project chou

8/3/2019 Project Chou

1/67

1

SECURE MODIFICATION TO A FILE PROTECTION SYSTEM THAT USES A

FINGERPRINT IDENTIFICATION TECHNIQUE

___________________

A Project

Presentedto the Faculty of

California State University, Chico

___________________

In partial Fulfillment

of the Requirements for the Degree

Master of Science

in

Computer Science

___________________

by

Shi-Hsun Chou 2003

Fall 2003


2/67

2

ACKNOWLEDGMENTS

I would like to express my gratitude to the entire faculty and staff of the

Department of Computer Science, College of Engineering, Computer Science, and

Technology at California State University, Chico.

I am most grateful to my two professors, Dr. Benjoe A. Juliano and Dr. Tyson

R. Henry, for their valuable advice, understanding, and suggestions. I also want to thank

Dr. Juliano for giving me many useful ideas and thoughtful comments which enhanced

my ideas for this project.

Moreover, I want to express my appreciation to Leahsin Technologies, Inc.,

for letting me use their product, Fingerprint Reader, in this project.

Thank you to all my friends for their moral support, kindness, and friendship.

Also, I would like to give special thanks to my family, especially my mother, for their

endless encouragement and love. And, to my wonderful girlfriend, Kimmy, thanks for

always being there for me with boundless patience, love, and tenderness.


3/67

3

ABSTRACT

SECURE MODIFICATION TO A FILE PROTECTION SYSTEM THAT USES A

FINGERPRINT IDENTIFICATION TECHNIQUE

by

Shi-Hsun Chou 2003

Master of Science in Computer Science

Summer 2003

This projects objective will be to modify an existing fingerprint identification

and encryption system so it provides the highest security possible for individual or group

access to sensitive documents or files in a more user friendly way. The project s target

audience is top management, executive members, and/or scientists of a company. The

main purpose is to help a company maintain the highest security for a document or file in

a convenient and safe way. By just using a fingerprint together with a login ID and

system password, a user can access the chosen document or file.


4/67

4

CHAPTER I

INTRODUCTION

Motivation

The rapid and continuous development of technology in the last few years has

led to an increase in computer usage. According to information from the U.S. Census

Bureau, half of the households in the U.S. use computers today [1]. This figure has

increased steadily as more and more people use computers for everyday tasks.

However, the convenience and speed of the Internet creates more security

problems. People are afraid that someone could steal their data or hack into their systems.

Data security has become an important issue. Experts are continuously developing

different methods to stop these illegal activities.

Purpose of this Project

This project focuses on data security. Nowadays, the most common way to

secure data is to use a firewall. A firewall is software that prevents unauthorized users

from accessing a computer and its files [2]. Companies large and small and individuals

set up firewalls to protect their data. However, a firewall may not be enough to stop

determined computer hackers and criminals. Experts are trying to find a solution for this

problem. Biometric technology is providing the best solution so far.


5/67

5

Biometrics is the science and technology of measuring and statistically analyzing

biological data. In information technology, biometrics usually refers to technologies

for measuring and analyzing human body characteristics such as fingerprints, eyeretinas and irises, voice patterns, facial patterns, and hand measurements, especially

for authentication purposes. [3]

It has been widely used for personal identification since it is based on human

physiological properties, which are difficult to copy. There are several advantages in

using biometrics for authentication purposes:

1. Universality. Everyone has biometrics features.

2. Uniqueness. No two persons have the same characteristics.

3. Permanence. The characteristics of biometrics features should be invariant.

4. Collectability. The characteristics of biometrics features should be measured

quantitatively.

5. Performance. The characteristics of biometrics features should be quick to

distinguish.

6. Acceptability. The characteristics of biometrics features should be easily

identifiable.

Based on the above properties, many biometric-based systems have been

developed using human body characteristics. One of the easiest to use is the fingerprint.

After deciding to use a fingerprint as the personal identifier, selecting a cryptanalysis

system to encrypt data is also very important.

Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to

secret code systems) with a view to finding weaknesses in them that will permitretrieval of the plaintext from the ciphertext, without necessarily knowing the key

or the algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem.

[4]


6/67

6

Encryption is the process of transforming information from an unsecured form (clear

or plaintext) into coded information (ciphertext), which cannot be easily read by

outside parties [5]. Two parts of an encryption system involves

. . . a means of changing information into code (the algorithm), and a secret starting

point for the algorithm (the key). . . . The key determines how the algorithm - the

encryption process - will be applied to a particular message, and matching keys

must be used to encrypt and decrypt messages . . . Two basic types of encryption inuse today are known as private key encryption and public key encryption. In private

key encryption, the same key is used for both encryption and decryption . . . Public

key encryption solves the problem of maintaining key security by having separate

keys for encryption and decryption. [6]

The file encryption system developed in this project will encrypt files using a

private key. The system will automatically create a code file containing the combination

of converted data from the original file and a private key with an ID number. For

fingerprint matching technically speaking, the biometric devices create electronic digital

templates that are stored (a user s stored enrollment) and then compared to live, when

there is a need to verify the identity of an individual [7].

