A SURVEY ON UNIMODAL AND MULTIMODAL BIOMETRIC SYTEM FOR

ENHANCEMENT OF ATM SECURITY1,2Md. Irshad Hussain B., 3,*Dr. Mohammed Rafi

1,2Assistant Professor, 3Professor,1Department of MCA, Visveswaraya Technological University, Bangalore Region, India.

2Department of MCA, UBDTCE, Davanagere, India.3,*Department of Studies in CS & E, UBDTCE, Davanagere, India.

ABSTRACT : In today's world, the technology have made life easier by providing us with lot of innovations, Automated Teller Machine is one such innovation. The ATM is used to check and perform the transactions of funds. But, this existing mode of transactions via ATM is viable of many security threats. In this paper we have discussed biometrics that can provide more security to ATM transaction than the current mechanism. We have also dealt with the types - unimodal and multimodal biometrics, major classification of biometrics which is based on selected traits – the physiological and behavioral traits, along with some of the most popular biometrics, their merits and demerits. Finally, this paper brings about the upper hand of using multimodal based security for ATM over unimodal security along with detail discussion on the steps that are generally performed in unimodal and multimodal based security is made.

Index Terms - Biometrics, Unimodal Biometrics, Multimodal Biometrics, Enrollment, Authentication, Fusion

I. INTRODUCTION ATM stands for Automated Teller Machine, sometimes it is also referred to as a cash machine or a cash dispenser.

The ATM, which is an electronic computerized telecommunication device provide banknote trading facility to the customers of a bank. The ATM is a self-service banking terminal that accepts deposits and dispenses cash. ATM’s are operated by inserting a bank ATM card (debit or credit card) into the card reader slot. The card will contain the customer’s account number and PIN (Personal Identification Number) on the cards magnetic stripe. For instance, when a customer uses ATM to withdraw cash from his account, the customer has to insert the ATM card and has to punch the four digit code associated with that card, the ATM calls up the banks computers to verify the authenticity of customer, checks balance, and if balance is sufficient it dispenses the cash and the completion of transaction is accomplished with acknowledgement on display of ATM, it might also dispense receipt on user’s request and also with an SMS(Short Message Service).

The current system has the drawbacks that the passwords can be compromised, forgotten or shared and further, it cannot differentiate between the authorized customer or an imposter. Apart from this basic security hitch there are some new issues that have risen over a period of time such asEavesdropping – It refers to the threat that the attacker connects or taps into the transmission media and gain unauthorized access to the data.Phishing and Spoofing –

Phishing is a term coined by hackers to describe forged e-mails they send that imitate a legitimate company's e-mails in order to entice people to share their credentials.

Spoofing is a term that describes phishing that asks you to supply, confirm, or update personal information by clicking on a link in the e-mail.Skimming - ATM skimming is like identity theft for debit cards: Thieves use hidden electronics to steal the personal information stored on your card and record your PIN number to access all that hard-earned cash in your account. ATM card services is not considered secure 100% in order to protect the money in bank account[8].

These above discussed issues can be overcome by implementation of biometric security to the ATM transaction. Biometrics uses various physiological or/and behavioral characteristics of an individual to authenticate an authorized user. In Future Most of the banking applications will be securely running with the aid of biometrics and it is the only way to guarantee the presence of the customer when a transaction is made[12].

II BIOMETRICSBiometrics is currently a booming technology, widely used in the field of security to authenticate an authorized

user. Various physiological or/and behavioral characteristics of an individual is/are used to authenticate an authorized user.The use of Biometric systems for authentication and authorization of an individual or customer has the following

benefits [31]: a. Robustness: Over time, the characteristic should not change (Permanence), and thus have low intra-class variability. b. Distinctiveness: Over the population, a great variation of the characteristic should exist (Uniqueness), and thus have large inter-class variability.

c. Availability: Ideally, the whole population should possess the characteristic (Universality). d. Accessibility: The characteristic should be easy to acquire (Collectability). Biometric system can be categorized into two variations:

a. Physiological Traits.b. Behavioral Traits.The physiological traits remains almost stable, except under certain circumstances and can be used in biometric

security, those characteristics can be a fingerprint, face, palm veins, palm print, hand geometry, iris, retina, ECG(Electro Cardio Gram) [17], DNA fingerprint, etc.,. While, the behavioral traits that can be used for biometric security can be gait, signature, handwriting, speech, keystroke dynamics, etc.,Some of the Physiological traits that can be used are discussed below :

