109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such security based systems are integrity, privacy, authenticity and non-repudiation and these four issues are to be carefully addressed. In such applications, only authorized users should have the access right for the related data. In centralized applications, the above said access control is handled by either a traditional user-id/password, or other more sophisticated access control mechanisms such as one-time password generators or smart tokens. For geographically distributed systems, the task of securing applications and data becomes extremely complex. In the modern society, to provide authentication, a positive determination or verification of personal identification is needed. There are a number of methods available for verifying the identity in an automated system. These methods are classified into three classes namely possessions (what you have), knowledge (what you know) and biometrics (unique personal traits) as shown in Table 6.1. In many practical situations, the multimedia data have to be both compressed and protected or secured. The most classical way to compress and secure data is to first compress the data and then encrypt them. In certain scenarios, it may be
110 desirable to use in the reverse manner, that is encryption first followed by compression. Table 6.1 Methods for Verifying the Identity Method Examples Characteristics What you know What you have What you are User ID, password, Cards, badges, keys Fingerprint, Face, Iris, PIN can be forgotten. Easily shared Many passwords are easy to guess Can be lost or stolen Easily shared Can be duplicated Non-repudiable authentication 6.1 FINGERPRINT SECURITY ISSUES Fingerprints are one of the most mature biometric technologies and are considered legitimate proofs of evidence in courts of law all over the world. Fingerprints are, therefore, used in forensic divisions worldwide for criminal investigations. In spite their numerous advantages, biometric systems are susceptible to attacks, which can decrease their security. Ratha et al (2001) analyzed these attacks, and grouped them into eight classes. Figure 6.1 shows these attacks along with the components of a typical biometric system that can be compromised. Type 1 attack involves presenting a fake biometric (e.g., synthetic fingerprint, face, iris) to the sensor. Submitting a previously intercepted biometric data constitutes the second type of attack (replay). In the third type of attack, the feature extractor module is compromised to produce feature
111 values selected by the attacker. Genuine feature values are replaced with the ones selected by the attacker in the fourth type of attack. Figure 6.1 Possible Attack Points in a Biometric based Authentication System Matcher can be modified to output an artificially high matching score in the fifth type of attack. The attack on the template database (e.g., adding a new template, modifying an existing template, removing templates, etc.) constitutes the sixth type of attack. The transmission medium between the template database and matcher is attacked in the seventh type of attack, resulting in the modification of the transmitted templates. Finally, the matcher result (accept or reject) can be overridden by the attacker. The three goals of security namely confidentiality, integrity and availability can be threatened by security attacks. Figure 6.2 relates the taxonomy of attack types to security goals. Threat is a potential for violation of security which exists when there is a circumstance that could cause harm. Threat is a probable danger that might exploit vulnerability. Confidentiality refers to the protection of transmitted
112 data from unauthorized disclosure. Integrity refers to the assurance that the data received are exactly the same as that of an authorized sender. Availability refers to the availability of the system resources to the authorized entity on demand. Figure 6.2 Taxonomy of Attacks Snooping and traffic analysis monitors the network activity thereby producing miscellaneous effect. Modification means that a portion of the message is being altered or reordered to produce unauthorized effect. Masquerade takes place when on entity pretends to be another entity. Replay attack is a form of threat to integrity and it is defined as a type of network attack in which a valid data transmission is maliciously repeated or delayed. It involves the passive capture of the data unit and its subsequent retransmission
113 produces unauthorized effect. Denial of Service prevents the normal communication facilities by disrupting the entire network. 6.2 AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORMS As per the Global System for Mobile communication (GSM), which leads to pervasive computing scenario, integrates all types of devices to be communicated for any type of transactions (Schiller J 2011). The security mechanism for authentication is performed as shown in Figure 6.3. Mobile Network SIM Figure 6.3 Security Mechanism in GSM The random number generated from the mobile number with the key is used to generate the Signed RESponse (SRES) that is transmitted to verify authentication in mobile network. This scenario along with integrity