The purpose of this project will be to modify an existing fingerprint

identification and encryption system so it provides the highest security possible for

individual or group access to a company s sensitive documents or files in a more user

friendly way.

Scope of the Project

This project covers the following areas:

l This project uses a dialog-based MFC AppWizard [exe] of Visual C++ 6.0

Enterprise Version as the structure of the program.


7/67

7

l Fingerprint identification is used through the fingerprint reader to scan

fingerprint data.

l A private key system of cryptology is used in this project.

Although not used in this project, a public key system of cryptology will be

compared with the private key system of cryptology.

The Structure of the Project

Figure 1 shows the data flow chart of the Fingerprint Identification and

Encryption System (FIES) implementation in seven steps:

Step 1. Run the FIES.

Step 2. Create a user data in the Person Management.

Step 3. Enroll a user s fingerprint data.

Step 4. Verify the fingerprint data that is created.

Step 5. Encrypt an original file.

Step 6. Decrypt a file that is encrypted.

Step 7. Exit the FIES.

The Structure of File Encryption

Figure 2 shows how FIES automatically creates an encrypted file and a code

file after encrypting the original file.

The Structure of File Decryption

Figure 3 shows how FIES decrypts encrypted file using a code file.


8/67

8

Figure 1. The data flow chart of the FIES implementation.

Figure 2. The structure of file encryption.

Person Management

Fingerprint Data Enrollment

Person Verification File Encryption

File Decryption

Run FIES

Exit FIES

Original file

Encrypting file

Convertedcontext file

System time

Private key

Code file

ID No.


9/67

9

Figure 3. The structure of file decryption.

Hardware/Software Used in This Project

Hardware

l Fingerprint reader/verifier/scanner

l Laptop Computer (P4 2.0G, RAM 256M, Hard disk-20G)

Encrypting file

Decrypting file

Converted

context file ID No.

Private key

System time

Code fileCode

Comparing

two codes

Decrypting file

failure

Decrypting file

successfully

Fingerprint

Library

Live

fingerprint

Fingerprint

matching


10/67

10

Software

l Windows 2000 Professional

l Visual C++ 6.0 Enterprise Version

Other Products

1. Eagle Tec Finger Print Scanner PC Card, which has the following important

features:

l Full Windows OS support including 98, ME, NT4.0, 2000, and XP.

l PCMCIA (16-bit) interface.l Easy to use master password for all types of Windows application and on-

line passwords.

l Locking files or folders from unauthorized access.

l Locking application from unauthorized access.

l Compatible with Windows screen-saver password feature.l Easy to import and export existing passwords.l Store unlimited number of passwords and related information in a secure

database.

l Compatible with Microsoft Password support for Internet Explorer.

l Compatible with GUI that is easy to install, customize, and use.l International Language Support. [8]

2. Targus DEFCON Authenticator with USB Hub, which has these important

features:

l Fingerprint Biometric Authentication.

l SecureSuite Software offers password management and document/folderencryption.

l Integrated two port USB hub Notebook Computer Security/Expansion.l Light, small and great for travel. [9]


11/67

11

CHAPTER II

PERSONAL IDENTIFICATION

Introduction

With the rapid development of science and technology, personal identification

plays a very important role today since it is used to verify user personal information

before allowing entry into a secure and confidential system. Why is personal

identification so important today? Because computers and the Internet have developed so

quickly, security has become very difficult. Without effective personal identification

safeguards, anyone can easily gain access to important data or break into important

systems. Traditionally, in order to verify personal identification, the user needed only a

User ID and Password to access secured files. However, a User ID and Password only is

not secure enough since they can be easily stolen. A new authorization/identification

technique, biometrics, has been developed that can determine more accurately if a

person is authorized to access a computer system and/or its files.

The Classification of Personal Identification

Some biometric characteristics that are used or are under investigation as

distinctive personal identification include:

l Fingerprints

l Hand geometry

l Hand Vein

l Iris


12/67

12

l Retina

l Signature

l Voice Print

l Facial Thermogram

l DNA

Among these biometric characteristics, using the fingerprint as a form of

authentication is the most popular and convenient because of universality, uniqueness,

collectability, and acceptability.

The Method of Personal Identification

This project will use the fingerprint as the tool of personal identification.

There are two types of fingerprint identification: manual and automatic. Manual

fingerprint identification needs an expert to compare a print with a fingerprint database.

However, this action is time consuming and laborious. The other method uses automatic

fingerprint identification. Using a special software application and a fingerprint reader,

the fingerprint can be easily identified and compared by using an enrolled fingerprint

database. Figure 4 shows a domain class diagram of the fingerprint verification system. It

clearly shows the relationships and compares fingerprints between the user and the

fingerprint database via the fingerprint verification system.


13/67

13

Figure 4. Domain class diagram of fingerprint verification system.