Fingerprint Recognition : Fingerprint recognition looks for the unique patterns of ridges and valleys that are present in an individual’s fingerprint(Fig. 2.1). These patterns are unique to every individual and thus help to identify individuals from an entire population. Fingerprints are inherent to individuals and can neither be lost nor stolen which makes it highly accurate and reliable[36]. Face Recognition : Face recognition can be used to provide biometric security. It can be used to measure and match the unique characteristics of an individual that serves for the purposes of identification or authentication. Facial recognition system can detect faces(Fig. 2.2). in acquired image, extract the features, and then match them against stored templates in a database. Palmprint Recognition: A palm print(Fig. 2.3) is the image acquired from the palm region of the hand. The palm mainly consists of principal lines, wrinkles (secondary lines) accompanied by other information such as marks, texture and indents which can be used when comparing one palm to another. Moreover, no two individuals will have same palm print.Palm Veins Recognition: Palm vein(Fig. 2.4) patterns are unique to every individual, even identical twins. Palm vein biometric technology captures an image of the vein pattern beneath the skin and uses that image as the basis for individual identification. Palm vein biometric technology uses near infrared light (the same technology used in TV remote controls) to capture a palm vein pattern, so it does not require high quality skin integrity for accurate identification[20].Hand Geometry Recognition: Human hand((Fig. 2.5) is more distinctive than what we notice from our eyes. The disadvantage is that in large population, there might be possibility that two individuals can have similar hand geometry, but if a smaller population is considered than it can be considered for unique characteristic. Iris Recognition : Iris(Fig. 2.6) is a circular part that sits between the pupil and the sclera. It can serve for individuals’ verification and identification. Iris satisfies the properties such as uniqueness, stability, high recognition rate and Permanence. Individual’s iris patterns are unique and distinct, no two persons will have same iris pattern not even the identical twins. Further even the left and right iris of the same individual is distinct.Retinal Recognition: The human retina(Fig. 2.7). is a thin tissue composed of neural cells situated in the posterior portion of the eye. Because of the complex arrangement of the capillaries that supply the retina with blood, each person’s retina is unique. The network of blood vessels in the retina is so complex that even identical twins do not share a similar pattern. Although retinal patterns may be altered in case of diseases such as diabetes, glaucoma or retinal degenerative disorders, the retina typically remains unchanged from birth until death[26].ECG Recognition: Electrical currents that are generated by the heart as it beats spread not only within the heart, but also throughout the body. Therefore, shapes of the ECG waveforms (Fig. 2.8) depend on human heart and body anatomic features. Thus one may consider ECG as a human biometric characteristic. The ECG is a universal characteristic, as the heart beat is a necessary sign of life, and it can be recorded with minimum inconvenience to the individual[22].DNA Print Recognition: Due to recent improvements in laboratory analysis and reduction in costs, many agencies are relying on deoxyribonucleic acid (DNA) as a form of identification. DNA is a chemical structure that forms chromosomes. A gene is piece of a chromosome that dictates a particular trait. That chemical structure can be identified through laboratory analysis. DNA does not change over times, however, two people can have the same DNA (Identical twins). DNA identification processes require a lengthy time period. In addition, some consider DNA collection to be personally invasive[27].

Fig. 2.8 : ECG Fig. 2.7 : RetinaFig. 2.6 : IrisFig. 2.5 : Hand Geometry

Fig. 2.4 : Palm VeinFig. 2.3 : PalmprintFig. 2.2 : Face Image Fig. 2.1 : Fingureprint

Some of the Behavioral traits that can be used are discussed below :

