Efficiency of Biometric integration with Salt Value at an Enterprise Level and Data Centres

22 Efficiency of Biometric inte grati on with Salt Value at an Enterp rise Leve l an d Data Cent res Bhargav. Balakri shnan Suther land Globa l Services India 1. Introduct i on Biomet ric have been an effect ive tool in pr oviding the a uthen tication for the auth orized user to access the reso urces of an organizat i on. They have been widely used i n data c entres and at enterprise or ganiz ations as it requi re lot of securit y; those are ter med as infor m ati on security (confident iality of data ) . Ev en then ho w the hackers are able to trace the network and break the pass words. Is there any we akness in the des ign of the operat ing syste m ? Why the designe r of the operating s ystem have not co m e up with any tool th at can provide b ett er security for the servers . A s we all kno w that securities are applied at differen t stages of an OS like at system boot , before login screen and the f inal pas sword check point at the logon screen . The netwo rk is designed in such a way that e ach st age from firewall till user web access is monit ored, then ho w t he hacke rs ar e able to trace t he flaw . To av oid thi s hap pening especial ly lo ss of data can be prev ente d by including biomet ric at higher level of securi ty. Biomet ric is one of the tools that pr ovides authent icat ion onl y for the registere d / authorize d users of that respe ctive server . Once if it joins with SALT va lue ( rand omly gener ated value of any length ) which is n othing but the password of the auth orized user and maps with the encrypted val ue to aut horize the user ac ces s on t o the server, the server level se curity goes high. Bio metri c have not been inte r faced with SALT value ye t and used for authen ti cation of authori zed user ’ s at serv er leve l. Whene ver t he secur ity is applied on t he serv er level especial ly f or Micr osoft Serve rs, the complexity of the pass word alone is not suf f icient as there has been lo t of possible ways design ed by the hacker s to break that password . Here the biomet ric when includ ed will n ot allow the hack er to penetrat e as it (Biometric ima ge) is unique for every user. There w ill be lot of FAQ’s regardin g this type of m eth odol ogy for user auth entic ation at serv er le vel. When the authori zed user get s hurt in his finge r for ex ample , how the server can be accessed ? Soluti on Here the applicat ion should be designed in s uch a way that it acce pts m axi m um of two thumb impressi o n . When it goes beyond this the user has to log on e mergen cy mode in server by pre ssing f8 , which can be accessed b y means of a comple x passw ord with minim al access to applic ations. (Will be ex plained in de pth in co ming t opics) How does bi omet ric image and pa ssword maps with En crypt ed value sto re in the NTDS file of windo w s 2003 s erver? Soluti on: -The authenti cation pattern is simila r to any aut h entication meth odology that is followe d in NT authe ntic ation , mail servers etc... A sligh t modificati on will incl ude a biometric image + SALT Value that auto m aticall y generate an encrypted val ue which maps with sto red encrypted value . The encrypti on algorith m s hou ld be changed on regul ar basis accordingly the encr yp ted value corres po nd ing to each user will change. Here ho w the bio metri c is g oing to help ? Based on the image th e value i s generat ed ev en tho u gh SALT V alue (here it is user’s comple x pass word) is kno wn to strange r the respectiv e sys te m of a user c an not l o gged wit h his (auth orized use r) thum b impressi on, that’s where b iometric provid es sec urity at enterprise level or data centre . 2. Biometr ic tech niques There are different biometri c techniques and so m e of the co mmo nly known techniq u es are as follows 1. Finger Print Te chnol ogy is an im pressi o n of the fricti o n ridge s of all or any part of the finger . A friction ridg e is a raise d portio n of the on the palmar ( p al m) or d igits (fingers and toes) o r planta r (sole ) skin , consistin g of o ne o r more connected ridge unit s of friction ridge skin. Thes e ri dges are so m eti mes kn own a s "der m al ridg es" or "der m al” 2. Face Recogniti on Tech nol ogy is an applicati on of comput er for automatic ally identi fying or verifying a pe rson from a di gital image or a video fra m e fro m a video source . I t is the most natural mean s of bio metri c ident ificat i on. F acia l recogniti o n technolog ies have recent ly devel oped into two areas and they are F acial metri c an d Eigen faces 3. IRIS Technolo gy uses the iris of the eye which is colored area that surroun ds the pupil. Iris patterns are unique and are obtained through vide o based image acquisit ion syste m. 4 . Hand Geometr y Technol ogy include the estimation of length, w idth , thicknes s and surface area of the hand. Various m eth o d are used t o measure the hands- Mechan ical o r optical princi ple 5. Retina Geomet ry Technolo gy is based on the blood vessel p attern in the retina of the eye as the blood vessels at the back of the eye have a unique pattern , from eye to eye and person to person Retina is not di rectly visible and so a cohere nt infra red light source is necessar y to illuminat e the retina . The infrared energy is absorbed faster by blood vessels in the retina than by the surroun ding tissue. The i mage o f the retin a blood vessel pattern is then analyzed 6. Spea ker Rec ogniti on Tech nique focuses on the vo cal characte ri stics that p rod uce speech and not on the sound or the pro n unciat ion of spe ech itself . The vocal chara cterist ics depend on the dimen sions of the v ocal tract , mouth, nasal cavities and the other speech processing mechan is m of the human b ody . It does n’t req u ire any special and exp ensive hardware . The signature dyna mics re cognit ion is based on the dynamics of m aking the signature , rath er tha n a direct com parison of the si gnatu re its elf after wards. The dyn amics is measured as a means of the pressure, directio n, accele rat ion and the length of the strokes , dyna mics nu m ber of stroke s and thei r duration . The re are a lot o f other bi ometric technique s like pal m print , han d vein , DN A, ther m al i ma ging, ear s hape , body odour, keystrokes dy na mics, finge rn ail bed . But these techniq ues are not been widely used in the authent icati on of the a pers on in attend ance marking , server le vel auth entication , authent icati on of a res ident card h older as there are not feasible as the com monly used technique s which has been described ab ove. As the authe ntication technique s sho uld be feasible enou gh both in secu rity and usabi lity of the devic e. Based upo n which only , the organizat ion w ill accept f or the implement ati on of Bio m etr ic authenti cation techniq ue for their sec urity purp ose. 3. Eval uation o n various B io metric techniques 3.1 Fals e Acc ept Rate (FAR) and False M atch R ate (MAR) The probability that the system incor rectly decl ares a succe ssful match bet ween the input pattern and a n on matching pattern in the data base is measured by the percent of invalid matche s. The se systems are critical since the y are com monl y used to forbid certain actions by disallo wed people . 3.2 Fals e Re j ect Ra t e (FRR) o r False Non -M a tch Ra te (FN MR) The probability that the system inc orrectly declare s failur e of match between the inp ut pattern and the matching te m plat e in the database is measured by the p er cent of valid inputs being rejected. This happe ns in some of the biometri c authentic ation techniq ue as it will g ive a ne gative result when the log is gene rated as the image it has authen ticated is different whic h will be considered as a neg ative para m eter . 3.3 Rela t ive Operat i ng Chara cteris tic (ROC) In general , the matchi ng algor ithm pe rfor m s a decisi on using so me para m eters (e . g. a threshold ). In biometric syste m s the FAR and FRR can typic ally be traded off again st each other by changing those parameters . The ROC plot is obtai ned by graph ing the values of FAR and FRR, changing the va riables implic itly. A com mon variation is the Detection Error Trade- off (DET), w hi ch is obtai ned using n ormal deviate scales on both a xes . This more linear gra ph illuminat es the differen ces for high er perform an ces (rare r er rors) . 3.4 Equ al Er ror Rat e (EER) The rates at w hich both accept and reject errors are equal.RO C or DET plotting is used because ho w FAR and FRR can be chan ged, is shown clear ly. When quick comparis on of two syst ems is required , the ERR is com monly used. Obtaine d from the ROC plot by taking the point where FA R and FRR have the same value. The lower the EER, the more accurat e the syste m is c onsi dered t o be. 3.5 Fai lure to En rol Ra t e (FTE or FER) The percentage o f data input is considered inval id and fails to input into the syste m. Failure to enroll happens w he n the data o btaine d by the senso r are considered invalid or of poor quality. 3.6 Fai lure to Cap t ure Ra te (FTC ) Within automat ic syste m s , the probabilit y that the syste m fails to detect a biometri c charact eristic when present ed corre c tly is gene rally treated as FTC. 3.7 Te m plate C apacity It is defi ned as the ma ximu m nu mber o f sets of d ata whi ch can be input i n to the system. 