Subhas Barman | JGEC - Academia.edu (original) (raw)
Papers by Subhas Barman
2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
2017 International Conference on Computational Intelligence in Data Science(ICCIDS)
International Journal of Spatial, Temporal and Multimedia Information Systems
IEEE Access
Smart card-based remote authentication schemes are widely used in multi-medical-serverbased telec... more Smart card-based remote authentication schemes are widely used in multi-medical-serverbased telecare medicine information systems (TMIS). Biometric is one of the most trustworthy authenticators, and is presently being advocated to use in the remote authentication of TMIS. However, most of the existing TMISs consider a single-server-environment-based authentication system. Therefore, patients need to register and log into every server separately for different services. Furthermore, these schemes do not employ error correction technique to remove the errors from biometric data. Also, biometrics are inherent and demand diversification to generate a revocable template from inherent biometric data. In this paper, we propose a mutual authentication and key agreement scheme for a multi-medical server environment to overcome the limitations of the existing schemes. In the proposed scheme, a cancelable transformation of the raw biometric data is used to provide the privacy and the diversification of biometric data. The errors of the biometric data are corrected with error-correction techniques under the fuzzy commitment mechanism. Formal security analysis using the widely accepted Real-Or-Random (ROR) model, the Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool concludes that the proposed scheme is safe against known attacks. We also compare the computation and communication costs of our scheme to evaluate the performance with the others.
IEEE Access
Remote user authentication is a cryptographic mechanism through which a remote server verifies th... more Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the same user for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses, including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user's password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the tradeoff among the security and functionality features and the communication and computation costs.
International Journal of Trust Management in Computing and Communications
Computers & Electrical Engineering
Multimedia Tools and Applications
Proceedings of the 2015 Third International Conference on Computer Communication Control and Information Technology, Feb 1, 2015
Geographical Information Systems (GIS) are special types of information systems managing geo-spat... more Geographical Information Systems (GIS) are special types of information systems managing geo-spatial data. The GIS is used to manage geo-referenced information and it represents spatial position of any location into digital map. The GIS also facilitates the user to retrieve spatial information easily using a lot of geographic functions such as data integration, mapping, and overlaying, buffering, projection etc. In the traditional GIS, layer wise data extraction is difficult as it is not followed layerwise data storing. In this regard, our system is able to extract spatial data layer wise from database according to the user's interest. It is also able to work with both spatial data and attribute data (non-spatial data). Spatial data describes the locations and shapes of geographic features like roads, buildings and streets while attribute data describes the characteristics of geographic features (like name, type etc.). In this paper, we present an approach to implement a map of a town considering the layers (road, building like administrative office, health center, educational organization etc.) using spatial database and map-viewer.
Smart card-based remote authentication schemes are widely used in multi-medicalserver-based telec... more Smart card-based remote authentication schemes are widely used in multi-medicalserver-based telecare medicine information systems (TMISs). Biometric is one of the most trustworthy authenticators and is presently being advocated to use in the remote authentication of TMIS. However, most of the existing TMISs consider a single-server-environment-based authentication system. Therefore, patients need to register and log into every server separately for different services. Furthermore, these schemes do not employ error correction technique to remove the errors from biometric data. Also, biometrics are inherent and demand diversification to generate a revocable template from inherent biometric data. In this paper, we propose a mutual authentication and key agreement scheme for a multi-medical server environment to overcome the limitations of the existing schemes. In the proposed scheme, a cancelable transformation of the raw biometric data is used to provide the privacy and the diversification of biometric data. The errors of the biometric data are corrected with error-correction techniques under the fuzzy commitment mechanism. A formal security analysis using the widely accepted real-or-random model, the Burrows-Abadi-Needham logic, and the automated validation of Internet security protocols and applications tool concludes that the proposed scheme is safe against known attacks. We also compare the computation and communication costs of our scheme to evaluate the performance with the others. INDEX TERMS Telecare medicine information system (TMIS), fuzzy commitment scheme, BAN logic, real-or-random (ROR), AVISPA tool.
