# The Use Of Iris Scanning Information Technology Essay

Iris is an unique epigenetic pattern remains stable throughout adult life. Iris makes it very attractive for use as a biometric for identifying individuals. John Daugman implemented a working automated iris recognition system. This System has been tested under various studies, all reporting zero failure rates; it’s claimed to be able to perfectly identify an individual, given million of possibilities.(Include reference) Compared with other biometrics , iris recognition systems has many advantages, the degree of freedom with iris texture is extremely high ,the probability of finding two identical iris is zero, so its highly reliable and could be used for e-voting , however but on the other hand the initial set up of cost would be bit higher.

Scalability- Already many countries like India, US and UK have implemented biometric enabled passports, by implementing fingerprint and iris scanning for e-voting, it could be easily implemented nation-wide

Reliability – Most of industries like retail, banking, IT etc are having already started implementing biometric methods to authenticate users.

(1 a )Article Name - Biometric Template Security (Paper taken from ACM)

## Anil K. Jain, Karthik Nandakumar, and Abhishek Nagar

Department of Computer Science and Engineering, Michigan State University, 3115 Engineering Building,

East Lansing, MI 48824, USA

(Include Reference Name) Intrinsic Failure – It is majorly caused due to incorrect decision made by the biometric system. It could create two types of error false accept and false reject. It can also be referred as zero-effort attack.

Administration attack- It is referred to as insider attack, vulnerabilities caused due to improper administration in the biometric system

## Effects of biometric system failure

Denial-of-service-refers to where a user is prevented from accessing the service that he is entitled

(ii) Intrusion – refers to unauthorized person gaining access to the system

## BIOMETRIC SYSTEM VULNERABILITY

Ratha N.K., Connell J.H., Bolle R.M.(2001) has identified eight attacks that occurs in the biometric system starting from the enrolment process till decision making proceeds.

Fake Biometric Sample – Fake sample such as finger print, digital signatures etc are presented to the biometric system in order to gain access to the system.

Denial of feature extraction – A set of features created by the unauthorized person using Trojan horse attack.

Spoofing biometric feature – Extracted features from input signal are replaced by fake set of features.

Replay of stored digital Signal – A stored signal is replayed into the system ignoring the sensor.

Template Spoofing – Original features are been replaced by fake features in the data base template.

Matching Module Attack- Replacement of matching scores by fake scores.

Attack between the channel between template database and matching module – During the transmission of data between these modules, data can be changed by the attacker.

Attacking the final decision – The final decision could be manipulate by the attacker, by inserting false or fake decisions.

## .

## The General attacks that could occur in the biometric system are as follows

Corrupt Attack – The system gets weak by making changes in the IT environment or biometric system

Degrade – Few of the software available in IT environment tends to decrease the system security level

Tamper- Tampering the hardware of the system.

Cytological Attacks – During data transmission encryption could be broken and this data could be used for another type of attack.

Brute force Attack – Unauthorized person repeatedly tries to present biometric data in order to authenticate

b) What evidence is there to suggest that there is public support for biometric enabled eVoting? You are encouraged to critically refer to any evidence derived from within the UK and also from outside the UK, where e-Voting has been piloted or otherwise adopted.

## Need to show evidence on biometric methods

Many countries have already started research projects and even pilots for e-voting based on biometric in Austria, Switzerland, Germany, Africa and UK. ( Hof.S)

## Pilot trials at national referendums in 2004&2005 in Switzerland

Braun and Brandli (2006).During the year 2004 and 2005, totally five e-voting pilot trails were carried out in the cantons of Geneva, Zurich and Neuenburg on the occasion of national referendums. In 2004, the Federal chancellery conducted a research on the potential effect of e-voting on voters across Switzerland. The result were revealing about two-third of the eligible voters currently have access to the internet. The survey revealed that 54 % of those asked could imagine using e-voting. The reason for readiness to use e-voting was because of the user-friendliness. However about 35% of the people who didn’t want to use e-voting was majorly due fear about the data security, remaining 11% didn’t respond to survey.

## Pilot Trials in Sheffield and Swindon in 2003

Flood (2005) .The two largest e-voting projects in the UK were conducted in Sheffield and Swindon in 2003.In Sheffield, around 174,000 citizens had the opportunity to vote using e-voting and also the traditional ballot paper voting. Technically the trial was success with the system performing perfect during the election said by head of e- government and ICT. Sheffield voters were also very enthusiastic on the new voting systems, with 40% of voters choosing e-voting channel to cast their vote. After the initial trial, among the people has tremendous welcome to the e-voting system.