4. Basic se tup of e n terprise l evel se curity As we see fro m the above diagram the securit y that is appl ied at each stage of a net work. Even after ap plying the se se c urities how t he hackers are able to p enetrat e thr ou gh the networ k and able to stea l the confident ial data ’ s of m any us er’s. When the use r is accessing his bank a c count thr ough net b anking or when he trying to do a trans act ion o f money o ver a networ k all that is required is securit y for his pass word and his account . Even then the hackers are able to get the usern ame but getti ng a passw ord is w hat his challenge is with which he can manip ulate an ything o n the cust omer ’ s account . A lot of these thi ngs are happen ing in today ’s present sce nari o. But how to secure these kinds of flaws bo th at a server lev el as well as at a user level is w hat is going to be discussed in depth in thi s chapte r and the methodolog y that is go ing to be used to prevent this using the biometric and salt value along with the encrypti on algorith m. The biometri c can’t be used at a wide level at a Net banking as every user will not hav e a la ptop or can’t get bio m etric devices separat ely . In order to apply even that at an enterprise server level, ho to do that is w hat is going to be discussed in this method o logy of s erve r and applic ation authent icatio n at an enter prise level. Fig 1 Se c urity applied at each stage of a netw ork Each stage has its o wn encry ption algorit h m bu t h aving s om ethin g included unique withi n an Encrypti o n alg orith m is what to m ake the data centres to ha ve their infor mation ’s keep even more secure d. Each applic ation has an encry ption alg orith m right from Cisco r outers but they are also broke n in many ways the m the hacke rs are ab le to get the IP address of the internal networ k by so me means . Even so me organi zations allow users at higher level executiv e to use Pen Driv es on their o f ficial c omputers . If the antiv irus in stalled on t he co mputer is n ot effective then the virus /spam that has affected the other compute r can p enetrat e into the networ k and can affect many other computers over the networ k. So what happen ed to the security of the inf ormation’s that are stored on the server? T he m ain drawba ck co m es here is the server authent icatio n are maint ained with ju st the pa ssword an d the encryption that comes with the server OS alone. B ut even though the passwor d is set comple x it is easy f or hackers to reset the password . There are lot of encryptio n algorith m in today ’s world which are making the process of brea king up the se curity pass word. Even af ter using a l ot o f networ k monitorin g m any organiz ations are facing this issue . H ow to resolve these kinds of issues at Servers at enter prise level is the place the biometr ic and the salt value is going to play a vital role. As the bio m etric images are uniq ue as we all know and can also provid e a bette r level of securit y with b oth the SALT val ue and the encr yption alg orith m. 4. 1 Pa ra meters o f Bio metric techn ique at secu rity le vel 4.1.1 Pe rm uta t ion and comb i nation Why we have to choose permutat ion and combination while applying biometri c at enterpr ise level? The main rea son is to have a redunda ncy when there is a user gets hurt then what will be an alternat e option . Whe n we take the eye the po ssi bility of generat ing a bi ometric image from a person will be two and it mainly depend s on the characterist ic of the light behind it that is the brightnes s. When the re is so me slight variat ion in the light that is ge nerating this image can cause the authorize d users fro m accessing and th e p robabilit y that can be tried in this approa ch is also less. There are certain c oncept s lik e Voice, f ing er print where the probabilit y beco mes wider. The other techniq ues are also effe ctive but each as speci fic criteria to bring that at complete enterpr ise w ill violate the security norm as well as it will be taken into accou nt th at is what we call as “Risk manag e ment” . The liv e server are always are handled with a lot of risk an d securit y measure ta ken for it will high. Let me explai n you how this per mutat ion c ombin ation conce pt is going to w ork. For exa mple, if I am going to be an aut horize d net w ork engine er at an organizati on and have been g iven the permission to chan ge certain thin gs on t he s er ver regarding to t he ne twork and it’s security mo nit o ring . I h ave gene rated a biometri c imag e with m y finger s say 2 fingers from the left ha nd and 2 from the right hand . Now on that I have got f ract ure in m y rig ht hand. So the possibilit y o f gene rating bio metric images usin g the two f ingers is there in the left hand . So the com binatio ns that are acce pted by the syste m is high and it becomes flexible for the authorized user to operate o n the server and also secured as the im ages are uniq ue to each pers on. Only the re gistered users along w ith their pass word (SALT value) a nd encrypti o n algorith m that is getting generated inter nally once after accepting the bio m etric image and passw ord of a user is going to m ap with the e ncryption table . The encry ption algorith m can be varied on a weekly b asis to ens ure that the encrypted val ue are manipul ated periodi cally to ens u re high level of security at the server level as that is like the heart of an organizat ion and the stage abov e it are like a wall or barrier s for the hackers. Certai n server can have an authen tic ation fro m couple of bi ometric gene rate d by the same person which will converted int o the respectiv e formats usi ng any mathe m atica l approa ches and it is going to be discussed in to p ic w here the ge neratio n of encrypti on is goin g to be done . X1/X2 + SAL T V ALUE (Y1) = W1+Z 1 = Final encrypt ed value (E1) ( 1) Here X1/X 2 are the biometric images in which eith er of th em can be used. But in which biometric is this combi nation are more is in very less techniques . Then the o nes that are having more pr obabilit y will be the finger p rint and the v oice . But the voice als o has a specifi c drawback .. Wh en I gener ate a voice encryptio n the applica tion should filter the unwant ed sounds th at come apart f rom the voi ce of the auth orized user then the probability of us ing the voice in authe nticati on techniq ues w ill be high. As the voice is having a lot of combinati on like the finger print and can be conv erted into d ifferent for mat bef ore it co mes wi th a dif ferent format of passw ord ( SALT va lue) thereby providing a high ly security appr oach of security . The m ain thi ng that should be joined with voice is the filteri ng o f the un want ed so und fro m the back ground eve ry ti me rig ht f rom the reg istr ation of auth orized user on a server at enterprise level. The re are a lot of combinati ons that needs to be taken into acc ou nt as the server needs to be accessed regula rly so the techniq ue t hat ca n process easi er will be v oice and finger print. Let us look into the othe r techniq ues and acc ord ing to the priotizat ion, re liability , usability and feasibility the biometri c tec hniques will be utilized but having a comm on will make the process of authenti cation easier . Let us see a brief de scripti on on the para meters that are going to play an imp ortant r ole in the i mpleme ntation of sev er authentic ation technique at an enter prise level usi ng the biometri c and SALT value as a source of ge nerating the authent icati on code. Then the code is go ing to m ap w ith the encryptio n process for authent icating an a uthor ized user . 4.1.1.1 Prio t izat ion The servers at enterprise will be underg oing m onitori ng at regular intervals an d access ing the servers for various purp oses will be high. Certain servers will be acc es sed at specific interva ls like data base server, web server, net banki ng, ATM servers etc... Like at the end of the day to generate the complete rep o rt on the transacti on and the y are accessed only by certain authori zed users who are technical specialist on that applic ation and also w ho can generate the end o f the day report as the data’s which are see m as highly con fidential like u ser’s account numbe r, Pin numbers, acc ount details w hich are nor mally ke pt highly secured for which this biometr ic appro ach of authe nticati on will make it highly secured. In this sector the biometric aut henticat ion type should be highly secure d and f easible . So in these sectors the highly recommen ded app roach w ith finger p rints and the n come s vo ice recognitio n. Why these approa ches are feasible in this secti on? The m ain reas on the proba bility of gene rating the finger print image is more than the other biometri c m ethodol o gy . When the authori zed user needs to access , there is no requi reme nt of other criter ia’s like brightne ss of the roo m, the voice f ilter ing, the po s ition etc. The finger print is quite a simple appro ach of biomet ric and also give s high sec urity for the a uthent icati on. The best exa mple will b e the Ya ho o Mail where Yahoo has got finger print approach for accessin g the e-mails. The other m eth o d ologies o f biometric generati o n are als o hav ing the advantage over au t hent ication but it is the divis ion where we use the m . The biometr ic i mage once generated should also be stored secured and then t he Salt v al ue ge neratio n should be r andom. Every day t he S ALT value should be different and it should get update d to the auth orized user. The device that is used is ge nerate the SALT Value ev ery 60 sec onds are been manufa ctured by EMC2. The curre nt models of this SALT va lue devi ce are RSA SecurID 900, RSA SecurID 700, RSA SecurID 800 , RSA Secur I D 200, and RS A SecurID 520. These are some of the device that are being widely used in today’s enterprise w he re the security is give the most im portant priority when compare d to other paramete rs of an organizat ion policies . 4.1.1.2 Reliabi l ity on Bio metric Techn i que s Biomet ric is highly reliable w he n it co m es to inf ormation security . H ow it is going to be a feasible appr oach wh en it co mes to authent icat ion at enter prise level? What are the thin gs that needs to be custo mize d in server OS especi ally Windo ws, Solaris ? As custo m izing the server should be after getting the necess ary ap prova l fro m the OS d eveloper and the li cense provi d er that is Microsoft/Su n whichever is going to be custo mized according to these authent icati on require m ents . When the necessary appr ovals are processe d and this customize d OS ne eds to be approved by sec urity norms design in g bodies like ISO that this appr o ach of server authent icati on can be pra ctise. Once this is acce pted the n the metho dology can be widel y used in the enterpr ise level. So we are g oing t o see the areas of justifying this meth odology that is going to tell “HO W RELI A BLE IS THI S METHOD OLO GY?” 1. When this a p proac h is implem ented t he po ssi bility for t he hacke r to steal infor mation beco mes le ss as both the Biomet ric value and the S ALT Value is going to be uniq u e. O nce these t w o nu mbers are g oing to joined as 0’1 and 1’ s using any calculat ion like X orY , Xand Y, Xno rY etc.. . Then the number formatting is changed and then when encry pted using an encryption algorit h m the output will be co m plet ely an d doesn ’t gives ev en a cl ue on what number or image is used. Even if the number is able to decrypted getti ng the same biometr ic image is hardly possible 2.The risk that is involve d in m aintaining the se bio m etric image are hig h but there is a modification that is done for avoiding this risk and in a secured appr oach which will discussed in depth in the topic that is going to g ive a comple te explanat ion of this biometric techniq ue 3. The reliabilit y on this bio metric appr oach of authenti cating server acce ss can be high as t he Biometric technique that is ch osen is based on the maxi m um co mbinati on not with the least combinat i on where it can be of a risk and the manage ment won’t ag ree for that appro ach . All th at manage ment req uires from its point o f view is an applic atio n that can be feasible and at the same ti me keep the informati on’s of the organiz ation and t he client safe and secured . This method ology will be highl y as it is going to be an int egration of kno