International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016
Enhancing Security of ATM Machines using
One Time Password and Biometrics using
Elliptic Curve Cryptography
Karanam Thirupathi Rayudu
Mr.M.Aravindan, Assistant Professor
Department of Electronics and Communication Engineering, SRM University, Kancheepuram, India
Abstract—
Security of ATM Machines is necessary because
nowadays most of the applications are performed with the
help of this mechanism.Elliptic Curve Cryptography (ECC)
needs key size of 224-255 bits.Cryptographic keys are often
kept in unsecured way that can either be prevailed through
brute force attacks. This becomes a weak link and leads
wholeness issues of sensitive data in a security model. To
overcome the above problem, biometrics is combined with
cryptography for acquiring strong security model. This
paper suggests an enhancing security of OTP using ECC
with finger vein biometric.This model also suggests improve
security with lesser key size than other prevalent public key
crypto-model. The cryptographic keys are also not required
to learn or keep anywhere, these keys are generated as and
when needed. In this paper we have implemented an
improved protocol based on elliptic curve cryptography to
solve security problems. A new password authenticated key
agreement protocol with user interface has been proposed in
this paper. In addition, protocol also provides some unique
features such as user anonymity, no password table needed,
revoking lost smart-card conveniently and password
updating freely.
Keywords—One-Time Password, Elliptic Curve
Cryptography (ECC), Biometrics, Finger Vein image, ATM
Machines.
I.INTRODUCTION
Finger veinauthentication is often a biometric
technology which specifies an individual when using
the vein pattern inside of the fingers. Fingerprint
recognition or fingerprint authentication refers to the
automatedmethod of verifying a match between
twofingerprints.
Finger vein recognition is a method of biometric
authentication that uses pattern recognized techniques
based on images of human finger imagepatterns
beneath the skin's surface. Finger vein recognition is
many forms of biometrics used to identify individuals
and verification.
etc. In order to reduce these issues, we can apply
cryptography with biometric features.
Biometrics is a technique for measuring personal
features such as a subject’s face, voice, palm-vein,
finger-print, retina, or iris for personal recognition. It
provides unique features to recognize an individual.
Human-being has been recognized by its appearance,
gait, and voice for thousands of years. While
comparing with prevalent identification systems,
biometrics excels is providing strong security model.
Cryptography is a mathematical technique for
transforming text to intangible form, which can’t be
easily broken by eavesdropper. It provides excellent
data communication security in this digital world,
provided keys size should be as per standard.
There are many researches, which have been
suggested that bio-metrics provides technique for
identifying and authenticating an individual, since it
has been reliable and universal acceptable
identification and authentication methods in most
application areas. The popularity of biometrics and
cryptography provides foundation to the information
security for becoming an equal choice among all
applications areas for enhancing their security
systems.
The identified and authentication of an individual
using cryptography and biometrics, provides high
confidence in its security model.
We proposed an algorithm for enhancing the
security of OTP using ECC with finger-image
biometric. The influence of ECC compared to
prevalent public key cryptography such as Gradient
Boosting, is that it offers higher security per bit with
smaller key size. ECC has smaller key size, hence it
also reduced the computation power, memory and
bandwidth.
II.
The security is required for dual purposes. They
are to protect customers’ privacy and to protect
against fraud. While more than two persons
communicate to each other then they worry about
confidentiality, data authentication, non-repudiation
ISSN: 2231-5381
ONE-TIME PASSWORD (OTP)
Out of many types of attacks, there is a type of
attack on computing environment connected to the
network, is replay attack/eavesdropping, which
obtains legitimate user’s credential such as login-id
http://www.ijettjournal.org
Page 6
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016
and password. Once the credential are captured by
attackers, then same are used to get accessed into the
legitimate user’s account to do some mischievous
works. To get rid of this type of attack, an OTP
system is used. OTP system has operations in both
sides of the networks. On the client/user side, the
appropriate OTP must be generated and displayed. On
the server/host side, the server must be able to verify
the OTP received from client side and permits the
secure exchanging of the user’s confidential
information.
In ECC, for addition a point with another one and
other arithmetic operations of elliptic curve then we
have to follow the given below rules.
III. Elliptic Curve Cryptography
Rule 3: If J = (x1, y1) and K = (x2, y2) with J
K,
A. Mathematics behind ECC
Mainly two types of elliptic curves are considered
for cryptography applications.
