sclera vein and finger vein have been developed. Authentication based on possession is usually achieved using smart cards. The biometric template of the user is stored in smartcard. The smartcard stores a template of the user's iris and requires the user to present a matching template for authentication. The biometric template stored on the smartcard is susceptible to attacks if stored without any protection. The goal here is to provide biometric template security using cryptography and steganography tools. The iris image is encrypted using chaotic encryption and two steganography methods, scattered LSB embedding and repeated embedding CRC steganography are used to hide the iris image in the facial image of the user. Both the CRC steganography and scattered LSB embedding are superior in terms of PSNR value and MSE value when compared to existing LSB embedding. Between the proposed techniques, CRC steganography is better. As the mobile devices are used widely, an authentication scheme is proposed which makes use of cancellable iris template embedded in QR codes. The proposed scheme converts the iris template into binary information and embeds the cancellable iris code in QR code without the need for watermarking. The combination of iris codes and QR codes provide a faster automatic authentication system. This scheme also addresses the dual random encoding to protect the true iris codes. The main advantage of this scheme is that no user specific key or password needs to be associated with each user. The publicly available iris database collected by the Chinese Academy of Science Institute of Automation, CASIAIrisV1-Interval is used. The False Acceptance Rate (FAR) and False Rejection Rate (FRR) are low and this indicates that the proposed system can be used for personal authentication. As the QR code is not encrypted, the data embedded in it can be stolen. Hence, an encrypted QR code has been developed. To illustrate the use of encrypted QR codes, online banking authentication is used. The One Time Passwords (OTP) are encrypted and embedded in QR codes and displayed to the user in the Bank’s website. An improved authentication scheme OTP-EQR has been developed. The method of encoding the data in QR code is modified such that it is readable only by the corresponding QR code reader with a password. Other QR code reading software will not be able to read the data. The QR code generated using proposed modified encoding and encryption procedure has high entropy, negative correlation coefficient and high mean square error indicating that original image and encrypted QR code are different and hence secure. Both the existing and proposed methods show high entropy and between them, the proposed encryption method is giving higher entropy. Authentication based on biometrics is achieved using novel sclera vessel pattern recognition system. The sclera is the white and opaque protective covering of human eye. The work includes (a) the sclera vessel pattern enhancement using Gabor filter (b) the illumination effects are removed using adaptive thresholding (c) the sclera feature extraction is done using morphological operations and visual description pattern. The main challenges in this work are that the images of sclera vessel patterns are often defocused and saturated and the vessel structure of sclera is multilayered and has complex nonlinear deformations. The experimental results show that the proposed sclera recognition system has higher accuracy and a promising new biometric trait. The novelty of this dissertation is the development of authentication scheme using multimodal biometrics sclera and finger vein. Feature level fusion of finger vein and sclera vein with reduced feature set using neighbourhood elimination technique has been developed. The proposed sclera and finger vein fused template is evaluated using publicly available UBIRIS and SDUMLA-HMT database. The experimental results show that this technique is efficient and provides accurate identity verification than unimodal biometric traits. The FAR, FRR and accuracy values are improved resulting in security improvement of the proposed authentication system. The performance of all the five developed authentication schemes shows improvement in security and accuracy.