CHAPTER I

Introduction

1.1 Background
Authentication is the act of confirming the truth of an attribute of a datum or entity. This might involve confirming the identity of a person or software program, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be. Computer vision is a field that includes methods for acquiring, processing, analyzing, and understanding images and, in general, high-dimensional data from the real world in order to produce numerical or symbolic information, e.g., in the forms of decisions. Currently studies are being done by researchers all over the world if computer vision technique like face recognition, finger print recognition etc. can be used as a user authentication process. Today some laptop companies e.g. Lenovo, HP etc. are providing their customers this type of software support. Some major software companies are focusing on this thesis as well like Luxand Inc, Logitech or Necsoft. But they are only providing login security but once user is logged into the system, there is no checking available if that user is present in front of the system or not. Besides, like every other security measures this also has some problems. But due to its ease of use and being cool, i.e. no need to memorize password or considering how to use strong passwords, this field is becoming popular in the recent years.

1.2 Statement of the Problem

Why to memorize a password, when you can be the password? We can forget our password but can never lose our face. We carry it all the time. We being the password are seemingly more attractive and somehow effective. There are also several problems with password protection. Like discloser of password in front of others and brute-force attack can be done against password. So our proposed system is quite safe in that way. Again using password for each file is not an efficient way for protection. As it is more time 1

consuming. So what we can do to give runtime protection to our system? Our proposed technique can easily solve this problem. System will automatically check for authorized person is available or not. So it can give a user friendly environment in an efficient way.

1.3 Motivation
In this thesis, a new technique is proposed for user authentication system which is more efficient than old password protection system widely used all over the word. The main objective behind our thesis can be described as: To know about computer vision To know about different authentication system To make our own system more user friendly and secured To make the system automatic To know about different approach for face recognition Implementation of computer vision for user authentication Performance measurement of different algorithm and techniques available for face recognition Performance measurement of our proposed system with presently available system

1.4 Scope of the Study

Most personal computers today use knowledge based user authentication e.g. password protection. Nevertheless, password protection is regarded as insecure. So this thesis can show an efficient method for authentication system. Again we are not only using webcam but also we are suggesting to use infrared light for distinguish a 2D object from 3D object. So this can bring a revolutionary automation in authentication system. As we are using computer vision which a field that includes methods for acquiring, processing, analyzing, and understanding images and, in general, high-dimensional data from the real world in order to produce numerical or symbolic information. A theme in the development of this field has been to duplicate the abilities of human vision by electronically perceiving and understanding an image. This image understanding can be

seen as the disentangling of symbolic information from image data using models constructed with the aid of geometry, physics, statistics, and learning theory. Computer vision has also been described as the enterprise of automating and integrating a wide range of processes and representations for vision perception. So there is a wide range of opportunity to extend our thesis in different automation system with better performance.

1.5 Thesis Organization

After this introduction, preliminaries of some basic algorithms of face recognition for user authentication are presented in CHAPTER II. Concept of these basic algorithms will be used in the proposed system. CHAPTER III discusses and presents the proposed system. This chapter discuss about the mechanism of the proposed system and a flow chart of the total system. Finally it shows the structure of the total proposed system. In CHAPTER IV we have discussed about the implementation of the proposed system. Performance measurement of our system and comparison with different system is discussed briefly in this chapter. CHAPTER IV contains the details discussion, concluding remarks and recommendations for possible future extension of the present work.

CHAPTER II

Preliminaries

2.1 Introduction
Now-a-days we want our computers to perform like us. i.e. we want them to be intelligent. So password identification system is becoming less popular before face recognition authentication system. With face recognition mechanism, we can assure the authorized user is sitting in front of the computer and accessing it. Passwords can be vulnerable to exhaustive attack, besides they can be guessed or exposed as well. But knowing the face will not help an attacker to gain the access of the system. So this is more promising to the user.

2.2 Face Recognition

A facial recognition [1] system is a computer application for automatically identifying or verifying a person from a digital image or a video frame from a video source. One of the ways to do this is by comparing selected facial features from the image and a facial database. It is typically used in security systems and can be compared to other biometrics such as fingerprint or eye iris recognition systems. The whole process of recognition is described below in two parts (face detection and face recognition). 2.2.1 Face Detection Methods Considering an image representing a frame taken from a video stream or a graphic file selected from a database; the problem of face detection consist of finding the spatial location within the scene where human faces are located. This problem is quite challenging due numerous issues, e.g. pose, presence or absence of structural components, facial expression, occlusion, orientation, imaging conditions. According to [2], methods employed by face detection could be roughly classified in:

Knowledge-Based Methods Usually rule-based methods, using multi-resolution, these methods encode human knowledge of what constitutes a typical by capturing the relationships between facial features. Such an approach is presented in [3].

Feature Invariant Methods Include facial features, texture, skin color, in order to find structural features. See [4] as an example of these algorithms.

Template Matching Methods Algorithms like predefined or deformable face template compute the correlations between an input image and the stored patterns. More details could be found in [5].