In Swindon e-voting was offered to all citizens and turnout increased by 15%, however in Sheffield the net increase in the turn out to be 5.2%. In Swindon 92% of voters showed their interest in using e-voting in general election, where as in Sheffield,34% said that e-voting made them more likely to vote in an election.

From the above response from the people towards e-voting it’s very evident that there is strong support for e-voting, but result even tend to increase to a greater percentage when the security concerns of public is been addressed.

a) E-Voting needs to support repudiation. Carefully distinguish between repudiation and non-repudiation. Briefly outline how repudiation can be actively supported technologically. You are advised to provide a critical overview of enabling technologies and techniques, to include any necessary underlying mathematical principles in support of your answer.

## Non Repudiation

## Repudiation

Owner of the signature or vote can’t deny their ownership

Owner of the signature or vote can deny the ownership

Ownership of a signature or vote is traceable

Ownership of a signature or vote is not traceable

Used in application of ecommerce

Used to applications like e-voting

Used to authenticate a legitimate user

Used for the purpose of authenticating legitimate user with privacy

Rusinek and Ksiezopolski (2009) has suggested an e-voting cryptography protocol supporting non-repudiation based on Centinkaya’s Dyna Vote solution with expanding of the internet protocol by improving its safety. The usage of digital signature makes the votes verifiable. This system was mainly used by authorities to have a proof of fact that particular vote has voted.

However the ownership of the vote can be traceable in the above method, which puts a big question on the privacy issue concerned with e-voting? Which will not be welcomed by the public and it might lead to various corruptions and the result might be biased favouring some party. The solution to overcome this would be supporting e-voting repudiation. Yan and French (2007) suggested system which supports repudiable authentication using non tractability of the Quadratic Residuosity problem (QRP), the mathematical principle involved as follows

Yan and French (2007) "Given a and N such that gcd(a, N) =1, decide whether or not a is a quadratic residue modulo N.

If N = p , p is prime number , quadratic residue (p) only if a(Pi l )=2 == 1 (mod p).

If N = odd composite then one needs to know prime factorization of N , which is intractable.

a = quadratic residue of N only if it is Quadratic residue modulo every prime dividing N. (a/N)= 1 then (a/Pi)= -1 for some I , where a = quadratic non-residue modulo N .To decide quadratic residosity the method is to factor N which is intractable .Martin Herlman mentioned that digital signature must be a number that is easily recognized by receiver , but should only be generated by sender. Along with this , in QRP approach they have also included another condition where the sender can validate the signature.”

How "safe" are SSL/TLS and RSA? What inherent vulnerabilities do they possess? Provide a concise risk analysis in the form of a tabulation of known vulnerabilities with your own brief critical commentary.

## RSA Vulnerabilities

## Brute Force Attack

The attacker tries with various combinations to guess the private key. It is proved that RSA with short keys is more vulnerable for Brute Force Attack.

## Mathematical Attack

An attacker can break the RSA by exploiting the mathematical properties. I.e. by determining the prime factors of p, q and modulo of n, which results in finding the value of d. By figuring totient (n),by calculating d directly. To prevent this type of attacks, it’s suggested that the prime factors, that the size of modulo is 2048 bits

## Timing Attack

The attacker can exploit the variation in time of the modular exponentiation implementations and able to determine d , by computing the time taken to calculate Cd (mod n)

## Chosen Cipher text Attacks

It exploits attacking properties of the RSA algorithm.

SSL Vulnerabilities

Client Attack

Server Attack

Man in the middle Attack

RSA Vulnerabilities

Brute Force Attack – The attacker tries with various combinations to guess the private key. It is proved that RSA with short keys is more vulnerable for Brute Force Attack.

## Mathematical Attack

An attacker can break the RSA by exploiting the mathematical properties. I.e. by determining the prime factors of p, q and modulo of n, which results in finding the value of d. By figuring totient (n),by calculating d directly. To prevent this type of attacks, it’s suggested that the prime factors, that the size of modulo is 2048 bits.

## Timing Attack

The attacker can exploit the variation in time of the modular exponentiation implementations and able to determine d , by computing the time taken to calculate Cd (mod n)

Chosen Cipher text Attacks

It exploits attacking properties of the RSA algorithm.

SSL Security analysis

Root of insecurity –

Attack from evil root certificate –

Short Key length -

### Share This Essay

To share this essay on Reddit, Facebook, Twitter, or Google+ just click on the buttons below:

### Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal:

Request the removal of this essay.

### More from UK Essays

- Free Essays Index - Return to the FREE Essays Index
- More Information Technology Essays - More Free Information Technology Essays (submitted by students)
- Information Technology Essay Writing Service -find out more about how we can help you
- Example Information Technology Essays - See examples of Information Technology Essays (written by our in-house experts)