w appr oach but enc rypted and combin ed in a different appro ach whic h has the capabili ty of getting com patible at server level m o re easil y w ith high reliabilit y 4. The f inge r prin t that has been k now for m any centuries as a source of authent icat ion but it w as ink based that is press ed o n a paper by an individ ual when there is an ele c tion t o av oid misusing the policies of m aki ng an other vote by the same candid ate. So this g ave a u niq u e approach whic h was slo wly being used for the authent icati on purpose in the country ’s visa card to authenti c ate a resident e xpatriat e. So the finger print has be en widely used i n vari ous applic ation and sectors. Th at’s has been reli able and feasible in authent icat ing a user 5. T he finger print methodol ogy has requires si mple enhance m ent over the existin g keyboard. The keyboard needs to be interface with the finger print read er which should have a d river that shou ld be get ting installe d auto m ati cally whe n it is interfa ced with the port on the serv er. That should have an applicat i on that should h ave a transfer the image to the app li cation that should to in turn go throu gh the entire process o f authent icati on which will be explai ned in the secti on where we are going to discuss on the complete proces s involved in this authentic ation 6. The finge r print is a techniq u e that can be used in this scen ario. Let us analy ze on othe r techniq ues also and bring a complet e analysis work on that area o f w ork. This w ill be a valid justi ficati on on the e xact priority of t he biometric techniq ues 7. The bi ometric te chniques are more reliable when compared to thi rd- party soft ware requ esting t o re membe r an image as a s ourc e of auth enticati on f or the users over the N et Banking. This needs to be a p art of risk when the m anage ment point of view especial ly when this ki nd of method ology is ap p lied at Net B anking concept s 8. Now the bank ATM ca rd syste m s are slowly bringi ng up this tech nol ogy ap art fro m the PI N syste m as it will make the p r ocess of authent i catio n mu ch easier and with high securit y . 4.1.1.3 Usabili t y of the Bio m e tric techn iques When it co m es to the usability of the bio m etric devices , it has been si mple as the install ation is done by the inf ras truct u re team along w ith the m ain tenanc e. The biometri c has been reall y user friendl y in terms of registeri ng their image like finger, eye, palm etc.. . But when you to login using it the re has been a fault tolerant that someti me if the brightne ss of the eye was not equivale nt to the brightness that was there during registeri ng it might not accept and this sometime makes the user to use the passw ord to login in to th e compute r. But whe n it is going to be designed at a server level it should not be the conside red as a negativ e para m eter. Here the biometric that is going to be sh ould be highly advan ce d in authenticatin g the user in a much quicker way. It should try to filter the brightne ss and auto adjust itself so that it shoul d only take the exact picture of the auth orize d and not the brig htness behind the picture . Apart from the finger print other bio metric techniq ues needs filteri ng. This will increase the op ti ons of using the f inger print in the biometric techniq ues. Trans act ion authorizat i on: A subject can execute a transa ction only if the transaction is auth orized for the subject's active role. With rules 1 and 2, this rule ensures th at users can execute o nly transactions for w hich they are authori zed. H ere th e sen sor is t he d evice that is going to id entify a au thorize d user’s bi ometric image. Whe n a user comes bef ore it or swipes thro ugh the de vice it w ill take the image then it will it will go t o pre process , the im age is will be convert ed t o the required for mat as designe d in the par ameters o f the f eatures followed by generat e the t emplat e (Ge nerate biometri c templat e cust omized based on featu re para m eter ). In the pre-proce ssing , it has t o rem ove artifacts from the se nsor, to e nhan ce the input ( e.g. rem o vin g backgr ound noise) , to use some kind of nor m alizati on , etc. The n it will be stored in the data base of the Bio metri c device . Then again w hen the s wipes, it will go through the process of custo mizing then goes to m at cher and then che ck it matches with the one st ored in the Bi ome tric database . H ere w hat type of conversi o n is being used? The algorith m that is used is Matching algor ithm. The m atchin g progra m will analyze the tem plate w ith the input. This will then be output for any s pecified use or purpo se (e.g . entran ce in a res tricted are a). So the probabi lity of this alg orith m securi ng the biometric image whe n compared to the biometri c image into 0’ s and 1’s will be discuss ed in the lat er topics. As the image when conv erted t o 0’s and 1’s eit her by binar y, octal, hexade ci mal. It is then applied to digital conv ersi on like 4B/5B , 6B/8B for mat then conv erted to the number makes a rearrange ment of bits and it w ill be of high security when applied at Enterprise level. This makes the c om plete process of the Biometric authenti cation p rocess. This diagr a m will be co mmon for all the b iomet ric but the en crypti on algorith m and ap proach of Biomet ric authe nticati on varies a bit . In s ome device it will take only a biome tric image for authent icati on like laptop , reside nt card authenti cation . B ut when you take for entran ce security it has bio metric i mage with a key to authentic ate a user for his attendan ce. But how effectively they are used is compar ativ ely less as the users finds it tedious with the w ork pressur e they have and this proces s is mostly ignored in many places. Nor mally they have password authe ntication for access the organiz ation or card syst em whi ch is s wiped and mark the attendance . But ho w far the card syste m has been effe cti ve is very less when c omp ared to Biomet ric aut henticat ion . Even in major bank it has not been imple mented. The Biometri c is not im ple ment ed at entrance, locker section and the server room where all the confidenti al data’s are store d. Fig 2 The basi c blo ck diagra m of a biometri c system 4.1.1.4 Feas ibility of the bio m e tric authe ntication The application desig ned for the biometri c authenticati o n has been highly f e asible as it is just to store and au thent icat e the authorized user when he accesses a security locatio n. The authent icati on sh ould hav e a pr o pe r a backu p and res tore system as to a source of redundan cy if the device gets damaged or the image templa te gets corrupted . A s there will be fault tolerance in any software as it doesn’t have a speci fic reason for it to get c orrupte d . So that is the only that need t o be really careful. A s the au thentication devi c es are highly feasible bu the da mage of the device d epends on the life facto r that is quote d for th at device . So the backup of the authenti cation templ ate has to be taken on a regular basis along with the report logs of authenticati on which for m s a part of securi ty auditing. When the auditing is done for giving an organizat i on with the ISO certifi catio n authenticat ion proces s is a part of it. So this b iometric authe ntication should be proper and it should be a pproved app roach so that the organiz ation can be secured in keepin g thei r data’s and client info r mation with high sec urity. The feasibility depen d on many factors lik e change managem ent, updation of firmware , risk manage ment. The feasibili ty as we all know is classified as econ omical feasibili ty, t e chnic al feasibili ty and operat ional f easib ility. When all these cond itions are satisfied then only the using a parti cular biometric tech nique w il l be appr o ved in a enterprise or ganiz ation . When the biometri c is used at enterprise it should be reliabl e, quick on authenti cation and pri ce for the installat ion sh ould be reliable. But when it comes to server authe ntication all matters is Inf ormatio n security which is of high priority than all those feasibil ity of bi ometric authe ntication. Ti me is not majo r constraint when com p ared to Security . The sec urity level is consid e red and the anal ysis o f th at wh ich w ill seen i n the coming topics. The Informati on security have been th e major const raint and for which security at the networ k and server level is increa sed periodically t o ensure th at the data when it is trans mitted over the network are not been eas ily decrypted by the hackers . It is a real challe nge for the people at the securit y d omain an d aud it ing vertical of securit y. As the hackers are working ver y hard to tra ck and try t o create a lot of proble ms. But h ow this biometric is g oing to help in this process is going to being dis cussed and also later works on integrat ing biometri c with confide ntial data’s during trans mission o f data o ver the net work. This will ensure that the data ’s are safe in both Inter ad Intra networ k locations . This type of strateg ic appr oach is m uch needed for this se curit y level. With out hav ing a prope r appr oach toward s the parameters which are menti oned selection of a bio met ric migh go wrong. So follow desi gning by means of the abov e para meters . 