Appearance-Based Methods Employs eigenfaces [6], neural networks [7], support vector machine [8] or hidden markov models [9]. Here, the models are learned from a set of training images which should capture the representative variability of facial appearance.

Skin Color Based RGB Color Space Crowley and Coutaz [10] said one of the simplest algorithms for detecting skin pixels is to use skin color algorithm. The perceived human color varies as a function of the relative direction to the illumination. The pixels for skin region can be detected using a normalized color histogram, and can be further normalized for changes in intensity on dividing by luminance.

Figure 2.1: Skin color representation in RGB color space

And thus converted an [R, G, B] vector is converted into an [r, g] vector of normalized color which provides a fast means of skin detection. This gives the skin color region which localizes face. As in [11], the output is a face detected image which is from the skin region. This algorithm fails when there are some more skin region like legs, arms, etc. Skin Color Based In YCbCr Studies have found that pixels belonging to skin region exhibit similar Cb and Cr values. Furthermore, it has been shown that skin color model based on the Cb and Cr values can provide good coverage of different human races.

Figure 2.2: Skin color representation in YCbCr color space

The thresholds be chosen as [Cr1, Cr2] and [Cb1, Cb2], a pixel is classified to have skin tone if the values [Cr, Cb] fall within the thresholds The skin color distribution gives the face portion in the color image. This algorithm is also having the constraint that the image should be having only face as the skin region. Skin Color Based In HSI Color Space Kjeldson and Kender defined a color predi-cate in HSV color space to separate skin regions from background [12]. Skin color classification in HSI color space is the same as YCbCr color space but here the responsible values are hue (H) and saturation (S).

Figure 2.3: Skin color representation in HSI color space

Similar to above the threshold be chosen as [H1, S1] and [H2, S2], and a pixel is classified to have skin tone if the values [H,S] fall within the threshold and this distribution gives the localized face image. Similar to above two algorithm this algorithm is also having the same constraint. 2.2.2 Face Recognition Methods Many paradigms are available for implementing the recognition/classication phase. Some of the most important are briey discussed in the following. Geometric Feature Based Matching Brunelli and Poggio in 1992 extended Kanades algorithm and used Geometric Feature based Matching for face recognition [10], [13]. The basic idea behind their algorithm was to describe the overall conguration of the face by a vector of numerical data representing the relative position and size of the main facial features: eyes and eyebrows, nose and mouth. Eigenfaces Eigenfaces proposed by Turk et al.[14] are a set of orthonormal basis vectors computed from a collection of training face images. They provide a basis of low dimensional representation of the facial images and are optimal in the minimum least square error sense.

Support Vector Machines In 2001, Guo et al. [14], incorporated Support Vector Machines (SVMs) with binary tree recognition for multi-class recognition. More on this topic in [15].

Matching Inexact Graphs In 2001 Cesar et al. [16] approached facial feature recognition as a problem of matching inexact graphs where the graphs were built from regions and relationships between regions in an image.

Depth and Texture Maps Texture coding provides information about facial regions with little geometric structure like hair, forehead and eyebrows whereas a depth map provides us with information about regions with little texture such as chin, jaw line and cheeks. Considering this fact, Ben Abdelkader et al. proposed that the accuracy of FRT systems can be improved by considering not only the texture map but also the depth map [17].

Multi-resolution Analysis Ekenel and Sankur proposed multi-resolution facial recognition in [18]. They employ multiresolution analysis to decompose the image into its sub-bands prior to the subspace operations such as principal or independent component analysis.

Gabor Feature Classifier Liu et al. [19] describe a novel Gabor Feature Classier (GFC) method for face recognition. The kernels of Gabor wavelets are similar to the 2D receptive eld proles of the mammalian cortical simple cells and exhibit desirable characteristics of spatial locality and orientation selectivity.

2.3 Authentication and Security Measures

Authentication mechanisms [20] use any of three qualities to confirm a user's identity. 1. Something the user knows. Passwords, PIN numbers, passphrases, a secret handshake, and mother's maiden name are examples of what a user may know. 2. Something the user has. Identity badges, physical keys, a driver's license, or a uniform are common examples of things people have that make them recognizable.

3. Something the user is. These authenticators, called biometrics, are based on a physical characteristic of the user, such as a fingerprint, the pattern of a person's voice, or a face (picture). These authentication methods are old (we recognize friends in person by their faces or on a telephone by their voices) but are just starting to be used in computer authentications. Different encryption algorithms can be used to provide file security. Available encryption algorithms are DES, AES, RSA, El Gamal etc. 2.3.1 Data Encryption Standard (DES) The DES [20] algorithm is a careful and complex combination of two fundamental building blocks of encryption: substitution and transposition. The algorithm derives its strength from repeated application of these two techniques, one on top of the other, for a total of 16 cycles. The sheer complexity of tracing a single bit through 16 iterations of substitutions and transpositions has so far stopped researcher in the public from identifying more than a handful of general properties of the algorithm. The algorithm begins by encrypting the plaintext as blocks of 64 bits. The key is 64 bits long, but in fact it can be any 56-bit number. (The extra 8 bits are often used as check digits and do not affect encryption in normal implementations.) The user can change the key at will any time there is uncertainty about the security of the old key. The algorithm leverages the two techniques Shannon identified to conceal information: confusion and diffusion. That is, the algorithm accomplishes two things: ensuring that the output bits have no obvious relationship to the input bits and spreading the effect of one plaintext bit to other bits in the ciphertext. Substitution provides the confusion, and transposition provides the diffusion. In general, plaintext is affected by a series of cycles of a substitution then a permutation. The iterative substitutions and permutations are performed as outlined in figure

