IA Course CPSC 4600/5600:

Biometrics and Cryptography

Course Description

This course covers the basic concepts of pattern recognition and biometrics, current major biometric technologies, and analyzes specific case studies from technical, privacy, and social impact viewpoints along with a critical study of the cryptographic protocols used in many security applications. Prerequisites: CPSC 1110, 3200, 3600 and Mathematics 3030 with grades of C or better.


   Required:  Cryptography and Network Security, Behrouz A. Forouzan, McGraw Hill, ISBN: 9-780073-327532.

  • Biometrics for Network Security, Edition: 1, Paul Reid, Prentice Hall, ISBN: 0-13-101549.More on Chapters Information.
  • Implementing Biometric Security, Edition: 1, John Chirillo and Scott Blaul, Wiley, ISBN: 0-7645-2502-6.More on Chapters Information.
  • David Hook. Beginning Cryptography with Java, Wiley, 2005, ISBN: 0-7645-9633-0
  • Bill Ball. Linux in 24 hours, Sams.  Free version of this book is available online.http://www.linux-books.us/linux_general_0009.php
  • Paul Reid. Biometrics for Network Security. Prentice Hall, 2004, ISBN: 0-13-101549-4
  • John Chirillo, Scott Blaul. Implementing Biometric Security, Wiley, ISBN 0-7645-2502-6
  • Bruce Schneier, Applied Cryptography, Wiley, second edition, ISBN: 0-471-11709-9

CPSC 4600 Syllabus    CPSC 5600 Syllabus

Lecture Notes

Lecture 1: Introduction to Biometrics
Lecture 2. Fingerprint Biometrics;  NBIS.pptMulti-layer Perceptron Network (MLP)
Lecture 3. Face Biometrics; Principal Component Analysis (PCA) and Linear Discriminant Analysis (LDA)
Lecture 4. Graphology;  Guidelines to Handwriting Analysis;  NIST-Form-based Handprint Recognition System; 
Lecture 5. VoiceVoice Biometrics (paper)
Lecture 6. IRIS-RetinaDeoxyribonucleic acid (DNA)
Lecture 7. The Future of BiometricsChallengesEvaluation
Lecture 8. Classical Cryptography
Lecture 9. Conventional Cryptography
Lecture 10. Key Distribution Center
Lecture 11. Public Key Cryptography and Identitiy-based Cryptography
Lecture 12. Public Key Management
Lecture 13. Authentication
Lecture 14. Hash

Lecture 15. Entity Authentication

Lecture 16. Quantum Cryptography

Evaluation of Presentation:

Hands-on Projects (Some labs were developed under sponsorship of NSF CCLI #0942581): 

    1. Project on Fingerprint Biometrics

A. Install NIST Fingerprint Image Software 2. 

B. Test and demo Command: PCASYS (PCASYSX), MINDTCT, NFIQ, and BOZORTH3.

C. The software is available in the CD distributed in the class. Write a report to document your efforts and observation including the following. You can feel free to add other comments to NBIS software.

1) Results and screenshots of NBIS software installation a) make config; b) make it; c) make install; d) make catalog

2) Explain purpose of PCASYS package, command you used, and screenshots of successful executionc. Explain purpose of MINDTCT package, command you used, and screenshots of successful executiond. Explain purpose of NFIQ package, command you used, and screenshots of successful executione. Explain purpose of BOZORTH3 package, command you used, and screenshots of successful execution

2. Project on Face Biometrics

3. Project on Speech Recognition

4. Project on Frequency Analysis and encryption using binary/byte addition 

5. Project on Investigate Properties of Modes in DES and AES and Triple DES with CBC mode and Weak DES keys 

6. Project on Short Message RSA Attacks and Padding and RSA Encryption and Factorization Attacks 

Optional Hands-on Projects

  • Download and Install NFIS2 software, test and document command for fingerprint classification (PCASYSX), minutiae detection (MINDTCT), enrollment quality (NFIQ), and fingerprint matching (BOZORTH3). http://fingerprint.nist.gov/NFIS/
  • Download and Install TrueFace software. 
  • Download and Install face biometric software fromColoradoStateUniversity.  Test and document the face recognition based on PCA, LDA and Bayesian Networks. http://www.cs.colostate.edu/evalfacerec/algorithms5.html
  • Download and Install NIST form-based handprint software.  Test and document the process of handwriting recognition. http://www.itl.nist.gov/iaui/vip/databases/defs/nist_ocr.html
  • Download and Install voice recognition software (SPHIX3 or SPHIX4) from Carnegie Mellon University (CMU).  Test and document the process of voice recognition. http://cmusphinx.sourceforge.net/html/cmusphinx.php
  • Follow tutorial from Sun to generate and Verify Signatures.  More information please refer to: http://java.sun.com/docs/books/tutorial/security/apisign/index.html
  • More Security information in Java is here: http://java.sun.com/javase/6/docs/technotes/guides/security/index.html 

