BIOMETRICS AS AN AUTHENTICATION TECHNIQUE IN E-GOVERNANCE SECURITY

Abhishek Roy [1], Sumita Sarkar [2], Joydeep Mukherjee [3], Arindom Mukherjee [4]
[1]. Research Scholar, Dept. Of Computer Science, The University of Burdwan, W.B, INDIA Assistant Professor, Dept. Of Computer Applications, Durgapur Society of Management Science. Website https://sites.google.com/site/diaryofaroy Email: roy-abhishek@hotmail.com [2]. Assistant Professor, Dept. Of Computer Applications, Durgapur Society of Management Science, W.B, INDIA Email: sumita.sarkar1984@gmail.com [3]. Assistant Professor, Dept. Of Computer Applications, Durgapur Society of Management Science, W.B, INDIA Email: joy8.mca@gmail.com [4]. Assistant Professor, Dept. Of Computer Applications, Durgapur Society of Management Science, W.B, INDIA Email: arindom.info@gmail.com

Abstract Since E-Governance means the deployment of governance over the state using the Information and Communication Technology (ICT), its successful implementation is totally dependent on the security of the information that is being communicated via internet. To ensure optimum security of the information, it should be verified through various authentication parameters. With the advancement of the technology, hackers are well equipped with several infringement techniques. To nullify the hackers, implementation of biometric verification can be considered as the industry standard tool. In this paper the authors have discussed the biometric techniques to neutralize the threat perceptions over the E-Governance security. Keywords E-Governance Security, Biometric Authentication, ICT 1. INTRODUCTION E-Governance [6.1, 6.2, and 6.3] means the deployment of administration throughout the state using Information and Communication Technology (ICT) [6.4]. The success rate of this mechanism is totally dependent on the security, authenticity and integrity of the information which is communicated via the public communication medium i.e internet. With the advancement of the technology, hackers are well equipped with several infringement techniques. To nullify the hackers, implementation of biometric verification can be considered as the industry standard instrument to ensure optimum security of the information. In this paper the authors have discussed the biometric techniques to neutralize the various risk factors of the E-Governance security. Section2 discusses the risk factors of the E-Governance mechanism. The literature survey done encircling the topic is mentioned in section3. Section4 states the various ways to defend the threat perceptions of E-Governance security using biometric authentication techniques. The conclusion drawn from the overall discussion is briefed in section5. Section6 cites the references. 2. RISK FACTORS OF E-GOVERNANCE SECURITY In this section, we will discuss about the various risks prevailing in E-Governance mechanism. As already mentioned, E-Governance uses electronic medium to spread government information and services to the citizenry. This flow of services is often tampered intentionally through some infringement techniques by the hackers. Hacker uses either active or passive method to intrude during data transmission through the internet. Passive hacker only listens to the information, but does not alter it. Active hackers, on the contrary, not only listen to the information transferred, but also tamper it. Hackers pose threats to the citizenry as well as to the government agencies. Due to these intruders, E-Governance security is currently at a stake. Some of the risks [6.1] caused by the

