International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016 Enhancing Security of ATM Machines using One Time Password and Biometrics using Elliptic Curve Cryptography Karanam Thirupathi Rayudu Mr.M.Aravindan, Assistant Professor Department of Electronics and Communication Engineering, SRM University, Kancheepuram, India Abstract— Security of ATM Machines is necessary because nowadays most of the applications are performed with the help of this mechanism.Elliptic Curve Cryptography (ECC) needs key size of 224-255 bits.Cryptographic keys are often kept in unsecured way that can either be prevailed through brute force attacks. This becomes a weak link and leads wholeness issues of sensitive data in a security model. To overcome the above problem, biometrics is combined with cryptography for acquiring strong security model. This paper suggests an enhancing security of OTP using ECC with finger vein biometric.This model also suggests improve security with lesser key size than other prevalent public key crypto-model. The cryptographic keys are also not required to learn or keep anywhere, these keys are generated as and when needed. In this paper we have implemented an improved protocol based on elliptic curve cryptography to solve security problems. A new password authenticated key agreement protocol with user interface has been proposed in this paper. In addition, protocol also provides some unique features such as user anonymity, no password table needed, revoking lost smart-card conveniently and password updating freely. Keywords—One-Time Password, Elliptic Curve Cryptography (ECC), Biometrics, Finger Vein image, ATM Machines. I.INTRODUCTION Finger veinauthentication is often a biometric technology which specifies an individual when using the vein pattern inside of the fingers. Fingerprint recognition or fingerprint authentication refers to the automatedmethod of verifying a match between twofingerprints. Finger vein recognition is a method of biometric authentication that uses pattern recognized techniques based on images of human finger imagepatterns beneath the skin's surface. Finger vein recognition is many forms of biometrics used to identify individuals and verification. etc. In order to reduce these issues, we can apply cryptography with biometric features. Biometrics is a technique for measuring personal features such as a subject’s face, voice, palm-vein, finger-print, retina, or iris for personal recognition. It provides unique features to recognize an individual. Human-being has been recognized by its appearance, gait, and voice for thousands of years. While comparing with prevalent identification systems, biometrics excels is providing strong security model. Cryptography is a mathematical technique for transforming text to intangible form, which can’t be easily broken by eavesdropper. It provides excellent data communication security in this digital world, provided keys size should be as per standard. There are many researches, which have been suggested that bio-metrics provides technique for identifying and authenticating an individual, since it has been reliable and universal acceptable identification and authentication methods in most application areas. The popularity of biometrics and cryptography provides foundation to the information security for becoming an equal choice among all applications areas for enhancing their security systems. The identified and authentication of an individual using cryptography and biometrics, provides high confidence in its security model. We proposed an algorithm for enhancing the security of OTP using ECC with finger-image biometric. The influence of ECC compared to prevalent public key cryptography such as Gradient Boosting, is that it offers higher security per bit with smaller key size. ECC has smaller key size, hence it also reduced the computation power, memory and bandwidth. II. The security is required for dual purposes. They are to protect customers’ privacy and to protect against fraud. While more than two persons communicate to each other then they worry about confidentiality, data authentication, non-repudiation ISSN: 2231-5381 ONE-TIME PASSWORD (OTP) Out of many types of attacks, there is a type of attack on computing environment connected to the network, is replay attack/eavesdropping, which obtains legitimate user’s credential such as login-id http://www.ijettjournal.org Page 6 International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016 and password. Once the credential are captured by