14/67

14

CHAPTER III

FINGERPRINT VERIFICATION

Introduction

In 1684 an Englishman, Dr. Nehemiah Grew, wrote a paper about fingerprint

features on a human finger. It was later, in 1897, when Sir Edward Henry developed a

classification system for fingerprints based on his discovery that every person has over 13

characteristics on each fingerprint [10] and that these characteristics can help verify

personal identification. From birth to until death, a person s fingerprints remain the same

and never change. Since a fingerprint cannot disappear or be lost and other people cannot

easily copy it, fingerprinting is a unique and secure method of personal identification in

today s world. People can use their fingerprints as a secure key lock anytime and

anywhere. For example, police use fingerprints to access each person s criminal record

files. And a fingerprint identification system can be used to access long distance files,

control a computer system, and electronic bank via the Internet.

The Classifications of Fingerprint

Fingerprint classification can provide an important indexing mechanism in a

fingerprint database. An accurate and consistent classification can greatly reduce

fingerprint- matching time in large databases. The patterns and geometry of fingerprints

are different for each individual and they are unchanged with age. The classifications of

fingerprints are based on certain characteristics called arches, loops, and whorls. A

fingerprint is made up of some characteristics on the surface of the finger. The uniqueness

of a fingerprint can be determined by the pattern of ridges and furrows as well as the


15/67

15

minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge

bifurcation or a ridge ending. Fingerprint verification can be divided into two

characteristic models: fingerprint shape characteristic and fingerprint detail characteristic.

Fingerprint Shape Characteristic

Some fingerprints have a spiral shape. The center of the spiral shape is known

as the Core Point of the fingerprint (Figure 5).

In other fingerprints, the furrows of the fingerprint are horizontal on the left-

bottom side or right-bottom side and the furrows on the top run in two opposite directions.

This is called a Delta Point (Figure 6).

Figure 5. The Core Point.

Figure 6. The Delta Point.There are many variations of these basic fingerprint characteristics. However,

fingerprints can be further classified using certain detail characteristics arches, loops,

and whorls.


16/67

16

The Arch

The arch looks like a hill. There are two types of arch shapes in this case: the

Simple Arch and the Tended Arch.

Figure 7 shows the Simple Arch. The middle part is going up just a little bit

with a smooth bend. This type of arch has no triangular shape or central point.

Figure 7. The Simple Arch.

Figure 8 shows a Tended Arch. The central part of the fingerprint goes up

sharply and clearly, like a peak. This type of fingerprint has a triangular shape and no

central point.

Figure 8. The Tended Arch.

The Loop


17/67

17

It looks like a dustpan and either bends to the left-hand side or right-hand side.

This type of fingerprint has a central point and a triangular shape. It can be classified as

either a left loop or right loop.

The Left Loop (Figure 9) is the mouth of the dustpan on the left-hand side.

Plus, the loop is always a triangular shape on the right-hand side.

Figure 9. The Left Loop.

The Right Loop is opposite of the Left Loop. The mouth is on the right-hand

side with a triangular shape on the left-hand side as shown in Figure 10.

Figure 10. The Right Loop.

The Whorl

The lines in this fingerprint spiral like the lines in a seashell and it has a round

or oval shape. It has a central point and a triangular shape on both the left and right-hand

side as shown in Figure 11.


18/67

18

Figure 11. The Whorl.

Among whorl fingerprints, there are two variations worth mentioning: the

Double Loop Whorl and the Accidental Whorl. The Double Loop Whorl looks like two

upside-down loops on the same fingerprint (Figure 12). The Accidental Whorl is made up

of one or many loops and whorls. These form a special fingerprint shape. Usually this

type of fingerprint includes two or more triangular points.

Figure 12. The Double Loop Whorl.

Fingerprint Detail Characteristics

The characteristics of the fingerprints can be divided into three types:

directions, core point and delta point, and detail characteristics.

Directions

The fingerprint is formed by different lines. The direction of these lines can be

formed into different shapes and characteristics as shown in Figure 13.


19/67

19

Figure 13. The Directions of a fingerprint.

Core Point and Delta Point

The successful fingerprint identification is based on accurate core points and

delta points as Table 1 shows.

Detail Characteristics

Detail characteristics have eight categories as Table 2 shows. Ending point

and bifurcation point are called basic characteristic. The other characteristics are called

complex characteristics.

Table 1.

The Core Point and Delta Point of Fingerprint

Classification of Fingerprints Core Point Delta Point Type of Delta Point

Arch0 0

Right Loop 1 1 Left

Left Loop 1 1 Right

Whorl 1 2 Left and Right

Tended Arch 0 1


20/67

20

Table 2.

The Characteristics of Fingerprints

Characteristics Images

Dot

Ending

Bifurcation

Island

Spur

Crosser

Bridge

Short ridge

Minutiae Extraction

When the user places his/her fingerprint on the reader, the verifier catches the

image and shows the minutiae points of the user s fingerprint as shown in Figure 14.

The fingerprint verifier tries to match the minutiae points and coordinate (x, y)

with the fingerprint data already existing in the database.

When there are over 12 matching minutiae points between the fingerprint

database and live fingerprint data, they can be identified as being from the same finger.

The data flow chart of fingerprint data matching is shown in Figure 15.


21/67

21

Figure 14. The minutiae points of a fingerprint.