Left Half Text

Right Half Text

Add Key

Key

Substitute

Permute

Add Halves

New Left Half Text

New Right Half Text

Figure 2.4: DES Encryption

DES uses only standard arithmetic and logical operations on numbers up to 64 bits long, so it is suitable for implementation in software on most current computers. Although complex, the algorithm is repetitive, making it suitable for implementation on a singlepurpose chip. In fact, several such chips are available on the market for use as basic components in devices that use DES encryption in an application.

10

Double DES To address the discomfort, some researchers suggest using a double encryption for greater secrecy. The double encryption works in the following way. Take two keys, k1 and k2, and perform two encryptions, one on top of the other: E(k2, E(k1,m)). In theory, this approach should multiply the difficulty of breaking the encryption, just as two locks are harder to pick than one. Unfortunately, that assumption is false. Merkle and Hellman [MER81] showed that two encryptions are no better than one. The basis of their argument is that the cryptanalyst works plaintext and ciphertext toward each other. The analyst needs two pairs of plaintext (call them P1 and P2) and corresponding ciphertext, C1 and C2, but not the keys used to encrypt them. The analyst computes and saves P1 encrypted under each possible key. The analyst then tries decrypting C1 with a single key and looking for a match in the saved Ps. A match is a possible pair of double keys, so the analyst checks the match with P2 and C2. Computing all the Ps takes 256 steps, but working backward from C1 takes only the same amount of time, for a total of 2 * 256 or 257, equivalent to a 57-bit key. Thus, the double encryption only doubles the work for the attacker. As we soon see, some 56-bit DES keys have been derived in just days; two times days is still days, when the hope was to get months if not years for the effort of the second encryption. Triple DES However, a simple trick does indeed enhance the security of DES. Using three keys adds significant strength. The so-called triple DES procedure is C = E(k3, E(k2, E(k1,m))). That is, you encrypt with one key, decrypt with the second, and encrypt with a third. This process gives a strength equivalent to a 112-bit key (because the double DES attack defeats the strength of one of the three keys). A minor variation of triple DES, which some people also confusingly call triple DES, is C = E(k1, D(k2, E(k1,m))). That is, you encrypt with one key, decrypt with the second, and encrypt with the first again. This version requires only two keys. (The second decrypt step also makes this process work for single encryptions with one key: The decryption cancels the first encryption, so the net result is one encryption.) This approach is subject to another tricky attack, so its strength is rated at only about 80 bits. 11

In summary, ordinary DES has a key space of 56 bits, double DES is scarcely better, but two-key triple DES gives an effective length of 80 bits, and three-key triple DES gives strength of 112 bits. Now, over three decades after the development of DES, a 56-bit key is inadequate for any serious confidentiality, but 80- and 112-bit effective key sizes provide reasonable security. 2.3.2 Advanced Encryption Standard (AES) Rijndael [20 ]is a fast algorithm that can be implemented easily on simple processors. Although it has a strong mathematical foundation, it primarily uses substitution; transposition; and the shift, exclusive OR, and addition operations. Like DES, AES uses repeat cycles. There are 10, 12, or 14 cycles for keys of 128, 192, and 256 bits, respectively. In Rijndael, the cycles are called "rounds." Each cycle consists of four steps.

1. Byte Sub 2. Shift Row

3. Mix Column

4. Add Round Key

Figure 2.5: AES Encryption

12

Byte substitution: This step uses a substitution box structure similar to the DES, substituting each byte of a 128-bit block according to a substitution table. This is a straight diffusion operation.

Shift row: A transposition step. For 128- and 192-bit block sizes, row n is shifted left circular (n - 1) bytes; for 256-bit blocks, row 2 is shifted 1 byte and rows 3 and 4 are shifted 3 and 4 bytes, respectively. This is a straight confusion operation.

Mix column: This step involves shifting left and exclusive-ORing bits with themselves. These operations provide both confusion and diffusion. Add subkey: Here, a portion of the key unique to this cycle is exclusive-ORed with the cycle result. This operation provides confusion and incorporates the key.

