Biometrics for e-voting
Download as DOC, PDF0 likes367 views
This document discusses the implementation of biometric voting systems through computer networks using fingerprints. It begins by introducing biometrics and how fingerprints are commonly used for identification. It then examines how a biometric voting system would work, including voters registering their fingerprint templates in a database, logging into a voting website, selecting a candidate, and having their fingerprint scanned to cast their vote. The document evaluates different biometric methods and argues that fingerprints are most efficient and accurate. It also discusses challenges with biometric systems, such as false acceptance and rejection rates.
Biometrics for e-voting
- 1. IMPLEMENTATION OF BIOMETRICS BIOMETRIC VOTING SYSTEMS THROUGH COMPUTER NETWORKS PRITHVIRAJ.A, VIGNESH.R SASTRA UNIVERSITY TANJORE. Email:prithviinfos@gmail.com ABSTRACT: Biometrics is the technique of using unique, non transferable, physical characteristics, such as fingerprints, to gain entry for personal identification. Since after the invention of the unique technology it has been being used in security systems and authentication. Presently, security fields have three different types of authentication, they are: Something we know: a password, PIN, or piece of personal information Something we have: a card key, smart card, or token and Something we are: a BIOMETRIC Biometric based computer networks and its access in the internet are the techniques which are known little and very rarely implemented. This paper deals with the accessibility of biometrics in a practical application like polling of votes-‘e-voting’ using a physical entity (finger print) through computer network (internet). INTRODUCTION: Biometrics is best defined as measurable physiological and or behavioral characteristics that can be utilized to verify the identity of an individual. Initially, these techniques were employed primarily in specialist high security applications; however we are now seeing their use and proposed use in a much broader range of public facing situations. Biometrics measure individual’s unique physical or behavioral characteristics to recognize or authenticate their identity. Common physical biometrics includes fingerprints; hand or palm geometry; and retina, iris, or facial characteristics .Of this class of biometrics, technologies for fingerprint is the most developed. Biometrics are not a future technology, they are a current technology, with a bigger role in the future. Biometrics will not to replace passwords, swipe cards, or pin numbers etc, rather work with them in enhancing security in a simple, reliable, and cost effective way. It involves directly the human being for the identification or verification. Traditionally many security systems employ the verification technique rather than the identification which is the main aim of biometrics. Biometrics as said earlier uses the individual’s physical characteristics to do its job like hand geometry, retina structure, palm size etc. Biometrics involves different types of devices for that. E.g., fingerprint scanner, iris reader etc. It makes use of the genetic differences between the two persons which is a universal truth. Every human being on the earth has a unique identification and that are shown in their different body organs. Biometrics picks up that particular peculiarity to distinguish the two bodies, and that makes it so strong. PHYSICAL ENTITY IN BIOMETRICS: Several physical entities are used in biometrics They are: Iris, fingerprint, face recognition, voice recognition, retina scan etc.comparision between these entities are as followed: IRIS FACE RECOGNITION FINGERPRINT VOICE RETINA . COMPARISION BETWEEN VARIOUS BIOMETRIC ENTITIES: Characteristi c Fingerprint s Retina Iris Face Voice Ease of Use High Low Mediu m Medium High Error Dryness, dirt, age Glasses Poor Lightin g Lighting , age, glasses, hair Noise, colds, weather Accuracy High Very High Very High High High User acceptance Medium Mediu m Mediu m Medium High Required security level High High Very High Medium Medium Long-term stability High High High Medium Medium
- 2. BASED ON USAGE: finger print iris retina voice palm From the above details it is very clear that finger print is the most EFFICIENT AND ACCURATE one. FINGER PRINT: Fingerprint looks at the patterns found on a fingertip. There are a variety of approaches to fingerprint verification. Some emulate the traditional police method of matching minutiae; others use straight pattern- matching devices; and still others are a bit more unique, including things like moiréfringe patterns and ultrasonics. Some verification approaches can detect when a live finger is presented; some cannot. Fingerprint verification may be a good choice for in house systems where adequate explanation and training can be provided to users and where the system is operated within a controlled environment. It is not surprising that the workstation access application area seems to be based almost exclusively