hackers to an E-Governance system are discussed below: i) During data transmission in E-Governance systems, the point of entry to and that of exit from internet is highly susceptible to data interception by the intruders. ii) The online information stored in some e-governance servers can pose risk to the system as this secret information may be under the surveillance of the intruders. iii) Hackers can make the E-Governance server hang-up by inserting malicious code like Virus, Worm and Trojan horse. iv) Hackers can steal the citizens information (ID, password, credit/debit card information) on the internet using malicious websites or from the ISPs. v) The attackers also pose threat to the governmental agencies by flooding the E-Governance sever with a large number of data packets, which leads to crash down of the server. The following are some well known attacks which have created turbulence in the e-governance system: i) Brute force attack [6.5, and 6.6] It is the most widely used password cracking method. It tries to crack a password using all possible character combinations. Using this method, the login credentials, credit card information or a session identifier can be breached. ii) Man-in-the-middle attack (MITM) [6.7, and 6.8] It is a form of eavesdropping in which the sender and receiver transfers messages amongst themselves, but the transfer is being controlled by an attacker. At the mid of the transmission the attacker tampers the messages without intimating the sender or receiver. iii) Replay attack [6.9, and 6.10] The attacker here listens to the message transferred between two parties and then replays that message to the parties maliciously or fraudulently. It can lead to bad consequences like transfer of confidential information to unauthorized person. iv) Denial of service (DoS) attack [6.1, 6.11] The attacker here restricts the user to use the internet services by flooding the network traffic with unnecessary requests. It is not the fact that these risk factors are left un-resisted by the information scientist. But there is always a scope of further enhancements. 3. LITERATURE SURVEY In this section the research works done so far to ensure the security features of the E-Governance mechanism are discussed in a tabular form. Paper title Risk and Remedies of EGovernance Systems [6.1] Object Oriented Modeling of IDEA for EGovernance Security[6.2] A Study of the State of EGovernance in India[6.3] Authors A Roy, S Karforma. Objective In this paper the authors have discussed all possible threats of the EGovernance mechanism. In this paper the authors have implemented the IDEA algorithm using object oriented paradigm. In this paper the authors have discussed the perspective of EGovernance mechanism in the context of Indian subcontinent. Tools / Techniques ICT have been used as a tool in this paper. In this paper C++ programming language and ICT have been used as a tool. ICT have been used as a tool in this paper.

A Roy, S Banik, S Karforma, J Pattanayak. C Sur, A Roy, S Banik.

Model Based Threat and Vulnerability Analysis of EGovernance Systems [6.12] Application of ICT for better decision making in egovernance
[6.13]

Shilpi Saha, Debnath Bhattachary a Tai-Hoon Kim, Samir Kr Bandyopadh yay Potekar, S.D. Giragaonkar , K.P

The authors have used Naths approach to impose security over Electronic governance to achieve confidentiality and integrity. In this paper the authors have described Information and Communication Technology (ICT) as the best tool to implement Electronic Governance. The various helpful factors in decision making using ICT is also discussed in this paper. In this paper the authors have proposed the concept of mobile governance especially its network architecture and the implementation methodology. In this paper the authors have emphasized the importance of electronic identity (e-ID). Electronic identity is the prime identification tool used for authentication in the field of e-Commerce as well as e-Governance. This paper also enlighten the requirement of flexible electronic identity which will impose security even in offline situations. In this paper the author have tried to solve the problem of Denial Of Service (DoS) attack and Distributed Denial Of Service (DDoS) attack by developing a software using Java. The objective of the software is to analyze the data packets and places them in a

Nath [56] 2005 approach have been used to provide information security. ICT have been used as an efficient tool in this paper. ICT means the integration of IT and communication technology. In this paper various wireless mobile technologies have been utilized in m-Governance. Electronic identity have been used as an efficient tool in this paper.

Simple implementati on framework for mgovernment services [6.14] Privacy enhanced data management for an electronic identity system [6.15]

Amitava Mukherjee, Agnimitra Biswas

Nimalaprak asan, S. Ramanan, S. Malalasena, B.A. Shayanthan, K. Gamage, C. Fernando, M.S.D.

Defending Safko, G. against Denial of Service Attacks using a Modified Priority Queue: Bouncer [6.16]

In this paper programming language JAVA have been used for defending DoS and DDoS attacks.

E-Governance and Standardization [6.17] A comparative study of biometric technologies with reference to human interference [6.18] Physical Security: A Biometric Approach
[6.19]

Prasad, T.V

priority queue based on their frequency of requests and their originating source. In this paper the author have proposed an standardization technique of the multi dimensional activities of electronic governance In this paper the author have made a comparative analysis of the different biometric technologies based on some characteristic feature of biometrics.

IT and IT enabled services (ITES) have been used in this paper.

K.P Tripathi

The features like universality, uniqueness, performance, collectability, acceptability, etc are used as a tool to compare the biometric technologies. In this paper ICT have been used as a tool.