5. Propose d Biometr ic tec h niques This is the proposed biometri c process f low for authent icati on at sever level mainly we call as “Enter p rise level suppo rt” where huge data’s of cust omers , client, co m panies c onfiden tia l data’s are stored . At this lev el generat ion of report log is mandatory which is going to be generate d at the E O D. Al ong w ith the authent i cation at the netw ork level s hould be monitored an d should be gene rated that is going to form the consolidated re port f or the day. The se complete cons olidati o n of data’s at the end of the year is going to pre sented for the auditing based upon which the security policy of the company can be seen, M any proposed m odel of se c urity are availa ble which is custo m ize d as per the co mpanies and used fo r the generat i on o f the security audit reports . Here at registration process the Biomet ric sens or is going to be getting the bio metric image from the auth orized user and then going to ask for the SALT value . Both of them are conv erted to the respective binary format , t hen g oing to per f orm the L ogic gat e operati on which will re arra nge the arrange ment of bits . Fig 3 Bi ometric authent i cation with S ALT V alue for serv er lev el authenti cation Then at the Thr ee Tier encry ption alg orithm the en crypti o n is going to happe n which is then stored as the gene rated te mp lat e of the biometric image . O nce the template is gener ated when the use r logs in based on the biometri c ima ge and the SALT val ue the calculati on automatic ally map w ith the generated value . Which will th en going to authentic ate the user? Here comes the question how the saved te mplate is going to authenti cate when the saved SALT value keeps changing. T he applicati on is als o simulta neo usly wit hin the server as the same SALT val ue w hich is there with the authorize d. So the en crypti o n table will have generated template value updated accord ingly and it will easily auth enticat e the user. Then where is the security. Here the ent ire u niq u eness of accessin g i s the biometri c image which c ann ot be easily generated . Apart fr om this S ALT value will be in an encrypt ed format s o trac ing out the p o ssible v alue will take m any years f or the h acker t o break through . But they will never be able to m anipulat e any biometric image of an authorized user. That is the mo st important part of this methodolog y. Here the main int ention w a s to prevent the un w anted a ccess of serve rs by unauth orized users for checki ng the inform ation ’s on th e serv er with out clear in fo r mation . At t he same the auth o rized use r is not have to write the pass word and kee p anywhere as it is his biometr ic ima ge and SALT value that is rand omly gene rated . The authorized will have t o be care f ul with th e SALT generatin g device . The administrat or should be set with a lo t of policies that for the securit y of the c onfiden tial data ’ s. In the abo ve you can see that the report log that need s to be generate d it is somethi ng similar to the Syste m log file whic h comes on the authorize d who has accesse d that partic ular server . The report log is generat e d for all the servers that are on the network of that o rg aniz ation . This repo rt needs to be consolidate d t o get the final EOD report . It will give a clear pictu re of the user ac cess contr ol for the servers . If the re is any loss of data’ s it is easy to trace with the auth orize d user log repor t. As there will be unmatched / invalid user rep ort that would be generated for the unaut horized user . This will make the process of tracki ng the unaut horize d users simple. This is th e m ain advantage be hind this method ology . The IT infrastruct ure manager should be caref ul on the report log generation and should e nsure that the L OG repo rts are generated at the EOD is properl y consolidat ed for all the server and netw o rk infrastr ucture. This method olo g y is going to be an enhance m ent in the cu rrent OS and it is going to be integrat ed with t he ne c essa ry ap prov als fro m the O S dev elopers like Mi crosoft, Lin ux, Solaris etc . . Once thi s approv al is d one the n the custo m izati on of the OS can be done a nd the testi ng at the security level, f easibil ity level (mainly rest o ra l level), reliability are going to studied in depth bef ore executin g at the Enterpr ise level. Here in this cha pter this analysis is going to be s een in the co ming topic s. Why the for mat of 0’s and 1 ’s are being used and with a lot of rea rrange ment of bits. This is because w he n the hacker is having the ability for finding the n umber b ut the numbe r for mat of 0’s and 1’s are quite difficult as it will be quite unique . So the hackers will not be able to identify that the exact that is being carried o ut with 0’s and 1’s. Let us see some of the analys is w ith the rearrangeme nt of the bits and without it the securit y level will be co mparativ ely less . 6. Gener ating Three Tier E n crypt i on A lgorithm The steps of using this encryptio n m ethod ology are as f ollo ws step 1. I n the first ste p the RSA alg orithm w ill be carrie d with t he f ollo w ing modific ations a . Cons ider t wo prime numbers as 11 and 13 b. N = P *Q i.e. 143 c. M = (P-1) ( Q-1 ) i.e. 120 d. D is the decrypt ion key Exa m ple 3 whic h is a prime n umber e . E = D inve rse ( m od n) i.e. 47 f. Let the passw ord be “Hello “take the ASCII val ue of the pass word covert it as 72697 6767 9 g. Conc atenate this ASCII val u e with a SALT value ( Rand omly gener ated num ber) say 34 i.e. 2 47172101 086 h. Finally multiply this w ith the Encry pti on val ue to get final encrypted word 98868840434 40 There are certai n constr ain which are modified an d the require ment in RS A Algorith m are as follows a. The mini m um requi reme nt for P and Q values in RSA is 2048 bits which gives the utmost security to the file that is being trans ferred b. Modification is inclusi on of ASCII value convers ion and SALT Value. Here SALT is being lef t user defined c. The P and Q values are also u ser define d that is also a mod ification d. At this you can use any encry ption algorith m s whic h are being update d . Step 2.The ab ove arrived result thro ugh RS A – 988688404 3440 will be c onverte d into 0’ s an d 1 ’s using n umber conv ersi o n. T he ab ove encrypted dat a (988688 4043440) will be conv erted as 100101 101101110 01010010 0101. This is for bin ary in the sa m e way it can be d one f o r octal /hexadeci mal St ep 3.This numbe r conversi o n will be modified using Digital Enc oding (Eit her Line or B lock Encodi ng). Advantage : - Re arran ges the bits of data i.e. 0’s and 1’s. The n use any of the line encodin g sche mes like NRZ, NRZ-I, RZ , biphase (Manche ster , and diffe rential Mancheste r), AMI and pseud o ternary, 2B /IQ, 8B/ 6T, and 4d – P AMS and ML TS that will convert the num ber which are being as binary in the above as follows Let us cons ider 4B/5B Block Encodin g for the replace ment of bits that were gene rated using the bina ry convers ion. The output that would be generated by using the reverse conv ersion proc ess with be different from the generate d using the RS A algor ithm . The output th at is gener ated us mentioned belo w. 100110111 01101111 010101100101 01011010 011101111111 01001 10111 0110 11110101 01100101 01 001101110 11011110 101011001010 10110100 111011111110 10011 01110 1101 11101010 11001010 10 110100111 01111111 0 Fig 4 4B /5B Subst itution Block Encodin g Step 4. In this step the conversions of data into 4B/5B will be converte d back into n umbers using n umber co nve rsions. T his is reverse process of Step 2 Conversi o n back to binary w ill be give different encry pted word because of the usage of 4B/5B line enco ding . The soluti on will be 10205099 . Here also t he conv ersi on can be any one of the following binary/ octal /he xadeci mal. Ste p 5.In this step the above obtained number in step 4 10205099 will be considered as the X Value. This w ill be substitute d in the Mathematic al Series. Here in the example the sine series is being used. For mulae: - sin( x) = X- X^3/3 ! + X^5/5! - .........He re X is the encrypted val u e 10205099 . The ser ies is used de fined say N=3 then the series will be till X ^7/7 ! Then the f inal result w ill be 10205099 - 17713338 26010.8333 33+ 246018586 94594527 4. 37 = 176887364 0141244 4717 6.45856 481478. Use the round off function to get the final encry pted word as 17 6887 3640 1412444 7176. 6.1. Advan tage o f using digi t al enco di ng , nu m ber conve rs ion and m a themat i cal series The main advant age of Ste p 2, 3, 4 is in Ste p 2 the encry pted data obtained by RS A is converted into 0’ s and 1’s. Then by using Digita l Encoding the rearrange men t of Bit ’ s are done. Finally in Step 4 the reverse process of number conve r sion. What it does? The hacker will never get a c lue o f this process that is being carried u n less he gets an idea about this algorith m. Then Ste p 5 als o a vital role as here the number X i.e. the val ue obtained f r om Step 4 has to be determined by the hacker , for which he should what is used, if found what mathe mati cal series u sed which will takes ages to re fine. But for an organisat ion t o encrypt an d decrypt will be a simple as the process inv olved in each data encryption will be stored in their database. So this twist in the algorithm will be playing the most i mportant in p revent in g the ha cking of data’s. How this m eth o dology gives utmost security to the file at the same time increa ses the complexity in identify ing the content by the intrude r. These are being des cribe d below If the Intruder gets this encrypte d word the following things are to be deter mined. Deter mining those values is a long process and finding those will take many ye ars in order to arriv e at the conclusi o n 1. The value of N i.e. the length of the series has to be deter mined 2. After findi ng N values the value of X has to be determined that has been substituted in the series 3. In the line encoding proces s the split up of the bits has to be deter m ined li ke 4 bits, 8 bits and so on 4. Afte r deter m ining this , the type of enc o ding has t o be deter mined and the substituti on used as in the B8SZ where 8 bit value is subst ituted in p lace of continu ous 8 zero’s 5. Ba sed upon which the entire two stages can be revealed from this the first stage can be proce e ded that is RS A instead of that AES, S HA, MD5 an y encry ption algorit h m can be use d 6. The s peciality of R SA is in determini ng the pri me n umbers P and Q which itse lf will tak e many year s to det er mine. The end user can be a data center, search engine etc which will get utmost security because of the usage of Line Encodi ng and Mathe matic al series. The line coding will convert the origina l encry pted w ord int o du plicate encry pted word by using the f ollo w ing ) i) binary/ octal /he xadeci mal the encrypted w ord is conv erte d as 0’s and 1’s ii) th en line encodin gs is u sed . This will act as a p rot ection . This will be even more protectiv e by usin g the mat hemat ical series . On the wh ole the method ology will be a se cure p ath for the trans f er of data’s . Ti me for generati ng the Encry pted file using this method will be comparativ ely less in the high end PC ’ s with dual core pro cessor and above with 2GB RA M with process or speed of 2 .2 G Hz. The RSA encryptio n of about 204 8 bits will take time other steps will take fraction of se conds for gene rating the de sired output . Fig 5 Diag rammatic repre sentat ion of enti re encrypti on proce ss This w ill give the complete idea on this encry p tion alg orit hm flow. Here the important step is in the replace ment of bits as that i s ma king the comp lete c h ange in f inal enc rypted res ult. 6.4 Advantage of this encry pti on metho dology There are various advant ages of this encrypti o n methodolo g y which are as foll ows 1. In the file tran sfer pre ferably in the low privilege serve rs whic h are an enda ngered place of hackers 2. In the WAN where the data transfer is not that secured, in o rd er to give a firm security this method olo gy can be adopte d 3. This m ethod o lo gy w ill be of high value in the defence sector w here security is given high prefere nce . Using this meth odology the hacke r will not be able to tra ce the ideas unless or u ntil he is w ell versed in the m athe matical and electrical te chnique of disclosing the data 4. Thi s