attackers, then same are used to get accessed into the legitimate user’s account to do some mischievous works. To get rid of this type of attack, an OTP system is used. OTP system has operations in both sides of the networks. On the client/user side, the appropriate OTP must be generated and displayed. On the server/host side, the server must be able to verify the OTP received from client side and permits the secure exchanging of the user’s confidential information. In ECC, for addition a point with another one and other arithmetic operations of elliptic curve then we have to follow the given below rules. III. Elliptic Curve Cryptography Rule 3: If J = (x1, y1) and K = (x2, y2) with J K, A. Mathematics behind ECC Mainly two types of elliptic curves are considered for cryptography applications. 1) Elliptic Curves over GF(2m) 2) Elliptic Curves over Zp. The rules for addition over Ep (a, b). For all points J, K 2Ep (a, b): Rule 1: J + O (Infinity) = J Rule 2: If point J=(x1, y1), then J + (x1, -y1) = O. =- Then L = J + K = (x3, y3) is calculated using the following Formulas: x3 = (t2 - x1 - x2) mod p y3 = (t(x1-x3) - y1) mod p Elliptic curves based on GF (2m), the values for variables and co-efficient and their computation all require in GF (2m). Elliptic Curves on Zp, in this curves, cubic equation is used and computations are performed on module p, where allthe values for variables and coefficient requires in the set of integers ranging from 0 to (p-1). Cryptographer noticed that elliptic curves behavedconveniently when operations were performed with prime modulo. The equation of elliptic curve is y2 mod p = (x3+ ax + b) mod p where, t = ((y2 - y1) / (x2 - x1)) and, t = ((3x12 + a) / 2y1) mod mod p, if J p, if J = K =K Rule of Multiplication: It is defined as repeated addition. Let us assume J is a point on elliptic curve, J = (x1, y1). Then, 8 X J = J+J+J+J+J+J+J+J =2 X J + 2 X J + 2 X J + 2 X J =4 X J + 4 X J (1) Where C. Stages on ECC (2) 4a3 + 27b2 = 0 Here, a and b are parameters and p is a prime number of the curve; in elliptic curves, the values for variables and co-efficient must be from the elements of a finite field. This paper is designed on the basis of elliptic curves over Zp. In order to do any calculation on elliptic curve, all points of the curve must be considered. To find thepoints on the curve, select an elliptic curve and the equation of the elliptic curve is y2 mod p = (x3+ ax + b) mod p (4) Where For example, an elliptic curve is as follow: y2 mod 11 = (x3+ ax + 2) mod 11 B. Mathematical Computation in ECC The mathematical computation for elliptic curve is different from that of the mathematical computations requires for prevalent cryptography. ISSN: 2231-5381 4a3 + 27b2 = 0 All points for this curve are the set Ep (a, b) having all (3) of integers (x, y), which fulfills the elliptic curve pairs equation along with origin. Following are the methods to find the points on the elliptic curve: Points on ECC 1) Find the LHS of the elliptic curve for all (x, http://www.ijettjournal.org Page 7 (5) International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016 y) 2 Zp. 2) Find the RHS of the elliptic curve for all (x, y) 2 Zp. 3) Select the pair of value of x and y respectively as a pair for all x, y 2 Zp for which LHS = RHS. 4) All the selected pairs of values of (x, y) become the points for the elliptic curve. Example: Let assume the value of p=11, a=1, b=1 for the above curve, resultant points are (0,1), (2,0), (3,3), (3,8), (4,5) etc. D. Key Generation and Key Exchange Elliptic curve uses Elliptic curve Diffie-Hellman method to generate and exchange key. In the original Diffie-Hellman algorithm, multiplicative group modulo p is used, while in the elliptic curve DiffieHellman (ECDH) algorithm, the additive elliptic curve group is used. In the ECDH scheme the communicating users get the value of point K. Secret key is generated from the above point K. Suppose there are two users Alice and Bob. According to the Diffie-Hellman the key generation and exchange is as follows. Key generation and key exchange 1) 2) 3) 4) 5) 6) Alice uses his palm vein feature for his private key dA which is less than n. Alice gets a public key PA = dA X G in Ep (a, b). Bob uses his palm vein features for his private key dB which is less than n Bob gets a public key PB = dB X G. Alice creates the secret key k = dA X PB. Bob creates the secret key k = dB * PA. By exchanging the key through this method both Bob and Alice can communicate safely. Bob can use the secret value he computed