Scientific studies have shown that two different fingerprints cannot have over 12

matching minutiae points [11].

The required number of matching minutiae points can be set according to the

security level and identifying speed demanded.

l If a higher security level is required, the user can set a higher number (> = 12)

and the false acceptance rate is less than 1/10,000.

l If a faster identifying speed is needed, the user set a lower number (8) and the

false acceptance rate is less than 1/1,000.

Red: End points

Green: Cross points

: Core points

\:


22/67

22

Figure 15. The data flow chart of fingerprint data matching.

Fingerprint enrollment and database file created

Automatically fingerprint minutiae extraction

Fingerprint image and data saving

Fingerprint database

Fingerprint identification matching

Live fingerprint

input

Fingerprint data

transition

Fingerprint

matching failure

No

Yes

Fingerprint matching completed


23/67

23

CHAPTER IV

CRYPTOLOGY

Introduction

Cryptology is the science of enciphering and deciphering codes or secret

communications. Cryptology can be divided into two areas:

1. Cryptography creating and using secure codes. Cryptology can be used for:

a. Data Secrecy or Data Privacy: Avoid illegal reading of data content.

b. Data Authenticity: Assure the legality of a data resource.

c. Data Integrity: Make sure of data modification.

d. Data Non-repudiation: Cannot repudiate data transition.

2. Cryptanalysis deciphering or breaking codes.

Types of Attack

1. Ciphertext-only attack.Just given some coded messages, aim to decode them and/or find the key:

l Statistical analysis of the ciphertext can restrict key or plaintext.

l Exhaustive key search -- feasible up to 50--60 bit keys.2. Known-plaintext attack.

Given some plaintext and its coded version, aim to find the key. This was the attackon Enigma.

3. Chosen-plaintext attack.

You can choose messages and see what they come out as, aim to find the key.Variations depending on how many messages you can use and whether you can

choose one after seeing the result of the last (adaptive chosen plaintext attack). [12]

Public Key Cryptosystem

The information of Public-Key Cryptosystem includes:

l The latest revolution in cryptology.


24/67

24

l Idea due to Diffie and Hellman, 1970.l There is a key that allows you to encrypt a message, but does not help you to

decrypt other messages.l There is a separate key that can be used to decrypt the messages.

l Each user publicizes their encryption key (or public key) but guards theirdecryption key (or secret key).

l To send someone a message you encrypt it with their public key.

l To intercept and read it requires their secret key.

All public-key cryptosystems depend on the use of a trapdoor function in the

encryption step. This is a function (more precisely a program implementing afunction) fsuch that, given fand x, f(x) is easy to compute, but given fand f(x), x is

not easy to compute. [12]

Rivest-Shamir-Adleman (RSA) Algorithm

Ronald L. Rivest, Adi Shamir, and Leonard Adleman developed the RSA

system in 1977 [13].

This system uses as its trapdoor function that is fi,n(x) = ximod n where i,n,

and x are large integers, typically 100--300 digits.If you know i,n, and x, it is relatively easy to compute fi,n(x), but (for the

right choice of i and n and as far as we know), not the reverse. The numbers i and n

form the public key. The secret key is n and another large number j such that xi j

= x

mod n. The three numbers (n, i, j) are called a key pair. [12]

RSA Key Pairs

We are left to determine:

l How to choose a key pair (n, i, j) such that xi j = x mod n (correctness)

l How to choose a key pair so that knowing the public key does not allowdecryption (security)

This depends on a few pieces of elementary number theory and one fact aboutthe current state of computational number theory:

l It is much easier to test whether or not a number is prime that to find the

prime factors of a non-prime number of the same sizeCreating a key pair depends on being able to find two large prime numbers on

demand, whereas breaking one (finding j given n and i) seems to depend onfactoring their product. [12]

Creating Key Pairs

A key pair is created by finding two primes P and Q of suitable size (and withcertain nice properties). We multiply them together to get N = P * Q.

Now I is chosen (often I = 3, it doesn't matter). To find J we need:


25/67

25

The extended Euclidean algorithm:

This algorithm computes the highest common factor (greatest common divisor) H

of two integers X and Y and finds two integers S and T, such thatS * X+T * Y=H

Details later.We apply this with X = I and Y = (P-1)*(Q-1). If the GCD H is not 1 we try

another I. When H = 1, we have S and T such that

S * I + T * (P-1) * (Q-1) = 1

We take J = S.

RSA Example:Take P = 7 and Q = 11 then N = 77.

Take I = 13, the public key is (13,77)

Using the Extended Euclidean Algorithm, with X = 13 and Y = (7-1) * (11-1) = 60

to find that S * 13 + T * 60 = 1, J = S = 37 and T = -8.

