SlideShare une entreprise Scribd logo

Framework for analyzing template security and privacy in biometric authentication systems

Télécharger en tant que DOCX, PDF
N
nithyakarunanithi
1  sur  5
A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems Abstract: Biometric template protection arises to prevent an attacker to compromise privacy of users or biometric data and not necessarily to thwart bypassing of the biometric authentication itself. The project analyzes the vulnerabilities of biometric authentication protocols with respect to user and data privacy. The goal is to emphasize that when going beyond the usual honest-but- curious assumption much more complex attacks can affect the privacy of data and users. Biometric authentication protocols that are found in the literature are usually designed in the honest-but-curious model assuming that there are no malicious insider adversaries. There are still a number of problems that must be solved before fully anonymous biometric authentication can be achieved. Many attacks succeed because transactions can be duplicated or manipulated. The project introduces a logical distinction in functionality and promotes a distributed implementation of these functionalities as a baseline to ensure the protection of biometric data. The framework models the internal components of a biometric system into four logical entities, namely the sensor, the authentication server, the database and the matcher. This is an important aspect as a system without any separation between these entities would not be able to ensure the highest privacy properties against internal adversaries such as malicious administrators. In this proposed system we achieve data privacy by analyzing the vulnerabilities of biometric authentication protocols, and elaborate the analysis on a general system model involving four logical entities such as sensor, server, database, and matcher, then introduce a new comprehensive framework that encompasses the various schemes.
EXISTING SYSTEM:  In this existing system , we analyze the vulnerabilities of biometric authentication protocols with respect to user and data privacy.  The goal of an adversary in such context is not to bypass the authentication but to learn information either on biometric data or on users that are in the system.  We elaborate our analysis on a general system model involving four logical entities (sensor, server, database, and matcher), and we focus on internal adversaries to encompass the situation where one or a combination of these entities would be malicious.  Our goal is to emphasize that when going beyond the usual honest-but-curious assumption much more complex attacks can affect the privacy of data and users. Disadvantages: 1) Some attacks have a low complexity, e.g., linear in the size of the references. 2) That the objective of this work is to demonstrate that existing solutions suffer from certain weaknesses. 3) The vulnerabilities of biometric authentication protocols with respect to user and data privacy. 4) The existing method show very less performance in authentication. PROPOSED SYSTEM :  In this proposed system ,we introduce a new comprehensive framework that encompasses the various schemes we want to look at. It presents a system model in which each internal entity or combination of entities is a potential attacker.
 Different attack goals are considered and resulting requirements on data flows are discussed. On the other hand, we develop different generic attacks.  We follow a blackbox approach in which we consider components that perform operations on biometric data but where only the input/output behavior is analyzed.  These attack strategies are exhibited on recent schemes such as the distributed protocol of Bringer et al. (ACISP 2007), which is based on the Goldwasser–Micali cryptosystem, the related protocol of Barbosa et al. (ACISP 2008), which uses the Paillier cryptosystem, and the scheme of Stoianov (SPIE 2010), that features the Blum–Goldwasser cryptosystem.  All these schemes have been developed in the honest-but-curious adversary model and show potential weaknesses when considered in our malicious insider attack model. Advantages: 1) Biometric authentication protocols that are found in the literature are usually designed in the honest-but-curious model assuming that there are no malicious insider adversaries. 2) Such analysis is extremely relevant in the context of independent database providers. Much attention was given to an authentication server attacker, which is a central and powerful entity in our model. 3) To prevent the attacks that were presented, stronger enforcement of the protocol design is needed: many attacks succeed because transactions can be duplicated or manipulated. 4) This is the case for the decomposed reference attack, which particularly targets bit-wise or feature-wise encryptions. The motivation for applying encryption on the feature level is to benefit from the homomorphic properties of the applied cryptosystem. As a consequence,better cryptographic primitives are needed that allow performing computations on encrypted data without allowing to attack individual features.
System Specification: Hardware Requirements: Processor : Pentium –III Speed : 1.1 GHz RAM : 256 MB(min) Hard Disk : 20 GB Floppy Drive : 1.44 MB Key Board : Standard Windows Keyboard Mouse : Two or Three Button Mouse Monitor : SVGA Software Requirements Operating system : Windows 07& XP Front End : Visual Studio 2008, ASP.net, C# Backend : SQL Server 2005
SYSTEM ARCHITECTURE :

