When it comes to security, we cannot overlook the concept of uniqueness. When we mention uniqueness, what comes to mind in everyone is the uniqueness that exists in every human being. This article explains the security of Cloud Computing through biometric features such as fingerprints, eye iris, retina, etc. First, the characteristics of the fingerprints that make each fingerprint unique and the sensors with which they are read are analyzed. Next, the steps of a fingerprint recognition algorithm and the disadvantages of such a system are analyzed. At the end of the article, an evaluation is made at the security level of the fingerprint recognition system.
2. Security of Cloud Computing through Biometric Features
https://iaeme.com/Home/journal/IJARET 22 editor@iaeme.com
• Characteristics of the face,
• Nail substrate geometry,
• Denture,
• Posture,
• Spectrum absorption,
• Face thermogram,
• Voice recognition,
• DNA,
• Odor.
These are some of the biometric features that can be used in an identification. Of course
some remain unchanged over time while others will need to be constantly updated for proper
identification. For example, over the years the geometry of the ears changes, the same can be
said for the denture that can change over time or even with an artificial change that we will
make.
In this article we will refer mainly to the identification through the fingerprints as it is the
most widespread way of authentication and the most accessible to be implemented in the
commercial sector. It is also one of the biometric features that remain indelible over time which
is a great advantage compared to the others.
At the application level, in order to provide access to a user, it must go through two stages,
the stage of identification and the stage of authentication.
The identification of a logical subject is called the process in which the logical subject
provides an information system with the information needed to associate it with one of the
objects entitled to access its resources.
The authentication of a logical subject is called the process in which a logical subject
provides an information system with the information needed to verify the validity of the
correlation achieved during the identification process. If we could categorize the types of
authentication controls, it would be four (4) types. [2,3]
Type 1: something that the logical subject knows (eg a password-PIN)
Disadvantages :
The authentication items can be easily copied, it is usually easy to guess, without special
technical knowledge, while they can also be revealed by automated methods.
Advantages :
They are easy to implement and apply, easily modified. They are not lost or stolen, and although
they are simple to use, if they are a unique combination of numbers and letters, they are not
easily revealed.
Type 2: something that the logical subject holds (eg magnetic identification device, smart card
or digital certificate)
Disadvantages:
The cost could be said to be quite high, while not quite difficult to lose or even steal.
Advantages
They are not easily copied as they are made of special materials which are not widely available.
3. Alexandra Briasouli, Daniela Minkovska and Lyudmila Stoyanova
https://iaeme.com/Home/journal/IJARET 23 editor@iaeme.com
Type 3: something that characterizes the logical subject based on its unambiguous biometric
characteristics (biometric technology systems eg: fingerprint applications, voice and iris
recognition)
Disadvantages :
There are several difficulties in the process of building reliable identification devices at low
cost and unfortunately they are not infallible.
Advantages:
Provide greater security than a password (type 1) or even a magnetic identifier (type 2)
Type 4: something that identifies the location of the logical subject (eg ip address)
Disadvantages :
Difficulty in verifying data to the user. There is a problem when we have dynamicip and a
problem when there is movement of the user's location.
Advantages:
It is an easy and helpful and not the main way of identification when referring to staticip.
2. FINGERPRINT FEATURES
Figure 1 Fingerprint [3]
A fingerprint can identify up to 150 different local features (islets, short ridges, fences, etc.)
called micro-details. These local characteristics are not evenly distributed on the finger. Most
of them depend on the printing conditions (flat or sliding method, using ink or electronic
scanner) and the quality of the fingerprint. The two most prominent features are[3,4]:
• Ridge ending
• Ridge bifurcations
Ridge ending means the point where the ridge ends abruptly. A Ridge bifurcation is the
point where a ridge splits or splits into two new ridges. A typical fingerprint image is shown in
Figure 2 which includes 40-100 micron details [4].
4. Security of Cloud Computing through Biometric Features
https://iaeme.com/Home/journal/IJARET 24 editor@iaeme.com
Figure 2 Morphology and topology of fingerprint [3]
The morphology and topology of the ridges and valleys on the fingerprint allows the
application of appropriate mathematical models and image processing algorithms in order to
extract appropriate information that characterizes each fingerprint on the basis of which the
identification and identification of individuals is performed [4].