Hence (37,77) is the secret key.Now we can encrypt 2:

313

mod 77 = 1594323 mod 77 = 38

Decrypting we calculate (working mod 77)

381 mod 77 = 38

382

mod 77 = 1444 mod 77 = 58

384

mod 77 = 582

mod 77 = 3364 mod 77 = 5338

8mod 77 = 53

2mod 77 = 2809 mod 77 = 37

3816 mod 77 = 372 mod 77 = 1369 mod 77 = 60

3832

mod 77 = 602 mod 77 = 3600 mod 77 = 58

We can find38

37mod 77 = (38

32* 38

4* 38

1) mod 77 = (58*53*38) mod 77 = 116812 mod 77 =

3 [12]

The structure of public-key cryptosystem as shown in Figure 16.

Figure 16. The structure of public-key cryptosystem.

PlaintextEncryption Decryption

Ciphertext Plaintext

Asymmetric key pair generator

Private keyPublic key


26/67

26

Private Key Cryptosystem

Data Encryption Standard (DES)

. . . is the name of the Federal Information Processing Standard (FIPS) 46-3,which describes the data encryption algorithm (DEA). The DEA is also defined in

the ANSI standard X9.32. [Originally developed by IBM and known as Lucifer],

the National Security Agency (NSA) and the National Bureau of Standards (NBS,

now the National Institute of Standards and Technology, NIST) played a substantial

role in the final stages of development. The DEA, often called DES, has beenextensively studied since its publication and is the best known and widely used

symmetric algorithm in the world.

The DEA has a 64-bit block size and uses a 56-bit key during executio n (8

parity bits are stripped off from the full 64-bit key). The DEA is a symmetric

cryptosystem, specifically a 16-round Feistel cipher and was originally designed forimplementation in hardware. When used for communication, both sender and

receiver must know the same secret key, which can be used to encrypt and decrypt

the message, or to generate and verify a message authentication code (MAC). The

DEA can also be used for single-user encryption, such as to store files on a hard

disk in encrypted form. In a multi-user environment, secure key distribution may be

difficult; public-key cryptography provides an ideal solution to this problem. [14]

l Secret-key cryptosystem.

l Originally from IBM Thomas J Watson labs.

l Adopted for low-level security by US Govt.l Published and standardized in the 80s.l Fast to encrypt and decrypt in software or hardware.

l Fast hardware commercially available (U.S. export restrictions apply).l Still strong but starting to look a little shaky.

l Block cipher with 64 bit blocks.

l 56 bit keys extended to 64 by eight parity bits.l Encryption and decryption each a sequence of basic steps. [12]

DESBasic Structure

Think of DES as a pair of functions from a 64-bit key k (actually made from a 56-bit key, to allow the NSA to do brute force search if they want to) and a 64-bit plain

text p to a 64-bit ciphertext cc = EDES(k, x) = I-1 (PT16(k)(S((S(PT1(k)(I(x)))

x = DDES(k, x) = I-1 (PT1(k)(S((S(PT1(k)(I(x)))Where:

I is a fixed permutation of the 64 bits.

S swaps the two 32-bit half-words.PT (x)= x + T (x / 2

32) where T is a function from 32-bit numbers to 32-bit numbers.

[12]


27/67

27

DESCorrectness

Clearly S(S(x)) = x.Also PT (PT(x)) = x, since PT does not change the high half-word and adds a function

of the high half word to the low one. Adding something twice in binary has noeffect.

Thus EDES(k, EDES(k,x)) = x, also EDES(k, DDES(k,x)) = x

The heart of the encryption is in the definition of Ti(k) for i = 116. [12]

The structure of private-key cryptosystem as shown in Figure 17.

Figure 17. The structure of private-key cryptosystem.

PlaintextEncryption Decryption

Ciphertext Plaintext

Symmetric key generator

Secret keySecret key


28/67

28

CHAPTER V

THE FINGERPRINT IDENTIFICATION

AND ENCRYPTION SYSTEM

Summaries of Modification

This section focuses on the difference between the original and modified

Fingerprint Identification and Encryption System (FIES). Tables 3, 4, and 5 summarize

the different modification modes.

Table 3.

Summary of Original and Modified Systems

ID# Features Original System Modified System

F01 User Interface X O

F02 Person Management X O

F03 Fingerprint Data Enrollment X X

F04 Fingerprint Data Verification X X

F05 File Encryption X O

F06 File Decryption X O

F07 Matching Points and Password Change X X

F08 About and Exit X X

X - Feature available, no modificationO - Feature was modification


29/67

29

Table 4.

Description of Features in the Original System

Features Description Reference

User Interface The original system uses two main user interfaces: the IDManagement and Encryption/Decryption Managementinterface. ID Management menu includes the Person, Enroll1:N Verify, 1:1 Verify, Setup, About, and Exit functions.

When the user wants to login ID Management, he/she must

input a correct password. ID Management is used to accessusers data such as ID, Name, and Level in the Person

function. Users can add, modify, delete, and load users data.After adding or modifying a user, fingerprint data must be

enrolled by using a fingerprint reader in the Enroll function.When a user enrolls fingerprint data, he/she can choose any

finger to be scanned. The system will create a user fingerprintdata file that uses the user ID for the files name. The user can

verify the fingerprint data by comparing 1:N Verify or 1:1Verify (1:N means to search all users database, 1:1 means one

user that input ID to search this IDs database). The Setupfunction allows users to set the number of matching points (8,10, 12, 14, 16, and 18) and to change a password (8 digits).The About function includes the information of the company.