Recommandé

A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Stayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newStayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newTristanmillerr
 
Stayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newStayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newshyaminfo17
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
Analysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesAnalysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesKaashivInfoTech Company
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newmatthewtaylorliam12
 
Handy penetration testing tools
Handy penetration testing toolsHandy penetration testing tools
Handy penetration testing toolsMindfire LLC
 

Recommandé

A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Stayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newStayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newTristanmillerr
 
Stayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newStayer cis 349 final exam guide set 1 new
Stayer cis 349 final exam guide set 1 newshyaminfo17
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
Analysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesAnalysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesKaashivInfoTech Company
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newmatthewtaylorliam12
 
Handy penetration testing tools
Handy penetration testing toolsHandy penetration testing tools
Handy penetration testing toolsMindfire LLC
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Papitha Velumani
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attackSecurity evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attackShakas Technologies
 
DM for IDS
DM for IDSDM for IDS
DM for IDSNesma Mahmoud
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newuopassignment
 
Overview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityOverview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityGary Manley, MA, PMP
 
Ch19
Ch19Ch19
Ch19Joe Christensen
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 neweyavagal
 
Vulnerability
VulnerabilityVulnerability
VulnerabilityMohit Dholakiya
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemAM Publications
 
Ch18
Ch18Ch18
Ch18Joe Christensen
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesSahithi Naraparaju
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti... a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti...ZTech Proje
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxSandeep Maurya
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Yashwanth Reddy
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...IRJET Journal
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 

Contenu connexe

Tendances

Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Papitha Velumani
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attackSecurity evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attackShakas Technologies
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newuopassignment
 
Overview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityOverview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityGary Manley, MA, PMP
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 neweyavagal
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemAM Publications
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 

Tendances (14)

Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attackSecurity evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack
 
DM for IDS
DM for IDSDM for IDS
DM for IDS
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 new
 
Overview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityOverview of Microsoft Sql Server Security
Overview of Microsoft Sql Server Security
 
Ch19
Ch19Ch19
Ch19
 
Uop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 newUop cis 349 final exam guide set 1 new
Uop cis 349 final exam guide set 1 new
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection System
 
Ch18
Ch18Ch18
Ch18
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data Mining
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system new
 

Similaire à Framework for analyzing template security and privacy in biometric authentication systems

documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesSahithi Naraparaju
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti... a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti...ZTech Proje
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxSandeep Maurya
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Yashwanth Reddy
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...IRJET Journal
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detectionUltraUploader
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
IRJET- A Review on Security Attacks in Biometric Authentication Systems
IRJET- A Review on Security Attacks in Biometric Authentication SystemsIRJET- A Review on Security Attacks in Biometric Authentication Systems
IRJET- A Review on Security Attacks in Biometric Authentication SystemsIRJET Journal
 
IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...
IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...
IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...IEEEFINALYEARSTUDENTPROJECTS
 
2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...
2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...
2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...IEEEMEMTECHSTUDENTSPROJECTS
 
Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Nitish Bhardwaj
 
Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Nitish Bhardwaj
 
Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Nitish Bhardwaj
 

Similaire à Framework for analyzing template security and privacy in biometric authentication systems (20)

documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemes
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountability
 
a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti... a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti...
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detection
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
IRJET- A Review on Security Attacks in Biometric Authentication Systems
IRJET- A Review on Security Attacks in Biometric Authentication SystemsIRJET- A Review on Security Attacks in Biometric Authentication Systems
IRJET- A Review on Security Attacks in Biometric Authentication Systems
 
IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...
IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...
IEEE 2014 JAVA DATA MINING PROJECTS Secure mining of association rules in hor...
 
2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...
2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...
2014 IEEE JAVA DATA MINING PROJECT Secure mining of association rules in hori...
 