around fingerprints, due to the relatively low cost, small size (easily integrated into keyboards) and ease of integration HOW DOES THE SYSTEM WORKS Whilst individual biometric devices and systems have their own operating methodology, there are some generalizations one can make as to what typically happens within a biometric systems implementation. Obviously, before we can verify an individuals identity via a biometric we must first capture a sample of the chosen biometric. This ‘sample’ is referred to as a biometric template and is the reference data against which subsequent samples provided at verification time are compared. A number of samples are usually captured during enrolment (typically three) in order to arrive at a truly representative template via an averaging process. The template is then referenced against an identifier (typically a PIN or card number if used in conjunction with existing access control tokens) in order to recall it ready for comparison with a live sample at the transaction point. A poor quality template will often cause considerable problems for the user, often resulting in a re- enrolment. These methods of template collection is done during the time of registering the person as a voter. Template storage is an area of interest, particularly with large scale applications which may accommodate many thousands of individuals. The possible method is: STORING THE TEMPLATE IN A CENTRAL REPOSITORY DATABASE This method is storing the template collected from the voter in a separate database. . This may work well in a secure networked environment where there is sufficient operational speed for template retrieval to be invisible to the user. However, we must bear in mind that with a large number of readers working simultaneously there could be significant data traffic, especially if users are impatient and submit multiple verification attempts. The size of the biometric template itself will have some impact on this, with popular methodologies varying between 9 bytes and 1.5kb. Another aspect to consider is that if the network fails, the system effectively stops unless there is some sort of additional local storage. This may be possible to implement with some devices, using the internal storage for recent users and instructing the system to search the central repository if the template cannot be found locally. VERIFICATION OF THE TEMPLATE AND ONLINE POLLING. The verification process requires the user to claim an identity by either entering a PIN or presenting a token, and then verify this claim by providing a live biometric to be compared against the claimed reference template. There will be a resulting match or no match accordingly (the parameters involved will be discussed later under performance measures). A record of this transaction will then be generated and stored, either locally within the device or remotely via a network and host (or indeed both). With certain devices, you may allow the user a number of attempts at verification before finally rejecting them if the templates do not match. At the time of election , the voter is advised to login in to the official website of the election commission
- 3. where public voting takes place. He or she can login with a particular ration id.no. after login the voter is adviced to select the political party to which he wants to poll his vote. After the selection the voter is asked to connect his BIOMETRIC FINGERPRINT READER, once the reader is connected the voter is asked to swipe his finger, it is noted that the voter’s id correspond to his finger template and he could swipe his finger only once. Once the finger template is verified the vote is registered and the voter is automatically directed out of the site. PERFORMANCE MEASURES: False accepts, false rejects, equal error rates, enrolment and verification times - these are the typical performance measures quoted by device vendors (how they arrived at them is another matter). But what do they really mean? Are these performance statistics actually realized in real systems implementations? Can we accept them with any degree of confidence? False accept rates (FAR) indicate the likelihood that an impostor may be falsely accepted by the system. False reject rates (FRR) indicate the likelihood that the genuine user may be rejected by the system. This measure of template matching can often be manipulated by the setting of a threshold, which will bias the device towards one situation or the other. Hence one may bias the device towards a larger number of false accepts but a smaller number of false rejects (user friendly) or a larger number of false rejects but a smaller number of false accepts (user unfriendly), the two parameters being mutually exclusive. Somewhere between the extremes is the equal error point where the two curves cross and which may represent a more realistic measure of performance than either FAR or FRR. These measures are expressed in percentage (of error transactions) terms, with an equal error rate of somewhere around 0.1% being a typical