The Exit function just logs a user off the system.Encryption/Decryption Management is used to encrypt/decrypt

files depending on loaded user data. User data cannot bechanged while Encryption/Decryption Management interface

is in use. Its menu includes Person, Encryption, Decryption,Minutia Threshold, About, and Exit functions. The Personfunction can only load user data form created through the ID

Management interface. The Encryption function is used toencrypt a file. The Decryption function is used to decrypt a

file. The Minutia Threshold function is used to set up thenumber of matching points. The About and Exit functions are

the same as with the ID Management interface.

F01

PersonManagement

There are three attributes of the Person Management feature.There are the ID, Name, and Level. The Level attribute is not

used. Name and Level can be blank. The system saves data toa special file (user.inf).

F02

Fingerprint Data

Enrollment

After creating user data, the user has to enroll fingerprint data

and save them to a file (Ex. User ID.aid)

F03


30/67

30

Fingerprint Data

Verification

After a user enters his/her data, the user can use this system to

check prior availability of this data via 1:N Verify or 1:1

Verify.

F04

File Encryption The user can encrypt any type of file. (After file encryption, itssize is almost the same with original file size), and you cannot

change anything to decrypt file without using FIES. After fileencryption, the FIES will create an encrypted file. The key for

encryption combines the system time and a key that is87654321.

F05

File Decryption Users will need data from the Person Management feature inorder to decrypt a file. This means that everyone with data inPerson Management feature can decrypt encrypted files.

F06

Matching Pointsand Password

Changed

User can set initial matching points (8, 10, 12, 14, 16, and 18)and change their password (8 digits).

F07

About and Exit The About function includes information on the company. TheExit function just logs off user from the system.

F08

Table 5.

Description of Features in the Modified System

Features Description Reference

User Interface The modified system uses only one main user

interface called the Fingerprint Identification andEncryption System (FIES). The system menu

includes the Person, Enroll1:N Verify, 1:1 Verify,

Encrypt, Decrypt, Setup, About, and Exitfunctions. When a user runs the FIES, the system

requests a correct password to login. The systemcan be used to access users data such as ID, Name,

and Group in the Person function. Users can add,modify, delete, and load users data. The Encryptfunction can encrypt files individually or group.

When the user chooses individual, he/she will berequested to load user data to encrypt a file;

however, when the user chooses group, he/sheneeds to input a groups name to encrypt a file. The

Decrypt function decrypts files after scanning and

F01


31/67

31

verifying a user s fingerprint.

Person Management All three attributes of Person Management - ID,

Name, and Group - cannot be blank. When user

data is loaded, the interface will display the user s

name.

F02

File Encryption Encryption can either be for individual or for group.

For individual, the user needs to select one person

from Person Management list. For group, the user

needs to input a groups name that exists in the

Person Management list. After successful file

encryption, the FIES will create two filesan

encrypted file and a code file. The key for

encryption combines the system time and a key thatis 87654321. The system also automatically

creates a code file. The code file is created by using

the original file, user ID, and a private key that is

87654321.

F05

File Decryption For a user to decrypt file, a fingerprint must bescanned and provided along with an encrypted file

and a code file. Each user must have their code file.

F06


32/67

32

User Interface

After clicking the FIES icon, every time the user wants to log into FIES, the

user has to input the correct password (Figure 18).

Figure 18. Password input dialog box.

After inputting the correct password, the user can enter FIES. The interface is

shown in Figure 19.


33/67

33

Figure 19. FIES interface screen shot.

Person Management

As the first step before using this system, the user must add user data into

Person Management (Figure 20).


34/67

34

Figure 20. Person Manager interface screen.

There are three attributes of Person Management: ID, Name, and Group. All

attributes must be filled in. None can remain blank. Then the ADD button is pressed.

The system will save the data to a special file (user.inf). When a user loads user data, the

interface will display all IDs, Names, and Groups. After adding a user, the user can

modify or delete the user data at anytime. Moreover, the user should enroll his/her

fingerprint quickly in order to create a user data file (ex. User ID.aid). One thing is very

important: after modifying user data, the user has to enroll fingerprint data again (Figure

21).


35/67

35

Figure 21. Enroll procedure screen.

After adding or modifying a user, the user can load his/her data and enroll

fingerprint data after pressing the Enroll button (Figure 22).


36/67

36

Figure 22. FIES interface screen shot showing user name.


37/67

37

Fingerprint Enrollment

When the user presses the Enroll button, the Finger Position dialog will be

displayed. The user should choose a finger to enroll fingerprint data (Figure 23).

Finger 23. Finger position dialog box.


38/67

38

After choosing a finger, the system will wait for the user to put his/her finger

on the fingerprint reader (Figure 24).

Figure 24. Fingerprint reader screen.


39/67

39

When the fingerprint reader scans and reads the fingerprint data, the system

interface will automatically display the fingerprint data in the center of the FIES interface.