will also play a vital role in other sectors like Bank, IT, Aero Space and many more where the data t ransfer is given more security. These are so me of the advanta ge of this encryption in sec ured file trans fer over the low privileged and it will be to sec ure the serv er at the sa me lev el of securit y. 7. Propose d serv er authe nticat ions (Com plete A nalysis) This is the prop osed aut henticat i on mo d el which is going to be integrated w ith the current server level authentic ation proced ure. This manipul ation wil l be d one with a lot of soft ware testi ng as to avoid to any f law in the live op eratio n. Here the fault tolerance sho uld be replace d by a red undan cy proced ure which is als o discusse d in this topic . The bi ometric integrat ion with SALT value is e x plained belo w Step 1.E . g. Bi ometric Ima ge -> Binar y/Oct /he xadec imal ------- ----- ---  010 00111110 00001111 01110000 011000010000 001111 000 – (1) Step 2.S ALT V alue (Ran d omly generate d v alue used as user p ass word -> Binary/ O ct/he x ade cimal Each user passw ord w ill be joine d w ith a S ALT Value an d then converted to respe ctive format . SALT Value is ge nerate d once and given to the user. U ser needs t o reme mber his password and SAL T val ue whi ch he will get the RS A sec ure ID device . cristo pher21 01 + (c o ncat enating ) 2341 -> (010001 11000100 001 100) (0010 10101011 1) – (2) Step 3. Convert ed value of Biometri c im age an d result of S ALT value + use r pass w ord 010001111 10000011 1101110000 ( OR ) 010 00111000 100 = 011 101 01010 10111110 010101 – ( 3) Step 4. Th en apply this out put to the encrypti on p roce ss (Three Tier Encry ption Algorith m ) which will d o the replacem ent the replaceme nt of the bits and then the output will be a number of the for mat as shown belo w . 011101010 10101111 10010101 - > 3242 323131414113 -> 2345 67778888 99989799 7123232354 – (4 ) Note: - The above value is just a n exa m ple val ue not the tr ue v alue. The conversion is done as per the above exa mple. The conv ersion fo rmat can be varie d as per the requirement b ut t he steps inv olved in the conv er sion will be as per the a bove menti oned example . Once this is convert ed in the above mentioned for mat , the hacke r will just see it as a number but to decry pt this value will take many years and then to generat e the im age will not help the hacker in any ways to penetrate into the server thereby stealing the data’s. This replace ment of bits is d one along with image conve rsion and con c atenat ion of SALT v alue + password is only to bring about conf usion for the hacker in tra cing the origina l value. The value obtained after conv ersi on will no w ay provid e a trace o n what is used in the conver sion process. To make an analys is on this is a dif ficult task as the followin g things needs to be analyzed . In the authent icati on p rocess even decr ypting the encrypti o n alg orithm will be o f a big chal lenge even though t he steps use d see ms si milar but input that are un iq ue and especially biometric imag e is un ique as wel l as S ALT value changes for every serv er login and it is simultane ously mat chi ng with the template with the mapping output generated simultane ousl y. So p en etrat ing and making a change is highly impossi ble. But that is h ow the authentic ation should work at the enterprise level and there should be a prope r server authe ntication proced ure 1. No of bit used in convers ion 2. The value joined in the process concaten ation (Passw ord + SAL T Value) 3. The value of image (which w il l generate only with the authorized user) Event h ough hacke r derives the step 2, for step 3 he needs the a uthor ized user to access , which is no way possible . That is where biometric provide s an effe ctive securit y featu re with encryption . This m eth o d ology o f Encrypti o n has been designed in su ch a way that the au thent ication pr o cess is sec ured as the time to authentic ate is also less. I n the step 4 the output that is shown is how the value appears after the rearrange ment of bits and after applying the Mathematical series . So the comple xity of the output will be very high and also make a trace o f exa c t authentic ation flow w ill be quite difficult. That is going to be final te mplate and end of day reports are going to be generat ed based u pon this authe nticati on f lo w . When the encrypti on is d one all that matters it the time to take the input, generate the outpu t and authenticate. So how this going to be calculate d w ill be sho w with a breakage w ith time durat ion in each stage of authent icati on proce ss. We will see the comp lete analysis for other authent i cation technique s and also se e which i s going t o be ef f ective in auth entic ation, pro bability of generation , e asy to generate a bio metric i mage with being less affected with the environ m ental effect like Sound , b rightness etc. .. Then we are also going t o see how the biometric is going to be used in m essage authent icati on too. That is going tell the p ositives of Bio metric usage in authe nticati on procedure at the server level. Let us kno w the exa ct manipul ation that I have p ropo sed for the redundan cy in server level authentication w hen we use Bio metric authentic ation. When the auth orized has got hurt but has to m ake change in the biometric image to auth enticate the server to Login when needed . H ow can w e do that? Is that any pro cedure that can be d one with high lev el of sec urity and with out breaking up the security no rms of the organizatio n and the client? This will be done with a proper approva l f rom the manage m ent tea m of both the organization and the client . How is it going to be done is going to be seen in the ne xt section of this topic. H ere there are go in g to be two options that will be there in this applicati on Updat e and reset but that can be seen only in the “eme rgency acce ss mode”. Here th e acces s for t he app l icati on w ill be very minimal as this mode is dedicate d for the only the update or reset the bio metric image by authori zed w ith a specifi c passw ord that is agai n generate d using the RS ASecure Id d evice. This process is going to allo w the authori zed to go and change the biometric image in emerge ncy or a periodic upd ati on in the biometric image to make sure that the combinat ion provided should periodica lly bee n change d and also make the authenti cation proces s go without any f la w. This is also used when the authorized is hurt. T his can be done with a proper appr oval from the manager s of IT, chang e manage ment. I T security managers , risk managers etc...Let us now see o n that pro cess in depth and the p r ocedure that needs to be followe d bef o re m aking those change s in the live server s. 7.1 Authent icatio n at S erver Leve l Let us see how the red undancy in biometri c image can be generat ed in emergency lev el that is when the ad minist rator has met with an accident or due to so m e unavoida ble circumsta nces. It is pretty much simple proced ure but this is also high ly secured method ology o f acc essi ng the serve r. 1. When we press F8, the OS opens in Safe Mode 2. In this another option ne eds to be include d for server OS alone is “Emergenc y Access Mode. ” 3. When w e access this, there will an option to in sert biomet ri c i mage , genera t e new SALT Value and press update + reset button . Only that window alone opens . This will n ot allow access to any othe r reso u rce on the server . Let us see the adv a ntage of this meth od ology. In this portion of the OS this option needs to be bro ught ab out and then the sam e needs be linked with the applic ation too which needs to g o throug h s ome of the process of appr ovals in risk manage ment , cha nge ma nagement. Norm ally bringin g that change is not an iss ue but this option is linking with the acc e ss control , ap plicat ion access control and its database where thi s bio m etric images get st ored . The complete analysi s procedu re will be seen in the coming topics . How this procedure is going to be i mplemen ted is what is going to be seen and the time that is ro ughly req uired for the r esting o f this modifi c atio n. So there is going t o two mo di fication (1) inclusio n o f Emerge ncy access M ode (2) Integrat ion of Bi ometric with user passw o rd at Serv er login authentic ation. How this option is integrat ed with the applicati on that is installed inside which will be authenti cat ing the user in place o f server authent icati on which includes only password. So t hat is where it is going to be a real challenge for the develo pers who are going to make this cha nge with testing , appr ovals etc. Let us see how this entire proces s flow fo r this modi fication is goin g to be made. Here there will be a doubt that w hy the reset o f the new bio m etric image can’t be like change of new password at t he login page as the biomet ric i m age c an be cha nged period ically the followin g the main securit y reasons behind not kee ping that op ti o n there are as f ollo ws ( 1) It will become an option th at would no t be known to the unauth orized user to misuse it in the absence of the author ized user. This option which is integrat ed in the saf e mode should not to known to anyon e else other the authorize d users of tha t server and the m anage ment executives . The integrati on is comple x as the updati on should happen proper ly when the biometric i mage s are chan ged it sh ould gene rated the final te mplate and then whe n the user login back ag ain it should be able to properly a uthent icat e the us er without a ny is sues . Those ar e some of the places where the testing needs to be done and then deploy this OS in the live environ m ent. Let us how the manageme nt going to take a decision on this change. The manage ment w hi ch will be the main body fo r the approv al of such impo rtant option s like this which is go ing to be a part of the re dundan cy in the liv e operation . When a biometric im age is going to changed or going to add a new biometric im age. Here we can see how the manage ment view a mo di ficati on when it is brought about in an OS. H ere we are seeing th e paramet ers like % of va lidity, % of red undancy , % of p robabilit y , % of feasibili ty that are nor mally used to auth o rize a modific ation . Fig 6 C urrent Safe mode options When a change is brought about the modification s needs to be discusse d w ith the above menti oned and justifies the reason why this change is brou ght about. How this chang e is going to help in the authenti cation level. Here it is all abo ut the redu ndancy step foll owed in authent icate . The entire proce ss f l ow shoul d be ex plained and also tell the m if a new biometric is insert ed b y an auth o rize d how the updat i on hap pens a nd ho w that change s and the new authenti cation result s c a n be seen in the report log. What are the key data’s