Figure 3 General biometrics approach for cloud data security [5]
5. Alexandra Briasouli, Daniela Minkovska and Lyudmila Stoyanova
https://iaeme.com/Home/journal/IJARET 25 editor@iaeme.com
3. FINGERPRINT READING SYSTEMS
In general, there are the following fingerprint detection techniques [3]:
• Optical reflection,
• Optical Transmission (Optic Transmission),
• Optical TFT,
• Electro-optical reading,
• Capacitance silicon,
• Capacitive TFT (capacitance tft),
• RF field,
• TFT pressure,
• Thermal,
• Ultrasound.
3.1. Optical Reflection Sensor
This is one of the oldest ways to read fingerprints. Its principle of operation is extremely simple.
The user presses his finger on the surface of a prism illuminated by a source. At the point of
contact, light is not reflected but absorbed. On the other side of the prism, the output light
(image) is transmitted through a lens to a CCD / CMOS sensor and the resulting data is
transferred to a digitizing circuit (framegrabber). A variation of the above technology is the
scanned optical detection sensor: here the user has to slide his finger on the surface of the
detector. The detector is smaller in size. Casio in collaboration with AlpsElectric created in
2003 a detector where the sensor is located inside a small cylinder that rotates as the user passes
his finger [6].
3.2. Optical Transmission Sensor
In this system, the finger is illuminated directly by a light source (usually a light emitting diode,
LED) located on the opposite side of the fingerprint. The light that comes out is read directly
by a CMOScamera: Variations of the above method include lighting from the fingertips, as is
the case with the sensor developed by NEC. The size of the CMOS is about the size of a finger
and the lighting is done by LEDs placed around the perimeter [7].
3.3. TFT Optical Sensor
This is a variation of the previous method, where instead of a CMOS camera, a small TFT
screen is used in which the user presses his finger. This system works well even with wet or
dirty fingers and has no problem operating in a very dark or very bright environment. [8]
3.4. Electro-Optical Reading Sensor
Some polymers have the property of emitting light when exposed to high voltages. In the
electro-optical reading sensor, the polymer rests on a CMOS camera which is necessarily the
size of a finger. The user rests on the upper side of the polymer, effectively closing the circuit
with his finger at the points where the edges touch. The polymer emits light at the edges [8].
3.5. Capacitive Detection Sensors: CapacitanceSilicon / CapacitanceTFT
The most popular method of detection after optical detection is based on the measurement of
capacitance. The finger acts as the armature of a capacitor as it is pressed against the surface of
the detector. Capacity varies depending on whether it rests on a slope or a valley. This
6. Security of Cloud Computing through Biometric Features
https://iaeme.com/Home/journal/IJARET 26 editor@iaeme.com
measurement of variable capacity finally gives us the image of the fingerprint. As the capacities
are very small and a lot of sensitivity is required to read their value correctly (based on the
electric field), the thickness of the sensor coating must be very small (at the level of a few
microns), as the capacitance decreases with square of the distance between the armatures of the
capacitor (In capacitive detection one armature is the finger and the other the sensor, so it is
important that their intermediate gap is as small as possible). Another disadvantage of
capacitive detection is its relatively easy interference from electric fields that can be generated
by other devices. Electrostatic discharge from the user's skin can also damage such sensors [9-
11].
CapacitanceSilicon
In this capacitive detection method, the sensor consists of a CMOS circuit, which is a variant
of the optical sensor (CMOS) used in optical detection. In this case, however, its optical
properties are not used but its ability to measure the electric field formed by the capacitance
phenomenon mentioned above. This method is very popular as the sensors are small in size,
have low cost and consumption and can be easily integrated into low cost consumer devices [9-
11].
ActiveCapacitanceSilicon
This is a variation of the previous method (which can also be described as
passivecapacitancesilicon) in which, before measuring the capacitance, an electric current is
applied to the finger-sensor interface. There is in this way a charge cycle (during which the
charge is stored in the finger-sensor capacity) and a discharge cycle during which the
measurement is made. The capacitance is calculated by comparing the received voltage with a
reference voltage. Compared to the previous passive capacity detection, this method has the
advantage that it is not particularly affected by dirty or wet fingers as the current passes through
the skin and the measurement is actually made below the surface of the skin (as in the ultrasound
sensor). which we will see below) [9-11].
CapacitanceTFT
In accordance with the optical TFT method, there is the corresponding capacitance that replaces
the CMOS sensor of the previous category with a TFT sensor, a variant of the technology found
on the respective screens [9-11].