1)
Elliptic Curves over GF(2m)
2)
Elliptic Curves over Zp.
The rules for addition over Ep (a, b).
For all points J, K 2Ep (a, b):
Rule 1: J + O (Infinity) = J
Rule 2: If point J=(x1, y1), then J + (x1, -y1) = O.
=-
Then L = J + K = (x3, y3) is calculated using the
following
Formulas: x3 = (t2 - x1 - x2) mod p
y3 = (t(x1-x3) - y1) mod p
Elliptic curves based on GF (2m), the values for
variables and co-efficient and their computation all
require in GF (2m).
Elliptic Curves on Zp, in this curves, cubic
equation is used and computations are performed on
module p, where allthe values for variables and coefficient requires in the set of integers ranging from 0
to (p-1).
Cryptographer noticed that elliptic curves
behavedconveniently when operations were
performed with prime modulo. The equation of
elliptic curve is
y2 mod p = (x3+ ax + b) mod p
where, t = ((y2 - y1) / (x2 - x1))
and, t = ((3x12 + a) / 2y1) mod
mod p, if J
p, if J = K
=K
Rule of Multiplication: It is defined as repeated
addition.
Let us assume J is a point on elliptic curve, J = (x1,
y1).
Then, 8 X J = J+J+J+J+J+J+J+J
=2 X J + 2 X J + 2 X J + 2 X J
=4 X J + 4 X J
(1)
Where
C. Stages on ECC
(2)
4a3 + 27b2 = 0
Here, a and b are parameters and p is a prime
number of the curve; in elliptic curves, the values
for variables and co-efficient must be from the
elements of a finite field. This paper is designed on
the basis of elliptic curves over Zp.
In order to do any calculation on elliptic curve, all
points of the curve must be considered. To find
thepoints on the curve, select an elliptic curve and the
equation of the elliptic curve is
y2 mod p = (x3+ ax + b) mod p
(4)
Where
For example, an elliptic curve is as follow:
y2 mod 11 = (x3+ ax + 2) mod 11
B. Mathematical Computation in ECC
The mathematical computation for elliptic curve
is different from that of the mathematical
computations requires for prevalent cryptography.
ISSN: 2231-5381
4a3 + 27b2 = 0
All points for this curve are the set Ep (a, b) having all
(3) of integers (x, y), which fulfills the elliptic curve
pairs
equation along with origin. Following are the methods
to find the points on the elliptic curve:
Points on ECC
1)
Find the LHS of the elliptic curve for all (x,
http://www.ijettjournal.org
Page 7
(5)
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016
y) 2 Zp.
2)
Find the RHS of the elliptic curve for all (x,
y) 2 Zp.
3)
Select the pair of value of x and y
respectively as a pair for all x, y 2 Zp for
which LHS = RHS.
4)
All the selected pairs of values of (x, y)
become the points for the elliptic curve.
Example: Let assume the value of p=11, a=1, b=1
for the above curve, resultant points are (0,1), (2,0),
(3,3), (3,8), (4,5) etc.
D. Key Generation and Key Exchange
Elliptic curve uses Elliptic curve Diffie-Hellman
method to generate and exchange key. In the original
Diffie-Hellman algorithm, multiplicative group
modulo p is used, while in the elliptic curve DiffieHellman (ECDH) algorithm, the additive elliptic curve
group is used. In the ECDH scheme the
communicating users get the value of point K. Secret
key is generated from the above point K.
Suppose there are two users Alice and Bob.
According to the Diffie-Hellman the key generation
and exchange is as follows.
Key generation and key exchange
1)
2)
3)
4)
5)
6)
Alice uses his palm vein feature for his private
key dA which is less than n.
Alice gets a public key PA = dA X G in Ep (a,
b).
Bob uses his palm vein features for his private
key dB which is less than n
Bob gets a public key PB = dB X G.
Alice creates the secret key k = dA X PB.
Bob creates the secret key k = dB * PA.
By exchanging the key through this method both Bob
and Alice can communicate safely. Bob can use the
secret value he computed to build an encrypting key.
When Alice gets the message from Bob, she uses the
secret value she computed to build the decrypting key.
It is the same secret value, so they use the same key.
