Back

A Software Agent Enabled Biometric Security Algorithm for Secure File Access in Consumer Storage Devices

A Software Agent Enabled Biometric SecurityAlgorithm for Secure File Access in ConsumerStorage Devices

ABSTRACT:

In order to resist unauthorized access, consumerstorage devices are typically protected using a low entropypassword. However, storage devices are not fully protectedagainst an adversary because the adversary can utilize an off-linedictionary attack to find the correct password and/or run anexisting algorithm for resetting the existing password. Inaddition, a password protected device may also be stolen ormisplaced allowing an adversary to easily retrieve all the storedconfidential information from a removable storage device. Inorder to protect the consumer’s confidential information that hasbeen stored, this paper proposes a mutual authentication and keynegotiation protocol that can be used to protect the confidentialinformation in the device. The functionality of the protocolenables the storage device to be secure against relevant securityattacks. A formal security analysis using Burrows-Abadi-Needham (BAN) logic is presented to verify the presentedalgorithm. In addition, a performance analysis of the proposedprotocol reveals a significantly reduced communication overheadcompared to the relevant literature.

PROJECT OUTPUT VIDEO:

EXISTING SYSTEM:

  • Chen et al. argued that the protocol from Yang was not secure against the forgery attack and the replay attack.
  • Lee et al. argued that the protocol by Chen etal. was computationally inefficient. In order to solve thesecurity weaknesses, Lee et al.proposed the three-factorauthentication protocol based on elliptic curve cryptography.
  • The protocol from Lee et al. required the user’s password,biometric and smartcard information as authentication tokens.
  • More recently, He et al. demonstrated that the protocolproposed by Lee et al. was not secure against the passwordguessing attack, Denial-of-Service (DoS) attack and the replayattack, so proposed an improved three-factor authenticationscheme.
  • In order to resist the DoS attack, He et al.employed the concept of the fuzzy extractor. Amin and Biswas proposed a three-factorauthentication protocol for the same environment using a hashfunction to achieve a lower computation cost than existingprotocols.

DISADVANTAGES OF EXISTING SYSTEM:

  • If the confidential information is not protected, an adversary can easily retrieve the stored information from the device memory.
  • Existing system, storage devices are not fully protectedagainst an adversary because the adversary can utilize an off-linedictionary attack to find the correct password and/or run anexisting algorithm for resetting the existing password.
  • Inaddition, a password protected device may also be stolen ormisplaced allowing an adversary to easily retrieve all the storedconfidential information from a removable storage device

PROPOSED SYSTEM:

  • This paper proposes a mutual authentication and keyagreement protocol to provide only authorized access toconfidential information stored on the device with the aid of a Registration Server (RS).
  • A new user completes a registration procedure with RS allowing RS to deliver a link via e-mailfrom which the user can download and install registrationsoftware in their device which also incorporates the requiredsecure access information relevant for only each user.
  • In orderto provide secure access to files, the user provides thenecessary identity, password and biometric information. Thedevice checks the legitimacy of the user and then negotiates asession key with RS. It is to be noted that this session key isused to encrypt the files in the storage device.

ADVANTAGES OF PROPOSED SYSTEM:

  • A mutual authentication and key negotiation protocol toprovide security protection of the stored information on thestorage device,
  • Security analysis to show that the proposed protocol isrobust against known security attacks. Furthermore, in theproposed scheme, the mutual authentication and session keyagreement have been verified using BAN logic.
  • Significantly less communication overhead andcomputation costs than other related systems.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

  • System             : Pentium Dual Core.
  • Hard Disk       : 120 GB.
  • Monitor           : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram                  : 1 GB

SOFTWARE REQUIREMENTS:

  • Operating system : Windows 7.
  • Coding Language  : C#.NET
  • Tool                         : Visual Studio 2008
  • Database                 : SQL SERVER 2005
author avatar
alexandar

You may also like

Fingerprint based Voting System
28 April, 2022

Fingerprint based Voting System ABSTRACT: The most severe and frequently happening situations while conducting elections is rigging (One person give multiple votes). Right now, we are using an electronic voting machine and to identify people who already gave their vote, …

Toll Plaza Management System
12 December, 2020

Toll Plaza Management System ABSTRACT: The Toll Plaza Management System is a systematic solution developed using C#.net to streamline the toll collection process at toll plazas. This system provides an efficient and reliable solution for toll collection, reducing the time …

Toll Gate Management System
11 December, 2020

Toll Gate Management System ABSTRACT: Electronic toll collection (ETC), an adaptation of military “identification friend or foe” technology, aims to eliminate the delay on toll roads by collecting tolls electronically. It is thus a technological implementation of a road pricing …