114 check mechanism is applied to avoid replay attack during data transmission. For authentication, both sides namely network and subscriber module performs the same operation with RAND and the key K i using the same authentication algorithm. During comparison, if both the signed responses are same, the subscriber is accepted, otherwise the subscriber is rejected. The situation considered in this research work is, if an ATM center is incorporated with fingerprint processing or an iphone is connected for net transactions, fingerprint may be subjected to replay attack. Thus to avoid replay attack, the proposed methodology incorporates a biometric feature that helps to achieve integrity during data transmission. In the proposed scheme, the parameters x, y and of fingerprint minutiae is first subjected to a pseudo-random permutation to produce the permuted sequence. Then the permuted sequence which contains the three parameters is used as carrier data for further watermarking. A low distortion transform based watermarking method is used to embed the parameters type, time and a RAND number generated by the server for every transaction. This embedded data along with user information (credit card number and pin number) and ATM center information are applied as input to MD5 to produce a 128 bit hash code. This hash code is concatenated with the encrypted version of embedded data and sent for transmission. In the receiving side, the ATM server performs decryption process and then extracts type, time and RAND from the embedded data. After this recovery, the server performs validity check by using the time and RAND. If the comparison is not success, then the transaction is rejected by the server. Then the four parameters x, y, stored fingerprint parameters as illustrated in Figure 6.4. are compared with the already
115 If authenticated, the parameters are then subjected to permutation and embedding process which is as same as that of the sending side. The embedded data along with the user information (credit card number and pin number) and ATM center information are applied as input to MD5 to produce 128 bit hash code. This hash code is compared with the received hash code for proving integrity. Figure 6.4 Architecture for Avoiding Replay Attack during Transmission 6.2.1 Sender Side Process-ATM Center
116 The fingerprint is captured by the fingerprint sensors and it is subjected to the enhancement procedure described in Chapter 3. Then feature extraction and false minutiae elimination are performed as explained in Chapter 4. Thus the resultant true minutiae points are considered for further processing as shown in Figure 6.5. The steps involved are explained in detail below: Minutiae Information User Card Information ATM Center Information Type, time and RAND Permutation Embed Hash Algorithm (MD5, SHA1) Sent for Transmission Encryption Figure 6.5 Sender Side Processing Permutation The minutiae information consists of the co-ordinates (x, y), the -random permutation to produce the permuted pixel sequence, which is considered as the encrypted data. A number of permutation based methods can be used here. In this encryption procedure, only the pixel positions are permuted and the pixel values are not masked.
117 Embedding The permuted sequence is first divided in to two halves namely L part and H part. Instead of sending H part directly with the L part, the residual value is calculated and added with it. For doing so, first estimate/predict the H part from the L part using any nearest neighbor method to produce H est. Then the residual is calculated as residual = H - H est. Append the residual with the L part for further embedding. Embed type, time and RAND in to the above sequence using low distortion transform algorithm. Thus the space needed to store the three parameters is reduced through which compression is achieved. Since the algorithm produces low distortion during watermarking the receiver can reconstruct the original data without any loss of information. Hashing The five parameters that are used for hashing are embedded data, the time at which the fingerprint has been captured, a random number that is generated by the ATM server for identifying unique transaction and supplied to the center, user information consisting of the 16 bit credit card number + 4 bit pin number and ATM center information consisting of the location code for that center from Global Positioning System (GPS). Hashing algorithm like MD5 and SHA-1 are used to produce the message digest or hash code whose size is 128 and 160 bits respectively. This hash code along with the encrypted form of the embedded data is now transmitted through the transmission line.
118 6.2.2 Receiver Side Process ATM Server On receiving the data from the sender, the server performs the operation as shown in Figure 6.6 and it is explained in detail below: Decryption and Data Recovery The received data consists of the 128 bit hash code and the encrypted form of embedded data. First the ATM server performs decryption to obtain the embedded data. To recover the parameters type, time and RAND, reverse watermarking is performed. Figure 6.6 Server Side Processing
119 Validation Check After extracting these parameters, the parameters time and RAND number are subjected to validation check. The validation check is carried out to check for replay by comparing the received time and RAND with that of the server. If validated, then the transaction is allowed else it is rejected. Check for Authentication After validation check, inverse permutation is applied to get the extracted parameters. If both get matched then the fingerprint is authenticated and allowed for further processing, else transaction gets terminated. Check for Replay attack and Integrity then embed type, time and RAND in to the above permuted sequence using Low distortion transform algorithm. Then, hashing is performed for the same above said parameters to produce a 128 bit hash code. This hash code is compared with the received hash code and when a match is found, the data transmitted proves for a non-replay attack and also not modified 6.2.3 Low Distortion Transform Algorithm The basic principle of this algorithm is to reduce the distortion introduced by the watermarking by embedding not only in to the current pixel but also in to its prediction context. For performing the algorithm, consider the linear predictor called the fourth predictor of JPEG. The proposed embedding scheme covers a 2 x 2 block. Let n, w and nw be the north, west and north-west neighbors of pixel x respectively as shown in Table 6.2.