Ryan Hay

Comparative and analysis of Biometric systems [6.20]

Manivannan , Padma

In this paper the author have analysed the different biometric technologies, discuss about the advantages and disadvantages of the techniques and scope of biometrics in future. In this paper, the authors have discussed about the different biometric techniques, analysed each biometric based on some factors and compared them to find out the ideal biometric.

Analysis of biometric technologies is carried out using graph depicting FAR and FRR rise or fall.

Table 1: Literature survey on E-Governance security. From the above table it is clear that several research works have already been conducted to ensure the security features of E-Governance mechanism. To counter-strike future risk factors of EGovernance mechanism, the biometric techniques can be considered as the industry standard technique. 4. BIOMETRIC AUTHENTICATION IN E-GOVERNANCE SECURITY For securing the data transmission over a network, many security mechanisms are enforced in the E-Governance system. These cryptographic algorithms have minimized the risks to a great extent; but still the systems are facing some threats from the attackers. Biometric is an evolving technology that can be used along with the security algorithms to ensure non-disrupted data transmission. This mechanism is termed as biometric encryption [6.35]. It is the process of binding a Personal

Identification Number (PIN) or a cryptographic key with the biometric information so that neither the key nor the biometric information can be retrieved from the stored template.

Fig 1: Biometric Encryption [6.36] A biometric system is used to identify or verify a user of the system. To make a biometric system ready for use, firstly the system is configured by enrolling the biometric inputs. After enrolment, when a user appears to the system, he gives the biometric input for verification. On perfect match of this biometric with the pre-enrolled biometric/s, the individual is allowed to access the system.
Biometric data Enrolment

Presentation

Feature extraction

Database

Result Biometric data

Comparison

Presentation

Feature extraction

Fig 2: Working of Biometrics [6.18] Generally, the Biometric techniques can be categorized into two sub-categories, viz. i) Physiological biometric techniques, related to anatomy of body. ii) Behavioural biometric techniques, related to behaviour of a person. 4.1 Physiological Biometric Technique The physiological biometric technique includes fingerprint identification, facial recognition, palm geometry, iris scan, retina scan, vascular pattern analysis and DNA biometrics. i) Fingerprint identification [6.18, 6.19, and 6.21]: This biometric uses the digital image of finger tip as a means of authentication. The ridge patterns of an individuals finger tip are unique and can be used to identify that individual. The image is taken by placing the finger tip on a fingerprint scanner and this direct contact leads to frequent maintenance of the scanner. This system may be deceived by fake fingerprints. ii) Facial recognition [6.18, 6.19]: The face of each individual have some unique features like the distance between the eyes, nose, mouth, etc.; and these features are captured with digital camera and used for authentication purpose. A disguised or fake face may dupe the system. iii) Palm geometry [6.18, 6.19, and 6.22]: This technique measures the length, width, thickness and surface area of an individuals palm. These measurements are unique to an individual and