3.6. RF Field Sensor
This type of detection is often confused with capacitive detection. The sensor provides a low
frequency radio (RF) signal that is input. CapacitanceSilicon sensor on user's finger. The signal
that returns from the finger is measured by the sensor which also has the role of the antenna.
The strength of the return signal depends at each point on the capacitance / resistance of the
finger contact with the sensor: it is stronger at the edges and weaker in the valleys [12].
3.7. Pressure - Pressure Sensors TFT
The idea of detecting a pressure-based fingerprint is one of the oldest - as is the original paper
and ink recording. The recording of an electrical signal that varies with pressure is based on
piezoelectric phenomenon which has been known for many years. Piezoelectric sensors,
however, show low sensitivity and the need for a protective layer on the sensor further distorts
the image (lines are smoothed and blurred). Some of these problems, however, are being
addressed with relative success in modern implementations. CMOS or TFT circuit can be used
for the sensor as we have seen in the previous methods [10],[12].
7. Alexandra Briasouli, Daniela Minkovska and Lyudmila Stoyanova
https://iaeme.com/Home/journal/IJARET 27 editor@iaeme.com
3.8. Thermal Sensors
The technique is based on the existence of a pyro-electrical material that converts the
temperature difference between two materials into an electrical signal. This type of sensor does
not measure the temperature difference between the edge and the valley in the footprint (this
difference is negligible) but the temperature difference between the finger and the sensor. To
be precise, the temperature of the edges is measured as only they actually come in contact with
the sensor. One problem with this method is that the signal disappears very quickly: initially
the finger-sensor temperature difference is large, but as the finger remains on the sensor, they
both come to the same temperature very quickly (of course, the small size also contributes to
this. of the sensor). As the electrical signal is only generated as long as there is a temperature
difference, it disappears as soon as thermal equilibrium occurs (typically in about 1/10 of a
second) [13].
3.9. Ultrasound Sensor
Ultrasound fingerprint detection offers some advantages, but it is not widespread: The sensors
are large, cumbersome and contain several mechanical parts. Their size and cost make them
impossible to use on mobile devices and low cost computers. Their main advantage is their
ability to read the fingerprint from the skin under the skin. Thus they are not affected by water,
dust, dirt and provide a much more reliable measurement than other methods. Recently,
UltraScan (www.ultra-scan.com) introduced a chip-based ultrasound sensor that promises all
the benefits of ultrasound in a smaller size and easier application. [13, 4]
4. FINGERPRINT RECOGNITION ALGORITHM
Below are more details about the fingerprint recognition algorithm. This algorithm consists of
four steps [3, 4, 13].
1. Core detection.
2. Alignment of rotation and displacement.
3. Common export area.
4. Matching fingerprints.
4.1. Core Detection
This step locates the core of the registered fingerprint f (n1, n2) and the incoming image g (n1,
n2) to align the shift between two pictures. The core is defined as a single point in an image of
its representation fingerprint showing the maximum curvature of the ridges [13].
4.2. Alignment of Rotation and Displacement
The displacement and rotation between the registered fingerprint f (n1, n2) and the incoming g
(n1, n2) must be smoothed out in order to perform a high-precision match. In case both
fingerprints have their own core, then align between the two images based on their core. Then
follows the smoothing of the rotation based on the following:
First, you create a pair of rotated images fθ (n1, n2) of the registered prints f (n1, n2) in the
angle range −40 ° ≤ θ ≤ 40 ° with an angle spacing of 1 °. The angle of rotation θ of the incoming
image compared to the controlled image can be determined based on the evaluation of the
similarity between the rotating copy of the registered image fθ (n1, n2) (−40 ° ≤ θ ≤ 40 °) and
the incoming image g (n1, n2) using the BLPOC function. When either f (n1, n2) or g (n1, n2)
does not have its own core, the rotation must first be smoothed out with the procedure we
described a moment ago.
8. Security of Cloud Computing through Biometric Features
https://iaeme.com/Home/journal/IJARET 28 editor@iaeme.com
Then, the displacement between the rotated-normalized image fθ (n1, n2) and the incoming
image g (n1, n2) is aligned.
Finally, we have the normalized versions of the registered image and the input image which
are denoted by f '(n1, n2) and g' (n1, n2) [13].