2.3.3 RSA Encryption The RSA [20] algorithm uses two keys, d and e, which work in pairs, for decryption and encryption, respectively. A plaintext message P is encrypted to cipher-text C by C = Pe mod n The plaintext is recovered by P = Cd mod n Because of symmetry in modular arithmetic, encryption and decryption are mutual inverses and commutative. Therefore, P = Cd mod n = (Pe)d mod n = (Pd)e mod n This relationship means that one can apply the encrypting transformation and then the decrypting one, or the decrypting one followed by the encrypting one. Key Choice The encryption key consists of the pair of integers (e, n), and the decryption key is (d, n). The starting point in finding keys for this algorithm is selection of a value for n. The value of n should be quite large, a product of two primes p and q. Both p and q should be large themselves. Typically, p and q are nearly 100 digits each, so n is approximately 200 decimal digits (about 512 bits) long; depending on the application, 768, 1024, or more bits 13

may be more appropriate. A large value of n effectively inhibits factoring n to infer p and q. Next, a relatively large integer e is chosen so that e is relatively prime to (p - 1) * (q - 1). (Recall that "relatively prime" means that e has no factors in common with (p - 1) * (q 1).) An easy way to guarantee that e is relatively prime to (p - 1) * (q - 1) is to choose e as a prime that is larger than both (p - 1) and (q - 1). Finally, select d such that e * d = 1 mod (p - 1) * (q - 1) 2.3.4 El Gamal Encryption In the El Gamal[20] algorithm, to generate a key pair, first choose a prime p and two integers, a and x, such that a < p and x < p and calculate y = ax mod p. The prime p should be chosen so that (p - 1) has a large prime factor, q. The private key is x and the public key is y, along with parameters p and a. To sign a message m, choose a random integer k, 0 < k < p - 1, which has not been used before and which is relatively prime to (p - 1), and compute r = ak mod p and s = k-1 (m-xr) mod (p-1) Where k-1 is the multiplicative inverse of k mod (p - 1), so that k * k-1 = 1 mod (p - 1). The message signature is then r and s. A recipient can use the public key y to compute yr rs mod p and determine that it is equivalent to am mod p. To defeat this encryption and infer the values of x and k given r, s, and m, the intruder could find a means of computing a discrete logarithm to solve y = ax and r = ak.

2.4 Summary
The chapter discussed briefly about the face recognition, user authentication and computer security. Different techniques of face recognition are also summarized in this chapter. 14

Various measures of authentication and file securities are also discussed briefly here. Depending on the value of the object that needs to be protected, the strength of the security is increased by combining these techniques together. Their application defines the security in a system.

15

CHAPTER III

Proposed User Authentication and Security System

3.1 Introduction
Our proposed system is based on computer vision. This system provides a more user friendly environment. Besides user can encrypt his/her files if security is necessary. Brute force attacker may find password but in our proposed system user are authenticated by their face. So knowing the users face would not let the attacker break into the system. The idea of applying biometric authentication is becoming popular now. Many commercial applications are available on this particular side. But they take into account only one particular section which is logging into the system. This is where our system is different. Several biometric authentication mechanisms are available, such as, voice recognition, finger-print recognition etc. But these can be applied to the very single purpose served by the available commercial products. For run-time user authentication we have chosen face recognition. Our computer will recognize our face and continue checking if we are in front of the monitor or not, to allow access to the system.

3.2 Why Face Recognition?

We are trying to provide security while the system runs. Other authorizing mechanisms which are available cannot be applied in run-time. Examples of such mechanisms are password protection, finger-print recognition, eye recognition etc. They are all applicable only when the system starts and user is provided a session via authorization. But to provide authorization while the system runs, we need something that we can carry easily and authorization process will not disturb our access. Thus we come to face recognition process, which is usable while system is running and a user is before the system.

16

3.3 User Authentication

An operating system bases much of its protection on knowing who a user of the system is. In real-life situations, people commonly ask for identification from people they do not know: A bank employee may ask for a driver's license before cashing a check, library employees may require some identification before charging out books, and immigration officials ask for passports as proof of identity. In computing, the choices are more limited and the possibilities less secure. Anyone can attempt to log in to a computing system. Thus, most computing authentication systems must be based on some knowledge shared only by the computing system and the user. In our proposed system, every operating system should take into consideration of using computer vision as authentication system. Although this will require an extra hardware (webcam), but in the end system will remain secure from unauthorized access. Every user will need to train their face to their computer and enjoy their access. They will have the opportunity to encrypt files that are important to them. The step by step process operating system should provide are shown in figure-7. Face Detection There are several face detection mechanisms available, which is discussed in Chapter 2. First images captured by webcam should be processed to find faces (human face) from them. In this case a common misunderstanding found by the computer, is that it mistakes face with image of the face. To solve this problem our proposed system suggests using infrared face recognition that can not only bounce from the face and detect difference between face and image of the face but also provide illumination to the image captured. How Infrared Illumination Works? Infrared face recognition systems use infrared sensors to measure the thermal radiation emitted in the infrared spectrum range. One of the major problems of traditional face recognition systems is constant performance under uncontrolled environments, and especially under extreme variations in illumination conditions, e.g. operating in total darkness or full daylight in an open area surveillance 17

scenario. Such problems may be alleviated using infrared (IR) images for face recognition. Unlike conventional visual cameras, which measure the electromagnetic energy in the visible spectrum range, infrared sensors measure the thermal radiation emitted in the infrared spectrum range (0.7-0.14 m). Thermal images of the human face represent patterns caused from superficial blood vessels up to 4 cm below the skin surface, which transport warm blood throughout the body and heat the skin just above them by an average of 0.1C. The vein and tissue structure of an individual is unique, even for identical twins, and thus ensures that except in case of aging, arterial problems, injury or surgery the vascular patterns acquired by IR cameras can be used for identification. Example of the system is shown in Figure 6.