thus serve as an authentication trait. Its huge hardware cost can restrict its usage. Moreover, fake palms or wrinkled or injured palms may lead to incorrect authorization results. iv) Iris scan [6.18, 6.19, and 6.23]: The iris (coloured tissue surrounding the pupil of an eye) pattern is highly unique to identify any individual. So its image is captured and used for authorization. Reflection of light, bad positioning of iris with respect to camera and the drooping eyelashes may create difficulty in reading the accurate pattern. v) Retina scans [6.19, 6.24, and 6.25]: This is a very efficient authentication technique which uses the very unique retina (blood vessels at the back of the eye) pattern as a means of authentication. vi) Vascular pattern analysis [6.19, 6.26]: The thickness and location of the veins in hands and fingers of a person is used for authentication. vii)DNA biometrics [6.27, 6.28, and 6.29]: This technique does not match with the techniques discussed above. DNA is collected from an individuals blood, hair or saliva and matched with the precollected DNA samples to verify its authenticity. This process cannot be carried out in real time. 4.2 Behavioural biometric techniques The behavioural biometric technique includes voice recognition, signature dynamics and keystroke dynamics. i) Voice recognition [6.19, 6.30, and 6.31]: The voice of an individual is recorded using a microphone and used as a means of authentication. The person to be verified has to utter a phrase or text, from where the unique properties of the tone are extracted by filtering out the background noise. ii) Signature dynamics [6.19, 6.31]: It is a very old authentication technique. In the earlier days, the length, height and loops of a signature are measured manually and used for authentication purpose. But with the advent of technologies, this process has been digitized. The person has to sign on a graphics tablet using a digital pen; the pressure and angle of writing are measured and used for verification. iii) Keystroke dynamics [6.19, 6.31]: There is no need of extra device for capturing the biometric feature. The typists typing dynamics like finger placement, duration of a key press etc. are recorded and used for further verification. To increase the security of the E-Governance mechanism the combination of two or more biometric techniques can be used. This combinational security measure is called Multimodal Biometrics [6.32]. 4.3 Application of Biometric techniques in E-Governance systems The following list mentions various practical implementations [6.18, 6.33, and 6.34] of Biometric techniques within the domain of E-Governance. i) Financial services: biometric traits are embedded in ATM cards, credit cards, debit cards, etc. ii) Immigration and border control: biometrics in passport, visa, metro rail gate pass tokens, etc. iii) Social services: biometrics is used for authenticating legitimate benefit recipients for government entitlement programs. iv) Health care: biometrics in medical insurance cards, doctor and patient id, etc. v) Law enforcement: biometrics in National ID cards, driving licenses, prisoners and visitors ID in jail, etc. vi) Time and attendance: Biometrics is used to ensure the physical presence of the employees in government organizations. The above mentioned application areas are just a part of the exhaustive list; even though new application areas may be explored.

5. CONCLUSION To impose industry standard security feature over the E-Governance mechanism, the biometric authentication techniques can be implemented embedded with the object oriented software engineering. This complex technique will explore new ideas for research work in the field of EGovernance security. 6. REFERENCES 6.1 Roy A, Karforma S, Risk and Remedies of E-Governance Systems, Oriental Journal of Computer Science & Technology (OJCST), Vol: 04 No:02, Dec 2011 Pp- 329-339. ISSN 0974-6471 6.2 Roy A, Banik S, Karforma S, Pattanayak J, Object Oriented Modeling of IDEA for EGovernance Security, Proceedings of International Conference on Computing and Systems 2010 (ICCS 2010), November 19-20, 2010, Pp-263-269, Organized by: Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 93-80813-01-5 6.3 Sur C, Roy A, Banik S, A Study of the State of E-Governance in India, Proceedings of National Conference on Computing and Systems 2010 (NACCS 2010), January 29, 2010, Pp- (a)-(h), Organized by : Department of Computer Science, The University of Burdwan, West Bengal, INDIA. ISBN 8190-77417-4. 6.4 Sur C, Roy A, Green ICT Culture and Corporate Social Responsibility, Proceedings of International Conference On Emerging Green Technologies (ICEGT 2011), July 27-30, 2011, Pp-215-219, Organized by:Periyar Maniammai University, Tamil Nadu, INDIA. 6.5 http://projects.webappsec.org/w/page/13246915/Brute%20Force, Date of access - 02nd Jan, 2012. 6.6 http://en.wikipedia.org/wiki/Brute-force_attack, Date of access - 02nd Jan, 2012. 6.7 http://en.wikipedia.org/wiki/Man-in-the-middle_attack, Date of access - 02nd Jan, 2012. 6.8 http://cryptodox.com/Man-in-the-middle_attack, Date of access - 02nd Jan, 2012. 6.9 http://en.wikipedia.org/wiki/Replay_attack, Date of access - 02nd Jan, 2012. 6.10 http://msdn.microsoft.com/en-us/library/aa738652.aspx, Date of access - 02nd Jan, 2012. 6.11 http://en.wikipedia.org/wiki/Denial-of-service_attack, Date of access - 02nd Jan, 2012. 6.12 International Journal of u- and e- Service, Science and Technology Vol. 3, No. 2, June, 2010. 6.13 Information and Communication Technologies: From Theory to Applications, 2004. ISBN: 07803-8482-2. 6.14 Mobile Business, 2005. ICMB 2005. International Conference on. Print ISBN: 0-7695-23676. 6.15 Innovative Technologies in Intelligent Systems and Industrial Applications, 2009. CITISIA 2009, Print ISBN: 978-1-4244-2886-1. 6.16 SoutheastCon, 2006. Proceedings of the IEEE, Print ISBN: 1-4244-0168-2 6.17 TENCON 2003. Conference on Convergent Technologies for Asia-Pacific Region. Print ISBN: 0-7803-8162-9. 6.18 K.P Tripathi, A comparative study of biometric technologies with reference to human interface, International journal of computer applications(0975-8887), Volume 14-No. 5, January 2011. 6.19 SANS Institute Infosec Reading Room, Ryan Hay, Physical Security: A Biometric Approach, SANS- GSEC Practical, Track 1C, November 12, 2003 6.20 Manivannan, Padma,Comparative and analysis of Biometric systems, International Journal on Computer Science and Engineering (IJCSE), Vol. 3 No. 5, ISSN: 0975-3397, May 2011. 6.21 http://unweary.com/2009/04/fingerprint-biometrics.html Date of access - 02nd Jan, 2012. 6.22 http://www.biometrics.gov/documents/handgeometry.pdf Date of access - 02nd Jan, 2012. 6.23http://www.biometrics.gov/Documents/irisrec.pdf Date of access - 02nd Jan, 2012. 6.24 http://terrorism.about.com/od/controversialtechnologies/g/RetinalScans.htm Date of access 02nd Jan, 2012. 6.25http://www.biometricnewsportal.com/retina_biometrics.asp Date of access - 02nd Jan, 2012