Thus what Bob encrypts Alice can decrypt.
IV. FINGER VEIN BIOMETRIC
Pre-processing images normally acquiring rid of
getting rid of low-frequency background noise,
normalizing the intensity of the individual particular
images, removing reflections, and masking portions of
images. Image pre-processing is the proficiency of
enhancing data hierarchy prior to computational
processing.
ISSN: 2231-5381
Image Segmentation is the process of partitioning a
digital image into multiple regression. The goal of
segmentation is to simplify to examining whole image
into a small image. Image segmentation is typically
used to place objects and boundaries (lines, curves,
etc.) in images. More precisely, image segmentation is
the process of allotting a label to every pixel in an
image such that pixels with the same label share
certain characteristics.
Clustering can be conceived the most important
unsupervised learning problem; so, as every other
problem of this kind, it detecting with finding a
structure in a collection of unlabeled data.
K-means clustering directs to partition n observations
into k clusters in which each observation goes to the
cluster with the nearest mean, serving as a prototype
of the cluster.
Algorithm of K mean Clustering:
Let X = {x1,x2,x3,……..,xn} be the set of data points
and V = {v1,v2,…….,vc} be the setoff centers.
1) Randomly choose ‘c’ cluster centers.
2) Calculate the distance between each data point and
cluster centers field.
3) Allot the data point to the cluster center whose
distance from the cluster center is minimum of all the
cluster centers.
4) Compute the new cluster center using:
5) Recalculate the distance between each data point
and new received cluster centers.
6) Whenever no data point was reassigned then stop,
otherwise repeat from step3)
.
One of the important module, it get the information
from the previous block of segmentation and
clustering.
Feature origin involves modifying the quantity of
resources required to describe a large set of data
accurately.
The collected number of feature will be difficult to
judge which is reality one. Through the gradient
algorithm we are taking decision by using three
parameter. Scalability (pixel density of the region),
Integrity (parameters of finger vein), Flexibility
(probability decision)
SVM are supervised learning models with associated
learning algorithms. Toanalyze data and discern
patterns, used for sorting and reversion analysis.
The input image is stored in database which is shown
in Fig.1.
http://www.ijettjournal.org
Page 8
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016
Fig. 1. Finger vein input image
Fig. 3. Un-Authentication image
After clustering and feature extraction, the image is
equate with the aimed dataset using SVM classifier,
whether the input image is matched or un-matched.
After clustering and feature extraction, the image is
equate with the aimed dataset using SVM classifier,
the input image is un-authenticated which is shown in
Fig.3.
V. PROPOSED MODEL
LCD
Input
Image
Sound
Sensor
4*4
KEYP
AD
Mat-lab
PIC16F877A
Fig.2. Authentication image
After clustering and feature extraction, the image is
equate with the aimed dataset using SVM classifier,
the input image is authenticated which is shown in
Fig.2.
RFID
Reade
r
PC
Relay
UART
DC
Motor
Bluetoot
h
Buzze
r
Fig. 4. Block Diagram of Secure ATM Machines
ISSN: 2231-5381
http://www.ijettjournal.org
Page 9
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016
The Architecture of the aimed model is shown in
fig. 4. In this paper we are using finger vein features
of ATM Machines for generating secret keys are used
in ECC to provide data communication security while
getting the OTP from Bluetooth. To make authenticate
we are using RFID to make process more secure and
we can enter password.Here we are usingMat-lab
technology with the help of image processing we
recognize the original image. In this paper we have
implemented an improved protocol based on elliptic
curve cryptography to solve security problems.Using
finger vein input image and RFID card to validate user
then user can access your ATM account after it will
generate One Time Password through Blue Tooth.
Using Keypad we can enter One Time
Password(OTP) and after we can enter amount and
Delivery process. If we entered pin number is not
correct or unauthenticated person access the ATM
Machines, the entire process will be stopped.
Fig. 5. Enrollment and Authentication Steps
VI. RESULTS AND DISCUSSION
Fig.6. Design of Secure ATM Machines using One
Time Password
Using finger vein input image as already stored in
database which is compared to trained dataset using
SVM classifier.if it is matches, the lcd screen shows
authenticated and putting RFID card to validate user.