that needs to be seen a report , all these things needs to be ex plai ned to the management as they are the people who are also res ponsible if there is any loss of data by chance . How to trace an intruder’ s access from the log an d also how t o tra ck his network path is what are the queries th at a manage m ent will have. T he just ificat ion should be from the develo pment team , infrastr ucture tea m and IT security as those are bodies who are designi ng this applicati on. What are the justificatio ns f or this modificat ion? In this “Emergency Access Mode” the passw ord is ge nerated by a RS ASecure ID w hich keeps changing the code ever y 60 second s along with the pass word f or the emerge ncy access which will allow the authori zed user t o access the applicati on with his server logon passw ord and RSASec u re ID code. Then the m odific ation of the biometric im age is done and save d in the en crypt ion table. How this p rocess is go i ng to be secure appr o ach for the modific ation. Here two things are u niq u e (1) Code generat ed by RS A Secure ID device ( 2) The user biometri c image can’t be caught and misused. Here whe n the bio m etric i mage is changed in the e merge ncy situation or when ther e is a nee d to add a ne w profi le ho w it is being done . When it is adding a new profile even the RSASec ure ID device nee ds to be registered with this as the new user should be able to acc e ss the server without any issues. That is the reason once changed it needs to logged in and ch ecked if that works without an y issue s. This needs t o be carried out in the testing phase and not in the “live environment” as this will be a very costly issue if there is some unavoidabl e circ umstances where the authorized is n ot able to produce his bio metric authe nticatio n. Have 3-4 authent icat ion tec hniques for a server authent icati on is al ways not advisable as it is like giving an o ption t o the hacker to kno w the process that we are tryi ng to manipul ate. It should be a unique approach and there should be no trace of this m odificat ion to anyone even wit hin the or ganization. In t oday ’s world the approa c hes are being le aked out in Media and the ha ckers are consolid ating thos e technique s to hack some valuable infor mation’ s from many data c enters. How to avoid this is by maint aini ng priv acy within the organizat ion on cert ain infor mati on’s th at are related to the confidential data ’s, security tech niques and policies behind it. Once if these things are known to any of the user w ithin the organizat ion they c an try to m isuse it using any third party tool. I f the u ser is not given access to a inf ormatio n’s. He will try to threaten the System admin and can try to m anipulat e the things within the organization. To avoid all these things the se curity policy and methodol ogy sh ould not shared to e m ployee even though he is friend o r relative of the Syste m admi n. That is the reason why the agre e ment needs to be signed by the syste m admin and org anizati on as a agree ment norma lly called as OLA in manage ment term. This will allo w the system admi n to take a risk on this as it will in turn going to q uestio n him and n ot the m anage ment by the Client. So thi s w ill bring about a strict po li cy in the security appr oache s. This is how the process is secured even in the modificati on or adding of profile in Biometric authen ti cat io n. Some of the advant ages of this approach can be seen bef o re seein g the complete adv ant age of Biomet ric authe nticati on over current authenti c ation method ology whi ch are as foll ows (1) the NT authent icati on will be highly secured protecti ng the data’s on the server ( 2) The possibility of breaki ng up the password will be highly i mpossible , as the encrypti on al gorith m is changed on reg ular interv als along with biomet ric ima ge on a quarterl y basis (that is im age of an other finger of the user ) . The p ossibilit ies/ probabil ity of c hangin g the encrypted value is high w ith biometric and encry ption (3) the appro ac h for encrypti o n is simple and decryptio n process for ha cker is highly impossible . This meth odolog y has lot of other advan tages which will be seen af ter on how to f rame this meth odology on the basis of ITIL framewo rk. Then we see on the analysis o f each biometri c techniq ue on the basis of the parameter s like error rate in authent icati on, error rate in initial re gistration, er ror rate in accept ing ne w user , error rate in other factors like L ight, sound etc . Finally in this ch apt er we are going to see s ome inform ation on the secu rity policies that needs t o adopt ed by the organi zed for this method ology as it involves a lot of confide ntial inf ormation’ s before getting an authent icati on to a server and this meth odology is specifica lly designed f or the Enterprise level date centers . Fin ally but not the le ast we will see the fu ture modificati on and other technique s going to brou ght about using the similar kind of m etho dol ogies . These are so me of the things that are going to be discussed in the coming topics. A s we have in the Fig 23 there is “NO” condition which tells there requires some modificat ion so what c an be the possible reaso n behind it will be (1) % of redundan cy ( 2) % of error in wrong aut henticat ion accepta nce ( 3 ) % of er ror is not accepting a authorized biometric image (4) % of flaw in applicati on (5) % of time taken in authentic ating at critical situations (6) %of feasibility in using that applicati on are o f the some of the common facto rs that comes in the minds of a manage ments. As a manage m ent emplo yee he won’t see on how this applic ation is going to function but o n how it going to kee p the infor m ation secu re as well as how it helps a n organizat ion to drive a business easily with it secured appro ach in m aint aining the data ’s of it clients. They see that wheneve r a o rganiz ation needs to be retrieved from a specific server the authorized user should be able to get it without any issues in getting the authentication from the server. If the server is not acce pting it then going to the Emerg ency access mode is quite a risky appr oach as it is the live server which he is turni ng down for a min ute which is going to h ave a negat ive impact on a organ izati o n. T he app roa ch over here should be different and this is what g oing to come under the account of % of authenti cation accepta nce . % of ac ceptan c e = No of acce p tance – No of reje cti on/ total n o of lo gins – (1) % of E A M us age = T otal no of valid access – total no of inv ali d access/ Tota l of access in EAM – (2) % of red undancy = total n umber o f possible biometric i mage generat ed/T otal possibilit y by that bio metri c techn ique * 100 - (3) These are s ome of the paramete rs whi ch are no rmally c alcula ted at the end of the day report which will show the complet e statist ics of the biometri c aut henticat ion result s at the end of the day. N ow this in format ion ’s are norm ally con solid ate d at the test ing phase of the applicati on itself. Let us now see how the testing of this integrat ion of the applicati o n is going t o be do ne. The testing ’s comm only done at ea ch module as well as complet e applicati on. Let us see how th is module level testing is done and then on complete applicati on. 7.2 Cha nge m anag emen t - Bio m etric authe ntica t ion Metho dology In the ch ange m an age ment of this bi ometric authenti cation m eth o d ology there are few possible t hat can be m ade either in bio metri c techniq ue or the encry ption fl ow in the applicati on whi ch will be carried out phase by phase after di scussing the test result with the change advisory board and other manage m ent team before de ploying it in the Liv e operati on. There can be an emerg ency that can be brought about if it required if the hackers if f ind s a possible ap proach to r each the con f idential i nfor m at ion. In that there is g oing to be a decision going t o be made by the em e rgency change adv isory board to de ploy the approa c h im mediately he re it involves a lot of risk and the d ownti me require ment if any. So all the information need s to be teste d initiall y itself and sho uld be submitted at the time o f need to the management to unde rstand about that appro ac h .So the change req uire s a proper docu m entat ion on the locati on of the applic ation whe re the modifications are made. Once this document ation is done along with the test results, then it provides c omplete test result w ith justificat ion for bringing abo ut the change when required for the appl ication. So let see how the process f l ow is designed for this method ology. This is the process by which the change is going to take place for this bio m etric au thent icat ion method ology. When it is accepted then the It tea m has analyze on the reason why thi s c hange was not accepted it is going to aff ect the live operati ons of other appli catio n or bri nging abo u t this change is not going to brin g any e f fect on the hacke r pe netrating the ne tw ork. Fig 7 Ch ange manageme nt p rocess flow (Bio metri c auth entic ation meth odology ) As far as the biometri c authentic ation is c once rned the entry int o the serv er is highly impossi ble by making these cha nges the security on the server infrastr u cture will be high so that the data’s that are store d on the server are highly secure d without any flaw that allo ws a third party p erso n to access and view any data’s that are stored on the server. Making periodi cal chang es w ith proper testin g o n Test se rver by gi ving samp le inputs will never lead to any issues i n the chang e of an applic ation on a live environ m ent. T hat is the effectiv e approa c h for the change manage m ent in co mmon. Once this changes a re made this needs to document is secured loc ation as the se th ings nee d not be shar ed to anyone o ther the user s of this m eth odology. Bringing out this m etho dol ogy in the live is not good as it will create an alarm to the hacker that the biometri c is g oing to be used for the authenti cation purpos e. This biomet ric authentic ation is g oing to hav e a change only to m ake sure that the proce ss flow i s updat ed p eri odically with a new one so that there is security that is m ai ntained on the data’s that are stored o n the server . Once the server securit y is properly updat ed then the output can be seen in the security at the enterprise level . Wh y the client is i nvolved in this change which is going t o be a minor ch ange . It is very important t o convey the change s that are be ing made on the server where t he y ar e sto ring their d ata’s o r hosting their websites . As this allow them to giv e their point o f view on this chang e. The n based upon the approvals fro m both of them will allow the I T team to go ahead with the modificati on or else suggest them an other a pproac h or reaso n for not m ak ing the chan ge. Based u pon which the I T team c an provi de their justific ation w hy this change is made and what is the benefit of it behind it. Then accordingly the chang es can be made on the authenticati o n method ology . 