ABSTRACT:
As part of
the security within distributed systems, various services and resources need
protection from unauthorized use. Remote authentication is the most commonly
used method to determine the identity of a remote client. This paper
investigates a systematic approach for authenticating clients by three factors,
namely password, smart card, and biometrics. A generic and secure framework is
proposed to upgrade two-factor authentication to three-factor authentication.
The conversion not only significantly improves the information assurance at low
cost but also protects client privacy in distributed systems. In addition, our
framework retains several practice-friendly properties of the underlying
two-factor authentication, which we believe is of independent interest. The
main implementation of the Project is to get the Finger Print, RFID and the PIN
from the User for the Authentication. If the Finger Print is same but not so
clear then the Main Server will generate the Token number to the User’s Mobile number as OTP. This generated OTP would be given
using Key Pad Matrix provided to the user during Account Registration. So the
Server will be verifying User’s Finger Print, RFID card, PIN number, OTP via
Key Pad Matrix and the ID of Key Pad Matrix. This will definitely ensure proper
security of the user.
EXISTING
SYSTEM:
In a
distributed system, various resources are distributed in the form of network
services provided and managed by servers. Remote authentication is the most
commonly used method to determine the identity of a remote client. In general,
there are three authentication factors:
1. Something
the client knows: password.
2. Something
the client has: smart card.
3. Something
the client is: biometric characteristics
(e.g.,
fingerprint, voiceprint, and iris scan).
Most early
authentication mechanisms are solely based on password. While such protocols
are relatively easy to implement, passwords (and human generated passwords in particular)
have many vulnerabilities. As an example, human generated and memorable
passwords are usually short strings of characters and (sometimes) poorly
selected. By exploiting these vulnerabilities, simple dictionary attacks can
crack passwords in a short time Due to these concerns, hardware authentication
tokens are introduced to strengthen the security in user authentication, and smart-card-based
password authentication has become one of the most common authentication
mechanisms. Smart-card-based password authentication provides two factor authentication,
namely a successful login requires the client to have a valid smart card and a
correct password. While it provides stronger security guarantees than password authentication,
it could also fail if both authentication factors are compromised (e.g., an
attacker has successfully obtained the password and the data in the smart
card). In this case, a third authentication factor can alleviate the problem
and further improve the system’s assurance.
Another
authentication mechanism is biometric authentication, where users are
identified by their measurable human characteristics, such as fingerprint, voiceprint,
and iris scan. Biometric characteristics are believed to be a reliable
authentication factor since they provide a potential source of high-entropy
information and cannot be easily lost or forgotten. Despite these merits, biometric
authentication has some imperfect features. Unlike password, biometric characteristics
cannot be easily changed or revoked. Some biometric characteristics (e.g., fingerprint)
can be easily obtained without the awareness of the owner.1 This motivates the
three-factor authentication, which incorporates the advantages of the authentication
based on password, smart card, and biometrics.
Any one of the Authentication Procedures are Process, like Finger Print, RFID card, PIN.
PROPOSED
SYSTEM:
In Our
Proposed System of Implementation, We consider Three Factor Authentication
using the following,
Ø
RFID
Ø
PIN
Number
Ø
Biometrics
(Finger Print)
Every User is
provided with RFID Card for the initial Authentication Scheme, then the user
will be giving the PIN number is Provided during the Registration Period
itself.
Then the user
is permitted to give his / her Finger Print to the main server. If the Finger
Print is exactly matched, the user is allowed for the transaction. If the
Finger Print is doubtful and not exactly matched with the registered Finger
Print image then Server sends One Time Password as SMS Alert to the User’s
Mobile Number.
This One Time
Password which is generated as SMS is given by the User to the main server for
authentication. In the normal three factor Authentication Scheme, we use
following Authentication Procedures
- User PIN number along with Keypad ID
- RFID Tag
- Finger Print Image
In the case
of Fuzzy Concept, where the Finger Print is not matched but matched to the
maximum extent, and the server has suspicion, then the following procedure is
followed,
- User PIN number along with Keypad ID
- RFID Tag
- Finger Print Image
- One Time Password (OTP) Generation to the user’s Mobile Number
- OTP given by the user to the server.
all those are
used together for authentication. For Finger print Fuzzy Logic is applied for
Exact Mapping and Proper Authentication.
MODIFICATION
Process, if finger print’s fuzzy rule says 60 – 80% of matching then One
Time Password (OTP) is generated as SMS to the User’s Mobile. User will be giving OTP via Keypad
Matrix. Along with the OTP, Key Pad ID is also passed for authentication. If
Fingerprint, RFID card, PIN and OTP, Keypad ID (If Fingerprint is 60-80%
matched) which become five factor authentication.
SYSTEM SPECIFICATION
HARDWARE REQUIREMENTS
§ Processor : Pentium IV
§ RAM : 512 MB
§ HDD : 80 GB
§ RFID Reader With Tag
§ Finger Print
§ Mobile Phone for Generating SMS
SOFTWARE REQUIREMENTS
§ Platform :Windows
Xp
§ Front End :
Java JDK1.5
§ Back End :MS
SQL server
No comments:
Post a Comment
Note: only a member of this blog may post a comment.