It is important to note that the extract minutia value of more than 30 is better because

more matching points are easy to compare (Figure 25).

Figure 25. Fingerprint data display screen.


40/67

40

The user should scan their fingerprint data more than once in order to verify

personal data. It is best to scan one finger more than three times (Figure 26).

Figure 26. Fingerprint data registration dialog screen.

After scanning all fingerprint data, the system will display a fingerprint

enrollment completed message (Figure 27).

After creating user data, the user has to enroll fingerprint data and save them

to a file (Ex. User ID.aid).


41/67

41

Figure 27. Fingerprint Enrollment Completed dialog box.

Fingerprint Verification

After a user has created his/her data, the user can use the system to check user

availability. The user can verify the fingerprint data with the method of 1:N Verify or

1:1 Verify.


42/67

42

1:N Verify

First, the user needs to press the 1 :N Verify button (Figure 28).

Figure 28. Screen shot showing the 1:N Verify tab.

Second, scan the finger to find and verify user data (Figure 29).


43/67

43

Figure 29. User verified dialog box.

1:1 Verify

First, the user needs to press 1:1 Verify button and input ID Number (Figure

30).


44/67

44

Figure 30. Input ID Number dialog box.

Second, scan the finger to find and match the user data (Figure 31).


45/67

45

Figure 31. User verified dialog box.


46/67

46

File Encryption

The user can encrypt any type of file (after file encryption, its size is almost

the same as the original file size) and cannot change anything in order to decrypt files

without using FIES. When encrypting files, a user can choose encryption for Individual

or Group. For Individual, the user needs select one person from the Person

Management list. For Group, the user needs to input the group name, which exists in

the Person Management list. After file encryption, FIES will create two files: the

encrypting file and the code file. The key for encryption combines the system time and a

key that is 87654321. The system also automatically creates a code file. The code file is

created by the original file, ID, and a key that is 87654321. Otherwise, if no person is

created in the Person Management or no group name is inputted, file encryption will fail.

Individual Encryption

The user needs to press Encrypt button and then click Individual (Figure

32).


47/67

47

Figure 32. Encryption selection dialog box for Individual.

Select one user to encrypt a file (Figure 33).


48/67

48

Figure 33. Selecting one user.

After selecting and loading user data, the system will display the initial file

name and path (Figure 34).


49/67

49

Figure 34. File name and path dialog box.

Set up the file name and path for file encryption (Figure 35).

Figure 35. Encryption set up dialog box.


50/67

50

The system will display a successful file encryption message (Figure 36).

Figure 36. Encryption success dialog box.

The user can find an encrypting file in the folder that is set up (Figure 37).

Figure 37. Encryption folder.

The system will automatically create a code file for decrypting file (Figure 38).


51/67

51

Figure 38. Code file.

Group Encryption

The user needs to press the Encrypt button and then click Group with a

group name (Figure 39).


52/67

52

Figure 39. Encryption selection for a Group dialog box.

Set up the file name and path for file encryption (Figure 40).


53/67

53

Figure 40. Encryption setup dialog box.

The system will display a successful file encryption message (Figure 41).

Figure 41. Encryption success dialog box.

The user can find an encrypting file in the folder that you set up (Figure 42).


54/67

54

Figure 43. Encryption folder.

The system will automatically create code files for group members to decrypt

file (Figure 43).


55/67

55

Figure 43. Code files for group members.

File Decryption

If the user wants to decrypt files, he/she must scan their fingerprint and use

the encrypting file and code file that the system created. Each user has their code file.

First, the user should set up the file name and path for file decryption (Figure 44).


56/67

56

Figure 44. Setting up the file name and path for decryption.

The user should also set up a code file name and path (Figure 45).

Figure 45. Setting up a code file name and path dialog box.

Next, the user should browse and set up the code file location (Figure 46).


57/67

57

Figure 46. Setting up the code file location.

After set up the encrypting file and code file, the user should scan his/her

fingerprint to the decrypt file (Figure 47).


58/67

58

Figure 47. Scanning the fingerprint screen shot.

The system will display a successful file decryption message (Figure 48).

Figure 48. Decryption Procedure Completed dialog box.


59/67

59

The user can put the decrypt file in the folder that he/she set up (Figure 49).

Figure 49. Decryption folder with file.


60/67

60

Set up

The user needs to press Set up and then Matching points to change

minimum matching points. Initial matching points are [8, 10, 12, 14, 16, and 18] (Figure

50).

Figure 50. Minimum match points screen.


61/67

61

The user needs to press Set up and then Password Change to change the

password. Initial password is 99999999[8 digits] (Figure 51).

Figure 51. Password change dialog box.


62/67

62

About

The information includes the system title, version, copyright, programmer,

and technical support information (Figure 52).

Figure 52. About screen shot.


63/67

63

Exit

The Exit function will save data, close files, delete unnecessary files, and

log off the system.