to build an encrypting key. When Alice gets the message from Bob, she uses the secret value she computed to build the decrypting key. It is the same secret value, so they use the same key. Thus what Bob encrypts Alice can decrypt. IV. FINGER VEIN BIOMETRIC Pre-processing images normally acquiring rid of getting rid of low-frequency background noise, normalizing the intensity of the individual particular images, removing reflections, and masking portions of images. Image pre-processing is the proficiency of enhancing data hierarchy prior to computational processing. ISSN: 2231-5381 Image Segmentation is the process of partitioning a digital image into multiple regression. The goal of segmentation is to simplify to examining whole image into a small image. Image segmentation is typically used to place objects and boundaries (lines, curves, etc.) in images. More precisely, image segmentation is the process of allotting a label to every pixel in an image such that pixels with the same label share certain characteristics. Clustering can be conceived the most important unsupervised learning problem; so, as every other problem of this kind, it detecting with finding a structure in a collection of unlabeled data. K-means clustering directs to partition n observations into k clusters in which each observation goes to the cluster with the nearest mean, serving as a prototype of the cluster. Algorithm of K mean Clustering: Let X = {x1,x2,x3,……..,xn} be the set of data points and V = {v1,v2,…….,vc} be the setoff centers. 1) Randomly choose ‘c’ cluster centers. 2) Calculate the distance between each data point and cluster centers field. 3) Allot the data point to the cluster center whose distance from the cluster center is minimum of all the cluster centers. 4) Compute the new cluster center using: 5) Recalculate the distance between each data point and new received cluster centers. 6) Whenever no data point was reassigned then stop, otherwise repeat from step3) . One of the important module, it get the information from the previous block of segmentation and clustering. Feature origin involves modifying the quantity of resources required to describe a large set of data accurately. The collected number of feature will be difficult to judge which is reality one. Through the gradient algorithm we are taking decision by using three parameter. Scalability (pixel density of the region), Integrity (parameters of finger vein), Flexibility (probability decision) SVM are supervised learning models with associated learning algorithms. Toanalyze data and discern patterns, used for sorting and reversion analysis. The input image is stored in database which is shown in Fig.1. http://www.ijettjournal.org Page 8 International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016 Fig. 1. Finger vein input image Fig. 3. Un-Authentication image After clustering and feature extraction, the image is equate with the aimed dataset using SVM classifier, whether the input image is matched or un-matched. After clustering and feature extraction, the image is equate with the aimed dataset using SVM classifier, the input image is un-authenticated which is shown in Fig.3. V. PROPOSED MODEL LCD Input Image Sound Sensor 4*4 KEYP AD Mat-lab PIC16F877A Fig.2. Authentication image After clustering and feature extraction, the image is equate with the aimed dataset using SVM classifier, the input image is authenticated which is shown in Fig.2. RFID Reade r PC Relay UART DC Motor Bluetoot h Buzze r Fig. 4. Block Diagram of Secure ATM Machines ISSN: 2231-5381 http://www.ijettjournal.org Page 9 International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016 The Architecture of the aimed model is shown in fig. 4. In this paper we are using finger vein features of ATM Machines for generating secret keys are used in ECC to provide data communication security while getting the OTP from Bluetooth. To make authenticate we are using RFID to make process more secure and we can enter password.Here we are usingMat-lab technology with the help of image processing we recognize the original image. In this paper we have implemented an improved protocol based on elliptic curve cryptography to solve security problems.Using finger vein input image and RFID card to validate user then user can access your ATM account after it will generate One Time Password through Blue Tooth. Using Keypad we can enter One Time Password(OTP) and after we can enter amount and Delivery process. If we entered pin number is not correct or unauthenticated