Gait Recognition: It identifies people based on the way they walk(Fig. 2.9). As a biometric, gait has several attractive properties. Acquisition of images portraying an individual’s gait can be done easily in public areas, with simple instrumentation, and does not require the cooperation or even awareness of the individual under observation. In fact, it seems that it is the possibility that a subject may not be aware of the surveillance and identification that raises public concerns about gait biometrics[30].Signature Recognition: Handwritten signatures(Fig. 2.10) are the depiction of an individual’s name that he embosses on the document as a proof of his identity as well as his/her willingness and acceptance. It is one of the most socially acceptable and traditionally used person identification and authentication metric. Handwriting Recognition: It is the process of identifying the individual who is the author the textual content(Fig. 2.11)t. In this system, the recognition does not just look at how the individual shape each letter; but they also analyze the act of writing. The system examines the pressure the individual use and the speed and rhythm with which he/she writes. The system also record the sequence in which the individual’s form letters, like whether he/she add dots and crosses as they proceed or after they finish the word[33].Speech Recognition: Speech has a unique advantage over other biometrics by relying on the modality, which is the primer way of communication and is especially important in applications such as telephony. By extracting appropriate features from a person’s voice(Fig. 2.12) the uniqueness of the physiology of the vocal tract and the articulator properties can be captured to a high degree and can serve the purpose of authentication[34]. Keystroke Dynamics : It is the process of analyzing the way a user types at a terminal by monitoring the keyboard inputs thousands of times per second, and attempts to identify them based on habitual rhythm patterns in the way they type(Fig. 2.13). When a person types, the latencies between successive keystrokes, keystroke durations, finger placement and applied pressure on the keys can be used to construct a unique signature (i.e., profile) for that individual. [35].

III TYPES OF BIOMETRIC BASED SECURITYBiometric based security can be offered in one of the following two ways[32] :

1) Unimodal Biometric Security System.2) Multimodal Biometric Security System.Unimodal biometric security systems is based only on a single source of information i.e., either one of the above

said physiological characteristic or behavioral characteristic. Using this single source of information is most of the time is disadvantageous[2] as the Unimodal biometric security system is associated with limitations such as :a. Non-universality. b. Noise in sensed data. c. Intra-class variations.d. Inter-class similarities. e. Susceptibility to circumvention. The limitations of Unimodal Biometric Security System mentioned above can be rooted out with Multimodal Biometric Security System[15][23].Multimodal Biometric Security System is a fusion of more than one source of information, source of can be either from physiological characteristics or f ro m behavioral characteristics information or by the mixture of combination of both physiological characteristics and behavioral characteristics. Further, Limitations of the unimodal biometric systems can be alleviated by using multimodal biometric systems[7]. Multimodal biometric system can operate in three modes namely Serial, Parallel and Hierarchical modes [14].

IV LITERATURE SURVEYSome of the Unimodal and Multimodal Biometric Security mechanism that are surveyed in perception of providing security to ATM transaction are discussed below : Mithun Dutta and et’al[1]: proposes ATM Transaction Security Using Fingerprint Recognition, fingerprint acts as a Biometric Identifier at first level of authentication and if authenticated, then it triggers a generated OTP to the user at second level of authentication.Shivam Mishra and et’al[4]: Proposed an Enhanced ATM Security System using GSM, GPS and fingerprint Biometrics. It uses there levels of authentication : at first level the ATM Pin, second level by fingerprint and the third level by OTP. The first level of authentication and the third level authentication cannot identifies the real user or do not demand the physical presence of user. Further, the fingerprint is sufficient to authenticate the right user.

Fig. 2.13 : KeystrokeFig. 2.12 : SpeechFig. 2.11 : HandwritingFig. 2.10 : Signature Fig. 2.9 : Gait