Discussion and Future Work

This fingerprint system contains the fingerprint identification and file

encryption structure. However, this system does not require writing very large and

complex code. A lot of time was spent searching and buying the right fingerprint reader

and obtaining the copyright. After several discussions with the company (Leahsin

Technologies, Inc.) that makes the fingerprint reader used in this project, an agreement

was reach with the owner allowing use of their fingerprint reader source code as an

education reference. In order to complete this system, the right software to write the

source was needed. After several revisions, Visual C++ 6.0 Enterprise operating under the

Windows 2000 Professional environment was selected for this purpose.

Although the system developed for this project was satisfactory, there is room

for improvement. For example, the User Interface can be designed to be more ascetically

pleasing and 3D animation could be added. In the Person Management function, a

programmer could add more attributes to identify the user. Currently, there are only User

ID, Name, and Group. A programmer could add additional information such as the user s

address, telephone, e- mail etc. For the File Encryption and Decryption function, a

programmer could use more complex cryptanalysis to protect important files and data.

Choosing a better fingerprint reader will make fingerprint identification more accurate

and reliable.


64/67

64

CHAPTER VI

SUMMARIES AND CONCLUSIONS

This project used the dialog-based MFC AppWizard [exe] of Visual C++ 6.0

Enterprise version as the basis of the program. It is a great application that is very easy to

use. Once the requirements of a program are understood, the programmer can build the

system more quickly and easily make adjustments to it as needed. In addition, complex

skills are not required to combine the program and user interface. The programmer may

only need a simple procedure and then create a class for it.

The centerpiece of the program is finger_rDlg.cpp that calls other dialog

interfaces. The fingerprint data collected from the fingerprint reader and the fingerprint

identification function libraryare both stored in the FingerTouch_ID100NT_lib.lib. At

the start of running the program, a variable is declared and the system initialized. The

user can then use the system.

The user file (user.inf) is used to import and export the users data. Moreover

the user has to enroll a fingerprint image to create an individual fingerprint data file. This

project uses a fingerprint reader (SFP-100) produced by Leahsin Technologies Inc. It uses

fingerprint characteristics to build the fingerprint database, which the user can then use to

verify personal identification.

It is important to use a file encryption system that uses two keys to encrypt

files. One key is used with system time. Another key is a secure key 87654321, which

also creates a code file synchronal and automatically. The code file is converted from the

source file to a context file plus 87654321 and User ID. When the user wants to decrypt


65/67

65

a file, the user must have a code file and fingerprint scan. It is very important that the

code file is indecipherable.

It is not easy to protect data. Simple passwords cannot ensure data

confidentiality. Biometric technology offers a more natural way o f securing data and

systems without the need to constantly change and memorize passwords. This project

used fingerprint identification as its biometric technique with private-key cryptosystem to

establish a secure and flawless cryptosystem.


66/67

66

REFERENCES

[1] U.S. Census Bureau. (2001, September).Home computers and Internet use in the

United States: August 2000. Retrieved July 2003, fromhttp://www.census.gov/prod/2001pubs/p23-207.pdf

[2] Whatis?com. (2003a). Firewall. Retrieved Sept. 24, 2003, from

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html

[3] Whatis?com. (2003b).Biometrics. Retrieved Sept. 24, 2003, from


[4] Whatis?com. (2001). Cryptanalysis. Retrieved Sept. 24, 2003, from


[5] SignalGuard. (2003a). What is encryption? Retrieved Sept. 24, 2003, from

http://www.signalguard.com/encryption/encryption.htm

[6] SignalGuard. (2003b). Key management. Retrieved Sept. 24, 2003, from

http://www.signalguard.com/encryption/publickey.htm

[7] NextWave Solutions. (2003).Biometric. Retrieved July 2003, from

http://www.next-wave-solutions.com/biometrics.html

[8] EagleTec Peripheral, Inc. (2003). Eagle Tec fingerprint scanner PC card. RetrievedJuly 2003, from http://www.eagletec.net/login/pop.asp?id=467

[9] International Business Machines (IBM). (2003) .Targus DEFCON authenticator

USB fingerprint reader with USB hub. Retrieved July 2003, from http://www-

132.ibm.com/webapp/wcs/stores/servlet/ ProductDisplay?catalogId=-840&langId=-1&partNumber=31P6762&storeId=1

[10] Lennard, C.J. & Patterson, R. (2003).History of fingerprinting, part 1 and part 2.

Retrieved Sept. 24, 2003, from http://www.policensw.com/info/fingerprints/

finger01.html

[11] Lin, C. (2001).Minutiae extraction from thermal fingerprint images. Unpublishedmaster s thesis, Chung Yuan Christian University, Chung-Li, Taiwan, Republic of

China.

[12] Linton, S. (1995). Cryptology. Retrieved July 2003, from http://www-theory.dcs.st-

and.ac.uk/~sal/school/CS3010/Lectures/forhtml/node4.html


67/67

[13] RSA Security, Inc. (2003a).RSA-based cryptographic schemes. Retrieved July 2003,

from http://www.rsasecurity.com/rsalabs/rsa_algorithm/index.html

[14] RSA Security, Inc. (2003b). 3.2.1. What is DES? Retrieved July 2003, from

http://www.rsasecurity.com/rsalabs/faq/3-2-1.html

project chou

Documents