7.3 Risk Managemen t - Bio m etric authen ti ca tion Method o logy The risk t hat is inv olved in t his method o l ogy is very le ss and that is only the report generation when the change or modificat i on that is done on the proc es s flow . Even this can be avoided when it is tested during the testing phase using the sample inputs . So the risk involve d in the biometric image is also an i m portant one that needs to be taken int o conside ration but that can be justified as a server is acces sible by the enti re authorize d administ rator a s it is not that a user when registered on a serve r can access only that server alone . Let me provide you a screenshot on how it looks when a authorized user tries to access any other serve r in the need of e mergen cy. Here th ere is no risk invo lved as thi s option server na me is asked w hen the bio metric ima ge is ge nerated on o the r server. Let m e provide this with an exa m ple If the u se r X has regist ered his authent icat ion on the server CNHDL A DS 01 now due to some emer gency in rest oring the e -mail he access C HNDLML 01 then it will ask f or this serv er name along with the bio metric image in order to che ck for the biometric image , the passw o rd and the RSASe c ure I D certificati on code which is alread y stored on o the r server then it will gene rate the encrypted value to authent icat e the user to access the mail server . This pr oces s doesn’t involve any risk if the testin g and the inte gr ation are done pr operly by the dev elopme nt team. Once thi s is don e the user can a ccess the se rver and restore the e-mails to the user. There are some of the ris ks that can be handled w ith o ut any issue s in this method ology. This is the main sp ec iality of t his method ology as it inv olves a risk free approa ch. Even t he small risk also can be handled wit hin no ti m e. So the manage ment will get a justifiable reaso n for this methodolog y. Thi s is how the risk manage ment is carried out for this met hodol ogy. When the j ustificat ion reas on for the risk is not agreed then it need s to be analy ze d and prod uc ed with a sample input val ue that is going to conv ey the manage m ent that why this r isk is there and h o w this can be overcome . Fig 8 Serve r a u thent icati on (Accessed by other auth orized ad m in ) When a ch ange is made the reports generate d on the ent ir e server and the cons olidated report generated on the reposit ory serv er all should get pro perly aligned with the change that is made in the process f low of the aut henticat i on. That can be tested in the testin g phase itself so there is only a risk about 0.00000 00001% in this ap proach. So then this it will tell how easy it is fo r execut ing and maintaining this appr oach of server level authent icat ion . The risk manage m ent is i mportant as without unde rsta nding the risk i nvolve d in a applicati on the red undan cy can ’t be de velo ped for an a pplicat i on which is g oing t o be integrat ed wit h a L ive serve r. 7.4 Red undancy Manage m en t - Biomet r ic au t hen ticat ion Meth odolo gy In the redundan cy m anage ment we are going to see how the biometric images from all the servers are stored on co mmon reposito ry. When there is any f ault in a server and it is being reinstalle d o r repl aced then the same bio metric image w ill be loaded back w ith the sa me user password . The only change will be the SALT value as it is being gener ated every 60 seconds R SASec ure I D device . How this is going to be carrie d o ut and the reason for which it is carried out is to avoid more do w nti me. Once the se rver is up and running , the authori zed user has to just start login into the server and also to make the process easy as in the live operati on thi s is what they expect from th e vendor orga nizati on whi ch is mainta ining their infor m ati on . Less downtime with high sec urity is what should be the goal of a data centers at enterprise level. The redu ndanc y of this app li catio n is o nly the above menti oned things as rest all is just deployed if ther e is any crash in the server or server is being replaced . So what is the situation reg arding the lo g repo rts , they are taken backup regularl y from all the servers on a daily basis and they are sen t to all the m anage m ent tea m. So the re w ill be no loss in any of the informatio n that is being generated by this authent icati on m eth od ology. So this is going to tell how redundant the applicati on at the time of e m ergen cy is. This will hel p an organizati on to keep itself secured with a much easier appr oach and m aintai n the sa me high level of securit y. This is ho w all the three paramete rs is going to keep the organizati on secured , and also provides a prope r a pproa ch mainta in the cha nges and h andle th e situation which are m enti o ned as r isk. In the method ology all paramete rs are simple and can be restore d easily. The impo rtant f act ors that ne ed to be se en in order to achiev e this pe rfecti on in t he imple mentati on o f this method ology are trainin g the sec urity p olicies that need to be set for this method ology. Let us so me inf ormatio n’ s on the m after the analys is of this m eth odology . 8. Adva ntage of t his Biometr ic Authentica tion Technique There are lot of advantages of this biometric techniq ue which are as f ollo w s 1. These kind s of biomet ric aut henticat ion techniq u e on the serve r side have not been imple m ented as the operati ng systems like Linux and Solaris are consid ere d to be highly security. Even the n the hackers are able to ha ck the data’s from the serve r by breaki ng up the passwo rd. H ere this biometric au thent i cation techniq ue will be effecti ve as gener ating the bio m etric image is not possible other the authorized IT admin istrator of that server 2. This biometri c authe ntication has been designed in such a w ay that it includes a highl y secured authent icat ion login technique w ith encrypt ion algorit h m which uses a diff e ren t approach for generat ing the final encry pted template using the rearrange ment of bits methodol o gy . This makes a very highly secured approach in accessing a server . This kind of authenticati on can’t be seen in recent serve r a uthenticati o n. The server authent icat ion ap plicat ion is desig ned in such a way that it is u sed in mu ltiple platfor m which just a small pack age of deploy ment to integrate this with the e xisting a uthenti cati on techniq ue 3. This aut hen tication techniq ue has a uniq ue feature in authentic ation when a user is auth orized on the server CH NMC A DS01 and he access the infor m ation on server CHN MCMXL01 then it will ask for the server name where he is registered as it will map w ith that server fo r the bio m etric image and passw o rd in order to ge nerate the f inal encrypt ion template to aut hentica te the I T adminis trator . This is the greatest advant age o f this approach as the IT admini strator need not have to create a new prof ile o n this server in the E merge ncy Access Mode in order to access this server or need not have t o call the respect ive a uthori zed ad minist rato r to ac cess this server . This is the main advan tage of this techniq u e which is not in of the curre nt server infrastruct ure 4. This kind of authent icati on techniq ue is unique in both the report gener ation and Emerg ency access mode as the re port is generated and sent auto m atical ly sent to the management with the informatio n of the una utho rized user access with hi s info rmati on of the IP address . This authent icati on techniq ue ac ts more similar to the net work monitori ng tool. The Emerge ncy access mode is designed with a lot of li mitation with just ope ning the applicat ion which can be used to reset the biometric image/ passw ord or can add a new user prof ile. N othi ng else can be seen or can be access ed with this Emerge ncy acc ess. There will be a separat e password wh ich will b e there with t he au th o rize d user of that se rver . T hese pass word should be used anywhe re as per the security p olicy of this application . These Emergen cy access mode p as swords are generated by the provider and provided to the auth orized user at the time of deliv ery of the a pplicatio n. T his is accesse d only whe n it is needed w ith the approvals from the manage ment and a fter the wo rking hours /non peak h ours 5. This method ology has it special en crypt ion te chnique which has the process of rearran ge ment of bits which will unique as the output is a number so the f inal encry pted template will be a number so the hacker even gets this numbe r he will be no t be able to get the p as sword , SALT value which keeps c h anging every login and the biometric image which is unique with all the users . So the authenti cation is based on bio metri c image and the user p ass word but the SALT value is to m ani pulate the final template periodical ly after every login. This will nev er give t o the ha cker on the p rocess flow of this encry ption algorit h m. 9. Future Enhancem ent of this B i ometric A uthentication T ec h nique The future enh ance ment of this method ology is the fi le transfer authentic ation using the biometric and the SALT value. Here these two conce p ts will be integrated with the file that is being trans m itted over the network . There will be authori zed user o nly they can decrypt all the confident ial files wit h their bio m etri c image s o the hacker will not be a ble to read any inform ation w itho ut this SALT vale and bio metric as the process flow will be so mething which is used for the server authe nticati on techniq ue. Here the File sent o ver the netwo rk will be encrypt ed using this appli cation w hich will be electricall y signed usi ng this Biomet ric image of the auth orized u ser w ith his passwo rd and SALT value and it will be decrypted by the aut h orized use r at t he othe r en d. This conce pt is not relate d to stenograp hy where the infor mati on’s are embedded in a com mon image s which was used for the 9/11 world trade center attack . Let us see the process flo w of this m ethod ology which will does not includ es the encrypti o n process as it i s yet to desi gned for this. A s you can see from the diagra m below how the authenticat i on for the file transfer has been done. The hackers can decrypt a ny for mat even if it 0’s a nd 1’s. There are to ols that can try to give the m the clue on those infor mation ’ s . Even af ter th at how this bio metric is going to play a vital role in this authent icati on p rocess o f file trans fer. Biometri c aut hentica tion is so mething uniq ue as it can’t by any other pers on