If aunthenticated and RFID reader matches getting
the One Time Password throuh Bluetooth. After we
enter the One Time Password and amount,then
withdrawn the amount in Cash delievery control. If it
is not matched,it will shows not authenticate and the
entire process will be stopped. As we are using ECC,
so we can attain high level security with very shorter
key size. Thus it also solves the key size problem. As
we know that ECC needs very composite
mathematical operation, therefore in this model
strength of security is also very high.
In this, a very assure communication of the OTP in
the network is illustrated with the help of ECC and
Finger vein biometric. The main advantage of ECC is
that it needs very less key size and gives high level of
security with cheaper biometric recognition system.
Finger vein biometrics provides contact-less, hygienic
and noninvasive and easily to use system. At present
trade business is growing very rapidly. Most of the
banking systems use OTP in the form of plain-text for
the money transaction of ATM Machines, which is
very insecure and totally dependent on the Bluetooth.
The proposed model also can be utilized for any other
type of secure data communication systems, which is
communicated through SMS.
VII. CONCLUSION
Enhancing security of ATM machines uses a
gradient feature detector to extract vein patterns. It can
obtain all the points on the gradient feature in the
image and increase the information of the feature. By
using this method, not only the mutual information
among different vein branches is used, but also treat
every vein branch with independence..Using finger
vein input image and RFID card to validate whether
ISSN: 2231-5381
http://www.ijettjournal.org
Page 10
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016
user is authenticated or not, if authenticated thenuser
can access ATM card. So that, it will generate One
Time Password through Bluetooth. This system is
suitable for mobile devices and ATM’s because of its
low computational complexity and low power
consumption. The advantage of this proposed system
is more secured and confidential.
ACKNOWLEDGMENT
We would like to thank our co-workers, HOD,
Dean (R & C) and Director of our Institute for
supporting directly or indirectly in this research work.
REFERENCES
R. Cappelli, A. Erol, D. Maio, and D. Maltoni, “Synthetic
fingerprint image generation,” in Proc. 15th Int. Conf. Pattern
Recognition,
[2] A. M. Bazen, G. T. B. Verwaaijen, S. H. Gerez, L. P. J.
Veelenturf, and B. J. v. d. Zwaag, “A correlation-based
fingerprint verification system,”inProRISC Workshop on
Circuits, Systems and Signal Processing,Veldhoven, the
Netherlands, 2000, pp. 205–213.
[3] A. Ross, S. C. Dass, and A. K. Jain, “Fingerprint warping
using ridge curve correspondences,” Pattern Analysis and
Machine Intelligence,IEEE Transactions on, vol. 28, no. 1,
pp. 19–30, 2006, 0162-8828
[4] A. M. Bazen and S. H. Gerez, “Fingerprint matching by thinplate spline modelling of elastic deformations,” Pattern
Recognit., vol. 36, no. 8, pp. 1859–1867, Aug. 2003.
[5] R. Cappelli, D. Maio, and D. Maltoni, “Modeling plastic
distortion in fingerprint images,” in Proc. ICAPR, 2001, pp.
369–376.
[6] N. K. Ratha and R. M. Bolle, “Effect of controlled acquisition
on fingerprint matching,” in Proc. 14th ICPR, 1998, vol. 2,
pp. 1659–1661.
[7] C. Dorai, N. Ratha, andR.Bolle, “Detecting dynamic behavior
in compressed fingerprint videos: Distortion,” in Proc. CVPR,
Hilton Head, SC, Jun. 2000, pp. 2320–2326.
[8] X. P. Luo, J. Tian, and Y.Wu, “Aminutia matching algorithm
in fingerprint verification,” in Proc. 15th ICPR, Sep. 2000,
vol. 4, pp. 833–836.
[9] D. Lee, K. Choi, and J.Kim, “Arobust fingerprint
matching algorithm using local alignment,” in Proc. 16th
Int. Conf. Pattern Recognition,Quebec City, Que., Canada,
Aug. 2002, vol. 3, pp. 803–806.
[10] Z. M. Kovacs-Vajna, “A fingerprint verification system based
on triangular matching and dynamic time warping,” IEEE
Trans. Pattern Anal. Mach. Intell., vol. 22, no. 11, pp. 1266–
1276, Nov. 2000.
[1]
ISSN: 2231-5381
http://www.ijettjournal.org
Page 11