2014 International Conference on High Performance Computing and Applications, Dec 1, 2014
2014 International Conference on Information Technology, Dec 1, 2014
Fingerprint matching is the main module of fingerprint-based person authentication system. Accura... more Fingerprint matching is the main module of fingerprint-based person authentication system. Accuracy of fingerprint matching is an important objective of this type authentication system. Multiple features are used for better matching accuracy but more features add more computational complexity as well as time and space complexity. In this paper, we proposed an approach of fingerprint based authentication system where fingerprint matching is carried out using spacial information (distance) of minutiae points only. This approach is simple and it needs very small space to store templates. We have used an indexing technique to speed up the matching process. In our experiment, we have used FVC2004 fingerprint dataset as input data and investigated the false non-match ratio and false matching ratio for DB2, DB3 and DB4 also.
International Journal of Biometrics, 2015
In crypto-biometric system (CBS), biometric is combined with cryptography. In CBS, either accessi... more In crypto-biometric system (CBS), biometric is combined with cryptography. In CBS, either accessing a cryptographic key is controlled with biometric or the key is generated from biometric features. This work is related to the latter approach in CBS. In such a system, protecting the privacy of the biometric data is an important concern. Further, there is a need to generate different cryptographic keys from the same biometric template of a user. Cancellable transformation of biometric data prior to the key generation is known as a solution. In this paper, we propose an approach to generate cryptographic key from cancellable fingerprint templates (CT) of sender and receiver to ensure the privacy of the fingerprints and at the same time, it produces revocable key for the application of symmetric cryptography. The between-person variability of CTs guarantees the randomness which ensures that impostor users are not able to generate a genuine CT to break the cryptographic key.
Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), 2015
Crypto-biometric system (CBS) is a combination of biometrie with cryptography to enhance network ... more Crypto-biometric system (CBS) is a combination of biometrie with cryptography to enhance network security. Biometrie is the most trustworthy measure to identify a person uniquely using his or her behavioral and physiological characteristics. Cryptography is an effective concern to the security of information. The security of cryptography depends on the strength of cryptographic key and strength of key depends on the length of key. In the traditional cryptography, key is generated randomly and it is very difficult to remember as the key is not linked with user. To address this limitation of cryptography, CBS uses biometrie data of user to bind key with its owner and as the key is linked with user's biometrie data, user does not need to remember the key. As biometrie data is irrevocable, it becomes useless when compromised and as a result the biometrie based key becomes also useless. In this approach, fingerprint features are used to generate key for cryptographic application. The key is revocable and easy to revoke when required. In our experiment, FVC2004 fingerprint database is used to investigate the result.
EURASIP Journal on Information Security, 2015
To ensure the secure transmission of data, cryptography is treated as the most effective solution... more To ensure the secure transmission of data, cryptography is treated as the most effective solution. Cryptographic key is an important entity in this process. In general, randomly generated cryptographic key (of 256 bits) is difficult to remember. However, such a key needs to be stored in a protected place or transported through a shared communication line which, in fact, poses another threat to security. As an alternative to this, researchers advocate the generation of cryptographic key using the biometric traits of both sender and receiver during the sessions of communication, thus avoiding key storing and at the same time without compromising the strength in security. Nevertheless, the biometric-based cryptographic key generation has some difficulties: privacy of biometrics, sharing of biometric data between both communicating parties (i.e., sender and receiver), and generating revocable key from irrevocable biometric. This work addresses the above-mentioned concerns. We propose an approach to generate cryptographic key from cancelable fingerprint template of both communicating parties. Cancelable fingerprint templates of both sender and receiver are securely transmitted to each other using a key-based steganography. Both templates are combined with concatenation based feature level fusion technique and generate a combined template. Elements of combined template are shuffled using shuffle key and hash of the shuffled template generates a unique session key. In this approach, revocable key for symmetric cryptography is generated from irrevocable fingerprint and privacy of the fingerprints is protected by the cancelable transformation of fingerprint template. Our experimental results show that minimum, average, and maximum Hamming distances between genuine key and impostor's key are 80, 128, and 168 bits, respectively, with 256-bit cryptographic key. This fingerprint-based cryptographic key can be applied in symmetric cryptography where session based unique key is required.
Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), 2015
Geographical Information Systems (GIS) are special types of information systems managing geo-spat... more Geographical Information Systems (GIS) are special types of information systems managing geo-spatial data. The GIS is used to manage geo-referenced information and it represents spatial position of any location into digital map. The GIS also facilitates the user to retrieve spatial information easily using a lot of geographic functions such as data integration, mapping, and overlaying, buffering, projection etc. In the traditional GIS, layer wise data extraction is difficult as it is not followed layerwise data storing. In this regard, our system is able to extract spatial data layer wise from database according to the user's interest. It is also able to work with both spatial data and attribute data (non-spatial data). Spatial data describes the locations and shapes of geographic features like roads, buildings and streets while attribute data describes the characteristics of geographic features (like name, type etc.). In this paper, we present an approach to implement a map of a town considering the layers (road, building like administrative office, health center, educational organization etc.) using spatial database and map-viewer.
2014 International Conference on Information Technology, 2014
Fingerprint matching is the main module of fingerprint-based person authentication system. Accura... more Fingerprint matching is the main module of fingerprint-based person authentication system. Accuracy of fingerprint matching is an important objective of this type authentication system. Multiple features are used for better matching accuracy but more features add more computational complexity as well as time and space complexity. In this paper, we proposed an approach of fingerprint based authentication system where fingerprint matching is carried out using spacial information (distance) of minutiae points only. This approach is simple and it needs very small space to store templates. We have used an indexing technique to speed up the matching process. In our experiment, we have used FVC2004 fingerprint dataset as input data and investigated the false non-match ratio and false matching ratio for DB2, DB3 and DB4 also.
2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2014
2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
2017 International Conference on Computational Intelligence in Data Science(ICCIDS)
International Journal of Spatial, Temporal and Multimedia Information Systems
IEEE Access
Smart card-based remote authentication schemes are widely used in multi-medical-serverbased telec... more Smart card-based remote authentication schemes are widely used in multi-medical-serverbased telecare medicine information systems (TMIS). Biometric is one of the most trustworthy authenticators, and is presently being advocated to use in the remote authentication of TMIS. However, most of the existing TMISs consider a single-server-environment-based authentication system. Therefore, patients need to register and log into every server separately for different services. Furthermore, these schemes do not employ error correction technique to remove the errors from biometric data. Also, biometrics are inherent and demand diversification to generate a revocable template from inherent biometric data. In this paper, we propose a mutual authentication and key agreement scheme for a multi-medical server environment to overcome the limitations of the existing schemes. In the proposed scheme, a cancelable transformation of the raw biometric data is used to provide the privacy and the diversification of biometric data. The errors of the biometric data are corrected with error-correction techniques under the fuzzy commitment mechanism. Formal security analysis using the widely accepted Real-Or-Random (ROR) model, the Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool concludes that the proposed scheme is safe against known attacks. We also compare the computation and communication costs of our scheme to evaluate the performance with the others.
IEEE Access
Remote user authentication is a cryptographic mechanism through which a remote server verifies th... more Remote user authentication is a cryptographic mechanism through which a remote server verifies the legitimacy of an authorized user over an insecure communication channel. Most of the existing authentication schemes consider single-server environments and require multiple registrations of the same user for multiple servers. Moreover, most of these schemes do not consider biometric template revocation and error correction for noisy biometric signals. In addition, the existing schemes have several weaknesses, including stolen smart card attack, lack of user anonymity, user impersonation attack, and non-diversification of biometric data. To overcome these disadvantages, we propose a new three-factor authenticated key agreement scheme using a fuzzy commitment approach. The three factors used in the proposed scheme are the user's password, smart card, and personal biometrics. The security of the proposed scheme is verified using a formal security analysis under the broadly accepted Real-Or-Random model for the session key security. The widely accepted Burrows-Abadi-Needham logic is also applied for mutual authentication between a legally registered user and a server, and formal security verification using the broadly accepted Automated Validation of Internet Security Protocols and Applications is performed for the proposed scheme through simulation to show that it is secure. In addition, the informal security analysis of the proposed scheme shows that the scheme can resist other known attacks. Finally, a comparative study of the proposed scheme with the existing related schemes is conducted to measure the tradeoff among the security and functionality features and the communication and computation costs.