person access the ATM Machines, the entire process will be stopped. Fig. 5. Enrollment and Authentication Steps VI. RESULTS AND DISCUSSION Fig.6. Design of Secure ATM Machines using One Time Password Using finger vein input image as already stored in database which is compared to trained dataset using SVM classifier.if it is matches, the lcd screen shows authenticated and putting RFID card to validate user. If aunthenticated and RFID reader matches getting the One Time Password throuh Bluetooth. After we enter the One Time Password and amount,then withdrawn the amount in Cash delievery control. If it is not matched,it will shows not authenticate and the entire process will be stopped. As we are using ECC, so we can attain high level security with very shorter key size. Thus it also solves the key size problem. As we know that ECC needs very composite mathematical operation, therefore in this model strength of security is also very high. In this, a very assure communication of the OTP in the network is illustrated with the help of ECC and Finger vein biometric. The main advantage of ECC is that it needs very less key size and gives high level of security with cheaper biometric recognition system. Finger vein biometrics provides contact-less, hygienic and noninvasive and easily to use system. At present trade business is growing very rapidly. Most of the banking systems use OTP in the form of plain-text for the money transaction of ATM Machines, which is very insecure and totally dependent on the Bluetooth. The proposed model also can be utilized for any other type of secure data communication systems, which is communicated through SMS. VII. CONCLUSION Enhancing security of ATM machines uses a gradient feature detector to extract vein patterns. It can obtain all the points on the gradient feature in the image and increase the information of the feature. By using this method, not only the mutual information among different vein branches is used, but also treat every vein branch with independence..Using finger vein input image and RFID card to validate whether ISSN: 2231-5381 http://www.ijettjournal.org Page 10 International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 1- May 2016 user is authenticated or not, if authenticated thenuser can access ATM card. So that, it will generate One Time Password through Bluetooth. This system is suitable for mobile devices and ATM’s because of its low computational complexity and low power consumption. The advantage of this proposed system is more secured and confidential. ACKNOWLEDGMENT We would like to thank our co-workers, HOD, Dean (R & C) and Director of our Institute for supporting directly or indirectly in this research work. REFERENCES R. Cappelli, A. Erol, D. Maio, and D. Maltoni, “Synthetic fingerprint image generation,” in Proc. 15th Int. Conf. Pattern Recognition, [2] A. M. Bazen, G. T. B. Verwaaijen, S. H. Gerez, L. P. J. Veelenturf, and B. J. v. d. Zwaag, “A correlation-based fingerprint verification system,”inProRISC Workshop on Circuits, Systems and Signal Processing,Veldhoven, the Netherlands, 2000, pp. 205–213. [3] A. Ross, S. C. Dass, and A. K. Jain, “Fingerprint warping using ridge curve correspondences,” Pattern Analysis and Machine Intelligence,IEEE Transactions on, vol. 28, no. 1, pp. 19–30, 2006, 0162-8828 [4] A. M. Bazen and S. H. Gerez, “Fingerprint matching by thinplate spline modelling of elastic deformations,” Pattern Recognit., vol. 36, no. 8, pp. 1859–1867, Aug. 2003. [5] R. Cappelli, D. Maio, and D. Maltoni, “Modeling plastic distortion in fingerprint images,” in Proc. ICAPR, 2001, pp. 369–376. [6] N. K. Ratha and R. M. Bolle, “Effect of controlled acquisition on fingerprint matching,” in Proc. 14th ICPR, 1998, vol. 2, pp. 1659–1661. [7] C. Dorai, N. Ratha, andR.Bolle, “Detecting dynamic behavior in compressed fingerprint videos: Distortion,” in Proc. CVPR, Hilton Head, SC, Jun. 2000, pp. 2320–2326. [8] X. P. Luo, J. Tian, and Y.Wu, “Aminutia matching algorithm in fingerprint verification,” in Proc. 15th ICPR, Sep. 2000, vol. 4, pp. 833–836. [9] D. Lee, K. Choi, and J.Kim, “Arobust fingerprint matching algorithm using local alignment,” in Proc. 16th Int. Conf. Pattern Recognition,Quebec City, Que., Canada, Aug. 2002, vol. 3, pp. 803–806. [10] Z. M. Kovacs-Vajna, “A fingerprint verification system based on triangular matching and dynamic time warping,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 22, no. 11, pp. 1266– 1276, Nov. 2000. [1] ISSN: 2231-5381 http://www.ijettjournal.org Page 11