ABSTRACTS
In today’s high speed systems
and internet enabled world, millions of transactions occur every minute from
offline transaction to online transaction. For these transactions, data needs
to be readily available for the people who are meant to have access, kept
securely from those who those who should not. Data, the product of the
networked world, has become a near equivalence to concurrency, it holds company
transaction secrets, consumer credit card and numbers, and confidential
executive information. Keeping data from the wrong people is in everyone’s best
interest.
A common method used to keep
data from falling into wrong hands is the use of passwords. This method has
consistently been in the context of challenge and response, a user is promoted
to identify him/her to the system he is trying to access and supply the
password associated with that identity (typically a login name).
A second method used for
securing data and system from wrong people is through the use of biometrics and
this biometrics is the automated use of physiological or behavioral
characteristics to determine or verify an identity. These includes
fingerprints, iris, face recognition, or hand geometry can be used to
authenticate a person.
TABLE
OF CONTENT
Certification i
Dedication ii
Acknowledgement iii
Abstract iv
Table of content v
CHAPTER
ONE
BACKGROUND OF THE STUDY
1.1 INTRODUCTION 1
1.1.1 WHAT IS MULTIFACTOR AUTHENTICATION? 3
1.2 AIMS AND OBJECTIVES 4
1.3 STATEMENT OF PROBLEM 4
1.4 SCOPE OF THE STUDY 5
1.5 RESEARCH METHODOLOGY 5
1.6 DEFINITION OF TERMS 5
CHAPTER
TWO
2.1 INTRODUCTION 7
2.2 TWO-FACTOR AUTHENTICATION (T-FA) OR (2FA) 8
2.2.1 TYPES OF AUTHENTICATION 9
2.2.2
BENEFITS OF TWO-FACTOR AUTHENTICATION 9
2.2.3
CHALLENGE OF TWO-FACTOR AUTHENTICATION 10
2.3 BIOMETRICS 10
2.3.1 PROCESS OF BIOMETRICS SYSTEM 10
2.3.2 ADVANTAGES AND DISADVANTAGES OF BIOMETRIC
TECHNIQUES 12
2.4 FINGERPRINT RECOGNITION 13
2.4.1 HOW FINGERPRINT RECOGNITION WORK 13
2.4.2 USER INFLUENCES ON FINGERPRINT 15
2.4.3 FINGERPRINT RECOGNITION TECHNIQUES 15
2.4.4 CHEAT ON FINGERPRINT 17
2.5 PASSWORD 17
2.5.1
ADVANTAGES OF PASSWORD 17
2.5.2 DISADVANTAGES 18
CHAPTER
THREE
SYSTEM
ANALYSIS AND DESIGN
3.1 APPROACH 19
3.2 SIMULATION TOOL 19
3.3 OBJECTIVE OF THE DEVELOPED SYSTEM 19
3.4 SYSTEM DESIGN ANALYSIS 20
3.5 DATABASE ENTITY RELATIONSHIP DIAGRAM 23
3.6 SIMULATION DEPENDENCIES 24
CHAPTER
FOUR
SYSTEM
IMPLEMENTATION
4.1 SIMULATION MODULE AND USER INTERFACE 25
4.1.1 THE ENROLLMENT MODULE 25
4.1.2 THE VERIFICATION MODULE 28
4.1.3 INFORMATION DISPLAY MODULE 29
CHAPTER
FIVE
RECOMMENDATION
AND CONCLUSION
5.1 RECOMMENDATION 30
5.2 CONCLUSION 30
REFERENCE 32
APPENDIX 33
CHAPTER
ONE
BACKGROUND
OF THE STUDY
1.1 INTRODUCTION
Authentication is one of the most
important aspects of security. Regardless of how tightly-locked down a system
is, the information is useless without some means of controlling who can access
that data.
Authentication remains a tricky issue for
the primary reason, it must interact with the end user.
Systems administrators, programmers and
other technologically savvy individuals often understand the issues surrounding
authentication and are willing to deal with many of the difficulties inherent
in the process, such as memorizing complicated passwords and passphrases and
using different passwords for each system.
A common method used to keep data from
falling into the wrong hands is the use of passwords. This method has consistently
been in the context of challenge and response: a user is prompted to identify
himself to the system he is trying to access and supply the password associated
with identity (typically a login name). This process is one based on knowledge
or possession, that is, if one knows/has the password then he is granted
access. With this system structure, it is easy for anyone to gain access to
data if they are given or can possible guess the right information. For each
system they have access to and remember these password.
A second method of securing data and
system is through the use of biometrics.