4.3. Common Export Area
The next step is to extract the overlapping area of the two images f ’(n1, n2) and g’ (n1, n2).
This process improves the matching accuracy of the fingerprints, as the non-overlapping areas
of the two images can make the components of the BLPOC function unrelated. In order to locate
the real areas of the registered image f '(n1, n2) and the input image g' (n1, n2), the projection
axes n1 and n2 of the pixel values are examined. Only the common affected areas of the image,
f '' (n1, n2) and g '' (n1, n2), of the same size are exported for the next matching step [13].
4.4. Matching Fingerprints
Calculate the BLPOC function 𝑛𝑓′′
𝐾1
𝑛𝑔′′
𝐾2(𝑛1, 𝑛2) between the two extracted images f '' (n1, n2)
and g '' (n1, n2) and create the corresponding result. The BLPOC function can give multiple
correlation peaks as a result of the elastic deformations of the fingerprints [13].
5. DISADVANTAGES OF FINGERPRINTS
In the field of internet security we always use an identification method to access the object we
want to access. The most common way is a password.
Passwords are not secure. No one creates good passwords and when they do, they reuse
them on different websites and servers. Even if you use a trusted passwordmanager they can
easily "break" it and gain access to all your passwords. But do you know what is worse than a
password? A fingerprint. Fingerprints have several problems and should not be used instead of
a password.
Passwords are supposed to be secret, such as e.g. the name of your childhood pet. On the
contrary, one has the fingerprints with him wherever he goes. Also the passwords can be
changed in case a password is revealed while in the fingerprint you do not do that. Last but not
least, the password must be hashable, ie encryptable in order to be safe for both the user and
the database in which it is stored from theft [14].
5.1. Fingerprints are no Secret
The first and perhaps most obvious problem with using fingerprints instead of a secret password
is that fingerprints are not secret at all. Consider that anyone in possession of something you
have touched directly has your fingerprints. So think about how many different objects we use
in our daily lives one can find and retrieve our fingerprints.
A hacker named Ian Krissler, when touchID was released on iPhone 5’s. bought a device
immediately and within two days managed to breach the touchID system with a fake fingerprint.
The same man also managed to create a fake footprint from a high definition photo. It was the
imprint of German Defense Minister UrsulavonderLeyen and she managed to create it from a
photo of her hand in a press conference [13,14].
5.2. The Fingerprints cannot be changed
If a password is leaked you give the user the option to change it while the fingerprint cannot be
changed. A great example is an American government agency that had a password as a login
system on its premises and a card on which the digital fingerprint was stored. At some point,
then, the security systems they had from some third parties were violated and 5.6 million digital
9. Alexandra Briasouli, Daniela Minkovska and Lyudmila Stoyanova
https://iaeme.com/Home/journal/IJARET 29 editor@iaeme.com
fingerprints were stolen. To make their system secure again they had to find a third way of
authentication and just changed the passwords. The fingerprint system could not be reused
because they can not be changed and are unique [13,4].
5.3. Fingerprints have a Problem with Cryptographic Hash functions
When a user goes to connect to the cloud, a website or a service and enters their password, in
the database you do not send the user's password for confirmation but a string created by passing
the user's password from a hash cryptographic function (e.g. χ MD5, SH1, SH2).
The passwords are not stored in the database as they are, but the password strings of all
users' passwords. For each password with the help of a specific hash function you create a
specific string which is compared to the string stored in the cloud database by the user
registration and accordingly the user gets access. Fingerprints do not always produce the same
string. The user can push the sensor harder or he can move his finger when he touches the
sensor, even if it has been cut. Each minor change will result in a different string.
For this reason, companies that have developed sensors and software for fingerprints use
the "approximate" technique. Whenever the string created by the fingerprint sensor is about the
same as the string stored in the database then you confirm the user and give them access to the
cloud. In conclusion, the "approximate technique" creates many gaps in the security of a system.
You no longer even need a user's fingerprint, you can even log in if you create a user's similar
fingerprint. [3,4,13]
6. CONCLUSION
The bottom line is that biometric fingerprint sensors are not as secure as we thought. They are
not considered more secure than a secret password. Their combination may be safer but not as
practical as mentioned above.