120 Table 6.2 Pixel and its Neighbors nw w n x Algorithm 6.1 (Low Distortion Transform Sender) Input: Minutiae Information Step 1: Pixel x is estimated as = n + w nw. Step2: The difference is calculated as p = x - Step 3: The prediction error Step 4: Split as evenly as possible in to four parts as,, and. These values are calculated as follows: = = (6.1) = = (6.2) Here Step 5: With this distributions, the new set of pixels become X, N, W and NW and are calculated as follows: X = x + W = w + NW = nw + N = n + Output:
121 Algorithm 6.2 (Low Distortion Transform Receiver) Input: Step1: Pixel X is estimated as = N +W NW. Step2: The difference is calculated as P =X - = 2p + b Step3: - Step4: Recover p as p = Step5: Compute,, and as follows: = = (6.3) = = (6.4) Here Step6: Finally the original pixels are recovered as follows: x = X - w = W + nw = NW - n = N + Output: Reconstructed lossless minutiae information time, RAND 6.3 RESULTS AND DISCUSSION A fingerprint minutiae is represented with three parameters namely (x, y), which are the x and y co-ordinates of ridge ending or bifurcation. The ridge ending). Four bytes for x co-ordinate, four bytes for y co-ordinate, one byte for angle and one bit for type are needed for processing. Sixteen minutiae points around the core point are chosen randomly for processing. Thus 144
122 bytes (16 x 9) is needed to represent the carrier data for embedding, which is then permuted. The parameters type (1 bit for each minutiae, so 16 bits), time (24 bits for time and 24 bits for date) and RAND number (16 bits) are used for embedding. Thus 80 bits of data gets embedded in 144 bytes of carrier data, thus reducing the storage space. About 25% of reduction is achieved with this watermarking scheme. MD5 hash algorithm is used for hashing. The message digest produced by MD5 algorithm is 128 bits. The inputs for hashing are: 144 bytes of embedded data, 32 bits of user information and 32 bits of center information. So a total of 156 bytes is applied as input to produce 128 bits hash code. This 128 bit hash code and the 144 byte encrypted embedded data are sent for transmission. In the receiving side, the ATM server performs decryption process and extracts type, time and RAND from the embedded data. After this recovery, the server performs validity check by using the time and RAND. If the comparison is not success, then the transaction is rejected by the server. Else it performs inverse permutation to generate the Then the four parameters x, y, are compared with the already stored fingerprint parameters and if authenticated, the parameters are then subjected to permutation and embedding process which is as same as that of the sending side. The embedded data along with the user information (credit card number and pin number) and ATM center information are applied as input to MD5 to produce a 128 bit hash code. This hash code is compared with the received hash code for proving integrity. Fingerprint images are taken from the FVC 2004 database. Using MATLAB Version 7.9 on Windows 7 Operating System the work is implemented. Figure 6.7 analyses the time needed for recognizing the fingerprint from the database and the time needed to provide integrity for four different
123 categories of fingerprint images from FVC 2004 DB1-a database. It is clear from the table that the matching time and replay attack time values are very low for good quality images and very high for bad quality images. (a) DB1 (b) DB2 Figure 6.7 (c) DB3 (d) DB4 Time Analysis for various Categories of FVC 2004 DB-a Fingerprint Images In Figure 6.6, x axis represents the fingerprint image from each category and y axis represents the matching time and time taken for integrity check. It is observed that the matching time and integrity check time values are very low for good quality images and very high for bad quality images. In FVC 2004 database, the fingerprint impressions are classified as good,
124 medium and bad quality images depending on eye perception. i.e., it is purely a subjective process. The images having visually high clarity with uninterrupted ridge flow and minimum scares are classified as good quality images. The images with middle level of interruptions and scares are classified as medium quality images. Visually poor quality images with high impairments are classified as bad quality images. Figure 6.8 depicts the False Acceptance Rate (FAR) and the False Rejection Rate (FRR) of the different categories of fingerprint images from FVC 2004 database, where x axis represents the four classes of FVC database and y axis represents the percentage of FAR and FRR. Figure 6.8 Error Analysis for various Categories of FVC 2004 DB-a Fingerprint Images From all the above analysis, it is observed that the proposed method is an efficient technique for avoiding replay attack during transmission and the impact of the proposed work has achieved data integrity when fingerprint feature is added to the present scenario towards the proof of authentication and integrity in remote transactions.