Figure 3.1: Infrared Illuminator

IR face recognition systems are unaffected by variations in illumination and unlike systems using visual light, they can work without any problem under all lighting conditions, even in complete darkness. They are also unaffected by skin color, suntan, use of cosmetics and colored eye lenses or even plastic surgery. The latter, although it would defeat a visual face recognition system since it would change drastically facial appearance (e.g. facial lift, removal of wrinkles, use of silicone implants, etc), it would not affect IR face recognition, because it does not intervene with the network of blood vessels. IR systems are very robust to impostors using masks or make-up or other means of forgery, because they can readily distinguish between real and artificial skin, hair, etc, based on different values of emissivity. Nevertheless, the extremely high cost of IR sensors, makes the use of IR face recognition systems prohibitive for every day applications. Like visual face images, thermal images are processed for recognition using appearancebased techniques like PCA, or feature based techniques that locate and use features like 18

the corners of the eye where the upper and lower eyelids meet (acanthi), the curves produced by the main facial arteries of the two cheeks, the position and angles of main arteries under the forehead, etc. Contour matching techniques are also suitable for IR recognition. The use of multimodal visual and IR face recognition systems has also been proposed. Face Recognition Then these faces will be compared with previously trained images of the authorized users with any recognition mechanism that performs better. For this, we need to extract some features of the trained face and the cam captured face. These features will then be compared to find optimal match. There will be some threshold value which will be used to find the optimal match. These two steps will continue until the user does not log off/shut down the system. Start

Face Detection

Face Recognition

Trained Images

No Matched? Yes Log Off

Normal User Process

Unlock Key Files for Encrypted Files

Figure 3.2: Authentication Process

19

Normal User Process: Every user will be able to run their desired program while they are properly authorized. Unlock Key Files: When users are authenticated their key files for encrypted files will be unlocked, which they can use for decrypting their files. These files will be locked for unauthorized user, so that they cannot access the key files.

3.4 File Security

From long before encryption is used for securing messages. In computing system there are also several kinds of encryption technique available. These encryption techniques should be available for the user, so that they can protect files important to them. Encryption techniques require key like key for a lock. For authorized user, these keys will be available to some folder. Decryption mechanism should also be available to read those files. In Chapter 2 some encryption and decryption methods are discussed

Authorizing Process

Authorized User? Yes Unlock Key Files Encryption Generate Key Decryption Decrypt File

No

Lock Key Files

Encrypt File

Save Key

Key

Access Secure File Figure 3.3: File Security mechanism 20

Lock/Unlock Key Files: Key is a necessary ingredient of cryptography [20]. They will be saved to some folder, which will be locked for the unauthorized users. Key files will be unlocked when right user logged into the system. Generate Key: Different encryption technique has different key generation mechanism. These techniques are discussed in previous chapter. These key are required for both encryption and decryption and only the authorized user will have access to the key files. Encrypt/ Decrypt Files: If a user feels necessity of providing security to a file then he/she can encrypt that file and to read/write he/she need to decrypt the file. For this purpose proper key will be required. Key can be accessed by the authorized user only. Every time an user encrypts a file the key for encryption will be stored in a secure file which will only be available to the authorized member. Our proposal is to use simple encryption technique like DES, AES etc, because they require less processing capacity. In our implemented system we used Triple DES algorithm, because they use only substitution and transposition operation, which are very simple operations. But for large scale implementation programmer may use any encryption technique that requires less operation.

3.5 Necessary flexibilities

Since we are using face of a user for authentication, which is vulnerable to many accidents, hence we made alternative option for providing flexible authentication, when users face is somehow damaged.

Figure 3.4: Flexible Authentication

21

If for some reason users face is damaged admin can change the face when proper password for that user is provided.

3.6 Summary
In this chapter, we have discussed about the features of our proposed algorithm. Our system not only ensures user authentication but also users need to secure information. Although many current companies are providing this type of product, they do not provide authenticated use while the system is running. Our proposed system can handle this problem properly.

22

CHAPTER IV

Implementation and Performance Analysis

4.1 Introduction
In the previous chapter, we have discussed about our proposed system. In this chapter we will discuss about a small scale implementation of our system. This system will provide user authentication while the system is running. Security to important files can be provided with this implementation. This implementation will solve authentication problem and security related problems via computer vision and more specifically face recognition.

4.2 Environment Setup

For the implementation process, we have used windows platform. For face recognition mechanism, we have used Luxand, widely used face recognition SDK. And for the other requirements of authentication and security, we have used some dynamic link library (dll) found within the windows. We have implemented in a Pentium Dual Core CPU T4500 @ 2.30GHz.