Pp1t
Pp1tPp1t
Pp1t
 
Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
 
Pp1t
Pp1tPp1t
Pp1t
 
Pp1t
Pp1tPp1t
Pp1t
 
Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
 
Pp1t
Pp1tPp1t
Pp1t
 
Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
 

Framework for analyzing template security and privacy in biometric authentication systems

  • 1. A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems Abstract: Biometric template protection arises to prevent an attacker to compromise privacy of users or biometric data and not necessarily to thwart bypassing of the biometric authentication itself. The project analyzes the vulnerabilities of biometric authentication protocols with respect to user and data privacy. The goal is to emphasize that when going beyond the usual honest-but- curious assumption much more complex attacks can affect the privacy of data and users. Biometric authentication protocols that are found in the literature are usually designed in the honest-but-curious model assuming that there are no malicious insider adversaries. There are still a number of problems that must be solved before fully anonymous biometric authentication can be achieved. Many attacks succeed because transactions can be duplicated or manipulated. The project introduces a logical distinction in functionality and promotes a distributed implementation of these functionalities as a baseline to ensure the protection of biometric data. The framework models the internal components of a biometric system into four logical entities, namely the sensor, the authentication server, the database and the matcher. This is an important aspect as a system without any separation between these entities would not be able to ensure the highest privacy properties against internal adversaries such as malicious administrators. In this proposed system we achieve data privacy by analyzing the vulnerabilities of biometric authentication protocols, and elaborate the analysis on a general system model involving four logical entities such as sensor, server, database, and matcher, then introduce a new comprehensive framework that encompasses the various schemes.
  • 2. EXISTING SYSTEM:  In this existing system , we analyze the vulnerabilities of biometric authentication protocols with respect to user and data privacy.  The goal of an adversary in such context is not to bypass the authentication but to learn information either on biometric data or on users that are in the system.  We elaborate our analysis on a general system model involving four logical entities (sensor, server, database, and matcher), and we focus on internal adversaries to encompass the situation where one or a combination of these entities would be malicious.  Our goal is to emphasize that when going beyond the usual honest-but-curious assumption much more complex attacks can affect the privacy of data and users. Disadvantages: 1) Some attacks have a low complexity, e.g., linear in the size of the references. 2) That the objective of this work is to demonstrate that existing solutions suffer from certain weaknesses. 3) The vulnerabilities of biometric authentication protocols with respect to user and data privacy. 4) The existing method show very less performance in authentication. PROPOSED SYSTEM :  In this proposed system ,we introduce a new comprehensive framework that encompasses the various schemes we want to look at. It presents a system model in which each internal entity or combination of entities is a potential attacker.
  • 3.  Different attack goals are considered and resulting requirements on data flows are discussed. On the other hand, we develop different generic attacks.  We follow a blackbox approach in which we consider components that perform operations on biometric data but where only the input/output behavior is analyzed.  These attack strategies are exhibited on recent schemes such as the distributed protocol of Bringer et al. (ACISP 2007), which is based on the Goldwasser–Micali cryptosystem, the related protocol of Barbosa et al. (ACISP 2008), which uses the Paillier cryptosystem, and the scheme of Stoianov (SPIE 2010), that features the Blum–Goldwasser cryptosystem.  All these schemes have been developed in the honest-but-curious adversary model and show potential weaknesses when considered in our malicious insider attack model. Advantages: 1) Biometric authentication protocols that are found in the literature are usually designed in the honest-but-curious model assuming that there are no malicious insider adversaries. 2) Such analysis is extremely relevant in the context of independent database providers. Much attention was given to an authentication server attacker, which is a central and powerful entity in our model. 3) To prevent the attacks that were presented, stronger enforcement of the protocol design is needed: many attacks succeed because transactions can be duplicated or manipulated. 4) This is the case for the decomposed reference attack, which particularly targets bit-wise or feature-wise encryptions. The motivation for applying encryption on the feature level is to benefit from the homomorphic properties of the applied cryptosystem. As a consequence,better cryptographic primitives are needed that allow performing computations on encrypted data without allowing to attack individual features.
  • 4. System Specification: Hardware Requirements: Processor : Pentium –III Speed : 1.1 GHz RAM : 256 MB(min) Hard Disk : 20 GB Floppy Drive : 1.44 MB Key Board : Standard Windows Keyboard Mouse : Two or Three Button Mouse Monitor : SVGA Software Requirements Operating system : Windows 07& XP Front End : Visual Studio 2008, ASP.net, C# Backend : SQL Server 2005