K. Kade Mahesh and et’al[13]: Their survey work on Iris Image Analysis, reveals various algorithms used for iris segmentation, extracting features of iris, and matching of iris code.Sujata Kataria and Ashok K. Goel[16] : Proposes a hybrid approach of biometric security by using a technique for individual identification with the fusion of fingerprint and signature data. One of the major concerns in this proposal is usage of Signature, which can be mimicked.Sowmya Ravikumar and et'al[28]: proposes ATM transaction security using Fingerprint recognition, the proposal is based on using a single trait of fingerprint. But, however, the proposer themselves concludes that security can be enhanced by using multi traits to authenticate a user.Muhammad Bello B.L. and et'al[6]: proposes an Enhanced ATM Security System using Second-Level Authentication. The first level of authentication is PIN associated with the user’s ATM and at the second level an OTP is sent to the user after a successful completion of first level authentication. The matter of concern is what if ATM card and mobile both are compromised and moreover participation of the authenticated user can be passive.Avinash Kumar Ojha[5]: proposed a prototype for ATM Security using Fingerprint Recognition. In this, the first level of authentication is to input the password, then followed by second level authentication of Fingerprint recognition. For this they used LPC2148 and FIM3030, which provided low power consumption platform. They also conclude that the same hardware platform can be used with IRIS scanner to put forward another potential biometric security to the ATMs.Meenakshi and et al[3]: Presents a Survey on Multimodal Biometrics Using Fingerprint Minutiae and Signature Verification to authenticate a user. The survey unleashes the biometrics techniques that can be used for Fingerprint and Signature Verification. However in the work only one trait is i.e., fingerprint covers the liveliness and other trait a signature can be forged by the imposter.Deepa Malviya[9]: proposes to use the Face Recognition Technique for Enhanced Safety Approach for ATM. PIN associated with the ATM card serves as the first level of authorization, then followed by Face recognition as second level of authorization. Face image is acquired from 3 different angles – One from front angle, another from left angle 90 degrees and the last one right angle 90 degrees at a distance of 2 feet. However, instead of capturing 3 features from single source i.e., face, it would have been ideal to use trait from another source.Savita Choudhary[17] : proposed a Design of Biometric Based Transaction System using Open Source Software Development Environment. Proposed system uses fingerprint of the user for authentication. This system works using a scanner, followed by a hashing algorithm and decoding. Each transaction generates a key which is verified from the database. But, how the mapping of user account to fingerprint is achieved has not been discussed. Seyed Hassan Sadeghzadeh and et'al[11] : proposed a Multimodal Biometric System with fusion of Fingerprint and Speech. Their study revealed that a multimodal biometric technique, which integrates multiple biometric in making a personal identification, can be utilized to solve the limitations the single biometrics. They also revealed that False Rejection Rate(FRR) and False Acceptance Rate(FAR) of unimodal fingerprint was less than unimodal speech(in both cases), but when compared to the fusion of both traits it was much lesser than both the individual unimodal traits.Mahesh A. Patil and et’al [29]: proposed ATM Transaction Using Biometric Fingerprint Technology, fingerprint acts as a Biometric Identifier at first level of authentication and if authenticated, then it generates and sends an password to the user as second level of authentication.Gandhimathi Amirthalingam and et'al[19]: Proposed a Multimodal Approach for Face and Ear Biometric System. It has two level of authentication; the first level of authentication is face recognition then followed by ear recognition, if successful identifies the user as authenticated user.V.Padmapriya and S.Prakasam[24] : Proposed a work on Enhancing ATM Security using Fingerprint and GSM Technology. In this proposal, biometric fingerprint is used as a first level of authentication and then followed by GSM Technology as second level of authentication, which sends a four digit code for the further transaction processing. But, in the proposal they have given scope for a nominee user to perform transaction on behalf of the real user.Pennam Krishnamurthy and Mr. M. Maddhusudhan Reddy[21]: Proposed Implementation of ATM Security by Using Fingerprint recognition and GSM. In this proposal, biometric fingerprint is used as a first level of authentication and then followed by GSM Technology as second level of authentication, which sends a password to the user for the further transaction processing. After first level of authentication the second level cannot identifies the real user.

With the survey of above unimodal and multimodal biometric system, it is inferred that multimodal biometric system is more effective than unimodal mechanism in providing secured authentication for ATM transaction.

V STEPS FOR UNIMODAL AND MULTIMODAL BIOMETRIC SYSTEMIn general, the Unimodal and Multimodal Biometric system works in two phases: i) Enrollment phase and ii)Authentication Phase. The generic steps that are carried out for both phases are almost similar, for both Unimodal and Multimodal Biometric system (Fig 2.1), which are as follows [12][10]:

1) Image Acquisition. 2) Preprocessing. 3) Feature Extraction. 4) Template generator.5) Matching. 6) Decision.