4.3 Developed Authentication and Security System

As described in the previous chapter, we have implemented a small version of our proposed system. When we run this program for the first time it will train the computer with the authenticated users face. Once this training is complete, this program will start providing authentication while the system is running.

23

Figure 4.1: Sample Training Image

From next time when user logs into the system our program will continue to recognize the users face and authorize the actual user for his/her access to the system. For this purpose, our program will check for a face in the webcam output. Whenever a face is found, it will call recognition process to check for the authenticated users face. If the system cannot find a face or authorized user within a given period of time, this program will lock the system automatically. If any attempt of terminating the program is made, this program will automatically log off the current user from the system. Thus only authorized user will have access to the system. And knowing the person intimately will not help an attacker to access the system.

Figure 4.2: Authorizing user

24

Not only this, a hard-disk is removable device. Anybody can access the files of a hard-disk by plugging it into another system. So we need cryptography to secure our files. We have shown a small range implementation here. User will be able to encrypt important information in text format using our program. But the actual system should cover files of all kind as much as possible. Encryption system can generate key. Our program provides necessary protection so that, these keys remain invisible to the unauthorized user. Function Description We have used different dll files to implement our program, like user32.dll, faceSDK.dll. Here we are going to describe the functions found from these libraries. LockWorkStation(): Locks the workstations display. Locking a workstation protects it from unauthorized use. If the function succeeds, the return value is nonzero. Because the function executes asynchronously, a nonzero return value indicates that the operation has been initiated. It does not indicate whether the workstation has been successfully locked. ExitWindowsEx(int uFlags, int dwReason): Logs off the interactive user, shuts down the system or shuts down and restarts the system. This function has six possible cases: Case 0: ExitWindowsEx(0,0); //log off Case 1: ExitWindowsEx(1,0); //Shutdown Case 2: ExitWindowsEx(2,0); //reboot Case 3: ExitWindowsEx(4,0); //forced logoff Case 4: ExitWindowsEx(5,0); //forced shutdown Case 5: ExitWindowsEx(6,0); //forced reboot FaceSDK FaceSDK [21] is a high-performance, multi-platform face identification and facial feature recognition solution. Serving software developers worldwide, FaceSDK is a perfect way to empower Web and desktop applications with face-based user authentication, automatic face recognition, and identification. The system can work with entire faces or facial features, supports face recognition in still images and real-time video streams. Functions that we have used from this library are as follows:

25

FSDK.InitializeLibrary():Initializes the FaceSDK library. Should be called before using of any face detection functions. FSDKCam.InitializeCapturing(): This function initializes the capturing process (but does not open a camera). This function should be called in a certain thread that works with cameras. Note that on Windows platforms this function initializes COM in the thread; if there is already initialized COM, then

FSDK_FinalizeCapturing must not be called. FSDK.CImage(): Creates an empty Cimage instance. FSDK.MatchFaces(): Match two face templates. The returned value determines the similarity of the faces. FSDK.GetMatchingThresholdAtFAR(): This function returns the threshold value for similarity to determine if two matched templates belong to the same person at a given FAR (False Acceptance Rate) value. The FAR determines the acceptable error rate when two different peoples templates are mistakenly recognized as the same person. Decreasing FAR leads to an increase in FRR i.e. with low FAR it becomes more probable that two templates from the same person will be determined as belonging to different people. If (similarity is greater than threshold); then a match is found. FSDKCam.GetCameraList: This function retrieves the list of web cameras available in the system. The name of each camera is stored in wide char format (each character occupies two bytes). The function does not support IP cameras. The camera list must be destroyed by calling the FSDK_FreeCameraList function after the list is no longer needed. SDKCam.OpenVideoCamera(): The function opens the web camera of a given name and returns its handle. FSDKCam.GrabFrame(): Retrieves the current frame from a web camera or an IP camera and stores the frame in the created Himage handle. Cryptography functions TripleDESCryptoServiceProvider(): Defines a wrapper object to access the cryptographic service provider (CSP) version of the TripleDES algorithm. This

26

class cannot be inherited. This algorithm supports key lengths from 128 bits to 192 bits in increments of 64 bits.

Figure 4.3: File Encryption

Figure 4.4: File Decryption

StreamWriter(): Implements a TextWriter for writing characters to a stream in a particular encoding. CryptoStream(): Defines a stream that links data streams to cryptographic transformations. The common language runtime uses a stream-oriented design for cryptography. The core of this design is CryptoStream. Any cryptographic objects that implement CryptoStream can be chained together with any objects that implement Stream, so the streamed output from one object can be fed into the input of another object. The intermediate result (the output from the first object) does not need to be stored separately.

StreamReader(): StreamReader implements a TextReader that reads characters from a byte stream in a particular encoding. It is designed for character input in a particular encoding, whereas the Stream class is designed for byte input and

27

output. StreamReader defaults to UTF-8 encoding unless specified otherwise. By default a StreamReader is not thread safe. BinaryWriter(): Writes primitive types in binary to a stream and supports writing strings in a specific encoding. A derived class can override the methods of this class to give unique character encodings.