figure. However, the quoted figures for a given device may not be realized in practice for a number of reasons. These will include user discipline, familiarity with the device, user stress, individual device condition, the user interface, speed of response and other variables. We must remember that vendor quoted statistics may be based upon limited tests under controlled laboratory conditions, supplemented by mathematical theory. They should only ever be viewed as a rough guide and not relied upon for actual system performance expectations. This situation is not because vendors are trying to mislead you (in most cases anyway) but because it is almost impossible to give an accurate indication of how a device will perform in a limitless variety of real world conditions. Similarly, actual enrolment times will depend upon a number of variables inherent in your enrolment procedure. Are the users pre-educated? Have they used the device before? What information are you gathering? Are you using custom software? How well trained is the enrolling administrator? How many enrolment points will you be operating? What other processes are involved? And so on. The vendors cannot possibly understand these variables for every system and their quoted figure will again be based upon their own in house experiences under controlled conditions. Verification time is often misunderstood as vendors will typically describe the average time taken for the actual verification process, which will not typically include the time taken to present the live sample or undertake other processes such as the presentation of a token or keying of a PIN. Consider also an average time for user error and system response and it will be apparent that the end to end verification transaction time will be nothing like the quoted figure. THE BLOCK DIAGRAM OF BIOMETRIC VOTING SYSTEM IS AS FOLLOWS: ACCURACY: There are two parameters to judge the accuracy of the biometrics system :false acceptance rate and false- rejection rate. Both methods focus on the system's ability to allow limited entry to authorized users. However, these measures can vary significantly, depending on how you adjust the sensitivity of the mechanism that matches the biometric. For example, you can require a tighter match between the measurements of hand geometry and the STEP 7:IF BOTH MATHCES, VOTE IS SUCCESFULLY POLLED STEP.5:STORING OF USER TEMPLATE TEMPERORILY STEP 3:THE VOTER’S TEMPLATE IS RETRIEVED FROM DATABASE . STEP 1. VOTER LOGINS USING HIS ID. STEP 2.a TEMPLATE DATAB ASE OF VOTERS STEP4:VOTER INPUTS HIS FINGER PRINT- biometric STEP 6:CHECKING THE USER TEMPLATE STEP 8:DIRECTED OUT OF WEBSITE STEP.2b PARTY SELECTIO N
- 4. user's template (increase the sensitivity). This will probably decrease the false-acceptance rate, but at the same time can increase the false-rejection rate. So be careful to understand how vendors arrive at quoted values of FAR and FRR. Technology leaning toward the false reject protect any unauthorized acceptance and hence become more widely taken while in the case of false-acceptance sometimes an unauthorized person may got the access permission which may be dangerous. Hence based on these two variables the accuracy of the installed technology is measured. ADVANTAGES: It is time efficient. no proxy votes are polled human power and money spent over elections could be saved. loss of lives at election riots could be prevented as the system is safe and secure. sick and handicapped could be benifitted. votes polled by NRIs could be collected quickly DISADVANTAGES: It is difficult for the illiterate people to understand the technology the technology implemented is costly. Maximum database security should be given for prevention against ethical hacking. .FAR (False acceptance rate) is probability by which system can accept imposter as genuine individual. .FRR (false rejection rate) is probability by which system can reject a genuine individual. COMPARISION BETWEEN USUAL VOTING AND BIOMETRIC VOTING: 0 10 20 30 40 50 60 70 80 90 p c e t r usual voting biometric voting p-price ,c-cost ,e-efficiency ,t-time ,r-reach to people OTHER APPLICATIONS OF BIOMETRICS: Virtual Access: For a long time, biometric-based network and computer access were areas often discussed but rarely implemented. Analysts see virtual access as the application that will provide the critical mass to move biometrics for network and computer access from the realm of science-fiction devices to regular system components. passwords are currently the most popular way to protect data on a network. Biometrics, however, can increase a company's ability to protect its data by implementing a more secure key than a password. Using biometrics also allows a hierarchical structure of data protection, making the data even more secure: Passwords supply a minimal level of access to network data; biometrics, the next level. You can even layer biometric technologies to enhance security levels. E-Commerce: E-commerce developers are exploring the use of biometrics and smart cards to more accurately