1) Image Acquisition :

It is the first step of any biometric system. It is a very critical and important step as processing of all the other step depends on this.2) Preprocessing

It usually involves the processing of image acquired in previous step, to attain the enhancement by removing unwanted noises. It consists of set of operations on images at the lowest level of abstraction, the input image may be a true colour image but the output is always an intensity images. It usually techniques like binarization, thresholding, resizing, normalization, localization, geometric transformations, image restoration, etc.3)Feature Extraction

It is the process by which certain features of interest within an image are detected and represented for further processing. It is a critical step in any image processing system as a transition takes place from an image representation to data representation(alphanumerical, usually quantitative). 4)Template Generator:

In this step a template is generated based on the data representation of the previous step.5) Matching: In this step, the stored template value are matched with the current image of authentication. 6) Decision :

If, the stored template value, matches with current image value, than the user is recognized as an authorized user and allowed to transact, otherwise he is not allowed to perform any transaction.

Only exception that can be observed is during the fusion of traits in Multimodal Biometric systems, which are done at four different levels[25][19]:

1. Sensor level2. Feature level 3. Match Score level 4. Decision Level

Fig 2.1: Generic Biometric Security System with Single Trait

Perform Transaction

Decision : Not an Authenticated User

No

Yes

Decision : Authenticated User

Stored

Template

ENROLLMENT AUTHENTICATION

Feature Extraction

Preprocessing

Image Acquisition

Matching ?

Single Trait Single Trait

Template Generator

VI CONCLUSION The survey carried out, revealed that the use of biometrics to identify individual is more advantageous than the current existing security mechanism for ATM as it overcomes the issues Eavesdropping, Phishing and Spoofing, and Skimming. When the biometrics is used to offer security has an upper hand over conventional existing system, due to it inheritance of the properties such as Permanence, Uniqueness, Universality and Collectability. This paper also reveals that the use of multimodal biometric security is more secured than the unimodal biometric system. This paper also points out that the behavioral traits can be mimicked or forged; hence it will be preferable to use physiological traits for authentication.