International Journal of Trust Management in Computing and Communications
Computers & Electrical Engineering
Multimedia Tools and Applications
Proceedings of the 2015 Third International Conference on Computer Communication Control and Information Technology, Feb 1, 2015
Geographical Information Systems (GIS) are special types of information systems managing geo-spat... more Geographical Information Systems (GIS) are special types of information systems managing geo-spatial data. The GIS is used to manage geo-referenced information and it represents spatial position of any location into digital map. The GIS also facilitates the user to retrieve spatial information easily using a lot of geographic functions such as data integration, mapping, and overlaying, buffering, projection etc. In the traditional GIS, layer wise data extraction is difficult as it is not followed layerwise data storing. In this regard, our system is able to extract spatial data layer wise from database according to the user's interest. It is also able to work with both spatial data and attribute data (non-spatial data). Spatial data describes the locations and shapes of geographic features like roads, buildings and streets while attribute data describes the characteristics of geographic features (like name, type etc.). In this paper, we present an approach to implement a map of a town considering the layers (road, building like administrative office, health center, educational organization etc.) using spatial database and map-viewer.
Smart card-based remote authentication schemes are widely used in multi-medicalserver-based telec... more Smart card-based remote authentication schemes are widely used in multi-medicalserver-based telecare medicine information systems (TMISs). Biometric is one of the most trustworthy authenticators and is presently being advocated to use in the remote authentication of TMIS. However, most of the existing TMISs consider a single-server-environment-based authentication system. Therefore, patients need to register and log into every server separately for different services. Furthermore, these schemes do not employ error correction technique to remove the errors from biometric data. Also, biometrics are inherent and demand diversification to generate a revocable template from inherent biometric data. In this paper, we propose a mutual authentication and key agreement scheme for a multi-medical server environment to overcome the limitations of the existing schemes. In the proposed scheme, a cancelable transformation of the raw biometric data is used to provide the privacy and the diversification of biometric data. The errors of the biometric data are corrected with error-correction techniques under the fuzzy commitment mechanism. A formal security analysis using the widely accepted real-or-random model, the Burrows-Abadi-Needham logic, and the automated validation of Internet security protocols and applications tool concludes that the proposed scheme is safe against known attacks. We also compare the computation and communication costs of our scheme to evaluate the performance with the others. INDEX TERMS Telecare medicine information system (TMIS), fuzzy commitment scheme, BAN logic, real-or-random (ROR), AVISPA tool.
2014 International Conference on High Performance Computing and Applications, Dec 1, 2014
2014 International Conference on Information Technology, Dec 1, 2014
Fingerprint matching is the main module of fingerprint-based person authentication system. Accura... more Fingerprint matching is the main module of fingerprint-based person authentication system. Accuracy of fingerprint matching is an important objective of this type authentication system. Multiple features are used for better matching accuracy but more features add more computational complexity as well as time and space complexity. In this paper, we proposed an approach of fingerprint based authentication system where fingerprint matching is carried out using spacial information (distance) of minutiae points only. This approach is simple and it needs very small space to store templates. We have used an indexing technique to speed up the matching process. In our experiment, we have used FVC2004 fingerprint dataset as input data and investigated the false non-match ratio and false matching ratio for DB2, DB3 and DB4 also.
International Journal of Biometrics, 2015
In crypto-biometric system (CBS), biometric is combined with cryptography. In CBS, either accessi... more In crypto-biometric system (CBS), biometric is combined with cryptography. In CBS, either accessing a cryptographic key is controlled with biometric or the key is generated from biometric features. This work is related to the latter approach in CBS. In such a system, protecting the privacy of the biometric data is an important concern. Further, there is a need to generate different cryptographic keys from the same biometric template of a user. Cancellable transformation of biometric data prior to the key generation is known as a solution. In this paper, we propose an approach to generate cryptographic key from cancellable fingerprint templates (CT) of sender and receiver to ensure the privacy of the fingerprints and at the same time, it produces revocable key for the application of symmetric cryptography. The between-person variability of CTs guarantees the randomness which ensures that impostor users are not able to generate a genuine CT to break the cryptographic key.
Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), 2015
Crypto-biometric system (CBS) is a combination of biometrie with cryptography to enhance network ... more Crypto-biometric system (CBS) is a combination of biometrie with cryptography to enhance network security. Biometrie is the most trustworthy measure to identify a person uniquely using his or her behavioral and physiological characteristics. Cryptography is an effective concern to the security of information. The security of cryptography depends on the strength of cryptographic key and strength of key depends on the length of key. In the traditional cryptography, key is generated randomly and it is very difficult to remember as the key is not linked with user. To address this limitation of cryptography, CBS uses biometrie data of user to bind key with its owner and as the key is linked with user's biometrie data, user does not need to remember the key. As biometrie data is irrevocable, it becomes useless when compromised and as a result the biometrie based key becomes also useless. In this approach, fingerprint features are used to generate key for cryptographic application. The key is revocable and easy to revoke when required. In our experiment, FVC2004 fingerprint database is used to investigate the result.
EURASIP Journal on Information Security, 2015
To ensure the secure transmission of data, cryptography is treated as the most effective solution... more To ensure the secure transmission of data, cryptography is treated as the most effective solution. Cryptographic key is an important entity in this process. In general, randomly generated cryptographic key (of 256 bits) is difficult to remember. However, such a key needs to be stored in a protected place or transported through a shared communication line which, in fact, poses another threat to security. As an alternative to this, researchers advocate the generation of cryptographic key using the biometric traits of both sender and receiver during the sessions of communication, thus avoiding key storing and at the same time without compromising the strength in security. Nevertheless, the biometric-based cryptographic key generation has some difficulties: privacy of biometrics, sharing of biometric data between both communicating parties (i.e., sender and receiver), and generating revocable key from irrevocable biometric. This work addresses the above-mentioned concerns. We propose an approach to generate cryptographic key from cancelable fingerprint template of both communicating parties. Cancelable fingerprint templates of both sender and receiver are securely transmitted to each other using a key-based steganography. Both templates are combined with concatenation based feature level fusion technique and generate a combined template. Elements of combined template are shuffled using shuffle key and hash of the shuffled template generates a unique session key. In this approach, revocable key for symmetric cryptography is generated from irrevocable fingerprint and privacy of the fingerprints is protected by the cancelable transformation of fingerprint template. Our experimental results show that minimum, average, and maximum Hamming distances between genuine key and impostor's key are 80, 128, and 168 bits, respectively, with 256-bit cryptographic key. This fingerprint-based cryptographic key can be applied in symmetric cryptography where session based unique key is required.
Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), 2015
Geographical Information Systems (GIS) are special types of information systems managing geo-spat... more Geographical Information Systems (GIS) are special types of information systems managing geo-spatial data. The GIS is used to manage geo-referenced information and it represents spatial position of any location into digital map. The GIS also facilitates the user to retrieve spatial information easily using a lot of geographic functions such as data integration, mapping, and overlaying, buffering, projection etc. In the traditional GIS, layer wise data extraction is difficult as it is not followed layerwise data storing. In this regard, our system is able to extract spatial data layer wise from database according to the user's interest. It is also able to work with both spatial data and attribute data (non-spatial data). Spatial data describes the locations and shapes of geographic features like roads, buildings and streets while attribute data describes the characteristics of geographic features (like name, type etc.). In this paper, we present an approach to implement a map of a town considering the layers (road, building like administrative office, health center, educational organization etc.) using spatial database and map-viewer.
2014 International Conference on Information Technology, 2014
Fingerprint matching is the main module of fingerprint-based person authentication system. Accura... more Fingerprint matching is the main module of fingerprint-based person authentication system. Accuracy of fingerprint matching is an important objective of this type authentication system. Multiple features are used for better matching accuracy but more features add more computational complexity as well as time and space complexity. In this paper, we proposed an approach of fingerprint based authentication system where fingerprint matching is carried out using spacial information (distance) of minutiae points only. This approach is simple and it needs very small space to store templates. We have used an indexing technique to speed up the matching process. In our experiment, we have used FVC2004 fingerprint dataset as input data and investigated the false non-match ratio and false matching ratio for DB2, DB3 and DB4 also.
2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2014