4.4 Performance Analysis of the Proposed System:

Our proposed system provides a way to protect unauthorized access and secure files of the user from unwanted access. We have used computer vision and encryption to provide these. Obviously this is different from the old password security systems, but they serve better not only by protecting the assets but also users who dont know much about computing within the system feels safe with it. Every security measures have related expenses, so do our system. We can measure the performance of our system using the following properties: 1. Accuracy 2. Time Consumption 3. Cost 4. Others. Accuracy: Accuracy of authorization process depends on which algorithm is used to recognize face. Lots of research is done on this particular field. There are lot of SDKs available now-a-days, which provide above 95% accuracy in face recognition. Different companies are moving to use face recognition software to check employee attendance and entry to secure facilities. This technique is becoming popular day by day. Although they are widely used, they have some limitation, like training of the negative image, ambient light, effect of webcam output etc. Our proposed system describes a solution for the ambient of the light. We can use a unidirectional light like infrared light so that face remains visible to the camera and it will be easy to detect if the face found in the cam output is really coming from a person or his image. That will help providing better output than currently available techniques. Time Consumption: Since our proposed system provides security while the system is running, its processing performance is an important factor for its feasible use. Our system 28

not only does what its asked to do but also it work fine with Intel Dual Core Processors and above. Its processing is not disturbing other user processes performance. But it is highly recommended that the system is used with a high speed processor. As mentioned earlier dual core processor with 2GB DDR3 RAM is used for this purpose and its giving faster performance. It took 4-5 sec at initial stage when the computer is just started. After this everything runs smoothly. Cost: As described in the previous system requirement, our proposed system may seem to have some physical cost. But in case of processing cost its not high and it is negligible. But every security measure has its price. With the previous password security our user were needed to memorize a phrase/pass code, but with our system there is no need to memorize anything, but to carry his/her face. With that we need extra hardware, like webcam, illuminator etc, which is an extra cost for the user, who is used to with the password security system. But our proposed system provides security while the system is running. On the other hand password protection cannot give protection during runtime. This feature is not available with password security. Others: The proposed system not only contains authentication process but also contains security measures to important files. Small scale implementation does not show any problem, but when we talk about a large scale implementation, there are a lot of files and they are of varying size from very small to very large files. So providing security to them with complex encryption technique is not feasible choice. So encryption process should be as simple as possible, which will reduce processing pressure. With the increasing processing speed, this is also becoming affordable day by day. But research for alternatives should be carried out.

4.5 Comparison among Various Available Protection Systems:

There are many companies who are offering protection using computer vision (face recognition). We are going to show the comparison among some of the available system and our proposed system. For discussion purpose we are going to use Luxand Blink from Luxand Inc., Veriface from Lenovo, HP Protect Tools. Comparison among various available systems and our system is given below.

29

1. Our proposed system should be able to secure the user file while the system is running; on the other hand other systems that are available are not capable of doing this in run-time like ours. 2. They can detect user presence only when the user logs into the system, but our system does that every moment. 3. Since the available systems release the webcam just after the log in process, they do not make any problem while some user program requires the webcam. But in our system we need a dedicated camera for user authentication. But if the user is authenticated then user can turn the process off. So user can use the webcam in another purpose. After all no extra webcam is necessary.

4. If our proposed system is implemented completely there will no problem regarding the illumination of the environment, which by the way, is a common problem in the available system.

4.6 Summary
The main goal of this thesis is to provide a better alternative of password protection and securing file from unauthorized access. We proposed a technique using computer vision. All through the thesis we learned one very important thing, and that is security has its price. So when we are trying to protect important assets like classified files, documents, image or anything that bears importance to the user, we have to consider the price regarding that. Our proposed system may add a little extra expense to the user but in the end his/her information will be safe with our system.

30

CHAPTER V

Discussion and Conclusion

5.1 Introduction
The overall goal if this thesis was to develop and propose a new system for file protection and user authentication which can be applied successfully in real world computer systems for better performance and protection. A brief summary for each chapter is provided at the end of respective chapter, this chapter deals with the comprehensive discussion of the overall work in chapter basis. Detailed conclusion is drawn from the proposed user authentication and protection system. Possible future works which can be extended from this study are also mentioned in this chapter.

5.2 Discussion
In this thesis, a new system is proposed for better and user friendly authentication and protection system. Brute-force attack on password, forgetting password and different password vulnerabilities can be solved using this system. Not only this, an embedded cryptographic system also proposed for file security system. An attempt has been made to overview the mechanisms of different authorization techniques and security techniques, the problems and benefits of different approaches of authentication and security system. About different attacks that could be made over computer security. From the concept of these available techniques, a new system has been proposed for better authentication and security system. A new technique has been introduced for user authentication and computer security. This is different from recently available techniques. A biometric authentication (face recognition) system has been proposed. Also an embedded encryption system with the authentication is applied as well. The proposed system will reduce different attacks over the computer system and it will also give a user friendly environment. It will give a run

31

time protection as well as cryptographic features for security. It also gives lots of flexibility to the user.