REFERENCES [1]Mithun,Dutta. Kangkhita,Keam.andShamima,Yasmin. 2017. ATM Transaction Security Using Fingerprint Recognition. American Journal of Engineering Research. 6(8): 41-45.[2]ShanthaKumar, H.C. and Janardhan, Naidu.2016. An Efficient Personnel Authentication Through Multi modal Biometric System.International Journal of Scientific Engineering and Applied Science.2(1).[3]B. Meenakshi. C. Anuradha. And C. Nalini. 2015. A Survey on Multimodal Biometrics Using Fingerprint Minutiae and Signature Verification. International Journal of Engineering Research in Computer Science and Engineering.2(8).[4] Shivam, Mishra. Aakarsh, Jain. Shivam, Kumar. and Ankit, Goyal. 2017. Enhanced ATM Security System using GSM, GPS and Biometrics. International Journal of Engineering and Technical Research. 7(8).[5] Avinash Kumar, Ojha. 2015. ATM Security using Fingerprint Recognition, International Journal of Advanced Research in Computer Science and Software Engineering. 5(6).[6] Muhammad-Bello, B.L. Alhassan, M.E. and Ganiyu, S.O. 2015. An Enhanced ATM Security System using Second - Level Authentication. International Journal of Computer Applications. 111(5): 0975 – 8887.[7] Shradha, Tiwari. Prof. J.N. Chourasia. and Vijay S, Chourasia. 2015. A Review of Advancements in Biometric Systems, International Journal of Innovative Research in Advanced Engineering. 2(1): 2349-2163.[8] Nor Fazlina Mohd, Amin. Shorayha, A. /P Eh, Chong. Nur Zafirah Abd, Hashim. And Hassan, Chizari. 2015. Security Issues in ATM Smart CardTechnology. International Journal of Mathematics and Computational Science. 1(4): 199-205.[9] Deepa, Malviya. 2014. Face Recognition Technique: Enhanced Safety Approach for ATM. International Journal of Scientific and Research Publications. 4(12).[10] Sakshi, Kalra. and Anil, Lamba. 2014. A Survey on Multimodal Biometric. International Journal of Computer Science and Information Technologies. 5(2).[11] Seyed Hassan, Sadeghzadeh. Morteza, Amirsheibani. and Anseh Danesh, Arasteh. 2014. Fingerprint and Speech Fusion: A Multimodal Biometric System. International Journal of Electronics Communication and Computer Technology. 4(2).[12] K. Lavanya. 2013. A Comparative Study on ATM Security with Multimodal Biometric System.International Journal of Computer Science & Engineering Technology . 4(6).[13] K. Kade, Mahesh. P.V.V. Kishore. and J. Karande, Kailash. 2017. Survey on Iris Image Analysis. Indian Journal of Science and Technology. 10(19).[14] V. Sireesha. and K. Sandhyarani. 2013. Multimodal Biometric System Using Iris - Fingerprint: An Overview. International Journal of Engineering Sciences Research. 04(1).[15] A. Ross. and A. K. Jain.2003. Information fusion in biometrics. Pattern Recognition Letters. 24 :2115–2125.[16] SujataKataria, Ashok, K. Goel.2016.A Hybrid Approach for Biometric Authentication using Fusion of Fingerprint and Signature. International Journal of Scientific Research Engineering & Technology.5(1):2278 – 0882.[17] Savita, Choudhary. 2014. Design of Biometric Based Transaction System using Open Source Software Development Environment. International Journal of Innovative Research in Computer and Communication Engineering. 2(2).[18] https://www.bayometric.com/importance-of-biometric-fingerprinting-technology/[19] Gandhimathi, Amirthalingam. and Radhamani, G. 2013. A Multimodal Approach for Face and Ear Biometric System. International Journal of Computer Science Issues. 10(5).[20] http://www.m2sys.com/blog/scanning-and-efficiency/iris-recognition-vs-palm-vein-biometrics-how-do-they-compare/[21] Pennam, Krishnamurthy. and M. Maddhusudhan, Reddy. 2012. Implementation of ATM Security by Using Fingerprint recognition and GSM. International Journal of Electronics Communication and Computer Engineering. 3(1)[22] Lugovaya T.S. 2005. Biometric human identification based on electrocardiogram. [Master's thesis] Faculty of Computing Technologies and Informatics. Electrotechnical University (LETI). Saint-Petersburg. Russian Federation.[23] Arun, Ross. and Anil K. Jain. 2004. Multimodal Biometrics: An Overview, 12th European Signal Processing Conference (EUSIPCO), (Vienna, Austria).:1221-1224.[24] V. Padmapriya. and S. Prakasam. 2013. Enhancing ATM Security using Fingerprint and GSM Technology. International Journal of Computer Applications. 80(16).[25] Dapinder, Kaur. and Gaganpreet, Kaur. 2013. Level of Fusion in Multimodal Biometrics: a Review. International Journal of Advanced Research in Computer Science and Software Engineering. 3(2).[26] http://www.m2sys.com/blog/iris-recognition-2/difference-iris-retina-important-biometric-identification/[27] Kalyani, Mali. and Samayita, Bhattacharya. 2013. Comparative Study of Different Biometric Features. International Journal of Advanced Research in Computer and Communication Engineering . 2(7).[28] Sowmya, Ravikumar. Sandhya, Vaidyanathan. B. Thamotharan. and S. Ramakrishnan. 2013. A new business model for ATM transaction security using fingerprint recognition”, International Journal of Engineering and Technology. 5(3).

[29] Mahesh A. Patil. Sachin P. Wanere, Rupesh P. Maighane. and Aashay R. Tiwari. 2013. ATM Transaction Using Biometric Fingerprint Technology. International Journal of Electronics,Communication & Soft Computing Science and Engineering . 2(6).[30] Jeffrey, E. Boyd. and James J. Little. Biometric Gait Recognition[31] Divyakant, T. Meva. and C. K. Kumbharana. 2015. Design and evaluation of multimodal biometric system with fingerprint and face recognition. International Journal of Scientific and Research Publications. 5(4).[32] M. Sujithra. and G. Padmavathi. 2015. A Survey of Biometric Iris Recognition. Security, Techniques and Metrics. Asian Journal ofinformation Technology. 14 (6): 192-199. [33] https://science.howstuffworks.com/biometrics1.htm[34] Mandeep, Kaurand. Akshay, Girdhar. and Manvjeet, Kaur. 2010. Multimodal Biometric System Using Speech and Signature Modalities.International Journal of Computer Applications . 5(12).[35] Fabian, Monrose. and Aviel. D, Rubin. 2000. Keystroke dynamics as a biometric for authentication. Future Generation Computer Systems 16. Elsevier Science: 351–359.