verify a trading party's identity. For example, many banks are interested in this combination to better authenticate customers and ensure nonrepudiation of online banking, trading, and purchasing transactions. Some are using biometrics to obtain secure services over the telephone through voice authentication. Developed by Nuance Communications, voice authentication systems are currently deployed nationwide by the Home Shopping Network. FUTURE OF BIOMETRICS Although companies are using biometrics for authentication in a variety of situations, the industry is still evolving and emerging. Standardization: Standards are emerging to provide a common software interface, to allow sharing of biometric templates, and to permit effective comparison and evaluation of different biometric technologies. The BioAPI standard released at the conference, defines a common method for interfacing with a given biometric application. BioAPI is an open- systems standard developed by a consortium of more than 60 vendors and government agencies. Written in C, it consists of a set of function calls to perform basic actions common to all biometric technologies, such as *enroll user, *verifyassertedidentity(authentication),and * discover identity. Another draft standard is the Common Biometric Exchange File Format, which defines a common means of exchanging and storing templates collected from a variety of biometric devices. Hybrid Technology: One of the more interesting uses of biometrics involves combining biometrics with smart cards and public-key infrastructure (PKI). Vendors enhance security by placing more biometric functions directly on the smart card. Some vendors have built a fingerprint sensor directly into the smart card reader, which in turn passes the biometric to the smart card for verification. PKI uses public- and
- 5. private-key cryptography for user identification and authentication. It is mathematically more secure, and it can be used across the Internet. CONCLUSION At its infancy, current biometric technology is still considered immature to completely replace password and other authentication schemes. Security wise, biometric technology shows vulnerabilities that can be easily exploited for wrongful purposes. Biometrics itself is by nature complicated and distinctively secured to each unique identity. Hence, to achieve higher security performance, the design of biometric system should take into consideration the possible vulnerabilities of the processes and algorithms of the system for the whole life cycle, namely data collection, data transmission, storage, templates comparison and susceptibility of the system to physical human attack. Another challenge confronting biometrics is the fact that people are not ready to accept the technology in its entirety. Due to the far-reaching impact of biometric data misuse, any irresponsible use of the technology could be destructive to the society and would certainly compromise the privacy rights of people. Thus, regulations are needed to control and manage the implementation of biometrics. 3-factors authentication, microchip implantation and DNA profiling are among the many that deserve attention. Although the challenges confronting biometrics are many, none of these is going to stop the progress of biometrics being used as authentication and identification tools. This is not the time to argue whether biometrics should be used widely or not in the future.
- 6. private-key cryptography for user identification and authentication. It is mathematically more secure, and it can be used across the Internet. CONCLUSION At its infancy, current biometric technology is still considered immature to completely replace password and other authentication schemes. Security wise, biometric technology shows vulnerabilities that can be easily exploited for wrongful purposes. Biometrics itself is by nature complicated and distinctively secured to each unique identity. Hence, to achieve higher security performance, the design of biometric system should take into consideration the possible vulnerabilities of the processes and algorithms of the system for the whole life cycle, namely data collection, data transmission, storage, templates comparison and susceptibility of the system to physical human attack. Another challenge confronting biometrics is the fact that people are not ready to accept the technology in its entirety. Due to the far-reaching impact of biometric data misuse, any irresponsible use of the technology could be destructive to the society and would certainly compromise the privacy rights of people. Thus, regulations are needed to control and manage the implementation of biometrics. 3-factors authentication, microchip implantation and DNA profiling are among the many that deserve attention. Although the challenges confronting biometrics are many, none of these is going to stop the progress of biometrics being used as authentication and identification tools. This is not the time to argue whether biometrics should be used widely or not in the future.