6.26 http://www.biometrics.gov/Documents/vascularpatternrec.pdf Date of access - 02nd Jan, 2012. 6.27 http://techbiometric.com/articles/dna-biometrics-issues-concerns-and-latest-developments/ Date of access - 02nd Jan, 2012. 6.28 http://www.biometricnewsportal.com/dna_biometrics.asp Date of access - 02nd Jan, 2012. 6.29 Sandra Maestre, Sean Nichols, DNA Biometrics, ISM 4320-001 6.30 http://en.wikipedia.org/wiki/Speaker_recognition Date of access - 02nd Jan, 2012. 6.31 Kenneth Revett, Behavioral Biometrics: A Remote Access Approach, Chapter 1: Introduction to behavioral biometrics, 2008 John Wiley & Sons, Ltd. 6.32 Arun Ross and Anil K. Jain, MULTIMODAL BIOMETRICS: AN OVERVIEW, Appeared in Proc. of 12th European Signal Processing Conference (EUSIPCO), (Vienna, Austria), pp. 1221-1224, September 2004. 6.33 Joseph W Lewis, Biometrics for secure identity verification: Trends and developments, A Thesis Presented in Partial Fulfillment of the Requirements for INSS 690 Professional Seminar, University of Maryland Bowie State University, Term 3, 2001-2002, Approved by: Professor John G. Meinke, January 26, 2002. 6.34 http://biometrics.pbworks.com/w/page/14811351/Authentication %20technologies#BIOMETRICAPPLICATIONS , Date of access - 02nd Jan, 2012. 6.35 http://usacac.army.mil/cac2/cew/repository/papers/biometric_encryption.pdf, Date of access 02nd Jan, 2012. 6.36 http://scgwww.epfl.ch/courses/Biometrics-Lectures-2011-2012-pdf/01-Biometrics-Lecture-012011/01-Biometrics-Lecture-Part1-2011-09-26.pdf, Date of access - 02nd Jan, 2012.