More IA Study Materials

[1] Craig I. Watson,  Michael D. Garris,  Elham Tabassi,  Charles L. Wilson,  R. Michael McCabe,  Stanley Janet and Kenneth Ko,  User's Guide to NIST Biometric Image Software (NBIS), National Institute of Standards and Technology, 2006. http://fingerprint.nist.gov/NFIS/

[2] Craig I. Watson, Michael D. Garris,  Elham Tabassi, Charles L. Wilson, R. Michael McCabe and Stanley Janet, User's Guide to NIST Fingerprint Image Software 2 (NFIS2), National Institute of Standards and Technology, 2006.http://www.itl.nist.gov/iad/894.03/nigos/NBIS/request_ecc_cd.html  

[3] Ross Beveridge, David Bolme, Marcio Teixeira and Bruce Draper, The CSU Face Identification Evaluation System User's Guide: Version 5.0, Computer Science Department Colorado State University, 2003, http://www.cs.colostate.edu/evalfacerec/algorithms5.html  

[4] The National Biometrics Challenge, National Science and Technology Council, Subcommittee on Biometrics, August 2006, http://www.biometrics.gov/NSTC/pubs/biochallengedoc.pdf  

[5] Lodge Juliet, Trends in Biometrics, December 2006, http://www.libertysecurity.org/article1191.html

[6] P. Jonathon Phillips, Alvin Martin, C.l. Wilson, Mark Przybocki, "An Introduction to Evaluating Biometric Systems,"Computer, vol.33, no.2, pp. 56-63, February 2000. 

[7] Michael D. Garris,  James L. Blue,  Gerald T. Candela,  Patrick J. Grother, Stanley A. Janet and Charles L. Wilson, NIST Form-Based Handprint Recognition System (Release 2.0), NISTIR 5959, National Institute of Standards and Technology, April 2003. http://www.itl.nist.gov/iaui/vip/databases/defs/nist_ocr.html

[8] Markowitz, J. A. Voice biometrics. Commun. ACM 43, 9 (Sep. 2000), 66-73. DOI= http://doi.acm.org/10.1145/348941.348995    

[9] CMU http://cmusphinx.sourceforge.net/html/cmusphinx.php

[10] Li Yang, Kathy Winters, Joseph M. Kizza, Biometrics Education with Hands-on LabsProceedings of the 46th annual southeast regional conference, ACM Digital Library, March, 2008.

IA Academic Links 

Historical Documents


Secure Use

General Security Policy: Cyber Ethics

Cyber Ethics 

General Security Policy: Information Technology Security Evaluation Criteria (ITSEC)

ITSEC Definition 

General Procedures: Inference

Inference Definition 

General Procedures: Rainbow Series

Rainbow Series 

General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems

NSTISS Glossary 

General Countermeasures and Safeguards: Computer Law

Computer Law 

General Countermeasures and Safeguards: Computer Media

Computer Media 

General Countermeasures and Safeguards: Evaluate Security Testing Tools

Security Testing Tools 

Administrative Countermeasures/Safeguards: Control Management

Change Control 
Control Management 

Administrative Countermeasures/Safeguards: Privacy Act

Privacy Act of 1974 

Operations Policies/Procedures: Keystroke Monitoring

Keystroke Monitoring 

Operations Policies/Procedures: Disaster Recovery Planning

Disaster Recovery 


Policy and Procedures: Incident Response

Incident Response 

Policy and Procedures: Witness Interrogation

Witness Interrogation 

Operations Countermeasures/Safeguard: Computer Attacks

Computer Attacks 
Computer Virus Timeline 

Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams



Administrative Policies/Procedures: Approval to Operate

Approval to Operate 

Administrative Policies/Procedures: Configuration/Change Control

Change Control 

Administrative Policies/Procedures: Copyright Protection

Copyright Protection 

Administrative Policies/Procedures: Patch Management

Patch Management 

Administrative Policies/Procedures: Records Management

Records Management

Administrative Policies/Procedures: Wireless Use Policies

Wireless Use Policy 

Anomalies and Integrity

General Risk Management: Computer System Risk Management

Risk Management 

Access Control Safeguards: Computer System Access Control

Access Control 

Access Control Safeguards: Protected Distribution Systems

Protected Distribution System 

Access Control Safeguards: Information Systems Access Restrictions

Access Restrictions 


Access Control Mechanisms: KMI Applications

Key Management 

Access Control Mechanisms: Single Sign-on

Single Sign On 

IA Sites