5.3 Concluding Remarks

Throughout this thesis we learned about various available security and authentication process and tried to understand their lacking. Eventually we came up with idea to use computer vision for user authentication and security of the important files. The credibility of our proposed system depends on the protection over the system and proper authentication. We managed to implement a small scale implementation of our proposed system, which is capable of protecting users important files and provide authentication of the user. Thus after this thesis it is our pleasure to present an alternative of user authentication system and security of the files via computer vision before you.

5.4 Limitation
Though our proposed system works fine still it has some limitation. The limitation of the proposed system is mentioned below: 1. Requirement of extra hardware. 2. Environment illumination dependency. 3. To give flexibility to our proposed system in case some accidents occur, some vulnerable points are added in the system, like one admin user can change others face image using old password system.

5.5 Recommendation for future work

There are many ways in which the work in this thesis can be extended. The following possible areas are recommended to extend the present work. 1. Infrared light can be applied to distinguish between 2D and 3D images. 2. Cryptography can be applied for all kind of files for better protection. 3. Training system can be made more powerful to get accurate result. 4. Much better technique can be used for facial recognition.

32

REFERENCES

1.

Sanjay Kr. Singh, D. S. Chauhan, Mayank Vatsa, Richa Singh A Robust Skin Color Based Face Detection Algorithm on Tamkang Journal of Science and Engineering, Vol. 6, No. 4, pp. 227-234 (2003). M.-H. Yang, D. J. Kriegman, and N. Ahuja, Detecting faces in images: A survey, EEE Transactions on Pattern Analysis and Machine Intelligence, vol. 24, no. 1, pp. 3458, Jan. 2002. G. Yang and T. S. Huang, Human face detection in complex background, Pattern Recognition, vol. 27, no. 1, pp. 5363, 1994. R. Kjeldsen and J. Kender, Finding skin in color images, in Proc. Second Intl Conf. Automatic Face and Gesture Recognition, 1996, pp. 312317. C. Lanitis, C. Taylor, and T. Cootes, An automatic face identification system using flexible appearance models, Image and Vision Computing, vol. 13, no. 5, pp. 393401, 1995. M. Turk and A. Pentland, Eigenfaces for recognition, J. Cognitive Neuroscience, vol. 3, no. 1, pp. 7186, 1991. H. Rowley, S. Baluja, and T. Kanade, Neural network-based face detection, IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 20, no. 1, pp. 2338, Jan. 1998. C. Osuna, R. Freund, and F. Girosi, Training support vector machines: An application to face detection, in Proc. IEEE Conf. Computer Vision and Pattern Recognition, 1997, pp. 130136.

2.

3.

4.

5.

6.

7.

8.

9.

A. Rajagopalan, K. Kumar, J. Karlekar, R. Manivasakan, M. Patil, U. Desai, P. Poonacha, and S. Chaudhuri, Finding faces in photographs, in Proc. Sixth IEEE Intl Conf. Computer Vision, 1998, pp. 640645. T. Kanade, Picture processing by computer complex and recognition of human faces, Ph.D. dissertation, Department of Information Science, Kyoto University, 1973. Crowley, J. L. and Coutaz, J., Vision for Man Machine Interaction, Robotics and Autonomous Systems, Vol. 19, pp. 347-358 (1997).

10.

11.

33

12.

Kjeldsen, R. and Kender., J., Finding Skin in Color Images, Proceedings of the Second International Conference on Automatic Face and Gesture Recognition, pp. 312-317 (1996). R. Brunelli and T. Poggio, Face recognition through geometrical features, in European Conference on Computer Vision (ECCV), 1992, pp. 792800. G. Guo, S. Li, and K. Chan, Support vector machines for face recognition, Image and Vision Computing, no. 19, pp. 631638, 2001. Y. Lia, S. Gong, J. Sherrah, and H. Liddell, Support vector machine based multiview face recognition and detection, Image and Vision Computing, no. 22, pp. 413427, 2004. R. Cesar, E. Bengoetxea, and I. Bloch, Inexact graph matching using stochastic optimization techniques for facial feature recognition, in International Conference on Pattern Recognition (ICPR), Quebec, Canada, 2002. C. Ben Abdelkader and P. Grifn, Comparing and combining depth and texture cues for face recognition, Image and Vision Computing, no. 23, pp. 339352, 2005. H. K. Ekenel and B. Sankur, Multiresolution face recognition, Image and Vision Computing, no. 23, pp. 19, 2005. C. Li and H. Wechsler, A gabor feature classier for face recognition, in Eighth IEEE International Conference on Computer Vision, vol. 2, July 714, 2001, pp. 270275. Charles P. Pfleeger, Shari Lawrence Pfleeger Security in Computing. Luxand FaceSDK 4.0 - Face Detection and Recognition Library Developers Guide.

13.

14.

15.

16.

17.

18.

19.

20. 21.

34