Biometrics is defined as the “automated
use of physiological or behavioral characteristics to determine or verify
identity” for example fingerprints, iris, face, or hand geometry can be used to
authenticate a person. Biometrics shifts the burden of knowledge/possession of
the user and places it on a person’s physical or behavioural characteristics. In
order to access a system that requires the input of biometrics data, the process
becomes “something you are” rather than “something you possess” This shift of
burden from possession to some quality of a person directly ties access to data
with a person’s identity over what person knows. The difference between these
technologies is illustrated in the example that follows: Say, for example, John
is a user of online paycheck system, which allows users to access financial
information after supplying their password. When John picked a password he write
it on a note and stuck it underneath his desk, since he had too many passwords
to remember already. When one of the night-shift workers accidentally
discovered the note, they could easily pose as John and gain access to his
online pay check information. As far as the authentication system is concerned,
a user claimed to be John and password therefore it must be him.
If the paycheck instead used multi-factor
authentication, there may be no need for a password, all John’s transactions
will be more secure. If for instance, biometric is integrated into the system,
after enrollment into the system, John would simply needs to present the
biometric data required (a fingerprint, iris or signature) to gain access.
Since biometric data is unique among individuals he would not have to worry
about other users accessing his account.
With a biometric system, people attempting
to gain access cannot guest (or learn) something that will give them access.
Only users who have been enrolled in the system will be given access after they
have presented their biometric data and verified. That is not to say biometrics
does not have it own draw backs.
In summary, integrating different factors
of authentication into authentication system result in a high degree of
certainty of a person’s identity. This confidence and accountability leads to
more security, resulting in cost savings and reduced risk of financial loss for
individuals and companies. Consequently, in this paper we shall focus more on
two-factor authentication (T-FA).
1.1.1WHAT
IS MULTIFACTOR AUTHENTICATION?
Definition:
Multifactor Authentication System (MFA) is a security system control that
requires more than one form of authentication to verify the authenticity and
legitimacy of a user (wapedia.mobi, 2005).
In a multifactor authentication system,
Authentication basically consists of verifying and validating the authenticity
of a user/identity using more than one form of validation mechanism.
Authentication factor that depend on more
than one factor is difficult to compromise.
One problem with multi-factor
authentication generally is the lack of understanding of what constitute “true”
multi-factor authentication. Supplying a user name (“something the user knows”)
and password is single factor authentication, despite the use of multiple
pieces of distinct information. Adding a visual image (more of “something the
user knows”) is still single-factor authentication. [wapedia.mobi, 2005]
In an authentication system, multifactor
means that there are more than one of the authentication factors being used. An
authentication factor is a piece of information and process used to
authenticate or verify the identity of a person or other entity requesting
access under security constrains. Multifactor authentication consists of
verifying and validating the authenticity of an identity using more than one
validation mechanism. Authentication factors apply for a procedure of
authentication a user as an individual with definitive granted access right
[Bruce Schneirer, March 2005] there are two different factor types for
authentication:
·
Something the user has (e.g ATM card,
John’s card)
·
Something the user knows (e.g password,
PIN);
·
Something the user is (e.g., biometric
characteristic, such as fingerprint)
Authentication method that depend on more
than one factor are more difficult to compromise than single-factor method; the
success of which depends on more than the technology. It also depends on
appropriate policies, procedures and control.
1.2 AIMS AND OBJECTIVES
The purpose of this project is to consider
a subset of multifactor authentication (two factor authentication) as against
the normal single factor authentication with the inclusion of biometric to
authenticate and verify the identity of a user using finger print before access
is granted to the system.
1.3 STATEMENT OF PROBLEM
Among the two factor authentication in
existence, the combination of “what you have” and” what you know” factors are
the most common over the years. This approach has been subjected to different attacks
which has actually exposed its weakness. Some of the attacks are: Bruce force,
Shoulder surfing, Spyware, Dictionary attack etc.
However the inclusions of who you are
factor actually solve most of the problem posed by many of the threat.
1.4 SCOPE OF THE STUDY
This project will involve the simulation
of two factor authentication system to establish it strength over single factor
authentication, using fingerprint as a case study of authentication which
refers to the automated method of verifying a match between two human
fingerprints. Fingerprints are one of many forms of biometrics used to identify
individuals and verify their identity.
1.5 RESEARCH METHODOLOGY
To bring this paper to reality, the method
employed in collecting necessary information includes:
Surfing the internet for latest
information and current thesis on the issue of authentication. Observation of
various authentication systems where multifactor concept is adopted.
1.6 DEFINITION OF TERMS
Brute
force: this is an attack in which possible passwords are
guessed at random until a working password is discovered.
Shoulder
surfing: this is the process by which an attacker steal a
password by observing its entry.
Spyware:
it is a software that records information about users, usually without their
knowledge. In a typical case, users unintentionally install spyware when they
visit certain websites or install unapproved software. Spyware may be used in
conjunction with social engineering techniques to trick users into installing
the spyware. The software then spies on the user’s sensitive data.
Dictionary
Attack: A dictionary attack is a technique for defeating
authentication mechanism by trying to determine its passphrase by searching a
large number of possibilities. In contrast to a brute force attack, where all
possibilities are searched through exhaustively, a dictionary attack only tries
possibilities which are most likely to success, typically derived from a list
of words in a dictionary.
Login To Comment