Epilogue
Determining the security of complex computer systems is also a long-standing issue that
concerns computers and cloudcomputing in particular. Achieving and implementing high-
reliability properties is a deceptive goal of computer security for researchers and professionals
and is proving to be a work in progress in cloudcomputing. Nevertheless, public
cloudcomputing is an exciting computing network that organizations need to integrate as part
of their information technology. The one who is responsible for the security and protection of
privacy in public clouds remains the organization.
The cloud is the evolution of today's networks and promises very serious changes, which
will solve our hands. Some people may not trust it - but if we think about it, it has a lot of
positives. In fact, it's not worse than today's classic web technology. The opposite is probably
the case. The only difference with this classic networking and security approach is that it will
offer new challenges and problems that need to be addressed. With the spread of technology,
the providers who have taken care of the customer and have secured him as best as possible
will survive. The cloud may not yet be considered completely secure. However, as time goes
on, it is possible that all reservations will be removed and eventually cloudcomputing will prove
to be the most secure operating platform of the information infrastructure of a company or an
organization [15].
10. Security of Cloud Computing through Biometric Features
https://iaeme.com/Home/journal/IJARET 30 editor@iaeme.com
REFERENCES
[1] Kumar, S., Singh, S. K., Singh, A. K., Tiwari, S., & Singh, R. S. (2018). Privacy preserving
security using biometrics in cloud computing. Multimedia Tools and Applications, 77(9),
11017-11039.
[2] Masala, G. L., Ruiu, P., & Grosso, E. (2018). Biometric authentication and data security in cloud
computing. In Computer and network security essentials (pp. 337-353). Springer, Cham.
[3] Fragoulakis, H. N. A., & Lois, SA (2018). Data security and integrity in Cloud Computing
systems.
[4] Biometrics | Homeland Security. (2021, December 14). Homeland Security. Retrieved June 10,
2022, from https://www.dhs.gov/biometrics
[5] Sabri, H. M., Ghany, K. K. A., Hefny, H. A., & Elkhameesy, N. (2014, September). Biometrics
template security on cloud computing. In 2014 International conference on advances in
computing, communications and informatics (ICACCI) (pp. 672-676). IEEE. Eikona
[6] Shi, C., Liu, X., Hu, J., Han, H., & Zhao, J. (2022). High performance optical sensor based on
double compound symmetric gratings. Chinese Optics Letters, 20(2), 021201.
[7] Zhang, X., Liu, L., Liu, Y., Zhang, L., Yin, X., Huan, H., ... & Shao, X. (2022). Detectors for
gas‐phase photoacoustic spectroscopy: A review. Microwave and Optical Technology Letters.
[8] Kyatsandra, A. K., Saket, R. K., Kumar, S., Sarita, K., Vardhan, A. S. S., & Vardhan, A. S. S.
(2022). Development of TRINETRA: A Sensor Based Vision Enhancement System for
Obstacle Detection on Railway Tracks. IEEE Sensors Journal.
[9] Ye, X., Tian, M., Li, M., Wang, H., & Shi, Y. (2022). All-fabric-based flexible capacitive
sensors with pressure detection and non-contact instruction capability. Coatings, 12(3), 302.
[10] Wang, H., Li, Z., Liu, Z., Fu, J., Shan, T., Yang, X., ... & Li, D. (2022). Flexible capacitive
pressure sensors for wearable electronics. Journal of Materials Chemistry C, 10(5), 1594-1605.
[11] Čoko, D., Stančić, I., Dujić Rodić, L., & Čošić, D. (2022). TheraProx: Capacitive proximity
sensing. Electronics, 11(3), 393.
[12] Zhu, Y., Zhou, R., Yao, Y., Su, S., Wang, Z., & Yan, H. (2022). Fabrication of Robust Convex
Array Microstructured PDMS-based Capacitance Sensor Molded by Laser Patterned Silicon for
Human-being Acoustic Monitoring. Materials Technology, 1-11.
[13] Williams, E. (2015, November 10). Your Unhashable Fingerprints Secure Nothing. Hackaday.
Retrieved June 15, 2022, from https://hackaday.com/2015/11/10/your-unhashable-fingerprints-
secure-nothing/
[14] Padma, P., & Srinivasan, S. (2016, August). A survey on biometric based authentication in cloud
computing. In 2016 International Conference on Inventive Computation Technologies (ICICT)
(Vol. 1, pp. 1-5). IEEE. Pleonektimata..
[15] NIST (National Institute of Standards and Technology) Guidelines on Security and Privacy in
Public Cloud Computing, IT Professional. security