other than the auth orized user. Wh en the biometri c auth enticati on is considere d f or this infor m atio n securit y it is som etimes con sidered not a feasible a pproac h as everyt hing file that is sent has to be en crypted and sent manually by an authorized user. But on th e other hand confident ial data’s w he n trans ferred with a proper securit y authent icati on tech nique then it is g oing to provide high lev el of security not only f or their data’s but preventin g the hackers from stealing the info r mation’s of an organizat ion. This is the auth enticatio n technique o n which I a m going t o wo rk o n with a new encrypti o n algorith m th at will m ake this encrypt ion process m uch feas ible and much suitable for the enterprise organi zations. The co mplete analysis is going to do with the security attacks that are going on current ly. Along w ith this I am going to wor k on wider scope of this techniq ue even in ATM transa ctions and n et banki ng where q uite a hig her level of security is required . The biometri c usage has been bought in Yah oo mail but don’t ho w far this tech nique is followe d by the user as her also the feasibil ity and the aware ness of this bio metri c usage has to be e xplained m ore over the users with laptop will have this bio metric option that too on higher config u ratio n m odels alone. Fig 9 Me ssage authe ntication using the B iometric an d SALT Value Users who have deskt op have to get bi ometric devi ce as separate co mponent Right now the biometric should be integrated with the existing keyboard so that both can be used for the authent icati on pur pose. Net banking have an image opti on w hich need s to be selecte d while using the net banking for the first time . Then it will be dis played for the user when he accesses the accou nt for the consec utiv e time. B ut it will no t consid ered as a pr oper authent icati on tec hnique as we hear a lot of hacker s who are stealing cust omer ’ s inform ation even though the web site is secured by a third party securit y provid er . That is where the biometri c integrat ion with the informati on is going to play a vital role as when the infor mation is encr ypted with the image then divid ing them is not an easy task when compare d to the informati o n ju st encrypte d w ith the encryption algorith m. That is where we can see the real usage of bio m etric in tegrati on with c onfiden tial infor m ati on. The biometric appr oach of authent i cating the user i s considere d to be the most pos itive sign regarding the bio metric technique s i n today world where require m ent of secu rity is high. When the biometric is used w ith any form of security section say authenticatin g a resid ent person, employee o f an organizat ion , author ized user of a serv er (In infr astruct ure su pport) it has been feasible, reliable and abov e all the security that it provide is very high as each biometric image that is generat ed is unique. B ut here comes the technique that can be used and it varies with the se ctor like Re tina and face rec ognit ion can be for em p loye e authent icati on, retina and f inge r print for laptop authent icat ion. Based upon the se criter ia’s, going to design the ne x t authent icati on techniq ue for messag ing syste m at enterprise organizat ion s. This applicat ion is going to maintain a high lev el of security for the messag es that are been shared between the c lients and the branch es of the organi zati on . This applicati on is going to maintain the logs in similar f as hion bu t the server utilized with a centralized with a back up server as a sour ce of redundancy . This appli cation is going to be operati ng syste m based which w ill be implement ed at the ent erprise and not at a consu mer level. 10. Conclus i on In th is c hapter we have seen how a biometri c integratio n is go ing to used in Serve r authent icati on at enterp rise level with the S ALT value and encrypti on algorit h ms. When the biometric techni q ue is used in a uthent icati on what are the par ameters that n eeds to be followe d and how it needs to taken into consider ation with the manage ment views are been discussed in this chapter . The n finally we hav e seen how to provide tr aining for this applicati on as training is considered as an imp ortant part of the IT transition . Based upon the assessment only the enhance m ent of this applicati o n also can be carried . But this will discussed in the initial stage itself bef o re providing this ap plicati on as w hen the security norms are signed and followed it should be fo llo wed like a holy book. As the IT admin should be si multane ously update d with the recen t security threat and what is the solution that is enhance d fro m the applic ation side . Then we hav e see n about the tes ting phas e of the applicati on during t he imple m entat ion of the appli catio n at ente rprise level and t he inform ation ’s that need to be checked while impleme ntation of this authentic ation technique . Then we have seen recom mended techniq ue in biometric , which are complete ly based on the above para m eter based on both manage men t and the biometric techni que paramete rs . Finally it is all ab out the IT security policy whi ch is set for the ap plicat ion based on the current polic y norms that are set by ISO stan dards, infor mati on policy as mentioned in CISSP, CISA and CISM. A ll these deal with the informa tion securit y p olicy . These are some of to pic we have discusse d with the some real time examples of bio metric authent icati on in other technol ogies. The n we have a topi c th at is “Need to know prin ciple” which is a wonder ful topic that tell about the lim itati ons that needs to be set in security policies. These are the in f orm ation ’s th at has been discus sed in thi s chapter . It is like providin g a c omplete o vervie w of this Bio metric integ ratio n with the SALT value at the enterprise level server authent ic ations . H ere it not only show the techniqu e but followed by analysis , view of manage ment with the important p ara met er and how this techni q ue is going to be better that just a n o rmal passw o rd authe nticatio n. 14. A cknowledgeme nt First and fore most I would like to thank almighty for giv ing me the courage , confid ence an d the strength to do this paper with a lot of dedicat ion and com plete this paper with all the possible analysis that was required for this topic. Then I woul d thank my parents who have always been my supp o rt in carryin g any task that were relat ed bo th my job and academi c s . They have been my role model right my chil dhood day so a special tha nks goes to the m as well as I have their blessing for publishin g this chapte r succ essfully. Al last I woul d like to the entire Intech o pen ac cess publ isher for kee p ing me updat ed on the days left for my work to the updation in the website that is in the user account updation . My heart full thanks go for the entire team o f Inte ch open ac cess publisher wh o m ade my jou rney s mooth f o r publish ing this full chapter. Fin ally I would be hap py to publish this chapter for all those innovato rs who are eage r to kno w mo re about bio met ric usage in enterpr ise level authent icati on techn iques. This chapter will be great help and useful info rmation provider for th o se w ho are worki ng in the infor mation se curit y, infrastru cture s upport an d implem entat ion tea m etc. 11. Refer ences Amar Merrad , N oureddi ne G oléa. (2 010). Multi - Layer Per ceptron s A p proa ch to Hum an Face Re cognit ion . Journa l of Au t oma tion & Syste ms En ginee r ing, PP. (165 -172) Emman uel Opara, Moha mmad Rob, Vance Etnyre . (2006). Bio metric and Syste m s Securit y: An Overview of E nd-T o-End Security Syste m. Com m unica ti ons of t he IIMA, Vo lume 6, Issue 2, PP . (53-5 8) Seifedine K ad ry, H uss am Kasse m, A new secure design f or mobile co m munic ation . Journ al of Theor e tical and Ap plie d Infor mation Techn ology , PP . (652-6 57) Debnat h Bh attachar yya, Rah u l R anja n, Farkhod Alisher ov A., and M in kyu Choi, (2009 ), Biomet ric Au the ntication: A Revie w . I nte rnati onal Journal of u- and e- Servic e, Science and Techn olo gy, V o lume 2, Issue 3 , (Septe mber, 2009) , PP . (13- 28) Anil Ka pil , Atul Garg. (20 10).Se c ure Web Access Model for sen s itive data , Interna t iona l Journa l of Com puter Science & Communic ation, Volum e 1, Issue no 1, (January -J une 2010), PP. ( 13-16) Pijush Kanti Bhatt acharjee , Chandan Koner , Chandan Tilak Bhunia , Ujjwal Maulik . (2010), Biomet ric Entity Based Mutual Au thent icat ion Techni que for 3-G M obile Com municatio ns. I nte rnati onal Journal of Compu t er Theo ry an d Engine ering , Volu m e 2, Issue 1, (Fe bru ary , 2010 ) , PP. (26-3 0) K. Sarasw athi, Dr . R. Balasub ramaniam . (2010 ). Bi o Cryptos ystems for Authentic ation and Network Securit y -A Surv ey Global Journa l of Co mpute r Scienc e and Tec hnolo gy, V olume 10 , Issue 3, (Apri l 2010) , PP. (12- 16 ) S. A kro uf, Membe r, A. Bouzia ne, A. Hacine. Gha rbi, M. Most efai, Y. Chahir. ( 2 010). Towa rds an Intelligent Multi modal Bio m etric Identificat ion Syste m, Internat ional J ourna l of Comput e r and Ele c t rical En ginee ring, Volu me 2, Issue 6, (Dece mber 2010 ), PP. ( 1001- 1004) K.Sasidh ar, Vij aya L K akulap ati, Kolikipog u, Ramak rishna K KailasaR ao. (2010). Multi modal biomet ric sy stems – Study to improve accura cy and perfor m ance , Int ernatio nal Jo urn al of C omputer Science & En gineerin g Survey (IJC SES), Volu me 1, Issue 3, (Nove m ber 2010), P P. (54-61 ) Dr.R.Sesh ad ri, T.Rag hu Trived i . ( 2010) . Generat e a key for MAC Algorith m using Bio metric Fingerpr int. I n terna tiona l Journa l o f Ad hoc, Sen sor & U biqui tous Compu ting (IJASUC ) , V olume 1, Issue 4 , (Dece mber 2010 ), PP. (38 -45) Arian Rahi mi, Sharhriar Mohamm adi, Rozita Rahi mi. ( 2010) . A N ew Web-base d Archite cture Based on Iris Biometr ics Technique to Decreas e Credit Cards Frauds over Internet . , Internation al Journa l of Digital Society (IJDS ) ,Volu me 1, Issue no 2, (June 2010 ) Jin-Wo o Jung , Dae-Jin Ki m, Z. Zen n Bien . Realizat ion o f Pers o nalize d Servi c es for Inte lligent Reside ntial Space based on User Ident ification Meth o d using Sequential Walking Footprint s, Sy s te mics, Cybern etics AND Infor matics , Vol ume 3 , Issue 2 ITIL V3 Improves Infor mati on Sec u rity Manag e ment Ging er TaylorE ast Carol ina Universit y http:// ww w .infose cwrite rs .com/te xt_re sources /pdf/GT aylor_IT IL.pd f Guidan ce on Aligning COB IT, IT IL and ISO 1779 9 http:// ww w .isaca .org/ J ournal/ Past-Issue s/2006/V o lume1 /Docu ments /jpd f0601- Guidan ce-on - Alignin g.pd f Lakxman K umar C, Aru n achal am P, Sandhy a S. (2009). Bio metric Anti -the ft and Tracki ng System for m obile s – BATS. Internatio nal Journal of Recent Trends in En gineeri ng, Volume 1, Iss ue 1, ( M ay 2009), PP. (237-24 2)